Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






2. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






3. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






4. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






5. Transferring your risk to someone else - typically an insurance company






6. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






7. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






8. A military standard defining controls for emanation protection






9. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






10. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






11. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






12. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






13. Component Object Model.






14. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






15. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






16. Personal - Network - and Application






17. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






18. Computer Incident Response Team






19. A gas used in fire suppression. Not human safe. Chemical reaction.






20. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses






21. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






22. Basic Input/Output System






23. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






24. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






25. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






26. Random Number Base






27. After implementing countermeasures - accepting risk for the amount of vulnerability left over






28. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






29. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






30. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






31. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






32. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe






33. When one key of a two-key pair has more encryption pattern than the other






34. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






35. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






36. These can be used to verify that public keys belong to certain individuals.






37. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






38. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






39. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.






40. Dynamic Host Configuration Protocol.






41. Good for distance - longer than 100M






42. The intercepting of conversations by unintended recipients






43. In cryptography - it is a block cipher






44. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






45. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






46. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






47. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






48. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






49. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






50. Ethernet - Cat5 - Twisted to allow for longer runs.