Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In the broadest sense - a fraud is a deception made for personal gain






2. A network that uses proprietary protocols






3. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






4. 'If you cant see it - its secure'. Bad policy to live by.






5. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






6. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






7. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






8. A system designed to stop piggybacking.






9. Internet Relay Chat.






10. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






11. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






12. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






13. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






14. Rolling command center with UPS - satellite - uplink - power - etc.






15. Must be in place for you to use a biometric system






16. The real cost of acquiring/maintaining/developing a system






17. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






18. Someone who hacks






19. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






20. Public Key Infrastructure






21. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






22. Relating to quality or kind. This assigns a level of importance to something.






23. A RFC standard. A mechanism for performing commands on a remote system






24. This is an open international standard for applications that use wireless communications.






25. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






26. Confidentiality - Integrity - and Availability






27. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






28. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






29. In a separation of duties model - this is where code is checked in and out






30. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






31. A network that uses standard protocols (TCP/IP)






32. Access control method for database based on the content of the database to provide granular access






33. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






34. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






35. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






36. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






37. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






38. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






39. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






40. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






41. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work






42. The output of a hash function is a digest.






43. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






44. Network device that operates at layer 1. Concentrator.






45. The intercepting of conversations by unintended recipients






46. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






47. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






48. When security is managed at a central point in an organization






49. A network that mimics the brain






50. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically