Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






2. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work






3. Defines the objects and their attributes that exist in a database.






4. Animals with teeth. Not as discriminate as guards






5. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






6. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






7. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






8. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






9. When security is managed at a central point in an organization






10. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






11. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






12. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






13. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






14. The person that controls access to the data






15. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






16. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






17. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






18. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






19. When security is managed at many different points in an organization






20. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






21. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






22. Someone whose hacking is primarily targeted at the phone systems






23. Access control method for database based on the content of the database to provide granular access






24. Be at least 8 foot tall and have three strands of barbed wire.






25. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






26. Involving the measurement of quantity or amount.






27. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






28. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






29. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






30. Internet Relay Chat.






31. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






32. A gas used in fire suppression. Not human safe. Chemical reaction.






33. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






34. 'If you cant see it - its secure'. Bad policy to live by.






35. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






36. A site that is ready physically but has no hardware in place - all it has is HVAC






37. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






38. Good for distance - longer than 100M






39. Must be in place for you to use a biometric system






40. Enticing people to hit your honeypot to see how they try to access your system.






41. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






42. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






43. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






44. A card that holds information that must be authenticated to before it can reveal the information that it is holding






45. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






46. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor






47. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






48. Threat to physical security.






49. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






50. A network that mimics the brain