Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Closed Circuit Television






2. Network device that operates at layer 1. Concentrator.






3. A hidden communications channel on a system that allows for the bypassing of the system security policy






4. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work






5. Enticing people to hit your honeypot to see how they try to access your system.






6. A system designed to stop piggybacking.






7. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






8. When one key of a two-key pair has more encryption pattern than the other






9. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






10. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






11. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






12. A technique to eliminate data redundancy.






13. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






14. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






15. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






16. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe






17. Internet Architecture Board. This board is responsible for protecting the Internet.






18. Providing verification to a system






19. Component Object Model.






20. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






21. Relating to quality or kind. This assigns a level of importance to something.






22. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






23. Method of authenticating to a system. Something that you supply and something you know.






24. A site that has some equipment in place - and can be up within days






25. A site that is ready physically but has no hardware in place - all it has is HVAC






26. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






27. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






28. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






29. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






30. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






31. In the broadest sense - a fraud is a deception made for personal gain






32. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






33. 'If you cant see it - its secure'. Bad policy to live by.






34. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






35. Scanning the airwaves for radio transmissions






36. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






37. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






38. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






39. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






40. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






41. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






42. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






43. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






44. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






45. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






46. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






47. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






48. After implementing countermeasures - accepting risk for the amount of vulnerability left over






49. Animals with teeth. Not as discriminate as guards






50. Rolling command center with UPS - satellite - uplink - power - etc.