Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






2. CISSPs subscribe to a code of ethics for building up the security profession






3. The user






4. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






5. Involving the measurement of quantity or amount.






6. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






7. When one key of a two-key pair has more encryption pattern than the other






8. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






9. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






10. Reasonable doubt






11. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






12. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






13. These viruses usually infect both boot records and files.






14. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






15. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






16. A sandbox. Emulates an operating environment.






17. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






18. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






19. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






20. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






21. Once authenticated - the level of access you have to a system






22. The output of a hash function is a digest.






23. The person that determines the permissions to files. The data owner.






24. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






25. Data storage formats and equipment that allow the stored data to be accessed in any order






26. After implementing countermeasures - accepting risk for the amount of vulnerability left over






27. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






28. Method of authenticating to a system. Something that you supply and something you know.






29. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






30. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






31. A network entity that provides a single entrance / exit point to the Internet.






32. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






33. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






34. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






35. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






36. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






37. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






38. More discriminate than dogs






39. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






40. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.






41. Network devices that operate at layer 3. This device separates broadcast domains.






42. Software designed to infiltrate or damage a computer system - without the owner's consent.






43. A gas used in fire suppression. Not human safe. Chemical reaction.






44. Repeats the signal. It amplifies the signal before sending it on.






45. Distributed Component Object Model. Microsoft's implementation of CORBA.






46. Signal degradation as it moves farther from its source






47. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






48. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






49. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






50. A mechanism by which connections to TCP services on a system are allowed or disallowed