Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






2. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






3. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






4. CISSPs subscribe to a code of ethics for building up the security profession






5. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.






6. Network devices that operate at layer 3. This device separates broadcast domains.






7. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






8. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






9. Network Address Translation






10. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






11. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






12. Chief Information Officer






13. Rolling command center with UPS - satellite - uplink - power - etc.






14. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






15. After implementing countermeasures - accepting risk for the amount of vulnerability left over






16. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






17. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






18. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






19. The real cost of acquiring/maintaining/developing a system






20. In the broadest sense - a fraud is a deception made for personal gain






21. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






22. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






23. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






24. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






25. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






26. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






27. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






28. Providing verification to a system






29. Reasonable doubt






30. Object Linking and Embedding. The ability of an object to be embedded into another object.






31. Accepting all packets






32. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






33. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






34. The person that determines the permissions to files. The data owner.






35. Something used to put out a fire. Can be in Classes A - B - C - D - or H






36. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






37. More discriminate than dogs






38. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






39. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






40. Computer Incident Response Team






41. Repeats the signal. It amplifies the signal before sending it on.






42. Closed Circuit Television






43. Software designed to infiltrate or damage a computer system - without the owner's consent.






44. Animals with teeth. Not as discriminate as guards






45. These can be used to verify that public keys belong to certain individuals.






46. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






47. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider






48. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






49. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






50. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt