Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






2. When one key of a two-key pair has more encryption pattern than the other






3. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






4. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






5. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






6. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






7. Data storage formats and equipment that allow the stored data to be accessed in any order






8. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider






9. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






10. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






11. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






12. Transferring your risk to someone else - typically an insurance company






13. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






14. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






15. Providing verification to a system






16. A site that is ready physically but has no hardware in place - all it has is HVAC






17. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






18. Disclosure - Alteration - Destruction. These things break the CIA triad






19. The intercepting of conversations by unintended recipients






20. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






21. An instance of a scripting language






22. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






23. A war dialing utility






24. Component Object Model.






25. Internet Relay Chat.






26. A technique to eliminate data redundancy.






27. Assuming someone's session who is unaware of what you are doing






28. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






29. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






30. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






31. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






32. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






33. Also civil law






34. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






35. Method of authenticating to a system. Something that you supply and something you know.






36. Basic Input/Output System






37. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time






38. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






39. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






40. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






41. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






42. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






43. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






44. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






45. A sandbox. Emulates an operating environment.






46. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






47. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






48. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






49. Network devices that operate at layer 3. This device separates broadcast domains.






50. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests