Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






2. The act of identifying yourself. Providing your identity to a system






3. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






4. Public Key Infrastructure






5. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






6. Chief Information Officer






7. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






8. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






9. In the broadest sense - a fraud is a deception made for personal gain






10. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






11. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






12. 'If you cant see it - its secure'. Bad policy to live by.






13. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






14. Random Number Base






15. A mechanism by which connections to TCP services on a system are allowed or disallowed






16. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






17. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






18. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






19. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time






20. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






21. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






22. Personal - Network - and Application






23. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






24. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider






25. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






26. A hidden communications channel on a system that allows for the bypassing of the system security policy






27. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






28. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






29. This is an open international standard for applications that use wireless communications.






30. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






31. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






32. Network device that operates at layer 1. Concentrator.






33. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






34. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






35. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






36. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






37. More discriminate than dogs






38. Same as a block cipher except that it is applied to a data stream one bit at a time






39. A network that mimics the brain






40. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






41. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






42. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






43. Making individuals accountable for their actions on a system typically through the use of auditing






44. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






45. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






46. The art of breaking code. Testing the strength of an algorithm.






47. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






48. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






49. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.






50. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor