Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Chief Information Officer






2. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






3. Personal - Network - and Application






4. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






5. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






6. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






7. Emanations from one wire coupling with another wire






8. Continuation of Operations Plan






9. In a separation of duties model - this is where code is checked in and out






10. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






11. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






12. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






13. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






14. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






15. Occupant Emergency Plan - Employees are the most important!






16. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






17. The intercepting of conversations by unintended recipients






18. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






19. Something used to put out a fire. Can be in Classes A - B - C - D - or H






20. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






21. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






22. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






23. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






24. Ethernet - Cat5 - Twisted to allow for longer runs.






25. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






26. Encompasses Risk Analysis and Risk Mitigation






27. Signal degradation as it moves farther from its source






28. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






29. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






30. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






31. Setting up the user to access the honeypot for reasons other than the intent to harm.






32. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






33. Internet Relay Chat.






34. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






35. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






36. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






37. These can be used to verify that public keys belong to certain individuals.






38. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






39. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






40. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






41. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






42. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






43. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






44. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






45. A gas used in fire suppression. Not human safe. Chemical reaction.






46. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






47. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






48. Network Address Translation






49. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






50. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal