Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






2. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






3. A technique to eliminate data redundancy.






4. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






5. Continuation of Operations Plan






6. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






7. In a separation of duties model - this is where code is checked in and out






8. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






9. A gas used in fire suppression. Not human safe. Chemical reaction.






10. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






11. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






12. A site that is ready physically but has no hardware in place - all it has is HVAC






13. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






14. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






15. More discriminate than dogs






16. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






17. Encompasses Risk Analysis and Risk Mitigation






18. Someone who hacks






19. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






20. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






21. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






22. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






23. A RFC standard. A mechanism for performing commands on a remote system






24. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






25. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






26. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe






27. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






28. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






29. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time






30. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






31. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






32. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






33. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






34. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






35. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






36. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






37. The act of identifying yourself. Providing your identity to a system






38. Animals with teeth. Not as discriminate as guards






39. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






40. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






41. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.






42. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






43. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






44. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






45. Involving the measurement of quantity or amount.






46. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






47. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






48. Internet Architecture Board. This board is responsible for protecting the Internet.






49. Occupant Emergency Plan - Employees are the most important!






50. Common Object Request Broker Architecture.