Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






2. A card that holds information that must be authenticated to before it can reveal the information that it is holding






3. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






4. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






5. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






6. When security is managed at a central point in an organization






7. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






8. Computer Incident Response Team






9. A war dialing utility






10. An instance of a scripting language






11. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






12. Access control method for database based on the content of the database to provide granular access






13. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






14. After implementing countermeasures - accepting risk for the amount of vulnerability left over






15. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






16. Encompasses Risk Analysis and Risk Mitigation






17. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






18. The person that controls access to the data






19. These viruses usually infect both boot records and files.






20. The act of identifying yourself. Providing your identity to a system






21. A network entity that provides a single entrance / exit point to the Internet.






22. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






23. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






24. A network that mimics the brain






25. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






26. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






27. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






28. This factor represents a measure of the magnitude of loss or impact on the value of an asset.






29. Also known as a tunnel)






30. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






31. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






32. Dynamic Host Configuration Protocol.






33. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






34. The user






35. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






36. In cryptography - it is a block cipher






37. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






38. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






39. More discriminate than dogs






40. Someone whose hacking is primarily targeted at the phone systems






41. Signal degradation as it moves farther from its source






42. A network that uses proprietary protocols






43. Something used to put out a fire. Can be in Classes A - B - C - D - or H






44. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






45. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






46. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






47. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






48. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






49. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






50. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.