Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






2. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






3. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






4. Motivational tools for employee awareness to get them to report security flaws in an organization






5. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






6. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






7. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






8. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






9. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






10. Jumping into dumpsters to retrieve information about someone/something/a company






11. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider






12. Also civil law






13. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






14. Something used to put out a fire. Can be in Classes A - B - C - D - or H






15. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






16. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






17. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






18. When security is managed at a central point in an organization






19. Disclosure - Alteration - Destruction. These things break the CIA triad






20. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






21. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






22. A RFC standard. A mechanism for performing commands on a remote system






23. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






24. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






25. Object Linking and Embedding. The ability of an object to be embedded into another object.






26. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






27. To not be legal (as far as law is concerned) or ethical






28. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






29. Same as a block cipher except that it is applied to a data stream one bit at a time






30. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






31. Distributed Component Object Model. Microsoft's implementation of CORBA.






32. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.






33. Dynamic Host Configuration Protocol.






34. The output of a hash function is a digest.






35. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






36. The art of breaking code. Testing the strength of an algorithm.






37. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






38. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






39. Motive - Opportunity - and Means. These deal with crime.






40. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






41. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






42. Internet Architecture Board. This board is responsible for protecting the Internet.






43. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






44. The frequency with which a threat is expected to occur.






45. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






46. The act of identifying yourself. Providing your identity to a system






47. Involving the measurement of quantity or amount.






48. A military standard defining controls for emanation protection






49. Reasonable doubt






50. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.