Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. These viruses usually infect both boot records and files.






2. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






3. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






4. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






5. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






6. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






7. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






8. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






9. Accepting all packets






10. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






11. Network device that operates at layer 1. Concentrator.






12. Computer Incident Response Team






13. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






14. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






15. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






16. Network Address Translation






17. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






18. Enticing people to hit your honeypot to see how they try to access your system.






19. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






20. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






21. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






22. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






23. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






24. Network devices that operate at layer 3. This device separates broadcast domains.






25. In the broadest sense - a fraud is a deception made for personal gain






26. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work






27. More discriminate than dogs






28. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






29. In a separation of duties model - this is where code is checked in and out






30. The ability to have more than one thread associated with a process






31. Relating to quality or kind. This assigns a level of importance to something.






32. Using ICMP to diagram a network






33. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






34. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






35. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






36. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






37. When one key of a two-key pair has more encryption pattern than the other






38. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






39. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






40. A hidden communications channel on a system that allows for the bypassing of the system security policy






41. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.






42. A war dialing utility






43. A network that mimics the brain






44. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






45. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






46. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






47. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






48. Jumping into dumpsters to retrieve information about someone/something/a company






49. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






50. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -