Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Disclosure - Alteration - Destruction. These things break the CIA triad






2. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






3. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






4. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






5. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






6. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






7. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






8. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






9. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






10. This is an open international standard for applications that use wireless communications.






11. Data storage formats and equipment that allow the stored data to be accessed in any order






12. Dynamic Host Configuration Protocol.






13. Chief Information Officer






14. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






15. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






16. The practice of obtaining confidential information by manipulation of legitimate users.






17. Animals with teeth. Not as discriminate as guards






18. An attempt to trick the system into believing that something false is real






19. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






20. A hidden communications channel on a system that allows for the bypassing of the system security policy






21. Motive - Opportunity - and Means. These deal with crime.






22. Reasonable doubt






23. Dialing fixed sets telephone numbers looking for open modem connections to machines






24. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






25. Personal - Network - and Application






26. Must be in place for you to use a biometric system






27. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






28. A site that has some equipment in place - and can be up within days






29. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






30. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






31. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






32. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






33. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






34. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






35. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






36. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






37. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






38. A card that holds information that must be authenticated to before it can reveal the information that it is holding






39. Threat to physical security.






40. The output of a hash function is a digest.






41. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






42. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






43. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






44. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






45. These can be used to verify that public keys belong to certain individuals.






46. Be at least 8 foot tall and have three strands of barbed wire.






47. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






48. Occupant Emergency Plan - Employees are the most important!






49. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






50. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.