Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






2. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






3. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






4. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






5. Jumping into dumpsters to retrieve information about someone/something/a company






6. A mechanism by which connections to TCP services on a system are allowed or disallowed






7. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






8. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






9. Continuation of Operations Plan






10. Network Address Translation






11. Dynamic Host Configuration Protocol.






12. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






13. The real cost of acquiring/maintaining/developing a system






14. More discriminate than dogs






15. Component Object Model.






16. Software designed to infiltrate or damage a computer system - without the owner's consent.






17. The intercepting of conversations by unintended recipients






18. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.






19. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






20. Someone who hacks






21. Animals with teeth. Not as discriminate as guards






22. A site that is ready physically but has no hardware in place - all it has is HVAC






23. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






24. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






25. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






26. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






27. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






28. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






29. Method of authenticating to a system. Something that you supply and something you know.






30. Making individuals accountable for their actions on a system typically through the use of auditing






31. A system designed to stop piggybacking.






32. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






33. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






34. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






35. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






36. A war dialing utility






37. A network that mimics the brain






38. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






39. After implementing countermeasures - accepting risk for the amount of vulnerability left over






40. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






41. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






42. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






43. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






44. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






45. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






46. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






47. Threat to physical security.






48. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






49. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






50. A technique to eliminate data redundancy.