Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






2. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






3. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






4. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






5. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






6. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






7. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






8. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






9. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






10. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






11. Closed Circuit Television






12. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






13. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






14. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






15. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






16. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






17. Someone who hacks






18. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






19. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






20. Chief Information Officer






21. A network that uses standard protocols (TCP/IP)






22. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i






23. Repeats the signal. It amplifies the signal before sending it on.






24. Dialing fixed sets telephone numbers looking for open modem connections to machines






25. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






26. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






27. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






28. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






29. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






30. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






31. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






32. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






33. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.






34. In the broadest sense - a fraud is a deception made for personal gain






35. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






36. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






37. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






38. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






39. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






40. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






41. Jumping into dumpsters to retrieve information about someone/something/a company






42. Object Linking and Embedding. The ability of an object to be embedded into another object.






43. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






44. A technique to eliminate data redundancy.






45. Entails planning and system actions to ensure that a project is following good quality management practices






46. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






47. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






48. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






49. This factor represents a measure of the magnitude of loss or impact on the value of an asset.






50. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x