Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






2. Also known as a tunnel)






3. Transferring your risk to someone else - typically an insurance company






4. Good for distance - longer than 100M






5. To not be legal (as far as law is concerned) or ethical






6. Relating to quality or kind. This assigns a level of importance to something.






7. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






8. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






9. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






10. Dialing fixed sets telephone numbers looking for open modem connections to machines






11. Object Linking and Embedding. The ability of an object to be embedded into another object.






12. Defines the objects and their attributes that exist in a database.






13. When two or more processes are linked and execute multiple programs simultaneously






14. CISSPs subscribe to a code of ethics for building up the security profession






15. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






16. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






17. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






18. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






19. In cryptography - it is a block cipher






20. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






21. Internet Architecture Board. This board is responsible for protecting the Internet.






22. Basic Input/Output System






23. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






24. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






25. A mechanism by which connections to TCP services on a system are allowed or disallowed






26. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






27. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






28. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






29. A RFC standard. A mechanism for performing commands on a remote system






30. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






31. Providing verification to a system






32. The practice of obtaining confidential information by manipulation of legitimate users.






33. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






34. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






35. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






36. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






37. A system designed to stop piggybacking.






38. Data storage formats and equipment that allow the stored data to be accessed in any order






39. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






40. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






41. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






42. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






43. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






44. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






45. Setting up the user to access the honeypot for reasons other than the intent to harm.






46. A hidden communications channel on a system that allows for the bypassing of the system security policy






47. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






48. Jumping into dumpsters to retrieve information about someone/something/a company






49. Something used to put out a fire. Can be in Classes A - B - C - D - or H






50. An attempt to trick the system into believing that something false is real