Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






2. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






3. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






4. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






5. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






6. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






7. Confidentiality - Integrity - and Availability






8. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






9. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






10. Must be in place for you to use a biometric system






11. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






12. The user






13. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






14. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






15. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






16. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






17. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






18. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






19. The frequency with which a threat is expected to occur.






20. These viruses usually infect both boot records and files.






21. Object Linking and Embedding. The ability of an object to be embedded into another object.






22. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






23. A technique to eliminate data redundancy.






24. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.






25. When one key of a two-key pair has more encryption pattern than the other






26. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






27. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






28. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






29. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






30. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






31. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






32. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






33. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






34. Method of authenticating to a system. Something that you supply and something you know.






35. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






36. The real cost of acquiring/maintaining/developing a system






37. A military standard defining controls for emanation protection






38. When two or more processes are linked and execute multiple programs simultaneously






39. Dialing fixed sets telephone numbers looking for open modem connections to machines






40. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor






41. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i






42. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






43. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






44. Access control method for database based on the content of the database to provide granular access






45. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






46. An attempt to trick the system into believing that something false is real






47. The output of a hash function is a digest.






48. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






49. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






50. CISSPs subscribe to a code of ethics for building up the security profession