Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






2. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






3. The art of breaking code. Testing the strength of an algorithm.






4. Reasonable doubt






5. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






6. Random Number Base






7. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






8. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






9. Closed Circuit Television






10. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






11. Must be in place for you to use a biometric system






12. A site that has some equipment in place - and can be up within days






13. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






14. Also civil law






15. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






16. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






17. Basic Input/Output System






18. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






19. White hat l0pht






20. In a separation of duties model - this is where code is checked in and out






21. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






22. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






23. Personal - Network - and Application






24. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






25. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






26. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






27. A sandbox. Emulates an operating environment.






28. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






29. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






30. In the broadest sense - a fraud is a deception made for personal gain






31. Internet Architecture Board. This board is responsible for protecting the Internet.






32. The person that determines the permissions to files. The data owner.






33. Network device that operates at layer 1. Concentrator.






34. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






35. A network that uses standard protocols (TCP/IP)






36. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






37. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






38. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






39. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






40. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






41. Signal degradation as it moves farther from its source






42. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






43. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






44. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






45. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






46. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






47. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






48. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






49. Confidentiality - Integrity - and Availability






50. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).