Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A network that uses proprietary protocols






2. Dialing fixed sets telephone numbers looking for open modem connections to machines






3. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






4. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






5. Scanning the airwaves for radio transmissions






6. A RFC standard. A mechanism for performing commands on a remote system






7. A war dialing utility






8. Motive - Opportunity - and Means. These deal with crime.






9. The output of a hash function is a digest.






10. An attempt to trick the system into believing that something false is real






11. Reasonable doubt






12. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






13. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






14. 'If you cant see it - its secure'. Bad policy to live by.






15. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






16. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






17. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






18. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






19. Same as a block cipher except that it is applied to a data stream one bit at a time






20. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






21. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






22. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






23. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






24. Setting up the user to access the honeypot for reasons other than the intent to harm.






25. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






26. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






27. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






28. Computer Incident Response Team






29. More discriminate than dogs






30. The real cost of acquiring/maintaining/developing a system






31. Transferring your risk to someone else - typically an insurance company






32. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






33. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






34. CISSPs subscribe to a code of ethics for building up the security profession






35. Network devices that operate at layer 3. This device separates broadcast domains.






36. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






37. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






38. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






39. To not be legal (as far as law is concerned) or ethical






40. Accepting all packets






41. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






42. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






43. Object Linking and Embedding. The ability of an object to be embedded into another object.






44. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






45. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






46. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






47. The art of breaking code. Testing the strength of an algorithm.






48. Someone who hacks






49. Relating to quality or kind. This assigns a level of importance to something.






50. The intercepting of conversations by unintended recipients






Can you answer 50 questions in 15 minutes?



Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests