Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Threat to physical security.






2. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






3. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






4. To not be legal (as far as law is concerned) or ethical






5. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.






6. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






7. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






8. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






9. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






10. 'If you cant see it - its secure'. Bad policy to live by.






11. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






12. Scanning the airwaves for radio transmissions






13. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






14. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






15. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






16. Continuation of Operations Plan






17. These viruses usually infect both boot records and files.






18. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






19. Public Key Infrastructure






20. Rolling command center with UPS - satellite - uplink - power - etc.






21. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






22. The intercepting of conversations by unintended recipients






23. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






24. Emanations from one wire coupling with another wire






25. Reasonable doubt






26. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






27. Making individuals accountable for their actions on a system typically through the use of auditing






28. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






29. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






30. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






31. Someone who hacks






32. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






33. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






34. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






35. A war dialing utility






36. Transferring your risk to someone else - typically an insurance company






37. The user






38. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






39. Encompasses Risk Analysis and Risk Mitigation






40. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






41. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






42. The frequency with which a threat is expected to occur.






43. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.






44. Also known as a tunnel)






45. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






46. A card that holds information that must be authenticated to before it can reveal the information that it is holding






47. A military standard defining controls for emanation protection






48. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






49. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






50. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests