Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






2. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






3. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






4. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






5. Enticing people to hit your honeypot to see how they try to access your system.






6. The person that controls access to the data






7. A site that is ready physically but has no hardware in place - all it has is HVAC






8. To not be legal (as far as law is concerned) or ethical






9. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






10. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






11. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






12. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






13. Transferring your risk to someone else - typically an insurance company






14. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






15. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






16. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






17. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






18. Computer Incident Response Team






19. Motivational tools for employee awareness to get them to report security flaws in an organization






20. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






21. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






22. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






23. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






24. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor






25. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






26. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






27. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






28. Reasonable doubt






29. Rolling command center with UPS - satellite - uplink - power - etc.






30. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






31. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






32. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






33. White hat l0pht






34. A hidden communications channel on a system that allows for the bypassing of the system security policy






35. Also known as a tunnel)






36. Network devices that operate at layer 3. This device separates broadcast domains.






37. Method of authenticating to a system. Something that you supply and something you know.






38. Emanations from one wire coupling with another wire






39. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






40. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






41. A mechanism by which connections to TCP services on a system are allowed or disallowed






42. This is an open international standard for applications that use wireless communications.






43. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






44. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






45. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






46. A network entity that provides a single entrance / exit point to the Internet.






47. Making individuals accountable for their actions on a system typically through the use of auditing






48. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






49. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






50. The user