Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






2. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






3. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






4. Also known as a tunnel)






5. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






6. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






7. Object Linking and Embedding. The ability of an object to be embedded into another object.






8. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






9. Access control method for database based on the content of the database to provide granular access






10. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






11. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






12. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






13. The art of breaking code. Testing the strength of an algorithm.






14. The practice of obtaining confidential information by manipulation of legitimate users.






15. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






16. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






17. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






18. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






19. The ability to have more than one thread associated with a process






20. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






21. Good for distance - longer than 100M






22. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






23. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






24. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






25. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






26. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






27. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






28. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






29. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






30. Something used to put out a fire. Can be in Classes A - B - C - D - or H






31. 'If you cant see it - its secure'. Bad policy to live by.






32. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






33. Once authenticated - the level of access you have to a system






34. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






35. Network devices that operate at layer 3. This device separates broadcast domains.






36. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






37. When two or more processes are linked and execute multiple programs simultaneously






38. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






39. A technique to eliminate data redundancy.






40. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.






41. When security is managed at a central point in an organization






42. Using ICMP to diagram a network






43. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.






44. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






45. The person that controls access to the data






46. The process of reducing your risks to an acceptable level based on your risk analysis






47. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






48. Motivational tools for employee awareness to get them to report security flaws in an organization






49. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






50. The user