Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A sandbox. Emulates an operating environment.






2. Ethernet - Cat5 - Twisted to allow for longer runs.






3. When two or more processes are linked and execute multiple programs simultaneously






4. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






5. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






6. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i






7. Relating to quality or kind. This assigns a level of importance to something.






8. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






9. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






10. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






11. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






12. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






13. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






14. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






15. Setting up the user to access the honeypot for reasons other than the intent to harm.






16. The process of reducing your risks to an acceptable level based on your risk analysis






17. Encompasses Risk Analysis and Risk Mitigation






18. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






19. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






20. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






21. A war dialing utility






22. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






23. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






24. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






25. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






26. Public Key Infrastructure






27. This is an open international standard for applications that use wireless communications.






28. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






29. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






30. Occupant Emergency Plan - Employees are the most important!






31. Something used to put out a fire. Can be in Classes A - B - C - D - or H






32. The output of a hash function is a digest.






33. Scanning the airwaves for radio transmissions






34. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






35. Accepting all packets






36. An instance of a scripting language






37. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






38. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






39. In the broadest sense - a fraud is a deception made for personal gain






40. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






41. Distributed Component Object Model. Microsoft's implementation of CORBA.






42. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






43. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






44. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






45. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






46. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






47. 'If you cant see it - its secure'. Bad policy to live by.






48. Access control method for database based on the content of the database to provide granular access






49. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






50. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database