Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A war dialing utility






2. These can be used to verify that public keys belong to certain individuals.






3. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






4. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






5. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






6. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






7. Object Linking and Embedding. The ability of an object to be embedded into another object.






8. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






9. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






10. The intercepting of conversations by unintended recipients






11. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






12. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






13. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






14. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






15. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






16. Access control method for database based on the content of the database to provide granular access






17. In cryptography - it is a block cipher






18. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






19. Someone whose hacking is primarily targeted at the phone systems






20. Something used to put out a fire. Can be in Classes A - B - C - D - or H






21. Encompasses Risk Analysis and Risk Mitigation






22. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






23. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






24. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






25. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






26. Jumping into dumpsters to retrieve information about someone/something/a company






27. Defines the objects and their attributes that exist in a database.






28. Computer Incident Response Team






29. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






30. Motive - Opportunity - and Means. These deal with crime.






31. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






32. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






33. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






34. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe






35. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






36. The ability to have more than one thread associated with a process






37. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






38. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






39. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






40. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






41. A hidden communications channel on a system that allows for the bypassing of the system security policy






42. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider






43. More discriminate than dogs






44. Emanations from one wire coupling with another wire






45. When security is managed at a central point in an organization






46. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






47. The process of reducing your risks to an acceptable level based on your risk analysis






48. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






49. Must be in place for you to use a biometric system






50. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst