Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






2. Object Linking and Embedding. The ability of an object to be embedded into another object.






3. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






4. Must be in place for you to use a biometric system






5. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






6. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






7. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






8. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






9. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






10. Entails planning and system actions to ensure that a project is following good quality management practices






11. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






12. Also civil law






13. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






14. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






15. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






16. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






17. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






18. These can be used to verify that public keys belong to certain individuals.






19. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






20. A network that uses standard protocols (TCP/IP)






21. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






22. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






23. Public Key Infrastructure






24. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






25. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






26. Jumping into dumpsters to retrieve information about someone/something/a company






27. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






28. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






29. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






30. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






31. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






32. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






33. Transferring your risk to someone else - typically an insurance company






34. The ability to have more than one thread associated with a process






35. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






36. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






37. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






38. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






39. Using ICMP to diagram a network






40. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.






41. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






42. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






43. Personal - Network - and Application






44. Common Object Request Broker Architecture.






45. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






46. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






47. The frequency with which a threat is expected to occur.






48. The output of a hash function is a digest.






49. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






50. Dynamic Host Configuration Protocol.