Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The person that determines the permissions to files. The data owner.






2. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






3. Jumping into dumpsters to retrieve information about someone/something/a company






4. A network that mimics the brain






5. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






6. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






7. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






8. This factor represents a measure of the magnitude of loss or impact on the value of an asset.






9. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






10. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






11. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






12. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






13. Also known as a tunnel)






14. Network Address Translation






15. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






16. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






17. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






18. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






19. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






20. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






21. The output of a hash function is a digest.






22. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






23. In a separation of duties model - this is where code is checked in and out






24. Setting up the user to access the honeypot for reasons other than the intent to harm.






25. Motive - Opportunity - and Means. These deal with crime.






26. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






27. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






28. A system designed to stop piggybacking.






29. Dynamic Host Configuration Protocol.






30. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






31. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






32. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






33. Motivational tools for employee awareness to get them to report security flaws in an organization






34. Personal - Network - and Application






35. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






36. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






37. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






38. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






39. Scanning the airwaves for radio transmissions






40. These can be used to verify that public keys belong to certain individuals.






41. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






42. The frequency with which a threat is expected to occur.






43. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses






44. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






45. The practice of obtaining confidential information by manipulation of legitimate users.






46. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






47. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






48. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






49. An instance of a scripting language






50. Something used to put out a fire. Can be in Classes A - B - C - D - or H