Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






2. Also known as a tunnel)






3. A RFC standard. A mechanism for performing commands on a remote system






4. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






5. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






6. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






7. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






8. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






9. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






10. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






11. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






12. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






13. Closed Circuit Television






14. In a separation of duties model - this is where code is checked in and out






15. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






16. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






17. Chief Executive Officer






18. An attempt to trick the system into believing that something false is real






19. Relating to quality or kind. This assigns a level of importance to something.






20. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






21. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






22. Must be in place for you to use a biometric system






23. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






24. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor






25. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






26. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






27. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






28. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i






29. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






30. Basic Input/Output System






31. Good for distance - longer than 100M






32. Dialing fixed sets telephone numbers looking for open modem connections to machines






33. Reasonable doubt






34. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






35. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






36. The process of reducing your risks to an acceptable level based on your risk analysis






37. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






38. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






39. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






40. Making individuals accountable for their actions on a system typically through the use of auditing






41. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






42. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






43. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






44. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






45. Once authenticated - the level of access you have to a system






46. 'If you cant see it - its secure'. Bad policy to live by.






47. Setting up the user to access the honeypot for reasons other than the intent to harm.






48. The user






49. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






50. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically