Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






2. In a separation of duties model - this is where code is checked in and out






3. Providing verification to a system






4. Network Address Translation






5. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






6. Chief Executive Officer






7. Defines the objects and their attributes that exist in a database.






8. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






9. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






10. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






11. Motivational tools for employee awareness to get them to report security flaws in an organization






12. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






13. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






14. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






15. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






16. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






17. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






18. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






19. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






20. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






21. Setting up the user to access the honeypot for reasons other than the intent to harm.






22. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






23. Disclosure - Alteration - Destruction. These things break the CIA triad






24. Basic Input/Output System






25. A network entity that provides a single entrance / exit point to the Internet.






26. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i






27. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






28. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






29. The intercepting of conversations by unintended recipients






30. Scanning the airwaves for radio transmissions






31. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






32. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work






33. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






34. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






35. Method of authenticating to a system. Something that you supply and something you know.






36. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






37. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






38. The real cost of acquiring/maintaining/developing a system






39. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






40. Involving the measurement of quantity or amount.






41. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






42. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






43. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






44. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






45. These can be used to verify that public keys belong to certain individuals.






46. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






47. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






48. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






49. More discriminate than dogs






50. Relating to quality or kind. This assigns a level of importance to something.