Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






2. After implementing countermeasures - accepting risk for the amount of vulnerability left over






3. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






4. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






5. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






6. Chief Information Officer






7. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






8. Same as a block cipher except that it is applied to a data stream one bit at a time






9. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






10. When one key of a two-key pair has more encryption pattern than the other






11. When security is managed at many different points in an organization






12. The art of breaking code. Testing the strength of an algorithm.






13. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






14. Disclosure - Alteration - Destruction. These things break the CIA triad






15. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






16. Basic Input/Output System






17. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






18. Internet Architecture Board. This board is responsible for protecting the Internet.






19. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






20. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






21. Internet Relay Chat.






22. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






23. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






24. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






25. Animals with teeth. Not as discriminate as guards






26. Network devices that operate at layer 3. This device separates broadcast domains.






27. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






28. A RFC standard. A mechanism for performing commands on a remote system






29. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.






30. Common Object Request Broker Architecture.






31. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






32. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






33. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






34. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






35. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






36. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






37. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






38. Ethernet - Cat5 - Twisted to allow for longer runs.






39. Setting up the user to access the honeypot for reasons other than the intent to harm.






40. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






41. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






42. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






43. Motive - Opportunity - and Means. These deal with crime.






44. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






45. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






46. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






47. Someone whose hacking is primarily targeted at the phone systems






48. Using ICMP to diagram a network






49. Data storage formats and equipment that allow the stored data to be accessed in any order






50. Object Linking and Embedding. The ability of an object to be embedded into another object.