Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.






2. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






3. Personal - Network - and Application






4. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






5. Assuming someone's session who is unaware of what you are doing






6. Emanations from one wire coupling with another wire






7. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






8. Computer Incident Response Team






9. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






10. Network Address Translation






11. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






12. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






13. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






14. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






15. Dynamic Host Configuration Protocol.






16. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






17. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






18. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






19. A system designed to stop piggybacking.






20. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.






21. These can be used to verify that public keys belong to certain individuals.






22. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






23. Also known as a tunnel)






24. The art of breaking code. Testing the strength of an algorithm.






25. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






26. Occupant Emergency Plan - Employees are the most important!






27. To not be legal (as far as law is concerned) or ethical






28. The process of reducing your risks to an acceptable level based on your risk analysis






29. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






30. A site that is ready physically but has no hardware in place - all it has is HVAC






31. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






32. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe






33. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






34. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






35. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






36. Continuation of Operations Plan






37. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






38. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






39. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






40. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






41. Someone whose hacking is primarily targeted at the phone systems






42. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






43. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






44. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






45. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






46. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






47. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






48. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






49. Something used to put out a fire. Can be in Classes A - B - C - D - or H






50. This factor represents a measure of the magnitude of loss or impact on the value of an asset.