Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. These viruses usually infect both boot records and files.






2. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






3. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






4. Method of authenticating to a system. Something that you supply and something you know.






5. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






6. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






7. The user






8. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






9. Also known as a tunnel)






10. Accepting all packets






11. Signal degradation as it moves farther from its source






12. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






13. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






14. Same as a block cipher except that it is applied to a data stream one bit at a time






15. Disclosure - Alteration - Destruction. These things break the CIA triad






16. Random Number Base






17. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






18. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






19. Must be in place for you to use a biometric system






20. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






21. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






22. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






23. A sandbox. Emulates an operating environment.






24. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






25. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






26. A network that mimics the brain






27. Encompasses Risk Analysis and Risk Mitigation






28. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






29. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






30. The ability to have more than one thread associated with a process






31. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






32. The act of identifying yourself. Providing your identity to a system






33. Enticing people to hit your honeypot to see how they try to access your system.






34. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






35. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






36. A mechanism by which connections to TCP services on a system are allowed or disallowed






37. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






38. Relating to quality or kind. This assigns a level of importance to something.






39. 'If you cant see it - its secure'. Bad policy to live by.






40. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






41. The process of reducing your risks to an acceptable level based on your risk analysis






42. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






43. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






44. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






45. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i






46. The person that controls access to the data






47. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






48. Dynamic Host Configuration Protocol.






49. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






50. Someone whose hacking is primarily targeted at the phone systems