Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






2. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






3. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






4. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






5. In a separation of duties model - this is where code is checked in and out






6. Jumping into dumpsters to retrieve information about someone/something/a company






7. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






8. Same as a block cipher except that it is applied to a data stream one bit at a time






9. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






10. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






11. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






12. Chief Executive Officer






13. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






14. The intercepting of conversations by unintended recipients






15. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






16. Motive - Opportunity - and Means. These deal with crime.






17. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






18. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






19. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






20. The user






21. A RFC standard. A mechanism for performing commands on a remote system






22. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






23. Disclosure - Alteration - Destruction. These things break the CIA triad






24. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






25. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






26. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






27. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






28. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






29. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






30. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






31. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






32. Enticing people to hit your honeypot to see how they try to access your system.






33. A military standard defining controls for emanation protection






34. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






35. Encompasses Risk Analysis and Risk Mitigation






36. Setting up the user to access the honeypot for reasons other than the intent to harm.






37. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






38. Scanning the airwaves for radio transmissions






39. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.






40. Confidentiality - Integrity - and Availability






41. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






42. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






43. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






44. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






45. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






46. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






47. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






48. This factor represents a measure of the magnitude of loss or impact on the value of an asset.






49. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






50. A technique to eliminate data redundancy.