Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A RFC standard. A mechanism for performing commands on a remote system






2. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






3. These can be used to verify that public keys belong to certain individuals.






4. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






5. Making individuals accountable for their actions on a system typically through the use of auditing






6. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






7. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






8. Repeats the signal. It amplifies the signal before sending it on.






9. Internet Relay Chat.






10. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider






11. Public Key Infrastructure






12. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






13. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






14. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






15. Random Number Base






16. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






17. Transferring your risk to someone else - typically an insurance company






18. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






19. More discriminate than dogs






20. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






21. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






22. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






23. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






24. The output of a hash function is a digest.






25. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






26. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






27. Providing verification to a system






28. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






29. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






30. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






31. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






32. To not be legal (as far as law is concerned) or ethical






33. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses






34. 'If you cant see it - its secure'. Bad policy to live by.






35. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






36. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






37. Internet Architecture Board. This board is responsible for protecting the Internet.






38. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






39. The real cost of acquiring/maintaining/developing a system






40. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






41. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






42. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






43. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






44. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






45. Dialing fixed sets telephone numbers looking for open modem connections to machines






46. Disclosure - Alteration - Destruction. These things break the CIA triad






47. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






48. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






49. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






50. Enticing people to hit your honeypot to see how they try to access your system.