Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






2. Must be in place for you to use a biometric system






3. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






4. Also known as a tunnel)






5. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






6. After implementing countermeasures - accepting risk for the amount of vulnerability left over






7. Reasonable doubt






8. The act of identifying yourself. Providing your identity to a system






9. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






10. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






11. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






12. Scanning the airwaves for radio transmissions






13. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






14. The art of breaking code. Testing the strength of an algorithm.






15. This factor represents a measure of the magnitude of loss or impact on the value of an asset.






16. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






17. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






18. Personal - Network - and Application






19. Computer Incident Response Team






20. A card that holds information that must be authenticated to before it can reveal the information that it is holding






21. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






22. Distributed Component Object Model. Microsoft's implementation of CORBA.






23. Random Number Base






24. Internet Architecture Board. This board is responsible for protecting the Internet.






25. A hidden communications channel on a system that allows for the bypassing of the system security policy






26. Defines the objects and their attributes that exist in a database.






27. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






28. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






29. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






30. Dynamic Host Configuration Protocol.






31. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






32. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






33. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






34. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






35. Involving the measurement of quantity or amount.






36. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






37. Encompasses Risk Analysis and Risk Mitigation






38. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






39. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






40. Object Linking and Embedding. The ability of an object to be embedded into another object.






41. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe






42. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






43. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






44. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






45. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






46. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






47. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






48. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






49. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






50. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh