Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






2. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






3. A site that is ready physically but has no hardware in place - all it has is HVAC






4. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






5. Relating to quality or kind. This assigns a level of importance to something.






6. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






7. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






8. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






9. In a separation of duties model - this is where code is checked in and out






10. When two or more processes are linked and execute multiple programs simultaneously






11. Once authenticated - the level of access you have to a system






12. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






13. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






14. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






15. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






16. Must be in place for you to use a biometric system






17. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






18. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






19. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






20. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






21. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






22. Good for distance - longer than 100M






23. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






24. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






25. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






26. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






27. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






28. The art of breaking code. Testing the strength of an algorithm.






29. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






30. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






31. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






32. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






33. Something used to put out a fire. Can be in Classes A - B - C - D - or H






34. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






35. More discriminate than dogs






36. Public Key Infrastructure






37. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






38. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






39. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






40. A military standard defining controls for emanation protection






41. Motivational tools for employee awareness to get them to report security flaws in an organization






42. Internet Relay Chat.






43. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






44. Access control method for database based on the content of the database to provide granular access






45. Transferring your risk to someone else - typically an insurance company






46. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






47. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






48. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






49. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






50. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.