Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Object Linking and Embedding. The ability of an object to be embedded into another object.






2. Relating to quality or kind. This assigns a level of importance to something.






3. The act of identifying yourself. Providing your identity to a system






4. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






5. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






6. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






7. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






8. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






9. Access control method for database based on the content of the database to provide granular access






10. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






11. More discriminate than dogs






12. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






13. Dialing fixed sets telephone numbers looking for open modem connections to machines






14. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






15. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work






16. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.






17. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






18. A gas used in fire suppression. Not human safe. Chemical reaction.






19. A RFC standard. A mechanism for performing commands on a remote system






20. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






21. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






22. Closed Circuit Television






23. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






24. In the broadest sense - a fraud is a deception made for personal gain






25. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






26. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






27. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






28. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






29. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






30. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






31. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






32. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






33. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






34. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






35. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






36. Threat to physical security.






37. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






38. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






39. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






40. Entails planning and system actions to ensure that a project is following good quality management practices






41. Transferring your risk to someone else - typically an insurance company






42. White hat l0pht






43. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






44. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






45. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






46. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






47. Good for distance - longer than 100M






48. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






49. The process of reducing your risks to an acceptable level based on your risk analysis






50. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th