Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. This is an open international standard for applications that use wireless communications.






2. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






3. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






4. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






5. Public Key Infrastructure






6. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






7. These viruses usually infect both boot records and files.






8. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






9. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






10. Motivational tools for employee awareness to get them to report security flaws in an organization






11. Assuming someone's session who is unaware of what you are doing






12. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






13. The user






14. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






15. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






16. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






17. The process of reducing your risks to an acceptable level based on your risk analysis






18. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






19. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






20. When two or more processes are linked and execute multiple programs simultaneously






21. Motive - Opportunity - and Means. These deal with crime.






22. To not be legal (as far as law is concerned) or ethical






23. A war dialing utility






24. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






25. A mechanism by which connections to TCP services on a system are allowed or disallowed






26. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






27. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






28. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






29. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






30. Distributed Component Object Model. Microsoft's implementation of CORBA.






31. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses






32. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






33. Network device that operates at layer 1. Concentrator.






34. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






35. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






36. Network Address Translation






37. Animals with teeth. Not as discriminate as guards






38. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






39. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






40. Chief Executive Officer






41. White hat l0pht






42. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






43. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






44. Also known as a tunnel)






45. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






46. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






47. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.






48. These can be used to verify that public keys belong to certain individuals.






49. Occupant Emergency Plan - Employees are the most important!






50. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.