Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






2. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






3. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






4. Making individuals accountable for their actions on a system typically through the use of auditing






5. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






6. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






7. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






8. Threat to physical security.






9. The frequency with which a threat is expected to occur.






10. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






11. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






12. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






13. Public Key Infrastructure






14. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






15. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






16. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






17. The process of reducing your risks to an acceptable level based on your risk analysis






18. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






19. Animals with teeth. Not as discriminate as guards






20. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






21. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






22. The act of identifying yourself. Providing your identity to a system






23. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






24. Network devices that operate at layer 3. This device separates broadcast domains.






25. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






26. A network that mimics the brain






27. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






28. The person that controls access to the data






29. A military standard defining controls for emanation protection






30. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses






31. Distributed Component Object Model. Microsoft's implementation of CORBA.






32. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






33. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






34. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






35. Network device that operates at layer 1. Concentrator.






36. In the broadest sense - a fraud is a deception made for personal gain






37. An attempt to trick the system into believing that something false is real






38. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






39. Good for distance - longer than 100M






40. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






41. Random Number Base






42. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






43. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






44. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






45. Assuming someone's session who is unaware of what you are doing






46. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






47. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






48. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






49. A mechanism by which connections to TCP services on a system are allowed or disallowed






50. Providing verification to a system