Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






2. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






3. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






4. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






5. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






6. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






7. Confidentiality - Integrity - and Availability






8. Enticing people to hit your honeypot to see how they try to access your system.






9. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






10. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






11. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






12. Software designed to infiltrate or damage a computer system - without the owner's consent.






13. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






14. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






15. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






16. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






17. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






18. 'If you cant see it - its secure'. Bad policy to live by.






19. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






20. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






21. Common Object Request Broker Architecture.






22. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






23. A hidden communications channel on a system that allows for the bypassing of the system security policy






24. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






25. This factor represents a measure of the magnitude of loss or impact on the value of an asset.






26. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






27. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






28. Defines the objects and their attributes that exist in a database.






29. Assuming someone's session who is unaware of what you are doing






30. In a separation of duties model - this is where code is checked in and out






31. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.






32. When security is managed at a central point in an organization






33. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






34. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






35. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






36. Also civil law






37. Network devices that operate at layer 3. This device separates broadcast domains.






38. The person that controls access to the data






39. In cryptography - it is a block cipher






40. Using ICMP to diagram a network






41. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






42. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






43. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






44. Data storage formats and equipment that allow the stored data to be accessed in any order






45. A war dialing utility






46. CISSPs subscribe to a code of ethics for building up the security profession






47. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






48. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






49. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






50. Good for distance - longer than 100M