Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






2. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






3. A war dialing utility






4. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






5. The real cost of acquiring/maintaining/developing a system






6. Chief Information Officer






7. Reasonable doubt






8. Method of authenticating to a system. Something that you supply and something you know.






9. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






10. CISSPs subscribe to a code of ethics for building up the security profession






11. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






12. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






13. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






14. Using ICMP to diagram a network






15. Data storage formats and equipment that allow the stored data to be accessed in any order






16. White hat l0pht






17. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






18. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






19. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






20. The art of breaking code. Testing the strength of an algorithm.






21. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






22. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






23. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






24. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






25. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






26. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.






27. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






28. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






29. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






30. Continuation of Operations Plan






31. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






32. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






33. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






34. When two or more processes are linked and execute multiple programs simultaneously






35. Common Object Request Broker Architecture.






36. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






37. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






38. A network that uses proprietary protocols






39. Random Number Base






40. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






41. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






42. An instance of a scripting language






43. These can be used to verify that public keys belong to certain individuals.






44. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






45. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






46. To not be legal (as far as law is concerned) or ethical






47. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






48. Assuming someone's session who is unaware of what you are doing






49. Component Object Model.






50. The output of a hash function is a digest.