Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






2. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






3. This is an open international standard for applications that use wireless communications.






4. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






5. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






6. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






7. Encompasses Risk Analysis and Risk Mitigation






8. Same as a block cipher except that it is applied to a data stream one bit at a time






9. Basic Input/Output System






10. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






11. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






12. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






13. In cryptography - it is a block cipher






14. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






15. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






16. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






17. Object Linking and Embedding. The ability of an object to be embedded into another object.






18. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






19. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






20. A card that holds information that must be authenticated to before it can reveal the information that it is holding






21. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






22. Repeats the signal. It amplifies the signal before sending it on.






23. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






24. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






25. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






26. The practice of obtaining confidential information by manipulation of legitimate users.






27. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






28. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






29. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






30. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






31. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






32. The person that determines the permissions to files. The data owner.






33. Network device that operates at layer 1. Concentrator.






34. Confidentiality - Integrity - and Availability






35. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






36. Computer Incident Response Team






37. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i






38. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






39. Dynamic Host Configuration Protocol.






40. Dialing fixed sets telephone numbers looking for open modem connections to machines






41. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






42. Be at least 8 foot tall and have three strands of barbed wire.






43. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






44. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






45. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






46. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






47. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






48. Distributed Component Object Model. Microsoft's implementation of CORBA.






49. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






50. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute