Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Chief Information Officer






2. Signal degradation as it moves farther from its source






3. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






4. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






5. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






6. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






7. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work






8. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






9. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






10. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






11. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






12. The ability to have more than one thread associated with a process






13. Transferring your risk to someone else - typically an insurance company






14. Using ICMP to diagram a network






15. Network Address Translation






16. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






17. Animals with teeth. Not as discriminate as guards






18. Accepting all packets






19. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






20. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






21. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






22. In a separation of duties model - this is where code is checked in and out






23. Emanations from one wire coupling with another wire






24. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






25. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






26. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






27. Once authenticated - the level of access you have to a system






28. Must be in place for you to use a biometric system






29. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






30. To not be legal (as far as law is concerned) or ethical






31. Disclosure - Alteration - Destruction. These things break the CIA triad






32. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






33. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






34. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






35. Basic Input/Output System






36. A technique to eliminate data redundancy.






37. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






38. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






39. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






40. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






41. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






42. The person that determines the permissions to files. The data owner.






43. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






44. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






45. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






46. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






47. Data storage formats and equipment that allow the stored data to be accessed in any order






48. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






49. A war dialing utility






50. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.