Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






2. Setting up the user to access the honeypot for reasons other than the intent to harm.






3. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






4. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






5. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






6. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






7. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






8. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






9. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






10. Accepting all packets






11. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






12. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






13. A network entity that provides a single entrance / exit point to the Internet.






14. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






15. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






16. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






17. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






18. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






19. When one key of a two-key pair has more encryption pattern than the other






20. A mechanism by which connections to TCP services on a system are allowed or disallowed






21. Also known as a tunnel)






22. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






23. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






24. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






25. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






26. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






27. Someone whose hacking is primarily targeted at the phone systems






28. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






29. A RFC standard. A mechanism for performing commands on a remote system






30. Data storage formats and equipment that allow the stored data to be accessed in any order






31. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






32. Reasonable doubt






33. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






34. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






35. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






36. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.






37. Network devices that operate at layer 3. This device separates broadcast domains.






38. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






39. A site that is ready physically but has no hardware in place - all it has is HVAC






40. Continuation of Operations Plan






41. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






42. This is an open international standard for applications that use wireless communications.






43. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






44. This factor represents a measure of the magnitude of loss or impact on the value of an asset.






45. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






46. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






47. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






48. Motive - Opportunity - and Means. These deal with crime.






49. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






50. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t