Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






2. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






3. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






4. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






5. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






6. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






7. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






8. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.






9. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






10. These can be used to verify that public keys belong to certain individuals.






11. In cryptography - it is a block cipher






12. Distributed Component Object Model. Microsoft's implementation of CORBA.






13. The frequency with which a threat is expected to occur.






14. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






15. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






16. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






17. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






18. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






19. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






20. An instance of a scripting language






21. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






22. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






23. Software designed to infiltrate or damage a computer system - without the owner's consent.






24. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






25. Emanations from one wire coupling with another wire






26. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






27. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






28. Good for distance - longer than 100M






29. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






30. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






31. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






32. The practice of obtaining confidential information by manipulation of legitimate users.






33. Same as a block cipher except that it is applied to a data stream one bit at a time






34. Network Address Translation






35. This factor represents a measure of the magnitude of loss or impact on the value of an asset.






36. In the broadest sense - a fraud is a deception made for personal gain






37. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






38. Involving the measurement of quantity or amount.






39. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






40. Something used to put out a fire. Can be in Classes A - B - C - D - or H






41. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






42. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






43. Component Object Model.






44. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






45. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






46. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






47. Personal - Network - and Application






48. Providing verification to a system






49. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






50. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.