Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






2. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






3. Basic Input/Output System






4. Entails planning and system actions to ensure that a project is following good quality management practices






5. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






6. A hidden communications channel on a system that allows for the bypassing of the system security policy






7. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






8. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






9. Confidentiality - Integrity - and Availability






10. Involving the measurement of quantity or amount.






11. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






12. Be at least 8 foot tall and have three strands of barbed wire.






13. Animals with teeth. Not as discriminate as guards






14. Setting up the user to access the honeypot for reasons other than the intent to harm.






15. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






16. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






17. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






18. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






19. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






20. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






21. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






22. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






23. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






24. Network Address Translation






25. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






26. Data storage formats and equipment that allow the stored data to be accessed in any order






27. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






28. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






29. CISSPs subscribe to a code of ethics for building up the security profession






30. Dialing fixed sets telephone numbers looking for open modem connections to machines






31. The process of reducing your risks to an acceptable level based on your risk analysis






32. Someone who hacks






33. A network that mimics the brain






34. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






35. A military standard defining controls for emanation protection






36. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






37. Scanning the airwaves for radio transmissions






38. The output of a hash function is a digest.






39. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






40. To not be legal (as far as law is concerned) or ethical






41. Network device that operates at layer 1. Concentrator.






42. The user






43. Good for distance - longer than 100M






44. A war dialing utility






45. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






46. This is an open international standard for applications that use wireless communications.






47. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






48. Using ICMP to diagram a network






49. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






50. A technique to eliminate data redundancy.