Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. White hat l0pht






2. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.






3. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






4. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






5. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






6. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider






7. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






8. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






9. 'If you cant see it - its secure'. Bad policy to live by.






10. This factor represents a measure of the magnitude of loss or impact on the value of an asset.






11. Chief Executive Officer






12. Also known as a tunnel)






13. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






14. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time






15. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






16. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






17. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






18. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






19. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






20. A military standard defining controls for emanation protection






21. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






22. Public Key Infrastructure






23. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






24. Be at least 8 foot tall and have three strands of barbed wire.






25. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






26. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






27. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






28. Network devices that operate at layer 3. This device separates broadcast domains.






29. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






30. The ability to have more than one thread associated with a process






31. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






32. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






33. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






34. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






35. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






36. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






37. Signal degradation as it moves farther from its source






38. A network that mimics the brain






39. When two or more processes are linked and execute multiple programs simultaneously






40. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






41. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






42. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






43. Accepting all packets






44. Using ICMP to diagram a network






45. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






46. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






47. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






48. Motivational tools for employee awareness to get them to report security flaws in an organization






49. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






50. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.