Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Ethernet - Cat5 - Twisted to allow for longer runs.






2. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






3. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






4. The user






5. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






6. Closed Circuit Television






7. Relating to quality or kind. This assigns a level of importance to something.






8. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






9. These can be used to verify that public keys belong to certain individuals.






10. In a separation of duties model - this is where code is checked in and out






11. Something used to put out a fire. Can be in Classes A - B - C - D - or H






12. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






13. A war dialing utility






14. To not be legal (as far as law is concerned) or ethical






15. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






16. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






17. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






18. The frequency with which a threat is expected to occur.






19. The practice of obtaining confidential information by manipulation of legitimate users.






20. Motivational tools for employee awareness to get them to report security flaws in an organization






21. Common Object Request Broker Architecture.






22. The act of identifying yourself. Providing your identity to a system






23. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






24. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






25. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






26. Data storage formats and equipment that allow the stored data to be accessed in any order






27. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






28. White hat l0pht






29. A network that uses standard protocols (TCP/IP)






30. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






31. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






32. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






33. Dynamic Host Configuration Protocol.






34. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






35. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






36. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






37. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






38. Chief Information Officer






39. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






40. A site that is ready physically but has no hardware in place - all it has is HVAC






41. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






42. Good for distance - longer than 100M






43. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






44. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






45. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






46. Continuation of Operations Plan






47. Network Address Translation






48. A mechanism by which connections to TCP services on a system are allowed or disallowed






49. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






50. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.