Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Distributed Component Object Model. Microsoft's implementation of CORBA.






2. The frequency with which a threat is expected to occur.






3. Someone whose hacking is primarily targeted at the phone systems






4. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






5. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






6. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






7. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






8. When security is managed at a central point in an organization






9. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






10. These viruses usually infect both boot records and files.






11. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






12. To not be legal (as far as law is concerned) or ethical






13. Relating to quality or kind. This assigns a level of importance to something.






14. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






15. Transferring your risk to someone else - typically an insurance company






16. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






17. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






18. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






19. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






20. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






21. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






22. The practice of obtaining confidential information by manipulation of legitimate users.






23. The art of breaking code. Testing the strength of an algorithm.






24. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






25. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.






26. Defines the objects and their attributes that exist in a database.






27. White hat l0pht






28. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






29. A RFC standard. A mechanism for performing commands on a remote system






30. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






31. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






32. A network that mimics the brain






33. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






34. The process of reducing your risks to an acceptable level based on your risk analysis






35. Occupant Emergency Plan - Employees are the most important!






36. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider






37. A system designed to stop piggybacking.






38. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






39. Network devices that operate at layer 3. This device separates broadcast domains.






40. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.






41. Chief Executive Officer






42. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






43. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






44. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






45. Someone who hacks






46. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






47. Making individuals accountable for their actions on a system typically through the use of auditing






48. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






49. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






50. Using ICMP to diagram a network







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests