Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






2. A gas used in fire suppression. Not human safe. Chemical reaction.






3. A sandbox. Emulates an operating environment.






4. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






5. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






6. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






7. To not be legal (as far as law is concerned) or ethical






8. Something used to put out a fire. Can be in Classes A - B - C - D - or H






9. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






10. Same as a block cipher except that it is applied to a data stream one bit at a time






11. Access control method for database based on the content of the database to provide granular access






12. A network that uses proprietary protocols






13. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






14. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






15. Making individuals accountable for their actions on a system typically through the use of auditing






16. An attempt to trick the system into believing that something false is real






17. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






18. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






19. These can be used to verify that public keys belong to certain individuals.






20. The frequency with which a threat is expected to occur.






21. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






22. Enticing people to hit your honeypot to see how they try to access your system.






23. Providing verification to a system






24. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






25. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






26. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






27. Someone whose hacking is primarily targeted at the phone systems






28. Closed Circuit Television






29. When security is managed at many different points in an organization






30. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






31. A site that has some equipment in place - and can be up within days






32. Random Number Base






33. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






34. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






35. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






36. White hat l0pht






37. Confidentiality - Integrity - and Availability






38. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






39. Network Address Translation






40. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






41. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






42. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






43. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






44. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






45. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






46. Network devices that operate at layer 3. This device separates broadcast domains.






47. Emanations from one wire coupling with another wire






48. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






49. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






50. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.