Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






2. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






3. Software designed to infiltrate or damage a computer system - without the owner's consent.






4. Same as a block cipher except that it is applied to a data stream one bit at a time






5. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






6. Internet Architecture Board. This board is responsible for protecting the Internet.






7. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






8. White hat l0pht






9. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






10. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






11. The practice of obtaining confidential information by manipulation of legitimate users.






12. Repeats the signal. It amplifies the signal before sending it on.






13. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






14. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






15. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






16. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






17. 'If you cant see it - its secure'. Bad policy to live by.






18. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






19. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






20. A site that is ready physically but has no hardware in place - all it has is HVAC






21. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor






22. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






23. Chief Executive Officer






24. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






25. Disclosure - Alteration - Destruction. These things break the CIA triad






26. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






27. Component Object Model.






28. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






29. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






30. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






31. Continuation of Operations Plan






32. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






33. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






34. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






35. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






36. Network Address Translation






37. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






38. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






39. Accepting all packets






40. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






41. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






42. A military standard defining controls for emanation protection






43. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work






44. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






45. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






46. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






47. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






48. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






49. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






50. Someone who hacks