Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The ability to have more than one thread associated with a process






2. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






3. A sandbox. Emulates an operating environment.






4. When security is managed at many different points in an organization






5. Software designed to infiltrate or damage a computer system - without the owner's consent.






6. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






7. Basic Input/Output System






8. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






9. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






10. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






11. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






12. Public Key Infrastructure






13. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






14. Someone who hacks






15. When two or more processes are linked and execute multiple programs simultaneously






16. Same as a block cipher except that it is applied to a data stream one bit at a time






17. The art of breaking code. Testing the strength of an algorithm.






18. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






19. Relating to quality or kind. This assigns a level of importance to something.






20. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






21. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






22. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






23. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






24. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






25. The person that controls access to the data






26. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






27. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






28. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






29. Component Object Model.






30. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






31. Must be in place for you to use a biometric system






32. This is an open international standard for applications that use wireless communications.






33. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






34. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






35. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






36. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






37. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






38. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






39. Continuation of Operations Plan






40. A network entity that provides a single entrance / exit point to the Internet.






41. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






42. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






43. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






44. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






45. A RFC standard. A mechanism for performing commands on a remote system






46. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






47. Dialing fixed sets telephone numbers looking for open modem connections to machines






48. Internet Architecture Board. This board is responsible for protecting the Internet.






49. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






50. Method of authenticating to a system. Something that you supply and something you know.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests