Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A gas used in fire suppression. Not human safe. Chemical reaction.






2. A RFC standard. A mechanism for performing commands on a remote system






3. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






4. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.






5. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






6. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






7. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






8. Data storage formats and equipment that allow the stored data to be accessed in any order






9. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






10. Transferring your risk to someone else - typically an insurance company






11. The person that controls access to the data






12. Motivational tools for employee awareness to get them to report security flaws in an organization






13. More discriminate than dogs






14. The practice of obtaining confidential information by manipulation of legitimate users.






15. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






16. Disclosure - Alteration - Destruction. These things break the CIA triad






17. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






18. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






19. Enticing people to hit your honeypot to see how they try to access your system.






20. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






21. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






22. A site that has some equipment in place - and can be up within days






23. The user






24. This is an open international standard for applications that use wireless communications.






25. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






26. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






27. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






28. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






29. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






30. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






31. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






32. Motive - Opportunity - and Means. These deal with crime.






33. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






34. Using ICMP to diagram a network






35. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






36. Someone who hacks






37. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






38. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






39. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






40. Be at least 8 foot tall and have three strands of barbed wire.






41. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






42. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






43. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






44. After implementing countermeasures - accepting risk for the amount of vulnerability left over






45. A hidden communications channel on a system that allows for the bypassing of the system security policy






46. A military standard defining controls for emanation protection






47. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






48. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






49. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






50. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work