Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Rolling command center with UPS - satellite - uplink - power - etc.






2. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






3. A network that uses standard protocols (TCP/IP)






4. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






5. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






6. Access control method for database based on the content of the database to provide granular access






7. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






8. The real cost of acquiring/maintaining/developing a system






9. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






10. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






11. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






12. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






13. Assuming someone's session who is unaware of what you are doing






14. To not be legal (as far as law is concerned) or ethical






15. Emanations from one wire coupling with another wire






16. Good for distance - longer than 100M






17. A RFC standard. A mechanism for performing commands on a remote system






18. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






19. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






20. Network device that operates at layer 1. Concentrator.






21. Distributed Component Object Model. Microsoft's implementation of CORBA.






22. The user






23. A site that is ready physically but has no hardware in place - all it has is HVAC






24. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






25. Defines the objects and their attributes that exist in a database.






26. Accepting all packets






27. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






28. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






29. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






30. The intercepting of conversations by unintended recipients






31. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






32. Once authenticated - the level of access you have to a system






33. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.






34. The frequency with which a threat is expected to occur.






35. Network devices that operate at layer 3. This device separates broadcast domains.






36. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






37. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






38. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






39. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






40. Entails planning and system actions to ensure that a project is following good quality management practices






41. A system designed to stop piggybacking.






42. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time






43. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






44. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






45. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






46. Jumping into dumpsters to retrieve information about someone/something/a company






47. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






48. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






49. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






50. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.