Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






2. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






3. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






4. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






5. Someone who hacks






6. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






7. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe






8. The process of reducing your risks to an acceptable level based on your risk analysis






9. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






10. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






11. Chief Executive Officer






12. Dialing fixed sets telephone numbers looking for open modem connections to machines






13. Rolling command center with UPS - satellite - uplink - power - etc.






14. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






15. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






16. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






17. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






18. Occupant Emergency Plan - Employees are the most important!






19. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






20. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






21. Disclosure - Alteration - Destruction. These things break the CIA triad






22. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






23. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






24. When security is managed at a central point in an organization






25. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






26. Access control method for database based on the content of the database to provide granular access






27. Signal degradation as it moves farther from its source






28. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.






29. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






30. The practice of obtaining confidential information by manipulation of legitimate users.






31. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






32. Defines the objects and their attributes that exist in a database.






33. Network device that operates at layer 1. Concentrator.






34. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






35. The intercepting of conversations by unintended recipients






36. Basic Input/Output System






37. CISSPs subscribe to a code of ethics for building up the security profession






38. Entails planning and system actions to ensure that a project is following good quality management practices






39. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






40. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






41. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






42. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






43. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






44. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






45. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






46. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






47. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






48. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






49. A mechanism by which connections to TCP services on a system are allowed or disallowed






50. Separation of duties (SoD) is the concept of having more than one person required to complete a task.