Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






2. Data storage formats and equipment that allow the stored data to be accessed in any order






3. Computer Incident Response Team






4. Repeats the signal. It amplifies the signal before sending it on.






5. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






6. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






7. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






8. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






9. Method of authenticating to a system. Something that you supply and something you know.






10. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work






11. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






12. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.






13. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






14. Access control method for database based on the content of the database to provide granular access






15. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






16. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






17. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






18. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






19. The process of reducing your risks to an acceptable level based on your risk analysis






20. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






21. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






22. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






23. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






24. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






25. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






26. 'If you cant see it - its secure'. Bad policy to live by.






27. When one key of a two-key pair has more encryption pattern than the other






28. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






29. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






30. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






31. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






32. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






33. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






34. The user






35. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






36. Defines the objects and their attributes that exist in a database.






37. The practice of obtaining confidential information by manipulation of legitimate users.






38. When two or more processes are linked and execute multiple programs simultaneously






39. This is an open international standard for applications that use wireless communications.






40. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






41. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






42. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






43. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






44. A military standard defining controls for emanation protection






45. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






46. An instance of a scripting language






47. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






48. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






49. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






50. Be at least 8 foot tall and have three strands of barbed wire.