Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Accepting all packets






2. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






3. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






4. Component Object Model.






5. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






6. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






7. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe






8. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






9. Once authenticated - the level of access you have to a system






10. CISSPs subscribe to a code of ethics for building up the security profession






11. A military standard defining controls for emanation protection






12. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






13. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






14. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






15. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






16. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






17. Computer Incident Response Team






18. The ability to have more than one thread associated with a process






19. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






20. 'If you cant see it - its secure'. Bad policy to live by.






21. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






22. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






23. Scanning the airwaves for radio transmissions






24. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






25. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






26. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






27. In a separation of duties model - this is where code is checked in and out






28. In cryptography - it is a block cipher






29. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






30. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






31. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






32. A site that has some equipment in place - and can be up within days






33. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






34. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






35. Involving the measurement of quantity or amount.






36. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






37. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






38. More discriminate than dogs






39. Common Object Request Broker Architecture.






40. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






41. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






42. Public Key Infrastructure






43. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






44. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






45. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






46. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






47. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






48. This is an open international standard for applications that use wireless communications.






49. Internet Architecture Board. This board is responsible for protecting the Internet.






50. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.