Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The intercepting of conversations by unintended recipients






2. A war dialing utility






3. An attempt to trick the system into believing that something false is real






4. Good for distance - longer than 100M






5. Must be in place for you to use a biometric system






6. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






7. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






8. Public Key Infrastructure






9. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






10. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






11. White hat l0pht






12. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






13. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






14. Encompasses Risk Analysis and Risk Mitigation






15. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






16. Also civil law






17. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






18. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






19. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






20. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






21. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






22. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






23. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






24. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






25. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






26. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






27. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






28. Threat to physical security.






29. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






30. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






31. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






32. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






33. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






34. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






35. When security is managed at many different points in an organization






36. The output of a hash function is a digest.






37. Basic Input/Output System






38. The practice of obtaining confidential information by manipulation of legitimate users.






39. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






40. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






41. This is an open international standard for applications that use wireless communications.






42. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






43. After implementing countermeasures - accepting risk for the amount of vulnerability left over






44. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






45. When one key of a two-key pair has more encryption pattern than the other






46. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






47. A network entity that provides a single entrance / exit point to the Internet.






48. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






49. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






50. The frequency with which a threat is expected to occur.