Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






2. Distributed Component Object Model. Microsoft's implementation of CORBA.






3. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






4. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






5. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






6. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






7. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






8. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






9. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






10. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






11. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






12. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






13. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






14. Accepting all packets






15. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






16. After implementing countermeasures - accepting risk for the amount of vulnerability left over






17. Same as a block cipher except that it is applied to a data stream one bit at a time






18. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






19. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






20. Defines the objects and their attributes that exist in a database.






21. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






22. To not be legal (as far as law is concerned) or ethical






23. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






24. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






25. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






26. Chief Executive Officer






27. Scanning the airwaves for radio transmissions






28. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






29. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






30. The act of identifying yourself. Providing your identity to a system






31. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






32. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






33. This is an open international standard for applications that use wireless communications.






34. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






35. A site that is ready physically but has no hardware in place - all it has is HVAC






36. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






37. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






38. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






39. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






40. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






41. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






42. A network that mimics the brain






43. Something used to put out a fire. Can be in Classes A - B - C - D - or H






44. Involving the measurement of quantity or amount.






45. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






46. In cryptography - it is a block cipher






47. A technique to eliminate data redundancy.






48. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






49. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses






50. In a separation of duties model - this is where code is checked in and out