Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






2. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






3. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






4. Good for distance - longer than 100M






5. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






6. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






7. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






8. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






9. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






10. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






11. A RFC standard. A mechanism for performing commands on a remote system






12. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






13. Random Number Base






14. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






15. In the broadest sense - a fraud is a deception made for personal gain






16. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.






17. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






18. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






19. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






20. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.






21. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






22. Involving the measurement of quantity or amount.






23. Closed Circuit Television






24. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






25. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






26. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






27. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






28. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






29. The user






30. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






31. These viruses usually infect both boot records and files.






32. The output of a hash function is a digest.






33. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






34. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






35. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






36. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






37. Access control method for database based on the content of the database to provide granular access






38. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






39. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






40. A sandbox. Emulates an operating environment.






41. Occupant Emergency Plan - Employees are the most important!






42. Also known as a tunnel)






43. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






44. Chief Executive Officer






45. In cryptography - it is a block cipher






46. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






47. The frequency with which a threat is expected to occur.






48. Reasonable doubt






49. White hat l0pht






50. A system designed to stop piggybacking.