Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The art of breaking code. Testing the strength of an algorithm.






2. An attempt to trick the system into believing that something false is real






3. Chief Information Officer






4. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor






5. Distributed Component Object Model. Microsoft's implementation of CORBA.






6. The person that determines the permissions to files. The data owner.






7. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






8. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






9. Scanning the airwaves for radio transmissions






10. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






11. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






12. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






13. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






14. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i






15. Motivational tools for employee awareness to get them to report security flaws in an organization






16. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






17. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






18. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider






19. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






20. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






21. Encompasses Risk Analysis and Risk Mitigation






22. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






23. A site that is ready physically but has no hardware in place - all it has is HVAC






24. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






25. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






26. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






27. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






28. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






29. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






30. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






31. A war dialing utility






32. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






33. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






34. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






35. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






36. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






37. Involving the measurement of quantity or amount.






38. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






39. The user






40. In the broadest sense - a fraud is a deception made for personal gain






41. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






42. Closed Circuit Television






43. A site that has some equipment in place - and can be up within days






44. A network that uses standard protocols (TCP/IP)






45. Threat to physical security.






46. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






47. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






48. Ethernet - Cat5 - Twisted to allow for longer runs.






49. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






50. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.