Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






2. CISSPs subscribe to a code of ethics for building up the security profession






3. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






4. Also civil law






5. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






6. A gas used in fire suppression. Not human safe. Chemical reaction.






7. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i






8. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






9. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






10. Data storage formats and equipment that allow the stored data to be accessed in any order






11. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor






12. An attempt to trick the system into believing that something false is real






13. This is an open international standard for applications that use wireless communications.






14. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






15. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






16. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






17. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






18. Network devices that operate at layer 3. This device separates broadcast domains.






19. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






20. Transferring your risk to someone else - typically an insurance company






21. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






22. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






23. Providing verification to a system






24. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






25. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






26. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






27. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






28. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






29. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time






30. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






31. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






32. The real cost of acquiring/maintaining/developing a system






33. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






34. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






35. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






36. Personal - Network - and Application






37. Software designed to infiltrate or damage a computer system - without the owner's consent.






38. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






39. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






40. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






41. A network that uses proprietary protocols






42. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






43. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






44. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






45. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






46. Basic Input/Output System






47. Ethernet - Cat5 - Twisted to allow for longer runs.






48. Something used to put out a fire. Can be in Classes A - B - C - D - or H






49. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






50. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.