Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






2. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






3. Also civil law






4. Once authenticated - the level of access you have to a system






5. The practice of obtaining confidential information by manipulation of legitimate users.






6. Scanning the airwaves for radio transmissions






7. A site that is ready physically but has no hardware in place - all it has is HVAC






8. Random Number Base






9. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






10. Reasonable doubt






11. Transferring your risk to someone else - typically an insurance company






12. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






13. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






14. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






15. Dynamic Host Configuration Protocol.






16. These viruses usually infect both boot records and files.






17. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






18. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






19. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






20. A sandbox. Emulates an operating environment.






21. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






22. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






23. An instance of a scripting language






24. Encompasses Risk Analysis and Risk Mitigation






25. More discriminate than dogs






26. Accepting all packets






27. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.






28. The person that determines the permissions to files. The data owner.






29. Be at least 8 foot tall and have three strands of barbed wire.






30. Closed Circuit Television






31. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






32. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






33. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






34. The art of breaking code. Testing the strength of an algorithm.






35. A hidden communications channel on a system that allows for the bypassing of the system security policy






36. Someone who hacks






37. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






38. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






39. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






40. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






41. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






42. When one key of a two-key pair has more encryption pattern than the other






43. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






44. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






45. Involving the measurement of quantity or amount.






46. The real cost of acquiring/maintaining/developing a system






47. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






48. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






49. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






50. Public Key Infrastructure