Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






2. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






3. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






4. In a separation of duties model - this is where code is checked in and out






5. After implementing countermeasures - accepting risk for the amount of vulnerability left over






6. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






7. The practice of obtaining confidential information by manipulation of legitimate users.






8. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






9. These viruses usually infect both boot records and files.






10. This factor represents a measure of the magnitude of loss or impact on the value of an asset.






11. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






12. The frequency with which a threat is expected to occur.






13. Assuming someone's session who is unaware of what you are doing






14. Network devices that operate at layer 3. This device separates broadcast domains.






15. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






16. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






17. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






18. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






19. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






20. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






21. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor






22. Random Number Base






23. Also known as a tunnel)






24. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






25. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.






26. Must be in place for you to use a biometric system






27. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






28. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






29. Setting up the user to access the honeypot for reasons other than the intent to harm.






30. These can be used to verify that public keys belong to certain individuals.






31. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






32. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






33. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






34. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






35. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






36. When one key of a two-key pair has more encryption pattern than the other






37. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






38. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






39. Be at least 8 foot tall and have three strands of barbed wire.






40. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






41. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






42. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






43. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






44. The output of a hash function is a digest.






45. Threat to physical security.






46. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






47. The act of identifying yourself. Providing your identity to a system






48. Public Key Infrastructure






49. Using ICMP to diagram a network






50. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.