Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work






2. The process of reducing your risks to an acceptable level based on your risk analysis






3. Basic Input/Output System






4. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses






5. Network device that operates at layer 1. Concentrator.






6. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






7. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






8. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






9. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






10. Confidentiality - Integrity - and Availability






11. The art of breaking code. Testing the strength of an algorithm.






12. Defines the objects and their attributes that exist in a database.






13. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






14. A site that is ready physically but has no hardware in place - all it has is HVAC






15. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






16. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






17. Object Linking and Embedding. The ability of an object to be embedded into another object.






18. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






19. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






20. Random Number Base






21. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






22. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe






23. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






24. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






25. Be at least 8 foot tall and have three strands of barbed wire.






26. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






27. Disclosure - Alteration - Destruction. These things break the CIA triad






28. Transferring your risk to someone else - typically an insurance company






29. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i






30. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






31. Access control method for database based on the content of the database to provide granular access






32. Occupant Emergency Plan - Employees are the most important!






33. A technique to eliminate data redundancy.






34. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






35. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






36. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






37. Ethernet - Cat5 - Twisted to allow for longer runs.






38. Repeats the signal. It amplifies the signal before sending it on.






39. Accepting all packets






40. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






41. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






42. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






43. A network that uses standard protocols (TCP/IP)






44. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






45. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






46. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






47. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






48. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






49. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






50. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.