Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






2. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






3. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






4. When two or more processes are linked and execute multiple programs simultaneously






5. Transferring your risk to someone else - typically an insurance company






6. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






7. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






8. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






9. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






10. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






11. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






12. Entails planning and system actions to ensure that a project is following good quality management practices






13. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






14. Disclosure - Alteration - Destruction. These things break the CIA triad






15. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






16. Computer Incident Response Team






17. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






18. In the broadest sense - a fraud is a deception made for personal gain






19. White hat l0pht






20. Scanning the airwaves for radio transmissions






21. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






22. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






23. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






24. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






25. A hidden communications channel on a system that allows for the bypassing of the system security policy






26. Involving the measurement of quantity or amount.






27. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






28. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






29. The person that determines the permissions to files. The data owner.






30. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






31. Ethernet - Cat5 - Twisted to allow for longer runs.






32. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






33. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.






34. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






35. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






36. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






37. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






38. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






39. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






40. Emanations from one wire coupling with another wire






41. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






42. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






43. Chief Executive Officer






44. These viruses usually infect both boot records and files.






45. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses






46. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






47. Network Address Translation






48. Software designed to infiltrate or damage a computer system - without the owner's consent.






49. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






50. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.