Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






2. Once authenticated - the level of access you have to a system






3. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






4. Animals with teeth. Not as discriminate as guards






5. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






6. Continuation of Operations Plan






7. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






8. Disclosure - Alteration - Destruction. These things break the CIA triad






9. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






10. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






11. Scanning the airwaves for radio transmissions






12. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






13. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






14. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






15. Dialing fixed sets telephone numbers looking for open modem connections to machines






16. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






17. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






18. In the broadest sense - a fraud is a deception made for personal gain






19. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






20. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






21. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






22. The intercepting of conversations by unintended recipients






23. A mechanism by which connections to TCP services on a system are allowed or disallowed






24. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






25. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






26. Personal - Network - and Application






27. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






28. Access control method for database based on the content of the database to provide granular access






29. Public Key Infrastructure






30. Data storage formats and equipment that allow the stored data to be accessed in any order






31. The act of identifying yourself. Providing your identity to a system






32. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






33. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






34. Someone whose hacking is primarily targeted at the phone systems






35. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






36. A sandbox. Emulates an operating environment.






37. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






38. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider






39. Random Number Base






40. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






41. A war dialing utility






42. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






43. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






44. Network device that operates at layer 1. Concentrator.






45. A site that has some equipment in place - and can be up within days






46. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






47. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






48. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






49. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






50. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.