Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The process of reducing your risks to an acceptable level based on your risk analysis






2. Dialing fixed sets telephone numbers looking for open modem connections to machines






3. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






4. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






5. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






6. Network devices that operate at layer 3. This device separates broadcast domains.






7. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






8. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






9. A technique to eliminate data redundancy.






10. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor






11. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






12. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.






13. Internet Relay Chat.






14. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






15. A site that has some equipment in place - and can be up within days






16. Random Number Base






17. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






18. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






19. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






20. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






21. Chief Information Officer






22. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






23. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






24. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






25. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






26. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






27. This is an open international standard for applications that use wireless communications.






28. Once authenticated - the level of access you have to a system






29. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






30. A RFC standard. A mechanism for performing commands on a remote system






31. Method of authenticating to a system. Something that you supply and something you know.






32. Confidentiality - Integrity - and Availability






33. The real cost of acquiring/maintaining/developing a system






34. An attempt to trick the system into believing that something false is real






35. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






36. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe






37. The person that determines the permissions to files. The data owner.






38. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






39. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






40. An instance of a scripting language






41. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






42. In cryptography - it is a block cipher






43. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






44. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






45. Assuming someone's session who is unaware of what you are doing






46. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






47. Entails planning and system actions to ensure that a project is following good quality management practices






48. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






49. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






50. Dynamic Host Configuration Protocol.