Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Reasonable doubt






2. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






3. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






4. Enticing people to hit your honeypot to see how they try to access your system.






5. Disclosure - Alteration - Destruction. These things break the CIA triad






6. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor






7. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






8. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






9. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






10. A sandbox. Emulates an operating environment.






11. Repeats the signal. It amplifies the signal before sending it on.






12. After implementing countermeasures - accepting risk for the amount of vulnerability left over






13. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






14. Computer Incident Response Team






15. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






16. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






17. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






18. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






19. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






20. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






21. Continuation of Operations Plan






22. When security is managed at a central point in an organization






23. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






24. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






25. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






26. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






27. Threat to physical security.






28. Internet Architecture Board. This board is responsible for protecting the Internet.






29. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






30. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






31. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






32. Data storage formats and equipment that allow the stored data to be accessed in any order






33. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






34. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider






35. Animals with teeth. Not as discriminate as guards






36. Also known as a tunnel)






37. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






38. The art of breaking code. Testing the strength of an algorithm.






39. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






40. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






41. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






42. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






43. A network that mimics the brain






44. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






45. Ethernet - Cat5 - Twisted to allow for longer runs.






46. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






47. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






48. To not be legal (as far as law is concerned) or ethical






49. Network device that operates at layer 1. Concentrator.






50. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.