Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






2. A site that has some equipment in place - and can be up within days






3. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






4. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work






5. The intercepting of conversations by unintended recipients






6. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






7. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






8. A card that holds information that must be authenticated to before it can reveal the information that it is holding






9. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






10. The act of identifying yourself. Providing your identity to a system






11. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






12. Making individuals accountable for their actions on a system typically through the use of auditing






13. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time






14. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






15. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






16. When two or more processes are linked and execute multiple programs simultaneously






17. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






18. Distributed Component Object Model. Microsoft's implementation of CORBA.






19. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






20. Common Object Request Broker Architecture.






21. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






22. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






23. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






24. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






25. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






26. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






27. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






28. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






29. Chief Information Officer






30. 'If you cant see it - its secure'. Bad policy to live by.






31. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






32. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






33. Transferring your risk to someone else - typically an insurance company






34. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






35. Accepting all packets






36. When security is managed at a central point in an organization






37. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






38. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.






39. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






40. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






41. Threat to physical security.






42. Software designed to infiltrate or damage a computer system - without the owner's consent.






43. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






44. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






45. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






46. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






47. A network that mimics the brain






48. A network that uses proprietary protocols






49. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






50. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec