Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






2. Continuation of Operations Plan






3. When security is managed at a central point in an organization






4. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






5. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






6. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






7. Providing verification to a system






8. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






9. Random Number Base






10. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






11. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






12. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






13. These can be used to verify that public keys belong to certain individuals.






14. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






15. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






16. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






17. The frequency with which a threat is expected to occur.






18. Dynamic Host Configuration Protocol.






19. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






20. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






21. A network entity that provides a single entrance / exit point to the Internet.






22. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






23. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






24. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






25. These viruses usually infect both boot records and files.






26. Reasonable doubt






27. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






28. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






29. Network device that operates at layer 1. Concentrator.






30. Scanning the airwaves for radio transmissions






31. An attempt to trick the system into believing that something false is real






32. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






33. When two or more processes are linked and execute multiple programs simultaneously






34. Object Linking and Embedding. The ability of an object to be embedded into another object.






35. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






36. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






37. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






38. This is an open international standard for applications that use wireless communications.






39. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






40. A mechanism by which connections to TCP services on a system are allowed or disallowed






41. The user






42. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






43. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






44. Also civil law






45. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






46. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






47. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






48. A network that uses proprietary protocols






49. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






50. False Acceptance Rate - False Rejection Rate - Crossover Error Rate