Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






2. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






3. Enticing people to hit your honeypot to see how they try to access your system.






4. Transferring your risk to someone else - typically an insurance company






5. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






6. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






7. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






8. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






9. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






10. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






11. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






12. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






13. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






14. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






15. Repeats the signal. It amplifies the signal before sending it on.






16. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






17. Emanations from one wire coupling with another wire






18. A site that has some equipment in place - and can be up within days






19. Must be in place for you to use a biometric system






20. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






21. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






22. Be at least 8 foot tall and have three strands of barbed wire.






23. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






24. An instance of a scripting language






25. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






26. A network entity that provides a single entrance / exit point to the Internet.






27. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






28. The user






29. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






30. Scanning the airwaves for radio transmissions






31. When security is managed at many different points in an organization






32. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






33. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






34. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






35. Confidentiality - Integrity - and Availability






36. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






37. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






38. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






39. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






40. The art of breaking code. Testing the strength of an algorithm.






41. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






42. The intercepting of conversations by unintended recipients






43. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






44. Internet Relay Chat.






45. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






46. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






47. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






48. Someone whose hacking is primarily targeted at the phone systems






49. Reasonable doubt






50. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.