Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






2. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






3. When one key of a two-key pair has more encryption pattern than the other






4. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






5. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i






6. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






7. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






8. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor






9. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






10. Accepting all packets






11. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






12. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






13. Disclosure - Alteration - Destruction. These things break the CIA triad






14. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






15. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






16. Entails planning and system actions to ensure that a project is following good quality management practices






17. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






18. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






19. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






20. A sandbox. Emulates an operating environment.






21. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






22. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






23. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






24. Involving the measurement of quantity or amount.






25. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






26. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






27. Distributed Component Object Model. Microsoft's implementation of CORBA.






28. Closed Circuit Television






29. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






30. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work






31. A card that holds information that must be authenticated to before it can reveal the information that it is holding






32. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






33. Be at least 8 foot tall and have three strands of barbed wire.






34. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






35. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






36. Transferring your risk to someone else - typically an insurance company






37. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






38. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






39. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






40. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






41. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






42. Access control method for database based on the content of the database to provide granular access






43. Personal - Network - and Application






44. Repeats the signal. It amplifies the signal before sending it on.






45. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






46. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






47. The ability to have more than one thread associated with a process






48. The act of identifying yourself. Providing your identity to a system






49. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






50. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.