Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






2. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






3. To not be legal (as far as law is concerned) or ethical






4. These can be used to verify that public keys belong to certain individuals.






5. The person that determines the permissions to files. The data owner.






6. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






7. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






8. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






9. The output of a hash function is a digest.






10. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






11. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






12. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






13. Network devices that operate at layer 3. This device separates broadcast domains.






14. An attempt to trick the system into believing that something false is real






15. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






16. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






17. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






18. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






19. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






20. The intercepting of conversations by unintended recipients






21. Ethernet - Cat5 - Twisted to allow for longer runs.






22. Animals with teeth. Not as discriminate as guards






23. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






24. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






25. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






26. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






27. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






28. Making individuals accountable for their actions on a system typically through the use of auditing






29. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






30. A site that has some equipment in place - and can be up within days






31. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






32. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






33. Component Object Model.






34. A sandbox. Emulates an operating environment.






35. 'If you cant see it - its secure'. Bad policy to live by.






36. Public Key Infrastructure






37. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






38. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






39. An instance of a scripting language






40. A network that uses standard protocols (TCP/IP)






41. Providing verification to a system






42. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






43. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






44. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






45. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






46. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






47. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






48. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






49. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






50. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.