Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






2. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






3. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






4. Network Address Translation






5. Someone who hacks






6. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






7. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.






8. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






9. Emanations from one wire coupling with another wire






10. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






11. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






12. Confidentiality - Integrity - and Availability






13. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






14. Component Object Model.






15. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






16. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






17. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






18. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






19. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






20. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






21. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






22. 'If you cant see it - its secure'. Bad policy to live by.






23. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






24. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






25. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






26. A network that uses standard protocols (TCP/IP)






27. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






28. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






29. A RFC standard. A mechanism for performing commands on a remote system






30. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






31. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






32. The act of identifying yourself. Providing your identity to a system






33. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






34. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






35. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






36. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






37. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






38. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






39. Encompasses Risk Analysis and Risk Mitigation






40. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






41. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






42. A card that holds information that must be authenticated to before it can reveal the information that it is holding






43. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






44. Also civil law






45. Dialing fixed sets telephone numbers looking for open modem connections to machines






46. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






47. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






48. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






49. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






50. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.