Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The practice of obtaining confidential information by manipulation of legitimate users.






2. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






3. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






4. Access control method for database based on the content of the database to provide granular access






5. A hidden communications channel on a system that allows for the bypassing of the system security policy






6. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






7. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






8. Basic Input/Output System






9. Also known as a tunnel)






10. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






11. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






12. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






13. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






14. The art of breaking code. Testing the strength of an algorithm.






15. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.






16. CISSPs subscribe to a code of ethics for building up the security profession






17. The user






18. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






19. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






20. An attempt to trick the system into believing that something false is real






21. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






22. In the broadest sense - a fraud is a deception made for personal gain






23. Public Key Infrastructure






24. Assuming someone's session who is unaware of what you are doing






25. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






26. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






27. Once authenticated - the level of access you have to a system






28. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






29. Using ICMP to diagram a network






30. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






31. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






32. Random Number Base






33. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






34. Network Address Translation






35. A network that mimics the brain






36. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






37. The ability to have more than one thread associated with a process






38. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






39. Also civil law






40. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






41. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






42. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






43. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






44. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






45. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






46. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






47. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






48. Accepting all packets






49. Scanning the airwaves for radio transmissions






50. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe