Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Rolling command center with UPS - satellite - uplink - power - etc.






2. After implementing countermeasures - accepting risk for the amount of vulnerability left over






3. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






4. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






5. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






6. Making individuals accountable for their actions on a system typically through the use of auditing






7. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






8. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






9. Personal - Network - and Application






10. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






11. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






12. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






13. Threat to physical security.






14. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






15. Signal degradation as it moves farther from its source






16. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






17. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






18. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






19. Setting up the user to access the honeypot for reasons other than the intent to harm.






20. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






21. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






22. When one key of a two-key pair has more encryption pattern than the other






23. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






24. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






25. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.






26. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






27. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






28. A military standard defining controls for emanation protection






29. A sandbox. Emulates an operating environment.






30. Motivational tools for employee awareness to get them to report security flaws in an organization






31. Scanning the airwaves for radio transmissions






32. CISSPs subscribe to a code of ethics for building up the security profession






33. Common Object Request Broker Architecture.






34. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






35. Motive - Opportunity - and Means. These deal with crime.






36. Good for distance - longer than 100M






37. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






38. Chief Information Officer






39. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






40. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






41. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






42. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






43. To not be legal (as far as law is concerned) or ethical






44. Defines the objects and their attributes that exist in a database.






45. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






46. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






47. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






48. The practice of obtaining confidential information by manipulation of legitimate users.






49. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






50. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req