Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Be at least 8 foot tall and have three strands of barbed wire.






2. Someone whose hacking is primarily targeted at the phone systems






3. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






4. The intercepting of conversations by unintended recipients






5. Transferring your risk to someone else - typically an insurance company






6. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






7. Basic Input/Output System






8. Enticing people to hit your honeypot to see how they try to access your system.






9. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






10. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






11. In the broadest sense - a fraud is a deception made for personal gain






12. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






13. The output of a hash function is a digest.






14. Motivational tools for employee awareness to get them to report security flaws in an organization






15. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






16. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






17. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






18. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






19. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






20. The real cost of acquiring/maintaining/developing a system






21. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






22. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






23. Network Address Translation






24. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






25. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






26. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






27. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






28. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






29. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






30. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






31. A card that holds information that must be authenticated to before it can reveal the information that it is holding






32. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






33. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






34. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






35. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






36. Personal - Network - and Application






37. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






38. The user






39. The ability to have more than one thread associated with a process






40. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






41. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






42. The art of breaking code. Testing the strength of an algorithm.






43. Making individuals accountable for their actions on a system typically through the use of auditing






44. 'If you cant see it - its secure'. Bad policy to live by.






45. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






46. Access control method for database based on the content of the database to provide granular access






47. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






48. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






49. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






50. Jumping into dumpsters to retrieve information about someone/something/a company