Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Method of authenticating to a system. Something that you supply and something you know.






2. Chief Executive Officer






3. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






4. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






5. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






6. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






7. Animals with teeth. Not as discriminate as guards






8. In the broadest sense - a fraud is a deception made for personal gain






9. Object Linking and Embedding. The ability of an object to be embedded into another object.






10. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






11. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






12. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






13. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






14. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






15. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






16. Someone who hacks






17. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






18. Dialing fixed sets telephone numbers looking for open modem connections to machines






19. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






20. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






21. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






22. The frequency with which a threat is expected to occur.






23. A RFC standard. A mechanism for performing commands on a remote system






24. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






25. Relating to quality or kind. This assigns a level of importance to something.






26. Also known as a tunnel)






27. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






28. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






29. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






30. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






31. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






32. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






33. A mechanism by which connections to TCP services on a system are allowed or disallowed






34. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






35. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






36. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






37. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






38. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






39. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






40. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






41. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






42. Dynamic Host Configuration Protocol.






43. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






44. Data storage formats and equipment that allow the stored data to be accessed in any order






45. This is an open international standard for applications that use wireless communications.






46. To not be legal (as far as law is concerned) or ethical






47. Be at least 8 foot tall and have three strands of barbed wire.






48. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






49. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






50. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.