Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






2. Basic Input/Output System






3. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






4. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






5. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






6. Someone whose hacking is primarily targeted at the phone systems






7. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






8. Repeats the signal. It amplifies the signal before sending it on.






9. Confidentiality - Integrity - and Availability






10. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






11. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






12. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






13. A network that uses standard protocols (TCP/IP)






14. Rolling command center with UPS - satellite - uplink - power - etc.






15. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






16. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






17. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






18. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






19. Good for distance - longer than 100M






20. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






21. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






22. Relating to quality or kind. This assigns a level of importance to something.






23. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






24. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






25. CISSPs subscribe to a code of ethics for building up the security profession






26. Personal - Network - and Application






27. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






28. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






29. Setting up the user to access the honeypot for reasons other than the intent to harm.






30. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






31. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






32. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






33. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






34. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.






35. Computer Incident Response Team






36. Using ICMP to diagram a network






37. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






38. Involving the measurement of quantity or amount.






39. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






40. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






41. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






42. Providing verification to a system






43. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






44. In the broadest sense - a fraud is a deception made for personal gain






45. After implementing countermeasures - accepting risk for the amount of vulnerability left over






46. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






47. Internet Relay Chat.






48. Must be in place for you to use a biometric system






49. Software designed to infiltrate or damage a computer system - without the owner's consent.






50. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.