Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






2. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






3. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






4. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






5. Providing verification to a system






6. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






7. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






8. A network that uses proprietary protocols






9. A war dialing utility






10. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






11. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i






12. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






13. Method of authenticating to a system. Something that you supply and something you know.






14. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






15. A network that uses standard protocols (TCP/IP)






16. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






17. Animals with teeth. Not as discriminate as guards






18. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






19. CISSPs subscribe to a code of ethics for building up the security profession






20. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






21. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






22. Confidentiality - Integrity - and Availability






23. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






24. After implementing countermeasures - accepting risk for the amount of vulnerability left over






25. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






26. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






27. A RFC standard. A mechanism for performing commands on a remote system






28. Basic Input/Output System






29. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






30. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






31. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






32. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






33. When two or more processes are linked and execute multiple programs simultaneously






34. Continuation of Operations Plan






35. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






36. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






37. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






38. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






39. In the broadest sense - a fraud is a deception made for personal gain






40. Closed Circuit Television






41. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






42. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






43. These can be used to verify that public keys belong to certain individuals.






44. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






45. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






46. These viruses usually infect both boot records and files.






47. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






48. Relating to quality or kind. This assigns a level of importance to something.






49. Internet Relay Chat.






50. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.