Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A network that uses proprietary protocols






2. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






3. When two or more processes are linked and execute multiple programs simultaneously






4. The process of reducing your risks to an acceptable level based on your risk analysis






5. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






6. Jumping into dumpsters to retrieve information about someone/something/a company






7. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






8. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






9. Motivational tools for employee awareness to get them to report security flaws in an organization






10. Something used to put out a fire. Can be in Classes A - B - C - D - or H






11. Computer Incident Response Team






12. Network Address Translation






13. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.






14. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






15. Distributed Component Object Model. Microsoft's implementation of CORBA.






16. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






17. In cryptography - it is a block cipher






18. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






19. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






20. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






21. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






22. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






23. Access control method for database based on the content of the database to provide granular access






24. A technique to eliminate data redundancy.






25. When one key of a two-key pair has more encryption pattern than the other






26. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






27. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






28. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






29. Once authenticated - the level of access you have to a system






30. Chief Information Officer






31. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






32. This factor represents a measure of the magnitude of loss or impact on the value of an asset.






33. Continuation of Operations Plan






34. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






35. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time






36. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






37. Repeats the signal. It amplifies the signal before sending it on.






38. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






39. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






40. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






41. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






42. Encompasses Risk Analysis and Risk Mitigation






43. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






44. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work






45. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






46. Good for distance - longer than 100M






47. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






48. An attempt to trick the system into believing that something false is real






49. After implementing countermeasures - accepting risk for the amount of vulnerability left over






50. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.