Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






2. When two or more processes are linked and execute multiple programs simultaneously






3. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






4. The frequency with which a threat is expected to occur.






5. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






6. Occupant Emergency Plan - Employees are the most important!






7. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






8. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






9. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






10. When security is managed at a central point in an organization






11. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






12. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






13. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






14. Random Number Base






15. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






16. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






17. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






18. In cryptography - it is a block cipher






19. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






20. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






21. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor






22. Access control method for database based on the content of the database to provide granular access






23. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






24. A card that holds information that must be authenticated to before it can reveal the information that it is holding






25. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






26. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






27. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






28. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






29. 'If you cant see it - its secure'. Bad policy to live by.






30. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






31. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






32. Scanning the airwaves for radio transmissions






33. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






34. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






35. Network Address Translation






36. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






37. These can be used to verify that public keys belong to certain individuals.






38. Internet Architecture Board. This board is responsible for protecting the Internet.






39. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






40. Once authenticated - the level of access you have to a system






41. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






42. In the broadest sense - a fraud is a deception made for personal gain






43. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






44. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






45. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






46. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.






47. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






48. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






49. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.






50. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests