Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






2. The ability to have more than one thread associated with a process






3. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






4. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






5. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






6. The person that controls access to the data






7. A hidden communications channel on a system that allows for the bypassing of the system security policy






8. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






9. Basic Input/Output System






10. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






11. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






12. When security is managed at many different points in an organization






13. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






14. CISSPs subscribe to a code of ethics for building up the security profession






15. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






16. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






17. Transferring your risk to someone else - typically an insurance company






18. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






19. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






20. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






21. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






22. A card that holds information that must be authenticated to before it can reveal the information that it is holding






23. Also civil law






24. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






25. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






26. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






27. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe






28. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






29. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






30. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






31. Data storage formats and equipment that allow the stored data to be accessed in any order






32. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






33. Computer Incident Response Team






34. White hat l0pht






35. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






36. Access control method for database based on the content of the database to provide granular access






37. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work






38. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






39. The person that determines the permissions to files. The data owner.






40. Enticing people to hit your honeypot to see how they try to access your system.






41. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






42. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






43. A military standard defining controls for emanation protection






44. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






45. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






46. Someone who hacks






47. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






48. The practice of obtaining confidential information by manipulation of legitimate users.






49. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






50. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user