Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






2. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






3. Encompasses Risk Analysis and Risk Mitigation






4. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






5. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






6. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






7. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






8. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






9. A mechanism by which connections to TCP services on a system are allowed or disallowed






10. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.






11. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






12. Disclosure - Alteration - Destruction. These things break the CIA triad






13. Computer Incident Response Team






14. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






15. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






16. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






17. Distributed Component Object Model. Microsoft's implementation of CORBA.






18. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






19. Entails planning and system actions to ensure that a project is following good quality management practices






20. Providing verification to a system






21. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






22. To not be legal (as far as law is concerned) or ethical






23. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






24. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






25. Motivational tools for employee awareness to get them to report security flaws in an organization






26. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






27. The person that controls access to the data






28. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






29. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






30. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






31. Scanning the airwaves for radio transmissions






32. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






33. White hat l0pht






34. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






35. A card that holds information that must be authenticated to before it can reveal the information that it is holding






36. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






37. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time






38. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






39. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






40. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






41. CISSPs subscribe to a code of ethics for building up the security profession






42. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






43. A sandbox. Emulates an operating environment.






44. In a separation of duties model - this is where code is checked in and out






45. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






46. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






47. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






48. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.






49. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






50. A war dialing utility