Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A network that mimics the brain






2. Occupant Emergency Plan - Employees are the most important!






3. An instance of a scripting language






4. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






5. Dialing fixed sets telephone numbers looking for open modem connections to machines






6. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






7. Something used to put out a fire. Can be in Classes A - B - C - D - or H






8. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






9. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses






10. A war dialing utility






11. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






12. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






13. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






14. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






15. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






16. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






17. White hat l0pht






18. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






19. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






20. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






21. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






22. Setting up the user to access the honeypot for reasons other than the intent to harm.






23. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






24. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






25. Internet Architecture Board. This board is responsible for protecting the Internet.






26. Once authenticated - the level of access you have to a system






27. Network devices that operate at layer 3. This device separates broadcast domains.






28. Method of authenticating to a system. Something that you supply and something you know.






29. Relating to quality or kind. This assigns a level of importance to something.






30. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






31. Also known as a tunnel)






32. Also civil law






33. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






34. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






35. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






36. After implementing countermeasures - accepting risk for the amount of vulnerability left over






37. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






38. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






39. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






40. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






41. Emanations from one wire coupling with another wire






42. The frequency with which a threat is expected to occur.






43. In the broadest sense - a fraud is a deception made for personal gain






44. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






45. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






46. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






47. Common Object Request Broker Architecture.






48. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






49. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






50. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste