Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






2. The intercepting of conversations by unintended recipients






3. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






4. The real cost of acquiring/maintaining/developing a system






5. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






6. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






7. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






8. When two or more processes are linked and execute multiple programs simultaneously






9. Encompasses Risk Analysis and Risk Mitigation






10. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






11. When security is managed at a central point in an organization






12. Method of authenticating to a system. Something that you supply and something you know.






13. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






14. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






15. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






16. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






17. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






18. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






19. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






20. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






21. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






22. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






23. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






24. The process of reducing your risks to an acceptable level based on your risk analysis






25. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






26. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






27. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






28. These can be used to verify that public keys belong to certain individuals.






29. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






30. A mechanism by which connections to TCP services on a system are allowed or disallowed






31. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






32. Dialing fixed sets telephone numbers looking for open modem connections to machines






33. After implementing countermeasures - accepting risk for the amount of vulnerability left over






34. Continuation of Operations Plan






35. Network device that operates at layer 1. Concentrator.






36. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






37. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






38. A network that uses standard protocols (TCP/IP)






39. Involving the measurement of quantity or amount.






40. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






41. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






42. A site that has some equipment in place - and can be up within days






43. Basic Input/Output System






44. Ethernet - Cat5 - Twisted to allow for longer runs.






45. Occupant Emergency Plan - Employees are the most important!






46. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






47. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






48. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






49. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






50. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.