Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






2. Motive - Opportunity - and Means. These deal with crime.






3. Dialing fixed sets telephone numbers looking for open modem connections to machines






4. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






5. Object Linking and Embedding. The ability of an object to be embedded into another object.






6. To not be legal (as far as law is concerned) or ethical






7. Be at least 8 foot tall and have three strands of barbed wire.






8. Threat to physical security.






9. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






10. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






11. Software designed to infiltrate or damage a computer system - without the owner's consent.






12. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






13. The art of breaking code. Testing the strength of an algorithm.






14. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






15. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






16. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






17. The output of a hash function is a digest.






18. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






19. Network device that operates at layer 1. Concentrator.






20. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






21. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






22. An attempt to trick the system into believing that something false is real






23. Entails planning and system actions to ensure that a project is following good quality management practices






24. The person that determines the permissions to files. The data owner.






25. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






26. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






27. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






28. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






29. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






30. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






31. Assuming someone's session who is unaware of what you are doing






32. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






33. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






34. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i






35. When one key of a two-key pair has more encryption pattern than the other






36. The user






37. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






38. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






39. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






40. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






41. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






42. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






43. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






44. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






45. Jumping into dumpsters to retrieve information about someone/something/a company






46. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






47. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






48. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






49. Providing verification to a system






50. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.