Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The intercepting of conversations by unintended recipients






2. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






3. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






4. A military standard defining controls for emanation protection






5. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






6. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






7. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






8. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






9. Animals with teeth. Not as discriminate as guards






10. In the broadest sense - a fraud is a deception made for personal gain






11. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






12. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






13. Also known as a tunnel)






14. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






15. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






16. Method of authenticating to a system. Something that you supply and something you know.






17. Making individuals accountable for their actions on a system typically through the use of auditing






18. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.






19. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






20. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






21. Involving the measurement of quantity or amount.






22. Relating to quality or kind. This assigns a level of importance to something.






23. Common Object Request Broker Architecture.






24. Basic Input/Output System






25. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






26. Internet Relay Chat.






27. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






28. Public Key Infrastructure






29. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






30. 'If you cant see it - its secure'. Bad policy to live by.






31. Entails planning and system actions to ensure that a project is following good quality management practices






32. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






33. Random Number Base






34. The process of reducing your risks to an acceptable level based on your risk analysis






35. Network device that operates at layer 1. Concentrator.






36. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






37. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






38. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






39. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






40. Jumping into dumpsters to retrieve information about someone/something/a company






41. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






42. Good for distance - longer than 100M






43. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






44. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






45. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






46. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






47. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






48. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






49. Software designed to infiltrate or damage a computer system - without the owner's consent.






50. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.