Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






2. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






3. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






4. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






5. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






6. Making individuals accountable for their actions on a system typically through the use of auditing






7. The art of breaking code. Testing the strength of an algorithm.






8. Same as a block cipher except that it is applied to a data stream one bit at a time






9. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






10. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






11. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






12. Closed Circuit Television






13. The frequency with which a threat is expected to occur.






14. Jumping into dumpsters to retrieve information about someone/something/a company






15. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.






16. When security is managed at a central point in an organization






17. Personal - Network - and Application






18. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






19. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






20. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






21. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






22. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






23. Random Number Base






24. When one key of a two-key pair has more encryption pattern than the other






25. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






26. These viruses usually infect both boot records and files.






27. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






28. A network that uses proprietary protocols






29. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






30. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






31. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






32. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time






33. Data storage formats and equipment that allow the stored data to be accessed in any order






34. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






35. The ability to have more than one thread associated with a process






36. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






37. These can be used to verify that public keys belong to certain individuals.






38. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






39. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






40. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






41. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






42. A site that has some equipment in place - and can be up within days






43. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






44. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






45. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






46. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






47. 'If you cant see it - its secure'. Bad policy to live by.






48. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






49. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






50. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.