Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The user






2. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






3. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






4. Internet Relay Chat.






5. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






6. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






7. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






8. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






9. Accepting all packets






10. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe






11. A site that has some equipment in place - and can be up within days






12. Component Object Model.






13. Chief Information Officer






14. A military standard defining controls for emanation protection






15. Must be in place for you to use a biometric system






16. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






17. Reasonable doubt






18. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






19. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






20. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






21. Confidentiality - Integrity - and Availability






22. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






23. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






24. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






25. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






26. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






27. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






28. Data storage formats and equipment that allow the stored data to be accessed in any order






29. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






30. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






31. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






32. In cryptography - it is a block cipher






33. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






34. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






35. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






36. Jumping into dumpsters to retrieve information about someone/something/a company






37. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






38. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






39. Network devices that operate at layer 3. This device separates broadcast domains.






40. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






41. Method of authenticating to a system. Something that you supply and something you know.






42. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






43. An instance of a scripting language






44. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.






45. Dialing fixed sets telephone numbers looking for open modem connections to machines






46. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






47. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






48. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






49. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






50. A network that uses proprietary protocols