Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Occupant Emergency Plan - Employees are the most important!






2. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






3. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






4. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






5. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






6. Also known as a tunnel)






7. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






8. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






9. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






10. Computer Incident Response Team






11. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






12. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






13. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






14. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






15. Random Number Base






16. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






17. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






18. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






19. Jumping into dumpsters to retrieve information about someone/something/a company






20. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






21. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.






22. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






23. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






24. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






25. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






26. Chief Information Officer






27. A hidden communications channel on a system that allows for the bypassing of the system security policy






28. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






29. Component Object Model.






30. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






31. The output of a hash function is a digest.






32. Relating to quality or kind. This assigns a level of importance to something.






33. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






34. In cryptography - it is a block cipher






35. The intercepting of conversations by unintended recipients






36. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






37. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






38. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






39. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.






40. A network that uses standard protocols (TCP/IP)






41. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






42. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






43. Assuming someone's session who is unaware of what you are doing






44. Someone who hacks






45. Internet Architecture Board. This board is responsible for protecting the Internet.






46. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






47. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






48. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






49. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses






50. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.