Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






2. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






3. The real cost of acquiring/maintaining/developing a system






4. Using ICMP to diagram a network






5. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






6. A card that holds information that must be authenticated to before it can reveal the information that it is holding






7. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






8. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






9. Providing verification to a system






10. The person that determines the permissions to files. The data owner.






11. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






12. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






13. A network that uses standard protocols (TCP/IP)






14. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






15. Relating to quality or kind. This assigns a level of importance to something.






16. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






17. Common Object Request Broker Architecture.






18. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






19. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






20. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






21. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






22. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






23. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






24. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






25. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






26. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






27. The process of reducing your risks to an acceptable level based on your risk analysis






28. The user






29. Internet Relay Chat.






30. An instance of a scripting language






31. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






32. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






33. To not be legal (as far as law is concerned) or ethical






34. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






35. Something used to put out a fire. Can be in Classes A - B - C - D - or H






36. When security is managed at a central point in an organization






37. Closed Circuit Television






38. Personal - Network - and Application






39. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






40. Dynamic Host Configuration Protocol.






41. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






42. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






43. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






44. In a separation of duties model - this is where code is checked in and out






45. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






46. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






47. A network that uses proprietary protocols






48. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






49. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






50. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network