Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






2. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work






3. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






4. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






5. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






6. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






7. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






8. Access control method for database based on the content of the database to provide granular access






9. Assuming someone's session who is unaware of what you are doing






10. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






11. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






12. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time






13. CISSPs subscribe to a code of ethics for building up the security profession






14. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






15. Network Address Translation






16. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






17. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






18. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






19. Entails planning and system actions to ensure that a project is following good quality management practices






20. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






21. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






22. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






23. A network that uses standard protocols (TCP/IP)






24. The person that determines the permissions to files. The data owner.






25. The output of a hash function is a digest.






26. Data storage formats and equipment that allow the stored data to be accessed in any order






27. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






28. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






29. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






30. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






31. Common Object Request Broker Architecture.






32. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






33. The practice of obtaining confidential information by manipulation of legitimate users.






34. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






35. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






36. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






37. Signal degradation as it moves farther from its source






38. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






39. A war dialing utility






40. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






41. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






42. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






43. A technique to eliminate data redundancy.






44. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






45. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






46. The ability to have more than one thread associated with a process






47. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






48. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






49. Basic Input/Output System






50. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.