Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Chief Executive Officer






2. In cryptography - it is a block cipher






3. Access control method for database based on the content of the database to provide granular access






4. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






5. This is an open international standard for applications that use wireless communications.






6. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






7. This factor represents a measure of the magnitude of loss or impact on the value of an asset.






8. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






9. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






10. Software designed to infiltrate or damage a computer system - without the owner's consent.






11. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






12. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






13. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






14. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






15. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






16. Also known as a tunnel)






17. The person that controls access to the data






18. A network that mimics the brain






19. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






20. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






21. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






22. A mechanism by which connections to TCP services on a system are allowed or disallowed






23. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






24. Chief Information Officer






25. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






26. Distributed Component Object Model. Microsoft's implementation of CORBA.






27. The process of reducing your risks to an acceptable level based on your risk analysis






28. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






29. When one key of a two-key pair has more encryption pattern than the other






30. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






31. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






32. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






33. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






34. Defines the objects and their attributes that exist in a database.






35. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






36. A site that has some equipment in place - and can be up within days






37. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






38. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






39. Enticing people to hit your honeypot to see how they try to access your system.






40. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor






41. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






42. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






43. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






44. Involving the measurement of quantity or amount.






45. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.






46. Signal degradation as it moves farther from its source






47. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






48. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






49. 'If you cant see it - its secure'. Bad policy to live by.






50. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.