Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An instance of a scripting language






2. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






3. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.






4. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






5. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






6. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






7. The act of identifying yourself. Providing your identity to a system






8. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






9. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






10. Also known as a tunnel)






11. Scanning the airwaves for radio transmissions






12. Component Object Model.






13. Threat to physical security.






14. A military standard defining controls for emanation protection






15. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






16. These viruses usually infect both boot records and files.






17. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






18. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






19. A network entity that provides a single entrance / exit point to the Internet.






20. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






21. To not be legal (as far as law is concerned) or ethical






22. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






23. Encompasses Risk Analysis and Risk Mitigation






24. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






25. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






26. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






27. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






28. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






29. Basic Input/Output System






30. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






31. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






32. Something used to put out a fire. Can be in Classes A - B - C - D - or H






33. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






34. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






35. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






36. A network that uses standard protocols (TCP/IP)






37. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






38. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






39. Also civil law






40. Using ICMP to diagram a network






41. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






42. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






43. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






44. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






45. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






46. Involving the measurement of quantity or amount.






47. Be at least 8 foot tall and have three strands of barbed wire.






48. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






49. These can be used to verify that public keys belong to certain individuals.






50. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.