Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






2. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






3. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






4. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






5. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






6. A gas used in fire suppression. Not human safe. Chemical reaction.






7. A hidden communications channel on a system that allows for the bypassing of the system security policy






8. Entails planning and system actions to ensure that a project is following good quality management practices






9. A card that holds information that must be authenticated to before it can reveal the information that it is holding






10. The output of a hash function is a digest.






11. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






12. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






13. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






14. The person that determines the permissions to files. The data owner.






15. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






16. Internet Relay Chat.






17. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






18. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






19. More discriminate than dogs






20. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor






21. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






22. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






23. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






24. Repeats the signal. It amplifies the signal before sending it on.






25. The real cost of acquiring/maintaining/developing a system






26. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






27. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.






28. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






29. Once authenticated - the level of access you have to a system






30. A network entity that provides a single entrance / exit point to the Internet.






31. The frequency with which a threat is expected to occur.






32. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






33. In a separation of duties model - this is where code is checked in and out






34. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






35. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






36. Dynamic Host Configuration Protocol.






37. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






38. Chief Information Officer






39. Disclosure - Alteration - Destruction. These things break the CIA triad






40. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






41. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






42. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe






43. When security is managed at many different points in an organization






44. Must be in place for you to use a biometric system






45. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.






46. The intercepting of conversations by unintended recipients






47. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






48. A military standard defining controls for emanation protection






49. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






50. Setting up the user to access the honeypot for reasons other than the intent to harm.