Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






2. Signal degradation as it moves farther from its source






3. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






4. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






5. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






6. Chief Executive Officer






7. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






8. Using ICMP to diagram a network






9. Access control method for database based on the content of the database to provide granular access






10. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






11. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






12. Defines the objects and their attributes that exist in a database.






13. CISSPs subscribe to a code of ethics for building up the security profession






14. White hat l0pht






15. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.






16. In cryptography - it is a block cipher






17. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






18. The intercepting of conversations by unintended recipients






19. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






20. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






21. Public Key Infrastructure






22. Internet Relay Chat.






23. The ability to have more than one thread associated with a process






24. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






25. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






26. A RFC standard. A mechanism for performing commands on a remote system






27. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






28. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






29. Common Object Request Broker Architecture.






30. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






31. When security is managed at many different points in an organization






32. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






33. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.






34. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






35. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






36. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






37. Entails planning and system actions to ensure that a project is following good quality management practices






38. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






39. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






40. Making individuals accountable for their actions on a system typically through the use of auditing






41. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses






42. Providing verification to a system






43. The real cost of acquiring/maintaining/developing a system






44. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






45. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






46. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






47. A hidden communications channel on a system that allows for the bypassing of the system security policy






48. The person that determines the permissions to files. The data owner.






49. In the broadest sense - a fraud is a deception made for personal gain






50. Also civil law