Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The art of breaking code. Testing the strength of an algorithm.






2. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






3. Also known as a tunnel)






4. The person that controls access to the data






5. Using ICMP to diagram a network






6. A hidden communications channel on a system that allows for the bypassing of the system security policy






7. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






8. Also civil law






9. Someone who hacks






10. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






11. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






12. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






13. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






14. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






15. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






16. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






17. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






18. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






19. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






20. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






21. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






22. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






23. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






24. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






25. This is an open international standard for applications that use wireless communications.






26. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






27. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






28. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses






29. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






30. Computer Incident Response Team






31. Jumping into dumpsters to retrieve information about someone/something/a company






32. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






33. Making individuals accountable for their actions on a system typically through the use of auditing






34. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






35. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






36. Involving the measurement of quantity or amount.






37. In the broadest sense - a fraud is a deception made for personal gain






38. Assuming someone's session who is unaware of what you are doing






39. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






40. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor






41. A network that uses standard protocols (TCP/IP)






42. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe






43. Reasonable doubt






44. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






45. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






46. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






47. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






48. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






49. After implementing countermeasures - accepting risk for the amount of vulnerability left over






50. Internet Relay Chat.