Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






2. Defines the objects and their attributes that exist in a database.






3. Accepting all packets






4. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






5. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






6. Providing verification to a system






7. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






8. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






9. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.






10. Jumping into dumpsters to retrieve information about someone/something/a company






11. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






12. Continuation of Operations Plan






13. A network entity that provides a single entrance / exit point to the Internet.






14. When security is managed at many different points in an organization






15. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






16. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






17. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe






18. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






19. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






20. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






21. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






22. The ability to have more than one thread associated with a process






23. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






24. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






25. Method of authenticating to a system. Something that you supply and something you know.






26. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






27. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






28. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






29. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






30. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






31. This factor represents a measure of the magnitude of loss or impact on the value of an asset.






32. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






33. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






34. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






35. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






36. Network devices that operate at layer 3. This device separates broadcast domains.






37. The process of reducing your risks to an acceptable level based on your risk analysis






38. A site that is ready physically but has no hardware in place - all it has is HVAC






39. The output of a hash function is a digest.






40. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






41. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






42. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






43. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






44. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






45. Setting up the user to access the honeypot for reasons other than the intent to harm.






46. Network device that operates at layer 1. Concentrator.






47. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






48. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






49. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






50. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.