Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






2. Providing verification to a system






3. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.






4. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






5. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






6. A network that uses standard protocols (TCP/IP)






7. A system designed to stop piggybacking.






8. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






9. CISSPs subscribe to a code of ethics for building up the security profession






10. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






11. A hidden communications channel on a system that allows for the bypassing of the system security policy






12. Someone who hacks






13. Scanning the airwaves for radio transmissions






14. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






15. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






16. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






17. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






18. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






19. The person that controls access to the data






20. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.






21. Animals with teeth. Not as discriminate as guards






22. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






23. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






24. Involving the measurement of quantity or amount.






25. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






26. Dialing fixed sets telephone numbers looking for open modem connections to machines






27. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses






28. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






29. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






30. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






31. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






32. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






33. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






34. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






35. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






36. Assuming someone's session who is unaware of what you are doing






37. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






38. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.






39. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






40. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






41. Internet Architecture Board. This board is responsible for protecting the Internet.






42. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






43. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






44. The ability to have more than one thread associated with a process






45. These viruses usually infect both boot records and files.






46. A site that is ready physically but has no hardware in place - all it has is HVAC






47. Disclosure - Alteration - Destruction. These things break the CIA triad






48. Network device that operates at layer 1. Concentrator.






49. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






50. The act of identifying yourself. Providing your identity to a system