Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






2. A system designed to stop piggybacking.






3. Rolling command center with UPS - satellite - uplink - power - etc.






4. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






5. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






6. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






7. The frequency with which a threat is expected to occur.






8. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






9. Computer Incident Response Team






10. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






11. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






12. When security is managed at many different points in an organization






13. A war dialing utility






14. Also civil law






15. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






16. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






17. Involving the measurement of quantity or amount.






18. Something used to put out a fire. Can be in Classes A - B - C - D - or H






19. To not be legal (as far as law is concerned) or ethical






20. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






21. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






22. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






23. Accepting all packets






24. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






25. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






26. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






27. Using ICMP to diagram a network






28. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






29. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






30. Entails planning and system actions to ensure that a project is following good quality management practices






31. Scanning the airwaves for radio transmissions






32. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






33. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






34. A military standard defining controls for emanation protection






35. Basic Input/Output System






36. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






37. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






38. This factor represents a measure of the magnitude of loss or impact on the value of an asset.






39. Once authenticated - the level of access you have to a system






40. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






41. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






42. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






43. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






44. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






45. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






46. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






47. These viruses usually infect both boot records and files.






48. Public Key Infrastructure






49. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






50. A network that mimics the brain