Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






2. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






3. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






4. A technique to eliminate data redundancy.






5. Someone who hacks






6. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






7. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






8. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






9. Method of authenticating to a system. Something that you supply and something you know.






10. This is an open international standard for applications that use wireless communications.






11. Relating to quality or kind. This assigns a level of importance to something.






12. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






13. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






14. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






15. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






16. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






17. The practice of obtaining confidential information by manipulation of legitimate users.






18. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






19. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






20. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






21. A card that holds information that must be authenticated to before it can reveal the information that it is holding






22. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






23. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






24. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






25. The art of breaking code. Testing the strength of an algorithm.






26. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






27. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






28. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time






29. Involving the measurement of quantity or amount.






30. A mechanism by which connections to TCP services on a system are allowed or disallowed






31. The intercepting of conversations by unintended recipients






32. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






33. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






34. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






35. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






36. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






37. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






38. Repeats the signal. It amplifies the signal before sending it on.






39. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






40. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






41. Object Linking and Embedding. The ability of an object to be embedded into another object.






42. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






43. White hat l0pht






44. Enticing people to hit your honeypot to see how they try to access your system.






45. A network entity that provides a single entrance / exit point to the Internet.






46. Data storage formats and equipment that allow the stored data to be accessed in any order






47. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






48. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






49. Signal degradation as it moves farther from its source






50. The real cost of acquiring/maintaining/developing a system