Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Animals with teeth. Not as discriminate as guards






2. To not be legal (as far as law is concerned) or ethical






3. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






4. Enticing people to hit your honeypot to see how they try to access your system.






5. White hat l0pht






6. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






7. When two or more processes are linked and execute multiple programs simultaneously






8. Assuming someone's session who is unaware of what you are doing






9. A card that holds information that must be authenticated to before it can reveal the information that it is holding






10. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






11. Same as a block cipher except that it is applied to a data stream one bit at a time






12. A network that uses standard protocols (TCP/IP)






13. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






14. Setting up the user to access the honeypot for reasons other than the intent to harm.






15. This is an open international standard for applications that use wireless communications.






16. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






17. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






18. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






19. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






20. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






21. A mechanism by which connections to TCP services on a system are allowed or disallowed






22. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






23. Must be in place for you to use a biometric system






24. The act of identifying yourself. Providing your identity to a system






25. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






26. The output of a hash function is a digest.






27. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






28. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






29. Public Key Infrastructure






30. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






31. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






32. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses






33. Dynamic Host Configuration Protocol.






34. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






35. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






36. In cryptography - it is a block cipher






37. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.






38. Common Object Request Broker Architecture.






39. Method of authenticating to a system. Something that you supply and something you know.






40. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






41. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






42. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






43. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






44. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






45. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






46. An instance of a scripting language






47. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






48. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






49. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






50. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.