Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






2. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






3. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






4. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






5. A site that is ready physically but has no hardware in place - all it has is HVAC






6. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






7. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






8. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






9. Access control method for database based on the content of the database to provide granular access






10. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






11. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






12. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






13. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






14. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






15. Making individuals accountable for their actions on a system typically through the use of auditing






16. Motivational tools for employee awareness to get them to report security flaws in an organization






17. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






18. Same as a block cipher except that it is applied to a data stream one bit at a time






19. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






20. A network that mimics the brain






21. Network Address Translation






22. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






23. More discriminate than dogs






24. Defines the objects and their attributes that exist in a database.






25. Once authenticated - the level of access you have to a system






26. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






27. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






28. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






29. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






30. A sandbox. Emulates an operating environment.






31. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






32. Something used to put out a fire. Can be in Classes A - B - C - D - or H






33. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






34. Computer Incident Response Team






35. Scanning the airwaves for radio transmissions






36. The practice of obtaining confidential information by manipulation of legitimate users.






37. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






38. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






39. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.






40. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






41. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






42. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






43. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






44. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






45. An attempt to trick the system into believing that something false is real






46. To not be legal (as far as law is concerned) or ethical






47. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






48. This factor represents a measure of the magnitude of loss or impact on the value of an asset.






49. A military standard defining controls for emanation protection






50. Must be in place for you to use a biometric system