Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Data storage formats and equipment that allow the stored data to be accessed in any order






2. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






3. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






4. A military standard defining controls for emanation protection






5. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






6. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






7. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






8. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






9. A network that uses standard protocols (TCP/IP)






10. Setting up the user to access the honeypot for reasons other than the intent to harm.






11. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






12. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






13. This factor represents a measure of the magnitude of loss or impact on the value of an asset.






14. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






15. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






16. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






17. Chief Information Officer






18. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






19. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






20. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






21. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






22. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






23. In a separation of duties model - this is where code is checked in and out






24. Entails planning and system actions to ensure that a project is following good quality management practices






25. A network that mimics the brain






26. Closed Circuit Television






27. A mechanism by which connections to TCP services on a system are allowed or disallowed






28. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






29. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






30. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






31. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






32. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






33. Once authenticated - the level of access you have to a system






34. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






35. Good for distance - longer than 100M






36. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






37. A network entity that provides a single entrance / exit point to the Internet.






38. A system designed to stop piggybacking.






39. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






40. Something used to put out a fire. Can be in Classes A - B - C - D - or H






41. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






42. Access control method for database based on the content of the database to provide granular access






43. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






44. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






45. Scanning the airwaves for radio transmissions






46. Transferring your risk to someone else - typically an insurance company






47. A gas used in fire suppression. Not human safe. Chemical reaction.






48. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






49. This is an open international standard for applications that use wireless communications.






50. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.