Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






2. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






3. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider






4. Continuation of Operations Plan






5. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.






6. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






7. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






8. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






9. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






10. 'If you cant see it - its secure'. Bad policy to live by.






11. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






12. A RFC standard. A mechanism for performing commands on a remote system






13. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






14. Providing verification to a system






15. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






16. Defines the objects and their attributes that exist in a database.






17. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






18. Someone whose hacking is primarily targeted at the phone systems






19. Access control method for database based on the content of the database to provide granular access






20. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






21. Entails planning and system actions to ensure that a project is following good quality management practices






22. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






23. This is an open international standard for applications that use wireless communications.






24. White hat l0pht






25. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






26. The frequency with which a threat is expected to occur.






27. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






28. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor






29. When two or more processes are linked and execute multiple programs simultaneously






30. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






31. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






32. Emanations from one wire coupling with another wire






33. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






34. The practice of obtaining confidential information by manipulation of legitimate users.






35. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






36. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






37. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






38. Disclosure - Alteration - Destruction. These things break the CIA triad






39. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






40. Making individuals accountable for their actions on a system typically through the use of auditing






41. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






42. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






43. Rolling command center with UPS - satellite - uplink - power - etc.






44. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






45. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






46. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






47. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






48. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i






49. Network devices that operate at layer 3. This device separates broadcast domains.






50. A mechanism by which connections to TCP services on a system are allowed or disallowed







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests