Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






2. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






3. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






4. Threat to physical security.






5. After implementing countermeasures - accepting risk for the amount of vulnerability left over






6. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






7. Computer Incident Response Team






8. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






9. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






10. A card that holds information that must be authenticated to before it can reveal the information that it is holding






11. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






12. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






13. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






14. The real cost of acquiring/maintaining/developing a system






15. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






16. Continuation of Operations Plan






17. Transferring your risk to someone else - typically an insurance company






18. Closed Circuit Television






19. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






20. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






21. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






22. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






23. When security is managed at many different points in an organization






24. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






25. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






26. Same as a block cipher except that it is applied to a data stream one bit at a time






27. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






28. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






29. The intercepting of conversations by unintended recipients






30. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






31. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






32. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






33. Motive - Opportunity - and Means. These deal with crime.






34. Public Key Infrastructure






35. Also known as a tunnel)






36. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






37. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






38. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






39. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






40. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






41. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






42. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






43. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






44. Emanations from one wire coupling with another wire






45. Access control method for database based on the content of the database to provide granular access






46. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






47. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






48. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






49. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






50. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of