Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






2. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






3. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






4. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






5. A hidden communications channel on a system that allows for the bypassing of the system security policy






6. A network that mimics the brain






7. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






8. A site that has some equipment in place - and can be up within days






9. Accepting all packets






10. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






11. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






12. When security is managed at a central point in an organization






13. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






14. Someone who hacks






15. The practice of obtaining confidential information by manipulation of legitimate users.






16. A mechanism by which connections to TCP services on a system are allowed or disallowed






17. Dynamic Host Configuration Protocol.






18. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






19. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






20. A military standard defining controls for emanation protection






21. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






22. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






23. 'If you cant see it - its secure'. Bad policy to live by.






24. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






25. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






26. A card that holds information that must be authenticated to before it can reveal the information that it is holding






27. Relating to quality or kind. This assigns a level of importance to something.






28. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






29. Entails planning and system actions to ensure that a project is following good quality management practices






30. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






31. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






32. Enticing people to hit your honeypot to see how they try to access your system.






33. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






34. The act of identifying yourself. Providing your identity to a system






35. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






36. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






37. Something used to put out a fire. Can be in Classes A - B - C - D - or H






38. After implementing countermeasures - accepting risk for the amount of vulnerability left over






39. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






40. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






41. Someone whose hacking is primarily targeted at the phone systems






42. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






43. A gas used in fire suppression. Not human safe. Chemical reaction.






44. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






45. The frequency with which a threat is expected to occur.






46. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






47. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






48. Scanning the airwaves for radio transmissions






49. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






50. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user