Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Random Number Base






2. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






3. Same as a block cipher except that it is applied to a data stream one bit at a time






4. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






5. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






6. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






7. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






8. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






9. A gas used in fire suppression. Not human safe. Chemical reaction.






10. After implementing countermeasures - accepting risk for the amount of vulnerability left over






11. A card that holds information that must be authenticated to before it can reveal the information that it is holding






12. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






13. Basic Input/Output System






14. Defines the objects and their attributes that exist in a database.






15. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






16. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






17. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.






18. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






19. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






20. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






21. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






22. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.






23. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






24. A network that uses proprietary protocols






25. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






26. To not be legal (as far as law is concerned) or ethical






27. Also civil law






28. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






29. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.






30. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






31. Must be in place for you to use a biometric system






32. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






33. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






34. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






35. These viruses usually infect both boot records and files.






36. Chief Executive Officer






37. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i






38. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






39. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






40. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






41. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






42. Object Linking and Embedding. The ability of an object to be embedded into another object.






43. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






44. Chief Information Officer






45. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






46. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






47. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






48. Disclosure - Alteration - Destruction. These things break the CIA triad






49. In cryptography - it is a block cipher






50. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database