Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






2. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






3. Involving the measurement of quantity or amount.






4. A network that mimics the brain






5. The process of reducing your risks to an acceptable level based on your risk analysis






6. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses






7. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






8. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






9. An attempt to trick the system into believing that something false is real






10. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






11. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






12. A network that uses standard protocols (TCP/IP)






13. The act of identifying yourself. Providing your identity to a system






14. Internet Relay Chat.






15. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






16. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






17. A sandbox. Emulates an operating environment.






18. A gas used in fire suppression. Not human safe. Chemical reaction.






19. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






20. A network that uses proprietary protocols






21. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






22. Scanning the airwaves for radio transmissions






23. Access control method for database based on the content of the database to provide granular access






24. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






25. Network devices that operate at layer 3. This device separates broadcast domains.






26. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






27. Defines the objects and their attributes that exist in a database.






28. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






29. The practice of obtaining confidential information by manipulation of legitimate users.






30. Transferring your risk to someone else - typically an insurance company






31. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






32. Closed Circuit Television






33. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






34. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






35. Public Key Infrastructure






36. A technique to eliminate data redundancy.






37. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






38. Must be in place for you to use a biometric system






39. A military standard defining controls for emanation protection






40. Disclosure - Alteration - Destruction. These things break the CIA triad






41. The user






42. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






43. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






44. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






45. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






46. These viruses usually infect both boot records and files.






47. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






48. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






49. In a separation of duties model - this is where code is checked in and out






50. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests