Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The person that determines the permissions to files. The data owner.






2. Relating to quality or kind. This assigns a level of importance to something.






3. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






4. A card that holds information that must be authenticated to before it can reveal the information that it is holding






5. To not be legal (as far as law is concerned) or ethical






6. Enticing people to hit your honeypot to see how they try to access your system.






7. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






8. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






9. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






10. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.






11. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






12. White hat l0pht






13. A system designed to stop piggybacking.






14. A gas used in fire suppression. Not human safe. Chemical reaction.






15. Rolling command center with UPS - satellite - uplink - power - etc.






16. A network that uses proprietary protocols






17. Network device that operates at layer 1. Concentrator.






18. In a separation of duties model - this is where code is checked in and out






19. Jumping into dumpsters to retrieve information about someone/something/a company






20. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






21. Also known as a tunnel)






22. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






23. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






24. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






25. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






26. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






27. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.






28. Encompasses Risk Analysis and Risk Mitigation






29. Good for distance - longer than 100M






30. Setting up the user to access the honeypot for reasons other than the intent to harm.






31. Internet Architecture Board. This board is responsible for protecting the Internet.






32. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






33. A hidden communications channel on a system that allows for the bypassing of the system security policy






34. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






35. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.






36. The ability to have more than one thread associated with a process






37. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






38. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






39. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






40. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






41. The process of reducing your risks to an acceptable level based on your risk analysis






42. The real cost of acquiring/maintaining/developing a system






43. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






44. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






45. Threat to physical security.






46. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






47. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






48. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






49. Distributed Component Object Model. Microsoft's implementation of CORBA.






50. Component Object Model.