Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The user






2. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses






3. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






4. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






5. Basic Input/Output System






6. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






7. Encompasses Risk Analysis and Risk Mitigation






8. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






9. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.






10. Involving the measurement of quantity or amount.






11. The person that controls access to the data






12. Ethernet - Cat5 - Twisted to allow for longer runs.






13. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






14. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






15. An instance of a scripting language






16. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






17. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






18. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






19. Same as a block cipher except that it is applied to a data stream one bit at a time






20. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






21. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






22. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






23. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






24. Data storage formats and equipment that allow the stored data to be accessed in any order






25. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






26. The frequency with which a threat is expected to occur.






27. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






28. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






29. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






30. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






31. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






32. Jumping into dumpsters to retrieve information about someone/something/a company






33. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






34. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






35. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






36. The practice of obtaining confidential information by manipulation of legitimate users.






37. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






38. Network device that operates at layer 1. Concentrator.






39. Reasonable doubt






40. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






41. White hat l0pht






42. Disclosure - Alteration - Destruction. These things break the CIA triad






43. Internet Relay Chat.






44. When security is managed at a central point in an organization






45. The art of breaking code. Testing the strength of an algorithm.






46. Using ICMP to diagram a network






47. Accepting all packets






48. This is an open international standard for applications that use wireless communications.






49. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






50. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.