Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






2. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






3. Setting up the user to access the honeypot for reasons other than the intent to harm.






4. Closed Circuit Television






5. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






6. Computer Incident Response Team






7. Method of authenticating to a system. Something that you supply and something you know.






8. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






9. The output of a hash function is a digest.






10. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






11. A network that uses proprietary protocols






12. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






13. After implementing countermeasures - accepting risk for the amount of vulnerability left over






14. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






15. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






16. A military standard defining controls for emanation protection






17. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






18. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






19. Defines the objects and their attributes that exist in a database.






20. Network Address Translation






21. A technique to eliminate data redundancy.






22. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






23. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






24. Relating to quality or kind. This assigns a level of importance to something.






25. Be at least 8 foot tall and have three strands of barbed wire.






26. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






27. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






28. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






29. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






30. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






31. Dynamic Host Configuration Protocol.






32. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






33. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






34. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






35. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i






36. Assuming someone's session who is unaware of what you are doing






37. The person that controls access to the data






38. Scanning the airwaves for radio transmissions






39. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






40. Also civil law






41. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






42. Ethernet - Cat5 - Twisted to allow for longer runs.






43. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






44. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






45. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






46. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






47. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






48. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






49. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






50. Involving the measurement of quantity or amount.