Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






2. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






3. Relating to quality or kind. This assigns a level of importance to something.






4. White hat l0pht






5. The frequency with which a threat is expected to occur.






6. This factor represents a measure of the magnitude of loss or impact on the value of an asset.






7. Component Object Model.






8. A hidden communications channel on a system that allows for the bypassing of the system security policy






9. Defines the objects and their attributes that exist in a database.






10. Making individuals accountable for their actions on a system typically through the use of auditing






11. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






12. A RFC standard. A mechanism for performing commands on a remote system






13. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






14. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






15. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






16. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor






17. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






18. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






19. Also civil law






20. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






21. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






22. Repeats the signal. It amplifies the signal before sending it on.






23. When two or more processes are linked and execute multiple programs simultaneously






24. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






25. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






26. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






27. Network devices that operate at layer 3. This device separates broadcast domains.






28. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






29. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






30. To not be legal (as far as law is concerned) or ethical






31. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






32. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






33. Involving the measurement of quantity or amount.






34. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






35. Same as a block cipher except that it is applied to a data stream one bit at a time






36. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






37. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






38. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






39. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






40. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






41. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






42. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






43. Method of authenticating to a system. Something that you supply and something you know.






44. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






45. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






46. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






47. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






48. The art of breaking code. Testing the strength of an algorithm.






49. When security is managed at many different points in an organization






50. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






Can you answer 50 questions in 15 minutes?



Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests