Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






2. Distributed Component Object Model. Microsoft's implementation of CORBA.






3. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






4. Object Linking and Embedding. The ability of an object to be embedded into another object.






5. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






6. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






7. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






8. Chief Executive Officer






9. Method of authenticating to a system. Something that you supply and something you know.






10. An instance of a scripting language






11. Software designed to infiltrate or damage a computer system - without the owner's consent.






12. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






13. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






14. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






15. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






16. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






17. Access control method for database based on the content of the database to provide granular access






18. Network devices that operate at layer 3. This device separates broadcast domains.






19. When two or more processes are linked and execute multiple programs simultaneously






20. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






21. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






22. Internet Architecture Board. This board is responsible for protecting the Internet.






23. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






24. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






25. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






26. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






27. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






28. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.






29. Basic Input/Output System






30. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






31. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






32. Also civil law






33. Enticing people to hit your honeypot to see how they try to access your system.






34. These viruses usually infect both boot records and files.






35. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.






36. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






37. This is an open international standard for applications that use wireless communications.






38. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






39. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






40. Continuation of Operations Plan






41. A network entity that provides a single entrance / exit point to the Internet.






42. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






43. Dialing fixed sets telephone numbers looking for open modem connections to machines






44. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






45. A site that has some equipment in place - and can be up within days






46. In cryptography - it is a block cipher






47. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






48. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






49. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






50. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -