Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Someone whose hacking is primarily targeted at the phone systems






2. Method of authenticating to a system. Something that you supply and something you know.






3. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






4. Chief Executive Officer






5. Also civil law






6. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






7. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






8. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






9. The ability to have more than one thread associated with a process






10. Something used to put out a fire. Can be in Classes A - B - C - D - or H






11. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






12. The frequency with which a threat is expected to occur.






13. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






14. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






15. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






16. The art of breaking code. Testing the strength of an algorithm.






17. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






18. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






19. A site that is ready physically but has no hardware in place - all it has is HVAC






20. An instance of a scripting language






21. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






22. The process of reducing your risks to an acceptable level based on your risk analysis






23. When two or more processes are linked and execute multiple programs simultaneously






24. Setting up the user to access the honeypot for reasons other than the intent to harm.






25. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






26. A technique to eliminate data redundancy.






27. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






28. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






29. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






30. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






31. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






32. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






33. Jumping into dumpsters to retrieve information about someone/something/a company






34. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






35. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






36. A network that uses proprietary protocols






37. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






38. When security is managed at many different points in an organization






39. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






40. Must be in place for you to use a biometric system






41. The practice of obtaining confidential information by manipulation of legitimate users.






42. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






43. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






44. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






45. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






46. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






47. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






48. Confidentiality - Integrity - and Availability






49. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






50. Disclosure - Alteration - Destruction. These things break the CIA triad