Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






2. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






3. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






4. Be at least 8 foot tall and have three strands of barbed wire.






5. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






6. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






7. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






8. A system designed to stop piggybacking.






9. In cryptography - it is a block cipher






10. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






11. The act of identifying yourself. Providing your identity to a system






12. 'If you cant see it - its secure'. Bad policy to live by.






13. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






14. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






15. The process of reducing your risks to an acceptable level based on your risk analysis






16. A sandbox. Emulates an operating environment.






17. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






18. Scanning the airwaves for radio transmissions






19. Entails planning and system actions to ensure that a project is following good quality management practices






20. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.






21. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






22. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






23. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






24. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






25. Internet Relay Chat.






26. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






27. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






28. A military standard defining controls for emanation protection






29. Method of authenticating to a system. Something that you supply and something you know.






30. A network entity that provides a single entrance / exit point to the Internet.






31. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






32. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






33. This is an open international standard for applications that use wireless communications.






34. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






35. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






36. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






37. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






38. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






39. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






40. Someone whose hacking is primarily targeted at the phone systems






41. Public Key Infrastructure






42. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






43. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






44. A site that has some equipment in place - and can be up within days






45. Continuation of Operations Plan






46. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






47. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






48. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






49. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






50. Someone who hacks