Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






2. Jumping into dumpsters to retrieve information about someone/something/a company






3. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






4. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






5. Making individuals accountable for their actions on a system typically through the use of auditing






6. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.






7. When security is managed at a central point in an organization






8. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






9. Confidentiality - Integrity - and Availability






10. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






11. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






12. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






13. The person that determines the permissions to files. The data owner.






14. The user






15. In cryptography - it is a block cipher






16. Reasonable doubt






17. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






18. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






19. Network devices that operate at layer 3. This device separates broadcast domains.






20. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






21. Internet Architecture Board. This board is responsible for protecting the Internet.






22. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






23. A site that is ready physically but has no hardware in place - all it has is HVAC






24. Closed Circuit Television






25. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






26. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






27. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






28. An instance of a scripting language






29. The intercepting of conversations by unintended recipients






30. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






31. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






32. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






33. The output of a hash function is a digest.






34. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






35. Network device that operates at layer 1. Concentrator.






36. Basic Input/Output System






37. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






38. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






39. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






40. Rolling command center with UPS - satellite - uplink - power - etc.






41. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






42. An attempt to trick the system into believing that something false is real






43. Animals with teeth. Not as discriminate as guards






44. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






45. Object Linking and Embedding. The ability of an object to be embedded into another object.






46. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






47. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






48. Transferring your risk to someone else - typically an insurance company






49. Emanations from one wire coupling with another wire






50. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to