Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






2. Distributed Component Object Model. Microsoft's implementation of CORBA.






3. The art of breaking code. Testing the strength of an algorithm.






4. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






5. This is an open international standard for applications that use wireless communications.






6. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






7. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






8. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






9. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






10. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






11. White hat l0pht






12. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






13. A technique to eliminate data redundancy.






14. Occupant Emergency Plan - Employees are the most important!






15. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






16. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






17. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






18. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






19. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






20. Signal degradation as it moves farther from its source






21. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






22. A site that has some equipment in place - and can be up within days






23. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






24. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






25. Chief Executive Officer






26. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






27. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor






28. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






29. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






30. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






31. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






32. Access control method for database based on the content of the database to provide granular access






33. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






34. The practice of obtaining confidential information by manipulation of legitimate users.






35. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






36. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






37. Providing verification to a system






38. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






39. Transferring your risk to someone else - typically an insurance company






40. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






41. Network devices that operate at layer 3. This device separates broadcast domains.






42. An attempt to trick the system into believing that something false is real






43. An instance of a scripting language






44. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






45. A hidden communications channel on a system that allows for the bypassing of the system security policy






46. Motivational tools for employee awareness to get them to report security flaws in an organization






47. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






48. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






49. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






50. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.