Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






2. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






3. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






4. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.






5. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






6. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






7. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






8. Setting up the user to access the honeypot for reasons other than the intent to harm.






9. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






10. A network that mimics the brain






11. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






12. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






13. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






14. Motive - Opportunity - and Means. These deal with crime.






15. Reasonable doubt






16. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






17. Dialing fixed sets telephone numbers looking for open modem connections to machines






18. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






19. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






20. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






21. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






22. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






23. Method of authenticating to a system. Something that you supply and something you know.






24. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






25. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






26. Access control method for database based on the content of the database to provide granular access






27. These can be used to verify that public keys belong to certain individuals.






28. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






29. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






30. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






31. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






32. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






33. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






34. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






35. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






36. Assuming someone's session who is unaware of what you are doing






37. Common Object Request Broker Architecture.






38. Be at least 8 foot tall and have three strands of barbed wire.






39. A military standard defining controls for emanation protection






40. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






41. Public Key Infrastructure






42. The practice of obtaining confidential information by manipulation of legitimate users.






43. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






44. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






45. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






46. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






47. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






48. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






49. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






50. Also civil law