Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To not be legal (as far as law is concerned) or ethical






2. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






3. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






4. Transferring your risk to someone else - typically an insurance company






5. A site that has some equipment in place - and can be up within days






6. Same as a block cipher except that it is applied to a data stream one bit at a time






7. Data storage formats and equipment that allow the stored data to be accessed in any order






8. Involving the measurement of quantity or amount.






9. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






10. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






11. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






12. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






13. The person that determines the permissions to files. The data owner.






14. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






15. Someone who hacks






16. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






17. A card that holds information that must be authenticated to before it can reveal the information that it is holding






18. Network Address Translation






19. A mechanism by which connections to TCP services on a system are allowed or disallowed






20. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






21. A RFC standard. A mechanism for performing commands on a remote system






22. Network devices that operate at layer 3. This device separates broadcast domains.






23. Basic Input/Output System






24. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






25. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






26. Network device that operates at layer 1. Concentrator.






27. Internet Relay Chat.






28. The process of reducing your risks to an acceptable level based on your risk analysis






29. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






30. Public Key Infrastructure






31. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






32. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






33. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






34. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






35. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






36. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






37. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






38. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






39. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






40. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.






41. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






42. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






43. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






44. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






45. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






46. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.






47. Good for distance - longer than 100M






48. In cryptography - it is a block cipher






49. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






50. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.