Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






2. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






3. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






4. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






5. Occupant Emergency Plan - Employees are the most important!






6. Same as a block cipher except that it is applied to a data stream one bit at a time






7. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






8. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






9. A site that is ready physically but has no hardware in place - all it has is HVAC






10. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






11. Be at least 8 foot tall and have three strands of barbed wire.






12. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






13. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






14. Must be in place for you to use a biometric system






15. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






16. Animals with teeth. Not as discriminate as guards






17. Data storage formats and equipment that allow the stored data to be accessed in any order






18. Involving the measurement of quantity or amount.






19. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






20. Enticing people to hit your honeypot to see how they try to access your system.






21. Someone who hacks






22. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






23. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






24. Access control method for database based on the content of the database to provide granular access






25. An attempt to trick the system into believing that something false is real






26. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






27. Entails planning and system actions to ensure that a project is following good quality management practices






28. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






29. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






30. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider






31. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






32. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






33. A card that holds information that must be authenticated to before it can reveal the information that it is holding






34. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






35. Setting up the user to access the honeypot for reasons other than the intent to harm.






36. Good for distance - longer than 100M






37. Reasonable doubt






38. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






39. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






40. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






41. Chief Executive Officer






42. CISSPs subscribe to a code of ethics for building up the security profession






43. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






44. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






45. Dialing fixed sets telephone numbers looking for open modem connections to machines






46. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






47. Something used to put out a fire. Can be in Classes A - B - C - D - or H






48. Internet Architecture Board. This board is responsible for protecting the Internet.






49. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






50. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi