Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Entails planning and system actions to ensure that a project is following good quality management practices






2. Software designed to infiltrate or damage a computer system - without the owner's consent.






3. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






4. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






5. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






6. A sandbox. Emulates an operating environment.






7. The real cost of acquiring/maintaining/developing a system






8. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






9. Enticing people to hit your honeypot to see how they try to access your system.






10. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






11. Be at least 8 foot tall and have three strands of barbed wire.






12. Closed Circuit Television






13. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






14. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






15. Motive - Opportunity - and Means. These deal with crime.






16. To not be legal (as far as law is concerned) or ethical






17. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






18. Random Number Base






19. In a separation of duties model - this is where code is checked in and out






20. Making individuals accountable for their actions on a system typically through the use of auditing






21. The process of reducing your risks to an acceptable level based on your risk analysis






22. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






23. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






24. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






25. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






26. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






27. The act of identifying yourself. Providing your identity to a system






28. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






29. Accepting all packets






30. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






31. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






32. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






33. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






34. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






35. CISSPs subscribe to a code of ethics for building up the security profession






36. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






37. Public Key Infrastructure






38. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






39. A network that mimics the brain






40. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






41. Relating to quality or kind. This assigns a level of importance to something.






42. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






43. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






44. A military standard defining controls for emanation protection






45. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






46. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






47. Providing verification to a system






48. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






49. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






50. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests