Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






2. A RFC standard. A mechanism for performing commands on a remote system






3. Must be in place for you to use a biometric system






4. These viruses usually infect both boot records and files.






5. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






6. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






7. Be at least 8 foot tall and have three strands of barbed wire.






8. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






9. When security is managed at a central point in an organization






10. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






11. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






12. 'If you cant see it - its secure'. Bad policy to live by.






13. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






14. The practice of obtaining confidential information by manipulation of legitimate users.






15. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






16. Accepting all packets






17. The act of identifying yourself. Providing your identity to a system






18. Emanations from one wire coupling with another wire






19. Dynamic Host Configuration Protocol.






20. A system designed to stop piggybacking.






21. Good for distance - longer than 100M






22. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






23. CISSPs subscribe to a code of ethics for building up the security profession






24. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






25. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






26. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






27. A card that holds information that must be authenticated to before it can reveal the information that it is holding






28. Confidentiality - Integrity - and Availability






29. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






30. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






31. When one key of a two-key pair has more encryption pattern than the other






32. A network that uses proprietary protocols






33. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






34. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






35. Disclosure - Alteration - Destruction. These things break the CIA triad






36. Method of authenticating to a system. Something that you supply and something you know.






37. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






38. An instance of a scripting language






39. Signal degradation as it moves farther from its source






40. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






41. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






42. Encompasses Risk Analysis and Risk Mitigation






43. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






44. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






45. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






46. More discriminate than dogs






47. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






48. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






49. Enticing people to hit your honeypot to see how they try to access your system.






50. Same as a block cipher except that it is applied to a data stream one bit at a time