Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






2. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






3. A sandbox. Emulates an operating environment.






4. Good for distance - longer than 100M






5. The frequency with which a threat is expected to occur.






6. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






7. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






8. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






9. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






10. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work






11. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






12. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






13. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






14. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






15. The practice of obtaining confidential information by manipulation of legitimate users.






16. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






17. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






18. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






19. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






20. The ability to have more than one thread associated with a process






21. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






22. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






23. Chief Information Officer






24. A hidden communications channel on a system that allows for the bypassing of the system security policy






25. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






26. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.






27. A network entity that provides a single entrance / exit point to the Internet.






28. Software designed to infiltrate or damage a computer system - without the owner's consent.






29. Personal - Network - and Application






30. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






31. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






32. Dialing fixed sets telephone numbers looking for open modem connections to machines






33. A RFC standard. A mechanism for performing commands on a remote system






34. Must be in place for you to use a biometric system






35. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






36. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






37. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






38. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






39. When one key of a two-key pair has more encryption pattern than the other






40. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






41. Reasonable doubt






42. A card that holds information that must be authenticated to before it can reveal the information that it is holding






43. Assuming someone's session who is unaware of what you are doing






44. Distributed Component Object Model. Microsoft's implementation of CORBA.






45. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses






46. A mechanism by which connections to TCP services on a system are allowed or disallowed






47. The art of breaking code. Testing the strength of an algorithm.






48. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






49. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






50. Method of authenticating to a system. Something that you supply and something you know.