Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






2. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






3. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.






4. Network device that operates at layer 1. Concentrator.






5. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






6. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






7. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






8. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






9. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






10. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






11. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






12. Once authenticated - the level of access you have to a system






13. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






14. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






15. Random Number Base






16. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






17. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






18. The intercepting of conversations by unintended recipients






19. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe






20. Method of authenticating to a system. Something that you supply and something you know.






21. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






22. Component Object Model.






23. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






24. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






25. Internet Architecture Board. This board is responsible for protecting the Internet.






26. A network that mimics the brain






27. Occupant Emergency Plan - Employees are the most important!






28. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






29. Entails planning and system actions to ensure that a project is following good quality management practices






30. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






31. In a separation of duties model - this is where code is checked in and out






32. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






33. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






34. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






35. This is an open international standard for applications that use wireless communications.






36. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






37. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






38. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






39. The real cost of acquiring/maintaining/developing a system






40. Chief Executive Officer






41. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






42. These can be used to verify that public keys belong to certain individuals.






43. Closed Circuit Television






44. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






45. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






46. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






47. More discriminate than dogs






48. Someone who hacks






49. Network Address Translation






50. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho