Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.






2. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






3. Closed Circuit Television






4. The frequency with which a threat is expected to occur.






5. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






6. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






7. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






8. Providing verification to a system






9. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






10. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






11. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






12. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






13. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






14. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






15. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






16. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






17. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






18. Must be in place for you to use a biometric system






19. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






20. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






21. The intercepting of conversations by unintended recipients






22. The real cost of acquiring/maintaining/developing a system






23. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






24. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






25. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






26. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.






27. A mechanism by which connections to TCP services on a system are allowed or disallowed






28. Occupant Emergency Plan - Employees are the most important!






29. Good for distance - longer than 100M






30. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






31. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






32. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






33. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






34. Object Linking and Embedding. The ability of an object to be embedded into another object.






35. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






36. The person that controls access to the data






37. Public Key Infrastructure






38. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






39. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






40. 'If you cant see it - its secure'. Bad policy to live by.






41. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






42. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






43. Defines the objects and their attributes that exist in a database.






44. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






45. Encompasses Risk Analysis and Risk Mitigation






46. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






47. The person that determines the permissions to files. The data owner.






48. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






49. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






50. This is an open international standard for applications that use wireless communications.