Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






2. Reasonable doubt






3. Motivational tools for employee awareness to get them to report security flaws in an organization






4. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






5. Dynamic Host Configuration Protocol.






6. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






7. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.






8. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






9. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






10. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






11. A hidden communications channel on a system that allows for the bypassing of the system security policy






12. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






13. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






14. Data storage formats and equipment that allow the stored data to be accessed in any order






15. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






16. Threat to physical security.






17. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






18. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






19. Good for distance - longer than 100M






20. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






21. When two or more processes are linked and execute multiple programs simultaneously






22. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






23. A sandbox. Emulates an operating environment.






24. The act of identifying yourself. Providing your identity to a system






25. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






26. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






27. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






28. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






29. These can be used to verify that public keys belong to certain individuals.






30. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.






31. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






32. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






33. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.






34. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






35. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






36. Be at least 8 foot tall and have three strands of barbed wire.






37. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






38. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






39. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






40. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






41. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






42. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






43. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






44. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






45. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






46. Dialing fixed sets telephone numbers looking for open modem connections to machines






47. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






48. Random Number Base






49. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






50. Involving the measurement of quantity or amount.