Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






2. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






3. This is an open international standard for applications that use wireless communications.






4. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






5. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






6. White hat l0pht






7. When one key of a two-key pair has more encryption pattern than the other






8. When security is managed at a central point in an organization






9. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






10. Distributed Component Object Model. Microsoft's implementation of CORBA.






11. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






12. These can be used to verify that public keys belong to certain individuals.






13. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






14. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






15. Network devices that operate at layer 3. This device separates broadcast domains.






16. Rolling command center with UPS - satellite - uplink - power - etc.






17. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






18. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






19. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






20. Continuation of Operations Plan






21. Computer Incident Response Team






22. Repeats the signal. It amplifies the signal before sending it on.






23. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






24. In cryptography - it is a block cipher






25. A network that mimics the brain






26. Be at least 8 foot tall and have three strands of barbed wire.






27. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






28. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






29. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






30. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






31. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






32. The person that determines the permissions to files. The data owner.






33. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time






34. A hidden communications channel on a system that allows for the bypassing of the system security policy






35. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






36. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






37. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






38. Also civil law






39. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






40. A network that uses proprietary protocols






41. Must be in place for you to use a biometric system






42. After implementing countermeasures - accepting risk for the amount of vulnerability left over






43. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






44. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






45. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






46. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






47. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






48. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






49. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






50. Component Object Model.