Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






2. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






3. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






4. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






5. The ability to have more than one thread associated with a process






6. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






7. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






8. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.






9. Continuation of Operations Plan






10. More discriminate than dogs






11. Once authenticated - the level of access you have to a system






12. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






13. Entails planning and system actions to ensure that a project is following good quality management practices






14. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






15. Dynamic Host Configuration Protocol.






16. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






17. Network device that operates at layer 1. Concentrator.






18. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






19. 'If you cant see it - its secure'. Bad policy to live by.






20. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






21. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






22. Dialing fixed sets telephone numbers looking for open modem connections to machines






23. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






24. Enticing people to hit your honeypot to see how they try to access your system.






25. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






26. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






27. Same as a block cipher except that it is applied to a data stream one bit at a time






28. Access control method for database based on the content of the database to provide granular access






29. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






30. A hidden communications channel on a system that allows for the bypassing of the system security policy






31. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






32. Common Object Request Broker Architecture.






33. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






34. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






35. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






36. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.






37. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






38. Chief Information Officer






39. The frequency with which a threat is expected to occur.






40. A war dialing utility






41. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






42. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






43. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






44. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






45. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






46. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time






47. When one key of a two-key pair has more encryption pattern than the other






48. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






49. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






50. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters