Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Access control method for database based on the content of the database to provide granular access






2. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






3. Disclosure - Alteration - Destruction. These things break the CIA triad






4. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






5. Network devices that operate at layer 3. This device separates broadcast domains.






6. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






7. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






8. Continuation of Operations Plan






9. The act of identifying yourself. Providing your identity to a system






10. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






11. Defines the objects and their attributes that exist in a database.






12. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






13. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






14. The practice of obtaining confidential information by manipulation of legitimate users.






15. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






16. Personal - Network - and Application






17. Public Key Infrastructure






18. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






19. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






20. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






21. Making individuals accountable for their actions on a system typically through the use of auditing






22. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






23. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






24. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






25. Signal degradation as it moves farther from its source






26. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






27. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






28. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






29. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






30. Something used to put out a fire. Can be in Classes A - B - C - D - or H






31. Good for distance - longer than 100M






32. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






33. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






34. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






35. A site that is ready physically but has no hardware in place - all it has is HVAC






36. When two or more processes are linked and execute multiple programs simultaneously






37. In cryptography - it is a block cipher






38. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






39. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






40. Data storage formats and equipment that allow the stored data to be accessed in any order






41. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






42. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






43. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






44. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






45. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






46. Network device that operates at layer 1. Concentrator.






47. The real cost of acquiring/maintaining/developing a system






48. A system designed to stop piggybacking.






49. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






50. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider