Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






2. In the broadest sense - a fraud is a deception made for personal gain






3. Reasonable doubt






4. A network entity that provides a single entrance / exit point to the Internet.






5. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






6. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






7. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.






8. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






9. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






10. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






11. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






12. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






13. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






14. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






15. Emanations from one wire coupling with another wire






16. A gas used in fire suppression. Not human safe. Chemical reaction.






17. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






18. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






19. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






20. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






21. Scanning the airwaves for radio transmissions






22. When one key of a two-key pair has more encryption pattern than the other






23. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






24. Also known as a tunnel)






25. The art of breaking code. Testing the strength of an algorithm.






26. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






27. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






28. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






29. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






30. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






31. The process of reducing your risks to an acceptable level based on your risk analysis






32. Must be in place for you to use a biometric system






33. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






34. The ability to have more than one thread associated with a process






35. Transferring your risk to someone else - typically an insurance company






36. Providing verification to a system






37. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






38. Software designed to infiltrate or damage a computer system - without the owner's consent.






39. The user






40. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






41. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






42. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






43. Rolling command center with UPS - satellite - uplink - power - etc.






44. Disclosure - Alteration - Destruction. These things break the CIA triad






45. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






46. Signal degradation as it moves farther from its source






47. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






48. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






49. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider






50. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.