Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider






2. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






3. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






4. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






5. Closed Circuit Television






6. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






7. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






8. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






9. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






10. Be at least 8 foot tall and have three strands of barbed wire.






11. Something used to put out a fire. Can be in Classes A - B - C - D - or H






12. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






13. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






14. When security is managed at many different points in an organization






15. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






16. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






17. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






18. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






19. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






20. The user






21. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






22. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






23. Providing verification to a system






24. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






25. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






26. In cryptography - it is a block cipher






27. Encompasses Risk Analysis and Risk Mitigation






28. Involving the measurement of quantity or amount.






29. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






30. A technique to eliminate data redundancy.






31. When one key of a two-key pair has more encryption pattern than the other






32. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.






33. Dynamic Host Configuration Protocol.






34. A war dialing utility






35. A site that is ready physically but has no hardware in place - all it has is HVAC






36. Someone who hacks






37. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






38. A gas used in fire suppression. Not human safe. Chemical reaction.






39. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






40. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






41. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






42. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






43. 'If you cant see it - its secure'. Bad policy to live by.






44. Must be in place for you to use a biometric system






45. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






46. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






47. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






48. An attempt to trick the system into believing that something false is real






49. Internet Architecture Board. This board is responsible for protecting the Internet.






50. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.