Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






2. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






3. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






4. Encompasses Risk Analysis and Risk Mitigation






5. These viruses usually infect both boot records and files.






6. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






7. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






8. Occupant Emergency Plan - Employees are the most important!






9. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






10. Accepting all packets






11. A hidden communications channel on a system that allows for the bypassing of the system security policy






12. Relating to quality or kind. This assigns a level of importance to something.






13. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






14. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






15. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






16. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






17. Transferring your risk to someone else - typically an insurance company






18. The person that controls access to the data






19. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






20. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






21. Be at least 8 foot tall and have three strands of barbed wire.






22. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






23. Signal degradation as it moves farther from its source






24. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






25. A military standard defining controls for emanation protection






26. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






27. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






28. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






29. In the broadest sense - a fraud is a deception made for personal gain






30. These can be used to verify that public keys belong to certain individuals.






31. The real cost of acquiring/maintaining/developing a system






32. Entails planning and system actions to ensure that a project is following good quality management practices






33. Something used to put out a fire. Can be in Classes A - B - C - D - or H






34. Closed Circuit Television






35. Random Number Base






36. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time






37. Providing verification to a system






38. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






39. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i






40. Animals with teeth. Not as discriminate as guards






41. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






42. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






43. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






44. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






45. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






46. When two or more processes are linked and execute multiple programs simultaneously






47. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.






48. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






49. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






50. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor