Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. This is an open international standard for applications that use wireless communications.






2. The practice of obtaining confidential information by manipulation of legitimate users.






3. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






4. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






5. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






6. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






7. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






8. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message






9. CISSPs subscribe to a code of ethics for building up the security profession






10. Jumping into dumpsters to retrieve information about someone/something/a company






11. Ethernet - Cat5 - Twisted to allow for longer runs.






12. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






13. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






14. Network devices that operate at layer 3. This device separates broadcast domains.






15. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






16. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






17. Also known as a tunnel)






18. The art of breaking code. Testing the strength of an algorithm.






19. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.






20. Something used to put out a fire. Can be in Classes A - B - C - D - or H






21. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






22. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou






23. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






24. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






25. 'If you cant see it - its secure'. Bad policy to live by.






26. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






27. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






28. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






29. Software designed to infiltrate or damage a computer system - without the owner's consent.






30. A network that uses standard protocols (TCP/IP)






31. These viruses usually infect both boot records and files.






32. Motivational tools for employee awareness to get them to report security flaws in an organization






33. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






34. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






35. Component Object Model.






36. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.






37. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






38. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






39. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






40. Defines the objects and their attributes that exist in a database.






41. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






42. A mechanism by which connections to TCP services on a system are allowed or disallowed






43. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






44. A war dialing utility






45. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.






46. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






47. After implementing countermeasures - accepting risk for the amount of vulnerability left over






48. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






49. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






50. Relating to quality or kind. This assigns a level of importance to something.