Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. More discriminate than dogs






2. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor






3. The process of reducing your risks to an acceptable level based on your risk analysis






4. Enticing people to hit your honeypot to see how they try to access your system.






5. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






6. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






7. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






8. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






9. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






10. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






11. When one key of a two-key pair has more encryption pattern than the other






12. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






13. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






14. Confidentiality - Integrity - and Availability






15. The person that controls access to the data






16. This is an open international standard for applications that use wireless communications.






17. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






18. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






19. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






20. A hidden communications channel on a system that allows for the bypassing of the system security policy






21. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






22. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






23. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






24. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






25. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






26. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






27. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






28. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






29. Threat to physical security.






30. To not be legal (as far as law is concerned) or ethical






31. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe






32. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






33. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






34. Computer Incident Response Team






35. These can be used to verify that public keys belong to certain individuals.






36. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






37. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






38. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






39. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






40. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






41. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






42. Occupant Emergency Plan - Employees are the most important!






43. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






44. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






45. Must be in place for you to use a biometric system






46. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






47. Animals with teeth. Not as discriminate as guards






48. Motivational tools for employee awareness to get them to report security flaws in an organization






49. After implementing countermeasures - accepting risk for the amount of vulnerability left over






50. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th