Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






2. A network that uses proprietary protocols






3. The intercepting of conversations by unintended recipients






4. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






5. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






6. Good for distance - longer than 100M






7. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






8. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






9. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






10. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






11. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






12. The process of reducing your risks to an acceptable level based on your risk analysis






13. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






14. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






15. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






16. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






17. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






18. Common Object Request Broker Architecture.






19. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






20. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






21. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






22. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






23. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






24. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






25. The person that determines the permissions to files. The data owner.






26. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






27. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






28. Network device that operates at layer 1. Concentrator.






29. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






30. Continuation of Operations Plan






31. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






32. Basic Input/Output System






33. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






34. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






35. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






36. Same as a block cipher except that it is applied to a data stream one bit at a time






37. After implementing countermeasures - accepting risk for the amount of vulnerability left over






38. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






39. CISSPs subscribe to a code of ethics for building up the security profession






40. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






41. Setting up the user to access the honeypot for reasons other than the intent to harm.






42. Making individuals accountable for their actions on a system typically through the use of auditing






43. Signal degradation as it moves farther from its source






44. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet






45. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






46. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






47. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






48. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and






49. Rolling command center with UPS - satellite - uplink - power - etc.






50. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






Can you answer 50 questions in 15 minutes?



Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests