Security+ (CompTIA) Vocabulary Quiz

10 tape rotation

10 tape rotation

A backup rotation scheme in which ten backup tapes are used over the course of two weeks.

802.1X

An authentication technology used to connect devices to a LAN or WLAN. It is an example of port-based NAC.

acceptable use

Acceptable usage policies define the rules that restrict how a computer, network, or other system may be used.

access control list (ACL)

A list of permissions attached to an object. They specify what level of access a user, users, or groups have to an object. When dealing with firewalls, an ACL is a set of rules that apply to a list of network names, IP addresses. and port numbers.

access control model

Methodologies in which admission to physical areas, and more important computer systems, is managed and organized.

account expiration

The date when users' accounts they use to log on to the network expires.

Accounting

The tracking of data, computer usage, and network resources. Often it means logging, auditing, and monitoring of the data and resources.

active interception

Also known as active inception in the CompTIA 2008 Security+ objectives; normally includes a computer placed between the sender and the receiver in an effort to capture and possibly modify information.

ad filtering

Ways of blocking and filtering out unwanted advertisement; popup blockers and content filters are considered to be ad filtering methods.

Advanced Encryption Standard (AES)

An encryption standard used with WPA and WPA2. The successor to DES/3DES and is another symmetric key encryption standard composed of three different block ciphers: AES-128, AES-192, and AES-256.

Adware

Type of spyware that pops up advertisements based on what it has learned about the user.

Algorithms

Well-defined instructions that describe computations from their initial state to their final state.

anomaly based monitoring

Also known as statistical anomaly based; establishes a performance baseline based on a set of normal network traffic evaluations.

AP isolation

Each client connected to the AP will not be able to communicate with each other, but they can each still access the Internet.

application firewall

A firewall that can control the traffic associated with specific applications. Works all the way up to the Application Layer of the OSI model.

application-level gateway (ALG)

Applies security mechanisms to specific applications, such as FTP and/or BitTorrent. It supports address and port translation and checks whether the type of application traffic is allowed.

ARP poisoning

An attack that exploits Ethernet networks, and it may enable an attacker to sniff frames of information, modify that information, or stop it from getting to its intended destination.

asymmetric key algorithm

This type of cipher uses a pair of different keys to encrypt and decrypt data.

audit trails

Records or logs that show the tracked actions of users, whether the user was successful in the attempt.

Authentication

When a person's identity is confirmed. Authentication is the verification of a person's identity.

Authorization

When a user is granted access to specific resources when authentication is complete.

Availability

Data is obtainable regardless of how information is stored, accessed, or protected.

Backdoors

Used in computer programs to bypass normal authentication and other security mechanisms in place.

back-to-back perimeter

A type of DMZ where the DMZ is located between the LAN and the Internet.

backup generator

Part of an emergency power system used when there is an outage of regular electric grid power.

Baiting

When a malicious individual leaves malware-infected removable media, such as a USB drive or optical disc, lying around in plain view.

baseline reporting

Identification of the security posture of an application, system, or network.

Baselining

The process of measuring changes in networking, hardware, software, and so on.

behavior-based monitoring

A monitoring system that looks at the previous behavior of applications, executables, and/or the operating system and compares that to current activity on the system.

Biometrics

The science of recognizing humans based on one or more physical characteristics.

birthday attack

An attack on a hashing system that attempts to send two different messages with the same hash function, causing a collision.

Blackout

When a total loss of power for a prolonged period occurs.

block cipher

A type of algorithm that encrypts a number of bits as individual units known as blocks.

Bluejacking

The sending of unsolicited messages to Bluetooth-enabled devices such as mobile phones and PDAs.

Bluesnarfing

The unauthorized access of information from a wireless device through a Bluetooth connection.

Botnet

A group of compromised computers used to distribute malware across the Internet; the members are usually zombies.

broadcast storm

When there is an accumulation of broadcast and multicast packet traffic on the LAN coming from one or more network interfaces.

Brownout

When the voltage drops to such an extent that it typically causes the lights to dim and causes computers to shut off.

brute force attack

A password attack where every possible password is attempted.

buffer overflow

When a process stores data outside the memory that the developer intended. This could cause erratic behavior in the application, especially if the memory already had other data in it.

business impact analysis

The examination of critical versus noncritical functions, it is part of a business continuity plan (BCP).

butt set (or lineman's handset)

A device that looks similar to a phone but has alligator clips that can connect to the various terminals used by phone equipment, enabling a person to listen in to a conversation.

CAM table

The Content Addressable Memory table, a table that is in a switch's memory that contains ports and their corresponding MAC addresses.

certificate authority

The entity (usually a server) that issues digital certificates to users.

certificate revocation list (CRL)

A list of certificates no longer valid or that have been revoked by the issuer.

Certificates

Digitally signed electronic documents that bind a public key with a user identity.

chain of custody

Documents who had custody of evidence all the way up to litigation or a court trial (if necessary) and verifies that the evidence has not been modified.

Challenge-Handshake Authentication Protocol (CHAP)

An authentication scheme used by the Point-to-Point Protocol (PPP) that is the standard for dial-up connections.

change management

A structured way of changing the state of a computer system, network, or IT procedure.

chromatic dispersion

The refraction of light as in a rainbow. If light is refracted in such a manner on fiber optic cables, the signal cannot be read by the receiver.

Cipher

An algorithm that can perform encryption or decryption.

circuit-level gateway

Works at the Session Layer of the OSI model and applies security mechanisms when a TCP or UDP connection is established; they act as a go-between for the Transport and Application Layers in TCP/IP.

Cloud computing

A way of offering on-demand services that extend the capabilities of a person's computer or an organization's network.

Cluster

Two or more servers that work with each other.

cold site

This has tables, chairs, bathrooms, and possibly some technical setup, for example, basic phone, data, and electric lines, but will require days if not weeks to set up properly.

computer security audits

Technical assessments made of applications, systems, or networks.

Confidentiality

Preventing the disclosure of information to unauthorized persons.

content filters

Individual computer programs that block external files that use JavaScript or images from loading into the browser.

Cookies

Text files placed on the client computer that store information about it, which could include your computer's browsing habits and credentials. Tracking cookies are used by spyware to collect information about a web user's activities. Session cookies are used by attackers in an attempt to hijack a session.

cross-site request forgery (XSRF)

An attack that exploits the trust a website has in a user's browser in an attempt to transmit unauthorized commands to the website.

cross-site scripting (XSS)

A type of vulnerability found in web applications used with session hijacking.

Crosstalk

When a signal transmitted on one copper wire creates an undesired effect on another wire; the signal "bleeds" over, so to speak.

cryptanalysis attack

A password attack uses a considerable set of precalculated encrypted passwords located in a lookup table.

cryptographic hash functions

Hash functions based on block ciphers.

Cryptography

The practice and study of hiding information.

data emanation (or signal emanation)

The electromagnetic field generated by a network cable or network device, which can be manipulated to eavesdrop on conversations or to steal data.

Data Encryption Standard (DES)

An older type of block cipher selected by the United States federal government back in the 1970s as its encryption standard; due to its weak key, it is now considered deprecated.

data loss prevention (DLP)

Systems that are designed to protect data by way of content inspection. They are meant to stop the leakage of confidential data, often concentrating on communications.

default account

An account installed by default on a device or within an operating system with a default set of user credentials that are usually insecure.

Defense in depth

The building up and layering of security measures that protect data from inception, on through storage and network transfer, and lastly to final disposal.

demilitarized zone (DMZ)

A special area of the network (sometimes referred to as a subnetwork) that houses servers that host information accessed by clients or other networks on the Internet.

Denial of Service (DoS)

A broad term given to many different types of network attacks that attempt to make computer resources unavailable.

dictionary attack

A password attack that uses a prearranged list of likely words, trying each of them one at a time.

differential backup

Type of backup that backs up only the contents of a folder that have changed since the last full backup.

Diffie-Hellman key exchange

Invented in the 1970s, it was the first practical method for establishing a shared secret key over an unprotected communications channel.

digital signature

A signature that authenticates a document through math, letting the recipient know that the document was created and sent by the actual sender and not someone else.

directory traversal

Also known as the ../ (dot dot slash) attack is a method of accessing unauthorized parent directories.

disaster recovery plan

A plan that details the policies and procedures concerning the recovery and/or continuation of an organization's technology infrastructure.

discretionary access control (DAC)

An access control policy generally determined by the owner.

disk duplexing

When each disk is connected to a separate controller.

Distributed Denial of Service (DDoS)

An attack in which a group of compromised systems attack a single target, causing a DoS to occur at that host, usually using a botnet.

diversion theft

When a thief attempts to take responsibility for a shipment by diverting the delivery to a nearby location.

DNS poisoning

The modification of name resolution information that should be in a DNS server's cache.

domain name kiting

The process of deleting a domain name during the five-day grace period (known as the add grace period or AGP) and immediately reregistering it for another five-day period to keep a domain name indefinitely and for free.

due care

The mitigation action that an organization takes to defend against the risks that have been uncovered during due diligence.

due diligence

Ensuring that IT infrastructure risks are known and managed.

due process

The principle that an organization must respect and safeguard personnel's rights.

dumpster diving

When a person literally scavenges for private information in garbage and recycling containers.

Easter egg

A platonic extra added to an OS or application as a sort of joke; the harmless cousin of the logic bomb.

Eavesdropping

When a person uses direct observation to "listen" in to a conversation.

electromagnetic interference (EMI)

A disturbance that can affect electrical circuits,devices, and cables due to electromagnetic conduction or radiation.

elliptic curve cryptography (ECC)

A type of public key cryptography based on thestructure of an elliptic curve.

Encryption

The process of changing information using an algorithm (or cipher) into another form that is unreadable by others—unless they possess the key to that data.

ethical hacker

an expert at breaking into systems and can attack systems on behalf of the system's owner and with the owner's consent.

explicit allow

When an administrator sets a rule that allows a specific type of traffic through a firewall, often within an ACL.

explicit deny

When an administrator sets a rule that denies a specific type of traffic access through a firewall, often within an ACL.

Extensible Authentication Protocol (EAP)

Not an authentication mechanism in itself but instead defines message formats. 802.1X would be the authentication mechanism and defines how EAP is encapsulated within messages.

failopen mode

When a switch broadcasts data on all ports the way a hub does.

failover clusters

Also known as high-availability clusters, these are designed so that a secondary server can take over in the case that the primary one fails, with limited or no downtime.

false negative

When a system denies a user who actually should be allowed access to the system. For example, when an IDS/IPS fails to block an attack, thinking it is legitimate traffic.