100

Question 1

Agreed-upon principles set forth by a company to govern how the employees of that company may use resources such as computers and Internet access

Answer 1

acceptable use policies

Question 2

The means of giving or restricting user access to network resources

Answer 2

access control

Question 3

A table or data file that specifies whether a user or group has access to a specific resource on a computer or network

Answer 3

access control list (ACL)

Question 4

The point at which access to a network is accomplished This term is often used in relation to a wireless access point (WAP)

Answer 4

access point (AP)

Question 5

A policy that provides information to the reader about who to contact if a problem is discovered

Answer 5

accountability statement

Question 6

A response generated in real time

Answer 6

active response

Question 7

Any action a user undertakes

Answer 7

activity

Question 8

Protocol used to map known IP addresses to unknown physical addresses

Answer 8

Address Resolution Protocol (ARP)

Question 9

An attack that convinces the network that the attacker’s MAC address is the one associated with an allowed address so that traffic is wrongly sent to attacker’s machine

Answer 9

Address Resolution Protocol (ARP) poisoning

Question 10

A control implemented through administrative policies or procedures

Answer 10

administrative control

Question 11

The user who is accountable and responsible for the network

Answer 11

administrator

Question 12

A Federal Information Processing Standards (FIPS) publication that specifies a cryptographic algorithm for use by the US government

Answer 12

Advanced Encryption Standard (AES)

Question 13

More commonly known as ARP poisoning - this involves the MAC (Media Access Control) address of the data being faked

Answer 13

ARP spoofing

Question 14

An algorithm that uses two keys

Answer 14

asymmetric algorithm

Question 15

Encryption in which two keys must be used

Answer 15

asymmetric encryption

Question 16

Any unauthorized intrusion into the normal operations of a computer or computer network

Answer 16

attack

Question 17

The area of an application that is available to users—those who are authenticated and - more importantly - those who are not

Answer 17

attack surface

Question 18

Minimizing the possibility of exploitation by reducing the amount of code and limiting potential damage

Answer 18

attack surface reduction (ASR)

Question 19

The act of tracking resource usage by users

Answer 19

audit

Question 20

The means of verifying that someone is who they say they are

Answer 20

authentication

Question 21

A header used to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replays

Answer 21

Authentication Header (AH)

Question 22

A type of certificate technology that allows ActiveX components to be validated by a server

Answer 22

Authenticode

Question 23

A utility used with Windows 7 and 8 for creating a copy of the configuration settings necessary to reach the present state after a disaster

Answer 23

Automated System Recovery (ASR) disk

Question 24

An opening left in a program application (usually by the developer) that allows additional access to data

Answer 24

backdoor

Question 25

A reversion - or roll back to a previous state - from a change that had negative consequences

Answer 25

backout

Question 26

A usable copy of data made to media

Answer 26

backup

Question 27

A generator that can supply power in the event the primary provider is unable to deliver it

Answer 27

backup generator

Question 28

A documented plan governing backup situations

Answer 28

backup plan

Question 29

A written policy detailing the frequency of backups and the location of storage media

Answer 29

backup policy

Question 30

Looking at the banner - or the header information messages sent with data - to find out about a system(s)

Answer 30

banner grabbing

Question 31

Comparing performance to a historic metric

Answer 31

baselining

Question 32

A host with multiple network interface cards so that it can reside on multiple networks

Answer 32

bastion host

Question 33

A set of rules governing basic operations

Answer 33

best practices

Question 34

Data that is too large to be dealt with by traditional database management means

Answer 34

Big Data analysis

Question 35

A probability method of finding collision in hash functions

Answer 35

birthday attack

Question 36

A Microsoft utility used to encrypt a drive

Answer 36

BitLocker

Question 37

A method of encryption that processes blocks of data rather than streams

Answer 37

block cipher

Question 38

A type of symmetric block cipher created by Bruce Schneier

Answer 38

Blowfish

Question 39

The sending of unsolicited messages over a Bluetooth connection

Answer 39

bluejacking

Question 40

The gaining of unauthorized access through a Bluetooth connection

Answer 40

bluesnarfing

Question 41

A router used to translate from LAN framing to WAN framing

Answer 41

border router

Question 42

An automated software program (network robot) that collects information on the Web

Answer 42

bot

Question 43

A trust model in which a peer-to-peer relationship exists among the root certificate authorities

Answer 43

bridge trust model

Question 44

A type of attack that relies purely on trial and error and tries all possible combinations

Answer 44

brute-force attack

Question 45

A type of denial-of-service (DoS) attack that occurs when more data is put into a buffer than it can hold - thereby overflowing it (as the name implies)

Answer 45

buffer overflow

Question 46

A contingency plan that allows a business to keep running in the event of a disruption to vital resources

Answer 46

business continuity planning (BCP)

Question 47

A study of the possible impact if a disruption to to a business’s vital resources were to occur

Answer 47

business impact analysis (BIA)

Question 48

A physical security deterrent used to protect a computer

Answer 48

cable lock

Question 49

An access point that requires users to agree to some condition before they use the network or Internet

Answer 49

captive portal

Question 50

A type of symmetric block cipher defined by RFC 2144

Answer 50

CAST

Question 51

A digital entity that establishes who you are and is often used with e-commerce

Answer 51

certificate

Question 52

An issuer of digital certificates (which are then used for digital signatures or key pairs)

Answer 52

certificate authority (CA)

Question 53

A messaging protocol used between PKI entities

Answer 53

Certificate Management Protocol (CMP

Question 54

The principles and procedures employed in the issuing and managing of certificates

Answer 54

Certificate Practice Statement (CPS)

Question 55

The act of making a certificate invalid

Answer 55

certificate revocation

Question 56

A list of digital certificate revocations that must be regularly downloaded to stay current

Answer 56

certificate revocation list (CRL)

Question 57

A protocol that challenges a system to verify identity

Answer 57

Challenge Handshake Authentication Protocol (CHAP)

Question 58

Management included in the making of a change in the scope of any particular item

Answer 58

change management

Question 59

An algorithm - also known as a cryptographic algorithm - used to encrypt and decrypt data

Answer 59

cipher

Question 60

The part of a client-server network where the computing is usually done

Answer 60

client

Question 61

A surveillance camera used for physical-access monitoring

Answer 61

closed-circuit television (CCTV)

Question 62

Moving the execution of an application to the cloud on an as-needed basis

Answer 62

cloud bursting

Question 63

A model for enabling ubiquitous - convenient - on-demand network access to a shared pool of configurable computing resources”

Answer 63

cloud computing

Question 64

A method of balancing loads and providing fault tolerance

Answer 64

clustering

Question 65

The storage and conditions for release of source code provided by a vendor - partner - or other party

Answer 65

code escrow

Question 66

Looking at all custom written code for holes that may exist

Answer 66

code review

Question 67

Server room aisles that blow cold air from the floor

Answer 67

cold aisles

Question 68

A physical site that can be used if the main site is inaccessible (destroyed) but that lacks all the resources necessary to enable an organization to use it immediately

Answer 68

cold site

Question 69

An agreement between individuals to commit fraud or deceit

Answer 69

collusion

Question 70

A standard identification card used by the Department of Defense(DoD) and other employers

Answer 70

Common Access Card (CAC)

Question 71

A document of specifications detailing security evaluation methods for IT products and systems

Answer 71

Common Criteria (CC)

Question 72

Cloud delivery model in which the infrastructure is shared by organizations with something in common

Answer 72

community cloud

Question 73

A virus that creates a new program that runs in place of an expected program of the same name

Answer 73

companion virus

Question 74

Gap controls that fill in the coverage between other types of vulnerability mitigation techniques (where there are holes coverage - we compensate for them

Answer 74

compensating controls

Question 75

A formalized or an ad hoc team you can call upon to respond to an incident after it arises

Answer 75

Computer Security Incident Response Team (CSIRT)

Question 76

Type of communications between two hosts that have a previous session established for synchronizing sent data

Answer 76

connection-oriented protocol

Question 77

A plan that allows a business to keep running in the event of a disruption to vital resources

Answer 77

contingency plan

Question 78

Processes or actions used to respond to situations or events

Answer 78

control

Question 79

Technical or administrative measures in place to assist with resource management

Answer 79

control types

Question 80

A plain-text file stored on your machine that contains information about you (and your preferences) and is used by a server

Answer 80

cookie

Question 81

A wrapper that uses 128-bit AES encryption with a 48-bit initialization vector

Answer 81

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)

Question 82

Functions on which the livelihood of the company depends

Answer 82

critical business functions (CBF)

Question 83

A form of web-based attack in which unauthorized commands are sent from a user that a website trusts

Answer 83

Cross-Site Request Forgery (XSRF)

Question 84

Running a script routine on a user’s machine from a website without their permission

Answer 84

cross-site scripting (XSS)

Question 85

The study and practice of finding weaknesses in ciphers

Answer 85

cryptanalysis

Question 86

A person who does cryptanalysis

Answer 86

cryptanalyst

Question 87

A person who participates in the study of cryptographic algorithms

Answer 87

cryptographer

Question 88

An algorithm - also known as a cipher - used to encrypt and decrypt data

Answer 88

cryptographic algorithm

Question 89

The field of mathematics focused on encrypting and decrypting data

Answer 89

cryptography

Question 90

Getting rid of/destroying media no longer needed

Answer 90

data disposal

Question 91

The primary standard used in government and industry until it was replaced by AES

Answer 91

Data Encryption Standard (DES)

Question 92

Any systems that identify - monitor - and protect data to prevent it from unauthorized use - modification - or destruction”

Answer 92

data loss prevention (DLP)

Question 93

A policy dealing with some aspect of data (usage - destruction - retention - etc

Answer 93

data policy

Question 94

A response that fools the attacker into thinking that the attack is succeeding while the system monitors the activity and potentially redirects the attacker to a system that is designed to be broken

Answer 94

deception active response

Question 95

An area for placing web and other servers outside the firewall

Answer 95

demilitarized zone (DMZ)

Question 96

A type of attack that prevents any users—even legitimate ones— from using a system

Answer 96

denial-of-service (DoS)

Question 97

Reviewing the security design - including examining the ports and protocols used - the rules - segmentation - and access control

Answer 97

design review

Question 98

Controls that are intended to identify and characterize an incident in progress (for example - sounding the alarm and altering the administrator)

Answer 98

detective control

Question 99

The act of attempting to crack passwords by testing them against a list of dictionary words

Answer 99

dictionary attack

Question 100

A type of backup that includes only new files or files that have changed since the last full backup

Answer 100

differential backup