200 Flashcards
An asymmetric standard for exchanging keys
Diffie-Hellman key exchange
An asymmetrically encrypted signature whose sole purpose is to authenticate the sender
digital signature
An attack that involves navigating to other directories and gaining access to files/directories that would be otherwise restricted
directory traversal attack
The act of recovering data following a disaster that has destroyed it
disaster recovery
A plan outlining the procedure by which data is recovered after a disaster
disaster-recovery plan
A method of restricting access to objects based on the identity of the subjects or the groups to which they belong
Discretionary Access Control (DAC)
Technology that uses two controllers and two disks to keep identical copies of data to prevent the loss of data if one disk fails
disk duplexing
Technology that keeps identical copies of data on two disks to prevent the loss of data if one disk fails
disk mirroring
Technology that enables writing data to multiple disks simultaneously in small portions called stripes
disk striping
A fault-tolerance solution of writing data across a number of disks and recording the parity on another (also known as disk striping with a parity disk) In the event that any of disk fails - the data on it can be re-created by looking at the remaining data and computing parity to figure out the missing data
disk striping with parity
A derivative of a DoS attack in which multiple hosts in multiple locations all focus on one target to reduce its availability to the public
distributed denial-of-service (DDoS)
An attack method in which a daemon caches DNS reply packets - which sometimes contain other information (data used to fill the packets) The extra data can be scanned for information useful in a brea-in or man-in-the-middle attack
DNS poisoning
The DNS server is given information about a name server that it thinks is legitimate when it isn’t
DNS spoofing
The network service used in TCP/IP networks that translates hostnames to IP addresses
Domain Name System (DNS)
A host that resides on more than one network and possesses more than one physical network card
dual-homed firewall
Looking through trash for clues—often in the form of paper scraps—to find users’ passwords and other pertinent information
dumpster diving
A protocol used on a TCP/IP network to send client configuration data - including IP address - default gateway - subnet mask - and DNS configuration - to clients
Dynamic Host Configuration Protocol (DHCP)
The IEEE standard that defines port-based security for wireless network access control
EAP over LAN (EAPOL)
Dynamic provisioning of resources as needed
elasticity
The interference that can occur during transmissions over copper cable because of electromagnetic energy outside the cable
electromagnetic interference (EMI)
A device that identifies you electronically in the same way as the cards you carry in your wallet
electronic wallet
A type of public key cryptosystem that requires a shorter key length than many other cryptography systems (including the de facto industry standard - RSA)
Elliptic Curve Cryptography (ECC)
A header used to provide a mix of security services in IPv4 and IPv6
Encapsulating Security Payload (ESP)
The process of enclosing data in a packet
encapsulation
The process of converting data into a form that makes it less likely to be suable to anyone intercepting it if they cant decrypt it
encryption
A string of alphanumeric characters used to decrypt encrypted data
encryption key
The process of luring someone
enticement
The process of encouraging an attacker to perform an act - even if they don’t want to do it
entrapment
A key that exists only for that session
ephemeral key
The act of moving something up in priority
escalation
A level of assurance - expressed as a numeric value - based on standards set by the Common Criterion Recognition Agreement (CCRA)
evaluation assurance levels (EALs)
Any noticeable action or occurrence
event
A statement that differs from the norm
exception statement
An authentication protocol used in wireless networks and point-to-point connections
Extensible Authentication Protocol (EAP)
The process of reconstructing a system or switching over to other systems when failure is detected
failover
An event that should be flagged but isn’t
false negative
A flagged event that isn’t really an event and has been falsely triggered
false positive
An electrically conductive wire mesh or other conductor woven into a “cage” that surrounds a room and prevents electromagnetic signals from entering or leaving the room through the walls
Faraday cage
The ability to withstand a fault (failure) without losing data
fault tolerance
A networking protocol that is not routable at the IP layer and thus cannot work across large networks
FCoE (Fibre Channel over Ethernet)
A set of guidelines for US federal government information systems
Federal Information Processing Standard (FIPS)
A means of linking a user’s identity with their privileges in a manner that can be used across business boundaries
federated identity
A collection of computer networks that agree on standards of operation - such as security standards
federation
A high-speed networking technology
Fibre Channel
Microsoft’s earliest filesystem
File Allocation Table (FAT)
TCP/IP and software that permit transferring files between computer systems and use cleartext passwords
File Transfer Protocol (FTP)
The act of stopping a fire and preventing it from spreading
fire suppression
A combination of hardware and software that protects a network from attack by hackers who could gain access through public networks - including the Internet
firewall
A system that is up and running at least 99.999 percent of the time
five nines availability
The process of systematically identifying the network and its security posture
footprinting
In terms of security - the act of looking at all the data at your disposal to try to figure out who gained unauthorized access and the extent of that access
forensics
A property of any key exchange system that ensures that if one key is compromised - subsequent keys will not also be compromised
forward secrecy
A secure form of FTP
FTP over SSL (FTPS)
A concept that works on the assumption that any information created on any system is stored forever
Full Archival method
A backup that copies all data to the archive medium
full backup
An information classification stating that the data so classified is available to anyone
full distribution
A technique of penetration testing
fuzzing
Vulnerability possible when the interconnection between the WAP server and the Internet isnt encrypted and packets between the devices may be intercepted
gap in the WAP
One of the most popular methods of backup tape rotation
Grandfather - Father - Son method
Virtual machines running on a physical machine
guests
Rules - policies - or procedures that are advisory or nonmandatory
guidelines
The process of making certain that an entity (such as an operating system or application) is as secure as it can be
hardening
A system that bases actions on the heuristics it observes
heuristic system
A newer backup type that provides continuous online backup by using optical or tape jukeboxes
hierarchical storage management (HSM)
A trust model - also known as a tree - in which a root CA at the top provides all of the information
hierarchical trust model
A clustering solution to provide resource reliability and availability
high availability (HA)
A mechanism for message authentication using cryptographic hash functions per the draft of the Federal Information Processing Standards (FIPS) publication
HMAC (Hash-Based Message Authentication Code)
Typically an email message warning of something that isn’t true - such as an outbreak of a new virus
hoax
A bogus system set up to attract and slow down a hacker
honeypot
Any network device with a TCP/IP network address or physical machines running virtual machines
host
An intrusion detection system that is host based
host-based IDS (HIDS)
A server room aisle that removes hot air
hot aisles
A location that can provide operations within hours of a failure
hot site
Another word for a patch
hotfix
A cryptoprocessor chip (or circuit mounted within the computer) that can be used to enhance security and is commonly used with PKI systems
HSM (Hardware Security Module)
A combination of HTTP with Secure Sockets Layer (SSL) that results in a secure connection It uses port 443 by default
HTTP Secure (HTTPS
A password attack that uses a combination of dictionary entries and brute force
hybrid attack
Cloud delivery model that combines other types
hybrid cloud
A trust model that can use the capabilities of any or all of the structures of other trust models
hybrid trust model
A set of codes used to format text and graphics that will be displayed in a browser
Hypertext Markup Language (HTML)
The protocol used for communication between a web server and a web browser
Hypertext Transfer Protocol (HTTP)
Also known as HTTPS and HTTP Secure
Hypertext Transport Protocol over SSL (HTTPS)
The software that allows virtual machines to exist
hypervisor
The process of proofing invoked when a person claims that they are the user but cannot be authenticated - such as when they lose their password
identity proofing
Pretending to be another to gain information
impersonation
A condition that states that unless otherwise given - the permission will be denied
implicit deny
An attempt to violate a security policy - a successful penetration - a compromise of a system - or unauthorized access to information
incident
How an organization responds to an incident
incident response
A policy that defines how an organization will respond to an incident
incident response plan (IRP)
A type of backup in which only new files or files that have changed since the last full backup or the last incremental backup are included
incremental backup
The process of determining what information is accessible to what parties and for what purposes
information classification
A model of cloud computing that utilizes virtualization; clients pay an outsourcer for the resources used
Infrastructure as a Service (IaaS)
Immediate communication that can be sent back and forth between users who are currently logged on
instant messaging (IM)
An international organization that sets standards for various electrical and electronics issues
Institute of Electrical and Electronics Engineers (IEEE)
Putting too much information into too small of a space that has been set aside for numbers
integer overflow
An obstruction to the signal
interference
An information classification stating that the data so classified is limited to internal employees only
internal information
An algorithm that uses a 128-bit key
International Data Encryption Algorithm (IDEA)
Organization responsible for communications standards - spectrum management and the development of communications infrastructures in underveloped nations
International Telecommunications Union (ITU)
The organization responsible for governing IP addresses; its website is www
Internet Assigned Numbers Authority (IANA)
