400

Question 1

Anything that occurs after the fact - such as an audit or review

Answer 1

postmortem

Question 2

Controls intended to prevent attacks or intrusions

Answer 2

preventive controls

Question 3

A state of security in which information isn’t seen by unauthorized parties without the express permission of the party involved

Answer 3

privacy

Question 4

Screens that restrict viewing of monitors to only those sitting in front of them

Answer 4

privacy filters

Question 5

A cloud delivery model owned and managed internally

Answer 5

private cloud

Question 6

An asymmetric encryption technology in which both the sender and the receiver have different keys

Answer 6

private key

Question 7

The result when a user obtains access to a resource they wouldn’t

Answer 7

privilege escalation

Question 8

The likelihood of something occurring

Answer 8

probability

Question 9

A mode wherein a network interface card (NIC) intercepts all traffic crossing the network wire and not just the traffic intended for it

Answer 9

promiscuous mode

Question 10

A network in which physical network security has been substituted for encryption security

Answer 10

protected distribution system (PDS)

Question 11

An authentication protocol that replaces LEAP and for which there is native support in Windows

Answer 11

Protected Extensible Authentication Protocol (PEAP)

Question 12

A software and hardware troubleshooting tool that is used to decode protocol information to try to determine the source of a network problem and to establish baselines

Answer 12

protocol analyzer

Question 13

Cards that can be read by being near a reader

Answer 13

proximity cards

Question 14

Readers capable of working with proximity cards

Answer 14

proximity readers

Question 15

A type of system that prevents direct communication between a client and a host by acting as an intermediarty

Answer 15

proxy

Question 16

A proxy server that also acts as a firewall - blocking network access from external networks

Answer 16

proxy firewall

Question 17

A type of server that makes a single Internet connection and services requests on behalf of many users

Answer 17

proxy server

Question 18

Cameras that can pan - tilt - and zoom

Answer 18

PTZ

Question 19

A cloud delivery model available to others

Answer 19

public cloud

Question 20

A technology that facilitates encryption using two keys—a public key and a private key- to facilitate communication

Answer 20

public key

Question 21

A set of voluntary standards created by RSA security and industry leaders

Answer 21

Public-Key Cryptography Standards (PKCS)

Question 22

A two-key encryption system wherein messages are encrypted with a private key and decrypted with a public key

Answer 22

public-key infrastructure (PKI)

Question 23

The Internet Engineering Task Force (IETF) working group developing standards and models for the Public Key Infrastructure (PKI) environment

Answer 23

Public-Key Infrastructure X.509 (PKIX)

Question 24

A collection of technologies that provide the ability to balance network traffic and prioritize workloads

Answer 24

QoS (quality of service)

Question 25

Used in risk management - it involves measuring the quality of something (as opposed to the quantity)

Answer 25

qualitative

Question 26

Numerically measuring the quantity of something (as opposed to the quality)

Answer 26

quantitative

Question 27

Cryptography based on changing the polarity of a photon

Answer 27

quantum cryptography

Question 28

The byproduct of electrical processes - similar to electromagnetic interference

Answer 28

radio frequency interference (RFI

Question 29

A table of hashed phrases/words that can be used in a password attack

Answer 29

rainbow table

Question 30

Software that demands payment before restoring the data or system infected

Answer 30

ransomware

Question 31

Within business continuity planning - this is the point of maximum tolerable loss for a system due to a major incident

Answer 31

recovery point objective (RPO)

Question 32

The maximum amount of time that a process or service is allowed to be down and the consequences still to be considered acceptable

Answer 32

recovery time objective (RTO)

Question 33

A configuration of multiple hard disks used to provide fault tolerance should a disk fail

Answer 33

Redundant Array of Independent Disks (RAID)

Question 34

An organization that offloads some of the work from a certificate authority (CA)

Answer 34

registration authority (RA)

Question 35

A database technology that allows data to be viewed in dynamic way based on the users or administrators needs

Answer 35

relational database

Question 36

A computer that has one or more connections installed to enable remote connections to the network

Answer 36

Remote Access Services (RAS)

Question 37

A networking protocol that allows authentication of dial-in and other network connections

Answer 37

Remote Authentication Dial-In User Service (RADIUS)

Question 38

A protocol used to allow remote desktop connections

Answer 38

Remote Desktop Protocol (RDP

Question 39

A programming interface that allows a remote computer to run programs on a local machine

Answer 39

Remote Procedure Call (RPC)

Question 40

The process of sending a command to remotely clear data

Answer 40

remote wipe

Question 41

An attack that captures portions of a session to play back later to convince a host that it is still talking to the original connection

Answer 41

replay attack

Question 42

A database or database server where the certificates are stored

Answer 42

repository

Question 43

A document-creation process and a set of practices that originated in 1969 and is used for proposed changes to internet standards

Answer 43

Request for Comments (RFC)

Question 44

Information that isn’t made available to all and to which access is granted based on some criteria

Answer 44

restricted information

Question 45

A virus that attacks or bypasses the antivirus software installed on a computer

Answer 45

retrovirus

Question 46

A strategy of dealing with risk in which it is decided the best approach is simply to accept that the risk exists

Answer 46

risk acceptance

Question 47

An evaluation of each risk that can be identified

Answer 47

risk analysis

Question 48

An evaluation of how much risk you and your organization are willing to take

Answer 48

risk assessment

Question 49

A strategy of dealing with risk in which it is decided that the best approach is to avoid the risk

Answer 49

risk avoidance

Question 50

The process of calculating the risks that exist

Answer 50

risk calculation

Question 51

A strategy of dealing with risk in which it is decided that the best approach is to discourage potential attackers from engaging in the behavior that leads to the risk

Answer 51

risk deterrence

Question 52

A strategy of dealing with risk in which it is decided that the best approach is too lessen the risk

Answer 52

risk mitigation

Question 53

A strategy of dealing with risk in which it is decided that the best approach is to offload some of the risk

Answer 53

risk transference

Question 54

An unauthorized wireless access point on a network

Answer 54

rogue access points

Question 55

A form of malware that tries to convince the user to pay for a fake threat

Answer 55

rogueware

Question 56

A type of control wherein the levels of security closely follow the structure of an organization

Answer 56

Role-Based Access Control (RBAC)

Question 57

Software program that has the ability to obtain root-level access and hide certain things from the operating system

Answer 57

rootkit

Question 58

A device that connects two or more networks and allows packets to be transmitted and received between them

Answer 58

router

Question 59

The current Microsoft server service for Windows-based clients that offers the ability to connect to remote systems

Answer 59

Routing and Remote Access Services (RRAS)

Question 60

One of the providers of cryptography systems to industry and government

Answer 60

RSA

Question 61

Access control method that uses the settings in preconfigured security policies to make all decisions

Answer 61

Rule-Based Access Control (RBAC)

Question 62

A separate network set up to appear as a server to the main organizational network

Answer 62

SAN (storage area network)

Question 63

Isolating applications to keep users of them from venturing to other data

Answer 63

sandboxing

Question 64

Software that tries to convince unsuspecting users that a threat exists

Answer 64

scareware

Question 65

The section of a guideline that provides an overview and statement of the guidelines intent

Answer 65

scope and purpose

Question 66

The portion of the policy outlining what it intends to accomplish and which documents - laws - and practices the policy addresses

Answer 66

scope statement

Question 67

A replacement for FTP that allows secure copying of files from one host to another

Answer 67

Secure Copy (SCP)

Question 68

A protocol developed by Visa and MasterCard for secure credit card transactions

Answer 68

Secure Electronic Transaction (SET)

Question 69

A one-way hash algorithm designed to ensure the integrity of a message

Answer 69

Secure Hash Algorithm (SHA)

Question 70

A protocol used for secure communications between a web server and a web browser

Answer 70

Secure Hypertext Transport Protocol (S-HTTP)

Question 71

A protocol used for secure communications between email servers

Answer 71

Secure Multipurpose Internet Mail Extensions (S/MIME)

Question 72

A replacement for rlogin in Unix/Linux that includes security

Answer 72

Secure Shell (SSH)

Question 73

A protocol that secures messages by operating between the Application layer(HTTP) and the Transport layer

Answer 73

Secure Sockets Layer (SSL)

Question 74

Looking for weaknesses through interviews - examinations - and testing of systems

Answer 74

security control testing (SCT)

Question 75

Policies related to security

Answer 75

security policies

Question 76

A piece of data that contains the rights and access privileges of the token bearer as part of the token

Answer 76

security token

Question 77

A method of isolating a system from other systems or networks

Answer 77

security zone

Question 78

The IDS component that collects data from the data source and passes it to the analyzer for analysis

Answer 78

sensor

Question 79

Operating system updates from Microsoft

Answer 79

service pack

Question 80

An agreement that specifies performance requirements for a vendor

Answer 80

service-level agreement (SLA)

Question 81

Protective coating around wiring often intended to protect it from interference

Answer 81

shielding

Question 82

Watching someone when they enter their username - password - or sensitive data

Answer 82

shoulder surfing

Question 83

The process of ignoring an attack

Answer 83

shunning

Question 84

A system that acts based on the digital signature it sees

Answer 84

signature-based system

Question 85

A protocol for sending email between SMTP servers

Answer 85

Simple Mail Transfer Protocol (SMTP)

Question 86

The management protocol created for sending information about the health of the network-to-network management consoles

Answer 86

Simple Network Management Protocol (SNMP)

Question 87

The cost of a single loss when it occurs

Answer 87

single loss expectancy (SLE)

Question 88

A weakness that brings a system down

Answer 88

single point of failure (SPOF)

Question 89

A relationship between the client and the network wherein the client is allowed to log on one time - and all resource access is based on that logon (as opposed to needing to log on to each individual server to access the resources there)

Answer 89

single sign-on (SSO)

Question 90

Authentication based on a single factor (a password - for example)

Answer 90

single-factor authentication (SFA)

Question 91

A database model in which the database and the application exist on a single system

Answer 91

single-tier environment

Question 92

A generic site survey involves listening in on an existing wireless network using commercially available technologies

Answer 92

site survey

Question 93

A physical card used for access control and security purposes

Answer 93

smart card

Question 94

An attack in which large volumes of ICMP echo requests (pings) are broadcast to all other machines on the network and in which the source address of the broadcast system has been spoofed to appear as though it came from the target computer

Answer 94

smurf attack

Question 95

Image of a virtual machine at a moment in time

Answer 95

snapshot

Question 96

A physical device that listens in (sniffs) on network traffic and looks for items it can make sense of

Answer 96

sniffer

Question 97

Analyzing data to look for passwords and anything else of value

Answer 97

sniffing

Question 98

An attack that uses others by deceiving them

Answer 98

social engineering

Question 99

A model of cloud computing in which the consumer can use the provider’s applications but they do not manage or control any of the underlying cloud infrastructure

Answer 99

Software as a Service (SaaS)

Question 100

Unwanted - unsolicited email sent in bulk

Answer 100

spam