400 Flashcards
Anything that occurs after the fact - such as an audit or review
postmortem
Controls intended to prevent attacks or intrusions
preventive controls
A state of security in which information isn’t seen by unauthorized parties without the express permission of the party involved
privacy
Screens that restrict viewing of monitors to only those sitting in front of them
privacy filters
A cloud delivery model owned and managed internally
private cloud
An asymmetric encryption technology in which both the sender and the receiver have different keys
private key
The result when a user obtains access to a resource they wouldn’t
privilege escalation
The likelihood of something occurring
probability
A mode wherein a network interface card (NIC) intercepts all traffic crossing the network wire and not just the traffic intended for it
promiscuous mode
A network in which physical network security has been substituted for encryption security
protected distribution system (PDS)
An authentication protocol that replaces LEAP and for which there is native support in Windows
Protected Extensible Authentication Protocol (PEAP)
A software and hardware troubleshooting tool that is used to decode protocol information to try to determine the source of a network problem and to establish baselines
protocol analyzer
Cards that can be read by being near a reader
proximity cards
Readers capable of working with proximity cards
proximity readers
A type of system that prevents direct communication between a client and a host by acting as an intermediarty
proxy
A proxy server that also acts as a firewall - blocking network access from external networks
proxy firewall
A type of server that makes a single Internet connection and services requests on behalf of many users
proxy server
Cameras that can pan - tilt - and zoom
PTZ
A cloud delivery model available to others
public cloud
A technology that facilitates encryption using two keys—a public key and a private key- to facilitate communication
public key
A set of voluntary standards created by RSA security and industry leaders
Public-Key Cryptography Standards (PKCS)
A two-key encryption system wherein messages are encrypted with a private key and decrypted with a public key
public-key infrastructure (PKI)
The Internet Engineering Task Force (IETF) working group developing standards and models for the Public Key Infrastructure (PKI) environment
Public-Key Infrastructure X.509 (PKIX)
A collection of technologies that provide the ability to balance network traffic and prioritize workloads
QoS (quality of service)
Used in risk management - it involves measuring the quality of something (as opposed to the quantity)
qualitative
Numerically measuring the quantity of something (as opposed to the quality)
quantitative
Cryptography based on changing the polarity of a photon
quantum cryptography
The byproduct of electrical processes - similar to electromagnetic interference
radio frequency interference (RFI
A table of hashed phrases/words that can be used in a password attack
rainbow table
Software that demands payment before restoring the data or system infected
ransomware
Within business continuity planning - this is the point of maximum tolerable loss for a system due to a major incident
recovery point objective (RPO)
The maximum amount of time that a process or service is allowed to be down and the consequences still to be considered acceptable
recovery time objective (RTO)
A configuration of multiple hard disks used to provide fault tolerance should a disk fail
Redundant Array of Independent Disks (RAID)
An organization that offloads some of the work from a certificate authority (CA)
registration authority (RA)
A database technology that allows data to be viewed in dynamic way based on the users or administrators needs
relational database
A computer that has one or more connections installed to enable remote connections to the network
Remote Access Services (RAS)
A networking protocol that allows authentication of dial-in and other network connections
Remote Authentication Dial-In User Service (RADIUS)
A protocol used to allow remote desktop connections
Remote Desktop Protocol (RDP
A programming interface that allows a remote computer to run programs on a local machine
Remote Procedure Call (RPC)
The process of sending a command to remotely clear data
remote wipe
An attack that captures portions of a session to play back later to convince a host that it is still talking to the original connection
replay attack
A database or database server where the certificates are stored
repository
A document-creation process and a set of practices that originated in 1969 and is used for proposed changes to internet standards
Request for Comments (RFC)
Information that isn’t made available to all and to which access is granted based on some criteria
restricted information
A virus that attacks or bypasses the antivirus software installed on a computer
retrovirus
A strategy of dealing with risk in which it is decided the best approach is simply to accept that the risk exists
risk acceptance
An evaluation of each risk that can be identified
risk analysis
An evaluation of how much risk you and your organization are willing to take
risk assessment
A strategy of dealing with risk in which it is decided that the best approach is to avoid the risk
risk avoidance
The process of calculating the risks that exist
risk calculation
A strategy of dealing with risk in which it is decided that the best approach is to discourage potential attackers from engaging in the behavior that leads to the risk
risk deterrence
A strategy of dealing with risk in which it is decided that the best approach is too lessen the risk
risk mitigation
A strategy of dealing with risk in which it is decided that the best approach is to offload some of the risk
risk transference
An unauthorized wireless access point on a network
rogue access points
A form of malware that tries to convince the user to pay for a fake threat
rogueware
A type of control wherein the levels of security closely follow the structure of an organization
Role-Based Access Control (RBAC)
Software program that has the ability to obtain root-level access and hide certain things from the operating system
rootkit
A device that connects two or more networks and allows packets to be transmitted and received between them
router
The current Microsoft server service for Windows-based clients that offers the ability to connect to remote systems
Routing and Remote Access Services (RRAS)
One of the providers of cryptography systems to industry and government
RSA
Access control method that uses the settings in preconfigured security policies to make all decisions
Rule-Based Access Control (RBAC)
A separate network set up to appear as a server to the main organizational network
SAN (storage area network)
Isolating applications to keep users of them from venturing to other data
sandboxing
Software that tries to convince unsuspecting users that a threat exists
scareware
The section of a guideline that provides an overview and statement of the guidelines intent
scope and purpose
The portion of the policy outlining what it intends to accomplish and which documents - laws - and practices the policy addresses
scope statement
A replacement for FTP that allows secure copying of files from one host to another
Secure Copy (SCP)
A protocol developed by Visa and MasterCard for secure credit card transactions
Secure Electronic Transaction (SET)
A one-way hash algorithm designed to ensure the integrity of a message
Secure Hash Algorithm (SHA)
A protocol used for secure communications between a web server and a web browser
Secure Hypertext Transport Protocol (S-HTTP)
A protocol used for secure communications between email servers
Secure Multipurpose Internet Mail Extensions (S/MIME)
A replacement for rlogin in Unix/Linux that includes security
Secure Shell (SSH)
A protocol that secures messages by operating between the Application layer(HTTP) and the Transport layer
Secure Sockets Layer (SSL)
Looking for weaknesses through interviews - examinations - and testing of systems
security control testing (SCT)
Policies related to security
security policies
A piece of data that contains the rights and access privileges of the token bearer as part of the token
security token
A method of isolating a system from other systems or networks
security zone
The IDS component that collects data from the data source and passes it to the analyzer for analysis
sensor
Operating system updates from Microsoft
service pack
An agreement that specifies performance requirements for a vendor
service-level agreement (SLA)
Protective coating around wiring often intended to protect it from interference
shielding
Watching someone when they enter their username - password - or sensitive data
shoulder surfing
The process of ignoring an attack
shunning
A system that acts based on the digital signature it sees
signature-based system
A protocol for sending email between SMTP servers
Simple Mail Transfer Protocol (SMTP)
The management protocol created for sending information about the health of the network-to-network management consoles
Simple Network Management Protocol (SNMP)
The cost of a single loss when it occurs
single loss expectancy (SLE)
A weakness that brings a system down
single point of failure (SPOF)
A relationship between the client and the network wherein the client is allowed to log on one time - and all resource access is based on that logon (as opposed to needing to log on to each individual server to access the resources there)
single sign-on (SSO)
Authentication based on a single factor (a password - for example)
single-factor authentication (SFA)
A database model in which the database and the application exist on a single system
single-tier environment
A generic site survey involves listening in on an existing wireless network using commercially available technologies
site survey
A physical card used for access control and security purposes
smart card
An attack in which large volumes of ICMP echo requests (pings) are broadcast to all other machines on the network and in which the source address of the broadcast system has been spoofed to appear as though it came from the target computer
smurf attack
Image of a virtual machine at a moment in time
snapshot
A physical device that listens in (sniffs) on network traffic and looks for items it can make sense of
sniffer
Analyzing data to look for passwords and anything else of value
sniffing
An attack that uses others by deceiving them
social engineering
A model of cloud computing in which the consumer can use the provider’s applications but they do not manage or control any of the underlying cloud infrastructure
Software as a Service (SaaS)
Unwanted - unsolicited email sent in bulk
spam
