500 Flashcards
Filters that try to eliminate unwanted - unsolicited email sent in bulk
spam filters
A form of phishing in which the message is made to look as if it came from someone you know and trust as opposed to an informal third party
spear phishing
An attempt by someone or something to masquerade as someone/something else
spoofing
Software programs that work—often actively—on behalf of a third party
spyware
A replacement for FTP that allows secure copying of files from one host to another
SSH File Transfer Protocol (SFTP)
An access point’s broadcasting of the network name
SSID broadcast
Derived from policies - a standard deals with specific issues or aspects of a business
standard
Inspections that occur at all levels of the network and provide additional security using a state table that tracks every communication channel
stateful inspection
A virus that attempts to avoid detection by masking itself from applications
stealth virus
The science of hiding information within other information - such as a picture
steganography
A method of encryption that encrypts streams of data rather than blocks
stream cipher
A database language that allows queries to be configured in real time and passed to database servers
Structured Query Language (SQL)
Using subnet values to divide a network into smaller segments
subnetting
A method of encryption in which one letter or item is substituted for another
substitution cipher
An outline of those internal to the organization who have the ability to step into positions when they open
succession planning
A network device that can replace a router or hub in a local network and get data from a source to a destination
switches
The keys used when the same key encrypts and decrypts data
symmetrical keys
A snapshot of what exists
system image
An exercise that involves individuals sitting around a table with a facilitator discussing situations that could arise and how best to respond to them
tabletop exercise
Following someone through an entry point
tailgating
Controls that rely on technology
technical controls
A protocol that functions at the Application layer of the OSI model - providing terminal emulation capabilities
Telnet
A wrapper that works with wireless encryption to strengthen WEP implementations
Temporal Key Integrity Protocol (TKIP)
An authentication system that allows credentials to be accepted from multiple methods - including Kerberos
Terminal Access Controller Access-Control System (TACACS)
Any perceivable risk’s area of attack
threat vector
A database model that effectively isolates the end user from the database by introducing a middle server
three-tier model
A form of trust relationship often used between domains
transitive access
Trust gained because one party (A) trusts another party (B) - which then trusts another party ( C ) Since (B) trusts ( C ) then a relationship can exist where the first party (A) also may trust the third (c )
transitive trusts
The protocol found at the Host-to-Host layer of the Department of Defense (DoD) model
Transmission Control Protocol (TCP)
A protocol whose purpose is to verify that secure communications between a server and a client remain secure
Transport Layer Security (TLS)
An encryption method that involves transposing or scrambling the letters in a certain manner
transposition cipher
A symmetric block cipher algorithm used for encryption
Triple-DES (3DES)
A UDP-based protocol similar to FTP that doesn’t provide the security or error-checking features of FTP
Trivial File Transfer Protocol (TFTP)
Any application that masquerades as one thing in order to get past scrutiny and then does something malicious
Trojan horse
Any operating system that meets the government’s requirement for security
trusted operating system (TOS)
A method of using encryption and storing the passwords on a chip
Trusted Platform Module (TPM)
The act of sending data across a public network by encapsulating it into other packets
tunneling
Using two access methods as a part of the authentication process
two-factor authentication
A database model in which the client workstation or system runs an application that communicates with the database that is running on a different server
two-tier model
Virtualization method that is independent of the operating system and boots before the OS
Type I hypervisor