500

Question 1

Filters that try to eliminate unwanted - unsolicited email sent in bulk

Answer 1

spam filters

Question 2

A form of phishing in which the message is made to look as if it came from someone you know and trust as opposed to an informal third party

Answer 2

spear phishing

Question 3

An attempt by someone or something to masquerade as someone/something else

Answer 3

spoofing

Question 4

Software programs that work—often actively—on behalf of a third party

Answer 4

spyware

Question 5

A replacement for FTP that allows secure copying of files from one host to another

Answer 5

SSH File Transfer Protocol (SFTP)

Question 6

An access point’s broadcasting of the network name

Answer 6

SSID broadcast

Question 7

Derived from policies - a standard deals with specific issues or aspects of a business

Answer 7

standard

Question 8

Inspections that occur at all levels of the network and provide additional security using a state table that tracks every communication channel

Answer 8

stateful inspection

Question 9

A virus that attempts to avoid detection by masking itself from applications

Answer 9

stealth virus

Question 10

The science of hiding information within other information - such as a picture

Answer 10

steganography

Question 11

A method of encryption that encrypts streams of data rather than blocks

Answer 11

stream cipher

Question 12

A database language that allows queries to be configured in real time and passed to database servers

Answer 12

Structured Query Language (SQL)

Question 13

Using subnet values to divide a network into smaller segments

Answer 13

subnetting

Question 14

A method of encryption in which one letter or item is substituted for another

Answer 14

substitution cipher

Question 15

An outline of those internal to the organization who have the ability to step into positions when they open

Answer 15

succession planning

Question 16

A network device that can replace a router or hub in a local network and get data from a source to a destination

Answer 16

switches

Question 17

The keys used when the same key encrypts and decrypts data

Answer 17

symmetrical keys

Question 18

A snapshot of what exists

Answer 18

system image

Question 19

An exercise that involves individuals sitting around a table with a facilitator discussing situations that could arise and how best to respond to them

Answer 19

tabletop exercise

Question 20

Following someone through an entry point

Answer 20

tailgating

Question 21

Controls that rely on technology

Answer 21

technical controls

Question 22

A protocol that functions at the Application layer of the OSI model - providing terminal emulation capabilities

Answer 22

Telnet

Question 23

A wrapper that works with wireless encryption to strengthen WEP implementations

Answer 23

Temporal Key Integrity Protocol (TKIP)

Question 24

An authentication system that allows credentials to be accepted from multiple methods - including Kerberos

Answer 24

Terminal Access Controller Access-Control System (TACACS)

Question 25

Any perceivable risk’s area of attack

Answer 25

threat vector

Question 26

A database model that effectively isolates the end user from the database by introducing a middle server

Answer 26

three-tier model

Question 27

A form of trust relationship often used between domains

Answer 27

transitive access

Question 28

Trust gained because one party (A) trusts another party (B) - which then trusts another party ( C ) Since (B) trusts ( C ) then a relationship can exist where the first party (A) also may trust the third (c )

Answer 28

transitive trusts

Question 29

The protocol found at the Host-to-Host layer of the Department of Defense (DoD) model

Answer 29

Transmission Control Protocol (TCP)

Question 30

A protocol whose purpose is to verify that secure communications between a server and a client remain secure

Answer 30

Transport Layer Security (TLS)

Question 31

An encryption method that involves transposing or scrambling the letters in a certain manner

Answer 31

transposition cipher

Question 32

A symmetric block cipher algorithm used for encryption

Answer 32

Triple-DES (3DES)

Question 33

A UDP-based protocol similar to FTP that doesn’t provide the security or error-checking features of FTP

Answer 33

Trivial File Transfer Protocol (TFTP)

Question 34

Any application that masquerades as one thing in order to get past scrutiny and then does something malicious

Answer 34

Trojan horse

Question 35

Any operating system that meets the government’s requirement for security

Answer 35

trusted operating system (TOS)

Question 36

A method of using encryption and storing the passwords on a chip

Answer 36

Trusted Platform Module (TPM)

Question 37

The act of sending data across a public network by encapsulating it into other packets

Answer 37

tunneling

Question 38

Using two access methods as a part of the authentication process

Answer 38

two-factor authentication

Question 39

A database model in which the client workstation or system runs an application that communicates with the database that is running on a different server

Answer 39

two-tier model

Question 40

Virtualization method that is independent of the operating system and boots before the OS

Answer 40

Type I hypervisor

Question 41

Virtualization method that is dependent on the operating system

Answer 41

Type II hypervisor

Question 42

Creating domains that are based on the misspelling of another

Answer 42

typo squatting

Question 43

A device that can provide short-term power - usually by using batteries

Answer 43

uninterruptible power supply (UPS)

Question 44

Registering domains that are similar to those for a known entity but based on a misspelling or typographical error

Answer 44

URL hijacking

Question 45

The protocol at the Host-to-Host layer of the TCP/IP Department of Defense (DoD)model - which corresponds to the Transport layer of the OSI model

Answer 45

User Datagram Protocol (UDP)

Question 46

Eavesdropping on CRT and LCD displays by detecting their electromagnetic emissions

Answer 46

Van Eck phreaking

Question 47

A multialphabet substitution cipher

Answer 47

Vigenère cipher

Question 48

A local area network (LAN) that allows users on different switch ports to participate in their own network - separate from but still connected to the other stations on the same or a connected switch

Answer 48

virtual local area network (VLAN)

Question 49

A system that uses the public Internet as a backbone for a private interconnection (network) between locations

Answer 49

virtual private network (VPN)

Question 50

Emulating one or more physical computers on the same host

Answer 50

virtualization

Question 51

A program intended to damage a computer system

Answer 51

virus

Question 52

Combining phishing with Voice over IP (VoIP)

Answer 52

vishing

Question 53

The amount of time that you have to collect certain data before a window of opportunity is gone

Answer 53

volatility

Question 54

Identifying specific vulnerabilities in your network

Answer 54

vulnerability scanning

Question 55

Markings left - often written in chalk - by those who discover a vulnerability that provides a way into the wireless network

Answer 55

war chalking

Question 56

Driving around with a laptop looking for open wireless access points with which to communicate

Answer 56

war driving

Question 57

A site that provides some capabilities in the event of a disaster

Answer 57

warm site

Question 58

Identifying a site that is visited by those that they are targeting -

Answer 58

watering hole attack

Question 59

A firewall that can look at every request between a web client and a web server and identify possible attacks

Answer 59

web application firewall (WAF)

Question 60

Another term for social engineering

Answer 60

wetware

Question 61

Phishing only large accounts

Answer 61

whaling

Question 62

A wireless network operating in the 2.4 GHz or 5 GHz range

Answer 62

Wi-Fi

Question 63

The second version of WPA

Answer 63

Wi-Fi Protected Access 2 (WPA2)

Question 64

An authentication process that requires the user to do something in order to complete the enrollment process

Answer 64

Wi-Fi Protected Setup (WPS)

Question 65

A Microsoft API used to interact with TCP/IP

Answer 65

Windows Sockets (Winsock) API

Question 66

A security protocol for 802.11b (wireless) networks that attempts to establish the same security for them as would be present in a wired network

Answer 66

Wired Equivalent Privacy (WEP)

Question 67

A connection device used for clients in a radio frequency (RF) network

Answer 67

wireless access point

Question 68

Technology designed for use with wireless devices

Answer 68

Wireless Application Protocol (WAP)

Question 69

Language used for Internet displays WAP-enabled devices can also respond to script

Answer 69

Wireless Markup Language (WML)

Question 70

The security layer of the Wireless Applications Protocol (WAP) WTLS provides authentication - encryption - and data integrity for wireless devices

Answer 70

Wireless Transport Layer Security (WTLS)

Question 71

The copy of the data currently in use on a network

Answer 71

working copy backup

Question 72

An association concerned with interoperability - growth - and standardization of the World Wide Web (WWW) This group is the primary sponsor of XM: and other web-enabled technologies

Answer 72

World Wide Web Consortium (W3C)

Question 73

The working group formed by the IETF to develop standards and models for the PKI environment

Answer 73

X.509

Question 74

An advanced attack that tries to get around detection and send a packet with every single option enabled

Answer 74

Xmas attack

Question 75

A specification designed to allow XMLbased programs access to PKI services

Answer 75

XML Key Management Specification (XKMS)

Question 76

An attack that begins the very day an exploit is discovered

Answer 76

zero-day exploit

Question 77

Any system taking directions from a master control computer

Answer 77

zombie

Question 78

Port 23

Answer 78

Telnet

Question 79

Port: 20 - 21

Answer 79

FTP – File Transport Protocol

Question 80

Port: 22

Answer 80

SSH – Secure Shell

Question 81

Port: 23

Answer 81

Telnet

Question 82

Port: 25

Answer 82

SMTP – Simple Mail Transport Protocol

Question 83

Port: 53

Answer 83

DNS – Domain Name System

Question 84

Port: 67 - 68

Answer 84

DHCP – Dynamic Host Configuration Protocol

Question 85

Port: 69

Answer 85

TFTP – Trivial File Transport Protocol

Question 86

Port: 80

Answer 86

HTTP – Hypertext Transfer Protocol

Question 87

Port: 443

Answer 87

HTTPS – Hypertext Transfer Protocol Secure

Question 88

Port: 443

Answer 88

SSL VPN – Secure Sockets Layer virtual private network

Question 89

Port: 110

Answer 89

POP3 – Post Office Protocol version 3

Question 90

Port: 123

Answer 90

NTP – Network Time Protocol

Question 91

Port: 143

Answer 91

IMAP4 – Internet message access protocol version 4

Question 92

Port: 161

Answer 92

SNMP – Simple Network Management Protocol

Question 93

Port: 500

Answer 93

IPsec – Internet Protocol security (through the use of ISAKMP – Internet Security Association and Key Management Protocol)

Question 94

Port: 3389

Answer 94

RDP – Remote Desktop Protocol

Question 95

Secure file transfers via SSL?

Answer 95

FTPS (via 990)

Question 96

Backdoor port

Answer 96

1337

Question 97

Port 88

Answer 97

kerberos

Question 98

Name 3 block cipher algorithms

Answer 98

3des - aes - blowfish

Question 99

Use low bandwidth connections to direct botnets to DDoS users

Answer 99

Smurf

Question 100

Uses the Diffie-Hellman algorithm as its required (and currently - its only defined) key-exchange method.

Answer 100

SSH-2