A

Question 1

Acceptable Use Policy (AUP)

Answer 1

A document that provides network and system users with a clear direction on permissible uses of information resources.

Question 2

Access badges

Answer 2

Used for entry access via magnetic stripe and radio frequency ID access system and when including a picture, allows personal to determine if the person is who they say they are.

Question 3

Access control list (ACL)

Answer 3

Rule that either permits or denies actions?

Question 4

What does ACL mean?

Answer 4

Access control list (ACL) and it is a rule that either permits or denies actions.

Question 5

Access restrictions

Answer 5

Security measures that limit the ability of individuals or systems to access sensitive information or resources.

Question 6

Account Lockout

Answer 6

Accounts are often locked out after failed login attempts. Maybe an indictor of compromised because of brute force.

Question 7

Acknowledgement

Answer 7

Ensuring that employees and business partners state that they are aware of the compliance requirements.

Question 8

Active/active load balancer

Answer 8

A kind of load balancer that brings backup or secondary systems online when an active system is removed or fails to respond properly to a health check. 2

Question 9

Active reconnaissance

Answer 9

A technique that directly engages the target in intelligence gathering.

Question 10

Ad Hoc reports

Answer 10

Reports that are produced as needed

Question 11

Ad Hoc risk assessment

Answer 11

Conducted in response to a specific event or situation.

Question 12

802.1X

Answer 12

The IEEE standard that defines port-based security for network access control 2

Question 13

Adaptive identity

Answer 13

Often called adaptive authentication, it leverages context-based authentication that considers data points like where the user is logging in from, what device they are logging in from, and whether the device meets security and configuration requirements. 3

Question 14

Address resolution protocol (ARP)

Answer 14

A protocol that provides translations between MAC addresses and IP addresses on a local network.

Question 15

Adversarial artificial intelligence (AI)

Answer 15

The use of artificial intelligence techniques by attackers for malicious purposes.

Question 16

Adversary tactics, techniques, and procedures (TTPs)

Answer 16

The study of the methods used by cyber security adversaries when engaging in attacks. 3

Question 17

Agents

Answer 17

Software that is deployed to endpoints allowing them to perform actions or to be controlled by central server or services. 3

Question 18

Agent based scanning

Answer 18

The use of software agents installed on target devices to assist with vulnerability scans.

Question 19

Agile

Answer 19

A software development model that is both iterative and incremental.

Question 20

Agility

Answer 20

The speed to provision cloud resource and ability to use them for short periods of time.

Question 21

Advance Persistent Threats (APT)

Answer 21

Cybersecurity adversary characterized by a sophisticated series of related attacks taking placed over an extended period of time.3

Question 22

Air gapped

Answer 22

A design that physically separates network segments, preventing network connectivity between those segments.

Question 23

Algorithm

Answer 23

A set of rules, that dictates how enciphering and deciphering process are to take place.

Question 24

Allow listing

Answer 24

The most effective form of input validation in which the developer describes the exact type of input that is expected from the user and then verifies that the input matches that specification before passing the input to other processes or servers.

Question 25

Alteration

Answer 25

The unauthorized modification of information and validation of the principles of integrity.

Question 26

Amplified denial of serice attacks

Answer 26

An amplified denial of service attack takes advantage of protocols that allow a small query to return large results like a DNS query. 4

Question 27

Annualized loss expectancy (ALE)

Answer 27

The possible yearly cost of all instances of a specific realized threat against a specific asset. THE ALE is calculated using the formula ALE=Single loss expectancy (SLE) *Annualized rate of occurrence (ARO)

Question 28

Annualized Rate of Occurrence ARO

Answer 28

Annualized Rate of Occurrence ARO- The expected frequency that a specific threat or risk will occur within a single year.

Question 29

Anomalous behavior recognition

Answer 29

Employees should be able to recognize when risky, unexpected, and or unintentional behavior takes place. 4

Question 30

Anomaly detection

Answer 30

A method of detecting abnormal or malicious events by looking for abnormal occurrences or violations of specified rules. 4

Question 31

API-based CASB solution

Answer 31

Cloud access security broker solutions do not interact directly with the user but rather interact directly with the cloud provider through the providers API 4

Question 32

API inspection

Answer 32

A technology that scrutinizes API requests for security issues.

Question 33

Application programming interfaces (API)

Answer 33

Application programming interfaces (API)- API’s allow application developers to interact directly with a web service through function calls. 4

Question 34

Assessment

Answer 34

Reviews of security controls that are typically requested by the security organization itself in an effort to engage in process improvement. 4

Question 35

Assest Critically

Answer 35

Determination of the importance of an asset to the business. 4

Question 36

Assest Inventory

Answer 36

Systematic method of tracking hardware, software, and information assets owned by an organization. 4

Question 37

Asset management

Answer 37

A process that the organization will follow for accepting new assets into inventory, tracking those assets over their life time, and properly disposing of them at the end of the useful life. 4

Question 38

Asset Value AV

Answer 38

Asset Value (AV)– A dollar value assigned to an asset based on actual cost and nonmonetary expenses. 4

Question 39

Asymmetric Key Algorithms

Answer 39

Cryptographic algorithms that use two different keys: one key to encrypt and another to decrypt. Also called public key cryptography.

Question 40

ATT & CK

Answer 40

A public knowledge based describing adversarial techniques and tactics maintained by MITRE

Question 41

Attack Complexity Metric (AC)

Answer 41

Attack Complexity Metric (AC)- A metric that describes the difficulty of exploiting a vulnerability. 5

Question 42

Attack Surface

Answer 42

A system, application, or service that contains a vulnerability that might be exploited. 5

Question 43

Attestation

Answer 43

A primary outcome of an audit by an auditor, It is a formal statement that the auditors have reviewed the controls and found that they are both adequate to meet the control objectives and working properly. 5

Question 44

Attack Vector Metric (AV)

Answer 44

Attack Vector Metric (AV)- A metric that describes how an attacker would exploit a vulnerability.5

Question 45

Attribute based access control (ABAC)

Answer 45

Attribute based access control (ABAC)- An advance implementation of a rule based access control model that uses polices that include multiple attributes for rules. 5

Question 46

Auditability

Answer 46

Cloud computing contracts should include language guaranteeing the right of the customer to audit cloud service providers. 5

Question 47

Audits

Answer 47

Formal reviews of an organization’s security program or specific compliance issues conducted on behalf of a third party.

Question 48

Authentication

Answer 48

Verifies the claimed identity of system users and is a major function of Cryptosystems. 5

Question 49

Authentication Header (AH)

Answer 49

Authentication Header (AH)- Uses hashing and a shared secret key to ensure integrity of data and validates senders by authenticating the IP packets that are sent. AH can ensure that IP payload and headers are protected. 5

Question 50

Authority

Answer 50

A Key principle that relies on the fact that most people will obey someone who appears to be in charge or knowledgeable, whether or not they are. 5

Question 51

Authorized attackers

Answer 51

hackers who act with authorization and seek to discover security vulnerabilities with the intent of correcting them . 5

Question 52

Availability

Answer 52

Ensures that information and systems are ready to meet the needs of legitimate users at the time those users request them. 5

Question 53

Availability Metric (A)

Answer 53

Availability Metric (A) - A metric that describes the type of distribution that might occur if an attacker successfully exploits a vulnerability. 5