A-D

Question 1

Acceptable Interruption Window

Answer 1

The maximum period of time that a system can be unavailable before compromising the achievement of the enterprise’s business objective.

Question 2

Acceptable use policy

Answer 2

A policy that establishes an agreement between users and the enterprise and defines for all parties’ the ranges of use that are approved before gaining access to a network or Internet

Question 3

Access control list (ACL)

Answer 3

An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals. (aka access control tables)

Question 4

Access path

Answer 4

logical route that an end user takes to access computerized information. Typically includes a route through the operating system, telecommunications software, selected application software and the access control system.

Question 5

Accountability

Answer 5

the ability to map a given activity or event back to the responsible party.

Question 6

Advanced Encryption Standard (AES)

Answer 6

A public algorithm that support keys from 128 bits to 256 bits in size

Question 7

Advanced persistent threat (APT)

Answer 7

An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives using multiple attack vectors

1. Pursues its objectives repeatedly over an extended period of time
2. adapts to defenders’ efforts to resist it
3. is determined to maintain the level of interaction needed to execute its objectives.

Question 8

Adversary

Answer 8

A threat agent

Question 9

Adware

Answer 9

A software package that automatically plays, displays or downloads advertising materials to a computer after the software is installed on its or while the application is being used. In most cases, this is done without any notification to the user or without the user’s consent. The term adware may also refer to software that displays advertisements whether or not it does so with the user’s consent such programs display advertisements as an alternative to shareware registration fees. These are classified as adware in the sense of advertising supported software, but not as spyware. Adware in this form does not operate surreptitiously or mislead the user, and it provides the user with a specific service.

Question 10

Alert situation

Answer 10

The point in an emergency procedure when the elapsed time passes a threshold and the interruption is not resolved. The enterprise entering into an alert situation initiates a series of escalation steps.

Question 11

Alternate facilities

Answer 11

locations and infrastructures from which emergency or backup processes are executed, when the main premises are unavailable or destroyed; includes other buildings, offices or data processing centers.

Question 12

Alternate process

Answer 12

automatic or manual process designed and established to continue critical business processes from point-of failure to return to normal

Question 13

Analog

Answer 13

transmission signal that varies continuously in amplitude and time and is generated in wave formation; used in telecommunication.

Question 14

Anti-malware

Answer 14

technology widely used to prevent, detect and remove many categories of malware, including computer viruses, worms, trojans, keyloggers, malicious browser plug-ins, adware and spyware

Question 15

application layer

Answer 15

In the Open systems interconnection (OSI) communications model, the application layer provides services for an application program to ensure the effective communication with another application program in a network is possible. The application layer is not the application that is doing the communication; a service layer that provides these services.

Question 16

Asset

Answer 16

Something of either tangible or intangible value that is worth protecting, including people, information, infrastructure, finances, and reputation.

Question 17

Asymmetric key (public key)

Answer 17

A cipher technique in which different cryptographic keys are used to encrypt and decrypt a message.

Question 18

Attack

Answer 18

An actual occurrence of an adverse event.

Question 19

Attack mechanism

Answer 19

method used to deliver the exploit. Unless he attacker is personally performing the attack, an attack mechanism may a payload, or container, that delivers the exploit to the target.

Question 20

Attenuation

Answer 20

Reduction of signal strength during transmission.

Question 21

Audit trail

Answer 21

a visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source.

Question 22

Authentication

Answer 22

The act of verifying the identity of a user’s eligibility to access computerized information. Authentication is designed to protect against fraudulent logon activity. It can also refer to the verification of the correctness of a piece of data.

Question 23

Availability

Answer 23

ensuring timely and reliable access to and use of information.

Question 24

Back door

Answer 24

A means of regaining access to a compromised system by installing software or configuration existing software to enable remote access under attacker-defined conditions

Question 25

Bandwidth

Answer 25

range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or hertz.

Question 26

Bastion

Answer 26

System heavily fortified against attacks

Question 27

Block cipher

Answer 27

A public algorithm that operates on a plaintext in blocks (strings or groups) of bits

Question 28

Botnet

Answer 28

“robot network”; a large automated an distributed network of previously compromised computers that can be simultaneously controlled to launch large-scale attacks such as a denial-of-service attack on selected victims

Question 29

Bridges

Answer 29

data link layer devices developed in the early 1980s to connect local area networks (LANs) or create 2 separate LAN or wide area network (WAN) network segments from a single segment to reduce collision domains. Bridges act as store- and forward device in moving frames toward their destination. This i achieved by analyzing the MAC header of a data packet, which represents the hardware address of an NIC.

Question 30

Brute Force

Answer 30

A class of algorithms that repeatedly try all possible combinations until a solution is found.

Question 31

Buffer overflow

Answer 31

Occurs when a program or process tries to store more data in a buffer (temperory data storage area) than it was intended to hold. Overflown data to adjacent buffers can cause corruption or overwriting of existing data.; increasingly common type of security attack on data integrity; overflown data may contain codes to design to trigger specific actions.

Question 32

Business continuity plan (BCP)

Answer 32

A plan used by an enterprise to respond to disruption of critical business processes.

Question 33

Business impact analysis/ assessment (BIA)

Answer 33

Evaluating the criticality and sensitivity of information assets. An exercise that determines the impact of losing the support of any resource to an enterprise, eestablishes the escalation of that loss over time, identifies the minimum resources needed to recover,, and prioritizes the recovery of processes and the supporting system. This process also includes addressing income loss, unexpected expense, legal issues, interdependent processes, and loss of public reputation or public confidence.

Question 34

Certificate authority (CA)

Answer 34

A trusted third party that serves authentication infrastructures or enterprises and registers entities and issues them certificates.

Question 35

Certificate revocation list (CRL)

Answer 35

An instrument for checking the continued validity of the certificate for which the certificate authority (CA) has responsibility. The CRL details digital certificates that are no longer valid. The time gap between 2 updates is very critical and is also a risk in digital certificates verification.

Question 36

Chain of custody

Answer 36

Legal principle regarding the validity and integrity of evidence. Includes documentation as to who had access to the evidence and when, as well as the ability to identify evidence as being the exact item that was recovered or tested.

Question 37

Checksum

Answer 37

Math value that is assigned to a file and used to “test” the file at a later date to verify that the data contained in the file has not been maliciously changed. Without knowing which cryptographic algorithm was used to create the hash value, it is highly likely that an unauthorized person would be able to change data without changing the corresponding checksum. Used in data transmission and data storage. Aka message authentication codes, integrity check-values, modification detection codes/ message integrity codes.

Question 38

Cipher

Answer 38

An algorithm to perform encryption.

Question 39

Ciphertext

Answer 39

information generation by an encryption algorithm to protect that plaintext and that is unintelligible to the unauthorized unauthorized reader

Question 40

Cleartext

Answer 40

Data that is not encrypted; aka plaintext

Question 41

Cloud computing

Answer 41

Convenient, on-demand network access to a shared pool of resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Question 42

Collision

Answer 42

Situation that occurs when 2 or more demands are made simultaneously on equipment that can handle only one at any given instant.

Question 43

Common Attack Pattern Enumeration and Classification (CAPEC)

Answer 43

A catalog of attack patterns as “an abstraction mechanism for helping describe how an attack against vulnerable systems or networks is executed

Question 44

Compartmentalization

Answer 44

process for protecting very high value assets or in environments where trust is an issue. Access to an asset requires 2 or more processes, controls, or individuals

Question 45

Computer emergency response team (CERT)

Answer 45

A group of people integrated at the enterprise with clear lines of reporting and responsibilities for standby support in case of an information systems emergency. This group will act as an efficient corrective control, and should also act as a single point of contact for all incident and issues related to information systems

Question 46

Confidentiality

Answer 46

preserving authorized restrictions on access and disclosure, including means for protecting privacy and proprietary information

Question 47

Configuration management

Answer 47

control of changes to a set of configuration items over a system life cycle

Question 48

Comsumerization

Answer 48

a new model in which emerging technologies are first embraced by the consumer market and later spread to the business

Question 49

containment

Answer 49

actions taken to limit exposure after an incident has been identified and confirmed.

Question 50

Content filtering

Answer 50

Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed instead of the attributes of the packet itself (e.g. source/ target IP address, transmission control protocol [TCP] flags.

Question 51

Countermeasure

Answer 51

any process that directly reduces a threat or vulnerability

Question 52

Cross-site scripting (XSS)

Answer 52

type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web applicatio uses input from a user within the output it generates without validating or encoding it.

Question 53

Cryptography

Answer 53

act of designing, analyzing and attacking cryptographic schemes

Question 54

Cryptosystem

Answer 54

a pair of algorithms that take a key and covert plaintext to ciphertext and back

Question 55

Cyberwarefare

Answer 55

Activities supported by military organizations with the purpose to threat the survival and well-being of society/ foreign entity.

Question 56

Data classification

Answer 56

assignment of a level of sensitivity of data that results in the specification of controls for each level of classification. Levels of sensitivity of data are assigned according to predefined categories.

Question 57

Data Custodian

Answer 57

individual and department responsible for storage and safeguarding of computerized data.

Question 58

Data Encryption Standard (DES)

Answer 58

An algorithm for encoding binary data. It is a secret key cryptosystem published by the National Bureau of Standards (NBS), the predecessor of the US National Institute of Standards and Technology (NIST). DES and its variants has been replaced by the Advanced Encryption Standard (AES).

Question 59

Dencentralization

Answer 59

process of distributing computer processing to different locations within an enterprise

Question 60

Decryption

Answer 60

technique used to recover the original plaintext from the ciphertext; reverse of encryption

Question 61

Decryption key

Answer 61

digital piece of information used to recover plaintext from the corresponding ciphertext by decryption.

Question 62

Defense in depth

Answer 62

practice of layering defenses to provide added protection. Defense in depth increases security by raising the effort needed in an attack. This strategy places multiple barriers between an attacker and an enterprise’s computing and information resources.

Question 63

Demilitarized zone (DMZ)

Answer 63

a screened (firewalled) network segment that acts as a buffer zone between a trusted and untrusted network. A DMZ is typically used to house systems such as web servers that must be accessible from both internal networks and the Internet.

Question 64

Denial-of-service (DoS) attack

Answer 64

An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stooped completely or operates at a significantly reduced rate.

Question 65

Digital certificate

Answer 65

piece of information, digitized form of signature, that provides sender authenticity, message integrity and nonrepudiation. A digital signature is generated using the sender’s private key or applying a one-way hash function.

Question 66

Diaster

Answer 66

A sudden, unplanned calamitous event causing great damage or loss. Any event that creates an inability on an organization’s part to provide critical business functions for some predetermined period of time. Similar terms are business interruption, outage and catastrophe. The period when enterprise mgmt decides to divert from normal production responses and exercises its disaster recovery plan (DRP). It typically signifies the beginning of a move from a primary location to an alternate location.

Question 67

Disaster recovery plan (DRP)

Answer 67

set of human, physical, technical, and procedural resources to recover, within a defined time and cost, an activity interrupted by an emergency or diaster.

Question 68

Discretionary access control (DAC)

Answer 68

means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject.

Question 69

Domain name system (DNS)

Answer 69

A hierarchical database that is distributed access the Internet that allows names to be resolved into IP addresses (and vice versa) to locate services such as web and email servers.

Question 70

Domain name system (DNS) exfilration

Answer 70

Tunneling over DNS to gain network access. Lower-level attack vector for simple to complex data transmission, slow but difficult to detect.

Question 71

Dynamic ports

Answer 71

Dynamic and/or private ports 49152-65535, not listed by IANA because of their dynamic nature.