Acronyms

Question 1

DLP

Answer 1

Data Loss Prevention

Question 2

HIDS

Answer 2

Host-Based Intrusion Detection System

Question 3

EDR

Answer 3

Endpoint Detection and Response

Question 4

NIPS

Answer 4

Network-Based Intrusion Prevention System

Question 5

IRP

Answer 5

An incident response plan lists the procedures, contacts, and resources available to responders for various incident categories. The CSIRT should develop profiles or scenarios of typical incidents (DDoS attack, virus/worm outbreak, data exfiltration by an external adversary, data modification by an internal adversary, and so on). This will guide investigators in determining priorities and remediation plans. Steps included are: preparation, identification,
containment, eradication, recovery, and lessons learned

Question 6

CVE

Answer 6

Common Vulnerabilities and Exposures

Question 7

PUP

Answer 7

Potentially Unwanted Program (programs which MIGHT NOT be malware, but that you may not want, like AdWare)

Question 8

SCADA

Answer 8

Supervisory Control And Data Acquisition

Question 9

CASB

Answer 9

cloud access security broker: enterprise management software designed to mediate access to cloud services by users across all types of devices.

Question 10

DAC

Answer 10

Discretionary Access Control

Question 11

ABAC

Answer 11

Attribute-based access control

Question 12

SCAP

Answer 12

Security Content Automation Protocol

Question 13

SOAR

Answer 13

Security orchestration, automation, and response (SOAR) is designed as a solution to the problem of the volume of alerts overwhelming analysts’ ability to respond

Question 14

FRR

Answer 14

False Rejection Rate—where a legitimate user is not recognized. This is also referred to as a Type I error or false non-match rate (FNMR)

Question 15

FAR

Answer 15

False Acceptance Rate—where an interloper is accepted (Type II error or false match rate [FMR]).

Question 16

CER

Answer 16

Crossover Error Rate—the point at which FRR (False Rejection Rate) and FAR (False Acceptance Rate) meet.

Question 17

TPM

Answer 17

Trusted Platform Module

Question 18

SDP

Answer 18

Software Defined Perimeter

Question 19

AAA

Answer 19

Authentication, Authorization, and Accounting

Question 20

MSSP

Answer 20

An managed security service provider (MSSP) provides outsourced monitoring and management of security devices and systems.

Question 21

SOC

Answer 21

A security operations center (SOC – pronounced “sock”) is a team of experts that proactively monitor an organization’s ability to operate securely.

Question 22

MAC

Answer 22

Mandatory Access Control: uses system of clearances and labels. Users can’t change the labels or their own clearance levels.

Question 23

RAID 0

Answer 23

striping, no parity. Fast, but not fault tolerant.

Question 24

RAID 1

Answer 24

Mirroring only. No improvement to speed, but adds fault tolerance.

Question 25

RAID 5

Answer 25

Striping with parity, three disks. Allows one disk to fail without losing data. More efficient than RAID 1.

Question 26

RAID 6

Answer 26

Striping with double parity: allows multiple disks to fail without losing data.

Question 27

Nested RAID

Answer 27

Different combinations are possible, usually to improve speed or redundancy.

Question 28

VTC

Answer 28

Video Tele-Conferencing

Question 29

SIP

Answer 29

The Session Initiation Protocol (SIP) is one of the most widely used session control protocols. SIP endpoints are the end-user devices (also known as user-agents), such as IP-enabled handsets or client and server web conference software. Each device, conference, or telephony user is assigned a unique SIP address known as a SIP Uniform Resource Indicator (URI), such as sip:bob.dobbs@comptia.org

Question 30

RTP/SRTP

Answer 30

While SIP provides session management features (for VoIP and VTC), the actual delivery of real-time data uses different protocols. The principal one is real-time Transport Protocol (RTP).SRTP is the secure version of this.

Question 31

ESP

Answer 31

Encapsulation Security Payload (ESP) provides confidentiality and/or authentication and integrity. It can be used to encrypt the packet rather than simply calculating an HMAC.

Question 32

COPE

Answer 32

Corporate owned, personally-enabled: the device is chosen and supplied by the company and remains its property. The employee may use it to access personal email and social media accounts and for personal web browsing (subject to whatever acceptable use policies are in force)

Question 33

CYOD

Answer 33

Choose your own device (CYOD)—much the same as COPE but the employee is given a choice of device from a list.

Question 34

COBO

Answer 34

Corporate owned, business only (COBO)—the device is the property of the company and may only be used for company business.

Question 35

BYOD

Answer 35

Bring your own device (BYOD)—the mobile device is owned by the employee. The mobile will have to meet whatever profile is required by the company (in terms of OS version and functionality) and the employee will have to agree on the installation of corporate apps and to some level of oversight and auditing. This model is usually the most popular with employees but poses the most difficulties for security and network managers.

Question 36

RTO

Answer 36

Recovery Time Objective

Question 37

BIA

Answer 37

Business impact analysis (BIA) is the process of assessing what losses might occur for a range of threat scenarios. For instance, if a DDoS attack suspends an e-commerce portal for five hours, the business impact analysis will be able to quantify the losses from orders not made and customers moving permanently to other suppliers based on historic data.

Question 38

HE

Answer 38

Homomorphic Encryption: Encryption which allows manipulation of encrypted data without unencrypting it. (my words, paraphrased from book)

Question 39

SIEM

Answer 39

security information and event management

Question 40

BSSID

Answer 40

Basic service set identiifier: mac address of a WAP

Question 41

CBC

Answer 41

Cipher Block Chaining:

Question 42

ASLR

Answer 42

Address space layout randomization: laying out memory randomly to hinder attackers

Question 43

AIS

Answer 43

Automated indicator sharing: feed from DHS of indicators of compromise (IoC)

Question 44

CCMP

Answer 44

Counter-mode/CBCMAC protocol

Question 45

AIS

Answer 45

Automated Indicator Sharing (AIS) is a service offered by the Department of Homeland Security (DHS) for companies to participate in threat intelligence sharing

Question 46

ISO 27701

Answer 46

Extension of ISO standards 27001 and 27002 to include detailed management of PII (Personally Identifiable Information) and data privacy.

Question 47

ISO 31000

Answer 47

sets international standards for risk management practices

Question 48

CTI

Answer 48

Cyber Threat Intelligence: A type of platform through which a person/company can receive feed of threat data to use to determine whether Indicators of Compromise are present.

Question 49

DEP

Answer 49

Data execution prevention: restrictions against using space in memory as executable memory space when it is reserved for data

Question 50

ISO 27001

Answer 50

International standard for the foundation of Information Security Management Systems.

Question 51

SSAE

Answer 51

Statements on Standards for Attestation Engagements: Audit specifications developed by the American Institute of Certified Public Accountants (AICPA)

Question 52

ISO 27701

Answer 52

Extension of ISO standards 27001 and 27002 to include detailed management of PII (Personally Identifiable Information) and data privacy.

Question 53

ISO 31000

Answer 53

sets international standards for risk management practices

Question 54

PEAP

Answer 54

Protected EAP: encapsulates EAP in a TLS tunnel. Authenticates via MSCHAPV2 if using a Microsoft server as authentication server. Can also be used with Generic Token Card (GTC) or hardware token generator. Less secure than EAP-TLS.

Question 55

TACACS+

Answer 55

Terminal Access Controller Access-Control System Plus: reliable, connection-oriented delivery on TCP port 49 for encrypted transfers of critical network infrastructure data. Provides Authentication, Authorization and Accounting (AAA) functions. Centralizes logins for admin accounts for network appliances.

Question 56

NIST

Answer 56

National Institute of Standards and Technology

Question 57

EAP-FAST

Answer 57

FAST=Flexible Authentication via Secure Tunneling. EAP-FAST needs RADIUS server to provide authentication DB access.

Question 58

EAP

Answer 58

Extensible Authentication Protocol (EAP) provides a framework for deploying multiple types of authentication protocols and technologies.

Question 59

802.1X

Answer 59

Port-based Network Access Control (NAC) protocol provides the means of using an EAP method when a device connects to an Ethernet switch port, wireless access point (with enterprise authentication configured), or VPN gateway.

Question 60

PEAP

Answer 60

Protected EAP: encapsulates EAP in a TLS tunnel

Question 61

TACACS+

Answer 61

Terminal Access Controller Access-Control System Plus: reliable, connection-oriented delivery on TCP port 49 for encrypted transfers of critical network infrastructure data. Provides Authentication, Authorization and Accounting (AAA) functions. Centralizes logins for admin accounts for network appliances. Designed as a replacement for Radius.

Question 62

RADIUS

Answer 62

Remote Authentication Dial-In User Service: UDP/IP on ports 1812 and 1813

Question 63

EAP-FAST

Answer 63

FAST=Flexible Authentication via Secure Tunneling

Question 64

PAC

Answer 64

Protected Access Credential (part of EAP-FAST terminology). This is a shared secret in that system.

Question 65

AS

Answer 65

Authentication Server (in EAP-FAST terminology)

Question 66

EAP-TLS

Answer 66

More secure than PEAP as EAP-TLS uses digital certificates for both clients and servers rather than only on the server side like in PEAP. Excludes older devices as clients which cannot support digital certificates.

Question 67

EAP-TTLS

Answer 67

EAP over Tunneled TLS

Question 68

SAE

Answer 68

Simultaneous Authentication of Equals (Used with Pre-Shared Keys in authenticating to wireless networks). This gives each user a separate session ID even though everyone gets in with the same pass key.

Question 69

WPS

Answer 69

Wifi Protected Setup (The PINs only have 11k different combinations, so they can be vulnerable to brute force attacks. Newer devices have brute-force protection. Older devices should just have this disabled.)

Question 70

NFC

Answer 70

Near Field Communication

Question 71

DER certs

Answer 71

Distinguised Encoding Rules

Question 72

PEM certs

Answer 72

Privacy-Enhanced Mail (text formatted through base64 encoding)

Question 73

PKCS #12

Answer 73

Public Key Cryptography Standards #12 (can contain multiple X.509 certs in a single .p12 or .pfx file)

Question 74

CER Certs

Answer 74

Usually contains only public key

Question 75

PKCS #7

Answer 75

sent as .p7b file, stored in ASCII. Doesn’t contain private keys.

Question 76

dig

Answer 76

Domain Information Groper