ACRONYMS

Question 1

CIFS

Answer 1

Common Internet File System = Samba

Question 2

111/tcp

Answer 2

RPC port

Question 3

LLMNR

Answer 3

Link Local Multicast Name Resolution = host name to IP resolution Windows

Question 4

BPDU

Answer 4

Bridge Protocol Data Unit = update frames multicast between switches

Question 5

TTY

Answer 5

terminal shell

Question 6

WAF

Answer 6

Web Application Firewall

Question 7

SET

Answer 7

Social Engineering Toolkit

Question 8

BeEF

Answer 8

Browser Exploitation Framework = social engineering

Question 9

XOR

Answer 9

Exclusive OR = encryption

Question 10

TKIP

Answer 10

Temporal Key Integrity Protocol

Question 11

OSINT

Answer 11

open source intelligence gathering –> method of searching public records, social media, google etc.

Question 12

WAF

Answer 12

web application firewall

Question 13

ICS

Answer 13

industrial control systems

Question 14

DAR

Answer 14

data at rest

Question 15

SAST

Answer 15

static application security testing

Question 16

ICS

Answer 16

Industrial Control System

Question 17

CAPEC

Answer 17

MITRE’s Common Attack Pattern Enumeration & Classification

provides a dictionary of known patterns of attack

capec.mitre.org

Question 18

NVD

Answer 18

National Vulnerability Database

Maintained by NIST

Full Disclosure is a public forum.

Question 19

SoW

Answer 19

Statement of Work

plans the project-specific work to be done.

identifies the cope of work and testing to be completed.

Question 20

OSINT

Answer 20

collection and analysis of data gathered from open sources

Question 21

SCADA

Answer 21

Supervisory Control And Data Acquisition (SCADA) systems

Question 22

DAR

Answer 22

data at rest

Question 23

SAST

Answer 23

static application security testing

Static application security testing can be embedded directly within the development environment. This allows developers to track their code continuously. Scrum masters and product owners will also regulate secure coding best practices. This leads to rapid vulnerability reduction and improved code integrity and security.

Question 24

DAST

Answer 24

Dynamic Application Security Testing

focuses on testing the application in run-time, and this is usually done using vulnerability scanners. While SAST focuses on creating and writing secure code, DAST focuses more on finding security flaws in the deployed application.

Question 25

SOAP

Answer 25

Simple Object Access Protocol a Connection or an interface between the web services or a client and web service. SOAP is operated with application layer protocols like HTTP, SMTP or even with the TCP for message transmission. created from WSDL

Question 26

WSDL

Answer 26

Web Service Description Language XML based. SOAP.

Question 27

REST

Answer 27

representational state transfer replacing SOAP in web applications

Question 28

WADL

Answer 28

web application description language XML based. REST

Question 29

XSD

Answer 29

XLM schema definition

Question 30

LSASS

Answer 30

Local Security Authority Subsystem Service windows security policy enforcement verifies users at login

Question 31

SPN

Answer 31

service principle names are used to uniquely identify each instance of a Windows service

Question 32

MSA

Answer 32

master service agreement - addresses high-level requirements for contract