Acronyms Flashcards

1
Q

3DES

A

Triple Data Encryption Standard

  • Variant of DES that uses 3 different keys to perform the encryption process. (3 separate passes through the data)
  • Symmetrical
  • No longer use 3DES either
  • (AES is the workhorse encryption standard today)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

AAA

A

Authentication, Authorization, Accounting

  • Proving who you are
  • Deciding what you have access to
  • ## Keeping track of who authenticated onto network
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

ABAC

A

Attribute Based Access Control

-An access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together.
- The policies can use any type of attributes (user attributes, resource attributes, environment attribute etc.).
- Ex: Permit managers to **, provided that **, if ** or ** unless **

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

ACL

A

Access Control List

  • set of permissions that are then assigned to an object
  • Used in firewalls, switches, routers, and OS
  • All of them to some degree allow/restrict access to certain parts of the network or to an OS
  • They can be very specific (to ports) and / or very complex
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

AD

A

Active Directory

  • Directory servers that runs on Microsoft Windows Server
  • Main function is to enable administrators to manage permissions and control access to network resources
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AES

A

Advanced Encryption Standard

  • Most popular SYMMETRIC encryption in use today
  • Standard of the US Federal Government
  • Added to FIPS 197 in 2001 (It took five years to standardize and eventually replace DES)
  • 128 cipher block encryption (in a single pass)
  • Supports 128, 192, and 256 bit key sizes
  • Ex: A wireless network where all information is encrypted with WPA2 uses AES
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

AES256

A

Advanced Encryption Standard 256bit

  • largest key size for AES (symmetric)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

AH

A

Authentication Header

  • Can provide data integrity (Ex: in IPSec)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

AI

A

Artificial Intelligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

AIS

A

Automated Indicator Sharing

  • A way to automate the process of gathering and disseminating threat information that’s secure
  • A way to process and move the information between organizations over the internet
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

ALE

A

Annualized Loss Expectancy

  • ARO X SLE = ALE
  • The total number in dollars if an event occurs based on its frequency
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

AP

A

Access Point

  • Most APs allow you to configure MAC- level filtering to the AP itself
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

API

A

Application Programming Interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

APT

A

Advanced Persistent Threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

ARO

A

Annualized Rate of Occurrence

  • The number of times / year something happens
  • ARO X SLE = ALE
  • can be based on historical data, how often a threat would be successful exploiting a vulnerability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

ARP

A

Address Resolution Protocol

  • A way to translate IP address to MAC address.
  • Purpose is to find out the MAC address of a device on the LAN
  • used when IPV4 is used over ethernet
  • Helps resolve an address of a specific computer by sending a piece of information from the local computer to a remote computer where the server process is executed. This piece of information allows the server to identify the network system and provide the address
  • See also DHCP and DNS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

ASLR

A

Address Space Layout Randomization

  • Method used by programmers to randomly arrange the different address spaces used by a program or process to prevent buffer overflow exploits
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

ASP

A

Active Server Pages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

ATT&CK

A

Adversarial Tactics, Techniques and Common Knowledge

  • MITRE framework
  • Identify broad categories of attacks, find exact intrusions and how they are occurring and how attackers are moving around after the attack and identify security techniques that can help you block future attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

AUP

A

Acceptable Use Policy

  • Many organizations have them
  • Detailed documentation that covers how all of the different technologies in your environment should be used
  • Covers internet, telephones, computers, mobile devices
  • A way for employer to set expectations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

BCP

A

Business Continuity Plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

BGP

A

Border Gateway Protocol

  • allows different autonomous systems on the internet to share routing information
  • more flexible than OSPF and can be used on larger networks
  • emphasis on determining the best path (OSPF, the fastest)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

BIA

A

Business Impact Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

AV

A

Antivirus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

BASH

A

Bourne Again Shell

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

BIOS

A

Basic Input Output Systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

BPA

A

Business Partnership Agreement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

BPDU

A

Bridge Protocol Data Unit

  • Primary protocol used by the Spanning tree protocol
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

BSSID

A

Basic Service Set Identifier

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

BYOD

A

Bring Your Own Device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

CA

A

Certificate Authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

CAPTCHA

A

Completely Automated Public Turning Test to Tell Computers and Humans Apart

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

CAR

A

Corrective Action Report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

CASB

A

Cloud Access Security Broker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

CBC

A

Cipher Block Chaining

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

CCMP

A

Counter-Mode/CBC-MAC Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

CCTV

A

Closed Circuit Television

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

CERT

A

Computer Emergency Response Team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

CFB

A

Cipher Feedback

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

CHAP

A

Challenge-Handshake Authentication Protocol

  • Used to provide authentication by using the user’s password to encrypt a challenge string of random numbers
  • PAP and CHAP are mostly used with dial-up
  • MS-CHAP = Microsoft’s versions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

CIO

A

Chief Information Officer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

CIRT

A

Computer Incident Response Team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

CIS

A

Center for Internet Security

  • Non profit organization focused on developing globally-recognized best practices for securing IT systems and data against cyber attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

CMS

A

Content Management System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

CN

A

Common Name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

COOP

A

Continuity of Operations Planning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

COPE

A

Corporate-owned Personally Enabled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

CP

A

Contingency Planning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

CRC

A

Cyclic Redundancy Check

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

CSP

A

Cloud Service Provider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

CSR

A

Certificate Signing Request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

CSRF

A

Cross-Site Request Forgery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

CSU

A

Channel Service Unit

  • hardware that concerts digital data frames from LAN into frames for WAN and vice versa
  • received and transmits signals to and from the WAN line and provided a barrier for electrical interference from either side of the unit
  • can echo loop back signals for testing purposes
  • connects the network provider side
  • CSU/DSU (Data service Unit). The DSU connects to your Data Terminal Equipment (often a router)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

CTM

A

Counter-Mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

CTO

A

Chief Technology Officer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

CVE

A

Common Vulnerabilities and Exposures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

CVSS

A

Common Vulnerability Scoring System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

CYOD

A

Choose Your Own Device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

DAC

A

Discretionary Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

DBA

A

Database Administrator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

DDoS

A

Distributed Denial of Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

DEP

A

Data Execution Prevention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

DER

A

Distinguished Encoding Rules

  • most popular way to store X.509 file certificates
  • DER encoding certificates are supported by almost all applications
  • Ex: OpenSSL and keytool
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

DES

A

Data Encryption Standard

  • Created by the NSA and IBM b/n 1972 -1977, used to be the most popular symmetric encryption algorithm in use
  • Part of FIPs
  • Used 64-bit block cypher (encrypted 64 bits of data at a time)
  • Used a 56-bit key, which is small so now it is easy to brute force.
  • No longer practically used today as a result
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

DHCP

A

Dynamic Host Configuration Protocol

  • Network protocol that dynamically (automatically) assigns IP addresses to the computers or other devices on each LAN network
  • Can assign an IP address from within a given range
  • See also ARP and DNS
  • DHCP snooping = switch configured with a series of trusted interfaces that may have routers, switches and other DHCP servers on it, but it would have other interfaces that are not trusted, the switch is constantly monitoring the conversations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

DHE

A

Diffie-Hellman Ephemeral

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

DKIM

A

Domain Keys Identified Mail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

DLL

A

Dynamic-link Library

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

DLP

A

Data Loss Prevention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

DMARC

A

Domain Message Authentication Reporting and Conformance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

DNAT

A

Destination Network Address Translation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

DNS

A

Domain Name System

  • Maps the IP addresses into a human-readable name and vice versa
  • Ex: IP address 1234… = professormesser.com
  • See also ARP and DHCP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

DNSSEC

A

Domain Name System Security Extension

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

DoS

A

Denial of Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

DPO

A

Data Protection Officer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

DRP

A

Disaster Recovery Plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

DSA

A

Digital Signature Algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

DSL

A

Digital Subscriber Line

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

EAP

A

Extensible Authentication Protocol

  • A framework of protocols that allows for numerous methods of authentication including passwords, digital certificates and public key infrastructure
  • EAP-MD5 uses simple passwords for challenge-authentication
  • EAP-TLS uses digital certificates for mutual authentication
  • EAP-TTLS uses server-side digital certificate and a client-side password for mutual authentication
  • EAP-FAST provides flexible authentication via secure tunneling (FAST) by using a protected access credential instead of a certificate for mutual authentication
  • Protected EAP - supports mutal authentication by using server certificates and Active Director to authenticate a client’s passcode
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

ECB

A

Electronic Code Book

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

ECC

A

Elliptic-curve Cryptography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

ECDHE

A

Elliptic-curve Diffie-Hellman Ephemeral

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

ECDSA

A

Elliptic-curve Digital Signature Algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

EDR

A

Endpoint Detection and Response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

EFS

A

Encrypted File System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

EIP

A

Extended Instructions Pointer

  • tracks the address of the current instruction running in an application
  • holds the address to (points to) the first byte of the next instruction to be executed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

EOL

A

End of Life

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

EOS

A

End of Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

ERP

A

Enterprise Resource Planning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

ESP

A

Encapsulation Security Payload

  • member of IPSec
  • encrypts and authenticated packed if data between computers using a VPN
  • one of two layers of protection for IP sec (other is AH)
  • ESP + Ah can operate in two modes transport (less secure) and tunnel (more secure)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

ESSID

A

Extended Service Set Identifier

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

FACL

A

File-system Access Control List

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

FDE

A

Full Disk Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

FIM

A

File Integrity Monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

FPGA

A

Field Programmable Gate Array

  • A processor that can be programmed to perform a specific function by a customer rather than at the time of manufacture
  • End customer can configure the programming logic to run a specific application instead of using ASIC (application-specific integrated circuit)
  • (IoT)
  • considered an anti-tamper mechanism
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

FRR

A

False Rejection Rate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

FTP

A

File Transfer Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

FTPS

A

File Transport Protocol Secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

ESN

A

Electronic Serial Number

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

GCM

A

Galois/Counter Mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

GDPR

A

General Data Protection Regulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

GPG

A

GNU Privacy Guard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

GPO

A

Group Policy Object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

GPS

A

Global Positioning System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

GPU

A

Graphics Processing Unit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
106
Q

GRE

A

Generic Routing Encapsulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
107
Q

HA

A

High Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
108
Q

HDD

A

Hard Disk Drive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

HIDS

A

Host-based Intrusion Detection System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
110
Q

HIPS

A

Host-based Intrusion Prevention System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
111
Q

HMAC

A

Hash-based Message Authentication Code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
112
Q

HOTP

A

HMAC based One-time Password

  • A password is computed from a shared secret and is synchronized between the client and server
  • This was the original standard
  • Uses a counter, that increments with each new validation
  • It’s still used but companies like Google use TOTP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
113
Q

HSM

A

Hardware Security Module

  • An appliance for generating and storing cryptographic keys that is less susceptible to tampering and insider threats than software based storage
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
114
Q

HSMaaS

A

Hardware Security Module as a Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
115
Q

HTML

A

Hypertext Markup Language

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
116
Q

HTTP

A

Hyper Text Transfer Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
117
Q

HTTPS

A

Hyper Text Transfer Protocol Secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
118
Q

HVAC

A

Heating, Ventilation, Air-conditioning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
119
Q

IaaS

A

Infrastructure as a Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
120
Q

IAM

A

Identity and Access Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
121
Q

ICMP

A

Internet Control Message Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
122
Q

ICS

A

Industrial Control Systems

  • A network that manages embedded devices
  • Used for electrical power stations, water suppliers, health services, telecommunications, manufacturing and defense needs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
123
Q

IDEA

A

International Data Encryption Algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
124
Q

IDF

A

Intermediate Distribution Frame

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
125
Q

IdP

A

Identity Provider

  • a trusted third-party service for validating user identity in a federated identity system
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
126
Q

IDS

A

Intrusion Detection System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
127
Q

IEEE

A

Institute of Electrical and Electronics Engineers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
128
Q

IKE

A

Internet Key Exchange

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
129
Q

IM

A

Instant Messaging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
130
Q

IMAP4

A

Internet Message Access Protocol v4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
131
Q

IoC

A

Indicators of Compromise

  • A specific activity that could indicate that someone is now inside your network
  • Ex: Increase traffic, could be normal or could indicate data exfiltration
  • Ex: files that should have constant hash values, are now different (hacker is modifying trusted documents)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
132
Q

IoT

A

Internet of Things

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
133
Q

IP

A

Internet Protocol

  • IPv4 32-bit addressing scheme that provides over 4B possible unique addresses
  • commonly represented in dotted decimal format
  • 3 ways of transmitting data through networks: unicast, multicast (1 to few), broadcast (1 to many)
  • IPv6 128 bit that provides over 340 undecillion possible unique addresses (eventually this will over take IPv4 as IPv4 is currently running out.)
  • Commonly represented in comma separated hexadecimal
  • Unicast, multicast and anycast (to replace broadcast)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
134
Q

IPS

A

Intrusion Prevention System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
135
Q

IPsec

A

Internet Protocol Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
136
Q

IR

A

Incident Response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
137
Q

IRC

A

Internet Relay Chat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
138
Q

IRP

A

Incident Response Plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
139
Q

ISA

A

Interconnection Security Agreement

  • Document that regulates security-relevant aspects of an intended connection between an agency and an external system.
  • Supports / usually proceeded by a MOU / MOA
140
Q

ISFW

A

Internal Segmentation Firewall

141
Q

ISO

A

International Organization for Standardization

142
Q

ISP

A

Internet Service Provider

143
Q

ISSO

A

Information Systems Security Officer

144
Q

ITCP

A

IT Contingency Plan

145
Q

IV

A

Initialization Vector

146
Q

KDC

A

Key Distribution Center

147
Q

KEK

A

Key Encryption Key

148
Q

L2TP

A

Layer 2 Tunneling Protocol

149
Q

LAN

A

Local Area Network

150
Q

LDAP

A

Lightweight Directory Access Protocol

  • A databased used to centralize information about clients and objects on the network
  • Port 389 Unecrypted
  • Port 636 encrypted
  • (Active Directory is Microsoft’s version)
151
Q

LEAP

A

Lightweight Extensible Authentication Protocol

  • proprietary to Cisco based networks
152
Q

MaaS

A

Monitoring as a Service

153
Q

MAC

A

Media Access Control

  • Address of a network card, the physical address (every adaptor has a different MAC address)
  • 46 bits long (6 bytes)
  • 1st section, is the OUI (manufacturer portion) 2nd section is the Serial Number
  • Switches interpret the MAC addresses
  • MAC flooding turns switch into a hub
  • One issue with MAC filtering, easy to circumvent, you just need a packet capturing device to see which MAC addresses are allowed to communicate and then simply spoof that address (MAC filtering attempts security through obscurity but is really not effective at all)
154
Q

MAM

A

Mobile Application Management

155
Q

MAN

A

Metropolitan Area Network

156
Q

MBR

A

Master Boot Record

157
Q

MD5

A

Message Digest 5

158
Q

MDF

A

Main Distribution Frame

159
Q

MDM

A

Mobile Device Management

160
Q

MFA

A

Multifactor Authentication

161
Q

MFD

A

Multifunction Device

162
Q

MFP

A

Multifunction Printer

163
Q

ML

A

Machine Learning

164
Q

MMS

A

Multimedia Message Service

165
Q

MOA

A

Memorandum of Agreement

166
Q

MOU

A

Memorandum of Understanding

167
Q

MPLS

A

Multiprotocol Label Switching

168
Q

MSA

A

Measurement Systems Analysis

  • provides a way for a company to evaluate and assess the quality of the process used in their measurement systems.
  • ex six sigma
  • will assess the measurement itself and then be able to calculate any uncertainty that may be in place during the measurement process
  • Specifies generic terms to simplify negotiation of future contracts
169
Q

MS-CHAP

A

Microsoft Challenge-Handshake

170
Q

MSP

A

Managed Service Provider

  • Delivers services (like network, application, infrastructure and security) via ongoing and regular support and active administration on customers premise.
171
Q

MSSP

A

Managed Security Service Provider

  • Provides outsourced monitoring and management of security devices and systems.
  • Common services: managed firewall, IDS, VPN, vulnerability scanning and anti viral services.
  • use high availability security operation centers to provide 24/7 services designed to reduce the number of operational security personnel an enterprise needs
172
Q

MTBF

A

Mean Time Between Failures

173
Q

MTTF

A

Mean Time to Failure

174
Q

MTTR

A

Mean Time to Repair

175
Q

MTU

A

Maximum Transmission Unit

176
Q

NAC

A

Network Access Control

  • Method of controlling who or what gains access to a wired or wireless network
  • Most cases NAC uses a combination of 802.1x security and some form of posture assessment for a device attempting to log into the network
  • (a posture assessment considers the state of the requesting device (the device must meet a minimum set of standards before it is allowed access to the network. Ex: type of device, OS, patch level, presence of anti malware and is software up to date)
177
Q

NAS

A

Network-attached Storage

= A storage appliance that is placed on the network.
- Specially designed to store data more efficiently than standard data methods
- (Note a SAN often includes many NAS. A SAN = storage area network, which is a an actual network of devices that have the sole purpose of storing data efficiently)

178
Q

NAT

A

Network Address Translation

  • Process of changing an IP address while it transits across a router
  • NAT can help hide network IPs
179
Q

NDA

A

Non-disclosure Agreement

180
Q

NFC

A

Near-field Communication

181
Q

NFV

A

Network Function Virtualization

182
Q

NGFW

A

Next-generation Firewall

183
Q

NG-SWG

A

Next-generation Secure Web Gateway

184
Q

NIC

A

Network Interface Card

185
Q

NIDS

A

Network-based Intrusion Detection System

186
Q

NIPS

A

Network-based Intrusion Prevention System

187
Q

NIST

A

National Institute of Standards & Technology

  • CSF = NIST’s voluntary framework outlining best practices for computer security
188
Q

NOC

A

Network Operations Center

189
Q

NTFS

A

New Technology File System

190
Q

NTLM

A

New Technology LAN Manager

191
Q

NTP

A

Network Time Protocol

  • Protocol used to synchronize computer clock times in a network.
  • One of the oldest parts of the TCP/IP protocol suite
  • ensures the reliability of the Kerberos authentication process
192
Q

OCSP

A

Online Certificate Status Protocol

  • allows the browser to check for certificate revocation
193
Q

OID

A

Object Identifier

194
Q

OS

A

Operating System

195
Q

OSI

A

Open Systems Interconnection

196
Q

OSINT

A

Open-source Intelligence

197
Q

OSPF

A

Open-source Intelligence

198
Q

OT

A

Operational Technology

  • A communications network designed to implement an industrial control system rather than data networking
  • Industrial Systems prioritize availability and integrity over confidentiality
  • (ICS, SCADA vulnerabilities)
199
Q

OTA

A

Over-The-Air

200
Q

OTG

A

On-The-Go

  • technology enables establishing direct communication links between two USB devices (ex: mobile phone to usb port)
201
Q

OVAL

A

Open Vulnerability and Assessment Language

202
Q

OWASP

A

Open Web Application Security Project

203
Q

P12

A

PKCS #12

204
Q

P2P

A

Peer-to-Peer

205
Q

PaaS

A

Platform as a Service

206
Q

PAC

A

Proxy Auto Configuration

207
Q

PAM

A

Privileged Access Management

208
Q

PAM

A

Pluggable Authentication Modules

209
Q

PAP

A

Password Authentication Protocol

  • Used to provide authentication but is not considered secure since it transmits login credentials in the clear
210
Q

PAT

A

Port Address Translation

  • Router keeps track of requests from internal hosts by assigning them random high number ports for each request
211
Q

PBKDF2

A

Password-based Key Derivation Function 2

212
Q

PBX

A

Private Branch Exchange

213
Q

PCAP

A

Packet Capture

214
Q

PCI DSS

A

Payment Card Industry Data Security Standard

215
Q

PDU

A

Power Distribution Unit

216
Q

PE

A

Portable Executable

217
Q

PEAP

A

Protected Extensible Authentication Protocol

218
Q

PED

A

Protected Extensible Authentication Protocol

219
Q

PEM

A

Privacy Enhanced Mail

220
Q

PFS

A

Perfect Forward Secrecy

221
Q

PGP

A

Pretty Good Privacy

222
Q

PHI

A

Personal Health Information

223
Q

PII

A

Personally Identifiable Information

224
Q

PIN

A

Personal Identification Number

225
Q

PIV

A

Personal Identity Verification

226
Q

PKCS

A

Public Key Cryptography Standards

227
Q

PKI

A

Public Key Infrastructure

228
Q

PoC

A

Proof of Concept

229
Q

POP

A

Post Office Protocol

230
Q

POTS

A

Plain Old Telephone Service

231
Q

PPP

A

Point-to-Point Protocol

232
Q

PPTP

A

Point-to-Point Tunneling Protocol

233
Q

PSK

A

Pre-shared Key

234
Q

PTZ

A

Pan-Tilt-Zoom

235
Q

PUP

A

Potentially Unwanted Program

236
Q

QA

A

Quality Assurance

237
Q

QoS

A

Quality of Service

238
Q

RA

A

Registration Authority

239
Q

RAD

A

Rapid Application Development

240
Q

RADIUS

A

Remote Authentication Dial-in User Service

  • Provides centralized administration of dial-up, VPN, and wireless authentication services for 802.1x and the Extensible Authentication Protocol (EAP)
  • Operates at the application layer
  • Authentication = Port 1812 or 1645
  • Authorization = Port 1813 or 1646
  • Standard ports vs proprietary
241
Q

RAID

A

Redundant Array of Inexpensive Disks

242
Q

RAM

A

Random Access Memory

243
Q

RAS

A

Remote Access Server

244
Q

RAT

A

Remote Access Server

245
Q

RC4

A

Rivest Cipher version 4

  • A legacy symmetric encryption algorithm
  • Rivest Cipher 4 (Ron Rivest)
  • Part of the original WEP standard (no longer in use in today’s wireless)
  • Also part of the SSL Standard (But when TLS replaced SSL, RC4 was also replaced)
  • One problem: Biased output
  • Uncommon today
246
Q

RCS

A

Rich Communication Services

  • a technology designated as a successor to SMS and MMS
247
Q

RFC

A

Request for Comments

248
Q

RFID

A

Radio Frequency Identification

249
Q

RIPEMD

A

RACE Integrity Primitives
Evaluation Message Digest

250
Q

ROI

A

Return on Investment

251
Q

RPO

A

Recovery Point Objective

  • maximum tolerable point in time to which systems and data must be recovered after an outage
252
Q

RSA

A

Rivest, Shamir, & Adleman

253
Q

RTBH

A

Remotely Triggered Black Hole

254
Q

RTO

A

Recovery Time Objective

  • Maximum tolerable period of time required for restoring business functions after a failure or disaster
255
Q

RTOS

A

Real-time Operating System

256
Q

RTP

A

Real-time Transport Protocol

257
Q

S/MIME

A

Secure/Multipurpose Internet Mail Extensions

258
Q

SaaS

A

Software as a Service

259
Q

SAE

A

Simultaneous Authentication of Equals

260
Q

SAML

A

Security Assertions Markup Language

261
Q

SCADA

A

Supervisory Control and Data Acquisition

  • A type of industrial control system that manages large-scale, multiple-site devices and equipment spread over geographical region
  • Typically run as software on ordinary computers to gather data from and manage plant devices and equipment with embedded PLCs (Programmable Logic Controller - a type of computer designed for deployment in an industrial / outdoor setting that can automate and monitor mechanical systems)
262
Q

SCAP

A

Security Content Automation Protocol

263
Q

SCEP

A

Simple Certificate Enrollment Protocol

264
Q

SDK

A

Software Development Kit

265
Q

SDLC

A

Software Development Life Cycle

266
Q

SDLM

A

Software Development Life-cycle Methodology

267
Q

SDN

A

Software-defined Networking

268
Q

SDP

A

Service Delivery Platform

269
Q

SDV

A

Software-defined Visibility

270
Q

SED

A

Self-Encrypting Drives

  • Can provide whole disk encryption
  • The controller can automatically encrypt data that is written to it on the disk drive
271
Q

SEH

A

Structured Exception Handling

  • Provides control over what the application should do when faced with a runtime or syntax error
272
Q

SFTP

A

SSH File Transfer Protocol

273
Q

SHA

A

Secure Hashing Algorithm

274
Q

SIEM

A

Security Information and Event Management

275
Q

SIM

A

Subscriber Identity Module

276
Q

SIP

A

Session Initiation Protocol

  • Protocol used for managing real-time sessions that include voice, video, application sharing or IM services
277
Q

SLA

A

Service-level Agreement

  • Agreement between a service provider and users defining the nature, availabilty, quality and scope of the service to be provided
  • Specifies performance requirements for a vendor (and penalties)
278
Q

SLE

A

Single Loss Expectancy

  • Describes how much money we will lose if a single event occurs
  • ARO X SLE = ALE
279
Q

SMB

A

Server Message Block

280
Q

S/MIME

A

Secure/Multipurpose Internet Mail Extensions

281
Q

SMS

A

Short Message Service

282
Q

SMTP

A

Simple Mail Transfer Protocol

283
Q

SMTPS

A

Simple Mail Transfer Protocol Secure

284
Q

SNMP

A

Simple Network Management Protocol

285
Q

SOAP

A

Simple Object Access Protocol

286
Q

SOAR

A

Security Orchestration, Automation, Response

287
Q

SoC

A

System on Chip

  • A processor that integrates the platform functionality of multiple logical controllers onto a single chip
  • They are power efficient and used with embedded systems (IoT)
288
Q

SOC

A

Security Operations Center

289
Q

SPF

A

Sender Policy Framework

290
Q

SPIM

A

Spam over Instant Messaging

291
Q

SQL

A

Structured Query Language

292
Q

SQLi

A

SQL Injection

293
Q

SRTP

A

Secure Real-time Transport Protocol

294
Q

SSD

A

Solid State Drive

295
Q

SSH

A

Secure Shell

296
Q

SSID

A

Service Set Identifier

297
Q

SSL

A

Secure Sockets Layer

298
Q

SSO

A

Single Sign-on

  • A default user profile for each user is created and linked with all of the resources needed
  • Compromised SSO credentials are a big security breach
299
Q

STIX

A

Structured Threat Information eXpression

  • Standardized format for threats
  • Includes motivations, abilities, capabilities and response information
  • Part of AIS
300
Q

STP

A

Shielded Twisted Pair

301
Q

SWG

A

Secure Web Gateway

302
Q

TACACS+

A

Terminal Access Controller Access Control System

  • Cisco’s proprietary version of RADIUS
  • Port 49 (TCP)
  • Encrypts the entire payload of the access-request packet
  • Primarily used for device administration
    -Separates authentication and authorization
  • part of 802.1x (along with RADIUS)
303
Q

TAXII

A

Trusted Automated eXchange
of Intelligence Information

  • The trusted transportation to securely exchange STIX information
304
Q

TCP/IP

A

Transmission Control Protocol/Internet Protocol

305
Q

TGT

A

Ticket Granting Ticket

306
Q

TKIP

A

Temporal Key Integrity Protocol

307
Q

TLS

A

Transport Layer Security

  • Cryptographic protocol to encrypt online communications.
  • Uses certificates and asymmetrical cryptography to authenticate hosts and exchange security keys
  • Better option than SSL which functions similarly
308
Q

TOTP

A

Time-based One Time Password

  • A password is computed from a shared secret and current time
309
Q

TPM

A

Trusted Platform Module

  • A specification for hardware based storage of digital certificates, keys, hashed passwords, and other user and platform identification information
  • A TPM can be managed in Windows via the tpm.msc console or group policy
310
Q

TSIG

A

Transaction Signature

311
Q

TTP

A

Tactics, Techniques, and Procedures

312
Q

UAT

A

User Acceptance Testing

313
Q

UDP

A

User Datagram Protocol

314
Q

UEBA

A

User and Entity Behavior Analytics

315
Q

UEFI

A

Unified Extensible Firmware Interface

  • A type of system firmware providing support for a 64-bit CPU operation at boot, full GUI and mouse operation at boot and better boot security
316
Q

UEM

A

Unified Endpoint Management

317
Q

UPS

A

Uninterruptible Power Supply

318
Q

URI

A

Uniform Resource Identifier

319
Q

URL

A

Universal Resource Locator

320
Q

USB

A

Universal Serial Bus

321
Q

USB OTG

A

USB On-The-Go

322
Q

UTM

A

Unified Threat Management

323
Q

UTP

A

Unshielded Twisted Pair

324
Q

VBA

A

Visual Basic for Applications

325
Q

VDE

A

Virtual Desktop Environment

326
Q

VDI

A

Virtual Desktop Infrastructure

327
Q

VLAN

A

Virtual Local Area Network

328
Q

VLSM

A

Variable-length Subnet Masking

329
Q

VM

A

Virtual Machine

330
Q

VoIP

A

Voice over IP

331
Q

VPC

A

Virtual Private Cloud

332
Q

VPN

A

Virtual Private Network

  • Allows end users to create a tunnel over an untrusted network and connect remotely and securely back into the enterprise network
  • Client to Site VPN or Remote Access VPN
  • VPN Concentrator = Specialized hardware device that allows for hundreds of simultaneous VPN connections for remote workers
333
Q

VTC

A

Video Teleconferencing

334
Q

WAF

A

Web Application Firewall

335
Q

WAP

A

Wireless Access Point

  • It’s a bridge
  • Switch configuration that’s taking traffic from the wireless network and switching it on to the Ethernet network
  • Very similar to a switch as a layer 2 device on a network
  • Some let you control the power to the WAP (which controls its range)
  • Different than the wireless router at home
336
Q

WEP

A

Wired Equivalent Privacy

337
Q

WIDS

A

Wireless Intrusion Detection System

338
Q

WIPS

A

Wireless Intrusion Prevention System

339
Q

WORM

A

Write Once Read Many

340
Q

WPA

A

WiFi Protected Access

341
Q

WPS

A

WiFi Protected Setup

342
Q

XaaS

A

Anything as a Service

343
Q

XML

A

Extensible Markup Language

  • Markup language similar to HTML, but without predefined tags to use
  • Instead you define your own tags for your needs
  • powerful way to store data in a format that can be stored, searched, and shared
  • Stores and transfers data (Whereas HTML displays data and describes the structure of a webpage), standard language which can define other computer languages
344
Q

XOR

A

Exclusive OR

  • Compares two input bits and generates one output bit
  • if bits are the same, result = 0, if bits are different result = 1
  • A way to make data less readable, it’s a cipher
345
Q

XSRF

A

Cross-site Request Forgery

  • aka one click attack or session-riding
  • Takes advantage of the trust that a web browswer and web site have with each other
346
Q

XSS

A

Cross-site Scripting

  • Occurs when an attacker embeds malicious scripting commands on a trusted website
  • Stored / Persistent = attempts to get data provided by the attacker to be saved on the webserver (so that anyone who visits will be infected)
  • Reflected = Attempts to have a non-persistent effective, it’s activated by a victim clicking on a link
  • DOM - based = AAtemptse to xeloit the vvictim’sweb browswer