Acronyms

Question 1

FDE

Answer 1

Full-Disk Encryption - fully encrypts the hard drive on a computer

Question 2

TPM

Answer 2

Trusted Platform Module - used for boot integrity

Question 3

SDN

Answer 3

Software-Defined Networking - virtualized networking

Question 4

DMZ

Answer 4

Demilitarized Zone - used to segment a network

Question 5

CSR

Answer 5

Certificate Signing Request

Question 6

CN

Answer 6

Common Name for a certificate for a system - typically the Fully Qualified Domain Name for a server

Question 7

FQDN

Answer 7

Fully Qualified Domain Name

Question 8

RFID

Answer 8

Radio Frequency Identification

Question 9

CSO

Answer 9

Chief Security Officer

Question 10

MDM

Answer 10

Mobile Device Management

Question 11

DHCP

Answer 11

Dynamic Host Configuration Protocol

Question 12

SSH

Answer 12

Secure Shell -secure protocol used to connect to command-line shells, and can be used to tunnel other protocols

Question 13

TLS

Answer 13

Transport Layer Security

Question 14

RBAC

Answer 14

Role-based Access Control - based on user’s position in the organization

Question 15

MAC

Answer 15

Mandatory Access Control - permissions granted by security classifications

Question 16

DAC

Answer 16

Discretionary Access Control - allows data owners to set permissions

Question 17

ABAC

Answer 17

Attribute-based access control - considers various attributes such as location, time, computer, username, password, etc

Question 18

SED

Answer 18

Self-encrypting drive

Question 19

SIEM

Answer 19

Security Information and Event Management

Question 20

XSS

Answer 20

Cross-site Scripting

Question 21

UEM

Answer 21

Universal Endpoint Management - A universal endpoint management (UEM) tool can manage desktops, laptops, mobile devices, printers, and other devices. UEM tools often use applications deployed to mobile devices to configure and manage them

Question 22

CASB

Answer 22

Cloud Access Security Broker

Question 23

IPS

Answer 23

Intrusion Prevention System

Question 24

IDS

Answer 24

Intrusion Detection System

Question 25

NIPS

Answer 25

Network Intrusion Prevention System

Question 26

NIDS

Answer 26

Network Intrusion Detection System

Question 27

NTLM

Answer 27

New Technology LAN Manager - an older Windows authentication protocol

Question 28

DMZ

Answer 28

De-militarized zone - provides limited access to public-facing servers for outside users, but blocks outside users from accessing systems inside the LAN.

Question 29

VPC

Answer 29

Virtual datacenter?

Question 30

CCMP

Answer 30

Counter Mode Block Chaining Message Authentication (CBC-MAC) Protocol, is AES-based, used by WPA2 to encapsulate traffic. Is the minimum acceptable encryption used by WPA3

Question 31

CYOD

Answer 31

Choose Your Own Device - allows users to choose a device that is corporate-owned and paid for. Choices may be limited to a set of devices, or users may be allowed to choose essentially any device depending on the organization’s deployment decisions

Question 32

BYOD

Answer 32

Bring Your Own Device

Question 33

COPE

Answer 33

Corporate-Owned, Personally Enabled - provides devices to users that they can then use for personal use.

Question 34

VDI

Answer 34

Virtual Desktop Infrastructure - used as an access layer for any security model where specialized needs or security requirements may require access to remote desktop or application services

Question 35

WPS

Answer 35

Wi-fi Protected Setup

Question 36

SSO

Answer 36

Single Sign-On

Question 37

SAML

Answer 37

Security Assertion Markup Language - used by many identity providers to exchange authorization and authentication data with service providers

Question 38

LDAP

Answer 38

Lightweight Directory Access Protocol

Question 39

SSID

Answer 39

Service Set Identifier

Question 40

RADIUS

Answer 40

Remote Authentication Dial-In User Service

Question 41

VLAN

Answer 41

Virtual local area network - most often used to segment the internal network

Question 42

TPM

Answer 42

Trusted Platform Module - a secure cryptoprocessor used to provide a hardware root of trust for systems. They enable secure boot and boot attestation capabilities and include a random number generator, the ability to generate cryptographic keys for specific uses, and the ability to bind and seal data used for processes the TPM supports.

Question 43

NAC

Answer 43

Network Access Control

Question 44

OTA

Answer 44

Over-the-air updates are used by cellular carriers as well as phone manufacturers to provide firmware updates and updated phone configuration data

Question 45

MDM

Answer 45

Mobile Device Management

Question 46

SAE

Answer 46

Simultaneous Authentication of Equals - used in WPA3 (wi-fi protocol) to improve on previous models - WPA3’s Personal mode replaces the pre-shared key mode found in WPA2 with simultaneous authentication of equals

Question 47

ARP

Answer 47

Address Resolution Protocol

Question 48

HIPS

Answer 48

host-based intrusion prevention system - can monitor network traffic to identify attacks, suspicious behavior, and known bad patterns using signatures

Question 49

DLP

Answer 49

Data loss prevention - these tools allow sensitive data to be tagged and monitored so that if a user attempts to send it, they will be notified, administrators will be informed, and if necessary, the data can be protected using encryption or other protection methods before it is sent
-designed to protect data from being exposed or leaking from a network using a variety of techniques and technology

Question 50

FTP

Answer 50

File Transfer Protocol

Question 51

PSK

Answer 51

Pre-shared Key

Question 52

SNMP

Answer 52

Simple Network Management Protocol - can provide information about the status and configuration of her network devices

Question 53

SRTP

Answer 53

Secure version of the Real-Time Transport Protocol, used primarily for voice over IP (VoIP) and multimedia streaming or broadcast

Question 54

ABAC

Answer 54

Attribute-based access control

Question 55

UEFI

Answer 55

Unified Extensible Firmware Interface

Question 56

BIOS

Answer 56

Basic input/output system

Question 57

CHAP

Answer 57

Challenge Handshake Authentication Protocol - periodically has the client re-authenticate. This is transparent to the user but is done specifically to prevent session hijacking

Question 58

PAP

Answer 58

Password Authentication Protocol - actually quite old

Question 59

HSM

Answer 59

Hardware Security Module -provide many cryptographic functions, but they are not used for boot attestation (TPM). A physical device that safeguards and manages digital keys

Question 60

OAuth

Answer 60

Open Authorization

Question 61

TOTP

Answer 61

Time-based one-time passwords

Question 62

HOTP

Answer 62

HMAC (hash-based message authentication code)-based one-time passwords

Question 63

HMAC

Answer 63

Hash-based message authentication code

Question 64

Xaas

Answer 64

Anything as a service

Question 65

SCADA

Answer 65

Supervisory Control and Data Acquisition

Question 66

TLS

Answer 66

Transport Layer Security - a reliable method of encrypting web traffic. It supports mutual authentication and is considered secure. Created in 1999 as the successor to SSL (secure sockets layer)

Question 67

ECC

Answer 67

Elliptical-curve cryptography - faster than RSA-based cryptography because it can use a smaller key length to achieve levels of security similar to a longer RSA key (a 228-bit elliptical curve key is roughly equivalent to a 2,380-bit RSA key)

Question 68

SAN

Answer 68

Storage Area Network

Question 69

RAID

Answer 69

Redundant Array of Independent Drives (disks). RAID 0, 1, 3, 5, 10

Question 70

IaaS

Answer 70

Infrastructure as a Service - provides the components of an entire network and systems infrastructure

Question 71

PaaS

Answer 71

Platform as a Service provides the framework and underlying tools to build applications and services
- In the platform-as-a-service (PaaS) model, the consumer has access to the infrastructure to create applications and host them

Question 72

SaaS

Answer 72

Software as a Service - the consumer has the ability to use applications provided by the cloud provider over the Internet. SaaS is a subscription service where software is licensed on a subscription basis

Question 73

RFC

Answer 73

Request for Comment - how Internet protocols are defined and documented

Question 74

PFS

Answer 74

Perfect Forward Secrecy - used to change keys used to encrypt and decrypt data, ensuring that even if a compromise occurs, only a very small amount of data will be exposed

Question 75

DLL

Answer 75

Dynamic Linked Library

Question 76

DBA

Answer 76

Database Administrator

Question 77

CER

Answer 77

Crossover error rate - The crossover error rate (CER) is the point where the FAR (false acceptance rate) and the FRR (false rejection rate) cross over. CER provides a means of comparing biometric systems based on their efficiency, with a lower CER being more desirable

Question 78

FAR

Answer 78

False acceptance rate in a biometric system

Question 79

FRR

Answer 79

False rejection rate in a biometric system

Question 80

MSSR

Answer 80

Managed Security Service Provider - an outside company that handles security tasks. Some or even all security tasks can be outsourced, including intrusion detection and prevention (IDS/IPS) management, security information and event management (SIEM) integration, and other security controls

Question 81

UPS

Answer 81

Uninterruptible Power Supply

Question 82

MTR

Answer 82

Maximum Time to Restore

Question 83

API

Answer 83

Application Programming Interface

Question 84

OWASP

Answer 84

Open Web Application Security Project - the de-facto standard for web application security

Question 85

WAF

Answer 85

Web Application Firewall

Question 86

BIA

Answer 86

Business Impact Analysis

Question 87

DRP

Answer 87

Disaster Recovery Plan

Question 88

PDU

Answer 88

Power distribution Unit

Question 89

SED

Answer 89

Self-Encrypting Disk - automatic Full Disk Encryption

Question 90

SDK

Answer 90

Software development kit

Question 91

TOTP

Answer 91

Time-based One Time Password

Question 92

NIC

Answer 92

Network Interface Card

Question 93

RTOS

Answer 93

Realtime Operating System

Question 94

IaC

Answer 94

Infrastructure as Code - the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools

Question 95

API

Answer 95

Application programming interface

Question 96

CTR

Answer 96

Counter mode -makes a block cipher into a stream cipher by generating a keystream block using a non-repeating sequence to fill in the blocks. This allows data to be streamed instead of waiting for blocks to be ready to send

Question 97

SAN

Answer 97

Subject Alternate Name - SAN, or Subject Alternate Name, certificate allows multiple hostnames to be protected by the same certificate

Question 98

VIP

Answer 98

Virtual IP Address

Question 99

UEFI

Answer 99

Unified Extensible Firmware Interface

Question 100

NAT

Answer 100

Network Address Translation - NAT gateways allow internal IP addresses to be hidden from the outside, preventing direct connections to systems behind them. This effectively firewalls inbound traffic unless the gateway is set to pass traffic to an internal host when a specific IP, port, and protocol is used

Question 101

Secure HTTP

Answer 101

Port 443

Question 102

UTM

Answer 102

Unified Threat Management

Question 103

DLP

Answer 103

Data Loss Prevention

Question 104

HIPS

Answer 104

Host-based intrusion prevention system

Question 105

IdP

Answer 105

identity provider

Question 106

PEAP

Answer 106

Protected Extensible Authentication Protocol - relies on server-side certificates and relies on tunneling to ensure communications security

Question 107

LEAP

Answer 107

Lightweight Extensible Authentication Protocol - uses WEP keys for its encryption and is not recommended due to security issues

Question 108

EAP-TLS

Answer 108

EAP Transport Layer Security - requires certificates on both the client and server, consuming more management overhead

Question 109

DNSSEC

Answer 109

Domain Name System Security Extensions - provides the ability to validate DNS data and denial of existence and provides data integrity for DNS

Question 110

VDI

Answer 110

Virtual Desktop Infrastructure

Question 111

PAM

Answer 111

Privileged Access Management (PAM) system

Question 112

EDR

Answer 112

Endpoint detection and response

Question 113

PEM

Answer 113

Privacy Enhanced Mail - the most common format issued by certificate authorities

Question 114

DER

Answer 114

Distinguished Encoding Rules - a binary form of the ASCII text PEM format

Question 115

NTP

Answer 115

Network Time Protocol

Question 116

EV

Answer 116

Extended Validation certificates prove that the X.509 certificate has been issued to the correct legal entity. Additionally, only specific certificate authorities (CAs) can issue EV certificates

Question 117

NG SWG

Answer 117

Next-generation (NG) secure web gateways (SWG) add additional features beyond those found in cloud access security brokers and next generation firewalls. While features can vary, they may include web filtering, TLS decryption to allow traffic analysis and advanced threat protection, cloud access security broker (CASB) features, data loss prevention (DLP), and other advanced capabilities

Question 118

OCSP

Answer 118

Online Certificate Status Protocol

Question 119

CRL

Answer 119

Certificate Revocation List

Question 120

OCSP

Answer 120

Online Certificate Status Protocol

Question 121

RA

Answer 121

registration authority - receives requests for new certificates as well as renewal requests for existing certificates

Question 122

SRTP

Answer 122

Secure Real-Time Transport Protocol - used primarily for Voice over IP (VoIP) and multimedia streaming or broadcast. does not fully protect packets, leaving RTP headers exposed, potentially exposing information that might provide attackers with information about the data being transferred

Question 123

AH

Answer 123

Authentication Header, protocol from IPSec - IPSec’s Authentication Header (AH) protocol does not provide data confidentiality because it secures only the header, not the payload. That means that AH can provide integrity and replay protection but leaves the rest of the data at risk

Question 124

COOP

Answer 124

Continuity of Operations Planning

Question 125

FEMA

Answer 125

Federal Emergency Management Agency

Question 126

SIP

Answer 126

Session Initiation Protocol

Question 127

CAM

Answer 127

Content-Addressable Memory - The Content-Addressable Memory (CAM) tables on switches contain a list of all the devices they have talked to and will give Naomi the best chance of identifying the devices on the network

Question 128

SLA

Answer 128

Service level agreement - defines the level of service the customer expects from the service provider. The level of service definitions should be specific and measurable in each area

Question 129

MOU

Answer 129

memorandum of understanding - a legal document that describes a mutual agreement between parties

Question 130

ISA

Answer 130

interconnection security agreement - an agreement that specifies the technical and security requirements of the interconnection security requirements of the interconnection between organizations.

Question 131

BPA

Answer 131

business partnership agreement - a legal agreement between partners. It establishes the terms, conditions, and expectations of the relationship between the partners

Question 132

DPO

Answer 132

Data protection officer - required by the GDPR. They oversee the organization’s data protection strategy and implementation, and make sure that the organization complies with the GDPR

Question 133

GDPR

Answer 133

General Data Protection Regulation - a standard for data privacy and security in the European Union (EU)

Question 134

SPOF

Answer 134

Single Point of Failure

Question 135

RTO

Answer 135

Recovery time objectives

Question 136

RPO

Answer 136

Recovery point objective - specifies the allowable data loss. It is the amount of time that can pass during an interruption before the quantity of data lost during that period surpasses business continuity planning’s maximum acceptable threshold

Question 137

MTBF

Answer 137

mean time between failures - the rating on a device or component that predicts the expected time between failures.

Question 138

MTTR

Answer 138

Mean time to repair - the average time it takes for a failed device or component to be repaired or replaced

Question 139

ARO

Answer 139

annual rate of occurrence - is the ratio of an estimated possibility that a threat will take place within a one-year time frame.

Question 140

AUP

Answer 140

acceptable use policy - describes the limits and guidelines for users to make use of an organization’s physical and intellectual resources. This includes allowing or limiting the use of personal email during work hours.

Question 141

BIA

Answer 141

Business Impact Analysis - helps to identify critical systems by determining which systems will create the largest impact if they are not available.

Question 142

CIS

Answer 142

The Center for Internet Security - benchmarks provide recommendations for how to secure an operating system, application, or other covered technology

Question 143

PCI-DSS

Answer 143

Payment Card Industry Data Security Standard - a security standard that is mandated by credit card vendors. The Payment Card Industry Security Standards Council is responsible for updates and changes to the standard

Question 144

COPPA

Answer 144

Children’s Online Privacy Protection Act - a U.S. federal law

Question 145

NDA

Answer 145

Nondisclosure agreements - are signed by an employee at the time of hiring, and they impose a contractual obligation on employees to maintain the confidentiality of information. Disclosure of information can lead to legal ramifications and penalties. NDAs cannot ensure a decrease in security breaches

Question 146

SSAE

Answer 146

Standard for Attestation Engagements

Question 147

MSA

Answer 147

master services agreement - establishes a business relationship under which additional work orders or other documentation describe the actual work that is done

Question 148

TCP

Answer 148

Transmission Control Protocol - connection based protocol, slower but more reliable than UDP

Question 149

UDP

Answer 149

User Datagram Protocol - connectionless protocol, faster than TCP, less reliable

Question 150

IMAP4

Answer 150

Internet Message Access Protocol version 4

Question 151

POP3

Answer 151

Post Office Protocol version 3

Question 152

HTTP

Answer 152

Hypertext Transfer Protocol

Question 153

HTTPS

Answer 153

Hypertext Transfer Protocol over SSL/TLS

Question 154

SSL

Answer 154

Secure Sockets Layer

Question 155

TLS

Answer 155

Transport Layer Security

Question 156

DNS

Answer 156

Domain Name System

Question 157

DNSSEC

Answer 157

Domain Name System Security Extensions

Question 158

SMTP

Answer 158

Simple Mail Transfer Protocol

Question 159

RC4

Answer 159

Rivest Cipher version 4

Question 160

WEP

Answer 160

Wired Equivalent Privacy

Question 161

WPA

Answer 161

Wi-fi Protected Access

Question 162

WPA2

Answer 162

Wi-Fi Protected Access 2

Question 163

AES

Answer 163

Advanced Encryption Standard

Question 164

CCMP

Answer 164

Counter Mode/CBC-MAC Protocol - uses a 128-bit key, 128-bit block size, 48-bit initialization vectors

Question 165

WPA3

Answer 165

Wi-Fi Protected Access Version 3

Question 166

WPS

Answer 166

Wi-Fi Protected Setup

Question 167

EAP

Answer 167

Extensible Authentication Protocol

Question 168

EAP-TLS

Answer 168

Extensible Authentication Protocol Transport Layer Security

Question 169

EAP-TTLS

Answer 169

Extensible Authentication Protocol Tunneled Transport Layer Security

Question 170

PEAP

Answer 170

Protected Extensible Authentication Protocol

Question 171

LEAP

Answer 171

Lightweight Extensible Authentication Protocol

Question 172

EAP-FAST

Answer 172

Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling