Acronyms Flashcards

Question

COPPA

Answer 1

Children’s Online Privacy Protection Act A law that addresses abuse of children on the Internet.

Answer 2

Choose Your Own Device A strategy in which organization users choose their own devices from a list of options but the devices are purchased, owned, and managed by the organization.

Answer 3

Cipher Block Chaining A DES mode in which 64-bit blocks are chained together and each resultant 64-bit ciphertext block is applied to the next block.

Answer 4

Cloud Access Security Broker On-premises or cloud based software that sits between cloud service users and cloud applications and monitors all activity and enforces security policies.

Answer 5

Common Configuration Enumeration A set of best practice statements maintained by the NIST.

Answer 6

Common Industrial Protocol A suite of messages and services for the collection of manufacturing automation applications.

Answer 7

Common Name The entity name protected by an SSL/TLS certificate, which is technically represented by the Common Name field in the X.509 certificate specification.

Answer 8

Common Platform Enumeration A naming scheme for describing and classifying operations systems, applications, and hardware devices used by SCAP.

Answer 9

Common Vulnerabilities and Exposures A free MITRE database that lists vulnerabilities in published operating systems and application software as identified by Common Platform Enumeration (CPE).

Answer 10

Common Vulnerability Scoring System A system of ranking vulnerabilities that are discovered based on predefined metrics.

Answer 11

Company-Owned, Business Only A strategy in which mobile devices, are purchased, owned, and managed by the organization.

Answer 12

Computer Security Incident Response Team Provides a reliable and trusted single point of contact for reporting computer security incidents worldwide.

Answer 13

Configuration Management Database A database that keeps track of the state of assets, such as products, systems, software, facilities, and people, as they exist at specific points in time, as well as the relationships between such assets.

Answer 14

Content Delivery Network A set of geographically dispersed servers that serve content to users based on their location, so that users get content from the physically nearest server.

Answer 15

Content Management System Enables non-technical users the ability to create, manage, and modify content on a website.

Answer 16

Context Triggered Piecewise Hashes A rolling hash that involves multiple traditional cryptographic hashes for one or more fixed-size segments in a file.

Answer 17

Continuity of Operations Plan A plan that focuses on restoring an organization’s mission essential functions at an alternate site and performing those functions for up to 30 days before returning to normal operations.

Answer 18

Continuous Delivery The ability to make software features, configuration changes, bug fixes, and experiments available to users safely and quickly and in a sustainable way.

Answer 19

Continuous Delivery Pipeline The workflows needed to introduce new functionality to software, from ideation to an on-demand release of value to the end user.

Answer 20

Continuous Integration The practice of merging all software developer working copies into a shared main line several times a day.

Answer 21

Controller Area Network bus A newer standard for vehicle-to-vehicle and vehicle-to-road communication.

Answer 22

Corporate Owned, Personally Enabled A strategy in which an organization purchases mobile devices, and users manage those devices.

Answer 23

Counter A DES mode that uses an incrementing IV counter to ensure that each block is encrypted with a unique keystream.

Answer 24

Crime Prevention Through Environmental Design A multi-disciplinary approach to security that involves designing a facility from the ground up to support security.

Answer 25

Cross-Site Request Forgery An attack that causes an end user to execute unwanted actions on a web application in which they are currently authenticated.

Answer 26

Cross-Site Scripting An attack in which an attacker locates a website vulnerability and injects malicious code into the web application.

Answer 27

Crossover Error Rate The point at which FRR equals FAR.

Answer 28

Customer Relationship Management Software that identifies customers and stores customer-related data, particularly contact information and data on any direct contacts with customers.

Answer 29

Data Loss Prevention Software that uses ingress and egress filters to identify sensitive data that is leaving the organization and can prevent such leakage.

Answer 30

Database Activity Monitoring The use of tools to monitor transactions and the activity of database services.

Answer 31

Data Distribution Service Enables network interoperability for connect machines, facilitating the scalability, performance, and Quality of Service (QoS) features required for industrial applications.

Answer 32

Development Operations A software development method that aims at shorter development cycles, increased deployment frequency, and more dependable releases, in close alignment with business objectives.

Answer 33

Development Security Operations A development approach that involves representatives from development, operations, and security to create a shared sense of responsibility with regard to security.

Answer 34

Diffie-Hellmen A key agreement process used with asymmetric encryption algorithms allowing for a symmetric key exchange without using public/private key pairs.

Answer 35

Digital Rights Management Technology used by hardware manufacturers, publishers, copyright holders, and individuals to control the use of digital content.

Answer 36

Digital Signature Standard A US federal digital security standard that governs the Digital Security Algorithm (DSA).

Answer 37

Disaster Recovery Plan An information system-focused plan designed to restore operability of the target system, application, or computer facility infrastructure at an alternate site after an emergency.

Answer 38

Disaster Recovery Plan An information system-focused plan designed to restore operability of the target system, application, or computer facility infrastructure at an alternate site after an emergency.

Answer 39

Discretionary Access Control An access control system in which the owner of an object specifies which subjects can access the resource.

Answer 40

Distributed Denial of Service An attack that is carried out from multiple attack locations.

Answer 41

Distributed Network Protocol 3 A primary/secondary protocol that uses port 19999 when using TLS and port 2000 when not using TLS. Its main use is in utilities such as electric and water companies.

Answer 42

DNS over HTTPS A method of transmitting DNS traffic to remote DNS servers using the Secure HTTPS protocol.

Answer 43

Domain Name System A database that provides a hierarchical naming system for computers, services, and any resources connected to the internet or a private network.

Answer 44

Domain Name System Security Extensions A secure form of DNS which ensures that a DNS server is authenticated before the transfer of DNS information begins between the DNS server and the client.

Answer 45

Dynamic Application Security Testing A form of testing that is automated.

Answer 46

Dynamic Trunking Protocol A protocol that enables two switches to form a trunk link automatically, based on their configuration.

Answer 47

Electronic Codebook The easiest and fastest DES mode to use. It has security issues because every 64-bit block is encrypted with the same key.

Answer 48

Elliptic-Curve Cryptography An approach to public key cryptography that is based on the algebraic structure of elliptic curves over finite fields.

Answer 49

Elliptic-Curve Diffie-Hellman A key agreement protocol that uses an elliptic-curve public/private key pair to establish a symmetric key over an insecure channel.

Answer 50

Elliptic-Curve Digital Signature Algorithm An algorithm that provides elliptical-curve-based key exchange.

Answer 51

Endorsement Key Persistent memory installed by a manufacturer that contains a public-private key pair.

Answer 52

Endpoint Detection and Response A proactive endpoint security approach that is designed to supplement existing defenses.

Answer 53

Enterprise Resource Planning A process that involves collecting, storing, managing, and interpreting data from product planning, product cost, manufacturing or service delivery, marketing/sales, inventory management, shipping, payment, and any other business processes.

Answer 54

Enterprise Service Bus A software platform used to facilitate communication between mutually interacting software applications in an SOA.

Answer 55

Executable and Linkable Format The standard binary format on Oss such as Linux. Capabilities include dynamic linking, dynamic loading, imposing run-time control on a program, and an improved method for creating shared libraries.

Answer 56

Exposure Factor The percentage value or functionality of an asset that will be lost when a threat event occurs.

Answer 57

Extended Validation A certificate that requires verification of the requesting entity’s legal identify before the certificate can be issued.

Answer 58

Extensible Access Control Markup Language A standard for an access control policy language using XML. Its goal is to create an ABAC system that decouples the access decision from the application or the local machine.

Answer 59

Extensible Authentication Protocol A framework for port-based access control that uses the same three components that are used in RADIUS.

Answer 60

Extensible Configuration Checklist Description Format A specification language for writing security checklists, benchmarks, and related kinds of documents that is used by SCAP.

Answer 61

Extensible Markup Language A markup language that is often used in web deployments.

Answer 62

False Acceptance Rate A measurement of the percentage of invalid users that will be falsely accepted by the system.

Answer 63

False Rejection Rate A measurement of valid users that will be falsely rejected by the system.

Answer 64

Federation of European Risk Management Associations Risk Management Standard An organization that provides guidelines for managing risk in an organization.

Answer 65

Field Programmable Gate Array A type of PLD that is programmed by blowing fuse connections on the chip or using an anti-fuse that makes a connection when a high voltage is applied to the junction.

Answer 66

File Integrity Monitoring Methods of ensuring that files have not been altered by an unauthorized person or application.

Answer 67

First-In, First-Out A tape rotation scheme in which the newest backup is saved to the oldest media.

Answer 68

Forensic Toolkit A tool for taking images of forensic data without making changed to the original evidence.

Answer 69

Function as a Service An extension of PaaS that completely abstracts the virtual server from the developer.

Answer 70

Galois/Counter Mode A DES mode in which blocks are numbered sequentially, and then a block number is combined with an IV and encrypted with a block cipher, usually AES.

Answer 71

General Data Protection Regulation Regulatory guidelines required by the EU.

Answer 72

Global Positioning System GPS sensors can report highly accurate location information.

Answer 73

GNU Privacy Guard A rewrite or upgrade of PGP that uses AES.

Answer 74

GNU Project Debugger A tool that allows visibility into a program while it executes or determines what the program was doing at the moment it crashed.

Answer 75

Grandfather/Father/Son A tape rotation scheme in which three sets of backups are defined. Most often these three definitions are daily (sons), weekly (fathers), and monthly(grandfathers). Each week, one son advances to the father set.

Answer 76

Hardware Security Module An appliance that safeguards and manages digital keys used with strong authentication and provides crypto processing.

Answer 77

Host-based Message Authentication Code A keyed-has MAC that involves a hash function with a symmetric key. HMAC provides data ingrity an authentication.

Answer 78

Hierarchical Storage Management A backup method that involves storing frequently accessed data on faster media and less frequently accessed data on slower media.

Answer 79

Host-based Intrusion Detection System Provides threat detection by monitoring OS logs, processes, services, and file systems.

Answer 80

Host-based Intrusion Prevention System Provides detection and responds to identified anomalies by stopping service, blocking communications, or stopping processes.

Answer 81

Host-based Message Authentication Code Specified message authentication that can verify both the source and content of a message without any other means. On the sender and receiver know the secret key.

Answer 82

HMAC-based One-Time Password An algorithm that computes a password from a shared secret that is used on time only. It uses an incrementing counter that is synchronized on the client and the server to do this.

Answer 83

HTTP Strict Transport Security A policy mechanism that informs web browsers (or other user agents) that they should automatically interact with it using only HTTPS connections.

Answer 84

Human Intelligence Any information gathered via person-to-person contact.

Answer 85

Hybrid Software-Defined Networks A mix of traditional and software-defined networks operating within the same environment. A middle ground for companies with existing infrastructure who cannot replace all of the equipment to take full use of SDNs.

Answer 86

Incident Response Team A written document that helps an organization before, during, and after a confirmed or suspected security incident.

Answer 87

Indicator of Compromise Any activity, artifact, or log entry that is typically associated with an attack of some sort.

Answer 88

Industrial Control System A general term that encompasses several types of control systems used in industrial production.

Answer 89

Information Sharing and Analysis Center Nonprofit organizations that host security information sharing systems.

Answer 90

Information System Contingency Plan A plan that provides established procedures for the assessment and recovery of a system following a system disruption.

Answer 91

Infrastructure as a Service A cloud service model in which the vendor provides the hardware platform or data center, and the company installs and manages its own OS and apps.

Answer 92

Initialization Vector A fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom.

Answer 93

Interactive Application Security Testing A form of testing in which the tester interacts with the system.

Answer 94

Interconnection Security Agreement An agreement between two organizations that own and operate connected IT systems to document the technical requirements of the interconnection.

Answer 95

Internet Message Access Protocol An application layer protocol used on a client to retrieve email from a server.

Answer 96

Internet Protocol Security A suite of protocols that establishes a secure channel between two devices.

Answer 97

Internet of Things A system of interrelated computing devices, mechanical and digital machines, and objects that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or humant-to-computer interaction.

Answer 98

Intrusion Detection System A system responsible for detecting unauthorized access or attacks against systems and networks.

Answer 99

Intrusion Prevention System A system that is responsible for preventing attacks.

Answer 100

JavaScript Object Notation The data exchange format used to send data between applications in the form of an API-based representational state transfer (REST) architectural style.

Answer 101

JSON Web Token A proposed internet standard that uses signed tokens to communicate with previously established authentication information in an SSO environment.

Answer 102

Key Performance Indicator A metric that is created, collected, and analyzed to assess performance.

Answer 103

Key Risk Indicator A metric that is created, collected, and analyzed to assess risk.

Answer 104

Layer 2 Tunneling Protocol A newer protocol that operates at layer 2 of the OSI model. Like PPTP, L2TP can use various authentication mechanisms, however, L2TP does not provide any encryption. It is typically used with IPSec, which is a very strong encryption method.

Answer 105

Lightweight Extensible Authentication Protocol A proprietary wireless LAN authentication method developed by Cisco.

Answer 106

Lightweight Directory Access Protocol A common directory services standard.

Answer 107

Machine Learning The use of generated training data to build a model that makes predictions and decisions without being explicitly programmed to do so.

Answer 108

Main Distribution Frame A signal distribution frame for connecting equipment (inside plant) to cables and subscriber carrier equipment (outside plant).

Answer 109

Managed Security Service Provider A provider that offers the option to fully outsource all information assurance to a third party.

Answer 110

Mandatory Access Control An access control system in which subject authoritzation is based on security labels.

Answer 111

Master Service Agreement A contract between two partiees in which both parties agree to most of the terms that will govern future transactions or future agreements.

Answer 112

Mean Time Between Failures The estimated amount of time a device will operate before a failure occurs.

Answer 113

Mean Time to Recovery The average time to repair a single resource or function when a disaster or disruption occurs.

Answer 114

Memorandum of Understanding An agreement between two or more organizations that details a common line of action.

Answer 115

Message Digest Algorithm Produces a 128-bit output and is less secure than SHA. it sometimes represents passwords.

Answer 116

Adversarial Tactics, Techniques, & Common Knowledge A knowledge base of adversarial tactics and technique based on real-world observations.

Answer 117

ATT&CK for Industrial Control Systems A MITRE knowledge base that focuses specifically on industrial control systems.

Answer 118

Multi-Cloud Key Management System A key management system configured for multiple clouds.

Answer 119

Multi-Factor Authentication Authentication in which authentication factors from at least two different factor categories are used. For example, a PIN, a retina scan, and signature dynamics.

Answer 120

Multipurpose Internet Mail Extensions An Internet standard that allows email to include non-text attachments, non-ASCII character sets, multiple part message bodies, and non-ASCII header information.

Answer 121

Near Field Communication A sect of communication protocols that allow two electronic devices, one of which is usually a mobile device, to establish communication when they are within 2 inches of each other.

Answer 122

Net Present Value A function that considers the fact that money spent today is worth more than savings realized tomorrow.

Answer 123

Network Access Control A service that goes beyond authentication of the user and includes examination of the state of the computer the user is introducing to the network when making a remove access, or VPN, connection to the network.

Answer 124

Network Address Translation A service that can be supplied by a router or by a server that translates public IP addresses to private IP addresses and vice versa.

Answer 125

Network Intrusion Detection System An IDS that monitors network traffic on a local network segment.

Answer 126

Network Intrusion Prevention System An IPS that scans traffic on a network for signs of malicious activity and takes some action to prevent it.

Answer 127

Next Generation Firewall A type of firewall that attempts to address the traffic inspection and application-awareness shortcomings of a traditional stateful firewall without hampering performance.

Answer 128

Non-Disclosure Agreement An agreement between two parties that defines what information is considered confidential and cannot be shared outside the two parties.

Answer 129

No-Execute bit Technology used in CPUs to segregate areas of memory for use by either storage of processor instructions or storage of data.

Answer 130

One-Time Password A password that is used only once to log in to the access control system. This password type provides the highest level of security because it is discarded after it is used once. Also called a dynamic password.

Answer 131

Online Certificate Status Protocol An internet protocol that obtains the revocation status of an X.509 digital certificate by using the serial number.

Answer 132

Open Authorization A standard for authorization that allows users to share private resources on one site to another site without using credentials.

Answer 133

Open-Source Intelligence Data collected from publicly available sources.

Answer 134

Open Source Security Testing Methodology Manual A manual that covers different kinds of security tests of physical, human (processes), and communication systems.

Answer 135

Open System Authentication The default authentication used in 802.11 networks using WEP. The authentication request contains only the station ID and authentication response.

Answer 136

Open Vulnerability and Assessment Language A standardized method used to transfer security information across the entire spectrum of security tools and services.

Answer 137

Open Web Application Security Project A group that monitors web attacks.

Answer 138

Operational-Level Agreement An internal organizational document that details the relationships that exist between departments to support business activities.

Answer 139

Output Feedback A DES mode that uses a previous keystream with a key to create the next keystream.

Answer 140

Over-the-Air An industry-standard mechanism or process that wirelessly delivers OS and firmware updates to a mobile device over Wi-Fi or a mobile data connection.

Answer 141

Packet Capture Packet and protocol analysis rely on a sniffer tool to capture and decode the frames of data. Network traffic can be captured from a host or a network segment.

Answer 142

Password Authentication Protocol A password-based authentication protocol used by Point to Point Protocol (PPP) to validate users.

Answer 143

Password-Based Key Derivation FUnction 2 An encryption mechanism that basically uses a password and manipulates it to generate a strong key that can be used for encryption and subsequently decryption.

Answer 144

Payment Card Industry Data Security Standard A security standard that enumerates requirements that payment card industry players should meet to secure and monitor their networks, protect cardholder data, manage vulnerabilities, implement strong access controls, and maintain security policies.

Answer 145

Perfect Forward Secrecy A process which ensures that a session key derived from a set of long term keys cannot be compromised if one of the long term keys is compromised in the future.

Answer 146

Personally Identifiable Information A piece of data that can be used alone or with other information to identify a particular person.

Answer 147

Platform as a Service A cloud service model in which the vendor provides the hardware platform or data center and the software running on the platform, including the OS and infrastructure software. The company is still involved in managing the system.

Answer 148

Platform Configuration Register hash Versatile memory that stores data hashes for the sealing function.

Answer 149

Point-to-Point Tunneling Protocol A Microsoft protocol based on PPP that uses built-in Microsoft Point-to-Point encryption and can use a number of authentication methods, including CHAP, MS-CHAP, and EAP-TLS.

Answer 150

Post Office Protocol An application layer email retrieval protocol.

Answer 151

Preferred Roaming List A list of radio frequencies that resides in the memory of some kinds of digital phones.

Answer 152

Pretty Good Privacy An encryption system that provides email encryption over the internet can provide confidentiality, integrity, and authentication, depending on the encryption methods used.

Answer 153

Privacy-Level Agreement A document that sets out in contractual terms how a third-party provider will ensure that the information it hosts will not be seen by the wrong set of eyes.

Answer 154

Private Branch Exchange A telephone exchange or telephone switching system that is installed at, and serves, a private organization with a large number of internal devices.

Answer 155

Private Function Evaluation The process of evaluating one party’s private data using a private function owned by another party.

Answer 156

Private Information Retrieval A type of protocol that can retrieve information from a server without revealing which item is retrieved.

Answer 157

Privileged Access Management Protects against the issues related to credential theft and misuse.

Answer 158

Product Release Information A connection between a mobile device and a radio

Answer 159

Programmable Logic Device An integrated circuit with connections or internal logic gates that can be changed through a programming process.

Answer 160

Public Key Infrastructure The set of systems, software, and communication protocols that distribute, manage, and control public key cryptography.

Answer 161

RACE Integrity Primitives Evaluation Message Digest A hashing algorithm that produces a 160-bit hash value after performing 160 rounds of computations on 512-bit blocks.

Answer 162

Real-Time Transport Protocol A network protocol for delivering audio and video over IP networks.

Answer 163

Real User Monitoring A monitoring method that captures and analyzes every transaction of every application or website user.

Answer 164

Redundant Array of Inexpensive Disks Refers to how a sysadmin configures the storage array to provide redundancy in the case of one or more disks failing.

Answer 165

Registration Authority A server that verifies a requester’s identity and registers the requester.

Answer 166

Remote Authentication Dial-In User Service A networking protocol that provides centralized authentication and authorization.

Answer 167

Remote Desktop Protocol A proprietary protocol developed by Microsoft that provides a graphical interface to connect to another computer over a network.

Answer 168

Remote Terminal Unit A device in an ICS that connects to sensors and converts sensor data to digital data, including telemetry hardware.

Answer 169

Representational State Transfer A client/server model for interacting with content on remote systems, typically using HTTP.

Answer 170

Return On Investment The money gained or lost after an organization makes an investment.

Answer 171

Rivest, Shamir, and Adleman The most popular asymmetric algorithm.

Answer 172

Rule-Based Access Control An access control system in which each subject is assigned to one or more roles. Roles are hierarchical, and access control is defined based on the roles.

Answer 173

Rules of Engagement A document describing how a pen-test may be performed, including the type of testing to be performed, the scope of software and systems to be included in the test, along with contact information.

Answer 174

Root of Trust Or, trust anchor, is a secure subsystem that provides attestation, meaning the receiver can trust a statement made by the system.

Answer 175

Safety Instrumented Data Contains sensors, logic solvers, and final control elements (like horns, flashing lights, and sirens) to return an industrial process to a safe state after detecting predetermined conditions.

Answer 176

Scope of Work Describes the specific systems, or range of IP addresses, time frame, testing, location of where testing is to be performed, and other details.

Answer 177

Secure Function Evaluation The process in which multiple parties collectively compute a function and receive its output without learning the inputs from any other party.

Answer 178

Secure Hashing Algorithm A family of four algorithms published by the US NIST.

Answer 179

Secure Multipurpose Internet Mail Extensions A secure version of MIME that encrypts and digitally signs email messages and encrypts attachments.

Answer 180

Secure Shell A protocol created to provide an encrypted method of performing remote command-line operations.

Answer 181

Secure Sockets Layer A protocol used to create secure connections to servers. It works at the application layer of the OSI model. It is used mainly to protect HTTP/HTTPS traffic or web servers.

Answer 182

Security Assertion Markup Language A security attestation model built on XML and SOAP-based services that allows for the exchange of authentication and authorization data between systems and that supports federated identity management.

Answer 183

Security Content Automation Protocol A standard that the security automation community uses to enumerate software flaws and configuration issues.

Answer 184

Security-Enhanced Android An SELinux version that runs on Android devices.

Answer 185

Security-Enhanced Linux A Linux kernel security module that separates enforcement of security decisions from the security policy itself and streamlines the amount of software involved with security policy enforcement.

Answer 186

Security Information and Event Management A system that provides log centralization and an automated solution for analyzing events.

Answer 187

Security Orchestration, Automation, and Response The use of technologies to accomplish automation and orchestration in performing mundane tasks that are crucial to identifying and responding to security issues.

Answer 188

Security Requirements Traceability Matrix A grid that documents the security requirements that a new asset must meet.

Answer 189

Security Trust Assurance and Risk registry A list of cloud providers that have met the requirements laid out by the Cloud Security Alliance (CSA).

Answer 190

Self-Encrypting Drives An HDD or SSD designed to automatically encrypt drive data as it is written to the disk and decrypt stored data.

Answer 191

Sender Policy Framework An email validation system that works by using DNS to determine whether an email sent by someone has been sent by a host sanctioned by that domain’s administrator.

Answer 192

Service Level Agreement An agreement to respond to problems within a certain time frame while providing an agreed level of service.

Answer 193

Service Oriented Architecture A style of software design that involves using software to provide application functionality as services to other applications.

Answer 194

Service Set Identifier A name or value assigned to identify a WLAN from other WLANs.

Answer 195

Shared Key Authentication A verification process that uses WEP and a shared secret key for authentication. The challenge text is encrypted with WEP using the shared secret key.

Answer 196

Simple Certificate Enrollment Protocol A protocol that is used in provisioning certificates to network devices, including mobile devices.

Answer 197

Simple Mail Transfer Protocol An application layer protocol that is used to retrieve information from network devices and to send configuration changes to those devices.

Answer 198

Simple Network Management Protocol An application layer protocol that is used to retrieve information from network devices and to send configuration changes to those devices.

Answer 199

Simple Object Access Protocol A protocol specification for exchanging structured information in the implementation of web services in computer networks.

Answer 200

Single Loss Expectancy The monetary impact of a threat occurrence.

Answer 201

Single Sign-On

Answer 202

Software as a Service A cloud service model in which the vendor provides the entire solution, including the OS, the infrastructure software, and the application.

Answer 203

Software Composition Analysis The process of performing automated scans of an application’s code base, including related artifacts such as containers and registries, to identify all open-source components, their license compliance data, and any security vulnerabilities and fix vulnerabilities through prioritization and auto remediation.

Answer 204

Software-Defined Networks The decoupling of the control plan and the data plane in networking.

Answer 205

Stateful Network Address Translation A service that implements two or more NAT devices to work together as a translation group. It is called stateful NAT because it maintains a table about the communication sessions between internal and external systems.

Answer 206

Static Application Security Testing A form of testing that is performed with the application not running.

Answer 207

Storage Root Key Persistent memory that secures the keys stored in a TPM chip.

Answer 208

Structured Query Language Injection SQLi manipulates SQL language in poorly crafted web applications in order to gain access to data stored in the underlying database.

Answer 209

Supervisory Control And Data Acquisition A system that operates with coded signals over communication channels to provide control of remote equipment.

Answer 210

System on a Chip Software contained on a chip such as a baseband processor in a network interface that manages radio functions.

Answer 211

System File Checker A command-line utility that checks and verifies the version of system files on a computer.

Answer 212

Switched-Port Analyzer A port that has been configured to include mirrored traffic from other ports on a switch.

Answer 213

Terminal Access Controller Access Control System A networking protocol that provides centralized authentication and authorization.

Answer 214

Test Access Port The preferred mechanism for performing traffic capture, sniffing.

Answer 215

Time-based One-Time Password An algorithm that computes a password from a shared secret and the current time. It is based on the HOTP but turns the current time into an integer-based counter.

Answer 216

Time of Check vs Time of Use Describes issues associated with programming that follow a sequence of steps and makes assumptions about the state of the steps. A lack of atomic execution exposes applications to TOCTOU types of attacks.

Answer 217

Total Cost of Ownership A measure of the overall costs associated with running an organizational risk management process, including insurance premiums, finance costs, administrative costs, and any losses incurred.

Answer 218

Transport Layer Security A cryptographic protocol that protects internet communications and is an upgrade of SSL.

Answer 219

Triple Digital Encryption Standard The replacement algorithm for DES.

Answer 220

Trusted Platform Module A specification for hardware-based storage of encryption keys, hashed passwords, and other user and platform identification information.

Answer 221

Two-Factor Authentication Authentication in which authentication factors from two different factor categories are used. For example, a password and an iris scan.

Answer 222

Unified Extensible Firmware Interface An alternative to BIOS for interfacing between the software and the firmware of a system.

Answer 223

Unified Threat Management A solution in which devices perform multiple security functions. For example, antivirus, firewalling, and network access control may all be provided by a single device.

Answer 224

Universal Description Discovery and Integration A platform-dependent, XML protocol that includes a (XML-based) registry by which businesses worldwide can list themselves on the internet, and a mechanism to register and locate web service applications.

Answer 225

User and Entity Behavior Analytics A type of analysis that focuses on observing network behaviors for anomalies.

Answer 226

Virtual Desktop Infrastructure A server-based virtualization technology that hosts and manages virtual desktops. Functions include creating the desktop images, managing the desktops on the servers, and providing client network access for the desktop.

Answer 227

Web Application Firewall Provides effective protection of web applications by inspecting traffic for signs of malicious activity.

Answer 228

Web Services Security An extension to SOAP that is used to apply security to web services.

Answer 229

Wi-Fi Protected Access WPA2 Wi-Fi Protected Access 2 WPA3 Wi-Fi Protected Access 3

Answer 230

Wired Equivalent Privacy

Answer 231

Wireless Intrusion Detection System An IDS that operates on a WLAN rather than on a wired network.

Answer 232

Execute Never bit A method for specifying areas of memory that cannot be used for execution.

Answer 233

XML External Entity Injection An attack against an application that parses XML input. A weakly configured XML parser may process references to an external entity that could leak confidential data.

Answer 234

Extensible Configuration Checklist Description Format Provides a consistent and standardized way to define benchmark information as well as configuration and security checks to be performed during an assessment.