Acronyms Flashcards

1
Q

TTPs

A

tactics techniques and procedures of a threat actor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

FAR

A

False acceptance rate. Letting an unauthorized person have access to a location

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

FRR

A

False rejection rate. Rejecting authorized personnel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

CER

A

A balance between FAR and FRR for optimal
authentication effectiveness cross error rate. Lower the better

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SOP’s

A

standard operating procedure. Detailed step by step instructions for implementing changes
-has to do with change management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

CAB

A

Change advisory board

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

APT

A

Advanced persistent threat
used synonymously with nation state threat actors since they have long term persistence and stealth
it is a prolonged and targeted cyber attack where the threat actor gains access to a network and remains undetected while they steal data or monitor the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

XXE (XML External Entity Attack)

A

attempts to read local resources like password hashes in the shadow file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

XSS

A

cross site scripting
injects a malicious script into a trusted site to compromise the sites visitors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

DOM XSS

A

document object model
exploits client’s web browser using client side scripts to modify the content and layout of the webpage, client’s device executes the attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

NOP Slide

A

attackers fill the buffer with NOP No operation instructions. The return address slides down the NOP instructions until it reaches the attackers code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

TOC

A

Time of Check, atackers manipulate a resource’s state after it is checked but before it is used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

TOU

A

Time of Use. Attackers alter a resource’s state after it is checked but before it is used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

TOE

A

time of Evaluation. Attackers manipulate data or resources during the systems decision making or evaulation process

In the context of security, time of evaluation could refer to when a security policy or access control rule is evaluated to determine whether to grant or deny access to a resource. For instance, if a security policy is evaluated before a user logs in, it may grant access based on outdated or incomplete information, leading to a security vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

CSRF

A

cross site request forgery. triggers actions on different websites without user consent

exploits trust user has in browser

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

DLL

A

Dynamic Link Library
collection of code and data that can be used by multiple programs simultaneously to allow for code reuse and modularization in software development

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

IPS

A

intrusion prevention system
can identify and respond to DoS attacks for small scale incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

LDAP

A

lightweight directory access protocol
an open vendor neutral industry standard app protocol for accessing and maintaining distributed directory info services over an internet protocol network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

DNSSES

A

domain name system security extensions to add digitial signatures to dns data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

DAC

A

discretionary access control
allows object owners to directly control access using tools like chown and chomos
selinux uses mac not dac

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

RTOS

A

Real time OS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

SCADA

A

supervisory control and data acquisition systems
type of ICS designed for monitoring and controlling geographically dispersed industrail processes
common in electric power generation transmission and distribution systems
water treatment oil and gas

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

PLCs

A

programmable logic controllers
used to control specific processes such as assembly lines and facotriess

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

DCS

A

distributed control system
used in control production systems within a single location

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

ICS

A

industrial Control System
used to monitor and control industrial processes found in industies like electrical water oil gas and data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

GDPR

A

general data protection regulation
protects EU citizen data
compliance required regardless of location

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

PII

A

personally identification information
names, SSN, addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

PHI

A

personal health info
protected under hippa

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

IPSec

A

internet security protocol secures IP communications by authenticating and encrypting IP packets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

RAID

A

redundant array of indepedent disks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

UPS

A

Uninterruptible Power Supplies (UPS)
● Provide emergency power during power source failures
● Offer line conditioning functions
● Include battery backup to maintain power during short-duration failures
● Typically supply 15 to 60 minutes of power during a complete power failur

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

PDC

A

Power distribution center
Central hub for power reception and distribution
● Includes circuit protection, monitoring, and load balancing
● Integrates with UPS and backup generators for seamless transitions during power event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

RPO

A

ecovery Point Objective (RPO)
○ Ensures that the backup plan will maintain the amount of data required to keep any data loss under the organization’s RPO
threshold

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

COOP

A

Ensures an organization’s ability to recover from disruptive events or disasters
continuity of operations plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

BC Plan

A

business continuity planning
Plans and processes for responding to disruptive events
● Addresses a wide range of threats and disruptive incidents
● Involves preventative actions and recovery steps
● Can cover both technical and non-technical disruptions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

DRP

A

disaster recovery plan
Focuses on plans and processes for disaster response
● Subset of the BC Plan
● Focuses on faster recovery after disasters
● Addresses specific events like hurricanes, fires, or flood

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

UAC

A

user account control
a mechanism designed to ensure that actions requiring admin rights are explicitly authorized by the user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

ABAC

A

attribute based access control
includes user attributes like name, and Org ID
environmental variables, time of access data location etc and resource attributes like resource owner, rile name and data sensitivity

RBAC (Rule-Based): Access is based on predefined rules that apply universally.
ABAC: Access is based on the evaluation of multiple attributes of the user, resource, and environmen

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Rule based access control

A

uses security rules or access control lists
policies can be changed quickly
applied across multiple users on a network segment
as needed access, require certain location, limit access based on device
lots of control and flexibility
dynamic

RBAC (Rule-Based): Access is based on predefined rules that apply universally.
ABAC: Access is based on the evaluation of multiple attributes of the user, resource, and environmen

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

RBAC

A

role based
assigns users to roles and assigns permissions to roles
mimics orgs hierarchy
enforces minimum privileges
sometimes a user needs more access and they cannot get it because its not within their role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

DAC

A

discretionary access control
least restrictive
role based access control
admin can quickly and easily configure permissions
gives too much authority to admin
resource owners specify which users can access their resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

MAC

A

most restrictive
most beneficial for maximum security orgs
uses security labels to authorize resources
access is granted if user label is equal or higher than the resource’s label

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

JIT permissions

A

just in time, grants admin access only when needed for a specific time period and task

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

SAML

A

Security Assertion markup langugae
important for sso
when a sales employee at organization X tries to access a third party app from company Z, org x the IdP in this scenario kicks into action and sends a message to org z saying this user is valid. Org z then creates a session for that user
standard for logging users into apps based on sessions in another contect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

oauth

A

How can we let a third party app access a user’s data without giving the app their credentials?
Forces users to only put in password in one app in oauth center.
if you login to reddit for example you dont put in gmail password, you sign in first in gmail
open standard for token based authentication and authorization
allows third party services to access user account info without exposing passwords
restful apis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

LDAP

A

lightweight directory access protocol
used to access and maintain distributed directory information
can share user info across network devices
its like a phone book and is used when you dont know the exact information about a given resource or individual, it uses AD to help you find them
can be used to share information in sso

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

PAM

A

priviledged access management
JIT permissions just in time
password vaulting
temporal accounts

Privileged Access Management (PAM) is a critical security measure that helps organizations control, monitor, and secure access to systems and data by users with elevated privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

BYOD

A

bring your own device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

COPE

A

coporate owned personally enabled
high intial investment
employees may have privacy concerns

50
Q

CYOD

A

employees select devices from a company approved list
choose your own device

51
Q

ICS

A

industrial control system

52
Q

DCS

A

distributed control system

53
Q

PCL

A

programmable logic controllers
used to control specific processes such as assembly lines and factories

54
Q

SCADA

A

supervisory control and data acquisition systems
type of ICS used for controlling geographically dispersed industrial processes

55
Q

RTOS

A

real time OS
critical for time sensitive apps

56
Q

OTA

A

over the air updates for real time operating systems

57
Q

WAP

A

wireless access point

58
Q

ESS

A

extended service set
multiple waps working together to provide seamless network coverage

59
Q

WEP

A

wired equivalent privacy
outdated encryption protocol

60
Q

SAE

A

simultaneous authentication of equals
replaces the 4 way handshake with a diffie hellman key
protects against offline dictionary attacks

61
Q

AAA protocols

A

important for centralized user authentication and access control

62
Q

RADIUS

A

Remote Authentication Dial-In User Service)
Function: Handles authentication, authorization, and accounting for users accessing a network.
How it works: Users’ credentials are sent to a RADIUS server, which checks the information and sends back a response to allow or deny access.

63
Q

TACACS+

A

terminal access controller access control system
Usage: Often used in enterprise networks for managing access to routers, switches, and other network devices.
Function: Separates authentication, authorization, and accounting processes, offering more flexibility and detailed control.
How it works: Similar to RADIUS, but allows for more granular control over command execution and user privileges on network device

64
Q

EAP

A

extensible authentication protocol
authentication frameowkr supporting multiple methods

can be used with AAA protocols as the authentication piece for user access to networks

65
Q

PEAP

A

protected extensible authentication protocol
encapsulates EAP within an encrypted TLS tunnel

can be used with AAA protocols as the authentication piece for user access to networks

66
Q

EAP-FAST

A

extensible authentication protocol tunneled transport layer security
extends tls support accross platforms

can be used with AAA protocols as the authentication piece for user access to networks

67
Q

SAST

A

Statis code analysis
reviewing and examining a source code before running the program
identifies issues like buffer overflows, sql injection and xss

68
Q

DAST

A

dynamic code analysis

69
Q

OSINT

A

open source intelligence
Collected from publicly available sources like reports, forums, news
articles, blogs, and social medi

70
Q

CVSS

A

common vulnerability scoring system

71
Q

CVE

A

common vulnerabilities and exposures
system that provides a standadized way to uniquely identify and reference known vulnerabilities in software and hardware

72
Q

SPOG

A

single pane of glass

73
Q

MRTG

A

multi router traffic grapher
Creates graphs displaying network traffic flows through routers and switches
■ Uses SNMP (Simple Network Management Protocol) to gather data
■ Helps identify traffic patterns and anomalies by visualizing data transfer volumes

74
Q

Zeke

A

Hybrid tool for network monitoring
■ Monitors traffic like NetFlow but logs full packet captures based on interest
■ Filters or signatures trigger full packet capture to analyze specific data
■ Normalizes data for easy import into other tools for visualization and analysis

75
Q

FPC

A

full packet capture
Captures entire packets, including headers and payloads
Network and Flow Analysis

76
Q

CVSS

A

Common Vulnerability Scoring System (CVSS)
Used to provide a numerical score reflecting the severity of a vulnerability (0 to
10)
■ Scores are used to categorize vulnerabilities as none, low, medium, high, or
critical
■ Scores assist in prioritizing remediation efforts but do not account for existing
mitigations

77
Q

CPE

A

(Common Platform Enumeration)
● Identifies hardware devices, operating systems, and applications
● Standard formatting

78
Q

CCE

A

common configuration enumeration method for SCAP
Scheme for provisioning secure configuration checks across multiple
sources
● Provides unique identifiers for different system configuration issues

79
Q

ARF

A

asset reporting format
SCAP language
XML schema for expressing information about assets and their
relationships
● Vendor and technology neutral
● Flexible
● Suited for a wide variety of reporting application

80
Q

XCCD

A

SCAP language
(Extensible Configuration Checklist Description Forma
XML schema for developing and auditing best-practice configuration
checklists and rules
● Allows improved automation

81
Q

OVAL

A

an SCAP language
(Open Vulnerability and Assessment Language)

82
Q

SCAP

A

Security Content Automation Protocol (SCAP)
Suite of open standards that enhances the automation of vulnerability
management, measurement, and policy compliance evaluation of systems
deployed in an organization
■ Developed by the National Institute of Standards and Technology (NIST)
■ Enhances the automation of security tasks, including the following
● Vulnerability scanning
● Configuration checking
● Software inventory

83
Q

QRadar

A

A SIEM log management, analytics, and compliance reporting platform
created by IBM

84
Q

Archsight

A

SIEM log management and analytics software
● Suitable for compliance reporting for regulations like HIPAA, SOX, and PCI
DSS

85
Q

ELK

A

(Elastic Stack)
● A collection of free and open-source SIEM tools, including the following
○ Elasticsearch
○ Logstash
○ Kibana
○ Beats
Components work together for log collection, storage, analysis, and virtualization

86
Q

MIB

A

management info base
A hierarchical namespace containing OIDs and their
descriptions
● Describes the structure of device subsystem
management data
● Stores consolidated information received through
SNMP traps

87
Q

OID

A

Unique object identifier used to identify variables
for reading or setting via SNMP
● Allows the manager to distinguish individual SNMP
trap messages

88
Q

SNMP

A

Simple Network Management Protocol (SNMP)
An Internet protocol used for collecting information from managed devices on IP
networks and modifying device behavior
Managed devices include the following
● Routers
● Switches
● Firewalls
● Printers
● Servers
● Client device

SNMP Agents and Manager
Asynchronous notifications from agents to the manager to notify
significant event

89
Q

DLP

A

data loss prevention
a strategy to prevent sensitive data from leaving an org
aims to monitor data in use, in transit or at rest to detect and precent data theft

90
Q

CURL

A

an api testing tool

91
Q

soap

A

simple object access protocol

92
Q

rest

A

represnetational state transfer

93
Q

SOAR

A

(Security Orchestration, Automation, and Response)
■ Class of security tools for incident response, threat hunting, and security
configurations
■ Purpose
● Orchestrate and automate runbooks, deliver data enrichment
■ Example
● Integrating SIEM and SOAR for advanced security capabilities

94
Q

RCA root cause analysis

A
95
Q

SIEM

A

security info and event monitoring system
Real-time analysis of security alerts from applications and network hardware
■ Combination of different data sources into one tool
■ Provides a consolidated view of network activity
■ Allows for trend analysis, alert creation, and correlation of data

96
Q

nxlog

A

Multi-platform, open-source log management tool
■ Identifies security risks and analyzes logs from server, OS, and applications

97
Q

sFlow

A

Network protocol for collecting active IP network traffic data
■ Provides information on source, destination, volume, and path

98
Q

IPFix

A

(Internet Protocol Flow Information Export)
■ Universal standard for exporting IP flow information
■ Used for mediation, accounting, and billing by defining data format for exporters
and collectors

99
Q

EF

A

exposure factor
● Proportion of asset lost in an event (0% to 100%)
● Indicates asset loss severity
ex flooding hitting headquarters would be 70% loss in assets

100
Q

SLE

A

single loss expectancy
Calculated as Asset Value x Exposure Factor (EF)
70% x say $5,000 (cost of asset)

101
Q

ARO

A

annualized rate of occurrence
● Estimated frequency of threat occurrence within a year
● Provides a yearly probability

102
Q

ALE

A

Annualized Loss Expectancy (ALE)
SLE x ARO

103
Q

KRIs

A

key risk indicators
Predictive metrics signaling increasing risk exposure
■ Provide early warning of potential risks
■ Tied to the organization’s objectives
■ Used to monitor risk changes and take proactive step

104
Q

MTBF

A

a high MTBF means system doesnt fail often
mean time between failures

105
Q

RPO

A

recovery point objective
max acceptable data loss measured in time

106
Q

MTTR

A

average time to repair a failed component or system

107
Q

BIA

A

business impact analysus
■ Evaluates effects of disruptions on business functions
■ Identifies and prioritizes critical functions
■ Assesses impact of risks on functions
■ Determines required recovery time for function

108
Q

NGFW

A

next gen firewall
- application aware (distinguishes different types of traffic)
-conducts deep packet analysis
-operates fast

109
Q

WAF

A

web app firewall
–http traffic
-prevents SQL injections etc

110
Q

ACL

A

access control list
- essential for securing networks from unwanted traffic
consist of permit and deny statements often based on port numbers
the
place most specific rules at the top and generic at the bottom

111
Q

NAC

A

network access control
-used to protect networks from both known and unknown devices by scanning devices to assess their security status before granting network access
-can be a applied as a hardware or a software solution

112
Q

DKIM

A

domainkeys identified mail
-Allows the receiver to verify the source and integrity of an email by
adding a digital signature to the email headers
● The recipient server validates the DKIM signature using the sender’s
public cryptographic key in the domain’s DNS records
● Benefits
○ Email authentication
○ Protection against email spoofing
○ Improved email deliverability
○ Enhanced reputation score

113
Q

SPF

A

sender policy framework
Prevents sender address forgery by verifying the sender’s IP against
authorized IPs listed in the sender’s domain DNS records
● A receiving server checks if the sender’s IP is authorized in the SPF recor

114
Q

DMARC

A

domain based message authentication reporting and conformance
DMARC detects and prevents email spoofing by setting policies for email
sending and handling failures
● DMARC can work with DKIM, SPF, or both
● Implementation helps protect against
○ Business email compromise attacks
○ Phishing
○ Scams
○ Cyber threats

115
Q

EDR

A

end point detection and response
Category of security tools that monitor endpoint and network events and record
the information in a central databas

116
Q

FIM

A

file integrity monitoring
Validates the integrity of operating system and application software files by
comparing their current state with a known, good baseline
■ Identifies changes to
● Binary files
● System and Application Files
● Configuration and Parameter Files
■ Monitors critical system files for changes using agents and hash digests,
triggering alerts when unauthorized changes occur

117
Q

XDR

A

extended detection and response
ecurity strategy that integrates multiple protection technologies into a single
platform
■ Improves detection accuracy and simplified incident response
■ Correlates data across multiple security layers to detect threats faster, including
● email
● endpoint
● server
● cloud workloads
● network
○ Difference between EDR and XDR
■ EDR is focused on the endpoints to detect and respond to potential threats
■ XDR is more comprehensive solution because it focuses on endpoints, but also
on networks, cloud, and email to detect and respond to potential threats
● It integrates multiple protection technologies

118
Q

UBA

A

user behavior analytics
advanced security strategy that uses big data and machine learning to analyze behaviors for detecting security threats

119
Q

UEBA

A

User and Entity Behavior Analytics (UEBA)
■ Technology similar to UBA but extends the monitoring of entities like routers,
servers, and endpoints in addition to user accounts

120
Q

TCP

A

TCP (Transmission Control Protocol)
● Connection-oriented, ensuring data delivery without errors
● Ideal for applications where data accuracy is crucial, like web and email
servers
● Uses acknowledgments, retransmission, and sequencing for data integrity

121
Q

UDP

A

Connectionless and faster, but doesn’t guarantee data delivery
● Suitable for applications prioritizing speed over accuracy, like streaming
video or gaming