Acronyms

Question 1

TTPs

Answer 1

tactics techniques and procedures of a threat actor

Question 2

FAR

Answer 2

False acceptance rate. Letting an unauthorized person have access to a location

Question 3

FRR

Answer 3

False rejection rate. Rejecting authorized personnel

Question 4

CER

Answer 4

A balance between FAR and FRR for optimal
authentication effectiveness cross error rate. Lower the better

Question 5

SOP’s

Answer 5

standard operating procedure. Detailed step by step instructions for implementing changes
-has to do with change management

Question 6

CAB

Answer 6

Change advisory board

Question 7

APT

Answer 7

Advanced persistent threat
used synonymously with nation state threat actors since they have long term persistence and stealth
it is a prolonged and targeted cyber attack where the threat actor gains access to a network and remains undetected while they steal data or monitor the network

Question 8

XXE (XML External Entity Attack)

Answer 8

attempts to read local resources like password hashes in the shadow file

Question 9

XSS

Answer 9

cross site scripting
injects a malicious script into a trusted site to compromise the sites visitors

Question 10

DOM XSS

Answer 10

document object model
exploits client’s web browser using client side scripts to modify the content and layout of the webpage, client’s device executes the attack

Question 11

NOP Slide

Answer 11

attackers fill the buffer with NOP No operation instructions. The return address slides down the NOP instructions until it reaches the attackers code

Question 12

TOC

Answer 12

Time of Check, atackers manipulate a resource’s state after it is checked but before it is used

Question 13

TOU

Answer 13

Time of Use. Attackers alter a resource’s state after it is checked but before it is used.

Question 14

TOE

Answer 14

time of Evaluation. Attackers manipulate data or resources during the systems decision making or evaulation process

In the context of security, time of evaluation could refer to when a security policy or access control rule is evaluated to determine whether to grant or deny access to a resource. For instance, if a security policy is evaluated before a user logs in, it may grant access based on outdated or incomplete information, leading to a security vulnerability.

Question 15

CSRF

Answer 15

cross site request forgery. triggers actions on different websites without user consent

exploits trust user has in browser

Question 16

DLL

Answer 16

Dynamic Link Library
collection of code and data that can be used by multiple programs simultaneously to allow for code reuse and modularization in software development

Question 17

IPS

Answer 17

intrusion prevention system
can identify and respond to DoS attacks for small scale incident

Question 18

LDAP

Answer 18

lightweight directory access protocol
an open vendor neutral industry standard app protocol for accessing and maintaining distributed directory info services over an internet protocol network

Question 19

DNSSES

Answer 19

domain name system security extensions to add digitial signatures to dns data

Question 20

DAC

Answer 20

discretionary access control
allows object owners to directly control access using tools like chown and chomos
selinux uses mac not dac

Question 21

RTOS

Answer 21

Real time OS

Question 22

SCADA

Answer 22

supervisory control and data acquisition systems
type of ICS designed for monitoring and controlling geographically dispersed industrail processes
common in electric power generation transmission and distribution systems
water treatment oil and gas

Question 23

PLCs

Answer 23

programmable logic controllers
used to control specific processes such as assembly lines and facotriess

Question 24

DCS

Answer 24

distributed control system
used in control production systems within a single location

Question 25

ICS

Answer 25

industrial Control System
used to monitor and control industrial processes found in industies like electrical water oil gas and data

Question 26

GDPR

Answer 26

general data protection regulation
protects EU citizen data
compliance required regardless of location

Question 27

PII

Answer 27

personally identification information
names, SSN, addresses

Question 28

PHI

Answer 28

personal health info
protected under hippa

Question 29

IPSec

Answer 29

internet security protocol secures IP communications by authenticating and encrypting IP packets

Question 30

RAID

Answer 30

redundant array of indepedent disks

Question 31

UPS

Answer 31

Uninterruptible Power Supplies (UPS)
● Provide emergency power during power source failures
● Offer line conditioning functions
● Include battery backup to maintain power during short-duration failures
● Typically supply 15 to 60 minutes of power during a complete power failur

Question 32

PDC

Answer 32

Power distribution center
Central hub for power reception and distribution
● Includes circuit protection, monitoring, and load balancing
● Integrates with UPS and backup generators for seamless transitions during power event

Question 33

RPO

Answer 33

ecovery Point Objective (RPO)
○ Ensures that the backup plan will maintain the amount of data required to keep any data loss under the organization’s RPO
threshold

Question 34

COOP

Answer 34

Ensures an organization’s ability to recover from disruptive events or disasters
continuity of operations plan

Question 35

BC Plan

Answer 35

business continuity planning
Plans and processes for responding to disruptive events
● Addresses a wide range of threats and disruptive incidents
● Involves preventative actions and recovery steps
● Can cover both technical and non-technical disruptions

Question 36

DRP

Answer 36

disaster recovery plan
Focuses on plans and processes for disaster response
● Subset of the BC Plan
● Focuses on faster recovery after disasters
● Addresses specific events like hurricanes, fires, or flood

Question 37

UAC

Answer 37

user account control
a mechanism designed to ensure that actions requiring admin rights are explicitly authorized by the user

Question 38

ABAC

Answer 38

attribute based access control
includes user attributes like name, and Org ID
environmental variables, time of access data location etc and resource attributes like resource owner, rile name and data sensitivity

RBAC (Rule-Based): Access is based on predefined rules that apply universally.
ABAC: Access is based on the evaluation of multiple attributes of the user, resource, and environmen

Question 39

Rule based access control

Answer 39

uses security rules or access control lists
policies can be changed quickly
applied across multiple users on a network segment
as needed access, require certain location, limit access based on device
lots of control and flexibility
dynamic

RBAC (Rule-Based): Access is based on predefined rules that apply universally.
ABAC: Access is based on the evaluation of multiple attributes of the user, resource, and environmen

Question 40

RBAC

Answer 40

role based
assigns users to roles and assigns permissions to roles
mimics orgs hierarchy
enforces minimum privileges
sometimes a user needs more access and they cannot get it because its not within their role

Question 41

DAC

Answer 41

discretionary access control
least restrictive
role based access control
admin can quickly and easily configure permissions
gives too much authority to admin
resource owners specify which users can access their resource

Question 42

MAC

Answer 42

most restrictive
most beneficial for maximum security orgs
uses security labels to authorize resources
access is granted if user label is equal or higher than the resource’s label

Question 43

JIT permissions

Answer 43

just in time, grants admin access only when needed for a specific time period and task

Question 44

SAML

Answer 44

Security Assertion markup langugae
important for sso
when a sales employee at organization X tries to access a third party app from company Z, org x the IdP in this scenario kicks into action and sends a message to org z saying this user is valid. Org z then creates a session for that user
standard for logging users into apps based on sessions in another contect

Question 45

oauth

Answer 45

How can we let a third party app access a user’s data without giving the app their credentials?
Forces users to only put in password in one app in oauth center.
if you login to reddit for example you dont put in gmail password, you sign in first in gmail
open standard for token based authentication and authorization
allows third party services to access user account info without exposing passwords
restful apis

Question 46

LDAP

Answer 46

lightweight directory access protocol
used to access and maintain distributed directory information
can share user info across network devices
its like a phone book and is used when you dont know the exact information about a given resource or individual, it uses AD to help you find them
can be used to share information in sso

Question 47

PAM

Answer 47

priviledged access management
JIT permissions just in time
password vaulting
temporal accounts

Privileged Access Management (PAM) is a critical security measure that helps organizations control, monitor, and secure access to systems and data by users with elevated privilege

Question 48

BYOD

Answer 48

bring your own device

Question 49

COPE

Answer 49

coporate owned personally enabled
high intial investment
employees may have privacy concerns

Question 50

CYOD

Answer 50

employees select devices from a company approved list
choose your own device

Question 51

ICS

Answer 51

industrial control system

Question 52

DCS

Answer 52

distributed control system

Question 53

PCL

Answer 53

programmable logic controllers
used to control specific processes such as assembly lines and factories

Question 54

SCADA

Answer 54

supervisory control and data acquisition systems
type of ICS used for controlling geographically dispersed industrial processes

Question 55

RTOS

Answer 55

real time OS
critical for time sensitive apps

Question 56

OTA

Answer 56

over the air updates for real time operating systems

Question 57

WAP

Answer 57

wireless access point

Question 58

ESS

Answer 58

extended service set
multiple waps working together to provide seamless network coverage

Question 59

WEP

Answer 59

wired equivalent privacy
outdated encryption protocol

Question 60

SAE

Answer 60

simultaneous authentication of equals
replaces the 4 way handshake with a diffie hellman key
protects against offline dictionary attacks

Question 61

AAA protocols

Answer 61

important for centralized user authentication and access control

Question 62

RADIUS

Answer 62

Remote Authentication Dial-In User Service)
Function: Handles authentication, authorization, and accounting for users accessing a network.
How it works: Users’ credentials are sent to a RADIUS server, which checks the information and sends back a response to allow or deny access.

Question 63

TACACS+

Answer 63

terminal access controller access control system
Usage: Often used in enterprise networks for managing access to routers, switches, and other network devices.
Function: Separates authentication, authorization, and accounting processes, offering more flexibility and detailed control.
How it works: Similar to RADIUS, but allows for more granular control over command execution and user privileges on network device

Question 64

EAP

Answer 64

extensible authentication protocol
authentication frameowkr supporting multiple methods

can be used with AAA protocols as the authentication piece for user access to networks

Question 65

PEAP

Answer 65

protected extensible authentication protocol
encapsulates EAP within an encrypted TLS tunnel

can be used with AAA protocols as the authentication piece for user access to networks

Question 66

EAP-FAST

Answer 66

extensible authentication protocol tunneled transport layer security
extends tls support accross platforms

can be used with AAA protocols as the authentication piece for user access to networks

Question 67

SAST

Answer 67

Statis code analysis
reviewing and examining a source code before running the program
identifies issues like buffer overflows, sql injection and xss

Question 68

DAST

Answer 68

dynamic code analysis

Question 69

OSINT

Answer 69

open source intelligence
Collected from publicly available sources like reports, forums, news
articles, blogs, and social medi

Question 70

CVSS

Answer 70

common vulnerability scoring system

Question 71

CVE

Answer 71

common vulnerabilities and exposures
system that provides a standadized way to uniquely identify and reference known vulnerabilities in software and hardware

Question 72

SPOG

Answer 72

single pane of glass

Question 73

MRTG

Answer 73

multi router traffic grapher
Creates graphs displaying network traffic flows through routers and switches
■ Uses SNMP (Simple Network Management Protocol) to gather data
■ Helps identify traffic patterns and anomalies by visualizing data transfer volumes

Question 74

Zeke

Answer 74

Hybrid tool for network monitoring
■ Monitors traffic like NetFlow but logs full packet captures based on interest
■ Filters or signatures trigger full packet capture to analyze specific data
■ Normalizes data for easy import into other tools for visualization and analysis

Question 75

FPC

Answer 75

full packet capture
Captures entire packets, including headers and payloads
Network and Flow Analysis

Question 76

CVSS

Answer 76

Common Vulnerability Scoring System (CVSS)
Used to provide a numerical score reflecting the severity of a vulnerability (0 to
10)
■ Scores are used to categorize vulnerabilities as none, low, medium, high, or
critical
■ Scores assist in prioritizing remediation efforts but do not account for existing
mitigations

Question 77

CPE

Answer 77

(Common Platform Enumeration)
● Identifies hardware devices, operating systems, and applications
● Standard formatting

Question 78

CCE

Answer 78

common configuration enumeration method for SCAP
Scheme for provisioning secure configuration checks across multiple
sources
● Provides unique identifiers for different system configuration issues

Question 79

ARF

Answer 79

asset reporting format
SCAP language
XML schema for expressing information about assets and their
relationships
● Vendor and technology neutral
● Flexible
● Suited for a wide variety of reporting application

Question 80

XCCD

Answer 80

SCAP language
(Extensible Configuration Checklist Description Forma
XML schema for developing and auditing best-practice configuration
checklists and rules
● Allows improved automation

Question 81

OVAL

Answer 81

an SCAP language
(Open Vulnerability and Assessment Language)

Question 82

SCAP

Answer 82

Security Content Automation Protocol (SCAP)
Suite of open standards that enhances the automation of vulnerability
management, measurement, and policy compliance evaluation of systems
deployed in an organization
■ Developed by the National Institute of Standards and Technology (NIST)
■ Enhances the automation of security tasks, including the following
● Vulnerability scanning
● Configuration checking
● Software inventory

Question 83

QRadar

Answer 83

A SIEM log management, analytics, and compliance reporting platform
created by IBM

Question 84

Archsight

Answer 84

SIEM log management and analytics software
● Suitable for compliance reporting for regulations like HIPAA, SOX, and PCI
DSS

Question 85

ELK

Answer 85

(Elastic Stack)
● A collection of free and open-source SIEM tools, including the following
○ Elasticsearch
○ Logstash
○ Kibana
○ Beats
Components work together for log collection, storage, analysis, and virtualization

Question 86

MIB

Answer 86

management info base
A hierarchical namespace containing OIDs and their
descriptions
● Describes the structure of device subsystem
management data
● Stores consolidated information received through
SNMP traps

Question 87

OID

Answer 87

Unique object identifier used to identify variables
for reading or setting via SNMP
● Allows the manager to distinguish individual SNMP
trap messages

Question 88

SNMP

Answer 88

Simple Network Management Protocol (SNMP)
An Internet protocol used for collecting information from managed devices on IP
networks and modifying device behavior
Managed devices include the following
● Routers
● Switches
● Firewalls
● Printers
● Servers
● Client device

SNMP Agents and Manager
Asynchronous notifications from agents to the manager to notify
significant event

Question 89

DLP

Answer 89

data loss prevention
a strategy to prevent sensitive data from leaving an org
aims to monitor data in use, in transit or at rest to detect and precent data theft

Question 90

CURL

Answer 90

an api testing tool

Question 91

soap

Answer 91

simple object access protocol

Question 92

rest

Answer 92

represnetational state transfer

Question 93

SOAR

Answer 93

(Security Orchestration, Automation, and Response)
■ Class of security tools for incident response, threat hunting, and security
configurations
■ Purpose
● Orchestrate and automate runbooks, deliver data enrichment
■ Example
● Integrating SIEM and SOAR for advanced security capabilities

Question 94

RCA root cause analysis

Question 95

SIEM

Answer 95

security info and event monitoring system
Real-time analysis of security alerts from applications and network hardware
■ Combination of different data sources into one tool
■ Provides a consolidated view of network activity
■ Allows for trend analysis, alert creation, and correlation of data

Question 96

nxlog

Answer 96

Multi-platform, open-source log management tool
■ Identifies security risks and analyzes logs from server, OS, and applications

Question 97

sFlow

Answer 97

Network protocol for collecting active IP network traffic data
■ Provides information on source, destination, volume, and path

Question 98

IPFix

Answer 98

(Internet Protocol Flow Information Export)
■ Universal standard for exporting IP flow information
■ Used for mediation, accounting, and billing by defining data format for exporters
and collectors

Question 99

EF

Answer 99

exposure factor
● Proportion of asset lost in an event (0% to 100%)
● Indicates asset loss severity
ex flooding hitting headquarters would be 70% loss in assets

Question 100

SLE

Answer 100

single loss expectancy
Calculated as Asset Value x Exposure Factor (EF)
70% x say $5,000 (cost of asset)

Question 101

ARO

Answer 101

annualized rate of occurrence
● Estimated frequency of threat occurrence within a year
● Provides a yearly probability

Question 102

ALE

Answer 102

Annualized Loss Expectancy (ALE)
SLE x ARO

Question 103

KRIs

Answer 103

key risk indicators
Predictive metrics signaling increasing risk exposure
■ Provide early warning of potential risks
■ Tied to the organization’s objectives
■ Used to monitor risk changes and take proactive step

Question 104

MTBF

Answer 104

a high MTBF means system doesnt fail often
mean time between failures

Question 105

RPO

Answer 105

recovery point objective
max acceptable data loss measured in time

Question 106

MTTR

Answer 106

average time to repair a failed component or system

Question 107

BIA

Answer 107

business impact analysus
■ Evaluates effects of disruptions on business functions
■ Identifies and prioritizes critical functions
■ Assesses impact of risks on functions
■ Determines required recovery time for function

Question 108

NGFW

Answer 108

next gen firewall
- application aware (distinguishes different types of traffic)
-conducts deep packet analysis
-operates fast

Question 109

WAF

Answer 109

web app firewall
–http traffic
-prevents SQL injections etc

Question 110

ACL

Answer 110

access control list
- essential for securing networks from unwanted traffic
consist of permit and deny statements often based on port numbers
the
place most specific rules at the top and generic at the bottom

Question 111

NAC

Answer 111

network access control
-used to protect networks from both known and unknown devices by scanning devices to assess their security status before granting network access
-can be a applied as a hardware or a software solution

Question 112

DKIM

Answer 112

domainkeys identified mail
-Allows the receiver to verify the source and integrity of an email by
adding a digital signature to the email headers
● The recipient server validates the DKIM signature using the sender’s
public cryptographic key in the domain’s DNS records
● Benefits
○ Email authentication
○ Protection against email spoofing
○ Improved email deliverability
○ Enhanced reputation score

Question 113

SPF

Answer 113

sender policy framework
Prevents sender address forgery by verifying the sender’s IP against
authorized IPs listed in the sender’s domain DNS records
● A receiving server checks if the sender’s IP is authorized in the SPF recor

Question 114

DMARC

Answer 114

domain based message authentication reporting and conformance
DMARC detects and prevents email spoofing by setting policies for email
sending and handling failures
● DMARC can work with DKIM, SPF, or both
● Implementation helps protect against
○ Business email compromise attacks
○ Phishing
○ Scams
○ Cyber threats

Question 115

EDR

Answer 115

end point detection and response
Category of security tools that monitor endpoint and network events and record
the information in a central databas

Question 116

FIM

Answer 116

file integrity monitoring
Validates the integrity of operating system and application software files by
comparing their current state with a known, good baseline
■ Identifies changes to
● Binary files
● System and Application Files
● Configuration and Parameter Files
■ Monitors critical system files for changes using agents and hash digests,
triggering alerts when unauthorized changes occur

Question 117

XDR

Answer 117

extended detection and response
ecurity strategy that integrates multiple protection technologies into a single
platform
■ Improves detection accuracy and simplified incident response
■ Correlates data across multiple security layers to detect threats faster, including
● email
● endpoint
● server
● cloud workloads
● network
○ Difference between EDR and XDR
■ EDR is focused on the endpoints to detect and respond to potential threats
■ XDR is more comprehensive solution because it focuses on endpoints, but also
on networks, cloud, and email to detect and respond to potential threats
● It integrates multiple protection technologies

Question 118

UBA

Answer 118

user behavior analytics
advanced security strategy that uses big data and machine learning to analyze behaviors for detecting security threats

Question 119

UEBA

Answer 119

User and Entity Behavior Analytics (UEBA)
■ Technology similar to UBA but extends the monitoring of entities like routers,
servers, and endpoints in addition to user accounts

Question 120

TCP

Answer 120

TCP (Transmission Control Protocol)
● Connection-oriented, ensuring data delivery without errors
● Ideal for applications where data accuracy is crucial, like web and email
servers
● Uses acknowledgments, retransmission, and sequencing for data integrity

Question 121

UDP

Answer 121

Connectionless and faster, but doesn’t guarantee data delivery
● Suitable for applications prioritizing speed over accuracy, like streaming
video or gaming