Acronyms

Question 1

ACL

Answer 1

Access control list- rule that either permits or denies actions.

Question 2

ARP

Answer 2

Address resolution protocol (ARP)-A protocol that provides translations between MAC addresses and IP addresses on a local network. 3

Question 3

AI

Answer 3

The use of artificial intelligence techniques by attackers for malicious purposes.

Question 4

TTP

Answer 4

Adversary tactics, techniques, and procedures (TTPs)-The study of the methods used by cyber security adversaries when engaging in attacks. 3

Question 5

AUP

Answer 5

Acceptable Use Policy–A document that provides network and system users with a clear direction on permissible uses of information resources.

Question 6

APT

Answer 6

Advance persistent Treats -Cybersecurity adversary characterized by a sophisticated series of related attacks taking placed over an extended period of time.3

Question 7

ALE

Answer 7

Annualized loss expectancy (ALE)–The possible yearly cost of all instances of a specific realized threat against a specific asset. THE ALE is calculated using the formula ALE=Single loss expectancy (SLE) *Annualized rate of occurrence (ARO) 4

Question 8

ARO

Answer 8

Annualized Rate of Occurrence ARO- The expected frequency that a specific threat or risk will occur within a single year.

Question 9

API

Answer 9

Application programming interfaces (API)- API’s allow application developers to interact directly with a web service through function calls. 4

Question 10

AV

Answer 10

Asset Value (AV)– A dollar value assigned to an asset based on actual cost and nonmonetary expenses. 4

Question 11

AC

Answer 11

Attack Complexity Metric (AC)- A metric that describes the difficulty of exploiting a vulnerability. 5

Question 12

AV

Answer 12

Attack Vector Metric (AV)- A metric that describes how an attacker would exploit a vulnerability.5

Question 13

ABAC

Answer 13

Attribute based access control (ABAC)- An advance implementation of a rule based access control model that uses polices that include multiple attributes for rules. 5

Question 14

A

Answer 14

Availability Metric (A) - A metric that describes the type of distribution that might occur if an attacker successfully exploits a vulnerability. 5

Question 15

BEC

Answer 15

Business Email Compromise (BEC)-Relies on using apparently legitimate email addresses to conduct scams and other attacks. 8

Question 16

BIA

Answer 16

Business Impact Analysis (BIA)- a formal process designed to identify the mission-essential functions within an organization and facilitate the identification of the critical systems that support those functions. 8

Question 17

BPA

Answer 17

Business Partners agreement (BPA) Exists when 2 organizations agree to do business with each other in a partnership. 8

Question 18

CTF

Answer 18

Capture The Flag (CTF) –An exercise that pits technologist against one another in an attempt to attack a system and achieve a specific goal, such as stealing a sensitive file. 8

Question 19

CCMP

Answer 19

CCMP- (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) –Encryption technology used in the WPA2 protocol. It implements AES (Advance Encryption Standard) with a 128 bit key as a stream cipher.

Question 20

AES

Answer 20

AES (Advance Encryption Standard)

Question 21

CIS

Answer 21

Center For Internet Security (CIS) An industry organization that publishes hundreds of benchmarks for commonly used platforms. 8

Question 22

CA

Answer 22

Certificate Authorities (CA) CA are the glue that binds the public key infrastructure together. These neural organizations offer notarization services for digital certificates. 9

Question 23

CRL

Answer 23

Certificate Revocation List (CRL) used to ensure that the certificate was not revoked. 9

Question 24

CSR

Answer 24

Certificate Signing Request (CSR)– Provides your public key to the certificate authority to create an X.509 digital certificate containing your identifying information and a copy of your public key. 9

Question 25

CHAP

Answer 25

Challenge handshake Authentication Protocol (CHAP) A protocol that challenges a user or system to verify its identity without sending a secret key over the network. 9

Question 26

CYOD

Answer 26

Choose your Own Device (CYOD) -- The organization owns the device but allows the user to select and maintain it. 9

Question 27

CCTV

Answer 27

Closed Circuit Television (CCTV) displays what the camera is seeing on a screen. Some CCTV systems include recording capabilities.

Question 28

CASB

Answer 28

Cloud Access Security Broker (CASB) -- A security policy enforcement solution that consistently enforces security policies across cloud providers.

Question 29

CN

Answer 29

Common name (CN) Clearly describes the certificate owner. 11

Question 30

CPE

Answer 30

Common platform enumeration (CPE)--Provides a standard nomenclature for describing product names and versions. 11

Question 31

CLE

Answer 31

Column level encryption (CLE) allows for specific columns within tables to be encrypted. 11

Question 32

CCE

Answer 32

Common configuration enumeration (CCE) provides a standard nomenclatures for discussing system configuration issues.

Question 33

CVE

Answer 33

Common Vulnerabilities and Exposure (CVE) Provides a standard nomenclature for describing security related software flaws. 11

Question 34

CVSS

Answer 34

Common Vulnerability Scoring System (CVSS) -- Security Content Automation Protocol (SCAP) Component that provides a standardized scoring system for describing the characteristics and severity of security vulnerabilities. 11

Question 35

COBO

Answer 35

Company Owned Business ONLY (COBO) -- Most frequently used to describe company owned devices used only for business work. 11

Question 36

CBT

Answer 36

Computer Based Training (CBT)- method of Delivery training content to users by digital means.11

Question 37

CD

Answer 37

Continuous Delivery (CD) -- Sometimes called continuous delivery; it rolls out tested changes into production automatically as soon as they have been tested. 12

Question 38

CI

Answer 38

Continuous Integration (CI)-- A development practice that checks code into a shared repository on a consistent, ongoing basis.

Question 39

COBIT

Answer 39

Control Objectives for Information and Related Technologies (COBIT)-- Describes the common requirements that organizations should have in place surrounding their information systems. 13

Question 40

COPE

Answer 40

Corporate-Owned, personally Enabled (COPE)-- Corporate provided devices that allow reasonable personal use while meeting enterprise security and control needs. 13

Question 41

XSRF/CSRF

Answer 41

Cross Site Request Forgery (XSRF/CSRF) An attack that is similar in nature to that of XSS. However, with XSRF, the attack is focused on the visiting user's web browser more so than the website being visited. 13

Question 42

XSRF/CSRF

Answer 42

Cross Site Request Forgery (XSRF/CSRF) An attack that is similar in nature to that of XSS. However, with XSRF, the attack is focused on the visiting user's web browser more so than the website being visited. 13

Question 43

XSS

Answer 43

Cross-Site Scripting (XSS)--Running a script routine on a user's machine from a website without their permission. 13

Question 44

CER

Answer 44

Cross Over Rate-- The point at which the false rejection rate (FRR) and the False acceptance rate (FAR) are equal. Sometimes called the Equal Error Rate (ERR) 13

Question 45

CSF

Answer 45

Cybersecurity Framework-- NIST cybersecurity framework provides organization against cybersecurity risks.

Question 46

CYOD

Answer 46

Choose your own device

Question 47

DLP

Answer 47

Data Loss Prevention--Any systems that identify, monitor, and protect data to prevent it from unauthorized use, modification, destruction, egress, or exfiltration from a location.15

Question 48

DPO

Answer 48

Data Protection Officer - A specific individual who bears overall responsibility for carrying out the organization's data privacy efforts.16

Question 49

DDoS

Answer 49

Denial of Service-One of the most common forms of the distributed denial of service attacks is a network based DDOS. Malicious actors commonly use large scale botnets to conduct network DDoS attacks, and commercial services exist that conduct DDOS attacks and DDos like behavior for stress and load testing purposes. 16

Question 50

DMZ

Answer 50

Demilitarized Zone- A network zone that resides between an internal network and the internet used to host systems that require public access. 16

Question 51

DRM

Answer 51

A type of protection software that uses encryption to enforce copyright restrictions on digital media. Over the past decade, publishers attempted to deploy DRM schemes across a variety of media types, including music, movies, and books. 17

Question 52

DRP

Answer 52

Disaster Recovery Plan -Term that describes the actions an organization takes to resume normal operations after a disaster interrupts normal activity. 18

Question 53

DMARC

Answer 53

Domain based message authentication reporting and conformance (DMARC)-A protocol that uses SPF and DKIM to determine if an email message is authentic. 19

Question 54

DNS

Answer 54

Domain Name System (DNS)--The network service used in TCP/IP networks that translates hostnames to IP addresses. 19

Question 55

DNSSEC

Answer 55

Domain Name System Security Extensions (DNSSEC)--Provide authentication of DNS data, allowing DNS queries to be validated even if they are not encrypted. 19

Question 56

DV

Answer 56

Domain Validation (DV) Certificates The CA simply verifies that the certificate subject has control of the domain name. 19

Question 57

DKIM

Answer 57

DomainKeys Identified Mail (DKIM)-Allows organizations to add content to messages to identify them as being from their domain. 19

Question 58

DHCP

Answer 58

Dynamic Host Configuration Protocol (DHCP)-- A protocol used to assign TCP/IP configuration settings to systems upon bootup. DHCP uses UDP

Question 59

Dynamic Packet Filtering Firewall

Answer 59

A firewall that enables real time modification of the filtering rules based on traffic content. Dynamic packet-filtering firewalls are known as forth generation firewalls.