Acronyms 2 Flashcards

Question 1

Q

Control Plane

Answer

A

used to achieve zero trust
includes adaptive identity, threat scope reduction and secured zones

Question 2

Q

Data Plane

Answer

A

subject/system, policy engine, policy admin, and enforcement point
ensures policies are properly executed

Question 3

Q

Threat

Answer

A

anything that could cause harm, loss damage or compromise to our info tech systems

Question 4

Q

Vulnerability

Answer

A

any weakness in system design
- Software bugs
● Misconfigured software
● Improperly protected network devices
● Missing security patches
● Lack of physical security

Question 5

Q

Risk Management

Answer

A

Finding different ways to minimize the likelihood of an outcome and achieve the
desired outcome

Question 6

Q

Confidentiality

Answer

A

Refers to the protection of information from unauthorized access and disclosure
■ Ensure that private or sensitive information is not available or disclosed to
unauthorized individuals, entities, or processes

reasons for it
-maintain a business advantage
- achieve compliance
- protect personal privacy

Question 7

Q

Ways to ensure confidentiality

Answer

A

data masking, physical security, training, encryption and access controls

Question 8

Q

Integrity

Answer

A

Helps ensure that information and data remain accurate and unchanged from its
original state unless intentionally modified by an authorized individuals

Hashing
checksums
digital signatures
access controls
regular audits

Question 9

Q

Availability

Answer

A

Ensure that information, systems, and resources are accessible and operational
when needed by authorized user

Question 10

Q

authentication

Answer

A

Security measure that ensures individuals or entities are who they claim to be
during a communication or transactio

Question 11

Q

Syslog Server

Answer

A

used to achiev accounting
it aggregates logs from various network devices

Question 12

Q

SIEM

Answer

A

Security Information and Event Management Systems

Provides us with a real-time analysis of security alerts generated by
various hardware and software infrastructure in an organization

Question 13

Q

Technical Controls

Answer

A

Technologies, hardware, and software mechanisms that are implemented
to manage and reduce risks

Question 14

Q

Managerial Controls

Answer

A

Sometimes also referred to as administrative controls
● Involve the strategic planning and governance side of security

Question 15

Q

Operational controls

Answer

A

Procedures and measures that are designed to protect data on a
day-to-day basis
● Are mainly governed by internal processes and human actions

Question 16

Q

Physical Controls

Answer

A

Tangible, real-world measures taken to protect assets

Question 17

Q

Preventative Controls

Answer

A

Proactive measures implemented to thwart potential security threats or
breaches

Question 18

Q

Deterrent Controls

Answer

A

Discourage potential attackers by making the effort seem less appealing or more challenging

Question 19

Q

Detective Control

Answer

A

Monitor and alert organizations to malicious activities as they occur or

Question 20

Q

Corrective Controls

Answer

A

Mitigate any potential damage and restore our systems to their normal state

Question 21

Q

Compensating Controls

Answer

A

Alternative measures that are implemented when primary security controls are not feasible or effective

Question 22

Q

Directive Controls

Answer

A

Guide, inform, or mandate actions
● Often rooted in policy or documentation and set the standards for
behavior within an organization

Question 23

Q

Gap Analysis

Answer

A

Process of evaluating the differences between an organization’s current
performance and its desired performance

Question 24

Q

Technical Gap Analysis

Answer

A

infrastructure

Question 25

Q

Business Gap Analysis

Question 26

Q

POA&M

Answer

A

plan of action and milestones
used in gap analysis
Outlines the specific measures to address each vulnerability
● Allocate resources
● Set up timelines for each remediation task that is neede

Question 27

Q

Zero Trust

Answer

A

demands verification for every device, user, and transaction within the
network, regardless of its origin

Question 28

Q

Adaptive Identity

Answer

A

Relies on real-time validation that takes into account the
user’s behavior, device, location, and more

Question 29

Q

Threat Scope Reduction

Answer

A

Limits the users’ access to only what they need for their
work tasks because this reduces the network’s potential
attack surface

Question 30

Q

Policy Driven Access Control

Answer

A

Entails developing, managing, and enforcing user access
policies based on their roles and responsibilities

Question 31

Q

Secured Zones

Answer

A

Isolated environments within a network that are designed
to house sensitive data

Question 32

Q

Policy Engine

Answer

A

Cross-references the access request with its predefined
policies

Question 33

Q

Policy Admin

Answer

A

Used to establish and manage the access policies

Question 34

Q

Policy Enforcement Point

Answer

A

Where the decision to grant or deny access is actually
execute

Question 35

Q

Unskilled Attackers

Answer

A

Limited technical expertise, use readily available tools

Question 36

Q

Hacktavist

Answer

A

Driven by political, social, or environmental ideologies

Question 37

Q

Organized Crime

Answer

A

Execute cyberattacks for financial gain (e.g., ransomware, identity theft)

Question 38

Q

Nation State Actor

Answer

A

Highly skilled attackers sponsored by governments for cyber espionage or
warfare

Question 39

Q

Insider Threat

Answer

A

Security threats originating from within the organization

Question 40

Q

Shadow IT

Answer

A

IT systems, devices, software, or services managed without explicit organizational
approval

Question 41

Q

Honeypot

Answer

A

Decoy systems to attract and deceive attackers

Question 42

Q

Honeynet

Answer

A

Network of decoy systems for observing complex attacks

Question 43

Q

Honeyfiles

Answer

A

Decoy files to detect unauthorized access or data breaches

Question 44

Q

Honeytoken

Answer

A

Fake data to alert administrators when accessed or used

Question 45

Q

Threat Actor Intent

Answer

A

Specific objective or goal that a threat actor is aiming to achieve through their attack-

Question 46

Q

Threat Actor Motivation

Answer

A

underlying reasons or driving forces that push threat actor to carry out attack

Question 47

Q

data exfiltration

Answer

A

Unauthorized transfer of data from a computer

Question 48

Q

Espionage

Answer

A

Spying on individuals, organizations, or nations to gather sensitive or
classified information

Question 49

Q

Script Kiddie

Answer

A

Individual with limited technical knowledge

Question 50

Q

Nation State Actor

Answer

A

Groups or individuals that are sponsored by a government to conduct cyber
operations against other nations, organizations, or individuals

Question 51

Q

False Flag Attack

Answer

A

Attack that is orchestrated in such a way that it appears to originate from a different source or group than the actual perpetrators, with the intent
to mislead investigators and attribute the attack to someone else

Question 52

Q

APT

Answer

A

Advanced Persistent Threat
Term that used to be used synonymously with a nation-state actor because of
their long-term persistence and stealth
-A prolonged and targeted cyberattack in which an intruder gains unauthorized
access to a network and remains undetected for an extended period while trying
to steal data or monitor network activities rather than cause immediate damage

Question 53

Q

Insider Threat

Answer

A

Cybersecurity threats that originate from within the organization

Question 54

Q

Threat Vector

Answer

A

Means or pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload or carry out an unwanted
action
- the “how” of the attack

Ex. Message based threat vector

Question 55

Q

Attack Surface

Answer

A

Encompasses all the various points where an unauthorized user can try to enter
data to or extract data from an environment
-the “where” of the attack

Question 56

Q

Baiting

Answer

A

Leaving a malware-infected USB drive in a location where a target may find it

Question 57

Q

BlueBorne

Answer

A

Set of vulnerabilities in Bluetooth technology that can
allow an attacker to take over devices, spread malware, or
even establish an on-path attack to intercept communications without any user interaction

Question 58

Q

BlueSmack

Answer

A

Type of Denial of Service attack that targets Bluetooth-enabled devices by sending a specially crafted Logical Link Control and Adaptation Protocol packet to a
target device

Question 59

Q

TTPs

Answer

A

Tactics techniques and procedures of how a threat actor operates

Question 60

Q

Deception and Disruption Technologies

Answer

A

honeypots, bogus DNS entries, etc

Question 61

Q

Dynamic Page Generation purpose

Answer

A

Effective against automated scraping tools or bots trying to index or steal content from your organization’s website

Question 62

Q

Port Triggering

Answer

A

Security mechanism where specific services or ports on a network device remain closed until a specific outbound traffic pattern is detected

Question 63

Q

purpose of spoofing fake telemetry data

Answer

A

When a system detects a network scan is being attempted by an attacker, it can be configured to respond by sending out fake telemetry or network
data

Question 64

Q

Bollard

Answer

A

Robust, short vertical posts, typically made of steel or concrete, that are designed to manage or redirect vehicular traffic

Answer 64

A

Type of attack where access to a system is gained by simply trying all of the possibilities until you break through

Answer 65

A

Organized strategy or setup designed to observe and report activities in a given
area. Can be as simple as a security guard.

Answer 66

A

Pan-Tilt-Zoom (PTZ) System

Answer 67

A

Detect changes in infrared radiation that is often emitted
by warm bodies like humans or animal

Answer 68

A

Detect movement in an area by emitting microwave pulses
and measuring their reflection off moving objects

Answer 69

A

Measures the reflection of ultrasonic waves off moving
objects

Answer 70

A

Electromagnetic Interference
Involves jamming the signals that surveillance system relies on to monitor the environment

Answer 71

A

Double-door system that is designed with two doors that are electronically
controlled to ensure that only one door can be open at a given time

Answer 72

A

Involves two people working together with one person who has legitimate access intentionally allows another person who doesn’t have
proper authorization to enter a secure area with them

Answer 73

A

Occurs whenever an unauthorized person closely follows someone
through the access control vestibule who has legitimate access into the secure space without their knowledge or consent

Answer 74

A

RFID (Radio-Frequency Identification)
● NFC (Near-field Communication)

Answer 75

A

false acceptance rate

Answer 76

A

false rejection rate

Answer 77

A

cross over error rate

Answer 78

A

■ Mechanical locks with numbered push buttons, requiring a correct combination
to open
■ Commonly used in high-security areas like server rooms

Answer 79

A

Manipulative strategy exploiting human psychology for unauthorized access to
systems, data, or physical spaces

Answer 80

A

Pretending to be someone else

Answer 81

A

Creating a fabricated scenario to manipulate targets

Answer 82

A

Psychological phenomenon where individuals look to the behaviors and actions of others to determine their own decisions or actions in similar
situations

Answer 83

A

pretending to be Kohls on twitter

Answer 84

A

Also known as URL hijacking or cybersquatting
Form of cyber attack where an attacker will register a domain name that is similar to a popular website but contain some kind of common typographical errors

Answer 85

A

Targeted form of cyber attack where attackers compromise a specific website or service that their target is known to use

Answer 86

A

Sending fraudulent emails that appear to be from reputable sources with the aim of convincing individuals to reveal personal information, such as
passwords and credit card numbers

Answer 87

A

More targeted form of phishing that is used by cybercriminals who are
more tightly focused on a specific group of individuals or organizations
● Has a higher success rate

Answer 88

A

Form of spear phishing that targets high-profile individuals, like CEOs or
CFOs

Answer 89

A

Business email compromise
Sophisticated type of phishing attack that usually targets businesses by
using one of their internal email accounts to get other employees to perform some kind of malicious actions on behalf of the attacke

Answer 90

A

voice phishing

Answer 91

A

SMS phishing

Answer 92

A

part of security awareness training

Answer 93

A

Wrongful or criminal deception that is intended to result in financial or personal
gain for the attacker

Answer 94

A

using someone else’s cc #

Answer 95

A

fully impersonating someone else

Answer 96

A

fraudulent or deceptive act or operation

Answer 97

A

In which a person is tricked into paying for a fake invoice for a
product or service that they did not actually order

Answer 98

A

Coordinated efforts to affect public perception or behavior towards a particular
cause, individual, or group

Answer 99

A

False or inaccurate information shared without harmful intent

Answer 100

A

Involves the deliberate creation and sharing of false information with the intent to deceive or mislead

Answer 101

A

Involves manipulating a situation or creating a distraction to steal
valuable items or information

Answer 102

A

Malicious deception that is often spread through social media, email, or
other communication channels
● Often paired with phishing attacks and impersonation attacks

Answer 103

A

involves searching through trash to find valuable information
● Commonly used to find discarded documents containing personal or
corporate information
● Use clean desk and clean desktop policie

Answer 104

A

Malicious software designed to infiltrate computer systems and potentially damage them without user consent

Answer 105

A

Viruses
■ Worms
■ Trojans
■ Ransomware
■ Spyware
■ Rootkits
■ Spam

Answer 106

A

Made up of malicious code that’s run on a machine without the user’s knowledge and this allows the code to infect the computer whenever it has been
run

Answer 107

A

standalone programs replicating and spreading to other computers without any user interaction

Answer 108

A

Disguise as legitimate software, grant unauthorized access

Answer 109

A

Encrypts user data, demands ransom for decryption

Answer 110

A

One that is stored in the first sector of a hard drive and is then loaded into memory whenever the computer boots up

Answer 111

A

Form of code that allows a virus to be embedded inside another
document so that when that document is opened by the user, the virus is executed

Answer 112

A

Try to find executables or application files to infect with their malicious code

Answer 113

A

Combination of a boot sector type virus and a program virus

Answer 114

A

Designed to hide itself from being detected by encrypting its malicious code or payloads to avoid detection by any antivirus software

Answer 115

A

Advanced version of an encrypted virus, but instead of just encrypting the
contents it will actually change the viruses code each time it is executed by altering the decryption module in order for it to evade detection

Answer 116

A

Able to rewrite themselves entirely before it attempts to infect a given file

Answer 117

A

Technique used to prevent the virus from being detected by the anti-virus software

Answer 118

A

Have a layer of protection to confuse a program or a person who’s trying to analyze it

Answer 119

A

Remote access trojan
Widely used by modern attackers because it provides the attacker with remote
control of a victim machine

Answer 120

A

Network of compromised computers or devices controlled remotely by malicious
actor

Answer 121

A

Name of a compromised computer or device that is part of a botnet

Answer 122

A

Computer responsible for managing and coordinating the activities of other nodes or devices within a network

Answer 123

A

Occurs when many machines target a single victim and attack them at the
exact same time

Answer 124

A

Designed to gain administrative level control over a given computer system
without being detected

Answer 125

A

outermost ring where user level permissions are used

Answer 126

A

highest permission levels

Answer 127

A

located in ring 0
Allows a system to control access to things like device drivers, your sound card, your video display or monitor, and other similar things

Answer 128

A

dynamic link library
Collection of code and data that can be used by multiple programs
simultaneously

Answer 129

A

Technique used to run arbitrary code within the address space of another process by forcing it to load a dynamic-link library

Answer 130

A

Piece of software code that is placed between two components and that
intercepts the calls between those components and can be used redirect them

Answer 131

A

Originally placed in computer programs to bypass the normal security and authentication functions
Remote Access Trojan (RAT) acts just like a backdoor in our modern networks

Answer 132

A

a hidden feature or novelty within a program that is typically inserted by the software developers as an inside joke

Answer 133

A

Malicious code that’s inserted into a program, and the malicious code will only
execute when certain conditions have been met

Answer 134

A

Piece of software or hardware that records every single keystroke that is made
on a computer or mobile device
can be software or hardware keylogger

Answer 135

A

Malicious software that is designed to gather and send information about a user
or organization without their knowledge

Answer 136

A

Any software that comes pre-installed on a new computer or smartphone that
you, as the user, did not specifically request, want, or need

Answer 137

A

Specific method by which malware code penetrates and infects a targeted system

Answer 138

A

is used to create a process in the system memory without
relying on the local file system of the infected hos

Answer 139

A

Dropper - Specific malware type designed to initiate or run other malware forms within a payload on an infected host
Downloader - Retrieve additional tools post the initial infection facilitated by a dropper

Answer 140

A

Broader term that encompasses lightweight code meant to
execute an exploit on a given targe

Answer 141

A

Threat actors will execute primary objectives to meet core
objectives like
■ data exfiltration
■ file encryption

Answer 142

A

hiding tracks
■ erasing log files
■ hiding any evidence of malicious activity

Answer 143

A

A strategy adopted by many Advanced Persistent Threats
and criminal organizations
■ the threat actors try to exploit the standard tools to
perform intrusions

Answer 144

A

Refers to a scenario where a user’s account is accessed from two or more
geographically separated locations in an impossibly short period of time

Answer 145

A

Safeguarding information from corruption, compromise, or loss

Answer 146

A

Information subject to laws and governance structures within the nation it is
collected

Answer 147

A

data loss prevention

Answer 148

A

Based on the value to the organization and the sensitivity of the information,
determined by the data owner

Answer 149

A

Information that, if accessed by unauthorized persons, can result in the loss of
security or competitive advantage for a company

Answer 150

A

No impact if released; often publicly accessible data

Answer 151

A

Minimal impact if released, e.g., financial data

Answer 152

A

Contains internal personnel or salary information

Answer 153

A

Holds trade secrets, intellectual property, source code, etc.

Answer 154

A

Extremely valuable and restricted information

Answer 155

A

Generally releasable to the public

Answer 156

A

Includes medical records, personnel files, etc.

Answer 157

A

Contains information that could affect the government

Answer 158

A

Holds data like military deployment plans, defensive postures

Answer 159

A

Highest level, includes highly sensitive national security information

Answer 160

A

Process of identifying the individual responsible for maintaining the
confidentiality, integrity, availability, and privacy of information assets

Answer 161

A

A senior executive responsible for labeling information assets and ensuring they are protected with appropriate controls

Answer 162

A

Entity responsible for determining data storage, collection, and usage purposes
and methods, as well as ensuring the legality of these processes

Answer 163

A

A group or individual hired by the data controller to assist with tasks like data
collection and processing

Answer 164

A

Focuses on data quality and metadata, ensuring data is appropriately labeled and
classified, often working under the data owner

Answer 165

A

Responsible for managing the systems on which data assets are stored, including
enforcing access controls, encryption, and backup measures

Answer 166

A

Oversees privacy-related data, such as personally identifiable information (PII),
sensitive personal information (SPI), or protected health information (PHI),
ensuring compliance with legal and regulatory frameworks

Answer 167

A

Data stored in databases, file systems, or storage systems, not actively moving

Answer 168

A

full disk encryption

Answer 169

A

Data actively moving from one location to another, vulnerable to interception

Answer 170

A

Secure Sockets layer and Transport layer security. It secures and encrypts communciaion over networks

Answer 171

A

virtual private network
Creates secure connections over less secure networks like the
internet

Answer 172

A

Secures IP communications by authenticating and encrypting IP
packets

Answer 173

A

Data actively being created, retrieved, updated, or deleted

Answer 174

A

Controlled by laws, regulations, or industry standards GDPR, HIPPA

Answer 175

A

Personal Identification Information

Answer 176

A

Protected Health Information

Answer 177

A

Confidential business information giving a competitive edge (e.g., manufacturing
processes, marketing strategies, proprietary software)

Answer 178

A

intellectual property
Creations of the mind (e.g., inventions, literary works, designs)

Answer 179

A

Understandable directly by humans (e.g., text documents, spreadsheets)

Answer 180

A

Requires machine or software to interpret (e.g., binary code, machine language)
contains sensitive information that

Answer 181

A

■ Digital information subject to laws of the country where it’s located
■ Gained importance with cloud computing’s global data storage

Answer 182

A

Protects EU citizens’ data within EU and EEA borders
■ Compliance required regardless of data location
■ Non-compliance leads to significant fines

Answer 183

A

Virtual boundaries to restrict data access based on location

Answer 184

A

■ Converts data into fixed-size hash values
■ Irreversible one-way function
■ Commonly used for password storage

Answer 185

A

Replace sensitive data with non-sensitive tokens. Original data stored securely in a separate database. Often used in payment processing for credit card protection

Answer 186

A

Make data unclear or unintelligible

Answer 187

A

Divide network into separate segments with unique security controls

Answer 188

A

Data loss prevention
Aims to monitor data in use, in transit, or at rest to detect and prevent data theft
can be hardware or software

Answer 189

A

endpoint DLP (installed on laptops)
Network DLP
Storage DLP
Cloud based DLP

Answer 190

A

Proactive process recognizing potential risks

Answer 191

A

Evaluate likelihood and potential impact
Qualitative or quantitative methods

Answer 192

A

Monitor residual risks, identify new risks, and review risk management
effectiveness

Answer 193

A

Communicate risk information and effectiveness of risk management to
stakeholders
● Various forms
○ Dashboards
○ Heat Maps
○ Detailed Reports

Answer 194

A

Assess and prioritize risks based on likelihood and impact

Answer 195

A

Numerically estimate probability and potential impact

Answer 196

A

Conducted as needed, often in response to specific events or situations

Answer 197

A

Conducted for specific projects or initiatives

Answer 198

A

Business Impact Analysis
Evaluates effects of disruptions on business functions
Identifies and prioritizes critical functions
Determines required recovery time for functions

Answer 199

A

recovery time objective
Maximum acceptable time before severe impact

Answer 200

A

Recovery point objective
Maximum acceptable data loss measured in time

Answer 201

A

mean time to repair

Answer 202

A

mean time between failures

Answer 203

A

Records identified risks, descriptions, impacts, likelihoods, and mitigation actions

Answer 204

A

Low medium or high

Answer 205

A

probability of risk occurrence rated on a scale numerical or descriptive

Answer 206

A

result if it occurs

Answer 207

A

Determined by combining the impact and likelihood
Prioritizes risks (e.g., high, medium, low)

Answer 208

A

An organization or individual’s willingness to deal with uncertainty in
pursuit of their goals
● Maximum amount of risk they are willing to accept
● Acceptance without countermeasures

Answer 209

A

Willingness to pursue or retain risk
expansionary, conservative etc

Answer 210

A

key risk indicators

Answer 211

A

Responsible for managing the risk
Monitors, implements mitigation actions, and updates Risk Register

Answer 212

A

exposure factor
Proportion of asset lost in an event (0% to 100%)

Answer 213

A

single loss expectancy
Monetary value expected to be lost in a single event
Asset value x EF

Answer 214

A

annualized rate of occurence

Answer 215

A

Annualized Loss Expectancy (ALE))
SLE x ARO

Answer 216

A

Shifts risk to another party
Common methods
○ Insurance
○ Contract indemnity clauses

Answer 217

A

■ A contractual agreement where one party agrees to cover
the other’s harm, liability, or loss stemming from the
contract

Answer 218

A

Acknowledge and deal with risk if it occurs

Answer 219

A

(excludes party from a rule

Answer 220

A

(allows party to avoid rule under specific conditions)

Answer 221

A

Change plans or strategies to eliminate a specific risk

Answer 222

A

Take steps to reduce likelihood or impact of risk
● Common strategy involving various actions

Answer 223

A

The likelihood and impact of the risk after mitigation,
transference, or acceptance measures have been taken on the initial risk

Answer 224

A

Assessment of how a security measure has lost effectiveness over time

Answer 225

A

Communicating information about risk management activities to stakeholders

Answer 226

A

Potential security and operational challenges from external collaborators

Answer 227

A

managed service provider
Manage IT services on behalf of organizations

Answer 228

A

U.S. federal statute providing funding to boost semiconductor research and
manufacturing in the U.S.
■ Aims to reduce reliance on foreign-made semiconductors, strengthen the
domestic supply chain, and enhance security

Answer 229

A

Essential components in a wide range of products, from smartphones and
cars to medical devices and defense systems

Answer 230

A

■ Process to evaluate the security, reliability, and performance of external entities
■ Crucial due to interconnectivity and potential impact on multiple businesses

Answer 231

A

provide goods or services

Answer 232

A

Involved in production and delivery of products or parts

Answer 233

A

Simulated cyberattacks to identify vulnerabilities in supplier systems

Answer 234

A

Contract provision allowing organizations to evaluate vendor’s internal processes
for compliance

Answer 235

A

A rigorous evaluation that goes beyond surface-level credentials
● Includes the following
○ Evaluating financial stability
○ Operational history
○ Client testimonials
○ On-the-ground practices to ensure cultural alignmen

Answer 236

A

Comprehensive documents filled out by potential vendors

Answer 237

A

Guidelines for interaction between organization and vendors

Answer 238

A

Mechanism used to ensure that the chosen vendor still aligns with organizational
needs and standards

Answer 239

A

Involve a two-way communication channel where both the organization
and the vendor share feedback

Answer 240

A

● Versatile tool that formally establishes a relationship between two parties
● Defines roles, responsibilities, and consequences for non-compliance
● Specifies terms like payment structure, delivery timelines, and product
specifications

Answer 241

A

Defines the standard of service a client can expect from a provider
● Includes performance benchmarks and penalties for deviations
Service level agreement

Answer 242

A

Memorandum of Agreement
Formal, outlines specific responsibilities and roles

Answer 243

A

Memorandum of Understanding
Less binding, expresses mutual intent without detailed specifics

Answer 244

A

master serivce agreement
● Covers general terms of engagement across multiple transactions
● Used for recurring client relationships, supplemented by Statements of
Work

Answer 245

A

statement of work
Specifies project details, deliverables, timelines, and milestones

Answer 246

A

Non-Disclosure Agreement

Answer 247

A

Business Partnership Agreement or joint venture agreement
● Goes beyond basic contracts when two entities collaborate
● Outlines partnership nature, profit-sharing, decision-making, and exit
strategies

Answer 248

A

Overall management of IT infrastructure, policies, procedures, and operations
Risk management
strategic alingment
resource management
performance management

Answer 249

A

Adherence to laws, regulations, standards, and policies

Answer 250

A

governance risk and compliance

Answer 251

A

elected by shareholders to oversee an orgs management

Answer 252

A

subgroups of board with specific focuses

Answer 253

A

Decision-making authority at top management levels

Answer 254

A

Decision-making authority distributed throughout the
organization

Answer 255

A

Acceptable use policy
Document that outlines the do’s and don’ts for users when interacting with an
organization’s IT systems and resources

Answer 256

A

Specifies incident notification, containment, investigation, and prevention steps

Answer 257

A

software development lifecycle
Guides software development stages from requirements to maintenance
Includes secure coding practices, code reviews, and testing standards

Answer 258

A

Governs handling of IT system/process changes

Answer 259

A

Provides a framework for implementing security measures, ensuring that all
aspects of an organization’s security posture are addressed

Answer 260

A

■ Define password complexity and management
■ Include length, character types, regular changes, and password reuse rules
■ Emphasize password hashing and salting for security

Answer 261

A

■ Determine who has access to resources within an organization
■ Include access control models like
● Discretionary Access Control (DAC)
● Mandatory Access Control (MAC)
● Role Based Access Control (RBAC)

Answer 262

A

■ Ensure data remains secure and unreadable even if accessed without
authorization
■ Include encryption algorithms like AES, RSA, and SHA-2
■ Depends on the use case and balance between security and performanc

Answer 263

A

■ Systematic sequences of actions or steps taken to achieve a specific outcome in
an organization
■ Ensures consistency, efficiency, and compliance with standard

Answer 264

A

■ Detailed guides for specific tasks or processes
■ They provide step-by-step instructions for consistent and efficient execution
■ Used in various situations, from cybersecurity incidents to customer complaints
■ Include resource requirements, steps to be taken, and expected outcomes

Answer 265

A

Systematic process of collecting and presenting data to demonstrate adherence
external or internal

Answer 266

A

Regularly reviews and analyzes operations for compIiance
includes due diligence and due care, attestation and acknowledgement, and
internal and external monitoringliance

Answer 267

A

Identifying compliance risks through thorough review

Answer 268

A

Mitigating identified risks

Answer 269

A

Systematic process of developing, operating, maintaining, and selling assets
cost-effectively

Answer 270

A

Process of obtaining goods and services

Answer 271

A

Entire process of sourcing and obtaining those goods and services, including all
the processes that lead up to the acquisition

Answer 272

A

Formal document issued by the purchasing department
For larger, more expensive purchases
Dictates payment terms (NET 15, NET 30, NET 60)

Answer 273

A

bring your own device
Employees use personal devices for work

Answer 274

A

The company provides devices for employees

Answer 275

A

Employees select devices from a company-approved list
Balance between employee choice and organizational control

Answer 276

A

Maintaining an inventory with specifications, location, and
assigned users

Answer 277

A

Goes beyond monitoring, involving the location, status, and
condition of assets using specialized software and tracking
technologie

Answer 278

A

mobile device management

Answer 279

A

Necessity to manage the disposal of outdated assets

Answer 280

A

Provides guidance on asset disposal and decommissioning

Answer 281

A

Thorough process to make data inaccessible and irretrievable from storage
medium using traditional forensic method

Answer 282

A

Replacing the existing data on a storage device with random bits
of information to ensure that the original data is obscured

Answer 283

A

Utilizes a machine called a degausser to produce a strong
magnetic field that can disrupt magnetic domains on storage
devices like hard drives or tapes

Answer 284

A

Deletes data and ensures it can’t be recovered

Answer 285

A

cryptographic erase
Utilizes encryption technologies for data sanitization

Answer 286

A

Goes beyond sanitization, ensures physical device is unusable
Used for high-security environments, especially with Secret or Top Secret data
■ Recommended methods
● Shredding
● Pulverizing
● Melting
● Incineratin

Answer 287

A

Acts as proof that data or hardware has been securely disposed of
■ Important for organizations with regulatory requirements
■ Creates an audit log of sanitization, disposal, or destruction

Answer 288

A

Strategically deciding what to keep and for how long

Answer 289

A

change advisory board

Answer 290

A

Individual or team responsible for initiating change request

Answer 291

A

Integral part of the Change Management process
Assesses potential fallout, immediate effects, long-term impacts

Answer 292

A

Designated timeframes for implementing changes

Answer 293

A

Pre-determined strategy to revert systems to their original state in case of
issues during change implementation

Answer 294

A

standard operating procedure
Detailed step-by-step instructions for specific tasks
● Ensures consistency, efficiency, and reduces errors in change
implementation within the organization
has to do with change management

Answer 295

A

Specifies entities permitted to access a resource

Answer 296

A

Any change, even minor, carries the risk of causing downtime

Answer 297

A

Certain tasks labeled as ‘restricted’ due to their impact on system health
or security

Answer 298

A

Tracks and manages changes in documents, software, and other files
Allows multiple users to collaborate and revert to previous versions when
needed

Answer 299

A

Systematic evaluations of an organization’s information systems, applications,
and security controls

Answer 300

A

Detailed analysis to identify vulnerabilities and risks
Performed before implementing new systems or significant changes
risk vulnerability or threat assessments

Answer 301

A

Gathering information before a pentest can be pasive or active

Answer 302

A

A group, often comprising members of a company’s board of
directors, overseeing audit and compliance activities

Answer 303

A

Identifies potential threats to applications (e.g., SQL injection, XSS, DoS attacks)

Answer 304

A

is designed to help
organizations minimize data and cybersecurity-related exposures
● It assists in identifying areas where data security may need strengthening
● The checklist comprises yes-or-no questions with sections for comments
and action items

Answer 305

A

Detailed inspections of an organization’s security infrastructure conducted
externally

Answer 306

A

offensive pen testing

Answer 307

A

defensive

Answer 308

A

purple teaming

Answer 309

A

Initial phase where an attacker gathers information about the target system

Answer 310

A

Engaging with the target system directly, such as scanning for open ports
using tools like Nmap

Answer 311

A

Gathering information without direct engagement, like using open-source
intelligence or WHOIS to collect data

Answer 312

A

Multipurpose computer security and penetration testing framework

Answer 313

A

Involves formal validation or confirmation provided by an entity to assert the

Answer 314

A

Ability to deliver outcomes despite adverse cyber events

Answer 315

A

Having additional systems or processes for continued functionality

Answer 316

A

The time a system remains online, typically expressed as a percentage

Answer 317

A

Refers to 99.999% uptime, allowing only about 5 minutes of downtime
per year

Answer 318

A

Distributes workloads across multiple resources

Answer 319

A

Uses multiple computers, storage devices, and network connections as a single
system

Answer 320

A

Distributes data, applications, and services across multiple cloud providers
Mitigates the risk of a single point of failure

Answer 321

A

helps with data redundancy
Combines multiple physical storage devices into a single logical storage
device recognized by the operating system

Answer 322

A

resists hardware malfunctions through redundancy RAID 1

Answer 323

A

Allows continued operation and quick data rebuild in case of failure (e.g.,
RAID 1, RAID 5, RAID 6, RAID 10

Answer 324

A

Safeguards against catastrophic events by maintaining data in
independent zones (e.g., RAID 1, RAID 10)

Answer 325

A

People, technology, infrastructure and processes

Answer 326

A

Sudden, small increases in voltage beyond the standard level (e.g., 120V
in the US)

Answer 327

A

Short-lived voltage increases, often caused by short circuits, tripped
breakers, or lightning

Answer 328

A

Brief decreases in voltage, usually not severe enough to cause system
shutdown

Answer 329

A

Prolonged reduction in voltage, leading to system shutdown

Answer 330

A

Complete loss of power for a period, potentially causing data loss and
damage

Answer 331

A

Stabilize voltage supply and filter out fluctuations
Stabilize voltage supply and filter out fluctuations

Answer 332

A

Uninterruptible Power Supplies (

Answer 333

A

Convert mechanical energy into electrical energy for use in an external
circuit through the process of electromagnetic inductio

Answer 334

A

Power Distribution Centers
Central hub for power reception and distribution
Integrates with UPS and backup generators for seamless transitions
during power events

Answer 335

A

Storing data copies in the same location as the original data

Answer 336

A

Storing data copies in a geographically separate location

Answer 337

A

Point-in-time copies capturing a consistent state

Answer 338

A

Real-time or near-real-time data copying to maintain data continuity

Answer 339

A

Maintaining a detailed record of data changes over time

Answer 340

A

Continuity of Operations Plan

Answer 341

A

Business Continuity Planning

Answer 342

A

Disaster Recovery Plan
subset of BC plan

Answer 343

A

Backup location or facility that can take over essential functions and operations
in case the primary site experiences a failure or disruption

Answer 344

A

Up and running continuously, enabling a quick switchover
Requires duplicating all infrastructure and data

Answer 345

A

Not fully equipped, but fundamentals in place

Answer 346

A

Fewer facilities than warm sites
May be just an empty building, ready in 1-2 months

Answer 347

A

Fully replicated and instantly accessible in the cloud

Answer 348

A

Involves scaling up resources when needed

Answer 349

A

Assess system’s ability to withstand and adapt to disruptive events
-Conducted through tabletop exercises, failover tests, simulations, and parallel
processing

Answer 350

A

Evaluates the system’s capacity to restore normal operation after a disruptive
event

Answer 351

A

Table Top Exercise
Scenario-based discussion among key stakeholders

Answer 352

A

Controlled experiment for transitioning from primary to backup components

Answer 353

A

Computer-generated representation of a real-world scenario
Allows for hands-on response actions in a virtual environment

Answer 354

A

Replicates data and system processes onto a secondary system

Answer 355

A

Outlines the division of responsibilities between the cloud service provider and
the customer

Answer 356

A

Combined on-premise, private cloud, and public cloud services, allowing
workload flexibility

Answer 357

A

Cloud environments are dynamic and require up-to-date security measures

Answer 358

A

Cloud services relying on specific resources or processes can lead to system-wide
outages if they fail

Answer 359

A

Residual data left behind after deletion or erasure processes

Answer 360

A

Emulates servers, each with its own OS within a virtual machine

Answer 361

A

Lightweight alternative, encapsulating apps with their OS environment

Answer 362

A

bare metal

Answer 363

A

Operates within a standard OS (e.g., VirtualBox, VMware)

Answer 364

A

Attackers break out of isolated VMs to access the hypervisor

Answer 365

A

Unauthorized elevation to higher-level users

Answer 366

A

Attacker captures unencrypted data between servers

Answer 367

A

Improper clearing of resources may expose sensitive data

Answer 368

A

Relies on cloud service providers to handle server management, databases, and
some application logic

Answer 369

A

Developers write and deploy individual functions triggered by events

Answer 370

A

Architectural style for breaking down large applications into small, independent
services

Answer 371

A

Comprises hardware, software, services, and facilities for network support and
management

Answer 372

A

physical separation of systems

Answer 373

A

■ Establishes boundaries within a network to restrict access to certain areas
■ Implemented using firewalls, VLANs, and network devices

Answer 374

A

softwre defined network
Enables dynamic, programmatically efficient network configuration
Provides a centralized view of the entire network

Answer 375

A

Decouples network control and forwarding functions

Answer 376

A

forwarding plane
Responsible for handling data packets
Concerned with sending and receiving data

Answer 377

A

Centralized decision-maker in SDN
Dictates traffic flow across the entire network
Replaces traditional, distributed router control planes

Answer 378

A

Hosts all network applications that interact with the SDN
controller
○ Applications instruct the controller on network management
○ Controller manipulates the network based on these instructions

Answer 379

A

Infrastructure as Code
Automates provisioning and management through code
Used in DevOps and with cloud computing

Answer 380

A

All computing functions managed from a single location or authority

Answer 381

A

No single point of control; each node operates independently

Answer 382

A

internet of things
Network of physical devices with sensors, software, and connectivity

Answer 383

A

Central component connecting IoT devices
Collects, processes, analyzes data, and sends commands

Answer 384

A

Everyday objects enhanced with computing and internet capabilities

Answer 385

A

Subset of smart devices worn on the body

Answer 386

A

Detect changes in environment, convert into data

Answer 387

A

Industrial Control Systems
-Systems used to monitor and control industrial processes, found in various
industries like electrical, water, oil, gas, and data

Answer 388

A

Distributed Control Systems
Used in control production systems within a single location

Answer 389

A

Programmable Logic Controllers
Used to control specific processes such as assembly lines and factories

Answer 390

A

Supervisory Control and Data Acquisition
Type of ICS designed for monitoring and controlling geographically dispersed
industrial processes

Answer 391

A

Specialized computing components designed for dedicated functions within
larger device

Answer 392

A

real time operating system
Designed for real-time applications that process data without significant delays
Critical for time-sensitive applications like flight navigation and medical
equipment

Answer 393

A

Protect data during transfer by hiding data interception points

Answer 394

A

Manage low-level software to maintain system integrity

Answer 395

A

over the air updates

Answer 396

A

Logical communication endpoints on a computer or server

Answer 397

A

1024-49151 vendor specific
registered with IANA

Answer 398

A

49152-65535

Answer 399

A

A network security device or software that monitors and controls network traffic
based on security rules
■ Protects networks from unauthorized access and potential threats

Answer 400

A

DMZ
acts as a security barrier between external untrusted networks and the internal network uses firewalls

Answer 401

A

limited inspection of packet headers for IP addresses and port numbers
operates at layer 4 transport layer

Answer 402

A

It allows return traffic for outbound requests
operates at layer 4

Answer 403

A

Makes connections on behalf of endpoints
two types:
circuit layer (layer 5)
app layer (layer 7)

Answer 404

A

minimal impact on network performance
full inspection of packets at eveyr layer
placed closed to system they protect

Answer 405

A

next gen firewall
application aware and can distinguish between different types of traffic
Example: it may allow aql server traffic regardless of the port # used
conducts deep packet analysis and use signature based intrusion protection
-

Answer 406

A

unified threat management firewall
-combines multiple security functions in a single device
single point of failure

Answer 407

A

web application firewall
prevents against cross site scripting and SQL injections
can be placed in line (live attack prevention) where the device sits between the network firewall and the web servers or out of line (detectio) device receives a mirroed copy of web server traffic

Answer 408

A

operates at the transport layer
filters traffic based on port numbers and protocol data

Answer 409

A

operates at app layer
inspects filters and controls traffic based on content and data characteristics

Answer 410

A

access control lists
consist of permit and deny statements often based on port numbers
rule sets placed on firewalls, routers and network infrastructure devices
includes types of traffic
source destination and action to be taken against the traffic

Answer 411

A

a dedicated network security device

Answer 412

A

A firewall that runs as a software application on individual devices, such
as workstations
● Utilizes ACLs and rules to manage incoming and outgoing traffic,
providing security at the software level on a per-device basis

Answer 413

A

intrusion detection system
Logs or alerts that it found something suspicious or malicious

Answer 414

A

Network-based IDS
Monitors the traffic coming in and out of a network

Answer 415

A

Looks at suspicious network traffic going to or from a single or endpoint

Answer 416

A

wireless IDS
Detects attempts to cause a denial of a service on a wireless
network

Answer 417

A

Analyzes traffic based on defined signatures and can only
recognize attacks based on previously identified attacks in its database

Answer 418

A

specific pattern of steps NIDS and WIDS

Answer 419

A

known system baseline HIDS

Answer 420

A

Analyzes traffic and compares it to a normal baseline of traffic to
determine whether a threat is occurring
Five Types of Anomaly-based Detection Systems
■ Statistical
■ Protocol
■ Traffic
■ Rule or Heuristic
■ Application-based

Answer 421

A

Logs, alerts, and takes action when it finds something suspicious or malicious
Scans traffic to look for malicious activity and takes action to stop it

Answer 422

A

A dedicated hardware device with pre-installed software for specific networking
services

Answer 423

A

Distribute network/application traffic across multiple servers
● Enhance server efficiency and prevent overload
● Ensure redundancy and reliability
● Perform continuous health checks
● Application Delivery Controllers (ADCs) offer advanced functionality

Answer 424

A

Act as intermediaries between clients and servers
Provide content caching, requests filtering, and login management
Enhance request speed and reduce bandwidth usage
Add a security layer and enforce network utilization policies
Protect against DDoS attacks

Answer 425

A

Secure gateways for system administrators to access devices in different security zones

-Control access and reduce the attack surface areaSecure gateways for system administrators to access devices in different secuA jump server is placed between a user’s workstation and the target servers or devices, providing a controlled point of access. It helps isolate the internal network from potential threats originating from external networks.

Answer 426

A

A network switch feature that restricts device access to specific ports based on
MAC addresses

Answer 427

A

Networking devices that operate at Layer 2 of the OSI model

Use MAC addresses for traffic switching decisions through transparent bridging

Answer 428

A

Content Addressable Memory
Stores MAC addresses associated with switch ports
Vulnerable to MAC flooding attacks, which can cause the switch to fail open

Answer 429

A

Provides port-based authentication for wired and wireless networks

Requires three roles
● Supplicant
● Authenticator
● Authentication server (RADIUS or TACACS+

Answer 430

A

Remote Authentication Dial-In User Service) is a protocol that manages authentication, authorization, and accounting (AAA) for users who connect to the network.

cross platform

Answer 431

A

TACACS+ is slower but offers additional security and independently handles
authentication, authorization, and accounting

CISCO

Answer 432

A

(Extensible Authentication Protocol) you walk up to a building, a guard comes up and asks for a form of identification could be a driver’s license, etc this is like the different variants of EAP then your credentials are forwaded to the RADIUS server whcih checks them against a database

Answer 433

A

Uses simple passwords and the challenge handshake
authentication process to provide remote access authentication
○ One-way authentication process
○ Doesn’t provide mutual authentication

Answer 434

A

REquires a digital certificate on the server, but not on the client
○ The client uses a password for authentication

Answer 435

A

Uses public key infrastructure with a digital certificate which is
installed on both the client and the server
○ Uses mutual authentication

Answer 436

A

Uses protected access credential, instead of a certificate, to
establish mutual authentication

Answer 437

A

Supports mutual authentication using server certificates andActive Directory databases to authenticate a password from the
client

Answer 438

A

Cisco proprietary and limited to Cisco devices

Answer 439

A

virtual private network
Extend private networks across public networks

Answer 440

A

Connects two sites cost-effectively
Replaces expensive leased lines
Utilizes a VPN tunnel over the public internet
Encrypts and secures data between sites

Answer 441

A

Connects a single host (e.g., laptop) to the central office
Ideal for remote user access to the central network
Options for full tunnel and split tunnel configurations

Answer 442

A

Uses a web browser to establish secure, remote-access VPN
No need for dedicated software or hardware client
Utilizes HTTPS and TLS protocols for secure connections to
websites

Answer 443

A

Encrypts and routes all network requests through the VPN
○ Provides high security, clients fully part of central network
○ Limits access to local resources
○ Suitable for remote access to central resources

Answer 444

A

Divides traffic, routing some through the VPN, some directly to the internet
Enhances performance by bypassing VPN for non-central traffic

Answer 445

A

Provides encryption and security for data in transit
Used for secure connections in web browsers (HTTPS)
operates at layer 4 Transport layer

TLS: Operates at the Transport Layer, securing individual connections between applications.
IPSec: Operates at the Network Layer, securing IP packets and often used for creating secure network tunnels

Answer 446

A

datagram TLS
A faster User Datagram Protocol-based (UDP-based) alternative
Ensures end-user security and protects against eavesdropping in clientless
VPN connections

Answer 447

A

A secure protocol suite for IP communication

IPSec: Operates at the Network Layer, securing IP packets and often used for creating secure network tunnels

Answer 448

A

securing the payload of the IP packet

Answer 449

A

Provides confidentiality for both payload and header
Adds a new header to encapsulate the entire packet

Answer 450

A

AH adds an extra header to the original IP packet. This header contains a cryptographic hash of the packet’s content, which allows the recipient to verify that the packet has not been altered.

: Think of AH as sending a sealed and stamped letter (packet) where the recipient can verify that the letter has not been tampered with and is indeed from the sender, but anyone can still see the content of the letter.

Answer 451

A

Provides confidentiality, integrity, and encryption
● Provides replay protection
● Encrypts the packet’s payload

Think of ESP as sending a sealed and locked box (packet) that not only ensures the recipient can verify the sender and check for tampering but also keeps the contents of the box hidden from anyone who doesn’t have the key.

Answer 452

A

Software defined wide area network
is a technology that simplifies the management and operation of a WAN (Wide Area Network) by separating the networking hardware from its control mechanism using software. Here’s a simple explanation:

Without SD-WAN: It’s like driving without a GPS, relying on static maps and hoping for the best route, even if traffic conditions change.
With SD-WAN: It’s like using a GPS that constantly updates your route based on real-time traffic information, ensuring you always take the fastest and most efficient path to your destination.

Answer 453

A

Secure Access Service Edge)
A network architecture combining network security and WAN capabilities in a
single cloud-based service

SD-WAN is a foundational component of SASE. It provides the network optimization and dynamic routing capabilities.
SASE builds on SD-WAN by adding comprehensive security services

Answer 454

A

Isolate devices with similar security requirements

Answer 455

A

allows traffic to pass during a failure

Answer 456

A

Blocks all traffic during a failure, prioritizing security over connectivity

Answer 457

A

Users and systems should have only necessary access rights to reduce the
attack surface

Answer 458

A

Utilize multiple layers of security to ensure robust protection even if one
control fails

Answer 459

A

Prioritize controls based on potential risks and vulnerabilities specific to
the infrastructure

Answer 460

A

Regularly review, update, and retire controls to adapt to the evolving threat landscape

Answer 461

A

Ensure transparency and accountability through rigorous testing andscrutiny of controls

Answer 462

A

Ensures right individuals have right access to right resources for right reasons
● Password Management
● Network Access Control
● Digital Identity Management

Answer 463

A

identification, authentication, authorization, and accounting

Answer 464

A

User claims an identity using a unique identifier (e.g., username or email
address

Answer 465

A

Verifies the identity of a user, device, or system
● Typically involves validating user credentials against an authorized user
database

Answer 466

A

Determines the permissions or access levels for authenticated users

Answer 467

A

tracks and records user activities

Answer 468

A

Creating new user accounts, assigning permissions, and providing system access

Answer 469

A

Removing access rights when no longer needed (e.g., when an
employee leaves

Answer 470

A

Process of verifying a user’s identity before creating their accoun

Answer 471

A

Ability of different systems, devices, and applications to work together
and share information
● In IAM, it can involve using standards like SAML or OpenID Connect for
secure authentication and authorization

Answer 472

A

A security system requiring multiple methods of authentication from
independent categories of credentials

Answer 473

A

An alternative to traditional passwords for authentication

Involves creating a passkey secured by device authentication methods like fingerprint or facial recognition

Answer 474

A

password generation
auto fill
secure sharing
cross platform access

Answer 475

A

one time passwords

Answer 476

A

one time links sent to email for auto login

Answer 477

A

Tries every possible character combination until the correct password is found

Answer 478

A

Uses a list of commonly used passwords (a dictionary) to crack passwords

Answer 479

A

A form of brute force attack that tries a few common passwords against many
usernames or account

Answer 480

A

Combines elements of brute force and dictionary attacks
May include variations, such as adding numbers or special characters to
passwords

Answer 481

A

single sign on
Authentication process allowing users to access multiple applications with one
set of credentials

Answer 482

A

Lightweight Directory Access Protocol)
-protocol for SSO
-Lightweight Directory Access Protocol)
-Can share user information across network resources

Answer 483

A

Allows third-party services to access user account information without exposing passwords

Answer 484

A

Redirects users to an identity provider for authentication

Answer 485

A

Links electronic identities and attributes across multiple identity management
systems

-Enables users to use the same credentials for login across systems managed by different organizations

Answer 486

A

priviledged access managment
Solution that restricts and monitors privileged access within an IT environment

Answer 487

A

Security model that grants administrative access only when needed for a
specific task

Answer 488

A

Technique that stores and manages passwords securely, often in a digital
vault.

Answer 489

A

Temporary accounts used for time-limited access to resources

Answer 490

A

Uses security labels to authorize resource access
Requires assigning security labels to both users and resources

Answer 491

A

discretionary access control
Resource owners specify which users can access their resources

Answer 492

A

Role-Based Access Control

Answer 493

A

Uses security rules or access control lists
● Policies can be changed quickly and frequently
● Applied across multiple users on a network segment

Answer 494

A

attribute base access control
user attributes, environment attributes etc

Answer 495

A

Define the levels of access that users have

Answer 496

A

A mechanism designed to ensure that actions requiring administrative rights are explicitly authorized by the use

Answer 497

A

Specialized software stored on hardware devices
● Can grant attackers full control, leading to unauthorized access or
takeover

Answer 498

A

No updates or support from the manufacturer

Answer 499

A

Outdated and superseded by newer alternatives

Answer 500

A

no official support ever

Answer 501

A

Tighten security by closing unnecessary ports, disabling services, and
setting permission

Answer 502

A

Regular updates to fix known vulnerabilities in software, firmware, and applications

Answer 503

A

Wireless technology for short-distance data exchange

Answer 504

A

Occurs when Bluetooth devices establish a connection without
proper authentication

Answer 505

A

Occurs when an attacker impersonates a device to trick a user into connecting

Answer 506

A

Exploits Bluetooth protocol vulnerabilities to intercept and alter
communications between devices without either party being
aware

Answer 507

A

Sending unsolicited messages to a Bluetooth device
● Often used for pranks or testing vulnerabilities

Answer 508

A

Unauthorized access to a device to steal information like contacts, call
logs, and text messages

Answer 509

A

Allows attackers to take control of a device’s Bluetooth functions

Answer 510

A

Installing apps from unofficial sources bypassing the device’s default app store

Answer 511

A

Gives users escalated privileges but exposes devices to potential security
breaches

Answer 512

A

Discovered or exploited before vendors issue patches

Answer 513

A

Appear as legitimate security updates but contain malware or exploits

Answer 514

A

Involves sending malicious data to a system for unintended consequences

Answer 515

A

used to interact with databases

Answer 516

A

Involves inserting malicious SQL code into input fields

Answer 517

A

Used for data exchange in web applications

Answer 518

A

billions laigh attack
Consumes memory exponentially, acting like a denial-of-service
attack

Answer 519

A

xml external entity attack
Attempts to read local resources, like password hashes in the shadow file

Answer 520

A

cross site scripting
Injects a malicious script into a trusted site to compromise the site’s visitors

Answer 521

A

A XSS attack that only occurs when it is launched and only
happens once
○ Server executes the attack (Server-side scripting attack)

Answer 522

A

Allows an attacker to insert code into a backend database used by that trusted website

Answer 523

A

document object model
Exploits the client’s web browser using client-side scripts to
modify the content and layout of the web page

Answer 524

A

Enables web applications to uniquely identify a user across several different actions and requests

Answer 525

A

Text file used to store information about a user when they visit a
website

Answer 526

A

■ Also known as a session cookie
■ Resides in memory and are used for a very short time
period
■ Deleted at the end of the session

Answer 527

A

Stored in the browser cache until either deleted by a user
or expire

Answer 528

A

Type of spoofing attack where the attacker disconnects a host and then replaces it with his or her own machine by spoofing the original host IP

Answer 529

A

Type of spoofing attack where the attacker attempts to predict the
session token in order to hijack the session

Answer 530

A

cross site request forgery
Malicious script is used to exploit a session started on another site within the
same web browser

Answer 531

A

Occurs when a process stores data outside the memory range allocated by the
developer

Answer 532

A

Temporary storage areas used by programs to hold data

Answer 533

A

Programs have a reserved memory area called a stack to store data during
processing

Answer 534

A

Attackers aim to overwrite the return address with a pointer to their malicious
code

Answer 535

A

Attackers fill the buffer with NOP (No-Operation) instructions

Answer 536

A

Address Space Layout Randomization mitigation against buffer attack

Answer 537

A

Software vulnerabilities related to the order and timing of events in concurrent
processes

Answer 538

A

Software vulnerability that occurs when the code attempts to remove the
relationship between a pointer and the thing that the pointer was
pointing to in the memory which allows changes to be made

Answer 539

A

A real-world example of race condition exploitation

Answer 540

A

time of check
Attackers manipulate a resource’s state after it is checked but before it is
used

Answer 541

A

Attackers alter a resource’s state after it is checked but before it is used

Answer 542

A

time of evaulation
Attackers manipulate data or resources during the system’s
decision-making or evaluation process
● Can lead to incorrect results or unexpected behavior

Answer 543

A

Mutually exclusive flag that acts as a gatekeeper to a section of
code so that only one thread can be processed at a time
○ Mutexes ensure only one thread or process can access a specific
section of code at a time

mitigation against race condition

Answer 544

A

Occurs when a lock remains in place because the process it’s waiting for is
terminated, crashes, or doesn’t finish properly, despite the processing
being complete

Answer 545

A

denial of service
Used to describe an attack that attempts to make a computer or server’s
resources unavailable

Answer 546

A

Overloading a server with ICMP echo requests (pings)

Answer 547

A

Initiating multiple TCP sessions but not completing the 3-way handshake

Answer 548

A

permanent DoS
exploits security flaws to break a networking device permanently by re-flashing
its firmware

Answer 549

A

Attack creates a large number of processes, consuming processing power

Answer 550

A

Malicious attempt to disrupt the normal functioning of a network, service, or
website by overwhelming it with a flood of internet traffic

Answer 551

A

Specialized DDoS that allows an attacker to initiate DNS requests
from a spoof IP address to flood a website

Answer 552

A

Routes attacking IP traffic to a non-existent server through a null interface
● Effective but temporary solution

Answer 553

A

domain name system

Fundamental component of the internet that is responsible for translating
human-friendly domain names into IP addresses that computers can understand

Answer 554

A

(Domain Name System Security Extensions) to add
digital signatures to DNS data

Answer 555

A

aka DNS spoofing
● Corrupts a DNS resolver’s cache with false information
● Redirects users to malicious websites

Answer 556

A

Overwhelms a target system with DNS response traffic by exploiting the
DNS resolution process

Answer 557

A

Encapsulates non-DNS traffic (e.g., HTTP, SSH) over port 53

Attempts to bypass firewall rules for command and control or data
exfiltration

Answer 558

A

Unauthorized change of domain registration

Answer 559

A

Exposes sensitive information about a domain’s network infrastructure

Answer 560

A

An injection attack occurs when the attacker inserts malicious code through an
application interface

Answer 561

A

Web application vulnerability that allows an attacker either to download a file
from an arbitrary location on the host file system or to upload an executable or script file to open a backdoor

Answer 562

A

An attacker adds a file to the web app or website that already exists on
the hosting server

Answer 563

A

Vulnerability allows an attacker to run their code without restrictions

Answer 564

A

Type of arbitrary code execution that occurs remotely, often over the internet

Answer 565

A

Gaining higher-level permissions than originally assigned

Answer 566

A

Accessing or modifying resources at the same level as the attacker

Answer 567

A

Class of malware that conceals its presence by modifying system files, often at
the kernel level

Answer 568

A

the kernel

Answer 569

A

rings 1-3
has admin privileges

Answer 570

A

Type of network-based attack where valid data transmissions are maliciously or
fraudulently re-broadcast, repeated, or delayed
■ Involves intercepting data, analyzing it, and deciding whether to retransmit it
later

Answer 571

A

Specific type of replay attack that Involves capturing a user’s login credentials
during a session and reusing them for unauthorized access

Answer 572

A

Enables web applications to uniquely identify a user across a number of different
actions and requests, while keeping the state of the data generated by the user
and ensuring it is assigned to that user

Answer 573

A

A type of spoofing attack where the attacker disconnects a host then replaces it
with his or her own machine, spoofing the original host’s IP address

Answer 574

A

A type of spoofing attack where the attacker attempts to predict the session
token to hijack a sessioC

Answer 575

A

Modifies the contents of a cookie after it has been generated and sent by the
web service to the client’s browser so that the newly modified cookie can be
used to exploit vulnerabilities in the web application

Answer 576

A

An attack where the attacker positions their workstation logically between two
hosts during communication

Answer 577

A

Manipulating Address Resolution Protocol (ARP) tables to redirect
network traffic

Answer 578

A

Altering DNS responses to reroute traffic

Answer 579

A

Creating a fake wireless access point to intercept traffic

Answer 580

A

Introducing a malicious hub or switch to capture data on a wired network

Answer 581

A

Occurs when an attacker captures valid data and then replays it immediately or
with a delay

Answer 582

A

The attacker becomes part of the conversation between two hosts

Answer 583

A

An attack that tricks the encryption application into presenting an
HTTP connection instead of HTTPS

Answer 584

A

An attacker forces a client or server to abandon a higher security mode in favor
of a lower security mode

Answer 585

A

An application attack that targets web-based applications by fabricating LDAP
statements that are typically created by user inpu

Answer 586

A

Occurs when a threat actor is able to execute arbitrary shell commands on a host
via a vulnerable web application

Answer 587

A

method of executing arbitrary code in the address space of a separate live process

Answer 588

A

indicators of compromise
Pieces of forensic data that identify potentially malicious activity on a network or
system

Answer 589

A

Involves configuring systems with only essential applications and services

Answer 590

A

Only applications on the approved list are allowed to run

Answer 591

A

Applications placed on the blocklist are prevented from running
■ All other applications are permitted to run

Answer 592

A

trusted OS
An operating system that is designed to provide a secure computing environment
by enforcing stringent security policies that usually rely on mandatory access
control

Answer 593

A

evaluation assurance level

EAL 1 lowest EAL 7 highest

Answer 594

A

A software patch that solves a security issue and should be applied immediately
after being tested in a lab environment

Answer 595

A

Provides a system with additional functionality, but it doesn’t usually provide any
patching of security related issues
■ Often introduce new vulnerabilities

Answer 596

A

Includes all the hotfixes and updates since the release of the operating system

Answer 597

A

Planning, testing, implementing, and auditing of software patches

Brainscape's Knowledge GenomeTM

Acronyms 2 Flashcards

Brainscape's Knowledge Genome^TM