Acronyms 3

Question 1

Group Policy

Answer 1

A set of rules and policies that can be applied to users or computer accounts
within an operating system

Question 2

Security Templates

Answer 2

A group of policies that can be loaded through one procedure

Question 3

Security Template

Answer 3

A group of policies that can be loaded through the Group Policy Editor

Question 4

GPO

Answer 4

group policy objective
Used to harden the operating system and establish secure baselines

Question 5

Baselining

Answer 5

A process of measuring changes in the network, hardware, or software
environment

Question 6

SELinux

Answer 6

security enhanced linux enforces MAC

Question 7

Context based permissions

Answer 7

Permission schemes that consider various properties to determine
whether to grant or deny access to a use

Question 8

SELinux user context

Answer 8

defines which users can access an onject

Question 9

SELinux role context

Answer 9

determines which roles can access an object

Question 10

Type context selinux

Answer 10

Essential for fine-grained access control, grouping objects with similar
security characteristics

Question 11

selinux Optional level context

Answer 11

Describes the sensitivity level of a file, directory, or process

Question 12

SELinux Modes

Answer 12

disabled, permissive enforcing

Question 13

SELinux Policy

Answer 13

Describes access permissions for users, programs, processes, files, and
devices

Question 14

Targeted SELinux policies

Answer 14

Only specific processes are confined to a domain, while others run
unconfined

Question 15

SELinux Strict Policies

Answer 15

Every subject and object operates under MAC, but it’s more
complex to set up

Question 16

Data Encryption

Answer 16

Process of converting data into a secret code to prevent unauthorized access

Question 17

Vercrypt

Answer 17

Tool that selectively encrypts partitions, like sensitive documents,
while leaving the OS partition unencryptedG

Question 18

GNU Privacy Guard

Answer 18

A tool that provides cryptographic privacy and authentication for
data communication

Question 19

Wireless Infrastructure Security

Answer 19

Crucial for securing wireless networks in organizations

Question 20

Secure Baseline

Answer 20

Standard set of security configurations and controls applied to systems,
networks, or applications to ensure a minimum level of security

Question 21

Wireless Access Point Placemant

Answer 21

WAPs allow wireless devices to connect to a wired network using Wi-Fi standards

Question 22

ESS

Answer 22

Extended service set
multiple WAPS work together to provide seamless network coverage

Question 23

Wireless Access Point Interference

Answer 23

Interference occurs when multiple WAPs use the same channels or overlapping
frequencies

Question 24

Site Surveys

Answer 24

Essential for planning and designing wireless networks

Question 25

Heat maps

Answer 25

Graphical representations of
○ Wireless coverage
○ Signal strength
○ Frequency utilization
● Useful for troubleshooting
○ Coverage issues
○ Dead zones
○ Signal leakage

Question 26

WEP

Answer 26

(Wired Equivalent Privacy)
Utilizes a static encryption key system

Question 27

WPA

Answer 27

Wi-Fi Protected Access

Question 28

WPA3

Answer 28

■ The latest and most secure wireless security protocol.
■ Uses AES for encryption and introduces new features.
■ Features
● Simultaneous Authentication of Equals (SAE)
○ Replaces the 4-way handshake with a Diffie-Hellman key
agreement
○ Protects against offline dictionary attacks
● Enhanced Open (Opportunistic Wireless Encryption)
○ Provides individualized data encryption even in open networks
○ Improves privacy and security in open Wi-Fi scenarios
● Updated Cryptographic Protocols
○ AES GCMP replaces AES CCMP used in WPA2
○ Supports both 128-bit and 192-bit AES for enhanced security
● Management Frame Protection
○ Ensures the integrity of network management traffic
○ Prevents eavesdropping, forging, and tampering with
management frames

Question 29

SAE

Answer 29

Simultaneous Authentication of Equals

Replaces the 4-way handshake with a Diffie-Hellman key
agreement
○ Protects against offline dictionary attack

Question 30

Enhanced Open

Answer 30

Opportunistic Wireless Encryption
provides encryption even in open networks

Question 31

Management Frame protection

Answer 31

Ensures the integrity of network management traffic

Prevents eavesdropping, forging, and tampering with
management frame

Question 32

AAA protocols

Answer 32

Important for centralized user authentication and access control

Question 33

SAST

Answer 33

static code analysis
A method of debugging an application by reviewing and examining its
source code before running the program

Question 34

DAST

Answer 34

dynamic code analysis

Question 35

DAST Fuzzing

Answer 35

inputs random data to provoke crashes

Question 36

Stress testing DAST

Answer 36

Evaluates system stability and reliability under extreme
conditions

Question 37

Code signing

Answer 37

Confirms the software author’s identity and integritySan

Question 38

Sandboxing

Answer 38

Isolates running programs, limiting their access to resources

Question 39

NAC

Answer 39

network access control

Used to protect networks from both known and unknown devices by scanning
devices to assess their security status before granting network access

Question 40

NAC persistent agents

Answer 40

installed on devices in a corporate environment where the org controls and owns the device software

Question 41

NAC non persistent agents

Answer 41

Common in environments with personal devices (e.g., college campuses);
users connect, access a web-based captive portal, download an agent for scanning and delete itself after insepction

Question 42

Web filtering

Answer 42

Web filtering or content filtering is used to control or restrict the content users
can access on the internet

Question 43

Agent based web filtering

Answer 43

nvolves installing an agent on each device
● Monitors and enforces web usage policies
● Effective for remote and mobile worker

Question 44

Centralized proxy

Answer 44

Uses a proxy server as an intermediary between an organization’s end
users and the Internet

Question 45

URL Scanning

Answer 45

Analyzes website URLs to check for matches in a database of known
malicious websites

Question 46

Content Categorization

Answer 46

Classifies websites into categories (e.g., social media, adult content) and
blocks or allows categories based on policies

Question 47

Block rules

Answer 47

Specific guidelines set by organizations to prevent access to certain
websites or categories, often used to address security threats

Question 48

Reputation based filtering

Answer 48

Blocks or allows websites based on a reputation score determined by
third-party services, considering factors like hosting malware or phishing

Question 49

DNS filtering

Answer 49

DNS filtering (Domain Name System filtering) blocks access to specific websites
by preventing the translation of domain names to their IP addresse

Question 50

Email Security

Answer 50

Encompasses techniques and protocols to protect email content, accounts, and
infrastructure from unauthorized access, loss, or compromise

Question 51

DKIM

Answer 51

domainkeys identified mail

Allows the receiver to verify the source and integrity of an email by
adding a digital signature to the email headers

Question 52

SPF

Answer 52

sender policy framework

Prevents sender address forgery by verifying the sender’s IP against
authorized IPs listed in the sender’s domain DNS records

Question 53

DMARC

Answer 53

Domain-based Message Authentication, Reporting and Conformance)
● DMARC detects and prevents email spoofing by setting policies for email
sending and handling failures

Question 54

Email gateway protocol configuration

Answer 54

Email gateways serve as entry and exit points for emails, facilitating
secure and efficient email transmission
● They use SMTP (Simple Mail Transfer Protocol) to send and receive emails
● Email gateways handle email routing, email security, policy enforcement,
and email encryption

Question 55

Spam filtering

Answer 55

Spam filtering detects and prevents unwanted and unsolicited emails from
reaching users’ inboxes

Question 56

EDR

Answer 56

endpoint detection and response

Category of security tools that monitor endpoint and network events and record
the information in a central database

Question 57

FIM

Answer 57

file integrity monitoring
validates the integrity of operating system and application software files by
comparing their current state with a known, good baseline

Question 58

XDR

Answer 58

extended detection and response

Security strategy that integrates multiple protection technologies into a single
platform

■ EDR is focused on the endpoints to detect and respond to potential threats
■ XDR is more comprehensive solution because it focuses on endpoints, but also
on networks, cloud, and email to detect and respond to potential threats

Question 59

UBA

Answer 59

user behavior analytics

Advanced cybersecurity strategy that uses big data and machine learning to
analyze user behaviors for detecting security threats

Question 60

UEBA

Answer 60

user behavior and entity behavior analytics

Technology similar to UBA but extends the monitoring of entities like routers,
servers, and endpoints in addition to user accounts

Question 61

Secure protocols

Answer 61

■ Choose secure protocols to protect data in transit from unauthorized access
● Examples include HTTP vs. HTTPS, FTP vs. SFTP, Telnet vs. SSH

Question 62

Telnet

Answer 62

app layer protocol that allows a user to log in from one computer to another on the same network, uses plaintext, use ssh instead

Question 63

Well known ports

Answer 63

0-1023

Question 64

REgistered ports

Answer 64

1024-49151

Question 65

TCP

Answer 65

transmission control protocol Connection-oriented, ensuring data delivery without errors

Question 66

UDP

Answer 66

user datagram protocol
Connectionless and faster, but doesn’t guarantee data delivery

Suitable for applications prioritizing speed over accuracy, like streaming
video or gaming

Question 67

Vulnerability Scanning

Answer 67

Automated probing of systems, networks, and applications to discover
potential vulnerabilities

Question 68

Threat intelligence feeds

Answer 68

■ Provide valuable information about potential or current threats to an
organization’s security
■ Continuous streams of data related to potential or current threats
■ Collected, analyzed, and disseminated by security researchers, organizations, or
automated tools

Question 69

Threat intelligence

Answer 69

Continuous process to comprehend the specific threats an organization
faces

Question 70

OSINT

Answer 70

open source intelligence

Collected from publicly available sources like reports, forums, news
articles, blogs, and social media

Question 71

Dark web

Answer 71

A hidden part of the internet inaccessible through standard browsers

Question 72

Responsible disclosure

Answer 72

Ethical practice for disclosing vulnerabilities in software, hardware, or onlines ervices

Question 73

Bug bounty programs

Answer 73

Robust responsible disclosure programs incentivizing security researchers

Question 74

False Negative vulnerability finding

Answer 74

very serious

Question 75

CVE

Answer 75

common vulnerabilities and exposures

System that provides a standardized way to uniquely identify and
reference known vulnerabilities in software and
hardware

Question 76

EF

Answer 76

exposure factor
A quantifiable metric to estimate the percentage of asset damage

Question 77

Risk Tolerance

Answer 77

The level of risk an organization is willing to accept

Question 78

Exception

Answer 78

Temporarily relaxing or bypassing security controls or policies for operational business needs, with an understanding of associated risks

Question 79

Exemption

Answer 79

A permanent waiver of security controls or policies due to specific
reasons, often for legacy systems

Question 80

Remediation

Answer 80

Involve installing patches, reconfiguring devices, or other actions

Question 81

Auditing

Answer 81

Involves systematic review of logs, configurations, and patches

Question 82

Configuration auditing

Answer 82

Checks for misconfigurations or deviations

Question 83

Verification

Answer 83

Final step in validating remediation

Question 84

User verification

Answer 84

Ensures applications and services are functioning correctly

Question 85

Vulnerability reporting

Answer 85

Process of documenting and communicating security weaknesses in software or
systems to individuals and organizations responsible for addressing the issues

Question 86

Responsible disclosure

Answer 86

Ethical and judicious disclosure to affected stakeholders before public
announcement

Question 87

Log aggregation

Answer 87

Collects and consolidates log data from various sources into a central
location

Question 88

Alerting

Answer 88

Involves setting up notifications for specific events or conditions

Question 89

Scanning

Answer 89

Regularly examines systems, networks, or applications to identify
vulnerabilities, misconfigurations, and issues

Question 90

Archiving

Answer 90

Involves long-term storage of data, including
○ Log data
○ Performance data
○ Incident data

Question 91

Quarantining

Answer 91

Isolates a system, network, or application suspected of being compromised

Question 92

Alert Tuning

Answer 92

Adjusts alert parameters to reduce errors, false positives, and improve alert
relevance

Question 93

SNMP

Answer 93

Simple Network Management Protocol

An Internet protocol used for collecting information from managed devices on IP
networks and modifying device behavior
■ Managed devices include the following
● Routers
● Switches
● Firewalls
● Printers
● Servers
● Client devices

Question 94

SNMP Manager

Answer 94

A central system that collects and processes information from managed devices
Often set up as a server, especially in large enterprise environments

Question 95

SNMP Agents

Answer 95

Networked devices that send information about themselves to the manager

Question 96

SNMP SET

Answer 96

Manager-to-agent request to change variable values

Question 97

SNMP GET

Answer 97

Manager-to-agent request to retrieve variable values

Question 98

SNMP TRAP

Answer 98

Asynchronous notifications from agents to the manager to notify
significant events

Question 99

OID

Answer 99

object identifier for SNMP messages

Question 100

MIB

Answer 100

The manual or database that details what each sensor or control unit can report or control (like temperature readings, light levels, camera status).

Question 101

SIEM

Answer 101

Security Information and Event Management)

A solution for real-time or near-real-time analysis of security alerts generated by
network hardware and application

Question 102

Agent based SIEM

Answer 102

Software agents are installed on each system to collect and send log data

Question 103

Agentless SIEM

Answer 103

Log data is collected directly from systems using standard protocol

Reduces maintenance but may not collect real-time or detailed data

Question 104

ELK

Answer 104

elastic stack

A collection of free and open-source SIEM tools, including the following
○ Elasticsearch
○ Logstash
○ Kibana

Question 105

Arcsight

Answer 105

siem tool

Question 106

QRadar

Answer 106

SIEM

Question 107

Antivirus Software

Answer 107

Protects systems against malware, including the following
● Viruses
● Worms
● Trojans
● Ransomware
● Spyware

Generates data like malware detection logs, system scans, and updates
■ Data sent to SIEM for aggregation and correlation
■ Helps identify security threats and system health

Question 108

DLP System

Answer 108

data loss prevention system sends info to SIEM

Question 109

NIDS and NIPS

Answer 109

send info to SIEM

Question 110

SCAP

Answer 110

security content automation protocol

Suite of open standards that enhances the automation of vulnerability
management, measurement, and policy compliance evaluation of systems
deployed in an organization

helps with automating scanning for example

Question 111

OVAL

Answer 111

open vulnerability and assessment language

XML schema for describing system security states and querying
vulnerability reports

has to do with SCAP

Question 112

XCCDF

Answer 112

Extensible Configuration Checklist Description Format)
● XML schema for developing and auditing best-practice configuration
checklists and rules
● Allows improved automation

has to do with SCAP

Question 113

ARF

Answer 113

asset reporting format

XML schema for expressing information about assets and their
relationships
● Vendor and technology neutral
● Flexible
● Suited for a wide variety of reporting application

has to do with SCAP

Question 114

CCE

Answer 114

common configuration enumeration

Scheme for provisioning secure configuration checks across multiple
sources
● Provides unique identifiers for different system configuration issue

Books (Configuration Elements): Each book represents a specific configuration setting or issue in an IT environment.
Library Catalog (CCE): The library catalog provides a standardized format (CCE) for identifying and categorizing books (configuration elements) based on their subject, author, or genre.
Unique Identifier (CCE-ID): Each book is assigned a unique catalog number (CCE-ID) for easy reference and retrieva

Question 115

CPE

Answer 115

common platform enumeration

Identifies hardware devices, operating systems, and applications

Question 116

CVSS

Answer 116

common vulnerability scoring system

Used to provide a numerical score reflecting the severity of a vulnerability (0 to
10

Question 117

SCAP Benchmarks

Answer 117

Sets of security configuration rules for specific products to establish
security baselines
● Provide a detailed checklist that can be used to secure systems to a
specific baseline

Question 118

FPC

Answer 118

full packet capture for network analysis

Question 119

Flow analysis

Answer 119

Focuses on recording metadata and statistics about network traffic, saving
storage space
■ Doesn’t include the actual content, just the metadata
■ Rapidly generates visualizations to map network connections, traffic types and
session volumes

Question 120

Flow Collector

Answer 120

Records metadata and statistics about network traffic

Collects information about the following
● Type of traffic
● Protocol used
● Data volume

Question 121

NEtflow

Answer 121

Cisco-developed protocol for reporting network flow information
also known as IPFIX

Question 122

Zeke

Answer 122

Hybrid tool for network monitoring

Monitors traffic like NetFlow but logs full packet captures based on interest

Question 123

MRTG

Answer 123

multi router traffic grapher

Creates graphs displaying network traffic flows through routers and switches

Question 124

SPOG

Answer 124

dingle pane of glass

Question 125

Disk Imaging and Analysis

Answer 125

Creating a bit-by-bit copy (image) of a storage device, examining content

Question 126

Incident

Answer 126

An act violating a security policy

Question 127

Phases of Incident Response

Answer 127

7 phases
prep
detect
analyze
contain
eradicate
recover
post incident activity

Question 128

Incident response team

Answer 128

The core team includes cybersecurity professionals with incident response
experience

Question 129

RCA

Answer 129

root cause analyiss

Question 130

TTX

Answer 130

tabletop exervise
discussion abased
lacks hands on activity

Question 131

simulation

Answer 131

Goes beyond tabletop discussions, involving realistic, hands-on scenarios

Question 132

Digital Forensics

Answer 132

Systematic process of investigating and analyzing digital devices and data to
uncover evidence for legal purposes

Question 133

Chain of Custody

Answer 133

Documented and verifiable record that tracks the handling,
transfer, and preservation of digital evidence from the moment it
is collected until it is presented in a court of law

Question 134

File Carving

Answer 134

Focuses on extracting files and data fragments from
storage media without relying on the file system

Question 135

Legal Hold

Answer 135

Issued when litigation is expected and preserves potentially relevant
electronic data
● Ensures evidence is not tampered with, deleted, or lost

Question 136

E Discovery

Answer 136

Process of identifying, collecting, and presenting electronically stored
information for potential legal proceedings

Question 137

Order of Volatility

Answer 137

Guides the sequence of collecting data, from most volatile (CPU registers and
cache) to least volatile (archival media)

Question 138

Log Files

Answer 138

Records events and messages in operating systems, software, and network
devices

Question 139

JournalCTL

Answer 139

Linux command-line utility for querying and displaying logs from the Journal
Daemon (SystemD’s logging service

Question 140

NXLog

Answer 140

Multi-platform, open-source log management tool
Identifies security risks and analyzes logs from server, OS, and applications

Question 141

Netflow

Answer 141

Network protocol for collecting active IP network traffic data
■ Provides information on source, destination, volume, and paths

Question 142

SFlow

Answer 142

Open-source alternative to NetFlow

Question 143

MEtadata

Answer 143

data that describes other data

Question 144

Dashboards

Answer 144

Graphical displays of information across multiple systems

Question 145

Splunk

Answer 145

A big data platform for ingesting various types of data, including security and
incident response data
■ Collects data from firewalls, applications, endpoints, operating systems, intrusion
detection systems, intrusion prevention systems, antivirus software, and
networks

Question 146

Automated reports

Answer 146

Generated by computer systems to provide information about various aspects of
a network’s security

Question 147

MD5/SHA Checksum

Answer 147

Serves as unique digital fingerprint for file identification, including potential
malware

Question 148

SOAR

Answer 148

Security Orchestration, Automation, and Response

Class of security tools for incident response, threat hunting, and security
configurations
■ Purpose
● Orchestrate and automate runbooks, deliver data enrichment

Integrating SIEM and SOAR for advanced security capabilities

Question 149

runbook

Answer 149

Automated version of a playbook with defined interaction points for human
analysis

Question 150

CI

Answer 150

continuous integration
developers merge code changes into a central repository

Question 151

Release

Answer 151

Process of finalizing and preparing new software or updates
Enabling software installation and usage

Question 152

Deployment

Answer 152

Involves automated process of software releases to users

Question 153

CI/CD

Answer 153

continuous integration and elivery

stops short of deploying to production

Question 154

Continuous deployment

Answer 154

Takes CI/CD further by automatically deploying code changes to testing
and production environments

Question 155

API

Answer 155

Set of rules and protocols used for building and integrating application software

Question 156

REST

Answer 156

(Representational State Transfer)
○ REST uses standard HTTP methods, status codes, URIs, and MIME
types for interactions
○ Primarily uses JSON for data transfer

Question 157

SOAP

Answer 157

(Simple Object Access Protocol)
○ SOAP has a structured message format in XML
○ Known for robustness, additional security features, and
transaction compliance
○ Suitable for enterprise-level web services with complex
transactions and regulatory compliance requirements

Question 158

CURL

Answer 158

API testing tool

A tool for transferring data to or from a server using various supported
protocols