Acronyms 3 Flashcards

1
Q

Group Policy

A

A set of rules and policies that can be applied to users or computer accounts
within an operating system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security Templates

A

A group of policies that can be loaded through one procedure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Security Template

A

A group of policies that can be loaded through the Group Policy Editor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

GPO

A

group policy objective
Used to harden the operating system and establish secure baselines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Baselining

A

A process of measuring changes in the network, hardware, or software
environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

SELinux

A

security enhanced linux enforces MAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Context based permissions

A

Permission schemes that consider various properties to determine
whether to grant or deny access to a use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SELinux user context

A

defines which users can access an onject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SELinux role context

A

determines which roles can access an object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Type context selinux

A

Essential for fine-grained access control, grouping objects with similar
security characteristics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

selinux Optional level context

A

Describes the sensitivity level of a file, directory, or process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SELinux Modes

A

disabled, permissive enforcing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

SELinux Policy

A

Describes access permissions for users, programs, processes, files, and
devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Targeted SELinux policies

A

Only specific processes are confined to a domain, while others run
unconfined

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SELinux Strict Policies

A

Every subject and object operates under MAC, but it’s more
complex to set up

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Data Encryption

A

Process of converting data into a secret code to prevent unauthorized access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Vercrypt

A

Tool that selectively encrypts partitions, like sensitive documents,
while leaving the OS partition unencryptedG

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

GNU Privacy Guard

A

A tool that provides cryptographic privacy and authentication for
data communication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Wireless Infrastructure Security

A

Crucial for securing wireless networks in organizations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Secure Baseline

A

Standard set of security configurations and controls applied to systems,
networks, or applications to ensure a minimum level of security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Wireless Access Point Placemant

A

WAPs allow wireless devices to connect to a wired network using Wi-Fi standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

ESS

A

Extended service set
multiple WAPS work together to provide seamless network coverage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Wireless Access Point Interference

A

Interference occurs when multiple WAPs use the same channels or overlapping
frequencies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Site Surveys

A

Essential for planning and designing wireless networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Heat maps

A

Graphical representations of
○ Wireless coverage
○ Signal strength
○ Frequency utilization
● Useful for troubleshooting
○ Coverage issues
○ Dead zones
○ Signal leakage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

WEP

A

(Wired Equivalent Privacy)
Utilizes a static encryption key system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

WPA

A

Wi-Fi Protected Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

WPA3

A

■ The latest and most secure wireless security protocol.
■ Uses AES for encryption and introduces new features.
■ Features
● Simultaneous Authentication of Equals (SAE)
○ Replaces the 4-way handshake with a Diffie-Hellman key
agreement
○ Protects against offline dictionary attacks
● Enhanced Open (Opportunistic Wireless Encryption)
○ Provides individualized data encryption even in open networks
○ Improves privacy and security in open Wi-Fi scenarios
● Updated Cryptographic Protocols
○ AES GCMP replaces AES CCMP used in WPA2
○ Supports both 128-bit and 192-bit AES for enhanced security
● Management Frame Protection
○ Ensures the integrity of network management traffic
○ Prevents eavesdropping, forging, and tampering with
management frames

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

SAE

A

Simultaneous Authentication of Equals

Replaces the 4-way handshake with a Diffie-Hellman key
agreement
○ Protects against offline dictionary attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Enhanced Open

A

Opportunistic Wireless Encryption
provides encryption even in open networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Management Frame protection

A

Ensures the integrity of network management traffic

Prevents eavesdropping, forging, and tampering with
management frame

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

AAA protocols

A

Important for centralized user authentication and access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

SAST

A

static code analysis
A method of debugging an application by reviewing and examining its
source code before running the program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

DAST

A

dynamic code analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

DAST Fuzzing

A

inputs random data to provoke crashes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Stress testing DAST

A

Evaluates system stability and reliability under extreme
conditions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Code signing

A

Confirms the software author’s identity and integritySan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Sandboxing

A

Isolates running programs, limiting their access to resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

NAC

A

network access control

Used to protect networks from both known and unknown devices by scanning
devices to assess their security status before granting network access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

NAC persistent agents

A

installed on devices in a corporate environment where the org controls and owns the device software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

NAC non persistent agents

A

Common in environments with personal devices (e.g., college campuses);
users connect, access a web-based captive portal, download an agent for scanning and delete itself after insepction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Web filtering

A

Web filtering or content filtering is used to control or restrict the content users
can access on the internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Agent based web filtering

A

nvolves installing an agent on each device
● Monitors and enforces web usage policies
● Effective for remote and mobile worker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Centralized proxy

A

Uses a proxy server as an intermediary between an organization’s end
users and the Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

URL Scanning

A

Analyzes website URLs to check for matches in a database of known
malicious websites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Content Categorization

A

Classifies websites into categories (e.g., social media, adult content) and
blocks or allows categories based on policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Block rules

A

Specific guidelines set by organizations to prevent access to certain
websites or categories, often used to address security threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Reputation based filtering

A

Blocks or allows websites based on a reputation score determined by
third-party services, considering factors like hosting malware or phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

DNS filtering

A

DNS filtering (Domain Name System filtering) blocks access to specific websites
by preventing the translation of domain names to their IP addresse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Email Security

A

Encompasses techniques and protocols to protect email content, accounts, and
infrastructure from unauthorized access, loss, or compromise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

DKIM

A

domainkeys identified mail

Allows the receiver to verify the source and integrity of an email by
adding a digital signature to the email headers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

SPF

A

sender policy framework

Prevents sender address forgery by verifying the sender’s IP against
authorized IPs listed in the sender’s domain DNS records

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

DMARC

A

Domain-based Message Authentication, Reporting and Conformance)
● DMARC detects and prevents email spoofing by setting policies for email
sending and handling failures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Email gateway protocol configuration

A

Email gateways serve as entry and exit points for emails, facilitating
secure and efficient email transmission
● They use SMTP (Simple Mail Transfer Protocol) to send and receive emails
● Email gateways handle email routing, email security, policy enforcement,
and email encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Spam filtering

A

Spam filtering detects and prevents unwanted and unsolicited emails from
reaching users’ inboxes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

EDR

A

endpoint detection and response

Category of security tools that monitor endpoint and network events and record
the information in a central database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

FIM

A

file integrity monitoring
validates the integrity of operating system and application software files by
comparing their current state with a known, good baseline

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

XDR

A

extended detection and response

Security strategy that integrates multiple protection technologies into a single
platform

■ EDR is focused on the endpoints to detect and respond to potential threats
■ XDR is more comprehensive solution because it focuses on endpoints, but also
on networks, cloud, and email to detect and respond to potential threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

UBA

A

user behavior analytics

Advanced cybersecurity strategy that uses big data and machine learning to
analyze user behaviors for detecting security threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

UEBA

A

user behavior and entity behavior analytics

Technology similar to UBA but extends the monitoring of entities like routers,
servers, and endpoints in addition to user accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Secure protocols

A

■ Choose secure protocols to protect data in transit from unauthorized access
● Examples include HTTP vs. HTTPS, FTP vs. SFTP, Telnet vs. SSH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Telnet

A

app layer protocol that allows a user to log in from one computer to another on the same network, uses plaintext, use ssh instead

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Well known ports

A

0-1023

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

REgistered ports

A

1024-49151

65
Q

TCP

A

transmission control protocol Connection-oriented, ensuring data delivery without errors

66
Q

UDP

A

user datagram protocol
Connectionless and faster, but doesn’t guarantee data delivery

Suitable for applications prioritizing speed over accuracy, like streaming
video or gaming

67
Q

Vulnerability Scanning

A

Automated probing of systems, networks, and applications to discover
potential vulnerabilities

68
Q

Threat intelligence feeds

A

■ Provide valuable information about potential or current threats to an
organization’s security
■ Continuous streams of data related to potential or current threats
■ Collected, analyzed, and disseminated by security researchers, organizations, or
automated tools

69
Q

Threat intelligence

A

Continuous process to comprehend the specific threats an organization
faces

70
Q

OSINT

A

open source intelligence

Collected from publicly available sources like reports, forums, news
articles, blogs, and social media

71
Q

Dark web

A

A hidden part of the internet inaccessible through standard browsers

72
Q

Responsible disclosure

A

Ethical practice for disclosing vulnerabilities in software, hardware, or onlines ervices

73
Q

Bug bounty programs

A

Robust responsible disclosure programs incentivizing security researchers

74
Q

False Negative vulnerability finding

A

very serious

75
Q

CVE

A

common vulnerabilities and exposures

System that provides a standardized way to uniquely identify and
reference known vulnerabilities in software and
hardware

76
Q

EF

A

exposure factor
A quantifiable metric to estimate the percentage of asset damage

77
Q

Risk Tolerance

A

The level of risk an organization is willing to accept

78
Q

Exception

A

Temporarily relaxing or bypassing security controls or policies for operational business needs, with an understanding of associated risks

79
Q

Exemption

A

A permanent waiver of security controls or policies due to specific
reasons, often for legacy systems

80
Q

Remediation

A

Involve installing patches, reconfiguring devices, or other actions

81
Q

Auditing

A

Involves systematic review of logs, configurations, and patches

82
Q

Configuration auditing

A

Checks for misconfigurations or deviations

83
Q

Verification

A

Final step in validating remediation

84
Q

User verification

A

Ensures applications and services are functioning correctly

85
Q

Vulnerability reporting

A

Process of documenting and communicating security weaknesses in software or
systems to individuals and organizations responsible for addressing the issues

86
Q

Responsible disclosure

A

Ethical and judicious disclosure to affected stakeholders before public
announcement

87
Q

Log aggregation

A

Collects and consolidates log data from various sources into a central
location

88
Q

Alerting

A

Involves setting up notifications for specific events or conditions

89
Q

Scanning

A

Regularly examines systems, networks, or applications to identify
vulnerabilities, misconfigurations, and issues

90
Q

Archiving

A

Involves long-term storage of data, including
○ Log data
○ Performance data
○ Incident data

91
Q

Quarantining

A

Isolates a system, network, or application suspected of being compromised

92
Q

Alert Tuning

A

Adjusts alert parameters to reduce errors, false positives, and improve alert
relevance

93
Q

SNMP

A

Simple Network Management Protocol

An Internet protocol used for collecting information from managed devices on IP
networks and modifying device behavior
■ Managed devices include the following
● Routers
● Switches
● Firewalls
● Printers
● Servers
● Client devices

94
Q

SNMP Manager

A

A central system that collects and processes information from managed devices
Often set up as a server, especially in large enterprise environments

95
Q

SNMP Agents

A

Networked devices that send information about themselves to the manager

96
Q

SNMP SET

A

Manager-to-agent request to change variable values

97
Q

SNMP GET

A

Manager-to-agent request to retrieve variable values

98
Q

SNMP TRAP

A

Asynchronous notifications from agents to the manager to notify
significant events

99
Q

OID

A

object identifier for SNMP messages

100
Q

MIB

A

The manual or database that details what each sensor or control unit can report or control (like temperature readings, light levels, camera status).

101
Q

SIEM

A

Security Information and Event Management)

A solution for real-time or near-real-time analysis of security alerts generated by
network hardware and application

102
Q

Agent based SIEM

A

Software agents are installed on each system to collect and send log data

103
Q

Agentless SIEM

A

Log data is collected directly from systems using standard protocol

Reduces maintenance but may not collect real-time or detailed data

104
Q

ELK

A

elastic stack

A collection of free and open-source SIEM tools, including the following
○ Elasticsearch
○ Logstash
○ Kibana

105
Q

Arcsight

A

siem tool

106
Q

QRadar

A

SIEM

107
Q

Antivirus Software

A

Protects systems against malware, including the following
● Viruses
● Worms
● Trojans
● Ransomware
● Spyware

Generates data like malware detection logs, system scans, and updates
■ Data sent to SIEM for aggregation and correlation
■ Helps identify security threats and system health

108
Q

DLP System

A

data loss prevention system sends info to SIEM

109
Q

NIDS and NIPS

A

send info to SIEM

110
Q

SCAP

A

security content automation protocol

Suite of open standards that enhances the automation of vulnerability
management, measurement, and policy compliance evaluation of systems
deployed in an organization

helps with automating scanning for example

111
Q

OVAL

A

open vulnerability and assessment language

XML schema for describing system security states and querying
vulnerability reports

has to do with SCAP

112
Q

XCCDF

A

Extensible Configuration Checklist Description Format)
● XML schema for developing and auditing best-practice configuration
checklists and rules
● Allows improved automation

has to do with SCAP

113
Q

ARF

A

asset reporting format

XML schema for expressing information about assets and their
relationships
● Vendor and technology neutral
● Flexible
● Suited for a wide variety of reporting application

has to do with SCAP

114
Q

CCE

A

common configuration enumeration

Scheme for provisioning secure configuration checks across multiple
sources
● Provides unique identifiers for different system configuration issue

Books (Configuration Elements): Each book represents a specific configuration setting or issue in an IT environment.
Library Catalog (CCE): The library catalog provides a standardized format (CCE) for identifying and categorizing books (configuration elements) based on their subject, author, or genre.
Unique Identifier (CCE-ID): Each book is assigned a unique catalog number (CCE-ID) for easy reference and retrieva

115
Q

CPE

A

common platform enumeration

Identifies hardware devices, operating systems, and applications

116
Q

CVSS

A

common vulnerability scoring system

Used to provide a numerical score reflecting the severity of a vulnerability (0 to
10

117
Q

SCAP Benchmarks

A

Sets of security configuration rules for specific products to establish
security baselines
● Provide a detailed checklist that can be used to secure systems to a
specific baseline

118
Q

FPC

A

full packet capture for network analysis

119
Q

Flow analysis

A

Focuses on recording metadata and statistics about network traffic, saving
storage space
■ Doesn’t include the actual content, just the metadata
■ Rapidly generates visualizations to map network connections, traffic types and
session volumes

120
Q

Flow Collector

A

Records metadata and statistics about network traffic

Collects information about the following
● Type of traffic
● Protocol used
● Data volume

121
Q

NEtflow

A

Cisco-developed protocol for reporting network flow information
also known as IPFIX

122
Q

Zeke

A

Hybrid tool for network monitoring

Monitors traffic like NetFlow but logs full packet captures based on interest

123
Q

MRTG

A

multi router traffic grapher

Creates graphs displaying network traffic flows through routers and switches

124
Q

SPOG

A

dingle pane of glass

125
Q

Disk Imaging and Analysis

A

Creating a bit-by-bit copy (image) of a storage device, examining content

126
Q

Incident

A

An act violating a security policy

127
Q

Phases of Incident Response

A

7 phases
prep
detect
analyze
contain
eradicate
recover
post incident activity

128
Q

Incident response team

A

The core team includes cybersecurity professionals with incident response
experience

129
Q

RCA

A

root cause analyiss

130
Q

TTX

A

tabletop exervise
discussion abased
lacks hands on activity

131
Q

simulation

A

Goes beyond tabletop discussions, involving realistic, hands-on scenarios

132
Q

Digital Forensics

A

Systematic process of investigating and analyzing digital devices and data to
uncover evidence for legal purposes

133
Q

Chain of Custody

A

Documented and verifiable record that tracks the handling,
transfer, and preservation of digital evidence from the moment it
is collected until it is presented in a court of law

134
Q

File Carving

A

Focuses on extracting files and data fragments from
storage media without relying on the file system

135
Q

Legal Hold

A

Issued when litigation is expected and preserves potentially relevant
electronic data
● Ensures evidence is not tampered with, deleted, or lost

136
Q

E Discovery

A

Process of identifying, collecting, and presenting electronically stored
information for potential legal proceedings

137
Q

Order of Volatility

A

Guides the sequence of collecting data, from most volatile (CPU registers and
cache) to least volatile (archival media)

138
Q

Log Files

A

Records events and messages in operating systems, software, and network
devices

139
Q

JournalCTL

A

Linux command-line utility for querying and displaying logs from the Journal
Daemon (SystemD’s logging service

140
Q

NXLog

A

Multi-platform, open-source log management tool
Identifies security risks and analyzes logs from server, OS, and applications

141
Q

Netflow

A

Network protocol for collecting active IP network traffic data
■ Provides information on source, destination, volume, and paths

142
Q

SFlow

A

Open-source alternative to NetFlow

143
Q

MEtadata

A

data that describes other data

144
Q

Dashboards

A

Graphical displays of information across multiple systems

145
Q

Splunk

A

A big data platform for ingesting various types of data, including security and
incident response data
■ Collects data from firewalls, applications, endpoints, operating systems, intrusion
detection systems, intrusion prevention systems, antivirus software, and
networks

146
Q

Automated reports

A

Generated by computer systems to provide information about various aspects of
a network’s security

147
Q

MD5/SHA Checksum

A

Serves as unique digital fingerprint for file identification, including potential
malware

148
Q

SOAR

A

Security Orchestration, Automation, and Response

Class of security tools for incident response, threat hunting, and security
configurations
■ Purpose
● Orchestrate and automate runbooks, deliver data enrichment

Integrating SIEM and SOAR for advanced security capabilities

149
Q

runbook

A

Automated version of a playbook with defined interaction points for human
analysis

150
Q

CI

A

continuous integration
developers merge code changes into a central repository

151
Q

Release

A

Process of finalizing and preparing new software or updates
Enabling software installation and usage

152
Q

Deployment

A

Involves automated process of software releases to users

153
Q

CI/CD

A

continuous integration and elivery

stops short of deploying to production

154
Q

Continuous deployment

A

Takes CI/CD further by automatically deploying code changes to testing
and production environments

155
Q

API

A

Set of rules and protocols used for building and integrating application software

156
Q

REST

A

(Representational State Transfer)
○ REST uses standard HTTP methods, status codes, URIs, and MIME
types for interactions
○ Primarily uses JSON for data transfer

157
Q

SOAP

A

(Simple Object Access Protocol)
○ SOAP has a structured message format in XML
○ Known for robustness, additional security features, and
transaction compliance
○ Suitable for enterprise-level web services with complex
transactions and regulatory compliance requirements

158
Q

CURL

A

API testing tool

A tool for transferring data to or from a server using various supported
protocols

159
Q
A