Acronyms & Terms

Question 1

CRL

Answer 1

Certificate Revocation List

Question 2

RTO

Answer 2

Recovery Time Objective

Question 3

PBKDF2

Answer 3

Password-Based Key Derivation Function 2 Key stretching algorithm (combines password with a random value, AKA a salt, and hashes them to create much longer keys.) Another algorithm is Bcrypt.

Question 4

WIPS

Answer 4

Wireless Intrusion Prevention System

Question 5

ESB

Answer 5

Enterprise Service Bus

Implements a communication system between mutually interacting software applications in a service-oriented architecture.

Question 6

BIA

Answer 6

Business Impact Analysis

Question 7

UDDI

Answer 7

Universal Description Discovery and Integration

A platform-dependent, XML Protocol that includes a (XML-based) registry by which businesses worldwide can list themselves on the Internet, and a mechanism to register and locate web service applications.

Question 8

RTP

Answer 8

Real-time Transport Protocol

A network protocol for delivering audio and video over IP networks.

Question 9

QLAN

Answer 9

Audio over IP networking technology component of the Q-Sys audio signal processing platform from QSC Audio Products.

Question 10

SLA

Answer 10

Service Level Agreement

Commitment between a service provider and client.

Question 11

Diameter

Answer 11

AAA protocol proceeding RADIUS. Application layer.

Question 12

LEAP

Answer 12

Lightweight Extensible Authentication Protocol

A proprietary wireless LAN authentication method developed by Cisco.

Question 13

DAM

Answer 13

Database Activity Monitor

Tool to monitor, capture and record database events in near-real time and provide alerts about policy violations.

Question 14

COBO

Answer 14

Company-Owned Business Only

Question 15

SCEP

Answer 15

Simple Certificate Enrollment Protocol The protocol is designed to make the issuing of digital certificates as scalable as possible. The idea is that any standard network user should be able to request their digital certificate electronically and as simply as possible. These processes have usually required intensive input from network administrators, and so have not been suited to large scale deployments.

Question 16

RAD

Answer 16

Rapid Application Development

Question 17

DSA

Answer 17

Digital Signature Algorithm

A FIPS for digital signatures, based on the mathematical concept of modular exponentiations and the discrete logarithm problem.

Question 18

OTP

Answer 18

One-Time Password

Question 19

IA

Answer 19

Interoperability Agreement

Question 20

Jitter

Answer 20

The variations in transmission latency that can cause packet loss and degraded VoIP call quality.

Question 21

LUN Masking

Answer 21

Authorization process that makes Logical Unit Numbers available to some hosts and unavailable to others. Implemented primarily at the HBA level.

Question 22

FRR

Answer 22

False Rejection Rate

The probability of type 1 errors (false positive) in biometrics.

Question 23

VDI

Answer 23

Virtual Desktop Infrastructure

The process of running a user desktop inside a virtual machine that lives on a server in the datacenter.

Question 24

ICS

Answer 24

Industrial Control System

Question 25

CAN

Answer 25

Controller Area Network A robust vehicle bus standard designed to allow microcontrollers and devices to communicate with each other in applications without a host computer.

Question 26

CYOD

Answer 26

Choose Your Own Device

Question 27

PIP

Answer 27

Policy Information Point

Question 28

ISO 27001

Answer 28

Specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical, and technical controls involved in an organization’s information risk management process. Includes best practices for information security management.

Question 29

Sandboxing

Answer 29

Limits the environment in which certain code can execute. Goal is to improve security by isolating an application from: - Outside malware - Intruders - System resources - Other applications

Question 30

BPA

Answer 30

Business Partnership Agreement

Question 31

PTZ

Answer 31

Pan-Tilt-Zoom A camera that is capable of remote directional and zoom control.

Question 32

NTLM

Answer 32

New Technology LANMAN

Question 33

APT

Answer 33

Advanced Persistent Threat A stealthy computer network attack in which a person or group gains unauthorized access to a network and remains undetected for an extended period of time.

Question 34

RFC

Answer 34

Request For Change Document used for the request/creation of new requirements.

Question 35

Compensating Control

Answer 35

Also called an **alternative control**, is a mechanism that is put in place to satisfy the requirement for a security measure that is deemed too difficult or impractical to implement at the present time.

Question 36

VLAN Hopping

Answer 36

An attack. Attacker tries to send or access data that belongs to other VLANs.

Question 37

SDLM

Answer 37

Software Development Lifecycle Methodology Or SDM?

Question 38

REST

Answer 38

Representational State Transfer - A format for HTTP. - Simple way to organize interactions between independent systems. - REST allows you to interact with minimal overhead with clients as diverse as mobile phones and other websites.

Question 39

RFP

Answer 39

Request For Proposal Identifies the requirements for security.

Question 40

Data Deduplication

Answer 40

The process of removing redundant data to improve enterprise storage utilization.

Question 41

RA (2)

Answer 41

Request Authority Recovery Agent

Question 42

SONET

Answer 42

Synchronous Optical Network Technologies (Fibre)

Question 43

FCoE

Answer 43

Fibre Channel over Ethernet -encapsulates fibre frames over Ethernet. -Allows up to 10Gbps.

Question 44

SOE

Answer 44

Standard Operating Environment

Question 45

PBX

Answer 45

Private Branch Exchange A telephone exchange or telephone switching system that is installed at, and serves, a private organization a large number of internal devices.

Question 46

EDR

Answer 46

**Endpoint detection and response** (EDR) platforms are a category of endpoint security tools, built to provide endpoint visibility, and are used to detect and respond to cyber threats and exploits.

Question 47

IDF

Answer 47

Intermediate Distribution Frame A central office or customer premises, which cross-connects the user cable media to individual line circuits and may serve as a distribution point for multipair cables from the Main Distribution Frame (MDF) or Combined Distribution Frame (CDF) to individual cables connected to equipment in areas remote from these frames.

Question 48

vSCAN

Answer 48

Vulnerability scanner using nmap and NSR.

Question 49

SP

Answer 49

Service Provider

Question 50

WWN

Answer 50

World Wide Name

Question 51

TACACS

Answer 51

Terminal Access Controller Access-Control System -Developed by Cisco. -XTACACS = Extended (extension) -TACACS+ = Newer yet separate protocol from TACACS

Question 52

EAL levels

Answer 52

Evaluation Assurance Level 1. Functionally tested 2. Structurally tested 3. Methodically tested and checked 4. Methodically designed, tested and reviewed 5. Semi-formally designed and tested 6. Semi-formally verified design and tested 7. Formally verified design and tested

Question 53

ITSEC

Answer 53

Information Technology Security Evaluation Criteria For evaluating computer security within products and systems. Region: **Europe**

Question 54

PCI-DSS

Answer 54

Payment Card Industry Data Security Standard An information security standard for organizations that handle branded credit cards from the major card schemes.

Question 55

SIEM

Answer 55

Security Information and Event Management An approach to security management that combines SIM (Security Information Management) and SEM (Security Event Management) functions into one security management system.

Question 56

IV

Answer 56

Initialization Vector A fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom.

Question 57

MDF

Answer 57

Main Distribution Frame A signal distribution frame for connecting equipment (inside plant) to cables and subscriber carrier equipment (outside plant).

Question 58

ESA

Answer 58

Enterprise Security Architecture

Question 59

PEAP

Answer 59

Protected Extensible Authentication Protocol

Question 60

IAX

Answer 60

Inter-Asterisk eXchange Communications protocol native to the Asterisk private branch exchange (PBX) software.

Question 61

ASLR

Answer 61

**Address Space Layout Randomization** (ASLR) is a computer security technique involved in preventing exploitation of memory corruption vulnerabilities. In order to prevent an attacker from reliably jumping to, for example, a particular exploited function in memory, ASLR randomly arranges the address space positions of key data areas of a process, including the base of the executable and the positions of the stack, heap and libraries.

Question 62

SIP

Answer 62

Session Initiation Protocol Used mainly with IP telephony.

Question 63

PFS

Answer 63

Perfect Forward Secrecy A feature of specific key agreement protocols that gives assurances your session keys will not be compromised even if the private key of the server is compromised.

Question 64

COPE

Answer 64

Corporate-Owned, Personally-Enabled A business model in which an organization provides its employees with mobile computing devices and allows the employees to use them as if they were personally-owned notebook computers, tablets or smartphones.

Question 65

PAP

Answer 65

Password Authentication Protocol A password-based authentication protocol used by Point to Point Protocol (PPP) to validate users.

Question 66

NAC

Answer 66

Network Access Control Steps taken to ensure that all security standards are met prior to connecting a device to the network.

Question 67

ROI / Formula

Answer 67

Return On Investment. Net profit / Investment

Question 68

OCSP

Answer 68

Online Certificate Status Protocol Used for obtaining the revocation status of an X.509 digital certificate.

Question 69

SRTP

Answer 69

Secure Real-time Transport Protocol

Question 70

INE

Answer 70

Inline Network Encryptor Device/software used to encrypt data prior to transmission or as the data flow is streamed.

Question 71

PDP

Answer 71

Policy Decision Point A component of a policy-based access control system that makes the determination of whether or not to authorize a user’s request, based on available info (attributes) and applicable security policies.

Question 72

FDE

Answer 72

Full Disk Encryption

Question 73

CRM

Answer 73

Customer Relationship Management

Question 74

ISMS

Answer 74

Information Security Management System An information security standard which specifies a management system that is intended to bring information security under management control and gives specific requirements.

Question 75

ISL

Answer 75

Inter-Switch Link (Cisco Protocol) Wraps Ethernet frames with VLAN Information.

Question 76

XACML

Answer 76

eXtensible Access Control Markup Language Standard which defines a declarative fine-grained, attribute-based access control policy language, an architecture, and a processing model describing how to evaluate access requests according to the rules defined in policies.

Question 77

CASB

Answer 77

Cloud Access Security Broker On-premises or cloud based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies.

Question 78

802.1q

Answer 78

AKA Dot1q. Networking standard that supports VLANs on an IEEE 802.3 Ethernet network.

Question 79

SDN

Answer 79

Software Defined Networking An approach to cloud computing that facilitates net management and enables programmatically efficient net configuration in order to improve net performance and monitoring. 3 parts to SDN architecture: Control, Data, and Management Planes. 2 APIs: Northbound connects application layer to control layer. Southbound connects control later to infrastructure layer.

Question 80

SWT

Answer 80

Simple Web Token

Question 81

TSIG

Answer 81

Transaction Signature Interoperability Group

Question 82

Key Escrow

Answer 82

The backup and storage of certificates by a third party.

Question 83

GLBA

Answer 83

Gramm-Leach-Bliley Act aka Financial Services Modernization Act of 1999.

Question 84

ORB

Answer 84

Object Request Broker A middleware which allows program calls to be made from one computer to another via a computer network, providing transparency through remote procedure calls.

Question 85

CISO

Answer 85

Chief Information Security Officer

Question 86

ROT 3 Cipher

Answer 86

Caesar "Rotation" cipher.

Question 87

IC3

Answer 87

Internet Crime Complaint Center (FBI/Internet Crime Center)

Question 88

JSON

Answer 88

JavaScript Object Notation

Question 89

PKCS

Answer 89

Public Key Cryptography Standards Designed and published by RSA Security LLC.

Question 90

TCO

Answer 90

Total Cost of Ownership Goes beyond considering just acquisition costs.

Question 91

WAC

Answer 91

Web Access Control

Question 92

SCP

Answer 92

Secure Copy Protocol (Linux, based on SSH)

Question 93

VNC

Answer 93

Virtual Network Computing A graphical desktop sharing system that uses the Remote Frame Buffer (RFB) Protocol to remotely control another computer.

Question 94

MSS

Answer 94

Managed Security Service Net security services outsourced to a service provider (MSSP).

Question 95

FAR

Answer 95

False Acceptance Rate The probability of type 2 errors (false negative) in biometrics.

Question 96

MDM

Answer 96

Mobile Device Management

Question 97

Bell-LaPadula Model

Answer 97

State machine model used for enforcing access control in government and military applications. A formal state transition system of computer security policy that describes a set of access control rules which use security labels on objects and clearance for subjects. **Confidentiality-based**

Question 98

AJAX

Answer 98

Asynchronous JAVA and XML Technique for creating better, faster and more interactive web applications with the help of XML, HTML, CSS, and Java Script.

Question 99

DSCP

Answer 99

Differentiated Services Code Point aka DiffServ Computer networking architecture that specifies a simple and scalable mechanism for classifying and managing network traffic and providing QoS on modern IP networks.

Question 100

AH

Answer 100

Authentication Header IPSEC protocol which provides a mechanism for authentication only. Provides data integrity, data origin authentication, and an optional replay protection service.

Question 101

eGRC

Answer 101

Electronic Government Regulatory and Compliance

Question 102

KPI

Answer 102

Key Performance Indicator A type of performance measurement. KPIs evaluate the success of an organization or of a particular activity (such as projects, programs, products and other initiatives) in which it engages.

Question 103

OVAL

Answer 103

Open Vulnerability Assessment Language An international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services.

Question 104

PSP

Answer 104

Provisioning Service Point Also called SPML Server or simple “provider”, this software component takes the request from the client, processes it, and returns it with a (SPML) response.

Question 105

SOX

Answer 105

Sarbanes-Oxley Act AKA: Public Company Accounting Reform and Investor Protection Act.

Question 106

WSDL

Answer 106

Web Services Description Language

Question 107

MOU

Answer 107

Memo of Understanding Agreement between two (bilateral) or more (multilateral) parties. Specifies the **maximum amount of outage time**.

Question 108

NOS

Answer 108

Network Operating System

Question 109

ERP

Answer 109

**Enterprise resource planning** (ERP) is the integrated management of core business processes, often in real-time and mediated by software and technology.

Question 110

WIDS

Answer 110

Wireless Intrusion Detection System

Question 111

KRI

Answer 111

Key Risk Indicator A measure used in management to indicate how risky an activity is. Key risk indicators are metrics used by organizations to provide an early signal of increasing risk exposures in various areas of the enterprise.

Question 112

SOA (2)

Answer 112

Start of Authority Service-Oriented Architecture

Question 113

SAS70

Answer 113

Statement on Auditing Standards No. 70 An authoritative auditing standard developed by the American Institute of Certified Public Accounts (AICPA).

Question 114

DOM

Answer 114

Document Object Model A cross-platform and language-independent API that treats an HTML, XHTML, or XML document as a tree structure wherein each node is an object representing a part of the document.

Question 115

SDL

Answer 115

Security Development Lifecycle A software development process used and proposed by Microsoft to reduce software maintenance costs and increase reliability of software concerning software security related bugs.

Question 116

WAF

Answer 116

Web Application Firewall

Question 117

SOAP

Answer 117

Simple Object Access Protocol A messaging protocol specification for exchanging structured information in the implementation of web services in computer networks.

Question 118

HSM

Answer 118

Hardware Security Module A physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing.

Question 119

LUN (2)

Answer 119

Logical Unit Number Link Uninhibit (SS7)

Question 120

SPIT

Answer 120

Spam over Internet Telephony

Question 121

TKIP

Answer 121

Temporal Key Integrity Protocol

Question 122

Biba Model

Answer 122

A formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Uses the following: “This property states that an object at one level of integrity is not permitted to write to an object of higher integrity.”

Question 123

JWT

Answer 123

JSON Web Token

Question 124

DLP

Answer 124

Data Loss Prevention A strategy for making sure that end users do not send sensitive or critical information outside the corporate network.

Question 125

ECC

Answer 125

Elliptical Curve Cryptography

Question 126

TOS

Answer 126

Type of Service

Question 127

SIP

Answer 127

Session Initiation Protocol A signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications.

Question 128

SRTM

Answer 128

Software Requirements Traceability Matrix A grid that allows documentation and easy viewing of what is required for a system’s security. Necessary for technical projects that call for security to be included.

Question 129

NDP

Answer 129

Neighbor Discovery Protocol Protol that replaced ARP in IPv6.

Question 130

MTD

Answer 130

Maximum Tolerable Downtime

Question 131

DEP

Answer 131

Data Execution Prevention A Windows security feature that monitors programs to ensure they use system memory safely and closes them when they don’t. This guards against security threats attempting to execute code from system memory.

Question 132

SOC

Answer 132

Security Operations Center

Question 133

PST

Answer 133

Provisioning Service Target

Question 134

IDM

Answer 134

Identity Management

Question 135

WAYF

Answer 135

Where Are You From A service that guides a user to his or her identity provider.

Question 136

HMAC

Answer 136

Hashed Message Authentication Code A specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key.

Question 137

KDC

Answer 137

Key Distribution Center

Question 138

LDAP

Answer 138

Lightweight Directory Access Protocol An open, vendor-neutral industry standard application protocol for accessing and maintaining distributed directory information services over an IP network.

Question 139

RFQ

Answer 139

Request For Quote

Question 140

DPI

Answer 140

Deep Packet Inspection A form of packet filtering that examines the data part (and possibly the header) of a packet as it passes an inspection point.

Question 141

SOCKS

Answer 141

SocketSecure Circuit proxy server with commercial freeware implementation. Protocol that is intended to act as a circuit level proxy for applications. Layer 5 of OSI model. Can act as VPN if encryption is supported. Port 180.

Question 142

IAVA

Answer 142

Information Assurance Vulnerability Alert

Question 143

OLA

Answer 143

Operating Level Agreement

Question 144

TCSEC

Answer 144

Trusted Computer System Evaluation Criteria US DoD standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. Region: **USA**

Question 145

CSRF

Answer 145

Cross-Site Request Forgery An attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.

Question 146

SPML

Answer 146

Service Provisioning Markup Language An OASIS-approved standard intended to provide an CML framework for managing the provisioning and allocation of identity information and system resources within and between organizations.

Question 147

Kerberos

Answer 147

A computer network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. “Customers will have delegated access to multiple digital services.”

Question 148

HBA (2)

Answer 148

Host Bus Adapter: Connects a computer to other network and storage devices. Host-Based Authentication

Question 149

RBAC

Answer 149

Rule/Role-Based Access Control

Question 150

RPO

Answer 150

Recovery Point Objective

Question 151

FERPA

Answer 151

Family Educational Rights and Privacy Act Federal law that protects the privacy of student educational records.

Question 152

TOTP

Answer 152

Time-based One Time Password

Question 153

FIM

Answer 153

File Integrity Monitoring

Question 154

CIA (2)

Answer 154

Cryptographic Information Application Confidentiality, Integrity, Availability

Question 155

POCE

Answer 155

Personally Owned Corporate Enabled

Question 156

PEP

Answer 156

Policy Enforcement Point

Question 157

RC4

Answer 157

Rivest Cipher 4 The only widely used stream cipher. Known to be insecure.

Question 158

EICAR Test File

Answer 158

European Institute for Computer Antivirus Research file to test virus detection software.

Question 159

SAML

Answer 159

Security Assertions Markup Language An XML standard for exchanging authentication and authorization data between security domains—between an identity provider and a service provider. “Authentication to cloud-based corporate portals will feature single sign-on.”

Question 160

ELA

Answer 160

Enterprise License Agreement

Question 161

KPI

Answer 161

Key Performance Indicator

Question 162

DKIM

Answer 162

DomainKeys Identified Mail An email authentication method designed to detect forged sender addresses in emails.

Question 163

CERT

Answer 163

Computer Emergency Response Team

Question 164

ESP

Answer 164

Encapsulating Security Payload IPSEC protocol. Provides data confidentiality (encryption) and authentication (data integrity, data origin authentication, and replay protection).

Question 165

Block Ciphers

Answer 165

DES (64bits), 3DES, IDEA, RC5, AES (aka Rijndael) Blowfish, CAST, SAFER Stronger than stream ciphers. Encrypts in fixed-length “blocks”.

Question 166

Pivoting

Answer 166

A method used by penetration testers that uses the compromised system to attack other systems on the same network to avoid restrictions such as firewall configurations, which may prohibit direct access to all machines.

Question 167

SCSI

Answer 167

Small Computer System Interface A set of standards for physically connecting and transferring data between computers and peripheral devices.

Question 168

Helix

Answer 168

A forensics and incident response live CD based on Knoppix distribution.

Question 169

NGFW

Answer 169

NextGen FireWall Packet filtering, NAT/PAT, stateful inspection, VPN support.

Question 170

NIST

Answer 170

National Institute of Standards and Technology A physical sciences laboratory, and non-regulatory agency of the US Department of Commerce. It’s mission is to promote innovation and industrial competitiveness. Responsible for the creation of lists of known vulnerabilities in OSs.

Question 171

NLA

Answer 171

Network Level Authentication

Question 172

SSDLC

Answer 172

Security System Development Life Cycle

Question 173

BCP

Answer 173

Business Continuity Planning

Question 174

CIRT

Answer 174

Computer Incident Response Team

Question 175

SSO

Answer 175

Single Sign-On

Question 176

MTBF

Answer 176

Mean Time Between Failures

Question 177

XSS

Answer 177

Cross-Site Scripting Vulnerability/attack. AKA “Confused Deputy Attack”

Question 178

SPIM

Answer 178

Spam over Internet Message

Question 179

CredSSP

Answer 179

Credential Security Support Provider (Protocol) An authentication provider that processes authentication requests for other applications.

Question 180

MSA

Answer 180

Master Service Agreement Contract reached between parties, in which the parties agree to most of the terms that will govern future transactions or future agreements.

Question 181

MTTR

Answer 181

Mean Time To Recovery

Question 182

NX/XN Bit

Answer 182

The NX bit (**no-execute**) is a technology used in CPUs to segregate areas of memory for use by either storage of processor instructions (code) or for storage of data, a feature normally only found in Harvard architecture processors. However, the NX bit is being increasingly used in conventional von Neumann architecture processors, for security reasons. (**XN = execute never**)

Question 183

XSRF

Answer 183

Cross-Site Request Forgery

Question 184

IKE

Answer 184

Internet Key Exchange Protocol used to set up a Security Association (SA) in the IPSec protocol suite.

Question 185

MAC (2)

Answer 185

Mandatory Access Control (deals with classification) Message Authentication Code

Question 186

UAT

Answer 186

User Acceptance Testing

Question 187

EV

Answer 187

Extended Validation (certificate)

Question 188

GRC

Answer 188

Governance, Risk, and Compliance. A company’s coordinated strategy for managing the broad issues of corporate governance, enterprise risk management (ERM) and corporate compliance with regard to regulatory requirements.

Question 189

L2TP

Answer 189

Layer 2 Tunneling Protocol Used to support VPNs or as part of the delivery of services by ISPs.

Question 190

ACM

Answer 190

Access Control Matrix The table structure of an ACL.

Question 191

Side Loading

Answer 191

A term similar to “upload" and “download", but in reference to the process of transferring between two local devices, in particular between a computer and a mobile device.

Question 192

DAC

Answer 192

Discretionary Access Control A type of Access Control used as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong.

Question 193

SCADA

Answer 193

Supervisory Control and Data Acquisition A control system architecture that uses computers, networked data communications and GUIs for high-level process supervisory management.

Question 194

oAuth

Answer 194

An open standard for access delegation, commonly used as a way for internet users to grant websites or apps access to their info on other websites but without giving them the passwords. (Amazon, google, IG, FB, etc) “Where users are attached to the corporate network, SSO will be utilized.”

Question 195

PSK

Answer 195

Pre-Shared Key

Question 196

SAFER

Answer 196

Secure And Fast Encryption Routine Family of block ciphers.

Question 197

IDP

Answer 197

Identity Provider

Question 198

CIFS

Answer 198

Common Internet File System A network file system protocol used for providing shared access to files and printers between machines on the network.

Question 199

ISA

Answer 199

Interconnection Security Agreement

Question 200

KRI

Answer 200

Key Result Indicator

Question 201

CCMP

Answer 201

Counter-Mode / CBC (Cipher Block Chaining)-MAC (Message Authentication Code) Protocol An encryption protocol designed for WLAN products that implements the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard.