All Flashcards

Question

What are precursors?

Answer 1

Early warning signs.

Answer 2

Data Loss Prevention.

Answer 3

Security Information and Event Management.

Answer 4

Intrusion Protection System.

Answer 5

Intrusion Detection System.

Answer 6

Cloud Access Security Broker.

Answer 7

Data obfuscation, hiding some of the original data.

Answer 8

A DNS that hands out incorrect IP addresses.

Answer 9

Corporate Owned Personally Enabled (device).

Answer 10

Distributed ledger, everyone maintains the ledger.

Answer 11

Risk management strategy, buy some insurance.

Answer 12

Time to live. The amount of time or hops that a packet is set to exist inside a network before being discarded by the router.

Answer 13

Someone else holds the decryption keys.

Answer 14

IEEE standard for port based nac (PNAC).

Answer 15

Institute of Electrical and Electronic Engineers.

Answer 16

Terminal Access Controller Access Control System.

Answer 17

Lightweight Directory Access Protocol and Lightweight Directory Access Protocol Secure. LDAP uses TCP port 389 and LDAPS uses TCP port 636. LDAPS uses SSL for encryption. Low Down All Pine on port 389. Lax Digs And Proper Six on ya port 636.

Answer 18

Network authentication protocol. Authenticate once.

Answer 19

Internet Protocol Security. It is a group of protocols for securing connections between devices. IPsec helps keep data sent over public networks in a secure manner. It is often used to set up VPNs and it works by encrypting IP packets along with authenticating the source where the packets came from.

Answer 20

Secure Sockets Layer. A standard for securing an internet connection by encrypting data sent between a website and browser. Uses TCP port 443.

Answer 21

An updated and more secure version of SSL. Still commonly referred to as SSL. Uses TCP port 443.

Answer 22

Hypertext Transfer Protocol Secure. The secure version of HTTP. Uses TLS, formerly known as SSL. Uses two keys, a public and private key. The private key is controlled by the owner of a website and is kept private, and lives on a web server and is used to decrypt the information of the public key. The public key is available to everyone who wants to interact with the server in a secure way. Information that's encrypted by the public key can only be decrypted by the private key. Uses TCP port 443.

Answer 23

A firewall that remembers the state of the session, and everything within a valid flow is allowed.

Answer 24

A cage that blocks EMF. It is a mesh of conductive material that cancels the EMF effect on the interior, similar to how a microwave door blocks microwaves.

Answer 25

Managed Service Provider. Can also be a cloud service provider, but not all cloud service providers are MSPs.

Answer 26

Content Management System. Secure the access to data and protect it from outsiders.

Answer 27

Mobile Content Management.

Answer 28

Hardware Security Module. Common with MicroSD cards.

Answer 29

Trusted Platform Module. A specification for cryptographic functions. Comes with unique keys burned in. Persistent memory for burned in keys. Versatile memory for storage keys and hardware information. Password protected. Cryptographic processor, random number generator.

Answer 30

Unified Extensible Firmware Interface.

Answer 31

Cross-site Scripting. An exploitation in which information with one site is shared with another. Can be persistent (think sharing malicious social media link, everyone gets the payload) or non-persistent (aka reflected) (think using a search box to run a script).

Answer 32

Annualized Rate of Occurrence. How likely is a risk to happen in a year?

Answer 33

Single Loss Expectancy. How much monetary loss from a single event. I.e. how much money is lost from a single laptop theft?

Answer 34

Annualized Loss Expectancy. ARO x SLE. How much expected loss in a year?

Answer 35

Recovery Time Objective. Time to recover to a specific point. I.e. must be back to X% level of service within Y amount of time.

Answer 36

Recovery Point Objective. How much data loss is acceptable?

Answer 37

Cross Site Request Forgery. AKA C-SRF (sea surf). The website trusts your browser and requests are made without your consent or knowledge.

Answer 38

Add your own commands to an application's SQL query, like through a text box submission.

Answer 39

Payment Card Industry Data Security Standard.

Answer 40

Combines on-path attack with a downgrade attack. Attacker must sit in the middle of the conversation and modifies the data between the victim and web server.

Answer 41

Remote Access Trojan? Backdoor, allows for admin control.

Answer 42

Takes advantage of a vulnerability and installs malware that includes a remote access backdoor.

Answer 43

Standard for Information Security Management Systems.

Answer 44

Privacy Information Management System.

Answer 45

Standard for Information Management Security (SIMS).

Answer 46

Code of practice for information security controls.

Answer 47

Privacy Information Management Systems.

Answer 48

International standards for risk management practices.

Answer 49

General Data Privacy Regulation. Used by European Union.

Answer 50

Cloud Security Alliance.

Answer 51

Cloud Controls Matrix. Cloud-specific security controls. Controls are mapped to standards, best practices, and regulations.

Answer 52

Simple Mail Transfer Protocol and Simple Mail Transfer Protocol Secure. Used by clients to deliver email to a server. Also used by servers to forward mail to their final destination. SMTP uses TCP port 25 and SMTPS uses TCP port 587. Send Mail To Persons over 25 but under 587. We can send between 25 and 587 emails per day.

Answer 53

Secure/ Multipurpose Inter Mail Extensions. Uses public key encryption and digital signing of mail content. The mime needs extensions because he can't speak on his own.

Answer 54

Internet Message Access Protocol and Internet Message Access Protocol Secure. Retrieves email from a server. IMAP uses TCP port 143 and IMAPS uses TCP port 993.

Answer 55

Cloud Access Security Broker. Security policies in the cloud. Implemented as client software, local security appliances, or cloud based security solutions.

Answer 56

Wired Equivalent Privacy. Not good.

Answer 57

Extensible Authentication Protocol. An authentication framework. Integrates with 802.1X.

Answer 58

An IEEE standard for port based network access control (PNAC). Uses a centralized authentication server and all users can use their normal credentials to authenticate to an 802.1X network.

Answer 59

Protected Extensible Authentication Protocol. Protected EAP. Created by Cisco, Microsoft, and RSA Security. It encapsulates EAP in a TLS tunnel.

Answer 60

EAP Transport Layer Security. Strong security that requires a digital certificate on the AS (authentication server) and all other devices. EAP! I forgot the digital certificate on the AS!

Answer 61

Authentication Server.

Answer 62

EAP Tunneled Transport Layer Security. Supports other authentication protocols in a TLS tunnel. Requires a digital certificate on the AS. Does not require a certificate on every device. Builds a TLS tunnel using this digital certificate. Use any authentication method inside the TLS tunnel, including other EAPs, MS-CHAPv2, and anything else. You can send anything in a tunnel.

Answer 63

Extensible Authentication Protocol - Microsoft Challenge Handshake Authentication Protocol version 2. Uses user account credentials in ADDS (Active Directory Domain Services) to authenticate wireless access clients instead of using smart cards or user and computer certificates for client authentication.

Answer 64

EAP Flexible Authentication via Secure Tunneling. AS and supplicant share a protected access credential (PAC), aka shared secret.

Answer 65

Protected Access Credential.

Answer 66

Remote Authentication Dial-In User Service. Centralized Authentication.

Answer 67

Security Orchestration, Automation, and Response.

Answer 68

Public Key Infrastructure. Policies, procedures, hardware, software, people. Digital certificates: create, distribute, manage, store, revoke.

Answer 69

Unified Threat Management. All-in-once security appliance.

Answer 70

Real Time Operating System. An OS with a deterministic processing schedule. Used in environments where a large number of events, mostly external to the computer system, must be accepted and processed in a short time or within certain deadlines. such applications are industrial control, telephone switching equipment, flight control, and real-time simulations.

Answer 71

System on a Chip. Multiple components running on a single chip.

Answer 72

Self-Encrypting Drive.

Answer 73

Message Authentication Code.

Answer 74

Mandatory Access Control. The OS controls the access through GPOs, etc.

Answer 75

Cloud Access Security Broker. Can be used to apply security policies to cloud based implementations. Two common functions of a CASB are visibility into application use and data security policy use. Also verification of compliance with formal standards and the monitoring and identification of threats.

Answer 76

Managed Service Provider. Can be a cloud service provider, but not all cloud service providers are MSPs.

Answer 77

Full Disk Encryption.

Answer 78

Secure Real-Time Transport Protocol. Used for secure VoIP. Commonly uses AES for confidentiality. Uses port 5061. Application layer protocol.

Answer 79

Learning as much as possible about a company from open sources.

Answer 80

File Transfer Protocol and File Transfer Protocol Secure. FTP uses TCP port 20 for data and TCP port 21 for control. FTPS uses TCP port 990 for control and TCP port 989 for data.

Answer 81

Secure Shell. Used for secure remote connections. Uses TCP port 22.

Answer 82

DNS Security Extensions. Does not provide any confidentiality of data.

Answer 83

Backs up only the files that have been changed since the last incremental backup. For example, if you do a full backup on Monday, then an incremental backup on Tuesday and Wednesday, you will need to perform three restores. Monday, then whatever changed on Tuesday, then whatever changed on Wednesday.

Answer 84

Backs up only the files that have been changed since the last full backup. For example, if you do a full backup on Monday, then an incremental backup on Tuesday and Wednesday, you will need to perform two restores. Monday, then Wednesday.

Answer 85

This portion of the startup process verifies the OS kernel signature and starts the ELAM process.

Answer 86

Early Launch Anti-Malware. ELAM backwards is MALE. Males are the early form of malware.

Answer 87

Occurs after the Trusted Boot process and verifies that nothing on the computer has been changed by malicious software or other processes.

Answer 88

A UEFI BIOS boot feature that checks the digital signature of the bootloader. The Trusted Boot Process occurs after the Secure Boot has completed.

Answer 89

Power On Self Test. Hardware check performed prior to booting an operating system.

Answer 90

Secure Hash Algorithm with a message digest of 256 bits. Digital signature verification, password hashing, SSL handshakes in browsers, verifies a file was not corrupted during a file transfer.

Answer 91

Designed to check for the secure baseline of firewall settings, patch levels, and OS versions, and any other security components associated with the application.

Answer 92

A person who manages access rights and sets security controls on the data.

Answer 93

A person who manages the operational use of the data but not the rights and permissions.

Answer 94

A person who makes business decisions regarding the data. Usually a higher level executive.

Answer 95

A person who sets privacy policies and implements privacy processes and procedures.

Answer 96

Hardware Security Module. A high end cryptographic hardware appliance that can securely store keys and certificates for all devices.

Answer 97

Password Authentication Protocol.

Answer 98

Microsoft Challenge Handshake Protocol. An encrypted challenge is sent over the network. It is a three-way handshake. Challenege-response continues periodically. Commonly uses PPTP (Point to Point Tunneling Protocol). Don't use it, it's bad. Security issues with DES.

Answer 99

Data Encryption Standard. Don't use it, has security issues.

Answer 100

Point to Point Tunneling Protocol.

Answer 101

Internet Protocol Security. Security for OSI layer 3. Authentication and encryption for every packet. Features confidentiality and integrity, anti-replay. Two core protocols combined, AH and ESP.

Answer 102

Authentication Header. Provides data integrity, origin authentication, replay attack prevention, keyed-hash mechanism. No confidentiality or encryption.

Answer 103

Encapsulating Security Payload. Provides confidentiality through encryption, limited traffic flow confidentiality, data integrity, and anti-replay protection.

Answer 104

Cipher Block Chaining. Each plaintext block is XORed with the previous ciphertext block.

Answer 105

A message digest is a fixed size numeric representation of the contents of a message, computed by a hash function.

Answer 106

The process of transforming any given key or a string of characters into another value, i.e. a message digest.

Answer 107

Random data fed as an additional input to a one-way function that hashes data. It defeats rainbow tables.

Answer 108

Counter. Block cipher mode / acts like a stream cipher. Encrypts successive values of a “counter”. Plaintext can be any size, since it’s part of the XOR i.e., 8 bits at a time (streaming) instead of a 128-bit block.

Answer 109

Galois/ Counter Mode. Encryption with authentication. Very efficient encryption and authentication. Minimum latency and operation overhead. Commonly used in packetized data. Galois was very fast and very efficient when it came to encrypting and authenticating.

Answer 110

Short Message Service. Text messages.

Answer 111

Multimedia Messaging Service. Like expanded text messages.

Answer 112

Certificate Signing Request.

Answer 113

Online Certificate Status Protocol. The browser can check for certificate revocation. An alternative to CRL. Checks validity in real time.

Answer 114

Someone else holds the decryption keys.

Answer 115

A single CA issues certs to intermediate CAs.

Answer 116

Simultaneous Authentication of Equals. A Diffie-Hellman derived key exchange with an authentication component. Everyone uses a different session key even with the same PSK. An IEEE standard, the dragonfly handshake. Sae is the name of the dragonfly and Diffie-Hellman is his daddah. All dragonflies have different keys.

Answer 117

Perfect Forward Secrecy. Change the method of key exchange.

Answer 118

Establishes a shared secret between two parties that can be used for communication for exchanging data over a public network.

Answer 119

Elliptical Curve Cryptography. Asymmetric encryption. Need large integers composed of two or more large prime factors.

Answer 120

Uses a public key and private key. You can't derive the private key from the public key.

Answer 121

Developed by MITRE corporation, determine the actions of an attacker such as point of intrusion, methods used to move around, and block future attacks.

Answer 122

Intrusion analysis, apply scientific principles to intrusion analysis such as measurement, testability, and repeatability.

Answer 123

National Institute of Standards and Technology Risk Management Framework.

Answer 124

Host Based Intrusion Prevention System. Recognizes and blocks known attacks. Uses signatures, heuristics, and behaviors. Secure OS and application configurations, and validate incoming service requests.

Answer 125

Web Application Firewall. Applies rules to HTTP/ HTTPS conversations. Allow or deny based on expected input. Major focus of PCI DSS. What Are we Fucking sending over HTTP/HTTPS?

Answer 126

Unified Threat Management. All-in-one security appliance.

Answer 127

Pretty Good Privacy. Security program that enables users to communicate securely by decrypting and encrypting messages, authenticating messages through digital signatures, and encrypting files. One of the first public key cryptography softwares.

Answer 128

Address Resolution Protocol. Connects an IP address to a MAC address in a LAN. Think ARP table.

Answer 129

Determine the route a packet takes to the destination. Used in Mac and Linux. POSIX. Takes advantage of ICMP.

Answer 130

Determine the route a packet takes to the destination. Used in Windows. Takes advantage ICMP.

Answer 131

Lookup names and IP addresses. Deprecated, use dig instead (not native to Windows). Windows and POSIX.

Answer 132

Domain Information Groper. More advanced domain information than nslookup.

Answer 133

TCP/ IP information. Windows.

Answer 134

TCP/ IP information. Mac and Linux.

Answer 135

Network Mapper. Find and learn more about network devices, port scan, OS system scan (what OS is in use), service scan (what services are on this device).

Answer 136

Test reachability and round trip time of packets. Uses ICMP. Windows, Mac, Linux.

Answer 137

Combines ping and traceroute. Windows. First phase runs a traceroute and builds a map. Second phase measures round trip time and packet loss at each hop.

Answer 138

TCP/IP packet assembler/analyzer. A ping that can send almost anything. Send crafted frames. BE CAREFUL! Easy to flood and Dos. Uses ICMP, TCP, UDP. Example: #hping3 --destport 80 10.1.10.1

Answer 139

Network statistics. -a, -b, -n Windows, Mac, Linux.

Answer 140

Show all active connections.

Answer 141

Show binaries.

Answer 142

Do not resolve names.

Answer 143

Many different functions, "read" or "write" to the network. Open a port and receive some traffic. listen on a port, transfer data, scan ports and send data to a port. Become a backdoor, run a shell from a remote device. An alternative is Ncat.

Answer 144

Search the network for IP addresses. Avoid doing work on an IP address that isn't there. Many different techniques. ARP (if on the local subnet), ICMP requests (ping), TCP ACK, ICMP timestamp requests.

Answer 145

View the local ARP table.

Answer 146

View the device's routing table. Windows = route print. Mac and Linux = netstat -r.

Answer 147

Client URL. Retrieve data using a URL. Web pages, FTP, emails, databases, etc. Grab the raw data (think about the "Inspect" tool on a webpage).

Answer 148

Gather OSINT.

Answer 149

Combine many recon tools into a single framework.

Answer 150

Run port scans from a different host. Port scan proxy. Many different services, choose the option for scan origination. Your IP is hidden as the scan source.

Answer 151

Enumerate DNS information. Find hostnames. View host information from DNS servers.

Answer 152

Industry leader in vulnerability scanning.

Answer 153

Sandbox for malware.

Answer 154

View the first part of the file. -n specifies the number lines. Example: head -n 5 syslog

Answer 155

View the last part of the file. -n specifies the number of lines. Example: tail -n 5 syslog

Answer 156

Concatenate. Link together in a series. Example: cat file1.txt file2.txt

Answer 157

Find text in a file. Search through many files at a time.

Answer 158

Change mode of a file system object. r=read, w=write, x=execute. Can also use octal notation (ex., 744). Example: chmod 744 first.txt (this sets user to read, write, execute, group to read only, other to read only)

Answer 159

Add entries to the system log. Syslog.

Answer 160

Shell and script environment. Secure Shell. Encrypted console communication over TCP port 22. Looks and acts the same as Telnet.

Answer 161

Shell and script environment. Command line for sys admins.

Answer 162

Shell and script environment. General purpose scripting language.

Answer 163

A shell and script environment. Toolkit and crypto library for SSL/TLS.

Answer 164

Packet tool. A suite of packet replay utilities.

Answer 165

Packet tool. Capture packets from the command line.

Answer 166

Packet tool. Graphical packet analyzer.

Answer 167

Forensic tool. Create a bit-by-bit copy of a drive.

Answer 168

Create dd if=/dev/sda of=/tmp/sda-image.img Restore dd if=/tmp/sda-image.img of=/dev/sda

Answer 169

Forensic tool. Copy information in system memory to the standard output stream.

Answer 170

Forensic tool. A universal hexadecimal editor for Windows. Edit disks, files, RAM. Clone disks, secure wipes, and more.

Answer 171

Forensic tool. Forensic drive imaging tools. Windows executable. Forensic ToolKit to find who drive through my window.

Answer 172

The Sleuth Kit is an open source collection of command line and programming libraries for disk imaging and file analysis. Autopsy is a graphical frontend for these tools.

Answer 173

A pre-built toolkit for exploitations. Metasploit is an example.

Answer 174

Program to crack passwords. Username/ password combinations. Brute forcing a hash file. Limited by password complexity, hashing method, CPU power. Can increase with GPU.

Answer 175

Password complexity/ strength.

Answer 176

Completely removing data from a device.

Answer 177

chmod [options] [mode] [File_name] chmod 744 file.txt (

Answer 178

There are three positions: Owner, Group, and Other. R = Read W = Write X = Execute Setting a Y will result in Z: 0 = none 1 = X 2 = W 3 = W,X 4 = R 5 = R,X 6 = R,W 7 = R,W,X

Answer 179

POST-> Secure Boot-> Trusted Boot-> Measures Boot

Answer 180

AKA boot manager, bootstrap loader. Program responsible for booting a computer. Acts as an intermediate between hardware and software. Loads the OS into memory.

Answer 181

False Rejection Rate. Example, don't make biometrics too sensitive.

Answer 182

HMAC-based One Time Password.

Answer 183

False Acceptance Rate. Example, biometrics are not sensitive enough.

Answer 184

Certificate Signing Request.

Answer 185

Endpoint Detection and Response. Detect a threat, investigate a threat, respond to a threat. Uses behavioral analysis, machine learning, and process monitoring. Lightweight on the endpoint.

Answer 186

Statement on Standards for Attestation Engagements. AICPA (American Institute of Certified Public Accountants) auditing standard Statement on Standards for Attestation Engagements number 18 (SSAE 18) Think about when I had to review those long ass reports at MSGCU.

Answer 187

Cloud Security Alliance Cloud Controls Matrix

Answer 188

Cloud Controls Matrix.

Answer 189

Cloud Security Alliance.

Answer 190

Sits between the users and the external network. Receives the user requests and sends on their behalf. Useful for caching information, access control, URL filtering, content scanning. NAT is a proxy. Most proxies in use are application proxy.

Answer 191

Industrial Control System.

Answer 192

Supervisory Control and Data Acquisition (system).

Answer 193

OCSP Stapling improves performance by positioning a digitally-signed and time-stamped version of the OCSP response directly on the webserver. This stapled OCSP response is then refreshed at predefined intervals set by the CA. The stapled OCSP response allows the web server to include the OCSP response within the initial SSL handshake, without the need for the user to make a separate external connection to the CA.

Answer 194

Certificate pinning embeds or “pins” a certificate inside of an application. When the application contacts a service, the service certificate will be compared to the pinned certificate.

Answer 195

Certificate chain (or Chain of Trust) is made up of a list of certificates that start from a server's certificate and terminate with the root certificate. If your server's certificate is to be trusted, its signature has to be traceable back to its root CA.

Answer 196

Certificate Revocation List.

Answer 197

High Availability.

Answer 198

A set of steps required to complete a task.

Answer 199

Endpoint Detection and Response.

Answer 200

A transitive trust states that if Domain A trusts Domain B, and Domain B trusts Domain C, then Domain A trusts Domain C. This trust relationship is not associated with the authentication process that occurs in any of these domains.

Answer 201

A pivot point is a point used for pen testing access, a jumping off point.

Answer 202

Electronic Code Book. A block cipher mode where each block is encrypted with the same key. In most use cases ECB is too simple to ensure data confidentiality. Don't use it!

Answer 203

Protected Extensible Authentication Protocol. Builds a TLS tunnel that encapsulates EAP to ensure a protected authentication process.

Answer 204

Hash-based Message Authentication Code. Commonly used with AH in IPsec.

Answer 205

Discretionary Access Control. An owner decides which users can access data through permissions.

Answer 206

WiFi Protected Access 3. Uses GCMP block cipher mode. GCMP provides data confidentiality with AES and MIC.

Answer 207

Authentication, Authorization, and Accounting.

Answer 208

Attribute Based Access Control. User is granted permissions based on their own attributes.

Answer 209

Access Control Entities. Ace was the Entity that Controlled access to the doors.

Answer 210

Access Control List

Answer 211

The practice of responding to a threat by destroying or deceiving a threat actor's capabilities.

Answer 212

Using AI to identify vulnerabilities and attack vectors to circumvent security systems.

Answer 213

Advanced Encryption Standard. Symmetric 128, 192, or 256 bit block cipher based on the Rijndael algorithm. Replaced DES.

Answer 214

A software development model that focuses on iterative and incremental development to account for evolving requirements and expectations.

Answer 215

Automated Indicator Sharing. Threat intelligence data feed operated by the DHS.

Answer 216

Department of Homeland Security.

Answer 217

A layer 7 firewall technology that inspects packets at the Application layer.

Answer 218

Software designed to run on a server to protect a particular application such as a web server or SQL server.

Answer 219

Advanced Persistent Threat. An attacker's ability to obtain, maintain, and diversify access to network systems using exploits and malware.

Answer 220

Open-source platform producing programmable circuit boards for education and industrial prototyping.

Answer 221

An optional security feature of a switch that prevents excessive ARP replies from flooding a network segment.

Answer 222

Change the ARP table to redirect traffic to a different MAC address.

Answer 223

A cipher that uses public and private keys. Uses either RSA or ECC, but the private key is not derivable from the public one.

Answer 224

The points at which a network or application receives external connections or inputs/outputs that are potential vectors to be exploited by a threat actor.

Answer 225

A specific path by which a threat actor gains unauthorized access to a system.

Answer 226

A PNAC switch or router that activates EAPoL and passes a supplicant's authentication data to an AS such as a RADIUS server.

Answer 227

Extensible Authentication Protocol over LAN.

Answer 228

Building Automation System. Components and protocols that facilitates the centralized configuration and monitoring of mechanical and electrical systems withing offices and data centers.

Answer 229

The chip and firmware in a smartphone that acts as a cellular modem.

Answer 230

A collection of security and configuration settings that are to be applied to a particular system or network in the organization.

Answer 231

Bourne again shell. A command shell and scripting language for Unix-like systems.

Answer 232

A server typically found in a DMZ that is configured to provide a single service to reduce the possibility of a compromise. A bastion does one thing.

Answer 233

A network monitoring system that detects changes in normal operating data sequences and identifies abnormal sequences. AKA behavior-based detection.

Answer 234

Business Impact Analysis. A systematic activity that identifies organizational risks and determines their effect on ongoing, mission critical operations.

Answer 235

A type of password attack that exploits weaknesses in the mathematical algorithms used to encrypt passwords, in order to take advantage of the probability of different password inputs producing the same encrypted output.

Answer 236

A type of symmetric encryption that encrypts data one block at a time, often in a 64-bit block. It is usually more secure but slower than stream ciphers.

Answer 237

The defensive team in an exercise.

Answer 238

A wireless attack attack where the attacker gains access to information on a device using a Bluetooth connection.

Answer 239

Report of boot state integrity data that is signed by a tamper-proof TPM key and reported to a network server.

Answer 240

Business Partnership Agreement. Agreement by two companies to work together closely. Like Quizitive.

Answer 241

Bridge Protocol Data Unit guard. Switch port security feature that disables the port if it receives BPDU notifications related to spanning tree. This is configured on access ports where any BPDU frames are likely to be malicious.

Answer 242

An attack in which data goes past the boundary of the destination buffer and begins to corrupt adjacent memory. This can allow for system crashes or execution of arbitrary code.

Answer 243

Reward for reporting vulnerabilities.

Answer 244

Command and Control. AKA C2. An infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets.

Answer 245

Certificate Authority. A server that guarantees subject identities by issuing signed digital certificate wrappers for their public keys.

Answer 246

Common Access Card. A smart card that provides certificate-based authentication and supports 2FA.

Answer 247

controller area network bus. A serial network designed to allow communications between embedded programmable logic controlers.

Answer 248

completely automated public Turing test to tell computers and humans apart.

Answer 249

A web page or website to which a client is redirected before being granted full network access.

Answer 250

Training event where learners must identify a token within a live network environment.

Answer 251

The process of extracting data from a computer when that data has no associated file system metadata.

Answer 252

Cloud Access Security Broker. Enterprise management software designed to mediate access to cloud services by users across all types of devices.

Answer 253

Cipher Block Chaining. An encryption mode of operation where and XOR is applied to the first plaintext block.

Answer 254

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol. An encryption protocol used for wireless LANs that address the vulnerabilities of WEP protocol.

Answer 255

Cryptographic Erase. A method of sanitizing a self-encrypting drive by erasing the media encryption key. It keeps erasing my memory of this acronym.

Answer 256

The record of evidence history from collection, to presentation in court, to disposal.

Answer 257

the process by which the need for change is recorded and approved. The approval process.

Answer 258

The process through which changes to the configuration of information systems are implemented, as part of the organization's overall configuration management efforts.

Answer 259

challenge handshake authentication protocol. Developed for dial-up networks. Uses an ecrypted three-way handshake to authenticate the client to the server. The challenge-response is repeated throughout the connection.

Answer 260

The output of a hash function. chmod Linux command for managing file permissions.

Answer 261

Confidentiality, Integrity, Availability. The three principles of security control and mangement.

Answer 262

A Layer 5 firewall tech that tracks the active state of a connection, and can make decisions based on the contents of network traffic as it relates to the state of the connection.

Answer 263

Center for Internet Security. A not for profit.

Answer 264

Classifying the ownership and managment of a cloud as public, private, community, or hybrid.

Answer 265

classifying the provision of cloud services and the limit of cloud service provider's responsibility.

Answer 266

Common Name. An X500 attribute expressing a host or username, also used as the subject identifier for a digital certificate.

Answer 267

Corporate Owned Business Owned (device).

Answer 268

Code on how to act.

Answer 269

Potentially unsecure programming practice of using code originally written for a different context.

Answer 270

The method of using a digital signature to ensure the source and integrity of the programming code.

Answer 271

A network appliance that thathers or receives log and or state data from other network systems.

Answer 272

the act of two different plaintext inputs producing the same exact ciphertext output.

Answer 273

an access control scheme that verifies an object's identity based on various environmental factors like time location and behavior.

Answer 274

software development method in which app and platform requirements are frequently tested and validated for immediate availability.

Answer 275

software development method in which app and platform updates are committed to production rapidly.

Answer 276

software development method in which code updates are tested and committed to a development or build server/code repository rapidly.

Answer 277

risk that arises when a control does not provide the level of mitigation that was expected.

Answer 278

counter mode. an encryption mode of operation where a numerical counter value is used to create a constantly changing IV. AKA CM (counter mode)

Answer 279

brute force attack in which stolen user account names and passwords are tested against multiple websites.

Answer 280

certificate revocation list. A list of certificates that were revoked before their expiration date.

Answer 281

where FAR and FRR meet.

Answer 282

cyber threat intelligence

Answer 283

Common Vulnerabilities and Exposures.

Answer 284

Common vulnerability scoring system. A risk management approach to quantifying vulnerability data and then taking into account the degree of risk to different types of systems or information.

Answer 285

Choose your own device.

Answer 286

information that is primarily stored on specific media rather than moving from one medium to another

Answer 287

the entity that determines why and how personal data is collected, stored, and used.

Answer 288

information that is present in the volitile memory of a host such as sysem memory or cache.

Answer 289

information being transmitted between two hosts.

Answer 290

a deidentification method where generic or placeholder labels are usbstituted for real data whle preserving the structure oof the original data

Answer 291

only necessary and sufficient personal information can be collected.

Answer 292

leftover information on a storage medium after basic sanitation attempts

Answer 293

the principle that countries and states may impose indivdual requirements on data collected or stored within their jurisdiction.

Answer 294

a person who is primarily responsible for data quality, ensuring data is labeled and identified with the appropriate meta data.

Answer 295

a configuration option that enables a switch to inspect DHCP traffic to prevent MAC spoofing.

Answer 296

multi-layered secruity.

Answer 297

methods that remove identifying information from data before it is distributed.

Answer 298

Distinguished encoding rules. The binary format used to structure the information in a digital certificate.

Answer 299

A type of security control that acts during an incident to identify or record what is happening.

Answer 300

A type security control that discourages intrusion attempts.

Answer 301

Diffie-Hellman. A technique that provides a secure key exchange.

Answer 302

An attack in which an attacker responds to a client requesting address assignment from a DHCP server.

Answer 303

The Differentiated Services Code Point (DSCP) field is used to indicate a priority value for layer 3 packet to facilitate QoS or Class of Service Scheduling (CoS).

Answer 304

A message digest encrypted using the sender's private key that is appended to a message to authenticate the sender and prove message integrity.

Answer 305

A network service that stores identity information about all the objects in a particular network.

Answer 306

An application attack that allows access to commands, files, and directories.

Answer 307

Cybersecurity resilience strategy that increases attack costs by providing multiple types of controls, technologies, vendors, and crypto implementations.

Answer 308

Demilitarized zone. A segment isolated from the rest of the private network by one or more firewalls that accepts connections from the internet over designated ports.

Answer 309

Destination network address translation. A NAT service where private internal addresses are mapped to one or more public addresses to facilitate internet connectivity for hosts on a local network via a router.

Answer 310

An attack which an attacker modifies a computer's DNS configurations to point to a malicious DNS server.

Answer 311

An attack where the attacker exploits the open nature of the DNS system to redirect a dmain name to the wrong IP address. Often done by editing the host file.

Answer 312

DNS Security Extensions. A security protocol that provides authentication of DNS data upholds DNS data integrity.

Answer 313

The attacker steals a domain name by altering its registration information then transfers the domrain name to another entity. AKA brandjacking.

Answer 314

a cryptographic attack where the attacker exploits the need for backwards compatibility to force a computer to abandon the user of encrypted messages in favor of plaintext messages.

Answer 315

Data privacy officer. Data governance role with responsibility for compliant collection and processing of personal and sensitive data.

Answer 316

Disaster recovery plan.

Answer 317

Digital signature algorithm. Public key encryption standard used for digital signatures that provides authentication and integrity verification for messages.

Answer 318

A text displayed by a host server containing details like software type and version running in a system or server.