Brainscape Glossarry Flashcards

Question

# BYOD bring your own device

Answer 1

Security framework and tools to facilitate use of personally-owned devices to access corporate networks and data.

Answer 2

A type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack encrypted passwords.

Answer 3

An attack in which data goes past the boundary of the destination buffer and begins to corrupt adjacent memory. This can allow the attacker to crash the system or execute arbitrary code.

Answer 4

Reward scheme operated by software and web services vendors for reporting vulnerabilities.

Answer 5

Components and protocols that facilitate the centralized configuration and monitoring of mechanical and electrical systems within offices and data centers.

Answer 6

A systematic activity that identifies organizational risks and determines their effect on ongoing, mission-critical operations.

Answer 7

Agreement by two companies to work together closely, such as the partner agreements that large IT companies set up with resellers and solution providers.

Answer 8

Devices can be physically secured against theft using cable ties and padlocks. Some systems also feature lockable faceplates, preventing access to the power switch and removable drives.

Answer 9

A web page or website to which a client is redirected before being granted full network access.

Answer 10

🎮 What is a CTF? A Capture the Flag (CTF) is a cybersecurity competition where players or teams solve hacking challenges to find hidden "flags" — strings like flag{you_got_it}.

Answer 11

Duplicating a smart card by reading (skimming) the confidential data stored on it. Also known as skimming.

Answer 12

🧠 Definition: Data Carving is a forensic technique used to recover files from raw data, such as a hard drive or memory dump, without relying on a file system. Even if the file system is corrupted, deleted, or missing — data carving digs the fragments out anyway. 🧩 How It Works: Data carving searches for file signatures (magic numbers) — patterns that mark the start and end of known file types. For example: A JPEG starts with FFD8 and ends with FFD9 A PDF starts with %PDF and ends with %%EOF The tool scans the raw data and “carves out” matching chunks that look like complete files. 📦 Why It’s Used: Scenario Use of Data Carving File system is deleted/corrupted Still extract files Files have been deleted or wiped Recover remnants from unallocated space Digital forensics investigation Find hidden/stolen/exfiltrated files Malware analysis Extract payloads from memory or disk 🛠️ Tools That Do It: Scalpel Foremost Autopsy/Sleuth Kit PhotoRec ⚠️ Limitations: No filenames or paths — just raw file contents May return fragmented or incomplete files Can generate false positives Works best on non-fragmented file systems (like FAT) 🎯 TL;DR: Data Carving = CSI for your hard drive. Even if the file system is toast, we can still find that PDF hiding in the ashes.

Answer 13

Linux command to view and combine (concatenate) files. The cat command = concatenate – it's used to view, combine, or create text files in Unix/Linux. --- 🐱 TL;DR cat = quick way to display file contents or combine multiple files. --- 📖 Basic Usage Command What It Does cat file.txt Prints contents of file.txt to the screen cat file1 file2 Prints both files one after the other cat > newfile.txt Creates a new file by letting you type content (press Ctrl+D to save and exit) cat file1 file2 > combined.txt Combines two files into a new one cat >> file.txt Appends typed input to an existing file --- 🧪 Example cat hello.txt Output: Hello, world! cat file1.txt file2.txt > all.txt Combines both files into one.

Answer 14

A not-for-profit organization (founded partly by SANS). It publishes the well-known "Top 20 Critical Security Controls" (or system design recommendations).

Answer 15

🔑 What is a Certificate Authority? A Certificate Authority (CA) is a trusted third party that issues digital certificates to verify identity on the internet. Think of it as the passport office of the internet: > Just like a passport proves who you are, a digital certificate proves a website or user's identity. --- 📜 What does a CA do? 1. Verifies identity of a website, person, or organization. 2. Issues a digital certificate (often X.509 format). 3. Helps establish trust in secure communications (like HTTPS). --- 🌐 Where you see it: When you go to https://, your browser checks the website’s certificate. That cert is signed by a CA your browser already trusts. --- 🧪 Behind the scenes: Uses public key infrastructure (PKI). The certificate contains: The public key The domain/identity CA's signature Expiration date --- 🚨 What happens if a CA is compromised? Instant trust crisis. Browsers revoke trust, causing errors like: > "Your connection is not private."

Answer 16

A list of certificates that were revoked before their expiration date.

Answer 17

🧾 What is a CSR? A Certificate Signing Request (CSR) is a file you send to a Certificate Authority (CA) when you want them to issue you a digital certificate. It’s like filling out an application form for your website’s digital passport. --- 🧰 What’s inside a CSR? The CSR contains: Field Description Public key Used to encrypt/decrypt data Common Name (CN) The domain name (e.g., www.example.com) Organization info Company name, location, etc. Email (optional) Digital signature Made with your private key, to prove you own it ⚠️ Private key is not included — keep it secret, keep it safe! --- 🔐 How it works: 1. You generate a public/private key pair. 2. You create the CSR with your public key and info. 3. You send the CSR to a CA. 4. CA verifies your identity and signs your cert. 5. You get back an SSL/TLS certificate. > TL;DR: A CSR is like a digital application for a security certificate. You send it to a CA to prove ownership of a domain and request a signed cert. 🔑 Public key goes in the CSR. 🔒 Private key stays with you

Answer 18

The record of evidence history from collection, to presentation in court, to disposal.

Answer 19

Authentication scheme developed for dial-up networks that uses an encrypted three-way handshake to authenticate the client to the server. The challenge-response is repeated throughout the connection (though transparently to the user) to guard against replay attacks. --- 🧾 What is CHAP? CHAP is an authentication method used mostly in PPP (Point-to-Point Protocol) connections (e.g., dial-up, some VPNs). It’s like a password handshake with surprise quizzes to make sure you're still legit during a connection. --- CHAP = a challenge-response login protocol used in older network connections. Think: “You say you're Bob? Solve this random puzzle first... and again later.” ✅ Better than plain text ❌ Obsolete in modern systems due to MD5 weaknesses.

Answer 20

The process by which the need for change is recorded and approved.

Answer 21

The process through which changes to the configuration of information systems are implemented, as part of the organization's overall configuration management efforts.

Answer 22

The output of a hash function. Checksum A checksum is a quick math summary of a file to detect errors during transmission or storage. > Think: “Did I drop any bits on the way?” Like totaling up the values of ingredients to make sure nothing was missed. Fast and simple 🧮 Common: CRC32, Adler-32, MD5 (originally used like this) 🎯 Used for: Error checking, file integrity ❌ Not secure – attackers can easily fake a matching checksum checksum asks, “Did I drop something?” A hash asks, “Did someone sneak in and change something?” 🔧 Checksum = basic error check. 🔒 Hash = secure data fingerprint.

Answer 23

Linux command for managing file permissions. chmod = change mode – it's a command used in Unix/Linux to set permissions on files or directories. 🛠️ TL;DR chmod controls who can read, write, or execute a file. Permissions are set for: User (u) – the owner Group (g) – the group the file belongs to Others (o) – everyone else 🔢 Numeric Mode You’ll often see it like this: chmod 755 filename Each digit = permissions for user/group/others, based on this table: Permission Value read (r) 4 write (w) 2 execute (x) 1 So: 7 = 4+2+1 = read/write/execute 5 = 4+0+1 = read/execute

Answer 24

Enterprise mobile device provisioning model where employees are offered a selection of corporate devices for work and, optionally, private use.

Answer 25

An encryption mode of operation where an exclusive or (XOR) is applied to the first plaintext block 🔐 Cipher Block Chaining (CBC) CBC = a block cipher mode of operation that encrypts data one block at a time, but chains each block to the one before it to add security. --- 🧠 TL;DR: CBC makes each block depend on the previous one. This hides patterns and increases confidentiality.

Answer 26

A Layer 5 firewall technology that tracks the active state of a connection, and can make decisions based on the contents of network traffic as it relates to the state of the connection. A circuit-level stateful inspection firewall is a fancy term for a firewall that: > 🧠 Remembers your connections, 🛡️ protects your traffic, and 🕵️‍♂️ watches for sketchy behavior at the session level. --- 🛠️ TL;DR Circuit-level = Watches the session handshake (e.g., TCP 3-way handshake) Stateful inspection = Remembers and tracks the state of active connections It doesn’t look inside the packets deeply — it just watches the connection like a bouncer checking IDs and wristbands, not searching backpacks --- 📦 What It Checks: Layer Example Check OSI Layer 4 TCP handshake complete? OSI Layer 5 Is the session valid and allowed? Connection table Is this part of an existing conversation? --- 🧩 Example in Action 1. You connect to a website → TCP handshake happens. 2. Firewall sees a legit outbound connection → adds it to its state table. 3. The response traffic from the website is allowed because it matches a tracked session. 4. Unexpected or forged traffic? Blocked. / difference with forward proxy: 🧠 TL;DR: > Circuit-level stateful inspection firewall and forward proxy can behave similarly… But they’re not the same thing. They both intercept and inspect connections, but their goals, layers, and visibility are different. --- ⚙️ Circuit-Level Stateful Firewall Main job: ✅ Track and allow/refuse sessions based on rules ✅ Focus on network-layer + session-layer behavior ❌ Doesn’t look into data or content Use case: Block unauthorized traffic Only allow "legit" sessions (like only outbound TCP 443) --- 🌐 Forward Proxy Main job: ✅ Act as the user’s representative to the internet ✅ Optionally log/filter/modify content ✅ Hide user's IP Use case: Anonymize or restrict browsing Enforce web filtering Bypass geographic blocks

Answer 27

An organizational policy that mandates employee work areas be free from potentially sensitive information; sensitive documents must not be left out where unauthorized personnel might see them.

Answer 28

Think of it as a security guard for your cloud apps. --- 🧠 TL;DR: A CASB sits between your users and cloud services (like Google Workspace, Microsoft 365, Salesforce) to monitor, enforce, and secure cloud usage. --- 📦 What It Does Function Example 🕵️‍♂️ Visibility Who’s using which cloud apps, when, and how? 🛂 Access Control Enforce policies: block risky behavior (e.g., don’t upload sensitive files to Dropbox) 🔐 Data Security DLP: prevent sensitive data from being shared or leaked 🛡️ Threat Protection Detect malware, suspicious logins, shadow IT 📜 Compliance Help meet standards like HIPAA, GDPR, etc. 🧪 Analogy: > CASB is like airport security for your data flights: Scans your bags (files), checks your ID (user identity), and enforces rules before you can board (access the cloud).

Answer 29

Classifying the ownership and management of a cloud as public, private, community, or hybrid.

Answer 30

→ Provides security guidance to Cloud Service Providers (CSPs) and users → Publishes the Cloud Controls Matrix (CCM) and Enterprise Reference Architecture

Answer 31

Classifying the provision of cloud services and the limit of the cloud service provider's responsibility as software, platform, infrastructure,

Answer 32

A vendor offering public cloud service models, such as PaaS, IaaS, or SaaS. A cloud service model defines what type of services a cloud provider delivers to users — from raw infrastructure to complete apps. It’s all about what you're responsible for vs. what the provider manages.

Answer 33

Professional behavior depends on basic ethical standards, such as honesty and fairness. Some professions may have developed codes of ethics to cover difficult situations; some businesses may also have a code of ethics to communicate the values it expects its employees to practice. Also known as ethics.

Answer 34

Potentially unsecure programming practice of using code originally written for a different context.

Answer 35

Code signing is the digital signature applied to software or scripts to prove: Who published it (authenticity) That it hasn't been altered (integrity) It’s like a wax seal on a letter — it proves who sent it and whether someone tampered with it

Answer 36

A predetermined alternate location where a network can be rebuilt after a disaster.

Answer 37

A collector is a network appliance or software that gathers, processes, and stores data from other devices — typically for monitoring, logging, or analysis. ✅ TL;DR: Collector = Traffic sniffer + data organizer Gathers logs, flow data, or telemetry from routers, switches, firewalls, endpoints, etc.

Answer 38

In cryptography, the act of two different plaintext inputs producing the same exact ciphertext output.

Answer 39

Command and Control (C2) refers to the communication link between a threat actor and a compromised system. It’s how attackers issue commands, receive stolen data, and maintain control over infected devices. C2 = Hacker’s remote control panel Let’s the attacker send instructions and receive data from compromised hosts (a.k.a. zombies or bots). 🔍 How It Works: Initial Compromise – Malware is installed on the victim’s system. C2 Beaconing – The infected host phones home (e.g., every 10 mins). C2 Link Established – Secure tunnel or stealthy protocol. Attack Continues – Attacker can exfiltrate data, move laterally, or trigger payloads.

Answer 40

The Common Access Card (CAC) is a smart card issued by the U.S. Department of Defense (DoD) to: Active-duty military personnel Reserve members DoD civilian employees Contractors It provides physical access to DoD facilities and logical access to DoD computer systems and networks. ✅ TL;DR: CAC = U.S. military ID + smart chip for secure computer access Used for authentication, digital signatures, and encryption 🧩 What's on the CAC? Feature Purpose 🛂 Personal info Name, rank, branch, DoD ID number 🔐 Smart chip Stores certificates for PKI functions ✍️ Digital certificates For signing and encrypting emails 📎 Barcode & photo For visual ID and scanning 🧱 CAC in Security+ Context: Part of multi-factor authentication: Something you have (CAC) + something you know (PIN) Supports PKI-based systems Used in federal government security models Helps enforce least privilege and non-repudiation

Answer 41

📛 What Is Common Name (CN) in X.500? The Common Name (CN) is a key attribute in the X.500 directory standard, used to identify a specific entity (like a user or server) in a distinguished name (DN) — a unique identifier used in digital certificates and LDAP directories. ✅ TL;DR: Common Name (CN) = The human-readable name of the object (e.g., a person or a domain name) Part of a larger Distinguished Name (DN) in X.500-style naming. Security+ Relevance: CN is part of PKI structure (Public Key Infrastructure) Used in certificate validation Critical in mutual TLS authentication Related to certificate spoofing if improperly validated

Answer 42

CVE = Common Vulnerabilities and Exposures 🛠️ TL;DR: A CVE is like a bug bounty ID tag for a security flaw. It's a unique identifier for a known cybersecurity vulnerability. Example: CVE-2023-23397 refers to a Microsoft Outlook vulnerability that allowed privilege escalation via calendar invites. --- 🔍 What It Really Means: Term Meaning Common Shared across organizations Vulnerability A weakness in software/hardware Exposure A configuration issue that may not be a bug, but still poses risk --- 🧩 CVEs Include: A CVE ID (like a serial number) A brief description A reference to patches, fixes, or advisories A severity score (often via CVSS – Common Vulnerability Scoring System) Example Breakdown: CVE-2021-44228 Year: 2021 Unique ID: 44228 This is the infamous Log4Shell vulnerability (Apache Log4j) Allowed remote code execution (RCE) Affected millions of apps worldwide

Answer 43

A risk management approach to quantifying vulnerability data and then taking into account the degree of risk to different types of systems or information.

Answer 44

A cloud that is deployed for shared use by cooperating tenants. A community cloud is a cloud deployment model shared by multiple organizations with common goals, policies, or compliance requirements — such as security, mission, or industry regulations. ✅ TL;DR: Community Cloud = Cloud shared by a group with similar needs Not open to the public, but not private to just one org either Hosted on-prem or by a third party 🧱 Key Characteristics: Feature Description 👥 Shared use Used by multiple organizations (e.g., same industry or mission) 🎯 Common purpose Built around shared compliance, security, or business goals 🛠️ Joint management Can be managed by the orgs, a third party, or both 🔐 Restricted access Not open to general public or unrelated users 🧠 Real-World Analogy: Think of a private coworking space shared by law firms: They all need the same physical security, confidentiality, and legal resources — so they share costs and governance.

Answer 45

A security measure that takes on risk mitigation when a primary control fails or cannot completely meet expectations.

Answer 46

An image of text characters or audio of some speech that is difficult for a computer to interpret. CAPTCHAs are used for purposes such as preventing bots from creating accounts or submitting forms.

Answer 47

The fundamental security goal of keeping information and communications private and protecting them from unauthorized access.

Answer 48

The three principles of security control and management. Also known as the information security triad. or AIC triad.

Answer 49

A type of virtualization applied by a host operating system to provision an isolated execution environment for an application. 📦 What Is Containerization? Containerization is a lightweight form of virtualization that packages an application and everything it needs to run — code, libraries, dependencies — into a single, portable unit called a container. ✅ TL;DR: Container = App + all its stuff, packed into a neat, portable box Runs consistently on any system that supports containers (like Docker) 🧱 Key Features: 🧬 Isolated - Runs independently from other apps and the host OS 🚚 Portable - “Build once, run anywhere” — from dev to production ⚡ Lightweight - Shares the host OS kernel — uses fewer resources than VMs ⚙️ Fast startup - Containers launch in seconds, not minutes 🔁 Scalable - Ideal for microservices and cloud-native deployments 🧠 Real-World Analogy: Imagine a shipping container: It doesn't matter whether it's on a truck, train, or ship — it’s self-contained and standardized, so it works anywhere.

Answer 50

A content filter is a security tool that blocks or restricts access to certain types of content based on predefined rules — typically to prevent exposure to malicious, inappropriate, or non-work-related material. 🔐 Security+ Relevance: Mitigates social engineering (e.g., phishing websites) Helps prevent malware downloads Enforces acceptable use policies (AUPs) Supports data loss prevention (DLP)

Answer 51

🧠 What Is Context-Aware Authentication? Context-aware authentication (also called adaptive authentication) adjusts the authentication process based on contextual information — like where, when, how, and from what device the user is trying to log in. ✅ TL;DR: Context-aware auth = Smart login system It decides if extra verification is needed based on suspicious or unusual conditions 🧱 What It Checks (the “context”): Context Signal Example Scenario 📍 Location Logging in from a foreign country ⏰ Time of access Login attempt at 3 AM when user usually works 9–5 🖥️ Device type New laptop or unrecognized phone 🌐 IP address Suspicious or blacklisted IP 📶 Network type Public Wi-Fi vs secure corporate network ⚙️ User behavior Unusual patterns or too many failed attempts 🧠 Real-World Analogy: Imagine your bank says: “You always log in from Missouri on a Windows PC at 8 PM — but now you're in Romania on an iPhone at 3 AM. Prove it’s you.” So it asks for extra MFA (like a code or fingerprint) just in case.

Answer 52

Continuous Delivery is a software development practice where code changes are automatically built, tested, and prepared for release to production at any time — with minimal manual intervention. ✅ TL;DR: Continuous Delivery = Always ready to deploy Code goes through automated testing & staging so it’s production-ready at all times. 🧱 Key Features of Continuous Delivery: Feature Benefit 🔁 Automated testing Catch bugs early 🏗️ Automated builds Fast, consistent packaging 🚦 Staging environment Final review area before release 🧑‍💻 Manual approval step Gives control over live releases 🧪 Difference vs. Continuous Deployment: Concept Deployment to Production Continuous Delivery Manual trigger Continuous Deployment Automatic after all tests pass

Answer 53

Software development method in which app and platform updates are committed to production rapidly. Continuous Deployment is a DevOps practice where every code change that passes automated tests is automatically pushed to production — no human approval required. ✅ TL;DR: Continuous Deployment = Fully automated go-live If the code passes tests, it deploys automatically to users. No staging, no manual review. Everything is automated. No stop at “manual approval.” 🧠 Real-World Analogy: Think of a high-speed pizza robot kitchen: The moment a pizza is fully baked and passes inspection, it’s boxed and shipped — no human touches it after the oven. 🔐 Security+ & DevSecOps Angle: Great for patching vulnerabilities quickly Requires strong automated security testing Increases speed, but must balance security + monitoring

Answer 54

Continuous Integration (CI) is a DevOps development practice where developers frequently merge code into a shared repository — and automated builds and tests are run immediately to catch problems early. ✅ TL;DR: Continuous Integration = Test every change, early and often Ensures that new code doesn’t break existing code and is always in a workable state. 🧠 Real-World Analogy: Imagine a giant group project where everyone adds parts to the same machine every few hours — CI makes sure each new piece fits perfectly before it’s bolted on.

Answer 55

Continuous Monitoring is a security and operations practice where systems, networks, and applications are constantly observed for signs of: Unauthorized access Performance issues Vulnerabilities Configuration drift Compliance violations It’s about real-time awareness and automated response. ✅ TL;DR: Continuous Monitoring = Always watching, always alert Helps detect threats, misconfigurations, or failures before they become disasters.

Answer 56

Control risk refers to the likelihood that existing security controls will fail to detect, prevent, or correct a threat or vulnerability — allowing a harmful event to occur. ✅ TL;DR: Control Risk = Risk that your defenses won’t work as expected Even with controls in place, there’s a chance they miss something or fail under pressure.

Answer 57

A Controller Area Network (CAN) bus is a robust, real-time communication system that allows microcontrollers and devices to communicate with each other without a host computer, commonly used in automotive and industrial systems. ✅ TL;DR: CAN Bus = In-vehicle communication highway Allows components like brakes, engine, and airbags to talk to each other instantly and reliably 🧱 Key Characteristics: Feature Description 🔗 Multi-master system All nodes can send and receive data ⚙️ No central controller Communication is peer-to-peer ⚡ Fast and real-time Speeds up to 1 Mbps (CAN FD goes even higher) 🔁 Message-based Devices send messages to the network, not directly to each other 🛡️ Error detection Built-in mechanisms to check and handle errors 🧠 Real-World Analogy: Imagine a group chat between all car components. Instead of whispering to each other directly, everyone broadcasts messages into the room, and only the relevant listeners act on them. 🚙 Where You’ll Find It: Industry Use Case Automotive Engine control, airbags, windows, sensors Industrial Factory robots, assembly line machines Aerospace Avionics and flight control systems Medical devices Communication between sensors and mon 🔐 Security Concerns: Issue Risk 🕵️ No built-in encryption Easy to eavesdrop with physical access 🎯 Broadcast model One compromised node can affect the whole bus 🔄 Spoofed messages Fake brake or airbag commands if not validated Used in vehicle cybersecurity topics (e.g., CAN injection attacks, car hacking).

Answer 58

COBO is a mobile device deployment model where the device is: Owned by the company Used only for work-related purposes Fully managed and locked down by IT 📱 Key Features of COBO: Feature Description 🧾 Company-owned - Purchased and issued by the organization 🚫 No personal use - Restricted to approved business apps and functions 🛠️ Fully managed - IT controls settings, software, and usage policies 🔒 Highly secure - Ideal for regulated or high-security environments 🛡️ Security+ Relevance: Benefit How It Helps 🔐 High security posture No personal apps = reduced attack surface 📋 Policy enforcement Easier to enforce encryption, MDM, patching 🧑‍⚖️ Compliance ready Ideal for industries with strict regulations 🚫 Data segregation No personal/work data mixing

Answer 59

Enterprise mobile device provisioning model where the device remains the property of the organization, but certain personal use, such as private email, social networking, and web browsing, is permitted.

Answer 60

A corrective control is a type of security control that activates after a security incident has occurred — its job is to fix the problem, limit the damage, and restore systems to normal operations. of security control that acts after an incident to eliminate or minimize its impact.

Answer 61

Function of log 🔍 What Is Correlation in Log Analysis? Correlation in log analysis means linking events from different systems or sources to identify patterns, security incidents, or system issues that would be invisible if each log were reviewed in isolation. ✅ TL;DR: Correlation = Connecting the dots between logs that links log and state data to identify a pattern that should be logged or alerted as an event.

Answer 62

An encryption mode of operation where a numerical counter value is used to create a constantly changing IV. Counter Mode (CTR or CTM) is a block cipher mode of operation that turns a block cipher into a stream cipher by encrypting a sequence of incrementing counter values, then XORing the result with the plaintext to get the ciphertext. 🔄 How It Works: Generate a nonce (number used once) + a counter value. Encrypt the nonce+counter using the block cipher (e.g., AES). XOR the encrypted output with the plaintext to get ciphertext. Increment the counter, repeat for the next block. ➡️ Same process for decryption (XOR again with same keystream). 🧱 Key Features of CTR/CTM Mode: Feature Description ⚡ Fast - Allows parallel encryption/decryption (no chaining) 🔁 Symmetric operation - Same process for encryption & decryption 🎯 Stream-like - Great for encrypting variable-length data ❗ Nonce is critical - Reusing a nonce = catastrophic vulnerability 📦 Use Cases: High-speed bulk encryption Encrypting data in real time (e.g., VPNs, disk encryption) Applications that benefit from parallel processing _____ 🎯 Goal: You want to send a secret message: “HI” --- 🔐 Step 1: You and your friend share a secret key Let’s say your “lockbox” (AES) needs a secret key to work. Both of you know it ahead of time. --- 🔢 Step 2: You start a counter You agree to start with the number 1, and count up from there for each letter. --- 🧃 Step 3: You turn the counter into secret sauce (this is the "scrambled version") Here’s the trick: Instead of scrambling the message directly, you scramble the number 1 using your secret lockbox (AES + key). This gives you something random-looking, like: 🔐 "Z" This Z is now your keystream letter — you haven’t touched your real message yet. --- ✖️ Step 4: Mix the keystream with your message using XOR Your first message letter is "H". Now you combine "H" and "Z" using a rule called XOR (basically a rule that mixes letters based on their bits). The result is a new encrypted letter, let’s say: "K" --- 🔁 Step 5: Repeat for the next letter Increase the counter to 2 Scramble 2 → you get keystream letter "Y" Your message letter is "I" XOR "I" with "Y" → encrypted letter "N" --- 📬 Final Encrypted Message: “KN” You send "KN" to your friend. --- 🔓 How your friend decrypts it: 1. They use the same key 2. They start with counter = 1, scramble it → get "Z" 3. They XOR "K" with "Z" → get back "H" 4. Do the same with "N" and counter = 2 → get back "I" --- 🧠 Why this works: You’re using the block cipher (AES) to scramble predictable numbers (the counters) That scrambled output becomes a disposable key for each part of your message Since the counters go in order (1, 2, 3...), and the key never changes, your friend can recreate the exact same scrambled letters on their end XOR makes it all reversible --- TL;DR: > You scramble numbers like 1, 2, 3 with your secret key to get fake letters (keystream). Then you mix each of those with your message to hide it. Your friend uses the same key and same numbers to reverse the process.

Answer 63

An encryption protocol used for wireless LANs that addresses the vulnerabilities of the WEP protocol. --- What is CCMP? CCMP = Counter Mode with Cipher Block Chaining Message Authentication Code Protocol Yeah, it’s a mouthful. But here’s the simple version: > CCMP is the security system used in modern Wi-Fi (WPA2 and WPA3) to keep your wireless data private and tamper-proof. --- 🧠 Plain English Breakdown: Term What it Means Counter Mode (CTR) Encrypts your data in blocks by scrambling a counter number (you just learned this!) CBC-MAC Adds a Message Authentication Code (MAC) to detect tampering — like sealing a letter with a wax stamp Protocol Just means it's a set of rules that define how to do the encryption and authentication securely --- 🔐 What does CCMP protect? 1. Confidentiality — hides your data using AES in CTR mode (so no one can read your Wi-Fi traffic) 2. Integrity — uses CBC-MAC to detect if someone messed with the data 3. Replay Protection — counters stop hackers from re-sending old packets to trick your system --- 🏠 Where is CCMP used? WPA2-Personal (WPA2-PSK) WPA2-Enterprise WPA3 Basically: If you're using modern Wi-Fi, you’re using CCMP — it replaced the older, broken TKIP. --- TL;DR: > CCMP is the modern Wi-Fi bodyguard — it encrypts your data using AES and checks every message to make sure it hasn’t been tampered with.

Answer 64

🤖 What Is Credential Stuffing? Credential stuffing is a type of brute-force attack where an attacker takes username-password pairs stolen from one site and tries them on other websites — hoping the user reused the same credentials. ✅ TL;DR: Credential Stuffing = “Let’s see if this stolen login works anywhere else.” Uses real usernames + real passwords, just not necessarily for the site being attacked. 🧠 Real-World Analogy: A thief finds a key labeled "Apartment 7". Instead of trying to break into Apartment 7, they just go down the street trying that key on every other door. 🛡️ How to Defend Against It (Security+ Level): Control Description 🔐 Multi-Factor Authentication (MFA) Even if creds work, attacker can’t get in 🔄 Credential hygiene Don’t reuse passwords — use a password manager 📊 Behavioral analysis Monitor for odd logins (geo, IP, device) 🚧 Rate limiting / throttling Slow down login attempts 📵 Block known bad IPs Use threat intelligence feeds 🔍 Dark web monitoring Know when your org’s creds are leaked 🔐 Related Concepts: Term Description Password spraying One password, many users Brute-force Tries all possible passwords Dictionary attack Tries passwords from a known list Credential stuffing Real creds, wrong site

Answer 65

Biometric evaluation factor expressing the point at which FAR and FRR meet, with a low value indicating better performance. 🎯 What is the Crossover Error Rate (CER)? The Crossover Error Rate, also called Equal Error Rate (EER), is a single number that tells you how accurate a biometric system is (like fingerprint scanners, facial recognition, retina scans, etc.). --- 🧠 CER is where two kinds of mistakes are equal: 1. False Acceptance Rate (FAR) > The system wrongly accepts an imposter as legit ("You’re not the real user, but I let you in") 2. False Rejection Rate (FRR) > The system wrongly rejects the real user ("You're the real user, but I don't believe you") 🔁 The CER is the point where FAR = FRR. --- 📉 Imagine Two Lines Crossing: One line shows how often imposters get in (FAR) One shows how often real users get blocked (FRR) As you adjust the system’s strictness, these lines move Where they cross? That’s the CER > 📌 The lower the CER, the better the biometric system. --- 🧪 Analogy: Imagine a nightclub bouncer with facial recognition goggles: If he’s too strict, real VIPs get denied (high FRR) If he’s too relaxed, fakes sneak in (high FAR) The Crossover Error Rate is the point where he messes up equally in both ways — and that tells us how reliable he is overall. --- TL;DR: > CER = where a biometric system’s false accepts and false rejects are equal. Lower CER = more accurate system.

Answer 66

A malicious script hosted on the attacker's site that can exploit a session started on another site in the same browser. Also known as client-side request forgery or CSRF.

Answer 67

What is XSS? > Cross-Site Scripting (XSS) is when a hacker sneaks malicious scripts (usually JavaScript) into a website so that other users unknowingly run that script in their browsers. --- 🧠 Think of it like this: > You go to a public bulletin board (a website) and post a harmless message. A hacker goes to that same board and posts a message that secretly says: “When someone reads this, run a script to steal their cookies.” Now, anyone who reads that message runs the malicious code in their browser — without knowing it. --- 🔍 Why it’s dangerous: It can steal session cookies, letting attackers hijack user accounts. It can redirect users to fake login pages (phishing). It can deface the site or trick users into clicking malicious content.

Answer 68

Crypto Erase is a data sanitation method that securely deletes data by detroying the encryptions keys used to protect it. That makes the data unreadable and unrecoverable: if that is still on the disk, it is meaningless ciphertext.

Answer 69

🧠 **Definition: Cuckoo** is an open-source automated malware analysis system that runs suspicious files in a virtualized environment (sandbox) and monitors what they do. Basically: “Let’s see what this sketchy file does when we lock it in a fake room and hit ‘Play.’” 🧪 What It Does: Cuckoo analyzes: Executables (.exe) PDFs, Office docs, scripts URLs, emails, even Android APKs 🧰 Output You Get: Human-readable report (HTML, JSON, etc.) Indicators of Compromise (IOCs) Network dumps (PCAP) Screenshots of malware in action Behavioral logs and timelines 🔐 Why It’s Important: Safe way to analyze unknown or suspicious files Helps reverse engineers, incident responders, threat hunters Can identify payloads, dropper behavior, C2 domains, etc. 🏗️ How It Works (Simplified): You submit a file. Cuckoo runs it inside a VM (Windows/Linux/Android). It monitors system behavior and logs everything. You get a detailed report of what happened. 🛡️ TL;DR: Cuckoo = “Malware daycare with security cameras.” You throw the suspicious file in, let it misbehave, and document everything it does in a safe sandbox.

Answer 70

🔍 What is curl? > curl stands for Client URL. It’s a command-line tool used to send and receive data from or to a URL, using protocols like HTTP, HTTPS, FTP, and more. --- 🧠 Plain English: > "curl is like opening a browser tab with your keyboard — you tell it what URL to go to and what to do there." --- 🛠️ Common Uses: Task Example 🔎 Get a web page curl https://example.com 📄 Save output to file curl -o page.html https://example.com 🚪 Send a POST request curl -X POST -d "name=Sev" https://api.site.com/form 🔑 Use API key or auth curl -H "Authorization: Bearer TOKEN" https://api.site.com/data 💬 Send JSON curl -X POST -H "Content-Type: application/json" -d '{"name":"Alpine"}' https://api.site.co 🎯 TL;DR: > curl is a versatile, text-based way to talk to websites and APIs. You can use it to test, download, upload, and debug web requests — all from the terminal.

Answer 71

The process of investigating, collecting, analyzing, and disseminating information about emerging threats and threat sources. Also known as threat intelligence.

Answer 72

🧠 Definition: Data at rest refers to any data stored on a device or medium that is not actively moving across a network. If it’s just sitting there — on a hard drive, SSD, USB stick, cloud storage, etc. — it’s data at rest.

Answer 73

When confidential or private data is read, copied, or changed without authorization. Data breach events may have notification and reporting requirements.

Answer 74

🧠 What is a Data Controller in data regulation? > A Data Controller is the person or organization that decides: What personal data is collected Why it’s collected How it will be used --- 🔍 Plain English: > A data controller is like the boss of personal data. They make the decisions about the purpose and means of processing the data. --- 📚 Used in: GDPR (General Data Protection Regulation – EU) UK Data Protection Act Other privacy frameworks --- 🧱 Responsibilities: Duty What it means ✅ Lawful basis Have a legal reason to collect/process data 📄 Transparency Tell users what’s being done with their data 🔐 Security Protect data from breaches or misuse 🗑️ Data minimization Don’t collect more than you need 🧽 Right to erasure Respect requests to delete personal data

Answer 75

🧠 What is a Data Custodian? > A Data Custodian is the person or team responsible for the safe storage, transport, and maintenance of data — but they don’t decide how or why the data is used. --- 🧹 Plain English: > A data controller says, "This is what data we collect and why." A data custodian says, "Got it — I’ll store and protect it." --- 🧱 Key Responsibilities: Task What it Means 💾 Data storage Ensures data is properly stored (e.g., databases, backups) 🔐 Security Applies controls like encryption, access permissions ♻️ Backups & recovery Maintains data availability and disaster recovery plans 🧼 Integrity & cleanliness Ensures data is accurate and uncorrupted 🧑‍💻 Technical enforcement Implements policies set by data owners/controllers --- 🧑‍🤝‍🧑 Compared to Others: Role What They Do Data Controller Decides what data is collected and why Data Processor Handles data for the controller (often external) Data Custodian Protects, stores, and manages data (often internal IT/security) > 💡 Analogy: The controller is the librarian choosing which books to collect. The custodian is the shelver/security team ensuring books are safe, organized, and available. --- 🧠 TL;DR: > A data custodian is the technical guardian of data — making sure it’s secure, available, and properly handled, but not deciding its purpose.

Answer 76

🕵️‍♂️ What is Data Exfiltration? > Data exfiltration is when sensitive data is stolen from a system and sent out to an unauthorized party — often secretly and without the victim knowing. --- 🧠 Plain English: > It’s like a thief sneaking sensitive documents out of a building, hiding them in their coat. In cyber terms, that “coat” might be: A hidden email A covert file transfer An encrypted message over a legit-looking connection

Answer 77

🔓 What is Data Exposure? > Data exposure happens when sensitive or private data is accidentally made accessible to unauthorized people — without necessarily being stolen. --- 🧠 Plain English: > It’s like leaving confidential files on a public bench — no one may have taken them yet, but they were left out where anyone could see.

Answer 78

🧭 What is Data Governance? > Data governance is the framework for how an organization manages, protects, and uses its data — to ensure it’s accurate, secure, consistent, and used properly. --- 🧠 Plain English: > It’s like setting the rules and responsibilities for how everyone handles and takes care of the company's data — from creation to deletion.

Answer 79

🧠 Definition: Data in processing refers to data that is actively being used, read, modified, or computed by a system. Think of it as: the moment your computer is actually doing something with the data. 🖥️ Where It Happens: RAM (Random Access Memory) CPU registers Application memory space Cloud compute environments 🔐 Security Challenges: Data in processing is often unencrypted while it's being used. That makes it vulnerable to: Memory scraping (e.g., malware scanning RAM) Side-channel attacks (e.g., Meltdown, Spectre) Insider threats (accessing in-memory data) Process injection attacks 🛡️ Protection Methods: Technique What It Does Trusted Execution Environments (TEEs) Isolate sensitive data (e.g., Intel SGX) Homomorphic encryption Enables computing on encrypted data (rare, resource-heavy) Access control & auditing Track who’s using what data Secure coding practices Prevent memory leaks and exploits ⚖️ Compared to Other Data States: State Description Example At Rest Stored and inactive File saved on disk In Transit Moving from one place to another Email being sent In Processing Being actively used or changed App editing a photo in memory 🧠 TL;DR: Data in Processing = “Live data doing live work.” It’s vulnerable in memory and needs real-time protection.

Answer 80

🧠 Definition: Data in transit refers to data actively moving between systems, devices, or networks — whether across the internet, a private network, or between components in the cloud. If it’s traveling, it’s data in transit. 🔐 Risks While in Transit: Eavesdropping (e.g., sniffing network traffic) Man-in-the-middle (MitM) attacks Session hijacking Data tampering or injection 🛡️ How to Protect Data in Transit: Method - Description Encryption (TLS/SSL, IPsec) - Protects data from being read/tampered VPNs - Secures data through encrypted tunnels HTTPS - Encrypts web traffic Secure email protocols - S/MIME, PGP Network segmentation/firewalls - Control and monitor traffic

Answer 81

A software solution that detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks.

Answer 82

🧠 Definition: Data masking is the process of hiding real data by replacing it with fake but realistic-looking values — so it can be safely used in non-secure environments like development, testing, or training. You get the shape of the truth, not the actual truth. 📋 Example: Real Data (Production) Masked Data (Testing/Dev) John Smith, SSN: 123-45-6789 Jake Adams, SSN: 987-65-4321 Visa 4111-1111-1111-1111 Visa 5555-2222-3333-4444 🛠️ How It Works: Data masking can be: Static – Done once before copying to another environment (e.g., dev server) Dynamic – Masked on-the-fly as users access data (used for live systems) Masking techniques include: Technique Description Substitution: Replace real values with fake ones Shuffling Mix: real data within a column Nulling: out Replace with null or blanks Data variance: Slightly change numeric values Encryption: Use reversible encryption (rare for masking) 🔐 Why Use It? Benefit Purpose Protect: sensitive data Avoid exposure of real PII, PHI, etc. Enable: testing/dev safely Use realistic data without the risk Regulatory compliance: Meets GDPR, HIPAA, PCI-DSS requirements Reduce insider threat: No need to expose real production data 🚫 What It’s Not: ❌ Encryption: Encryption is reversible with a key. ❌ Tokenization: Tokenization maps real data to a token via a secure lookup. Data masking is **irreversible by design** — it's meant to obscure, not recover. 🧠 TL;DR: Data Masking = Real-looking fake data Great for devs. Useless for hackers.

Answer 83

🧠 Definition: Data minimization is the principle of collecting, using, and storing only the minimum amount of personal data necessary to achieve a specific purpose. If you don’t need it, don’t ask for it. If you don’t use it, don’t keep it. 🔐 Core Idea: Reduce privacy risk by limiting: What you collect How long you keep it Who has access Where it’s stored 📋 Example: Bad Practice Better Practice Asking for Social Security numbers on a newsletter signup Just collect name and email Keeping full user profiles of inactive accounts forever Delete or anonymize after 12 months Logging full IP addresses for basic analytics Use anonymized or truncated IPs 🛡️ Why It Matters: Benefit Why It's Important Reduces attack surface Less data = less to steal or leak Improves compliance Required under GDPR, CCPA, etc. Builds user trust Shows you value privacy Easier data management Fewer headaches for audits or cleanup ⚖️ Key Principles (GDPR-Inspired): Purpose Limitation: Collect data only for a clear, legitimate reason Data Minimization: Only the necessary data, no extras Storage Limitation: Don’t keep it longer than needed

Answer 84

🧠 Definition: A Data Owner is the person or role ultimately responsible for a set of data—its accuracy, security, usage, compliance, and access. Think of them as the "data landlord": they don’t necessarily manage every detail, but they make the rules. (executive) role with ultimate responsibility for maintaining the confidentiality, integrity, and availability of an information asset.

Answer 85

🧠 Definition: A Data Privacy Officer (DPO) is the person responsible for ensuring an organization handles personal data in compliance with data protection laws (like GDPR, HIPAA, or CCPA). Think of the DPO as your internal privacy watchdog — they protect individuals’ data rights and keep the organization legally and ethically aligned.

Answer 86

In privacy regulations, an entity trusted with a copy of personal data to perform storage and/or analysis on behalf of the data collector.

Answer 87

🧠 Definition: Data remnants are residual pieces of data that remain on storage devices after deletion, reformatting, or reimaging — often still recoverable unless properly wiped. You deleted the file, but the ghost of it is still lingering on the drive.Leftover information on a storage medium even after basic attempts have been made to remove that data. Also known as remnant.

Answer 88

🧠 Definition: Data sovereignty is the concept that data is subject to the laws and governance of the country where it is physically stored. If your data lives on a server in France, it's subject to French law — no matter where you are. 🌍 Why It Matters: Governments can enforce local privacy, surveillance, or access laws on data stored within their borders. Organizations must comply with regional regulations, even when using cloud services. 📋 Example: Situation Implication A U.S. company stores EU customer data in Germany Must follow GDPR Canadian health data is stored on U.S. cloud servers May be accessed under U.S. Patriot Act An Australian user’s data is mirrored in Singapore Could be subject to Singaporean privacy laws

Answer 89

🧠 Definition: A Data Steward is a person responsible for the day-to-day management and quality of data within an organization — ensuring it’s accurate, consistent, usable, and trusted. If the Data Owner is the landlord, the Data Steward is the property manager: they keep things organized, clean, and compliant. 🛠️ Core Responsibilities: Task Description Ensure data quality Fix duplicates, errors, and inconsistencies Apply data standards Enforce naming conventions, formats, and rules Monitor metadata Keep track of data definitions and attributes Support data governance Collaborate with data owners and custodians Manage lifecycle Ensure data is archived or deleted when appropriate Document data Create and maintain data dictionaries and catalogs 🔄 Key Difference from Other Roles: Role Focus Authority Data Owner Policy, risk, and access High Data Steward Data quality and usability Moderate Data Custodian Infrastructure and backups Operational

Answer 90

DHCP stands for Dynamic Host Configuration Protocol. 🧠 What it does (in plain terms): DHCP automatically gives devices on a network the info they need to connect — like handing out IP addresses, subnet masks, default gateways, and DNS server addresses without the user having to configure anything. 📦 Example: You bring your phone to a coffee shop → it joins the Wi-Fi → the DHCP server says: “Here’s your IP address (192.168.1.42), subnet mask, gateway, and DNS info. You’re good to go!” No manual setup needed. ---------- Imagine you walk into your favorite café (real network). Normally, the real barista (DHCP server) hands you: a table number (IP address), the Wi-Fi password (gateway), and the menu (DNS info). But today… There’s a fake barista standing near the counter. He jumps in first and says: “Oh hey! Sit at table 666, use this menu, and all your orders go through me!” That’s rogue DHCP in action. 🍳 So what’s DHCP Snooping? It’s the real manager saying: “Only my staff can take orders. Anyone else handing out tables or menus gets thrown out.” 🧠 Bottom line: Proofing = pretending to be legit to trick devices Rogue DHCP = pretending to be the network authority DHCP Snooping = the switch enforces trust and blocks the imposters

Answer 91

The dd command is a low-level data copying and conversion tool for Unix/Linux systems. Think of it as a digital scalpel — powerful, precise, and dangerous if misused. 🧠 TL;DR: dd stands for "dataset definition" or jokingly "destroy disk" (because one typo can wipe your system 😱).

Answer 92

An attack that uses multiple compromised hosts (a botnet) to overwhelm a service with request or response traffic.

Answer 93

Code in an application that is redundant because it will never be called within the logic of the program flow. ⚠️ Why Dead Code Is Bad: Wastes memory and processing time Clutters the codebase (makes maintenance harder) Might confuse future developers (including future you) Can hide bugs ✅ How to Deal With It: Use linters (e.g., flake8, pylint, eslint) Static analysis tools (e.g., Vulture for Python) Refactor and delete with confidence (use version control!) 🧪 Bonus Metaphor: Dead code is like keeping expired groceries in the fridge. They’re not doing anything, and eventually, they just stink up the whole place. Want help finding dead code in a specific snippet? Paste it and I’ll analyze it for you.

Answer 94

Spoofing frames to disconnect a wireless station to try to obtain authentication data to crack. -- Deauthentication and disassociation are two ways to forcibly kick a device off a Wi-Fi network — and they play a big role in wireless attacks and network management. 💥 TL;DR: Term What it does Layer Use case Disassociation Breaks the connection Layer 2 Graceful kick from AP Deauthentication Breaks the authentication Layer 2 Full boot + re-auth needed 🔍 What’s the Difference? Disassociation: Says: “We're no longer connected.” The device stays authenticated but isn’t associated with the AP anymore. Kind of like: “You’re still a member, but you’ve been logged out.” Deauthentication: Says: “You're no longer allowed here.” The device must re-authenticate from scratch. It’s harsher — like the network saying: "Get out and show your ID again if you want back in." 🧠 Why It Matters (Security Context): Both types of frames are: Unencrypted Spoofable Exploitable Attackers can use deauth/disassoc frames to: Knock users offline (DoS) Force reauthentication (for evil twin or handshake capture attacks) Make people reconnect to a rogue AP (Man-in-the-Middle setup) 🧪 Example Tools: aireplay-ng → sends deauth frames to grab handshake data. mdk4 or wifijammer → perform mass deauth attacks. 🧯 Protection: 802.11w (Management Frame Protection): encrypts/disables spoofable management frames. Modern WPA3 routers usually support it, but it’s still not universally adopted.

Answer 95

🔍 Deception Make the attacker think they’re winning… while you’re watching every step they take. In cybersecurity, deception = misdirection. It involves planting fake assets, services, or vulnerabilities to lure attackers into traps or delay them. Examples: Honeypots: Fake servers/services designed to look juicy to an attacker. Honeynets: Entire fake networks to observe attacker behavior. Decoy credentials or canary tokens: If used, they instantly alert defenders. Deceptive DNS entries or unused subdomains: Meant to catch scanning bots. Think of it like rigging a fake vault with a camera inside while the real treasures are hidden elsewhere. 🧨 Disruption Once you know where they are — cut the power, burn the bridge, yank the signal. Disruption is all about interrupting malicious activity, ideally without the attacker even knowing you’ve detected them. This can involve: Kicking attackers out or blocking their IPs. Isolating infected endpoints from the network. Triggering auto-recovery or failover systems to shut down attacks. Deploying countermeasures like rate-limiting, alerts, or endpoint protection rules. 🎯 In Practice Together, deception and disruption are often used in active defense or cyber threat hunting operations. The goal isn’t just to block attacks—it’s to observe, understand, and sabotage the enemy’s playbook. Imagine: A threat actor steals what they think are admin credentials. They try to use them on a decoy server. You’re notified. While they fumble around, you cut off their real access. You now know their IP, malware tools, and tactics. That's not just security. That's cyberjudo.

Answer 96

Default administrative and guest accounts configured on servers and network devices are possible points of unauthorized access.

Answer 97

🎯 Defense in Depth “Don’t put all your trust in a single moat. Build moats, walls, archers, traps, and secret tunnels with dragons.” 🛡️ What Is It? Defense in Depth (DiD) is a cybersecurity strategy that uses multiple layers of security controls to protect data, systems, and networks. The idea: if one layer fails, another stands in the way.

Answer 98

The process of rendering a storage drive inoperable and its data unrecoverable by eliminating the drive's magnetic charge.

Answer 99

In data 🔐 Deidentification “Scrub the fingerprints. Burn the name tag. Hide the trail — but keep the data.” 🧬 What Is It? Deidentification is the process of removing or obscuring personal identifiers from data so individuals can’t be readily identified. Used heavily in: 🏥 Healthcare (HIPAA compliance) 🔍 Research 🧪 Data science / AI 🔐 Privacy regulations (GDPR, CCPA) 🧹 Two Main Types: Method What it does Anonymization: Irreversible — all identifiers removed or altered; you can’t re-link to the person Pseudonymization: Reversible — replaces identifiers with fake ones (e.g., “Patient A123”), but there’s a key stored somewhere, methods and technologies that remove identifying information from data before it is distributed.

Answer 100

🧱 Demilitarized Zone (DMZ) “A buffer zone between your digital castle and the wild internet — where you let visitors knock, but never hand them the keys.” 🌐 What Is It? A DMZ in cybersecurity is a neutral network zone that sits between an internal network (safe) and an external one (risky) — usually the internet. It hosts public-facing services like websites, email servers, or DNS. It isolates these services from the internal network to limit exposure if they get hacked. 🛡️ Real-World Analogy Think of a castle: Outer wall = Internet-facing firewall Courtyard (DMZ) = Where visitors go; you're watching them closely Inner wall = Protects the royal chambers (internal network) If attackers breach the courtyard, they still can’t reach the throne room (your sensitive systems). 🧰 Common DMZ Setup Firewall 1 (External): Between internet and DMZ Firewall 2 (Internal): Between DMZ and internal network Or: 3-legged firewall with three interfaces (internet, internal, DMZ)

Answer 101

A Denial of Service (DoS) attack is a cyberattack aimed at making a system, service, or network unavailable to its intended users. It overwhelms the target with a flood of traffic or exploits vulnerabilities to crash it, causing slowdowns or total unavailability. 🧨 Types of DoS Attacks: Volume-Based Attacks Goal: Overwhelm bandwidth Examples: ICMP flood, UDP flood Analogy: Like a mob flooding a phone line—nobody else can get through. Protocol Attacks Goal: Exhaust server resources (e.g., firewalls, load balancers) Examples: SYN flood, Ping of Death, Smurf attack Analogy: Half-open handshakes left hanging until the server chokes. Application Layer Attacks Goal: Crash the application by mimicking legitimate behavior Examples: HTTP GET/POST flood, Slowloris Analogy: A slow, polite customer who never leaves the line, blocking others. 🤖 Distributed Denial of Service (DDoS) A DDoS attack uses multiple systems (often compromised machines, aka a botnet) to launch a coordinated flood. More powerful and harder to block. 🛡️ Defenses Against DoS/DDoS: Rate limiting Traffic filtering / IP blacklisting Firewalls and intrusion prevention systems CDNs (e.g., Cloudflare) to absorb traffic Redundancy and failover strategies Behavior-based detection systems 🔑 Key Goal: Disruption, not infiltration. No data is stolen—just access denied.

Answer 102

Deprovisioning is the process of removing access rights and resources from a user, device, or system when they no longer need them — typically when someone leaves a company, changes roles, or a service is decommissioned. 🔒 Why It Matters: Prevents unauthorized access Reduces attack surface Ensures compliance with security policies Cleans up unused accounts (a common insider threat vector) 🧩 Key Deprovisioning Tasks: Account Disabling or Deletion Email, VPN, system logins (e.g., Active Directory, cloud apps) Revoke Physical Access Badges, keys, building access Recover Company Property Laptops, phones, ID cards Reclaim Licenses or Subscriptions Software tools (e.g., Microsoft 365, Salesforce) Audit & Confirm Verify logs, revoke residual permissions, alert relevant teams 🧠 Real-World Analogy: Deprovisioning is like taking away a former employee’s keys, passwords, and parking spot. If you forget, they could walk back in at any time. ⚠️ Common Risks of Poor Deprovisioning: Orphaned accounts = backdoors for attackers Zombie permissions = excessive access lingering after role changes Data leakage = ex-employees using synced devices or cloud apps 🔐 Related Concepts: Provisioning: The opposite—granting access. Least Privilege: Principle behind giving the minimum access necessary, and revoking it as soon as it’s no longer needed. Access Lifecycle Management: Full cradle-to-grave process from onboarding to offboarding.

Answer 103

🧭 Destination (in networking) “Where the data is going — the final stop on its digital journey.” 💻 What It Means In networking, destination refers to the target device, IP address, or port where a data packet is supposed to arrive. Every packet has: A source (where it came from) A destination (where it’s going) 📨 In Context: Layer Example of a Destination IP Layer 192.168.1.100 (target IP address) Transport Layer Port 443 (HTTPS), Port 25 (SMTP) Application Layer www.example.com (web address) Physical Layer A specific MAC address in a local network 🧱 Simple Analogy: Mailing a letter: Source = Your home address Destination = The recipient’s address Port number = The apartment or room you want the letter to go to inside the building Protocol = Whether it’s regular mail, FedEx, or email 🔥 Example in Action: You click a link: Your device sends a packet to destination IP 142.250.190.36 (Google) Destination port: 443 (HTTPS) Data rides TCP/IP to the destination 🧠 TL;DR Destination = where the data is headed. From web pages to emails to streaming cat videos — everything you request is just packets trying to reach their final destination. Want a graphic? Or compare “destination” across layers of the OSI model?

Answer 104

🕵️‍♀️ Detective Control A detective control is a security measure that identifies and records unwanted or unauthorized activity after it occurs — unlike preventive controls, which aim to stop incidents from happening. 🔎 Purpose: Detect. Log. Alert. Respond. Detective controls don’t block, but they help uncover violations, breaches, or abnormal behavior so you can investigate and take action. 🧠 Examples of Detective Controls: Control Type Example System Logs Tracks login attempts and file access Security Cameras Record physical access Intrusion Detection Systems (IDS) Alerts on suspicious network traffic Audit Trails Show who did what, when Change Detection Software Alerts on unauthorized file or config changes SIEM Systems Aggregate and analyze logs for threats 🧩 Security+ Tip: If a control doesn't stop something but knows it happened and can report it = detective control.

Answer 105

🚨 Deterrent Control A deterrent control is a security measure designed to discourage malicious or unwanted behavior by making the consequences clear or the risk of being caught high. 🧠 Key Idea: It doesn't block or detect—it makes you think twice. 🧩 Purpose of Deterrent Controls: Reduce the likelihood of an attack or policy violation Leverage psychological pressure (fear of being caught, punished, or exposed) 🔎 Examples of Deterrent Controls: Control Type Example Signage “Area under surveillance” / “Employees monitored” Security Cameras (Visible) Presence alone deters trespassers or thieves Security Policies with Penalties Clear consequences for violations Badge/Uniform Checks Makes unauthorized entry harder and riskier Guard Presence Even unarmed guards deter intrusion or misbehavior 🛡️ Security+ Tip: If the control’s main job is to scare off, warn, or discourage, it’s deterrent — not preventive or detective.

Answer 106

💠 Diamond Model of Intrusion Analysis “What if a cyberattack was a crime scene — and you had a 4-point profile for every digital heist?” 🕵️ What Is It? The Diamond Model is a structured way to analyze cyber intrusions by mapping out four core elements — like a crime diagram — to help defenders understand and respond to threats more effectively. It was developed by the U.S. intelligence community and is used in threat intel, SOCs, and by red/blue teams. 🔷 The Four Corners of the Diamond 1. Corner What It Means Example Adversary Who’s attacking? (person/group/entity) “APT29” or “SomeGuy123” 2. Capability What are they using? (tools, malware, exploits) Cobalt Strike, RCE exploit 4. 3. Infrastructure Where is it coming from? (servers, domains, IPs) Malicious domain, bulletproof VPS 4.Victim Who/what is targeted? (user, org, system, region) An energy company, or "HR@company.com" These four nodes are linked: The Adversary uses Capability via Infrastructure to attack a Victim. 📌 Example: APT29 uses spearphishing with a Word macro (capability), sends it from a spoofed domain hosted on AWS (infrastructure), targeting a government agency (victim). 🔁 Pivoting and Expansion The Diamond Model supports pivoting: You can take any corner and expand it into new diamonds: Found a new victim? → Look for attacker overlap. Caught a tool? → Trace who else uses it. Discovered a C2 server? → What else is hosted there? It helps build attack graphs, correlate events, and attribute behaviors across campaigns. 🔐 Why It’s Useful Structured thinking: Great for intel analysts Incident correlation: Tie multiple incidents to one actor Threat attribution: Spot patterns across seemingly unrelated events 🧠 TL;DR The Diamond Model = CSI for cyberattacks. Four points: Who did it, how they did it, where they launched from, and who they hit.

Answer 107

📖 Dictionary Attack A dictionary attack is a type of password-cracking technique where an attacker tries a predefined list of possible passwords — usually common words, phrases, or leaked credentials — to guess a user's password. 🧠 How It Works: The attacker loads a “dictionary file” — a list of commonly used passwords, like: pgsql Copy Edit 123456 password qwerty letmein football monkey iloveyou admin The system hashes each of these guesses and compares it to the stored password hash. 💡 Key Features: Characteristic Value 🎯 Target Weak or common passwords 🛠️ Method Tries each word from a list 🧠 Assumption People use predictable passwords 🐢 Speed Faster than brute force (fewer guesses, smarter list) 🔓 Dictionary Attack vs. Brute Force: Feature Dictionary Attack Brute Force Attack Tries Common passwords only Every possible character combo Speed Faster Slower (exponential time) Smarts Wordlist-based Dumb but thorough Success High if user has weak password High if attacker has time and power 🔐 Defenses: Enforce strong password policies Use account lockout or rate limiting Implement multi-factor authentication (MFA) Use salted hashes to break precomputed attack methods (like rainbow tables) Monitor for login anomalies 🧠 Security+ Exam Tip: A dictionary attack is fast, targeted, and depends on users choosing bad passwords. Think: “Guessing from a cheat sheet”, not “guessing everything.”

Answer 108

💾 Differential Backup “Only save what changed since the last full backup — not everything, just the new crumbs.” 📦 What Is It? A differential backup copies all data changed since the last full backup — every time it runs. It's a middle ground between: 🔁 Full backup: Saves everything (slow, storage-heavy) 🧮 Incremental backup: Saves only what changed since the last backup (fast, but restore is more complex) 🧪 How It Works: Monday Full backup Everything Tuesday Differential Everything that changed since Monday Wednesday Differential Everything that changed since Monday Thursday Differential Everything that changed since Monday

Answer 109

🔐 Diffie-Hellman (DH) Key Exchange “Let’s agree on a secret in public — without anyone else figuring it out.” 🧠 What Is It? Diffie-Hellman is a key exchange protocol that lets two parties generate a shared secret key over an untrusted network, without actually sending the key. It's not an encryption algorithm by itself — it’s a way to safely create keys used in encryption (e.g., for TLS, VPNs, SSH). 🤝 Real-World Analogy: You and a friend each pick a secret color, mix it with a public color, and exchange the result. When you each mix your secret with the other person’s result, you both end up with the same final color — but an eavesdropper can’t reverse it. 🧮 How It Works (Simplified) Public numbers: Prime number p Base g (a generator) Alice picks secret a, computes A = g^a mod p Bob picks secret b, computes B = g^b mod p They exchange A and B Alice computes B^a mod p Bob computes A^b mod p 🔐 They both now share the same secret: g^(ab) mod p And the eavesdropper? They see A, B, g, and p, but without knowing a or b, they can't compute the secret. (This is hard due to the Discrete Logarithm Problem.) 💣 Vulnerabilities No authentication = vulnerable to Man-in-the-Middle attacks That’s why DH is often used with digital signatures or certificates 🧠 TL;DR Diffie-Hellman = Whispering a secret across a crowded room using math magic. It’s how your browser and a server shake hands without anyone else hearing. Want a visual with potion mixing? Or a hacker trying to eavesdrop with question marks?

Answer 110

A message digest encrypted using the sender's private key that is appended to a message to authenticate the sender and prove message integrity. 🔐 What Is It? A digital signature is a mathematical way to prove authenticity and integrity of a digital message or document. It’s like a secure wax seal for the internet, ensuring: ✅ Who sent it (authentication) 🔒 It hasn’t been changed (integrity) 🛑 It can’t be denied later (non-repudiation) 🧙 How It Works (Magical Edition) Hash the message (turn content into a unique fingerprint) Encrypt the hash with your private key → that’s your digital signature Send message + signature The receiver: Decrypts the signature using your public key Hashes the received message themselves Compares the two hashes If they match = ✅ message is authentic + untampered If not = ⚠️ altered or forged 🔁 Analogy: Imagine you write a letter, seal it with a unique wax stamp only you own, and give people the stamp mold so they can verify it's yours — but they can’t forge new stamps.

Answer 111

public key encryption standard used for digital signatures that provides authentication and integrity verification for messages. 🧮 Digital Signature Algorithm (DSA) “A mathematical spell that proves you wrote the message — even if the message is public.” 🖊️ What Is DSA? DSA stands for Digital Signature Algorithm — it’s a federal standard for creating digital signatures using asymmetric cryptography. It was introduced by NIST in 1991 and is part of the Digital Signature Standard (DSS). 🔐 Core Purpose: To allow someone to: Sign a message using a private key Let others verify the message using the public key 📬 Think of DSA like sealing an envelope with a private stamp, and letting anyone check the stamp’s authenticity — but no one can copy your stamp.

Answer 112

A network service that stores 📇 What Is a Directory Service? A directory service is like a digital phone book for your network — it stores and manages information about users, devices, groups, and access permissions in a structured, searchable way. 🧠 Definition: A directory service is a centralized database that helps organize and control access to resources in a networked environment. It stores information such as: Usernames & passwords Email addresses Group memberships Computer & printer names Access control policies 🧱 Examples of Directory Services: Directory Service Platform Notes Active Directory (AD) - Windows - Most common in enterprise environments LDAP (Lightweight Directory Access Protocol) -Cross-platform - The protocol many directory services use Azure AD - Cloud Microsoft’s cloud-based AD - OpenLDAP Linux Open-source directory service Apple Open Directory - macOS Apple’s version for macOS environments ⚙️ What Does It Do? Task - How Directory Service Helps Login/Authentication: Verifies who a user is Authorization: Grants access to files, apps, devices Group Policy: Enforces rules across user groups Central Management: Lets admins manage users/devices in one place 🏢 Real-World Analogy: Your company’s receptionist has a master list of every employee — their name, office, job title, department, and permissions. That’s what a directory service is for a computer network. 🔐 Why It's Important: Centralized identity and access control Supports single sign-on (SSO) Enforces security policies Simplifies user provisioning and deprovisioning information about all the objects in a particular network, including users, groups, servers, client computers, and printers.

Answer 113

i📂 What is Directory Traversal? Directory Traversal, also known as Path Traversal, is a type of attack where an attacker manipulates file paths to access files or directories outside the intended scope of a web application. 💣 The Goal: Trick the system into giving access to sensitive files like: /etc/passwd on Linux (user info) C:\Windows\System32\config\SAM on Windows (password hashes) Config files, logs, or source code 🧪 How It Works: The attacker enters a path like: bash ../../../etc/passwd Each ../ tells the system to “go up one folder.” If the server doesn't properly sanitize input, the attacker can climb the file tree and access files they shouldn’t. 🧱 Example: Imagine a website loads images like this: bash https://example.com/view?file=images/cat.jpg The attacker tries: bash https://example.com/view?file=../../../../etc/passwd If successful, the server returns the contents of a sensitive system file instead of a harmless image. 🚨 Impact: Unauthorized access to passwords, config files, backups Potential to execute code or escalate privileges Data breaches 🔐 Prevention: Mitigation Strategy - What It Does Input validation/sanitization: Remove or block ../ and similar patterns Use safe APIs: Access files by ID or name, not raw paths Least privilege principle: Web app can’t access sensitive system files Web application firewalls (WAF): Block common traversal attempts 🧠 TL;DR: Directory Traversal = “Hey web app, can I just peek outside the sandbox and grab your diary?”rectory.

Answer 114

🌪️ Disaster Recovery Plan (DRP) A Disaster Recovery Plan is a formal, documented strategy for restoring IT systems, data, and operations after a disruptive event — like a cyberattack, natural disaster, or critical system failure. 🎯 Goal: Resume critical business functions quickly and securely with minimal downtime and data loss. 📑 Key Components of a DRP: Risk Assessment & Business Impact Analysis (BIA) Identify threats (fire, flood, ransomware) Analyze what assets are critical and the impact if lost Recovery Objectives RTO (Recovery Time Objective): How fast must it be restored? RPO (Recovery Point Objective): How much data can we afford to lose? Backup Strategy Frequency (daily, hourly) Location (cloud, offsite, offline) Media (tape, disk, virtual snapshots) Recovery Procedures Step-by-step process for restoring systems, apps, and data Contact info for responsible personnel Checklists and escalation paths Alternative Facilities Cold Site – Empty shell with power/space Warm Site – Partially equipped (some hardware, maybe backup data) Hot Site – Fully functional duplicate, ready to go live immediately Roles & Responsibilities Who does what in a crisis? Communication Plan Internal team, stakeholders, vendors, customers Include templates for outage notices or status updates Testing & Maintenance Tabletop exercises, simulated failovers, regular reviews Keep it updated as systems evolve 🧠 Disaster Recovery vs Business Continuity: Aspect Disaster Recovery (DRP) Business Continuity (BCP) Scope IT systems & data Entire business operation Goal Restore tech Keep business running Timeframe After disaster During and after disruption 🛡️ Security+ Tip: DRP = Get the tech back up. BCP = Keep the business running, even if tech isn’t.

Answer 115

🧠 Definition: Discretionary Access Control (DAC) is an access control model where the resource owner decides who can access it and what they can do with it (read, write, execute, etc.). “My file, my rules” — that’s the spirit of DAC. (Pikachu: adorable, but access is dependant on relation)

Answer 116

🧠 Definition: Distinguished Encoding Rules (DER) is a strict, binary format used to encode data structures defined by ASN.1 (Abstract Syntax Notation One). It’s like XML for cryptography, but in compact, machine-readable binary — and only one valid way to encode each structure. 🧩 What It's Used For: Digital certificates (X.509) Cryptographic keys (RSA, ECC) Secure protocols like SSL/TLS, S/MIME, and PKCS 🔍 Why DER Exists: ASN.1 allows multiple valid encodings of the same data. DER removes that ambiguity by enforcing: One correct way to represent lengths No extra padding Ordered sets and fields This guarantees consistency, which is critical for: Digital signatures (so the data always hashes the same way) Certificate verification 📘 What you should know for Security+: Topic Area What You Need to Know X.509 Certificates They use DER and PEM encoding formats PEM vs DER PEM = Base64 + headers; DER = raw binary File Extensions .der, .cer, .crt, .pem, .key, .pfx Use Case DER is used when exact binary representation is needed (e.g., digital signatures) 🔍 Sample question-level knowledge: Which format encodes X.509 certificates in binary and is used for cryptographic consistency? A) PEM B) DER C) XML D) JSON ✅ Correct: B) DER TL;DR for Security+: Know what DER is, where it's used (certs), and how it's different from PEM — but you don’t need to encode/decode or memorize ASN.1 structure.

Answer 117

In cybersecurity, diversity refers to using a variety of systems, tools, vendors, and defenses — rather than relying on a single technology or uniform environment — to reduce the risk of widespread failure during an attack. 🧠 Core Idea: Homogeneity = single point of failure Diversity = layered, resistant, unpredictable defense 🧩 Types of Diversity That Build Resilience: Type Example Benefit Vendor Diversity Using different firewall, antivirus, and SIEM vendors Avoids mass failure from one vendor flaw OS Diversity Windows, Linux, macOS in different roles Prevents exploits from spreading uniformly Geographic Diversity Data centers in multiple regions Enhances disaster recovery and redundancy Team Diversity Multidisciplinary, multicultural perspectives Better threat modeling & creative problem solving Tool Diversity Multiple layers of detection and response (e.g., EDR + IDS) Increases detection accuracy and resilience 🧪 Security Analogy: A monoculture forest is wiped out by one disease. A diverse forest resists — some trees survive and keep the ecosystem running. Same with IT: One exploit shouldn’t bring down the whole ecosystem. ⚠️ Trade-Off: Diversity increases complexity and cost — so it must be strategically planned. Too much unmanaged diversity can lead to: Inconsistent policies Integration headaches Poor visibility 🔐 Security+ Angle: Diversity is a resilience strategy Ties into defense in depth, redundancy, and vendor risk management Shows up in business continuity and supply chain discussions

Answer 118

Domain hijacking is when someone illegally takes control of a domain name without the permission of the rightful owner. It's basically identity theft for websites — and it can have serious consequences. --- 🕵️‍♂️ What It Looks Like A company suddenly loses access to their website. Emails tied to the domain stop working. The domain points to a scam site or is listed for resale. WHOIS records are suddenly changed to an unknown entity. --- 🧠 How It Happens 1. Credential Theft Attacker steals the domain admin’s login credentials (via phishing, malware, or password reuse). They access the registrar account and transfer the domain elsewhere. 2. Social Engineering Attacker impersonates the owner to the domain registrar and tricks them into approving a domain transfer or account reset. 3. Registrar Vulnerabilities Exploiting weak security at the registrar level — e.g., no two-factor authentication (2FA), lax identity verification. 4. Expired Domains Owner forgets to renew, and the attacker snatches it during the grace period. --- 🔒 Prevention Tips Enable 2FA on your domain registrar account. Use a strong, unique password for registrar login. Lock your domain (many registrars offer this feature to prevent unauthorized transfers). Monitor WHOIS changes and domain DNS activity. Keep domain registration info current (email/phone) so you’re alerted to changes. Renew domains early, or set them to auto-renew. --- 📉 Why It Matters Domain hijacking can: Cripple your business (loss of web/email access) Harm your reputation (customers may be scammed) Be extremely hard (and expensive) to recover --- Want a metaphor? > Domain hijacking is like someone stealing your front door key, changing the locks, and pretending to be you — while you're stuck outside watching them host a scam party in your living room.

Answer 119

🧠 DNS Hijacking (a.k.a. DNS Redirection) DNS hijacking is an attack where a malicious actor alters the DNS resolution process to redirect users to fraudulent or malicious sites — even if they type the correct domain name. 🌐 DNS Recap: When you type www.example.com, your device asks a DNS server: "What’s the IP address for this domain?" DNS hijacking corrupts the answer. 🧨 How DNS Hijacking Works: Attack Type Description Local DNS Hijack Malware on the user’s device changes DNS settings Router Hijack Attacker changes DNS settings on your router (e.g., via default password) ISP-Level Hijack Some ISPs redirect DNS requests to custom pages (sometimes for ads) DNS Server Compromise Attacker hacks a real DNS server and changes the record for a domain Man-in-the-Middle (MITM) DNS traffic is intercepted and modified in transit 🧪 Example: You type bank.com → Malicious DNS resolves to 192.168.100.13 (a phishing page) instead of the real bank IP. You get tricked into entering your credentials. 🔐 Defenses Against DNS Hijacking: Defense Description Use Secure DNS (DoH/DoT) DNS over HTTPS or TLS encrypts DNS requests Configure trusted DNS Manually set Google (8.8.8.8) or Cloudflare (1.1.1.1) Firmware Security Change router passwords, update firmware Endpoint Protection Detects local malware altering DNS settings DNSSEC Adds digital signatures to DNS responses to verify authenticity 🔒 DNSSEC Analogy: Like receiving a signed, sealed envelope from DNS. If the signature doesn't match, don't trust the content. 🧠 Security+ Tip: DNS Hijacking = Altering where domain names point. It’s a recon, credential theft, or MITM vector. Always think redirection + deception.

Answer 120

☠️ DNS Poisoning (a.k.a. DNS Cache Poisoning) DNS poisoning is an attack where a DNS resolver's cache is tricked into storing fraudulent domain-to-IP mappings — so users are unknowingly redirected to malicious sites when visiting trusted domains. 🧠 Simple Summary: The attacker poisons the DNS cache with fake info, so the next time you visit bank.com, you get sent to their trap instead. 🧩 How DNS Poisoning Works: A DNS resolver asks upstream servers for the IP of example.com. The attacker races to respond first with a spoofed IP, like 192.0.2.66. If the fake response wins, the resolver caches the wrong IP. Every user querying that resolver gets sent to the malicious site — until the cache expires. ⚠️ Real-World Consequences: Phishing sites with legit-looking URLs Malware delivery MITM interception Massive trust erosion (think: poisoning Google's domain) 🧠 DNS Poisoning vs DNS Hijacking: Feature DNS Poisoning DNS Hijacking Focus Cache of a legit DNS server Control of device/router/DNS system Method Injects fake DNS records Redirects via malware/config tampering Scope Often widespread (affects many users) Can be local or network-specific Persistence Until cache expires or is purged Until settings are fixed 🔐 Defenses Against DNS Poisoning: ✅ DNSSEC (DNS Security Extensions) Authenticates DNS responses via digital signatures ✅ Randomized source ports & query IDs Makes spoofing harder ✅ Short TTLs and frequent cache flushing ✅ Trusted DNS resolvers (Cloudflare, Google) ✅ Monitoring for DNS anomalies 🧠 Security+ Exam Tip: DNS poisoning is a spoofing + recon + redirection tactic. It attacks the trust layer of the internet.

Answer 121

🔐 DNSSEC (Domain Name System Security Extensions) DNSSEC is a security extension for DNS that authenticates DNS responses using digital signatures — preventing DNS spoofing, poisoning, and man-in-the-middle attacks. 🧠 Core Problem: Traditional DNS = No authentication Anyone can spoof a reply. DNSSEC = “Prove that answer came from the real source.” 🧩 How DNSSEC Works: Zone Signing: Domain owner creates a private/public key pair DNS records (A, MX, CNAME, etc.) are digitally signed with the private key The DNS server serves both the record and a signature (RRSIG) Validation: When a resolver queries a DNSSEC-enabled domain: It receives the DNS record + the RRSIG It uses the public key (DNSKEY) to verify the signature If valid: 🟢 Trust it If invalid: 🔴 Reject it Chain of Trust: Starts from the root zone (.) Each level (TLD → domain) signs the next Like a signed passport passed down the DNS hierarchy 🔒 What DNSSEC Protects Against: Attack Type DNSSEC Defense DNS Spoofing ✅ Yes DNS Poisoning ✅ Yes MITM Attacks ✅ Yes (on DNS layer) Phishing Pages ❌ No (doesn’t check site content) DDoS ❌ No (DNSSEC can actually amplify it if misused) ⚠️ Limitations of DNSSEC: Doesn’t encrypt DNS traffic (use DoH/DoT for that) Can add complexity and misconfiguration risk Requires full resolver and domain support 🧠 Security+ Exam Tip: DNSSEC = Integrity + Authenticity for DNS responses. Not encryption. Think "signed records", not "hidden data."

Answer 122

🔽 Downgrade Attack A downgrade attack (a.k.a. version rollback attack) is when an attacker forces a system or protocol to fall back to an older, weaker, or less secure version — making it easier to exploit. 🧠 Core Idea: "Let’s talk in an old language I already know how to break." 🔓 How It Works: Two systems negotiate the strongest protocol they both support (e.g., during TLS handshake). The attacker intercepts or manipulates this negotiation. They trick one or both parties into agreeing on an outdated or vulnerable version (e.g., TLS 1.0 instead of TLS 1.3). Now the attacker can eavesdrop, modify, or decrypt the data — or exploit known bugs. 🧩 Real-World Examples: Attack Name Description POODLE (SSL downgrade) Forced TLS connections to fall back to SSL 3.0, which is vulnerable STARTTLS stripping In email, attacker downgrades encrypted connection to plaintext Weak cipher downgrade Forces use of export-grade or known weak ciphers 🎯 Target Protocols: TLS/SSL HTTPS SMTP / IMAP / POP3 VPNs Wireless protocols (e.g., WPA/WEP) 🛡️ Defenses: Control Description Disable legacy protocols Block SSL, TLS 1.0, and other old versions Use strict version enforcement No fallback allowed Use HSTS (HTTP Strict Transport Security) Prevents HTTPS downgrades Use modern cipher suites Avoid export-grade and weak encryption Patch & configure properly Downgrade resistance is often a config setting 🧠 Security+ Tip: Downgrade = attacker interferes with negotiation to force weak settings. It’s a form of protocol manipulation and usually part of a MITM strategy.

Answer 123

File containing data captured from system memory.

Answer 124

The social engineering technique of discovering things about an organization (or person) based on what it throws away.

Answer 125

🎭 DHCP Spoofing DHCP spoofing is an attack where a rogue device on the network pretends to be a legitimate DHCP server, handing out malicious IP configurations to clients. 🧠 Core Idea: The attacker becomes the fake traffic cop, directing everyone to bad routes. 🔁 How DHCP Works (Normally): A new device connects to the network. It sends a DHCP Discover (basically: “Can anyone give me an IP?”) A legit DHCP server responds with an IP lease, gateway, DNS, etc. Device joins the network with proper settings. 🧨 In a DHCP Spoofing Attack: Attacker sets up a rogue DHCP server. It responds faster than the real one. The victim’s machine accepts the attacker’s configuration, which may include: Fake default gateway → attacker’s machine (MITM) Fake DNS server → attacker controls domain resolution Bogus IP range → network chaos 🎯 Attacker Goals: Goal Outcome Man-in-the-middle Intercept and modify traffic Traffic redirection Send users to phishing/malware sites Network disruption IP conflicts or broken routing 🔐 Defenses Against DHCP Spoofing: Defense Technique Description DHCP Snooping (switch config) Only allows DHCP responses from trusted ports Port security Blocks unauthorized devices from joining the network 802.1X authentication Requires authentication before assigning network access Static IPs (in rare cases) Removes need for DHCP altogether 🧠 Security+ Tip: DHCP spoofing is a LAN-based attack that often sets up a MITM or DNS poisoning scenario. The keyword to watch for = “rogue DHCP server”.

Answer 126

🔐 EAP-TLS (Extensible Authentication Protocol - Transport Layer Security) EAP-TLS is a highly secure authentication framework used in wireless networks and VPNs. It uses mutual certificate-based authentication over the EAP framework and TLS encryption. 🧠 Core Concept: EAP-TLS = “Prove your identity with a certificate”, not a password. It’s like a handshake where both sides show a passport before speaking. 📡 Where It’s Used: Enterprise Wi-Fi authentication (e.g., WPA2-Enterprise, WPA3-Enterprise) VPN access 802.1X authentication in wired and wireless networks 🔁 How EAP-TLS Works (Simplified Flow): Client (Supplicant) initiates authentication to a network. Authentication Server (e.g., RADIUS) sends a certificate request. Client sends its digital certificate → proves identity. Server sends its own certificate → proves it’s legit too. TLS handshake is completed → mutual trust established. Encrypted session begins → access is granted. 🔒 Key Features: Feature Details Mutual authentication Both client and server authenticate each other No passwords Uses X.509 certificates, not shared secrets Encryption Built-in via TLS handshake High security Resistant to dictionary, MITM, and phishing ⚠️ Limitations: Certificate management can be complex and costly Requires a PKI (Public Key Infrastructure) to issue, revoke, and manage certificates Not ideal for BYOD unless certificates are pre-deployed 🧠 Security+ Tip: EAP-TLS = strongest EAP method because it uses certificates, not passwords. Don’t confuse it with EAP-PEAP or EAP-TTLS, which wrap passwords in a TLS tunnel.

Answer 127

🔐 EAP-TLS: Extensible Authentication Protocol – Transport Layer Security EAP-TLS is an EAP authentication method that uses mutual TLS (Transport Layer Security) to securely authenticate both the client and the server using digital certificates. 🧠 Quick Definition: EAP-TLS is the most secure EAP method — it replaces passwords with certificates and uses TLS encryption to protect the entire exchange. 🔁 How EAP-TLS Works: The client (user/device) connects to the network. The server requests the client’s digital certificate. The client sends its certificate → proves identity. The server sends its own certificate → proves legitimacy. A TLS handshake establishes a secure session. If mutual authentication succeeds → access is granted. 🔐 Key Features of EAP-TLS: Feature Description Mutual Authentication Both client and server prove their identity Certificate-Based No passwords — uses X.509 certificates Built on TLS Strong encryption + integrity Enterprise-Grade Used in WPA2/WPA3-Enterprise, 802.1X networks ✅ Pros: Extremely strong security (resistant to MITM, replay, password cracking) Supports machine and user authentication Widely supported across enterprise systems ❌ Cons: Requires a PKI (Public Key Infrastructure) to issue/manage certs Complex to deploy and maintain (especially in BYOD environments) Not password-friendly — devices must have a valid certificate 📡 Common Use Cases: Enterprise Wi-Fi (WPA2/WPA3-Enterprise with 802.1X) VPN authentication Secure wired access in corporate networks 🧠 Security+ Exam Tip: EAP-TLS = strongest form of EAP — relies on certificates, not passwords. It’s the gold standard for secure enterprise authentication. 🔐 Is Anything Stronger Than EAP-TLS? In terms of wireless and remote authentication protocols? No. EAP-TLS is the gold standard. It offers: ✅ Mutual authentication ✅ Certificate-based identity (not passwords) ✅ TLS encryption ✅ Resistance to replay, MITM, and brute force attacks 🧱 Why EAP-TLS is Top-Tier: The only major EAP method that uses client + server certificates No shared secrets = no password to steal, spray, or guess Even quantum-resistant TLS versions are being prepared — EAP-TLS evolves with TLS

Answer 128

⚖️ 🔐 EAP-TTLS (Extensible Authentication Protocol – Tunneled Transport Layer Security) EAP-TTLS is an EAP method that provides secure user authentication by creating a TLS tunnel (like a private pipe) between the client and the authentication server — then sending credentials (like usernames and passwords) inside that encrypted tunnel. 🧠 Core Idea: Server proves itself with a certificate. Client authenticates inside the tunnel — usually with username/password. 🔁 How EAP-TTLS Works: Client connects to the network. Server sends its digital certificate. Client verifies the server’s identity. A TLS tunnel is created between client and server. Inside the tunnel, the client sends credentials (e.g., username + password, or token). Server authenticates the client. Secure access is granted. 🔒 Key Features of EAP-TTLS: Feature Description Server certificate only Only the server needs a digital certificate Client flexibility Client can use passwords, tokens, or inner EAP Encrypted tunnel Protects credentials in transit (via TLS) Less complex than EAP-TLS No client-side certs to manage ✅ Pros: Stronger than password-only methods (e.g., EAP-MD5, PAP) Doesn’t require a client certificate Supports many inner authentication methods Easier to deploy than EAP-TLS in BYOD environments ❌ Cons: Only the server is authenticated → no mutual authentication Still depends on password security Requires proper TLS config to avoid downgrade or MITM risk 📡 Use Cases: WPA2/WPA3-Enterprise networks Organizations with mixed devices or BYOD policies When client certificates are impractical If You’re Comparing: EAP Method Client Cert? Server Cert? Uses Passwords? Strength EAP-TLS ✅ Yes ✅ Yes ❌ No 🟢 Strongest PEAP (MSCHAPv2) ❌ No ✅ Yes ✅ Yes (inner) 🟡 Moderate EAP-TTLS ❌ No ✅ Yes ✅ Yes (inner) 🟡 Moderate EAP-FAST ❌ No ❌ Optional ✅ Yes (PAC files) 🟡 Moderate EAP-MD5 ❌ No ❌ No ✅ Yes 🔴 Weak 🚫 "Stronger" Options? Only in Different Categories: 🔒 Multi-factor Authentication (MFA) can complement EAP-TLS but doesn’t replace it. 🔑 FIDO2/WebAuthn is stronger for web auth, but it’s not part of EAP. 🧪 Post-quantum TLS (PQTLS) may evolve EAP-TLS in the future, but that’s theoretical for now. ✅ Bottom Line: EAP-TLS remains the strongest widely deployed authentication method in enterprise network security. If you want "stronger," you're talking layers (MFA, behavior analytics, device posture checks) — not a different EAP protocol.

Answer 129

East-West traffic refers to data communication that occurs within a single data center or network segment — typically between servers, virtual machines, containers, or applications inside the same trust zone. 🧠 Quick Analogy: East-West = side-to-side (internal to internal) North-South = top-to-bottom (user to server or server to internet) 🧩 Examples of East-West Traffic: Scenario Description Web server communicating with DB server Internal system-to-system traffic Microservices calling each other API-to-API calls in a service mesh VM talking to another VM on same subnet Hypervisor-internal communication Kubernetes pod traffic Inter-pod messaging inside a cluster 🚨 Security Risks: Most traditional defenses (like firewalls) focus on north-south traffic Once an attacker breaches the perimeter, east-west traffic is often unmonitored Enables lateral movement in the network (e.g., spreading ransomware) 🔐 How to Secure East-West Traffic: Technique Description Microsegmentation Apply strict rules between internal systems Zero Trust Network Access (ZTNA) Authenticate and authorize every request Internal firewalls Monitor intra-network traffic Network detection & response (NDR) Analyze east-west traffic patterns Least privilege access Minimize unnecessary communication paths 🧠 Security+ Tip: East-West = lateral traffic — attackers love it for moving quietly inside. Mention lateral movement, microsegmentation, or internal visibility in answers.

Answer 130

🛰️ Edge Computing Edge computing is a distributed computing model where data processing happens close to the source of data — at the “edge” of the network — instead of relying on a centralized cloud or data center. 🧠 Core Idea: Instead of sending all data to the cloud, process it locally, near where it's created. 🔧 Where’s the “Edge”? Layer Example Edge Device Smart camera, industrial sensor, IoT device Edge Gateway Local router or micro-server near devices Cloud/Data Center Central processing (fallback or archive) 🧩 Why Use Edge Computing? Benefit Description Low latency Faster response times — no round-trip to the cloud Bandwidth savings Reduces data sent over the internet Offline capability Works even with intermittent connectivity Real-time processing Critical for automation, AI, robotics, etc. Improved privacy Sensitive data stays local 📍 Use Cases: Smart cities (traffic sensors, surveillance) Industrial automation (predictive maintenance) Healthcare (real-time patient monitoring) Retail (smart checkout, in-store analytics) Autonomous vehicles (split-second decisions without cloud delay) 🔐 Security Implications: Risk Mitigation More attack surfaces Harden each edge node Physical tampering Use tamper detection + encryption Inconsistent updates Centralized patching systems Data loss/theft locally Use secure storage and transmission 🧠 Security+ Tip: Edge computing = decentralized, low-latency processing near the data source. Mention it when speed, bandwidth, or autonomy is key.

Answer 131

🧾 E-Discovery (Electronic Discovery) E-discovery is the process of identifying, collecting, preserving, and producing electronically stored information (ESI) during legal proceedings — such as lawsuits, investigations, audits, or regulatory compliance. 🧠 Core Idea: If it’s digital and might be relevant in court, you have to find it, preserve it, and produce it — without tampering. 📂 Types of ESI (Electronically Stored Information): Emails Chat logs and messaging apps (e.g., Slack, Teams) Documents (Word, PDFs, spreadsheets) Social media content Server logs Voicemail and video recordings Metadata (timestamps, author, IPs) 🔁 E-Discovery Workflow (Simplified): Information Governance → Set retention, classification, and access policies Identification → Locate potential sources of ESI Preservation → Ensure data is protected from alteration/deletion (legal hold) Collection → Extract data in a forensically sound manner Processing → Filter, de-duplicate, convert formats Review → Attorneys or analysts inspect for relevance, privilege, etc. Production → Present final set of ESI in usable format to court or regulators Presentation → Use evidence in hearings or trials ⚖️ Why It Matters in Cybersecurity & Compliance: Legal or regulatory mandates (GDPR, HIPAA, SOX, etc.) Insider threat and fraud investigations Data breach response and chain of custody Incident response documentation HR disputes and workplace misconduct 🛡️ Challenges: Volume: massive data sets Format: wide variety (structured/unstructured) Preservation: must avoid spoliation (evidence tampering) Privacy: redacting personal or sensitive data 🔐 Security+ Tip: E-discovery = digital evidence handling for legal/regulatory cases. Keywords: legal hold, chain of custody, metadata integrity.

Answer 132

🧮 Elasticity (in Cloud Computing) Elasticity refers to the ability of a cloud system to automatically scale resources up or down — on-demand — based on current workload needs. 🧠 Core Idea: When demand grows, add more resources. When demand shrinks, release them. Fast, automatic, efficient. 🔄 Elastic vs. Scalable: Concept Definition Key Difference Elasticity Automatic adjustment of resources in real time Think real-time flexibility Scalability The capacity to handle growth (manual or auto) Think long-term growth planning 📈 Example Use Case: An e-commerce site sees traffic spikes during Black Friday. With elasticity, the cloud platform adds more servers temporarily. After the sale, resources shrink automatically, reducing costs. 🧩 Benefits of Elasticity: ✅ Optimizes resource usage ✅ Lowers operational costs ✅ Improves performance and availability ✅ Adapts in real time to workload changes ☁️ Technologies That Enable Elasticity: Auto-scaling groups Load balancers Serverless platforms (e.g., AWS Lambda) Container orchestration (e.g., Kubernetes) 🧠 Security+ Tip: Elasticity = on-demand, automatic resource expansion or reduction Commonly associated with cloud computing and cost-efficiency.

Answer 133

🧮 Elasticity (in Cloud Computing) Elasticity refers to the ability of a cloud system to automatically scale resources up or down — on-demand — based on current workload needs. 🧠 Core Idea: When demand grows, add more resources. When demand shrinks, release them. Fast, automatic, efficient. 🔄 Elastic vs. Scalable: Concept Definition Key Difference Elasticity Automatic adjustment of resources in real time Think real-time flexibility Scalability The capacity to handle growth (manual or auto) Think long-term growth planning 📈 Example Use Case: An e-commerce site sees traffic spikes during Black Friday. With elasticity, the cloud platform adds more servers temporarily. After the sale, resources shrink automatically, reducing costs. 🧩 Benefits of Elasticity: ✅ Optimizes resource usage ✅ Lowers operational costs ✅ Improves performance and availability ✅ Adapts in real time to workload changes ☁️ Technologies That Enable Elasticity: Auto-scaling groups Load balancers Serverless platforms (e.g., AWS Lambda) Container orchestration (e.g., Kubernetes) 🧠 Security+ Tip: Elasticity = on-demand, automatic resource expansion or reduction Commonly associated with cloud computing and cost-efficiency.

Answer 134

🔐 ESP (Encapsulating Security Payload) ESP is a core protocol in the IPsec (Internet Protocol Security) suite. It provides confidentiality, integrity, and authentication for IP packets by encrypting and optionally authenticating the data being sent across a network. 🧠 Core Idea: ESP = Encrypt and protect data inside IP packets. It ensures no one can read or tamper with what’s inside. 📦 What ESP Protects: Feature Provided by ESP? Encryption ✅ Yes (confidentiality) Integrity ✅ Yes (detects tampering) Authentication ✅ Optional (proves sender) Anti-replay ✅ Yes (sequence numbers) Header protection ❌ No (IP header is still visible unless in tunnel mode) 🔁 Two Modes of ESP: Mode What Gets Protected Use Case Transport Encrypts payload only (not IP header) Host-to-host encryption Tunnel Encrypts entire original IP packet + adds new header VPNs, site-to-site tunnels 🔐 ESP in Action: Often used in VPNs (especially IPsec-based VPNs) Works with encryption algorithms like AES, ChaCha20 Adds ESP headers/trailers around the protected data 🚫 Not to Confuse With: Term Meaning ESP Encapsulating Security Payload (IPsec) AH Authentication Header — no encryption GRE Generic Routing Encapsulation — not secure SSL/TLS Used in HTTPS — different protocol stack 🧠 Security+ Tip: ESP = IPsec protocol that encrypts and optionally authenticates data If the question mentions confidentiality or VPN tunneling, think ESP, not AH.

Answer 135

🔚 EOSL – End of Service Life EOSL stands for End of Service Life, and it's an important term in IT asset management, cybersecurity, and risk planning. 🧠 Definition: EOSL is the point at which a hardware or software vendor stops all support, including: Security patches Technical assistance Firmware updates Bug fixes 🔥 Why EOSL Matters in Cybersecurity: Risk Impact ❌ No security patches Vulnerabilities remain unpatched → exploit risk ❌ No vendor support Can't escalate issues or get official fixes ❌ Compliance failure Violates industry standards (e.g., PCI-DSS, HIPAA) ❌ Increased downtime Failures take longer to resolve 📉 EOSL vs EOL (End of Life): Term Meaning EOL Product is no longer sold or developed EOSL All support ends — the product is fully retired 🔧 EOL = the product is on its way out 🚫 EOSL = it’s out. You're on your own.

Answer 136

🖥️ Endpoint Detection and Response (EDR) EDR is a cybersecurity solution that provides continuous monitoring, threat detection, and automated response for endpoints — like laptops, desktops, and servers. 🧠 Core Idea: EDR watches everything happening on endpoints and alerts, investigates, and responds to threats — often in real time. 🔍 What EDR Does: Function Description Monitor Tracks files, processes, user activity, network traffic Detect Uses signatures + behavior-based analytics to spot threats Investigate Provides forensics and context (e.g., what process ran, what it did) Respond Quarantine files, kill processes, isolate hosts, alert analysts Hunt Supports threat hunting (manual and automated) ⚙️ Core EDR Capabilities: Real-time telemetry collection Behavioral analysis (detects suspicious patterns) Machine learning for anomaly detection Indicators of Compromise (IOCs) and TTPs Forensic timeline reconstruction Automated playbooks / SOAR integration 🖥️ What’s an Endpoint? Any device connecting to a network: Workstations Laptops Servers Cloud-based VMs Mobile devices (in some cases) 🔐 Why EDR Matters: Without EDR With EDR Malware goes undetected Threats detected in real time Manual investigations Automated response + detailed forensics Slow detection (days/weeks) Fast containment (seconds/minutes) 🔁 EDR vs Antivirus vs XDR: Solution Scope Intelligence Antivirus Signature-based threat detection Limited EDR Behavior + real-time endpoint defense Advanced analytics XDR Extended detection across endpoints, email, cloud, etc. Correlated multi-source data 🧠 Security+ Tip: EDR = advanced, behavior-driven defense at the endpoint level. Key terms: telemetry, quarantine, threat hunting, real-time response.

Answer 137

🛡️ Endpoint Protection Platform (EPP) An Endpoint Protection Platform (EPP) is a security solution installed on endpoint devices (like laptops, desktops, and servers) to prevent, detect, and block threats — primarily before they execute. 🧠 Core Purpose: EPP = preventive security at the device level. Think of it as a modern antivirus + firewall + malware blocker all rolled into one. 🧩 What EPP Typically Includes: Capability Description Antivirus/Antimalware Signature and heuristic-based detection Host-based Firewall Controls inbound/outbound traffic at the device level Exploit Prevention Blocks techniques used in malware delivery/execution Device Control Manages USBs, printers, external devices App Control / Whitelisting Blocks unapproved or unknown applications Web Filtering Blocks access to malicious websites Basic Behavioral Analysis Detects known patterns of bad behavior 🖥️ EPP vs. EDR: Feature EPP (Protection) EDR (Detection + Response) Focus Prevention Detection + Investigation Action Blocks known threats Investigates complex attacks Threat Types Malware, ransomware, phishing Fileless malware, zero-days Real-time visibility ❌ Limited ✅ Full endpoint telemetry Response Mostly automated blocking Manual or automated response 🔐 EPP = First line of defense 🕵️ EDR = Second line of detection and analysis 🧠 Security+ Tip: EPP = preventative endpoint solution, focused on stopping known threats. Often paired with EDR for full protection + investigation capability. 🧪 Bonus: Modern EPPs often evolve into XDR (Extended Detection and Response), combining endpoint, email, identity, and network telemetry into one unified platform.

Answer 138

🏢 Enterprise Risk Management (ERM) Enterprise Risk Management (ERM) is a structured, organization-wide approach to identifying, assessing, responding to, and monitoring risks that could impact the achievement of business objectives — not just cybersecurity, but strategic, financial, operational, legal, and reputational risks as well. 🧠 Core Idea: ERM = Manage all major risks across the enterprise, not in silos. 📊 ERM Key Objectives: Identify and understand all categories of risk Ensure proactive rather than reactive management Align risk appetite with strategic goals Protect and create organizational value 🧩 Common Risk Categories in ERM: Category Examples Strategic Market shifts, mergers, brand damage Operational System failures, supply chain issues Financial Budget shortfalls, currency volatility Compliance/Legal Regulatory violations, lawsuits Cybersecurity/IT Data breaches, insider threats Reputational Public scandals, customer backlash 🔄 ERM Lifecycle (Simplified): Risk Identification → What could go wrong? Risk Assessment → How likely? How severe? Risk Response → Avoid, mitigate, transfer, or accept? Risk Monitoring & Reporting → Track changes and effectiveness Integration with Strategy → Align with goals, resources, culture 🛡️ ERM vs Traditional Risk Management: Aspect Traditional RM Enterprise RM (ERM) Scope Department-specific Organization-wide Focus Loss prevention Strategic decision-making Coordination Isolated Centralized and cross-functional Timeframe Short-term Long-term and continuous 🧠 Security+ Tip (and real-world relevance): ERM is about strategic alignment — cybersecurity risk fits within this larger business context. If a question involves governance, strategy, or organization-wide risk, ERM is the correct answer.

Answer 139

🎲 Entropy (in Cybersecurity & Cryptography) Entropy is a measure of randomness or unpredictability — especially important in cryptography, where high entropy ensures that keys, passwords, and random numbers are hard to guess or reproduce. 🧠 Core Idea: More entropy = more randomness = more security. Low entropy = predictable = weak = hackable. 🔐 Where Entropy Matters: Area Why Entropy Is Important Password Strength Randomized, longer passwords have higher entropy = harder to brute force Cryptographic Keys Keys must be unpredictable to resist attacks Random Number Generation Secure RNGs rely on high entropy sources Token Generation Session tokens, CSRF tokens must be non-guessable 📏 Entropy Measured In Bits: Entropy Bits Equivalent Security 20 bits Weak (guessable by brute force) 80+ bits Acceptable for most passwords 128+ bits Standard for cryptographic keys 256 bits Common for AES-256 encryption Example: A 4-digit PIN (0000–9999) = ~13 bits of entropy → easy to crack. 🧩 Entropy Sources: Type Example Reliability True Random Hardware noise, radioactive decay ✅ Strong Pseudo-random (PRNG) Algorithm-based (e.g., /dev/urandom) ⚠️ Needs good seed User input Mouse movement, keystroke timing Varies ⚠️ Entropy Failures = Security Failures: Weak password rules → low entropy Reusing PRNG seeds → predictable keys Poor token generation → session hijacking 🧠 Security+ Tip: Entropy = randomness = unpredictability Always aim for high entropy in cryptographic operations.

Answer 140

⚠️ Error Handling (in Cybersecurity & Software Development) Error handling refers to how systems respond to unexpected conditions or failures — like invalid input, broken connections, or internal crashes — without exposing sensitive information or compromising security. 🧠 Core Idea: Good error handling = graceful failure Bad error handling = leaks, crashes, or exploits 🔐 In Cybersecurity Context: Risk Bad Error Handling Can Lead To… Information disclosure Detailed error messages reveal server paths, DB structure, stack traces, or internal logic Injection attacks Poor input validation can let malicious code slip in Denial of Service Unhandled exceptions crash the app Bypass logic Logic errors or bad exception handling may allow privilege escalation or bypass authentication 🛡️ Best Practices for Secure Error Handling: Good Practice Why It Matters Generic user-facing errors Avoid leaking system details to attackers Detailed logging (server-side) Helps admins investigate issues without exposing info to users Catch and handle exceptions Prevent app crashes and unintended behavior Fail securely On failure, deny access rather than allow it Input validation & sanitization Prevent unexpected input from causing errors Use error codes instead of messages Safer for APIs and client communication 🚫 What NOT to Do: Displaying 500 Internal Server Error with stack trace Revealing file paths or database errors like: vbnet Copy Edit SQL Error: syntax error near 'DROP TABLE' Letting unhandled exceptions bubble up to users 🔐 Security+ Tip: Error messages should be informative to the admin, but opaque to the attacker. Keyword to remember: “fail securely.”

Answer 141

🔐 Escrow (in Cybersecurity and IT) Escrow is the process of storing critical digital assets — such as encryption keys, source code, or passwords — with a trusted third party, to be released only under predefined conditions. 🧠 Core Idea: Escrow = “Hold this sensitive thing in safekeeping until it's legally or operationally necessary to release it.” 🔑 Common Use Cases: Use Case Description Key Escrow A third party securely holds encryption keys, to allow recovery or access when needed (e.g., lost password, law enforcement subpoena) Source Code Escrow A developer deposits software code with a neutral party, in case the vendor goes out of business or fails to maintain it Password Escrow Critical credentials (e.g., for admin/root accounts) are stored securely for emergency use Certificate Authority Escrow Stores private keys for recovery or re-issuance purposes 🛡️ Security Benefits: Enables data recovery after lockouts Prevents single point of failure (e.g., if one admin loses access) Supports compliance (e.g., legal access to encrypted data) Protects against vendor failure or sabotage ⚠️ Risks and Concerns: Trust: The escrow agent must be secure and reliable Misuse: Governments or insiders may demand premature access Complexity: Must be carefully managed and audited Backdoor risk: If not properly secured, it introduces a weak link 🔐 Key Escrow Example (Simplified): User encrypts a hard drive with a private key That private key is encrypted and stored in escrow (e.g., with the IT security team) If the user forgets their password, IT can retrieve the key and restore access But access requires, say, 2 admin approvals (dual control) 🧠 Security+ Tip: Escrow = safekeeping of digital assets for emergency access If you see “encryption key recovery,” “vendor collapse,” or “disaster recovery,” think escrow.

Answer 142

🎭 Evil Twin Attack An evil twin is a type of wireless spoofing attack where a malicious actor sets up a fake Wi-Fi access point that mimics a legitimate one — tricking users into connecting so the attacker can steal data, perform man-in-the-middle (MITM) attacks, or deploy malware. 🧠 Core Idea: You think you're connecting to Starbucks_WiFi, but it's actually the attacker's fake clone watching everything you do. 🧩 How an Evil Twin Works: Attacker sets up a Wi-Fi hotspot with the same SSID as a real one. They boost the signal to make it more attractive. Victims connect automatically (or unknowingly) to the rogue AP. All traffic is intercepted, logged, modified, or redirected. Attacker might also serve a fake login page to steal credentials. 🧪 Real-World Example: Real Wi-Fi Evil Twin Airport_WiFi Airport_WiFi (attacker's AP) Captive portal asks for email Attacker mimics portal and steals credentials 🛡️ How to Defend Against Evil Twin Attacks: Defense Technique Description Use VPN Encrypts traffic even over malicious networks Turn off auto-connect Prevents devices from latching onto fake networks Use HTTPS Everywhere Reduces attack impact even if on evil network Enterprise WPA2/WPA3 Uses certificate-based authentication Wireless Intrusion Detection (WIDS) Detects rogue APs and suspicious activity User awareness Recognize risky hotspots and avoid entering creds 🧠 Security+ Tip: Evil twin = fake Wi-Fi AP used for eavesdropping or credential theft. Keywords: SSID spoofing, MITM, wireless phishing.

Answer 143

❌⭕ XOR (Exclusive OR) XOR is a logical operation that outputs true only when the inputs are different — and it’s heavily used in cryptography due to its reversible nature. Used in: Symmetric encryption algorithms (e.g., one-time pad, stream ciphers) Data obfuscation Checksums and error detection 🧠 Security+ Tip: If a question mentions bitwise encryption, reversibility, or one-time pad, think XOR. XOR is secure only when used with truly random, one-time keys — otherwise, it can be broken.

Answer 144

⚙️ Execution Control (a.k.a. Application Control or Execution Restriction) Execution control is a security mechanism that prevents unauthorized, untrusted, or malicious code from being executed on a system. It ensures that only approved software can run — reducing the risk of malware, ransomware, and insider threats. 🧠 Core Idea: Only the programs you explicitly trust are allowed to execute. Everything else is blocked or sandboxed. 🔐 Common Execution Control Techniques: Technique Description Allowlisting Only approved applications or binaries can run Blocklisting Known-bad apps/processes are blocked Code Signing Verification Only executables with valid digital signatures are allowed Script control Blocks unauthorized PowerShell, Python, batch scripts, etc. Application Sandboxing Runs apps in isolated environments to prevent system access File path restrictions Prevents running executables from specific directories (e.g., %TEMP%) User privilege enforcement Prevents non-admins from installing or executing certain apps 🧩 Examples of Execution Control Tools: AppLocker (Windows) Windows Defender Application Control (WDAC) SELinux policies (Linux) Endpoint Protection Platforms (EPPs) Mobile Device Management (MDM) app controls Third-party application control solutions (e.g., Carbon Black, CrowdStrike) 🛡️ Why It Matters in Cybersecurity: Benefit Description ✅ Stops zero-day threats Unknown malware can't run if not allowlisted ✅ Reduces insider abuse Blocks use of tools like Mimikatz, netcat, etc. ✅ Hardens critical systems Ideal for ATMs, kiosks, servers, etc. 🧠 Security+ Tip: Execution control = only trusted code runs Think allowlisting, code signing, script restrictions, or controlled environments.

Answer 145

Suite of tools designed to automate delivery of exploits against common software and firmware vulnerabilities. 💣 Exploitation Framework An exploitation framework is a toolkit used by attackers, red teamers, and penetration testers to identify vulnerabilities, develop payloads, and launch exploits against systems — often in an automated or modular way. 🧠 Core Idea: A Swiss Army knife for attackers: scan, exploit, payload, repeat. 🧩 Common Exploitation Frameworks: Framework Description Metasploit Most popular; modular; supports payloads, exploits, post-exploitation Cobalt Strike Commercial red-teaming suite; includes command & control (C2) capabilities Empire PowerShell-based post-exploitation (no longer officially maintained) Nmap + NSE While not a full framework, supports vulnerability scripting Core Impact / Immunity Canvas Commercial, GUI-based alternatives to Metasploit ⚙️ Typical Modules in an Exploitation Framework: Module Type Purpose Exploit Takes advantage of a specific vulnerability Payload What runs once the system is exploited (e.g., reverse shell) Encoder Obfuscates the payload to evade detection Listener Waits for incoming connections from compromised machines Post-Exploitation Tools for privilege escalation, persistence, data exfil 🔐 Why It Matters: Context Relevance Penetration Testing Used to simulate real-world attacks legally Red Teaming Tests detection and response capabilities Malware Analysis Understand how attackers package exploits Cybercrime Exploitation kits are used in real-world breaches 🧠 Security+ Tip: Exploitation framework = pre-built toolkit for launching and managing exploits. If you see Metasploit, payloads, or modular attacks in the question — this is it.

Answer 146

In risk calculation, the percentage of an asset's value that would be lost during a security incident or disaster scenario.

Answer 147

Framework for negotiating authentication methods that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication.

Answer 148

A port-based network access control (PNAC) mechanism that allows the use of EAP authentication when a host connects to an Ethernet switch.

Answer 149

A private network that provides some access to outside parties, particularly vendors, partners, and select customers. 🧠 Explanation: An Extranet is: A privately controlled portion of an internal network Made accessible to specific external users (like business partners, suppliers, or vendors) Often protected by authentication, VPNs, and firewalls Designed for collaboration or data sharing across organizational boundaries --- ❌ Why the others are incorrect: Option Why it's wrong Internet ❌ Public, global network — open to everyone MAN (Metropolitan Area Network) ❌ Describes a network size/scope, not access control or usage Intranet ❌ Private internal network used only within an organization — not accessible externally --- TL;DR: > 🔒 Intranet = internal only 🔐 Extranet = internal + invited outsiders 🌍 Internet = open to all

Answer 150

A technique that ensures a redundant component, device, or application can quickly and efficiently take over the functionality of an asset that has failed.

Answer 151

Deception strategy that returns spoofed data in response to network probes.

Answer 152

Biometric assessment metric that measures the number of unauthorized users who are mistakenly allowed access.

Answer 153

In security scanning, a case that is not reported when it should be.

Answer 154

In security scanning, a case that is reported when it should not be.

Answer 155

Biometric assessment metric that measures the number of valid subjects who are denied access.

Answer 156

A wire mesh container that blocks external electromagnetic fields from entering into the container.

Answer 157

A process that provides a shared login capability across multiple systems and enterprises. It essentially connects the identity management services of multiple systems.

Answer 158

High speed network communications protocol used to implement SANs.

Answer 159

A processor that can be programmed to perform a specific function by a customer rather than at the time of manufacture.

Answer 160

A type of software that reviews system files to ensure that they have not been tampered with.

Answer 161

A type of FTP using TLS for confidentiality.

Answer 162

Biometric authentication device that can produce a template signature of a user's fingerprint then subsequently compare the template to the digit submitted for authentication.

Answer 163

The first experienced person or team to arrive at the scene of an incident.

Answer 164

Provisioning processing resource close to the network edge of IoT devices to reduce latency.

Answer 165

A commercial digital forensics investigation management and utilities suite, published by AccessData.

Answer 166

A backup type in which all selected files, regardless of prior state, are backed up. full tunnel VPN configuration where all traffic is routed via the VPN gateway.

Answer 167

Encryption of all data on a disk (including system files, temporary files, and the pagefile) can be accomplished via a supported OS, third-party software, or at the controller level by the disk device itself.

Answer 168

A dynamic code analysis technique that involves sending a running application random and unusual input so as to evaluate how the app responds.

Answer 169

Biometric mechanism that identifies a subject based on movement pattern.

Answer 170

A mode of block chained encryption that provides message authenticity for each block.

Answer 171

Provisions and requirements protecting the personal data of European Union (EU) citizens. Transfers of personal data outside the EU Single Market are restricted unless protected by like-for-like regulations, such as the US's Privacy Shield requirements.

Answer 172

The practice of creating a virtual boundary based on real-world geography.

Answer 173

The identification or estimation of the physical location of an object, such as a radar source, mobile phone, or Internet-connected computing device.

Answer 174

Linux command for searching and filtering input. This can be used as a file search tool when combined with ls.

Answer 175

A group account is a collection of user accounts that are useful when establishing file permissions and user rights because when many individuals need the same level of access, a group could be established containing all the relevant users.

Answer 176

On a Windows domain, a way to deploy per-user and per-computer settings such as password policy, account restrictions, firewall status, and so on.

Answer 177

The process of making a host or app configuration secure by reducing its attack surface, through running only necessary services, installing monitoring software to protect against malware and intrusions, and establishing a maintenance schedule to ensure the system is patched to be secure against software exploits.

Answer 178

An appliance for generating and storing cryptographic keys. This sort of solution may be less susceptible to tampering and insider threats than software-based storage.

Answer 179

A method used to verify both the integrity and authenticity of a message by combining a cryptographic hash of the message with a secret key.

Answer 180

Command-line tool used to perform brute force and dictionary attacks against password hashes.

Answer 181

A function that converts an arbitrary length string input to a fixed length string output. A cryptographic hash function does this in a way that reduces the chance of collisions, where two different inputs produce the same output. Also known as message digest.

Answer 182

Linux utility for showing the first lines in a file.

Answer 183

In a Wi-Fi site survey, a diagram showing signal strength at different locations.

Answer 184

A method that uses feature comparisons and likenesses rather than specific signature matching to identify whether the target of observation is malicious.

Answer 185

The property that defines how closely systems approach the goal of providing data availability 100 percent of the time while maintaining a high level of system performance.

Answer 186

An algorithm that generates a one-time password using a hash-based authentication code to verify the authenticity of the message.

Answer 187

Method that allows computation of certain fields in a dataset without decrypting it.

Answer 188

A host, network, or file set up with the purpose of luring attackers away from assets of actual value and/or discovering attack strategies and weaknesses in the security configuration. Also known as honeyfile.

Answer 189

When a user accesses or modifies specific resources that they are not entitled to.

Answer 190

A software application running on a single host and designed to protect only that host. Also known as personal firewall.

Answer 191

A fully configured alternate network that can be online quickly after a disaster.

Answer 192

Arrangement of server racks to maximize the efficiency of cooling systems. Also known as cold/hot aisle.

Answer 193

Using features of HTML5 to implement remote desktop/VPN connections via browser software (clientless).

Answer 194

A cloud deployment that uses both private and public elements.

Answer 195

A security process that provides identification, authentication, and authorization mechanisms for users, computers, and other entities to work with organizational assets like networks, operating systems, and applications.

Answer 196

The invention of fake personal information or the theft and misuse of an individual's personal information.

Answer 197

In a federated network, the service that holds the user account and performs authentication.

Answer 198

A standard for encapsulating EAP communications over a LAN (EAPoL) to implement port-based authentication. 🔐 IEEE 802.1X — Explained in Plain English IEEE 802.1X is a port-based network access control method. Think of it as a security bouncer standing at each network port or Wi-Fi connection, checking IDs before letting devices onto the network. --- 🧠 How it Works (Three Characters in a Mini-Play): 1. Supplicant = The device (e.g., your laptop) trying to connect. 2. Authenticator = The network switch or Wi-Fi access point (the gatekeeper). 3. Authentication Server = Usually a RADIUS server that says "yes" or "no" after checking credentials. --- 🎬 Step-by-Step Flow: 1. Supplicant plugs in or connects. 2. The port is blocked (only allows 802.1X traffic at this point). 3. The Authenticator asks for credentials. 4. The Supplicant sends credentials to the Authenticator, which passes them to the Authentication Server. 5. If the server approves → full network access is granted. 6. If denied → no access granted. --- 🔒 What It Secures: Prevents unauthorized devices from joining the network—even if they plug in directly. Works with wired and wireless networks. Often used with certificates or usernames/passwords (EAP-TLS, PEAP, etc.). --- 🛑 What It Doesn't Do: It does not physically disable the port (like yanking the cable). It does not work alone—you need a RADIUS server and supporting infrastructure. It is more complex to set up than simpler methods like MAC filtering. --- TL;DR: IEEE 802.1X = Digital gatekeeper. It lets only authenticated users through the port, but the port is still "electrically alive" unless explicitly shut down. Great for secure environments, but not as absolute as physically unplugging a cable.

Answer 199

A basic principle of security stating that unless something has explicitly been granted access, it should be denied access.

Answer 200

Specific procedures that must be performed if a certain type of event is detected or reported.

Answer 201

A backup type in which all selected files that have changed since the last full or incremental backup (whichever was most recent) are backed up.

Answer 202

A sign that an asset or network has been attacked or is currently under attack.

Answer 203

Methods of disguising the nature and purpose of buildings or parts of buildings.

Answer 204

A network managing embedded devices (computer systems that are designed to perform a specific, dedicated function).

Answer 205

Not-for-profit group set up to share sector-specific threat intelligence and security best practices amongst its members.

Answer 206

A computing method that uses the cloud to provide any or all infrastructure needs.

Answer 207

A provisioning architecture in which deployment of resources is performed by scripted automation and orchestration.

Answer 208

Risk that an event will pose if no controls are put in place to mitigate it.

Answer 209

A wireless attack where the attacker is able to predict or control the IV of an encryption process, thus giving the attacker access to view the encrypted data that is supposed to be hidden from everyone else except the user or network.

Answer 210

An industry body comprising the main PKI providers, such as Verisign and Entrust, that was established with the aim of developing an open, strong authentication framework.

Answer 211

Any technique used to ensure that the data entered into a field or variable in an application is handled appropriately by that application.

Answer 212

Coding vulnerability where unvalidated input is used to select a resource object, such as a file or database. 1

Answer 213

A type of threat actor who is assigned privileges on the system that cause an intentional or unintentional incident.

Answer 214

An attack in which a computed result is too large to fit in its assigned storage space, which may lead to crashing or data corruption, and may trigger a buffer overflow.

Answer 215

The fundamental security goal of keeping organizational information accurate, free of errors, and without unauthorized modifications.

Answer 216

In threat hunting, using sources of threat intelligence data to automate detection of adversary IoCs and TTPs.

Answer 217

Any federal agency interconnecting its IT system to a third-party must create an ISA to govern the relationship. An ISA sets out a security risk awareness process and commit the agency and supplier to implementing security controls.

Answer 218

A comprehensive set of standards for information security, including best practices for security and risk management, compliance, and technical implementation.

Answer 219

A comprehensive set of standards for enterprise risk management.

Answer 220

Framework for creating a Security Association (SA) used with IPSec. An SA establishes that two hosts trust one another (authenticate) and agree secure protocols and cipher suites to use to exchange data.

Answer 221

A set of open, non-proprietary standards that are used to secure data through authentication and encryption as the data travels across the network or the Internet.

Answer 222

A private network that is only accessible by the organization's own personnel.

Answer 223

A software and/or hardware system that scans, audits, and monitors the security infrastructure for signs of attacks in progress.

Answer 224

An IDS that can actively block attacks.

Answer 225

Software consolidating management of multiple DHCP and DNS services to provide oversight into IP address allocation across an enterprise network.

Answer 226

Standards-based version of the Netflow framework.

Answer 227

An attack in which radio waves disrupt 802.11 wireless signals.

Answer 228

The policy of preventing any one individual performing the same role or tasks for too long. This deters fraud and provides better oversight of the person's duties.

Answer 229

A hardened server that provides access to other hosts. Also known as jumpbox.

Answer 230

A single sign-on authentication and authorization service that is based on a time-sensitive ticket-granting system.

Answer 231

Malicious software or hardware that can record user keystrokes.

Answer 232

A model developed by Lockheed Martin that describes the stages by which a threat actor progresses a network intrusion.

Answer 233

The process by which an attacker is able to move from one part of a computing environment to another.

Answer 234

VPN protocol for tunneling PPP sessions across a variety of network protocols such as IP, Frame Relay, or ATM.

Answer 235

An application attack that targets web-based applications by fabricating LDAP statements that are typically created by user input.

Answer 236

A basic principle of security stating that something should be allocated the minimum necessary rights, privileges, or information to perform its role.

Answer 237

An analysis of events that can provide insight into how to improve response processes in the future. Also known as after action report or AAR.

Answer 238

Cryptographic algorithms with reduced compute requirements that are suitable for use in resource-constrained environments, such as battery-powered devices.

Answer 239

A network protocol used to access network directory databases, which store information about authorized users and their privileges, as well as other organizational information.

Answer 240

A method of implementing LDAP using SSL/TLS encryption.

Answer 241

Cisco Systems' proprietary EAP implementation.

Answer 242

A type of switch or router that distributes client requests between different resources, such as communications links or similarly-configured servers. This provides fault tolerance and improves throughput.

Answer 243

Linux utility that writes data to the system log.

Answer 244

A malicious program or script that is set to run under particular circumstances or in response to a defined event.

Answer 245

If broadcast traffic is allowed to continually loop around a network, the number of broadcast packets increases exponentially, crashing the network. Loop protection in switches (such as Spanning Tree Protocol), and in routers (Time To Live for instance) is designed to prevent this.

Answer 246

Proving the integrity and authenticity of a message by combining its hash with a shared secret.

Answer 247

A variation of an ARP poisoning attack where a switch's cache table is inundated with frames from random source MAC addresses.

Answer 248

Third-party provision of security configuration and monitoring as an outsourced service.

Answer 249

A category of security control that gives oversight of the information system.

Answer 250

Access control model where resources are protected by inflexible, system defined rules. Resources (objects) and users (subjects) are allocated a clearance level (or label).

Answer 251

The principle that states when and how long an employee must take time off from work so that their activities may be subjected to a security review.

Answer 252

In threat hunting, the concept that threat actor and defender may use deception or counterattacking strategies to gain positional advantage.

Answer 253

An attack when the web browser is compromised by installing malicious plug-ins or scripts, or intercepting API calls between the browser process and DLLs.

Answer 254

A form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently.

Answer 255

A secure entry system with two gateways, only one of which is open at any one time.

Answer 256

The longest period of time a business can be inoperable without causing irrevocable business failure.

Answer 257

The rating on a device or component that predicts the expected time between failures.

Answer 258

The average time a device or component is expected to be in operation.

Answer 259

The average time taken for a device or component to be repaired, replaced, or otherwise recover from a failure.

Answer 260

A UEFI feature that gathers secure metrics to validate the boot process in an attestation report.

Answer 261

Evaluates the data collection and statistical methods used by a quality management process to ensure they are robust.

Answer 262

An attack in which an attacker falsifies the factory-assigned MAC address of a device's network interface. Also known as MAC spoofing.

Answer 263

Applying an access control list to a switch or access point so that only clients with approved MAC addresses can connect to it.

Answer 264

Linux utility developed as part of the Coroner's Toolkit to dump system memory data to a file.

Answer 265

Usually a preliminary or exploratory agreement to express an intent to work together that is not legally binding and does not involve the exchange of money.

Answer 266

A software vulnerability that can occur when software does not release allocated memory when it is done using it, potentially leading to system instability.

Answer 267

A cryptographic hash function producing a 128-bit output.

Answer 268

Information stored or recorded as a property of an object, state of a system, or transaction.

Answer 269

A software architecture where components of the solution are conceived as highly decoupled services not dependent on a single platform type or technology.

Answer 270

A type of RAID that using two hard disks, providing the simplest way of protecting a single disk against failure. Data is written to both disks and can be read from either disk.

Answer 271

A business or organizational activity that is too critical to be deferred for anything more than a few hours, if at all.

Answer 272

Enterprise management function that enables control over apps and storage for mobile devices and other endpoints.

Answer 273

The process and supporting technologies for tracking, controlling, and securing the organization's mobile infrastructure.

Answer 274

Implementation of a block symmetric cipher, with some modes allowing secure encryption of a stream of data, with or without authentication for each block.

Answer 275

Cloud service providing ongoing security and availability monitoring of on-premises and/or cloud-based hosts and services.

Answer 276

A cloud deployment model where the cloud consumer uses multiple public cloud services.

Answer 277

An authentication scheme that requires the user to present at least two different factors as credentials, from something you know, something you have, something you are, something you do, and somewhere you are. Specifying two factors is known as 2FA.

Answer 278

Extension to SMS allowing digital data (picture, video, or audio) to be sent over a cellular data connection.

Answer 279

Overprovisioning controllers and cabling so that a host has failover connections to storage media.

Answer 280

Developed by Cisco from ATM as a means of providing traffic engineering (congestion control), Class of Service,

Answer 281

Developed by Cisco from ATM as a means of providing traffic engineering (congestion control), Class of Service, and Quality of Service within a packet switched, rather than circuit switched, network.

Answer 282

Low-power cellular networks designed to provide data connectivity to IoT devices.

Answer 283

Utility for reading and writing raw data over a network connection. Also known as netcat.

Answer 284

A standard for peer-to-peer (2-way) radio communications over very short (around 4") distances, facilitating contactless payment and similar technologies. NFC is based on RFID.

Answer 285

One of the best-known commercial vulnerability scanners, produced by Tenable Network Security. Also known as Tenable.

Answer 286

A Cisco-developed means of reporting network flow information to a structured database. NetFlow allows better understanding of IP traffic flows as used by different network applications and hosts.

Answer 287

A general term for the collected protocols, policies, and hardware that authenticate and authorize access to a network at the device level.

Answer 288

A routing mechanism that conceals internal addressing schemes from the public Internet by translating between a single public address on the external side of a router and private, non-routable addresses internally.

Answer 289

Provisioning virtual network appliances, such as switches, routers, and firewalls, via VMs and containers.

Answer 290

Advances in firewall technology, from app awareness, user-based filtering, and intrusion prevention to cloud inspection. Also known as layer 7 firewall.

Answer 291

Versatile port scanner used for topology, host, service, and OS discovery and enumeration.

Answer 292

An arbitrary number used only once in a cryptographic communication, often to prevent replay attacks.

Answer 293

An agreement that stipulates that entities will not share confidential information, knowledge, or materials with unauthorized third parties.

Answer 294

The security goal of ensuring that the party that sent a transmission or created data remains associated with that data and cannot deny sending or creating that data.

Answer 295

A routine that applies a common consistent format to incoming data so that it can be processed safely. Normalization is referred to in the context of log collection and software coding.

Answer 296

A challenge-response authentication protocol created by Microsoft for use in its products.

Answer 297

Software optimized for multiplatform log collection and aggregation.

Answer 298

A technique that essentially "hides" or "camouflages" code or other information so that it is harder to read by unauthorized users.

Answer 299

Numeric schema used for attributes of digital certificates.

Answer 300

The process of ensuring that all HR and other requirements are covered when an employee leaves an organization. Also known as exit interview.

Answer 301

In PKI, a CA (typically the root CA) that has been disconnected from the network to protect it from compromise.

Answer 302

The process of bringing in a new employee, contractor, or supplier.

Answer 303

Allows clients to request the status of a digital certificate, to check whether it is revoked.

Answer 304

Standards for implementing device encryption on storage devices.

Answer 305

Standard for federated identity management, allowing resource servers or consumer sites to work with user accounts created and managed on a separate identity provider.

Answer 306

A charity and community publishing a number of secure application development resources.

Answer 307

An authentication layer that sits on top of the OAuth 2.0 authorization protocol.

Answer 308

Publicly available information plus the tools used to aggregate and search it.

Answer 309

A category of security control that is implemented by people.

Answer 310

A communications network designed to implement an industrial control system rather than data networking.

Answer 311

The automation of multiple steps in a deployment process.

Answer 312

The order in which volatile data should be recovered from various storage locations and devices after a security incident occurs.

Answer 313

Accessing the administrative interface of a network appliance using a separate network from the usual data network. This could use a separate VLAN or a different kind of link, such as a dial-up modem.

Answer 314

A firmware update delivered on a cellular data connection.

Answer 315

A network-based attack where the attacker steals hashed user credentials and uses them as-is to try to authenticate to the same network the hashed credentials originated on.

Answer 316

A test that uses active tools and security utilities to evaluate security by simulating an attack on a system. A pen test will verify that a threat exists, then will actively test and bypass security controls, and will finally exploit vulnerabilities on the system. Also known as pentest.

Answer 317

Mechanism for encoding characters as hexadecimal values delimited by the percent sign.

Answer 318

A characteristic of transport encryption that ensures if a key is compromised the compromise will only affect a single session and not facilitate recovery of plaintext data from other sessions.

Answer 319

The ability of a threat actor to maintain covert access to a target host or network.

Answer 320

In load balancing, the configuration option that enables a client to maintain a connection with a load-balanced server over the duration of the session. Also referred to as sticky sessions.

Answer 321

A smart card that meets the standards for FIPS 201, in that it is resistant to tampering and provides quick electronic authentication of the card's owner.

Answer 322

Windows file format for storing a private key and certificate data. The file can be password-protected.

Answer 323

Data that can be used to identify or contact an individual (or in the case of identity theft, to impersonate them).

Answer 324

An impersonation attack in which a request for a website, typically an e-commerce site, is redirected to a similar-looking, but fake, website.

Answer 325

A type of email-based social engineering attack, in which the attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim.

Answer 326

A type of security control that acts against in-person intrusion attempts.

Answer 327

A deprecated method of trusting digital certificates that bypasses the CA hierarchy and chain of trust to minimize man-in-the-middle attacks.

Answer 328

A computing method that uses the cloud to provide any platform-type services.

Answer 329

A checklist of actions to perform to detect and respond to a specific type of incident

Answer 330

Dial-up protocol working at layer 2 (Data Link) used to connect devices remotely to networks.

Answer 331

A software vulnerability that can occur when code attempts to read a memory location specified by a pointer, but the memory location is null. Also known as dereferencing.

Answer 332

A point-to-point topology is one where two nodes have a dedicated connection to one another. In a point-to-multipoint topology, a central node mediates links between remote nodes. Also known as Point-to-point.

Answer 333

A process in which a router takes requests from the Internet for a particular application (such as HTTP) and sends them to a designated host on the LAN. Also known as destination network address translation or DNAT.

Answer 334

Copying ingress and/or egress communications from one or more switch ports to another port. This is used to monitor communications passing over the switch. Also known as switched port analyzer or SPAN.

Answer 335

Preventing a device attached to a switch port from communicating on the network unless it matches a given MAC address or other protection profile.

Answer 336

A switch (or router) that performs some sort of authentication of the attached device before activating the port.

Answer 337

Anticipating challenges to current cryptographic implementations and general security issues in a world where threat actors have access to significant quantum processing capability.

Answer 338

Software that cannot definitively be classed as malicious, but may not have been chosen by or wanted by the user.

Answer 339

Advanced strip socket that provides filtered output voltage. A managed unit supports remote administration.

Answer 340

A command shell and scripting language built on the .NET Framework.

Answer 341

Passphrase-based mechanism to allow group authentication to a wireless network. The passphrase is used to derive an encryption key.

Answer 342

Base64 encoding scheme used to store certificate and key data as ASCII text.

Answer 343

A cloud that is deployed for use by a single entity.

Answer 344

In asymmetric encryption, the private key is known only to the holder and is linked to, but not derivable from, a public key distributed to those with which the holder wants to communicate securely. A private key can be used to encrypt data that can be decrypted by the linked public key or vice versa.

Answer 345

The use of authentication and authorization mechanisms to provide an administrator with centralized or decentralized control of user and group role-based privilege management.

Answer 346

The practice of exploiting flaws in an operating system or other application to gain a greater level of access than was intended for the user or application.

Answer 347

A type of computer designed for deployment in an industrial or outdoor setting that can automate and monitor mechanical systems.

Answer 348

EAP implementation that uses a server-side certificate to create a secure tunnel for user authentication, referred to as the inner method.

Answer 349

Information that identifies someone as the subject of medical and insurance records, plus associated hospital and laboratory test results.

Answer 350

In digital forensics, being able to trace the source of evidence to a crime scene and show that it has not been tampered with.

Answer 351

A server that mediates the communications between a client and another server. It can filter and often modify communications, as well as provide caching services to improve performance. Also known as forward proxy. -- It’s called a proxy firewall because it acts as a middleman — or proxy — between your device and the internet. --- 🧠 TL;DR: > A proxy firewall hides your identity and inspects your data. It fetches data on your behalf and returns it to you, after checking it. --- 🔍 Why “Proxy”? You: “Hey, I want to access example.com” Proxy Firewall: “Cool, I’ll go get it for you. But first, I’ll scan it to make sure it’s clean.” Server: Never sees you directly — only the proxy. So: You → proxy firewall → internet Internet → proxy firewall → you Your real identity (like IP address) is shielded. --- 🔐 Benefits: ✅ Description Hides your IP Makes your system less targetable Deep inspection Can scan requests, URLs, files, etc. Filters per user or app Can block certain websites or detect malware Logging and caching Tracks usage and can reduce redundant traffic --- 🧪 Analogy: > A proxy firewall is like a personal assistant who screens all your calls and emails: Only clean, safe, relevant stuff gets through. 📡 Forward Proxy (Client-Side) > Think: "I want to browse, but I don’t want websites to know it’s me." Hides the user from the internet Makes web requests on behalf of the user Common in schools, corporations, or privacy tools (like Tor) 🧪 Analogy: > You ask a friend to go buy something embarrassing from the store so the cashier doesn’t know it’s for you. 🛡️ Use Cases: Block certain websites (e.g., YouTube at work) Bypass geo-restrictions Anonymity

Answer 352

Removing personal information from a data set to make identification of individuals difficult, even if the data set is combined with other sources.

Answer 353

A cloud that is deployed for shared use by multiple independent tenants.

Answer 354

During asymmetric encryption, this key is freely distributed and can be used to perform the reverse encryption or decryption operation of the linked private key in the pair.

Answer 355

Format that allows a private key to be exported along with its digital certificate.

Answer 356

Series of standards defining the use of certificate authorities and digital certificates.

Answer 357

Framework of certificate authorities, digital certificates, software, services, and other cryptographic components deployed for the purpose of validating subject identities.

Answer 358

A mode of penetration testing where red and blue teams share information and collaborate throughout the engagement.

Answer 359

In data protection, the principle that personal information can be collected and processed only for a stated purpose to which the subject has consented.

Answer 360

High-level programming language that is widely used for automation.

Answer 361

Policies, procedures, and tools designed to ensure defect-free development and delivery.

Answer 362

A risk analysis method that uses opinions and reasoning to measure the likelihood and impact of risk.

Answer 363

Systems that differentiate data passing over the network that can reserve bandwidth for particular applications. A system that cannot guarantee a level of available bandwidth is often described as Class of Service (CoS). Also known as CoS.

Answer 364

A risk analysis method that is based on assigning concrete values to factors.

Answer 365

Using quantum computing for cryptographic tasks, such as distributing keys or cracking (traditional) cryptographic systems. Quantum computing works on the principle that its units (qubits) have more properties than the bits used in "classical" computers, notably (and very crudely) that a qubit can have a probability of being 1 or 0 and that inspecting the value of one qubit can instantly determine that of others (entanglement).

Answer 366

A software vulnerability when the resulting outcome from execution processes is directly dependent on the order and timing of certain events, and those events fail to execute in the order and timing intended by the developer.

Answer 367

Tool for speeding up attacks against Windows passwords by precomputing possible hashes.

Answer 368

A type of password attack where an attacker uses a set of related plaintext passwords and their hashes to crack passwords.

Answer 369

Open-source platform producing programmable circuit boards for education and industrial prototyping.

Answer 370

A type of OS that prioritizes deterministic execution of operations to ensure consistent response for time-critical tasks.

Answer 371

Opens a data stream for video and voice applications over UDP. The data is packetized and tagged with control information (sequence numbering and time-stamping).

Answer 372

In PKI, an account or combination of accounts that can copy a cryptographic key from backup or escrow and restore it to a subject host or user.

Answer 373

The longest period of time that an organization can tolerate lost data being unrecoverable.

Answer 374

The length of time it takes after an event to resume normal business operations and activities.

Answer 375

The "hostile" or attacking team in a penetration test or incident response exercise.

Answer 376

Specifications that support redundancy and fault tolerance for different configurations of multiple-device storage systems.

Answer 377

A group of characters that describe how to execute a specific search pattern on a given text.

Answer 378

In PKI, an authority that accepts requests for digital certificates and authenticates the entities making those requests.

Answer 379

Malware that creates a backdoor remote administration channel to allow a threat actor to access and control the infected host.

Answer 380

A standard protocol used to manage remote and wireless authentication infrastructures.

Answer 381

Using a trigger device to send a BGP route update that instructs routers to drop traffic that is suspected of attempting DDoS.

Answer 382

An attack where the attacker intercepts some authentication data and reuses it to try to re-establish a session.

Answer 383

Automatically copying data between two processing systems either simultaneously on both systems (synchronous) or from a primary to a secondary location (asynchronous).

Answer 384

Risk that remains even after controls are put into place.

Answer 385

Dictates for how long information needs to be kept available on backup and archive systems. This may be subject to legislative requirements.

Answer 386

A type of proxy server that protects servers from direct contact with client requests. __ 🏰 Reverse Proxy (Server-Side) > Think: "I’m a website and want to hide my servers behind a shield." Hides the server from clients Clients send requests to the reverse proxy → it fetches data from actual server Used in load balancing, SSL termination, WAFs, and CDNs 🧪 Analogy: > You visit a company HQ and speak to a receptionist. The receptionist forwards your request to the right department — but you never see the departments directly. 🛡️ Use Cases: Load balance across multiple backend servers Protect internal server IPs Caching and compression Web Application Firewalls (WAF)

Answer 387

A maliciously spawned remote command shell where the victim host opens the connection to the attacking host.

Answer 388

Platform-independent advanced messaging functionality designed to replace SMS and MMS.

Answer 389

The response of determining that a risk is within the organization's appetite and no countermeasures other than ongoing monitoring is needed.

Answer 390

In risk mitigation, the practice of ceasing activity that presents risk.

Answer 391

In risk mitigation, the response of deploying security controls to reduce the likelihood and/or impact of a threat scenario. Also known as risk reduction.

Answer 392

A graphical table indicating the likelihood and impact of risk factors identified for a workflow, project, or department 1 for reference by stakeholders. 2

Answer 393

The response of reducing risk to fit within an organization's risk appetite.

Answer 394

A document highlighting the results of risk assessments in an easily comprehensible format (such as a "traffic light" grid). Its purpose is for department managers and technicians to understand risks associated with the workflows that they manage.

Answer 395

In risk mitigation, the response of moving or sharing the responsibility of risk to another entity, such as by purchasing cybersecurity insurance.

Answer 396

In ESA, a framework that uses risk assessment to prioritize security control selection and investment.

Answer 397

Named for its designers, Ronald Rivest, Adi Shamir, and Len Adelman, the first successful algorithm for public key encryption with a variable key length and block size.

Answer 398

A remote-controlled or autonomous robot capable of patrolling site premises or monitoring gateways.

Answer 399

An access control model where resources are protected by ACLs that are managed by administrators and that provide user permissions based on job functions.

Answer 400

In PKI, a CA that issues certificates to intermediate CAs in a hierarchical structure.

Answer 401

A class of malware that modifies system files, often at the kernel level, to conceal its presence.

Answer 402

A hardware device that has the primary function of a router, but also has firewall functionality embedded into the router firmware.

Answer 403

Rules that govern how routers communicate and forward traffic between networks.

Answer 404

A nondiscretionary access control technique that is based on a set of operational rules or restrictions to enforce a least privileges permissions policy.

Answer 405

An automated version of a playbook that leaves clearly defined interaction points for human analysis.

Answer 406

A security countermeasure that mitigates the impact of a rainbow table attack by adding a random value to ("salting") each plaintext input.

Answer 407

A computing environment that is isolated from a host system to guarantee that the environment runs in a controlled, secure fashion. Communication links between the sandbox and the host are usually completely prohibited.

Answer 408

The process of thorough and completely removing data from a storage medium so that file remnants cannot be recovered.

Answer 409

The property by which a computing environment is able to gracefully fulfill its ever-increasing resource needs.

Answer 410

Utility that runs port scans through third-party websites to evade detection.

Answer 411

A dual-homed proxy/gateway server used to provide Internet access to other network nodes, while protecting them from external attack.

Answer 412

An inexperienced, unskilled attacker that typically uses tools or scripts created by others.

Answer 413

A UEFI feature that prevents unwanted processes from executing during the boot operation.

Answer 414

A method of sanitizing a drive using the ATA command set.

Answer 415

A secure version of the File Transfer Protocol that uses a Secure Shell (SSH) tunnel as an encryption method to transfer, access, and manage files.

Answer 416

A cryptographic hashing algorithm created to address possible weaknesses in MDA. The current version is SHA-2.

Answer 417

A remote administration and file-copy program that supports VPNs by using port forwarding, and that runs on TCP port 22.

Answer 418

A protocol that uses the HTTP over SSL protocol and encapsulates an IP packet with a PPP header and then with an SSTP header.

Answer 419

An appliance or proxy server that mediates client connections with the Internet by filtering spam and malware and enforcing access restrictions on types of sites visited, time spent, and bandwidth consumed.

Answer 420

An email encryption standard that adds digital signatures and public key cryptography to traditional MIME communications.

Answer 421

A computing method that enables clients to take advantage of information, software, infrastructure, and processes provided by a cloud vendor in the specific area of computer security.

Answer 422

An XML-based data format used to exchange authentication information between a client and a service.

Answer 423

A NIST framework that outlines various accepted practices for automating vulnerability scanning.

Answer 424

A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the confidentiality, integrity, and availability (CIA) of information.

Answer 425

The value assigned to an account by Windows and that is used by the operating system to identify that account.

Answer 426

A solution that provides real-time or near-real-time analysis of security alerts generated by network hardware and applications.

Answer 427

A class of security tools that facilitates incident response, threat hunting, and security configuration by orchestrating automated runbooks and delivering data enrichment.

Answer 428

Since version 4.3, Android has been based on Security-Enhanced Linux, enabling granular permissions for apps, container isolation, and storage segmentation.

Answer 429

A portion of a network where all attached hosts can communicate freely with one another.

Answer 430

A disk drive where the controller can automatically encrypt data that is written to it.

Answer 431

A digital certificate that has been signed by the entity that issued it, rather than by a CA.

Answer 432

Devising an AI/ML algorithm that can describe or classify the intention expressed in natural language statements.

Answer 433

A concept that states that duties and responsibilities should be divided among individuals to prevent ethical conflicts or abuse of powers.

Answer 434

Developed from parallel SCSI, SAS represents the highest performing hard disk interface available.

Answer 435

A digital certificate that guarantees the identity of e-commerce sites and other websites that gather and store confidential information.

Answer 436

A software architecture that runs functions within virtualized runtime containers in a cloud rather than on dedicated server instances.

Answer 437

In a web application, input data that is executed or validated as part of a script or process running on the server.

Answer 438

A host or network account that is designed to run a background service, rather than to log on interactively.

Answer 439

Operating procedures and standards for a service contract.

Answer 440

SSID = Service Set Identifier It’s the name of a Wi-Fi network that devices see when they scan for available wireless connections. > Think of it as the “network name on the menu” your device picks from when connecting to Wi-Fi.

Answer 441

A software architecture where components of the solution are conceived as loosely coupled services not dependent on a single platform type or technology.

Answer 442

A scheduling approach used by load balancers to route traffic to devices that have already established connections with the client in question. Also known as source IP affinity.

Answer 443

A type of spoofing attack where the attacker disconnects a host then replaces it with his or her own machine, spoofing the original host's IP address.

Answer 444

Used to establish, disestablish, and manage VoIP and conferencing communications sessions. It handles user discovery (locating a user on the network), availability advertising (whether a user is prepared to receive calls), negotiating session parameters (such as use of audio/video), and session management and termination.

Answer 445

Web standard for using sampling to record network traffic statistics.

Answer 446

Computer hardware, software, or services used on a private network without authorization from the system owner.

Answer 447

An account with no credential (guest) or one where the credential is known to multiple persons.

Answer 448

Lightweight block of malicious code that exploits a software vulnerability to gain initial access to a victim system.

Answer 449

The process of developing and implementing additional code between an application and the operating system to enable functionality that would otherwise be unavailable.

Answer 450

A social engineering tactic to obtain someone's password or PIN by observing him or her as he or she types it in.

Answer 451

A network monitoring system that uses a predefined set of rules provided by a software vendor or security personnel to identify events that are unacceptable.

Answer 452

Protocol for monitoring and managing network devices. SNMP works over UDP ports 161 and 162 by default.

Answer 453

An XML-based web services protocol that is used to exchange messages.

Answer 454

Personal authentication mechanism for Wi-Fi networks introduced with WPA3 to address vulnerabilities in the WPA-PSK method.

Answer 455

The amount that would be lost in a single occurrence of a particular risk factor.

Answer 456

A component or system that would cause a complete interruption of a service if it failed.

Answer 457

An authentication

Answer 458

A DoS attack mitigation strategy that directs the traffic that is flooding a target IP address to a different network for analysis.

Answer 459

A device similar to a credit card that can store authentication information, such as a user's private key, on an embedded microchip.

Answer 460

A utility meter that can submit readings to the supplier without user intervention.

Answer 461

A form of phishing that uses SMS text messages to trick a victim into revealing information.

Answer 462

Software utility designed for penetration testing reporting and evidence gathering that can also run automated test suites.

Answer 463

A computing method that uses the cloud to provide application services to users.

Answer 464

APIs and compatible hardware/virtual appliances allowing for programmable network appliances and systems.

Answer 465

APIs for reporting configuration and state data for automated monitoring and alerting.

Answer 466

Coding resources provided by a vendor to assist with development projects that use their platform or API.

Answer 467

A spam attack that is propagated through instant messaging rather than email.

Answer 468

STP Trees = Prevent loops at the switch level (physical/logical topology) A switching protocol that prevents network loops by dynamically disabling links as needed. Purpose: Prevent loops in Ethernet networks. Tree: One Root Bridge at the top; all other switches connect via the best path. Analogy: Like a train system choosing the safest and most efficient tracks.

Answer 469

An email-based or web-based form of phishing which targets specific individuals.

Answer 470

VPN configuration where only traffic for the private network is routed via the VPN gateway.

Answer 471

Applying consistent names and labels to assets and digital resources/identities within a configuration management system.

Answer 472

Mechanism used to mitigate performance and privacy issues when requesting certificate status from an OCSP responder.

Answer 473

A type of threat actor that is supported by the resources of its host country's military and security services. Also known as nation state actor.

Answer 474

Field in a digital certificate allowing a host to be identified by multiple host names/subdomains.

Answer 475

A small chip card that identifies the user and phone number of a mobile device, via an International Mobile Subscriber Identity (ISMI).

Answer 476

A type of industrial control system that manages large-scale, multiple-site devices and equipment spread over geographically large areas.

Answer 477

In EAP architecture, the device requesting access to the network.

Answer 478

A two-way encryption scheme in which encryption and decryption are both performed by the same key. Also known as shared-key encryption.

Answer 479

A protocol enabling different appliances and software applications to transmit logs or event records to a central server.

Answer 480

A processor that integrates the platform functionality of multiple logical controllers onto a single chip.

Answer 481

Analysis of historical cyberattacks and adversary actions.

Answer 482

Linux utility for showing the last lines in a file.

Answer 483

Social engineering technique to gain access to a building by following someone who is unaware of their presence.

Answer 484

Tape media provides robust, high-speed, high-capacity backup storage. Tape drives and autoloader libraries can be connected to the SATA and SAS buses or accessed via a SAN.

Answer 485

A command-line packet sniffing utility.

Answer 486

A command-line utility that replays packets saved to a file back through a network adapter.

Answer 487

A category of security control that is implemented as a system (hardware, software, or firmware). Technical controls may also be described as logical controls.

Answer 488

A mechanism used in the first version of WPA to improve the security of wireless encryption mechanisms, compared to the flawed WEP standard.

Answer 489

An AAA protocol developed by Cisco that is often used to authenticate to administrator accounts for network appliance management.

Answer 490

A hardware device inserted into a cable to copy frames for analysis.

Answer 491

Using the cellular data plan of a mobile device to provide Internet access to a laptop or PC. The PC can be tethered to the mobile by USB, Bluetooth, or Wi-Fi (a mobile hotspot). Also known as hotspot.

Answer 492

a field is used to indicate a priority value for a layer 3 (IP) packet to facilitate Quality of Service (QoS) or Class of Service (CoS) scheduling.

Answer 493

Utility for gathering results from open source intelligence queries.

Answer 494

An access point that requires a wireless controller in order to function.

Answer 495

Vulnerabilities that arise from dependencies in business relationships with suppliers and customers.

Answer 496

The person or entity responsible for an event that has been identified as a security incident or as a risk.

Answer 497

Cybersecurity technique designed to detect presence of threats that have not been discovered by normal security monitoring.

Answer 498

Animated map showing threat sources in near real-time.

Answer 499

The potential vulnerability that occurs when there is a change between when an app checked a resource and when the app used the resource.

Answer 500

The potential vulnerability that occurs when there is a change between when an app checked a resource and when the app used the resource.

Answer 501

In forensics, identifying whether a time zone offset has been applied to a file's time stamp.

Answer 502

An improvement on HOTP that forces one-time passwords to expire after a short period of time.

Answer 503

In digital forensics, a tool that shows the sequence of file system events within a source image in a graphical format.

Answer 504

A physical or virtual item that contains authentication and/or authorization data, commonly used in multifactor authentication.

Answer 505

A deidentification method where a unique token is substituted for real data.

Answer 506

In cloud computing, a virtual router deployed to facilitate connections between VPC subnets and VPN gateways.

Answer 507

A security protocol that uses certificates for authentication and encryption to protect web communication.

Answer 508

The process of detecting patterns within a dataset over time, and using those patterns to make predictions about future events or better understand past events.

Answer 509

A malicious software program hidden within an innocuous-seeming piece of software. Usually, the Trojan is used to try to compromise the security of the target computer. Also known as Trojan.

Answer 510

A protocol for exchanging cyber threat intelligence between organizations.

Answer 511

A protocol for exchanging cyber threat intelligence between organizations.

Answer 512

A specification for hardware-based storage of digital certificates, keys, hashed passwords, and other user and platform identification information.

Answer 513

An attack—also called typosquatting—in which an attacker registers a domain name with a common misspelling of an existing domain, so that a user who misspells a URL they enter into a browser is taken to the attacker's website. Also known as URL hijacking.

Answer 514

Enterprise software for controlling device settings, apps, and corporate data storage on all types of fixed, mobile, and IoT computing devices.

Answer 515

All-in-one security appliances and agents that combine the functions of a firewall, malware scanner, intrusion detection, vulnerability scanner, data loss prevention, content filtering, and so on.

Answer 516

Hardware plug to prevent malicious data transfer when a device is plugged into a USB charging point.

Answer 517

A system that can provide automated identification of suspicious activity by user accounts and computer hosts.

Answer 518

Policies and procedures to identify vulnerabilities and ensure security of the supply chain.

Answer 519

The user desktop and software applications provisioned as an instance under VDI.

Answer 520

A virtualization implementation that separates the personal computing environment from a user's physical computer.

Answer 521

A logically separate network, created by using switching technology. Even though hosts on two VLANs may be physically connected to the same cabling, local traffic is isolated to each VLAN so they must use a router to communicate.

Answer 522

An attack where malware running in a VM is able to interact directly with the hypervisor or host kernel.

Answer 523

Configuration vulnerability where provisioning and deprovisioning of virtual assets is not properly authorized and monitored.

Answer 524

A private network segment made available to a single cloud consumer on a public cloud.

Answer 525

A secure tunnel created between two endpoints connected via an unsecure network (typically the Internet).

Answer 526

Code designed to infect computer files (or disks) when it is activated.

Answer 527

A human-based attack where the attacker extracts information while speaking over the phone or leveraging IPbased voice messaging services (VoIP).

Answer 528

Programming languages used to implement macros and scripting in Office document automation.

Answer 529

A weakness that could be triggered accidentally or exploited intentionally to cause a security breach.

Answer 530

An evaluation of a system's security and ability to meet compliance requirements based on the configuration state of the system, as represented by information collected from the system.

Answer 531

The practice of using a Wi-Fi sniffer to detect WLANs and then either making use of them (if they are open/unsecured) or trying to break into them (using WEP and WPA cracking tools).

Answer 532

A location that is dormant or performs noncritical functions under normal conditions, but which can be rapidly converted to a key operations site if needed.

Answer 533

An attack in which an attacker targets specific groups or organizations, discovers which websites they frequent, and injects malicious code into those sites.

Answer 534

"A firewall designed specifically to protect software running on web servers and their backend databases from code injection and DoS attacks"

Answer 535

An email-based or web-based form of phishing which targets senior executives or wealthy individuals.

Answer 536

Staff administering, evaluating, and supervising a penetration test or incident response exercise.

Answer 537

Standards for authenticating and encrypting access to Wi-Fi networks. Also known as WPA2, WPA3.

Answer 538

A feature of WPA and WPA2 that allows enrollment in a wireless network based on an 8-digit PIN.

Answer 539

Forensics tool for Windows that allows collection and inspection of binary code in disk and memory images.

Answer 540

A legacy mechanism for encrypting data sent over a wireless connection.

Answer 541

A vulnerability in software that is unpatched by the developer or an attack that exploits such a vulnerability.

Answer 542

A method of sanitizing a drive by setting all bits to zero.

Answer 543

Low-power wireless communications open source protocol used primarily for home automation. ZigBee uses radio frequencies in the 2.4 GHz band and a mesh topology.

Answer 544

Low-power wireless communications protocol used primarily for home automation. Z-Wave uses radio frequencies in the high 800 to low 900 MHz and a mesh topology

Answer 545

Information about sessions between hosts that is gathered by a stateful firewall.

Answer 546

A technique used in firewalls to analyze packets down to the application layer rather than filtering packets only by header information, enabling the firewall to enforce tighter and more security.

Answer 547

Audit specifications designed to ensure that cloud/hosting providers meet professional standards. A SOC2 Type II report is created for a restricted audience, while SOC3 reports are provided for general consumption.

Answer 548

A technique for obscuring the presence of a message, often by embedding information within a file or other entity.

Answer 549

One of a set of precompiled database statements that can be used to validate input to a database.

Answer 550

A type of symmetric encryption that combines a stream of plaintext bits or bytes with a pseudorandom stream initialized by a secret key.

Answer 551

A software testing method that evaluates how software performs under extreme load.

Answer 552

A mechanism to account for unexpected error conditions that might arise during code execution. Effective error handling reduces the chances that a program could be exploited. 1

Answer 553

An attack that injects a database query into the input data directed at a server by accessing the client side of the application.

Answer 554

A framework for analyzing cybersecurity incidents.

Answer 555

🔐 What is EAP? EAP is a framework — not an authentication method itself — used to support multiple authentication methods over network connections like: Wi-Fi (especially WPA2/WPA3-Enterprise) VPNs 802.1X (used in enterprise wired/wireless networks) 🧩 Why “Extensible”? Because it supports many different methods (called EAP types), such as: EAP Type What It Uses Security Level EAP-TLS Digital certificates (client+server) 🔒🔒🔒 Very Strong EAP-TTLS Server cert + client password 🔒🔒 Strong PEAP Server cert + client password 🔒🔒 Strong EAP-FAST Protected access via PAC files 🔒 Moderate EAP-MD5 Username + password (no encryption) ❌ Weak (insecure) 🧠 Security+ Exam Tip: EAP = authentication framework that allows flexible methods like certificates, passwords, or tokens. Remember: EAP-TLS = most secure, EAP-MD5 = obsolete/insecure.

Brainscape Glossarry Flashcards

(579 cards)