Brainscape Glossarry Flashcards

Question 1

Q

PPTP

Point-to-Point Tunneling Protocol

Answer

A

Developed by Cisco and Microsoft to support VPNs over PPP and TCP/IP. PPTP is highly vulnerable to password cracking attacks and considered obsolete.

Question 2

Q

ATT&CK

Adversarial Tactics, Techniques, and Common Knowledge

Answer

A

A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and procedures.

Question 3

Q

XaaS

anything as a service

Answer

A

Expressing the concept that most types of IT requirements can be deployed as a cloud service model.

Question 4

Q

ARP

ARP poisoning

Answer

A

A network-based attack where an attacker with access to the target local network segment redirects an IP address to the MAC address of a computer that is not the intended recipient. This can be used to perform a variety of attacks, including DoS, spoofing, and Man-in-the-Middle.

Question 5

Q

asymmetric algorithm

Answer

A

A cipher that uses public and private keys. The keys are mathematically linked, using either Rivel, Shamir, Adleman (RSA) or elliptic curve cryptography (ECC) algorithms, but the private key is not derivable from the public one. An asymmetric key cannot reverse the operation it performs, so the public key cannot decrypt what it has encrypted, for example. Also known as Elliptic Curve Cryptography or ECC.

Question 6

Q

attack surface

Answer

A

The points at which a network or application receives external connections or inputs/outputs that are potential vectors to be exploited by a threat actor.

Question 7

Q

attack vector

Answer

A

A specific path by which a threat actor gains unauthorized access to a system. Also known as vector.

Question 8

Q

authenticator

Answer

A

A PNAC switch or router that activates EAPoL and passes a supplicant’s authentication data to an authenticating server, such as a RADIUS server.

Question 9

Q

automation

Answer

A

Using scripts and APIs to provision and deprovision systems without manual intervention.

Question 10

Q

Autopsy

Answer

A

The Sleuth Kit is an open-source collection of command line and programming libraries for disk imaging and file analysis. Autopsy is a graphical frontend for these tools and also provides a case management/workflow tool. Also known as Sleuth Kit.

Question 11

Q

availability

Answer

A

The fundamental security goal of ensuring that computer systems operate continuously and that authorized persons can access data that they need.

Question 12

Q

baseband radio

Answer

A

The chip and firmware in a smartphone that acts as a cellular modem.

Question 13

Q

baseline configuration

Answer

A

A collection of security and configuration settings that are to be applied to a particular system or network in the organization.

Question 14

Q

behavioral analysis

Answer

A

A network monitoring system that detects changes in normal operating data sequences and identifies abnormal sequences. Also known as behavior-based detection.

Question 15

Q

birthday attack

Answer

A

A type of password attack that exploits weaknesses in the mathematical algorithms used to encrypt passwords, in order to take advantage of the probability of different password inputs producing the same encrypted output. This means that different passwords may have the same hash; the attacker can use any of these passwords to gain access.

Question 16

Q

block cipher

Answer

A

A type of symmetric encryption that encrypts data one block at a time, often in 64-bit blocks. It is usually more secure, but is also slower, than stream ciphers.

Question 17

Q

blockchain

Answer

A

A concept in which an expanding list of transactional records listed in a public ledger is secured using cryptography.

Question 18

Q

blue team

Answer

A

The defensive team in a penetration test or incident response exercise.

Question 19

Q

bluejacking

Answer

A

Sending an unsolicited message or picture message using a Bluetooth connection.

Question 20

Q

bluesnarfing

Answer

A

A wireless attack where an attacker gains access to unauthorized information on a device using a Bluetooth connection.

Question 21

Q

boot attestation

Answer

A

Report of boot state integrity data that is signed by a tamper-proof TPM key and reported to a network server.

Question 22

Q

botnet

Answer

A

A set of hosts that has been infected by a control program called a bot that enables attackers to exploit the hosts to mount attacks. Also known as zombie.

Question 23

Q

BASH

Bourne again shell

Answer

A

A command shell and scripting language for Unix-like systems. bastion host A server typically found in a DMZ that is configured to provide a single service to reduce the possibility of compromise.

Question 24

Q

BPDU guard

Bridge Protocol Data Unit guard

Answer

A

Switch port security feature that disables the port if it receives BPDU notifications related to spanning tree. This is configured on access ports where any BPDU frames are likely to be malicious.

Question 25

Q

BYOD

bring your own device

Answer

A

Security framework and tools to facilitate use of personally-owned devices to access corporate networks and data.

Question 26

Q

brute force attack

Answer

A

A type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack encrypted passwords.

Question 27

Q

buffer overflow

Answer

A

An attack in which data goes past the boundary of the destination buffer and begins to corrupt adjacent memory. This can allow the attacker to crash the system or execute arbitrary code.

Question 28

Q

bug bounty

Answer

A

Reward scheme operated by software and web services vendors for reporting vulnerabilities.

Question 29

Q

BAS

building automation system

Answer

A

Components and protocols that facilitate the centralized configuration and monitoring of mechanical and electrical systems within offices and data centers.

Question 30

Q

BIA

business impact analysis

Answer

A

A systematic activity that identifies organizational risks and determines their effect on ongoing, mission-critical operations.

Question 31

Q

BPA

business partnership agreement

Answer

A

Agreement by two companies to work together closely, such as the partner agreements that large IT companies set up with resellers and solution providers.

Question 32

Q

cable lock

Answer

A

Devices can be physically secured against theft using cable ties and padlocks. Some systems also feature lockable faceplates, preventing access to the power switch and removable drives.

Question 33

Q

captive portal

Answer

A

A web page or website to which a client is redirected before being granted full network access.

Question 34

Q

capture the flag

Answer

A

Training event where learners must identify a token within a live network environment.

Question 35

Q

card cloning/skimming

Answer

A

Duplicating a smart card by reading (skimming) the confidential data stored on it. Also known as skimming.

Question 36

Q

carving

Answer

A

The process of extracting data from a computer when that data has no associated file system metadata.

Question 37

Q

cat command

Answer

A

Linux command to view and combine (concatenate) files.

Question 38

Q

CIS

Center for Internet Security

Answer

A

A not-for-profit organization (founded partly by SANS). It publishes the well-known “Top 20 Critical Security Controls” (or system design recommendations).

Question 39

Q

CA

certificate authority

Answer

A

A server that guarantees subject identities by issuing signed digital certificate wrappers for their public keys.

Question 40

Q

CRL

certificate revocation list

Answer

A

A list of certificates that were revoked before their expiration date.

Question 41

Q

CSR

certificate signing request

Answer

A

A Base64 ASCII file that a subject sends to a CA to get a certificate.

Question 42

Q

chain of custody

Answer

A

The record of evidence history from collection, to presentation in court, to disposal.

Question 43

Q

CHAP

Challenge Handshake Authentication Protocol

Answer

A

Authentication scheme developed for dial-up networks that uses an encrypted three-way handshake to authenticate the client to the server. The challenge-response is repeated throughout the connection (though transparently to the user) to guard against replay attacks.

Question 44

Q

change control

Answer

A

The process by which the need for change is recorded and approved.

Question 45

Q

change management

Answer

A

The process through which changes to the configuration of information systems are implemented, as part of the organization’s overall configuration management efforts.

Question 46

Q

checksum

Answer

A

The output of a hash function.

Question 47

Q

chmod

Answer

A

Linux command for managing file permissions.

Question 48

Q

CYOD

choose your own device

Answer

A

Enterprise mobile device provisioning model where employees are offered a selection of corporate devices for work and, optionally, private use.

Question 49

Q

CBC

cipher block chaining

Answer

A

An encryption mode of operation where an exclusive or (XOR) is applied to the first plaintext block

Question 50

Q

circuit-level stateful inspection firewall

Answer

A

A Layer 5 firewall technology that tracks the active state of a connection, and can make decisions based on the contents of network traffic as it relates to the state of the connection.

Question 51

Q

clean desk policy

Answer

A

An organizational policy that mandates employee work areas be free from potentially sensitive information; sensitive documents must not be left out where unauthorized personnel might see them.

Question 52

Q

CASB

cloud access security broker

Answer

A

Enterprise management software designed to mediate access to cloud services by users across all types of devices.

Question 53

Q

cloud deployment model

Answer

A

Classifying the ownership and management of a cloud as public, private, community, or hybrid.

Question 54

Q

Cloud Security Alliance

Answer

A

Industry body providing security guidance to CSPs, including enterprise reference architecture and security controls matrix.

Question 55

Q

cloud service model

Answer

A

Classifying the provision of cloud services and the limit of the cloud service provider’s responsibility as software, platform, infrastructure,

Question 56

Q

CSP

cloud service provider

Answer

A

A vendor offering public cloud service models, such as PaaS, IaaS, or SaaS.

Question 57

Q

code of conduct

Answer

A

Professional behavior depends on basic ethical standards, such as honesty and fairness. Some professions may have developed codes of ethics to cover difficult situations; some businesses may also have a code of ethics to communicate the values it expects its employees to practice. Also known as ethics.

Question 58

Q

code reuse

Answer

A

Potentially unsecure programming practice of using code originally written for a different context.

Question 59

Q

code signing

Answer

A

The method of using a digital signature to ensure the source and integrity of programming code.

Question 60

Q

cold site

Answer

A

A predetermined alternate location where a network can be rebuilt after a disaster.

Question 61

Q

collector

Answer

A

A network appliance that gathers or receives log and/or state data from other network systems.

Question 62

Q

collision

Answer

A

In cryptography, the act of two different plaintext inputs producing the same exact ciphertext output.

Question 63

Q

C&C

command and control

Answer

A

An infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets. Also known as C2.

Question 64

Q

CAC

common access card

Answer

A

A smart card that provides certificate-based authentication and supports two-factor authentication. A CAC is produced for Department of Defense employees and contractors in response to a Homeland Security Directive.

Answer 65

A

An X500 attribute expressing a host or user name, also used as the subject identifier for a digital certificate.

Answer 66

A

Scheme for identifying vulnerabilities developed by MITRE and adopted by NIST.

Answer 67

A

A risk management approach to quantifying vulnerability data and then taking into account the degree of risk to different types of systems or information.

Answer 68

A

A cloud that is deployed for shared use by cooperating tenants.

Answer 69

A

A security measure that takes on risk mitigation when a primary control fails or cannot completely meet expectations.

Answer 70

A

An image of text characters or audio of some speech that is difficult for a computer to interpret. CAPTCHAs are used for purposes such as preventing bots from creating accounts or submitting forms.

Answer 71

A

The fundamental security goal of keeping information and communications private and protecting them from unauthorized access.

Answer 72

A

The three principles of security control and management. Also known as the information security triad. or AIC triad.

Answer 73

A

A type of virtualization applied by a host operating system to provision an isolated execution environment for an application.

Answer 74

A

A software application or gateway that filters client requests for various types of internet content (web, FTP, IM, and so on).

Answer 75

A

An access control scheme that verifies an object’s identity based on various environmental factors, like time, location, and behavior.

Answer 76

A

Software development method in which app and platform requirements are frequently tested and validated for immediate availability.

Answer 77

A

Software development method in which app and platform updates are committed to production rapidly.

Answer 78

A

Software development method in which code updates are tested and committed to a development or build server/code repository rapidly.

Answer 79

A

The technique of constantly evaluating an environment for changes so that new risks may be more quickly detected and business operations improved upon. Also known as continuous security monitoring or CSM.

Answer 80

A

Risk that arises when a control does not provide the level of mitigation that was expected.

Answer 81

A

A serial network designed to allow communications between embedded programmable logic controllers.

Answer 82

A

Enterprise mobile device provisioning model where the device is the property of the organization and personal use is prohibited.

Answer 83

A

Enterprise mobile device provisioning model where the device remains the property of the organization, but certain personal use, such as private email, social networking, and web browsing, is permitted.

Answer 84

A

A type of security control that acts after an incident to eliminate or minimize its impact.

Answer 85

A

Function of log analysis that links log and state data to identify a pattern that should be logged or alerted as an event.

Answer 86

A

An encryption mode of operation where a numerical counter value is used to create a constantly changing IV. Also referred to as CTM (counter mode) and CM (counter mode).

Answer 87

A

An encryption protocol used for wireless LANs that addresses the vulnerabilities of the WEP protocol.

Answer 88

A

Brute force attack in which stolen user account names and passwords are tested against multiple websites.

Answer 89

A

Biometric evaluation factor expressing the point at which FAR and FRR meet, with a low value indicating better performance.

Answer 90

A

A malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser. Also known as client-side request forgery or CSRF.

Answer 91

A

A malicious script hosted on the attacker’s site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site, circumventing the browser’s security model of trusted zones.

Answer 92

A

A method of sanitizing a self-encrypting drive by erasing the media encryption key.

Answer 93

A

Implementation of a sandbox for malware analysis.

Answer 94

A

Utility for command-line manipulation of URL-based protocol requests.

Answer 95

A

The process of investigating, collecting, analyzing, and disseminating information about emerging threats and threat sources. Also known as threat intelligence.

Answer 96

A

Information that is primarily stored on specific media, rather than moving from one medium to another.

Answer 97

A

When confidential or private data is read, copied, or changed without authorization. Data breach events may have notification and reporting requirements.

Answer 98

A

In privacy regulations, the entity that determines why and how personal data is collected, stored, and used.

Answer 99

A

An individual who is responsible for managing the system on which data assets are stored, including being responsible for enforcing access control, encryption, and backup/recovery measures.

Answer 100

A

The process by which an attacker takes data that is stored inside of a private network and moves it to an external network.

Answer 101

A

A software vulnerability where an attacker is able to circumvent access controls and retrieve confidential or sensitive data from the file system or database.

Answer 102

A

The overall management of the availability, usability, and security of the information used in an organization.

Answer 103

A

Information that is present in the volatile memory of a host, such as system memory or cache.

Answer 104

A

Information that is being transmitted between two hosts, such as over a private network or the Internet. Also known as data in motion.

Answer 105

A

A software solution that detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks.

Answer 106

A

A deidentification method where generic or placeholder labels are substituted for real data while preserving the structure or format of the original data.

Answer 107

A

In data protection, the principle that only necessary and sufficient personal information can be collected and processed for the stated purpose.

Answer 108

A

A senior (executive) role with ultimate responsibility for maintaining the confidentiality, integrity, and availability of an information asset.

Answer 109

A

Institutional data governance role with responsibility

Answer 110

A

In privacy regulations, an entity trusted with a copy of personal data to perform storage and/or analysis on behalf of the data collector.

Answer 111

A

Leftover information on a storage medium even after basic attempts have been made to remove that data. Also known as remnant.

Answer 112

A

In data protection, the principle that countries and states may impose individual requirements on data collected or stored within their jurisdiction.

Answer 113

A

An individual who is primarily responsible for data quality, ensuring data is labeled and identified with appropriate metadata and that data is collected and stored in a format and with values that comply with applicable laws and regulations.

Answer 114

A

A configuration option that enables a switch to inspect DHCP traffic to prevent MAC spoofing.

Answer 115

A

Linux command that makes a bit-by-bit copy of an input file, typically used for disk imaging.

Answer 116

A

An attack that uses multiple compromised hosts (a botnet) to overwhelm a service with request or response traffic.

Answer 117

A

Code in an application that is redundant because it will never be called within the logic of the program flow.

Answer 118

A

Spoofing frames to disconnect a wireless station to try to obtain authentication data to crack.

Answer 119

A

Cybersecurity resilience tools and techniques to increase the cost of attack planning for the threat actor.

Answer 120

A

Default administrative and guest accounts configured on servers and network devices are possible points of unauthorized access.

Answer 121

A

A security strategy that positions the layers of network security as network traffic roadblocks; each layer is intended to slow an attack’s progress, rather than eliminating it outright.

Answer 122

A

The process of rendering a storage drive inoperable and its data unrecoverable by eliminating the drive’s magnetic charge.

Answer 123

A

In data protection, methods and technologies that remove identifying information from data before it is distributed.

Answer 124

A

A segment isolated from the rest of a private network by one or more firewalls that accepts connections from the Internet over designated ports.

Answer 125

A

Any type of physical, application, or network attack that affects the availability of a managed resource.

Answer 126

A

The process of removing an application from packages or instances.

Answer 127

A

NAT service where private internal addresses are mapped to one or more public addresses to facilitate Internet connectivity for hosts on a local network via a router.

Answer 128

A

A type of security control that acts during an incident to identify or record that it is happening.

Answer 129

A

A type of security

Answer 130

A

A framework for analyzing cybersecurity incidents.

Answer 131

A

A type of password attack that compares encrypted passwords against a predetermined list of possible password values.

Answer 132

A

A backup type in which all selected files that have changed since the last full backup are backed up.

Answer 133

A

A cryptographic technique that provides secure key exchange.

Answer 134

A

A message digest encrypted using the sender’s private key that is appended to a message to authenticate the sender and prove message integrity.

Answer 135

A

public key encryption standard used for digital signatures that provides authentication and integrity verification for messages.

Answer 136

A

A network service that stores identity information about all the objects in a particular network, including users, groups, servers, client computers, and printers.

Answer 137

A

An application attack that allows access to commands, files, and directories that may or may not be connected to the web document root directory.

Answer 138

A

A documented and resourced plan showing actions and responsibilities to be used in response to critical incidents.

Answer 139

A

Access control model where each resource is protected by an Access Control List (ACL) managed by the resource’s owner (or owners).

Answer 140

A

The binary format used to structure the information in a digital certificate.

Answer 141

A

Cybersecurity resilience strategy that increases attack costs by provisioning multiple types of controls, technologies, vendors, and crypto implementations.

Answer 142

A

A type of hijacking attack where the attacker steals a domain name by altering its registration information and then transferring the domain name to another entity. Sometimes referred to as brandjacking.

Answer 143

A

An attack in which an attacker modifies a computer’s DNS configurations to point to a malicious DNS server.

Answer 144

A

A network-based attack where an attacker exploits the traditionally open nature of the DNS system to redirect a domain name to an IP address of the attacker’s choosing.

Answer 145

A

A security protocol that provides authentication of DNS data and upholds DNS data integrity.

Answer 146

A

A cryptographic attack where the attacker exploits the need for backward compatibility to force a computer system to abandon the use of encrypted messages in favor of plaintext messages.

Answer 147

A

File containing data captured from system memory.

Answer 148

A

The social engineering technique of discovering things about an organization (or person) based on what it throws away.

Answer 149

A

An attack in which an attacker responds to a client requesting address assignment from a DHCP server.

Answer 150

A

An EAP method that is expected to address the shortcomings of LEAP.

Answer 151

A

An EAP method that requires server-side and client-side certificates for authentication using SSL/ TLS.

Answer 152

A

An EAP method that enables a client and server to establish a secure connection without mandating a client-side certificate.

Answer 153

A

Design paradigm accounting for the fact that data center traffic between servers is greater than that passing in and out (north-south).

Answer 154

A

Provisioning processing resource close to the network edge of IoT devices to reduce latency.

Answer 155

A

Procedures and tools to collect, preserve, and analyze digital evidence.

Answer 156

A

The property by which a computing environment can instantly react to both increasing and decreasing demands in workload.

Answer 157

A

An asymmetric encryption algorithm that leverages the algebraic structures of elliptic curves over finite fields to derive public/private key pairs.

Answer 158

A

IPSec sub-protocol that enables encryption and authentication of the header and payload of a data packet.

Answer 159

A

Product life cycle phase where sales are discontinued and support options reduced over time.

Answer 160

A

Product life cycle phase where support is no longer available from the vendor.

Answer 161

A

A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.

Answer 162

A

A software agent and monitoring system that performs multiple security tasks.

Answer 163

A

The comprehensive process of evaluating, measuring, and mitigating the many risks that pervade an organization.

Answer 164

A

A measure of disorder. Cryptographic systems should exhibit high entropy to better resist brute force attacks.

Answer 165

A

Coding methods to anticipate and deal with exceptions thrown during execution of a process.

Answer 166

A

In key management, the storage of a backup key with a third party.

Answer 167

A

A wireless access point that deceives users into believing that it is a legitimate network access point.

Answer 168

A

An operation that outputs to true only if one input is true and the other input is false.

Answer 169

A

The process of determining what additional software may be installed on a client or server beyond its baseline to prevent the use of unauthorized software.

Answer 170

A

Suite of tools designed to automate delivery of exploits against common software and firmware vulnerabilities.

Answer 171

A

In risk calculation, the percentage of an asset’s value that would be lost during a security incident or disaster scenario.

Answer 172

A

Framework for negotiating authentication methods that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication.

Answer 173

A

A port-based network access control (PNAC) mechanism that allows the use of EAP authentication when a host connects to an Ethernet switch.

Answer 174

A

A private network that provides some access to outside parties, particularly vendors, partners, and select customers.

Answer 175

A

A technique that ensures a redundant component, device, or application can quickly and efficiently take over the functionality of an asset that has failed.

Answer 176

A

Deception strategy that returns spoofed data in response to network probes.

Answer 177

A

Biometric assessment metric that measures the number of unauthorized users who are mistakenly allowed access.

Answer 178

A

In security scanning, a case that is not reported when it should be.

Answer 179

A

In security scanning, a case that is reported when it should not be.

Answer 180

A

Biometric assessment metric that measures the number of valid subjects who are denied access.

Answer 181

A

A wire mesh container that blocks external electromagnetic fields from entering into the container.

Answer 182

A

A process that provides a shared login capability across multiple systems and enterprises. It essentially connects the identity management services of multiple systems.

Answer 183

A

High speed network communications protocol used to implement SANs.

Answer 184

A

A processor that can be programmed to perform a specific function by a customer rather than at the time of manufacture.

Answer 185

A

A type of software that reviews system files to ensure that they have not been tampered with.

Answer 186

A

A type of FTP using TLS for confidentiality.

Answer 187

A

Biometric authentication device that can produce a template signature of a user’s fingerprint then subsequently compare the template to the digit submitted for authentication.

Answer 188

A

The first experienced person or team to arrive at the scene of an incident.

Answer 189

A

Provisioning processing resource close to the network edge of IoT devices to reduce latency.

Answer 190

A

A commercial digital forensics investigation management and utilities suite, published by AccessData.

Answer 191

A

A backup type in which all selected files, regardless of prior state, are backed up. full tunnel VPN configuration where all traffic is routed via the VPN gateway.

Answer 192

A

Encryption of all data on a disk (including system files, temporary files, and the pagefile) can be accomplished via a supported OS, third-party software, or at the controller level by the disk device itself.

Answer 193

A

A dynamic code analysis technique that involves sending a running
application random and unusual input so as to evaluate how the app responds.

Answer 194

A

Biometric mechanism that identifies a subject based on movement pattern.

Answer 195

A

A mode of block chained encryption that provides message authenticity for each block.

Answer 196

A

Provisions and requirements protecting the personal data of European Union (EU) citizens. Transfers of personal data outside the EU Single Market are restricted unless protected by like-for-like regulations, such as the US’s Privacy Shield requirements.

Answer 197

A

The practice of creating a virtual boundary based on real-world geography.

Answer 198

A

The identification or estimation of the physical location of an object, such as a radar source, mobile phone, or Internet-connected computing device.

Answer 199

A

Linux command for searching and filtering input. This can be used as a file search tool when combined with ls.

Answer 200

A

A group account is a collection of user accounts that are useful when establishing file permissions and user rights because when many individuals need the same level of access, a group could be established containing all the relevant users.

Answer 201

A

On a Windows domain, a way to deploy per-user and per-computer settings such as password policy, account restrictions, firewall status, and so on.

Answer 202

A

The process of making a host or app configuration secure by reducing its attack surface, through running only necessary services, installing monitoring software to protect against malware and intrusions, and establishing a maintenance schedule to ensure the system is patched to be secure against software exploits.

Answer 203

A

An appliance for generating and storing cryptographic keys. This sort of solution may be less susceptible to tampering and insider threats than software-based storage.

Answer 204

A

A method used to verify both the integrity and authenticity of a message by combining a cryptographic hash of the message with a secret key.

Answer 205

A

Command-line tool used to perform brute force and dictionary attacks against password hashes.

Answer 206

A

A function that converts an arbitrary length string input to a fixed length string output. A cryptographic hash function does this in a way that reduces the chance of collisions, where two different inputs produce the same output. Also known as message digest.

Answer 207

A

Linux utility for showing the first lines in a file.

Answer 208

A

In a Wi-Fi site survey, a diagram showing signal strength at different locations.

Answer 209

A

A method that uses feature comparisons and likenesses rather than specific signature matching to identify whether the target of observation is malicious.

Answer 210

A

The property that defines how closely systems approach the goal of providing data availability 100 percent of the time while maintaining a high level of system performance.

Answer 211

A

An algorithm that generates a one-time password using a hash-based authentication code to verify the authenticity of the message.

Answer 212

A

Method that allows computation of certain fields in a dataset without decrypting it.

Answer 213

A

A host, network, or file set up with the purpose of luring attackers away from assets of actual value and/or discovering attack strategies and weaknesses in the security configuration. Also known as honeyfile.

Answer 214

A

When a user accesses or modifies specific resources that they are not entitled to.

Answer 215

A

A software application running on a single host and designed to protect only that host. Also known as personal firewall.

Answer 216

A

A fully configured alternate network that can be online quickly after a disaster.

Answer 217

A

Arrangement of server racks to maximize the efficiency of cooling systems. Also known as cold/hot aisle.

Answer 218

A

Using features of HTML5 to implement remote desktop/VPN connections via browser software (clientless).

Answer 219

A

A cloud deployment that uses both private and public elements.

Answer 220

A

A security process that provides identification, authentication, and authorization mechanisms for users, computers, and other entities to work with organizational assets like networks, operating systems, and applications.

Answer 221

A

The invention of fake personal information or the theft and misuse of an individual’s personal information.

Answer 222

A

In a federated network, the service that holds the user account and performs authentication.

Answer 223

A

A standard for encapsulating EAP communications over a LAN (EAPoL) to implement port-based authentication.

Answer 224

A

A basic principle of security stating that unless something has explicitly been granted access, it should be denied access.

Answer 225

A

Specific procedures that must be performed if a certain type of event is detected or reported.

Answer 226

A

A backup type in which all selected files that have changed since the last full or incremental backup (whichever was most recent) are backed up.

Answer 227

A

A sign that an asset or network has been attacked or is currently under attack.

Answer 228

A

Methods of disguising the nature and purpose of buildings or parts of buildings.

Answer 229

A

A network managing embedded devices (computer systems that are designed to perform a specific, dedicated function).

Answer 230

A

Not-for-profit group set up to share sector-specific threat intelligence and security best practices amongst its members.

Answer 231

A

A computing method that uses the cloud to provide any or all infrastructure needs.

Answer 232

A

A provisioning architecture in which deployment of resources is performed by scripted automation and orchestration.

Answer 233

A

Risk that an event will pose if no controls are put in place to mitigate it.

Answer 234

A

A wireless attack where the attacker is able to predict or control the IV of an encryption process, thus giving the attacker access to view the encrypted data that is supposed to be hidden from everyone else except the user or network.

Answer 235

A

An industry body comprising the main PKI providers, such as Verisign and Entrust, that was established with the aim of developing an open, strong authentication framework.

Answer 236

A

Any technique used to ensure that the data entered into a field or variable in an application is handled appropriately by that application.

Answer 237

A

Coding vulnerability where unvalidated input is used to select a resource object, such as a file or database. 1

Answer 238

A

A type of threat actor who is assigned privileges on the system that cause an intentional or unintentional incident.

Answer 239

A

An attack in which a computed result is too large to fit in its assigned storage space, which may lead to crashing or data corruption, and may trigger a buffer overflow.

Answer 240

A

The fundamental security goal of keeping organizational information accurate, free of errors, and without unauthorized modifications.

Answer 241

A

In threat hunting, using sources of threat intelligence data to automate detection of adversary IoCs and TTPs.

Answer 242

A

Any federal agency interconnecting its IT system to a third-party must create an ISA to govern the relationship. An ISA sets out a security risk awareness process and commit the agency and supplier to implementing security controls.

Answer 243

A

A comprehensive set of standards for information security, including best practices for security and risk management, compliance, and technical implementation.

Answer 244

A

A comprehensive set of standards for enterprise risk management.

Answer 245

A

Framework for creating a Security Association (SA) used with IPSec. An SA establishes that two hosts trust one another (authenticate) and agree secure protocols and cipher suites to use to exchange data.

Answer 246

A

A set of open, non-proprietary standards that are used to secure data through authentication and encryption as the data travels across the network or the Internet.

Answer 247

A

A private network that is only accessible by the organization’s own personnel.

Answer 248

A

A software and/or hardware system that scans, audits, and monitors the security infrastructure for signs of attacks in progress.

Answer 249

A

An IDS that can actively block attacks.

Answer 250

A

Software consolidating management of multiple DHCP and DNS services to provide oversight into IP address allocation across an enterprise network.

Answer 251

A

Standards-based version of the Netflow framework.

Answer 252

A

An attack in which radio waves disrupt 802.11 wireless signals.

Answer 253

A

The policy of preventing any one individual performing the same role or tasks for too long. This deters fraud and provides better oversight of the person’s duties.

Answer 254

A

A hardened server that provides access to other hosts. Also known as jumpbox.

Answer 255

A

A single sign-on authentication and authorization service that is based on a time-sensitive ticket-granting system.

Answer 256

A

Malicious software or hardware that can record user keystrokes.

Answer 257

A

A model developed by Lockheed Martin that describes the stages by which a threat actor progresses a network intrusion.

Answer 258

A

The process by which an attacker is able to move from one part of a computing environment to another.

Answer 259

A

VPN protocol for tunneling PPP sessions across a variety of network protocols such as IP, Frame Relay, or ATM.

Answer 260

A

An application attack that targets web-based applications by fabricating LDAP statements that are typically created by user input.

Answer 261

A

A basic principle of security stating that something should be allocated the minimum necessary rights, privileges, or information to perform its role.

Answer 262

A

An analysis of events that can provide insight into how to improve response processes in the future. Also known as after action report or AAR.

Answer 263

A

Cryptographic algorithms with reduced compute requirements that are suitable for use in resource-constrained environments, such as battery-powered devices.

Answer 264

A

A network protocol used to access network directory databases, which store information about authorized users and their privileges, as well as other organizational information.

Answer 265

A

A method of implementing LDAP using SSL/TLS encryption.

Answer 266

A

Cisco Systems’ proprietary EAP implementation.

Answer 267

A

A type of switch or router that distributes client requests between different resources, such as communications links or similarly-configured servers. This provides fault tolerance and improves throughput.

Answer 268

A

Linux utility that writes data to the system log.

Answer 269

A

A malicious program or script that is set to run under particular circumstances or in response to a defined event.

Answer 270

A

If broadcast traffic is allowed to continually loop around a network, the number of broadcast packets increases exponentially, crashing the network. Loop protection in switches (such as Spanning Tree Protocol), and in routers (Time To Live for instance) is designed to prevent this.

Answer 271

A

Proving the integrity and authenticity of a message by combining its hash with a shared secret.

Answer 272

A

A variation of an ARP poisoning attack where a switch’s cache table is inundated with frames from random source MAC addresses.

Answer 273

A

Third-party provision of security configuration and monitoring as an outsourced service.

Answer 274

A

A category of security control that gives oversight of the information system.

Answer 275

A

Access control model where resources are protected by inflexible, system defined rules. Resources (objects) and users (subjects) are allocated a clearance level (or label).

Answer 276

A

The principle that states when and how long an employee must take time off from work so that their activities may be subjected to a security review.

Answer 277

A

In threat hunting, the concept that threat actor and defender may use deception or counterattacking strategies to gain positional advantage.

Answer 278

A

An attack when the web browser is compromised by installing malicious plug-ins or scripts, or intercepting API calls between the browser process and DLLs.

Answer 279

A

A form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently.

Answer 280

A

A secure entry system with two gateways, only one of which is open at any one time.

Answer 281

A

The longest period of time a business can be inoperable without causing irrevocable business failure.

Answer 282

A

The rating on a device or component that predicts the expected time between failures.

Answer 283

A

The average time a device or component is expected to be in operation.

Answer 284

A

The average time taken for a device or component to be repaired, replaced, or otherwise recover from a failure.

Answer 285

A

A UEFI feature that gathers secure metrics to validate the boot process in an attestation report.

Answer 286

A

Evaluates the data collection and statistical methods used by a quality management process to ensure they are robust.

Answer 287

A

An attack in which an attacker falsifies the factory-assigned MAC address of a device’s network interface. Also known as MAC spoofing.

Answer 288

A

Applying an access control list to a switch or access point so that only clients with approved MAC addresses can connect to it.

Answer 289

A

Linux utility developed as part of the Coroner’s Toolkit to dump system memory data to a file.

Answer 290

A

Usually a preliminary or exploratory agreement to express an intent to work together that is not legally binding and does not involve the exchange of money.

Answer 291

A

A software vulnerability that can occur when software does not release allocated memory when it is done using it, potentially leading to system instability.

Answer 292

A

A cryptographic hash function producing a 128-bit output.

Answer 293

A

Information stored or recorded as a property of an object, state of a system, or transaction.

Answer 294

A

A software architecture where components of the solution are conceived as highly decoupled services not dependent on a single platform type or technology.

Answer 295

A

A type of RAID that using two hard disks, providing the simplest way of protecting a single disk against failure. Data is written to both disks and can be read from either disk.

Answer 296

A

A business or organizational activity that is too critical to be deferred for anything more than a few hours, if at all.

Answer 297

A

Enterprise management function that enables control over apps and storage for mobile devices and other endpoints.

Answer 298

A

The process and supporting technologies for tracking, controlling, and securing the organization’s mobile infrastructure.

Answer 299

A

Implementation of a block symmetric cipher, with some modes allowing secure encryption of a stream of data, with or without authentication for each block.

Answer 300

A

Cloud service providing ongoing security and availability monitoring of on-premises and/or cloud-based hosts and services.

Answer 301

A

A cloud deployment model where the cloud consumer uses multiple public cloud services.

Answer 302

A

An authentication scheme that requires the user to present at least two different factors as credentials, from something you know, something you have, something you are, something you do, and somewhere you are. Specifying two factors is known as 2FA.

Answer 303

A

Extension to SMS allowing digital data (picture, video, or audio) to be sent over a cellular data connection.

Answer 304

A

Overprovisioning controllers and cabling so that a host has failover connections to storage media.

Answer 305

A

Developed by Cisco from ATM as a means of providing traffic engineering (congestion control), Class of Service,

Answer 306

A

Developed by Cisco from ATM as a means of providing traffic engineering (congestion control), Class of Service, and Quality of Service within a packet switched, rather than circuit switched, network.

Answer 307

A

Low-power cellular networks designed to provide data connectivity to IoT devices.

Answer 308

A

Utility for reading and writing raw data over a network connection. Also known as netcat.

Answer 309

A

A standard for peer-to-peer (2-way) radio communications over very short (around 4”) distances, facilitating contactless payment and similar technologies. NFC is based on RFID.

Answer 310

A

One of the best-known commercial vulnerability scanners, produced by Tenable Network Security. Also known as Tenable.

Answer 311

A

A Cisco-developed means of reporting network flow information to a structured database. NetFlow allows better understanding of IP traffic flows as used by different network applications and hosts.

Answer 312

A

A general term for the collected protocols, policies, and hardware that authenticate and authorize access to a network at the device level.

Answer 313

A

A routing mechanism that conceals internal addressing schemes from the public Internet by translating between a single public address on the external side of a router and private, non-routable addresses internally.

Answer 314

A

Provisioning virtual network appliances, such as switches, routers, and firewalls, via VMs and containers.

Answer 315

A

Advances in firewall technology, from app awareness, user-based filtering, and intrusion prevention to cloud inspection. Also known as layer 7 firewall.

Answer 316

A

Versatile port scanner used for topology, host, service, and OS discovery and enumeration.

Answer 317

A

An arbitrary number used only once in a cryptographic communication, often to prevent replay attacks.

Answer 318

A

An agreement that stipulates that entities will not share confidential information, knowledge, or materials with unauthorized third parties.

Answer 319

A

The security goal of ensuring that the party that sent a transmission or created data remains associated with that data and cannot deny sending or creating that data.

Answer 320

A

A routine that applies a common consistent format to incoming data so that it can be processed safely. Normalization is referred to in the context of log collection and software coding.

Answer 321

A

A challenge-response authentication protocol created by Microsoft for use in its products.

Answer 322

A

Software optimized for multiplatform log collection and aggregation.

Answer 323

A

A technique that essentially “hides” or “camouflages” code or other information so that it is harder to read by unauthorized users.

Answer 324

A

Numeric schema used for attributes of digital certificates.

Answer 325

A

The process of ensuring that all HR and other requirements are covered when an employee leaves an organization. Also known as exit interview.

Answer 326

A

In PKI, a CA (typically the root CA) that has been disconnected from the network to protect it from compromise.

Answer 327

A

The process of bringing in a new employee, contractor, or supplier.

Answer 328

A

Allows clients to request the status of a digital certificate, to check whether it is revoked.

Answer 329

A

Standards for implementing device encryption on storage devices.

Answer 330

A

Standard for federated identity management, allowing resource servers or consumer sites to work with user accounts created and managed on a separate identity provider.

Answer 331

A

A charity and community publishing a number of secure application development resources.

Answer 332

A

An authentication layer that sits on top of the OAuth 2.0 authorization protocol.

Answer 333

A

Publicly available information plus the tools used to aggregate and search it.

Answer 334

A

A category of security control that is implemented by people.

Answer 335

A

A communications network designed to implement an industrial control system rather than data networking.

Answer 336

A

The automation of multiple steps in a deployment process.

Answer 337

A

The order in which volatile data should be recovered from various storage locations and devices after a security incident occurs.

Answer 338

A

Accessing the administrative interface of a network appliance using a separate network from the usual data network. This could use a separate VLAN or a different kind of link, such as a dial-up modem.

Answer 339

A

A firmware update delivered on a cellular data connection.

Answer 340

A

A network-based attack where the attacker steals hashed user credentials and uses them as-is to try to authenticate to the same network the hashed credentials originated on.

Answer 341

A

A test that uses active tools and security utilities to evaluate security by simulating an attack on a system. A pen test will verify that a threat exists, then will actively test and bypass security controls, and will finally exploit vulnerabilities on the system. Also known as pentest.

Answer 342

A

Mechanism for encoding characters as hexadecimal values delimited by the percent sign.

Answer 343

A

A characteristic of transport encryption that ensures if a key is compromised the compromise will only affect a single session and not facilitate recovery of plaintext data from other sessions.

Answer 344

A

The ability of a threat actor to maintain covert access to a target host or network.

Answer 345

A

In load balancing, the configuration option that enables a client to maintain a connection with a load-balanced server over the duration of the session. Also referred to as sticky sessions.

Answer 346

A

A smart card that meets the standards for FIPS 201, in that it is resistant to tampering and provides quick electronic authentication of the card’s owner.

Answer 347

A

Windows file format for storing a private key and certificate data. The file can be password-protected.

Answer 348

A

Data that can be used to identify or contact an individual (or in the case of identity theft, to impersonate them).

Answer 349

A

An impersonation attack in which a request for a website, typically an e-commerce site, is redirected to a similar-looking, but fake, website.

Answer 350

A

A type of email-based social engineering attack, in which the attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim.

Answer 351

A

A type of security control that acts against in-person intrusion attempts.

Answer 352

A

A deprecated method of trusting digital certificates that bypasses the CA hierarchy and chain of trust to minimize man-in-the-middle attacks.

Answer 353

A

A computing method that uses the cloud to provide any platform-type services.

Answer 354

A

A checklist of actions to perform to detect and respond to a specific type of incident

Answer 355

A

Dial-up protocol working at layer 2 (Data Link) used to connect devices remotely to networks.

Answer 356

A

A software vulnerability that can occur when code attempts to read a memory location specified by a pointer, but the memory location is null. Also known as dereferencing.

Answer 357

A

A point-to-point topology is one where two nodes have a dedicated connection to one another. In a point-to-multipoint topology, a central node mediates links between remote nodes. Also known as Point-to-point.

Answer 358

A

A process in which a router takes requests from the Internet for a particular application (such as HTTP) and sends them to a designated host on the LAN. Also known as destination network address translation or DNAT.

Answer 359

A

Copying ingress and/or egress communications from one or more switch ports to another port. This is used to monitor communications passing over the switch. Also known as switched port analyzer or SPAN.

Answer 360

A

Preventing a device attached to a switch port from communicating on the network unless it matches a given MAC address or other protection profile.

Answer 361

A

A switch (or router) that performs some sort of authentication of the attached device before activating the port.

Answer 362

A

Anticipating challenges to current cryptographic implementations and general security issues in a world where threat actors have access to significant quantum processing capability.

Answer 363

A

Software that cannot definitively be classed as malicious, but may not have been chosen by or wanted by the user.

Answer 364

A

Advanced strip socket that provides filtered output voltage. A managed unit supports remote administration.

Answer 365

A

A command shell and scripting language built on the .NET Framework.

Answer 366

A

Passphrase-based mechanism to allow group authentication to a wireless network. The passphrase is used to derive an encryption key.

Answer 367

A

Base64 encoding scheme used to store certificate and key data as ASCII text.

Answer 368

A

A cloud that is deployed for use by a single entity.

Answer 369

A

In asymmetric encryption, the private key is known only to the holder and is linked to, but not derivable from, a public key distributed to those with which the holder wants to communicate securely. A private key can be used to encrypt data that can be decrypted by the linked public key or vice versa.

Answer 370

A

The use of authentication and authorization mechanisms to provide an administrator with centralized or decentralized control of user and group role-based privilege management.

Answer 371

A

The practice of exploiting flaws in an operating system or other application to gain a greater level of access than was intended for the user or application.

Answer 372

A

A type of computer designed for deployment in an industrial or outdoor setting that can automate and monitor mechanical systems.

Answer 373

A

EAP implementation that uses a server-side certificate to create a secure tunnel for user authentication, referred to as the inner method.

Answer 374

A

Information that identifies someone as the subject of medical and insurance records, plus associated hospital and laboratory test results.

Answer 375

A

In digital forensics, being able to trace the source of evidence to a crime scene and show that it has not been tampered with.

Answer 376

A

A server that mediates the communications between a client and another server. It can filter and often modify communications, as well as provide caching services to improve performance. Also known as forward proxy.

Answer 377

A

Removing personal information from a data set to make identification of individuals difficult, even if the data set is combined with other sources.

Answer 378

A

A cloud that is deployed for shared use by multiple independent tenants.

Answer 379

A

During asymmetric encryption, this key is freely distributed and can be used to perform the reverse encryption or decryption operation of the linked private key in the pair.

Answer 380

A

Format that allows a private key to be exported along with its digital certificate.

Answer 381

A

Series of standards defining the use of certificate authorities and digital certificates.

Answer 382

A

Framework of certificate authorities, digital certificates, software, services, and other cryptographic components deployed for the purpose of validating subject identities.

Answer 383

A

A mode of penetration testing where red and blue teams share information and collaborate throughout the engagement.

Answer 384

A

In data protection, the principle that personal information can be collected and processed only for a stated purpose to which the subject has consented.

Answer 385

A

High-level programming language that is widely used for automation.

Answer 386

A

Policies, procedures, and tools designed to ensure defect-free development and delivery.

Answer 387

A

A risk analysis method that uses opinions and reasoning to measure the likelihood and impact of risk.

Answer 388

A

Systems that differentiate data passing over the network that can reserve bandwidth for particular applications. A system that cannot guarantee a level of available bandwidth is often described as Class of Service (CoS). Also known as CoS.

Answer 389

A

A risk analysis method that is based on assigning concrete values to factors.

Answer 390

A

Using quantum computing for cryptographic tasks, such as distributing keys or cracking (traditional) cryptographic systems. Quantum computing works on the principle that its units (qubits) have more properties than the bits used in “classical” computers, notably (and very crudely) that a qubit can have a probability of being 1 or 0 and that inspecting the value of one qubit can instantly determine that of others (entanglement).

Answer 391

A

A software vulnerability when the resulting outcome from execution processes is directly dependent on the order and timing of certain events, and those events fail to execute in the order and timing intended by the developer.

Answer 392

A

Tool for speeding up attacks against Windows passwords by precomputing possible hashes.

Answer 393

A

A type of password attack where an attacker uses a set of related plaintext passwords and their hashes to crack passwords.

Answer 394

A

Open-source platform producing programmable circuit boards for education and industrial prototyping.

Answer 395

A

A type of OS that prioritizes deterministic execution of operations to ensure consistent response for time-critical tasks.

Answer 396

A

Opens a data stream for video and voice applications over UDP. The data is packetized and tagged with control information (sequence numbering and time-stamping).

Answer 397

A

In PKI, an account or combination of accounts that can copy a cryptographic key from backup or escrow and restore it to a subject host or user.

Answer 398

A

The longest period of time that an organization can tolerate lost data being unrecoverable.

Answer 399

A

The length of time it takes after an event to resume normal business operations and activities.

Answer 400

A

The “hostile” or attacking team in a penetration test or incident response exercise.

Answer 401

A

Specifications that support redundancy and fault tolerance for different configurations of multiple-device storage systems.

Answer 402

A

A group of characters that describe how to execute a specific search pattern on a given text.

Answer 403

A

In PKI, an authority that accepts requests for digital certificates and authenticates the entities making those requests.

Answer 404

A

Malware that creates a backdoor remote administration channel to allow a threat actor to access and control the infected host.

Answer 405

A

A standard protocol used to manage remote and wireless authentication infrastructures.

Answer 406

A

Using a trigger device to send a BGP route update that instructs routers to drop traffic that is suspected of attempting DDoS.

Answer 407

A

An attack where the attacker intercepts some authentication data and reuses it to try to re-establish a session.

Answer 408

A

Automatically copying data between two processing systems either simultaneously on both systems (synchronous) or from a primary to a secondary location (asynchronous).

Answer 409

A

Risk that remains even after controls are put into place.

Answer 410

A

Dictates for how long information needs to be kept available on backup and archive systems. This may be subject to legislative requirements.

Answer 411

A

A type of proxy server that protects servers from direct contact with client requests.

Answer 412

A

A maliciously spawned remote command shell where the victim host opens the connection to the attacking host.

Answer 413

A

Platform-independent advanced messaging functionality designed to replace SMS and MMS.

Answer 414

A

The response of determining that a risk is within the organization’s appetite and no countermeasures other than ongoing monitoring is needed.

Answer 415

A

In risk mitigation, the practice of ceasing activity that presents risk.

Answer 416

A

In risk mitigation, the response of deploying security controls to reduce the likelihood and/or impact of a threat scenario. Also known as risk reduction.

Answer 417

A

A graphical table indicating the likelihood and impact of risk factors identified for a workflow, project, or department 1 for reference by stakeholders. 2

Answer 418

A

The response of reducing risk to fit within an organization’s risk appetite.

Answer 419

A

A document highlighting the results of risk assessments in an easily comprehensible format (such as a “traffic light” grid). Its purpose is for department managers and technicians to understand risks associated with the workflows that they manage.

Answer 420

A

In risk mitigation, the response of moving or sharing the responsibility of risk to another entity, such as by purchasing cybersecurity insurance.

Answer 421

A

In ESA, a framework that uses risk assessment to prioritize security control selection and investment.

Answer 422

A

Named for its designers, Ronald Rivest, Adi Shamir, and Len Adelman, the first successful algorithm for public key encryption with a variable key length and block size.

Answer 423

A

A remote-controlled or autonomous robot capable of patrolling site premises or monitoring gateways.

Answer 424

A

An access control model where resources are protected by ACLs that are managed by administrators and that provide user permissions based on job functions.

Answer 425

A

In PKI, a CA that issues certificates to intermediate CAs in a hierarchical structure.

Answer 426

A

A class of malware that modifies system files, often at the kernel level, to conceal its presence.

Answer 427

A

A hardware device that has the primary function of a router, but also has firewall functionality embedded into the router firmware.

Answer 428

A

Rules that govern how routers communicate and forward traffic between networks.

Answer 429

A

A nondiscretionary access control technique that is based on a set of operational rules or restrictions to enforce a least privileges permissions policy.

Answer 430

A

An automated version of a playbook that leaves clearly defined interaction points for human analysis.

Answer 431

A

A security countermeasure that mitigates the impact of a rainbow table attack by adding a random value to (“salting”) each plaintext input.

Answer 432

A

A computing environment that is isolated from a host system to guarantee that the environment runs in a controlled, secure fashion. Communication links between the sandbox and the host are usually completely prohibited.

Answer 433

A

The process of thorough and completely removing data from a storage medium so that file remnants cannot be recovered.

Answer 434

A

The property by which a computing environment is able to gracefully fulfill its ever-increasing resource needs.

Answer 435

A

Utility that runs port scans through third-party websites to evade detection.

Answer 436

A

A dual-homed proxy/gateway server used to provide Internet access to other network nodes, while protecting them from external attack.

Answer 437

A

An inexperienced, unskilled attacker that typically uses tools or scripts created by others.

Answer 438

A

A UEFI feature that prevents unwanted processes from executing during the boot operation.

Answer 439

A

A method of sanitizing a drive using the ATA command set.

Answer 440

A

A secure version of the File Transfer Protocol that uses a Secure Shell (SSH) tunnel as an encryption method to transfer, access, and manage files.

Answer 441

A

A cryptographic hashing algorithm created to address possible weaknesses in MDA. The current version is SHA-2.

Answer 442

A

A remote administration and file-copy program that supports VPNs by using port forwarding, and that runs on TCP port 22.

Answer 443

A

A protocol that uses the HTTP over SSL protocol and encapsulates an IP packet with a PPP header and then with an SSTP header.

Answer 444

A

An appliance or proxy server that mediates client connections with the Internet by filtering spam and malware and enforcing access restrictions on types of sites visited, time spent, and bandwidth consumed.

Answer 445

A

An email encryption standard that adds digital signatures and public key cryptography to traditional MIME communications.

Answer 446

A

A computing method that enables clients to take advantage of information, software, infrastructure, and processes provided by a cloud vendor in the specific area of computer security.

Answer 447

A

An XML-based data format used to exchange authentication information between a client and a service.

Answer 448

A

A NIST framework that outlines various accepted practices for automating vulnerability scanning.

Answer 449

A

A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the confidentiality, integrity, and availability (CIA) of information.

Answer 450

A

The value assigned to an account by Windows and that is used by the operating system to identify that account.

Answer 451

A

A solution that provides real-time or near-real-time analysis of security alerts generated by network hardware and applications.

Answer 452

A

A class of security tools that facilitates incident response, threat hunting, and security configuration by orchestrating automated runbooks and delivering data enrichment.

Answer 453

A

Since version 4.3, Android has been based on Security-Enhanced Linux, enabling granular permissions for apps, container isolation, and storage segmentation.

Answer 454

A

A portion of a network where all attached hosts can communicate freely with one another.

Answer 455

A

A disk drive where the controller can automatically encrypt data that is written to it.

Answer 456

A

A digital certificate that has been signed by the entity that issued it, rather than by a CA.

Answer 457

A

Devising an AI/ML algorithm that can describe or classify the intention expressed in natural language statements.

Answer 458

A

A concept that states that duties and responsibilities should be divided among individuals to prevent ethical conflicts or abuse of powers.

Answer 459

A

Developed from parallel SCSI, SAS represents the highest performing hard disk interface available.

Answer 460

A

A digital certificate that guarantees the identity of e-commerce sites and other websites that gather and store confidential information.

Answer 461

A

A software architecture that runs functions within virtualized runtime containers in a cloud rather than on dedicated server instances.

Answer 462

A

In a web application, input data that is executed or validated as part of a script or process running on the server.

Answer 463

A

A host or network account that is designed to run a background service, rather than to log on interactively.

Answer 464

A

Operating procedures and standards for a service contract.

Answer 465

A

A character string that identifies a particular wireless LAN (WLAN).

Answer 466

A

A software architecture where components of the solution are conceived as loosely coupled services not dependent on a single platform type or technology.

Answer 467

A

A scheduling approach used by load balancers to route traffic to devices that have already established connections with the client in question. Also known as source IP affinity.

Answer 468

A

A type of spoofing attack where the attacker disconnects a host then replaces it with his or her own machine, spoofing the original host’s IP address.

Answer 469

A

Used to establish, disestablish, and manage VoIP and conferencing communications sessions. It handles user discovery (locating a user on the network), availability advertising (whether a user is prepared to receive calls), negotiating session parameters (such as use of audio/video), and session management and termination.

Answer 470

A

Web standard for using sampling to record network traffic statistics.

Answer 471

A

Computer hardware, software, or services used on a private network without authorization from the system owner.

Answer 472

A

An account with no credential (guest) or one where the credential is known to multiple persons.

Answer 473

A

Lightweight block of malicious code that exploits a software vulnerability to gain initial access to a victim system.

Answer 474

A

The process of developing and implementing additional code between an application and the operating system to enable functionality that would otherwise be unavailable.

Answer 475

A

A social engineering tactic to obtain someone’s password or PIN by observing him or her as he or she types it in.

Answer 476

A

A network monitoring system that uses a predefined set of rules provided by a software vendor or security personnel to identify events that are unacceptable.

Answer 477

A

Protocol for monitoring and managing network devices. SNMP works over UDP ports 161 and 162 by default.

Answer 478

A

An XML-based web services protocol that is used to exchange messages.

Answer 479

A

Personal authentication mechanism for Wi-Fi networks introduced with WPA3 to address vulnerabilities in the WPA-PSK method.

Answer 480

A

The amount that would be lost in a single occurrence of a particular risk factor.

Answer 481

A

A component or system that would cause a complete interruption of a service if it failed.

Answer 482

A

An authentication

Answer 483

A

A DoS attack mitigation strategy that directs the traffic that is flooding a target IP address to a different network for analysis.

Answer 484

A

A device similar to a credit card that can store authentication information, such as a user’s private key, on an embedded microchip.

Answer 485

A

A utility meter that can submit readings to the supplier without user intervention.

Answer 486

A

A form of phishing that uses SMS text messages to trick a victim into revealing information.

Answer 487

A

Software utility designed for penetration testing reporting and evidence gathering that can also run automated test suites.

Answer 488

A

A computing method that uses the cloud to provide application services to users.

Answer 489

A

APIs and compatible hardware/virtual appliances allowing for programmable network appliances and systems.

Answer 490

A

APIs for reporting configuration and state data for automated monitoring and alerting.

Answer 491

A

Coding resources provided by a vendor to assist with development projects that use their platform or API.

Answer 492

A

A spam attack that is propagated through instant messaging rather than email.

Answer 493

A

A switching protocol that prevents network loops by dynamically disabling links as needed.

Answer 494

A

An email-based or web-based form of phishing which targets specific individuals.

Answer 495

A

VPN configuration where only traffic for the private network is routed via the VPN gateway.

Answer 496

A

Applying consistent names and labels to assets and digital resources/identities within a configuration management system.

Answer 497

A

Mechanism used to mitigate performance and privacy issues when requesting certificate status from an OCSP responder.

Answer 498

A

A type of threat actor that is supported by the resources of its host country’s military and security services. Also known as nation state actor.

Answer 499

A

Field in a digital certificate allowing a host to be identified by multiple host names/subdomains.

Answer 500

A

A small chip card that identifies the user and phone number of a mobile device, via an International Mobile Subscriber Identity (ISMI).

Answer 501

A

A type of industrial control system that manages large-scale, multiple-site devices and equipment spread over geographically large areas.

Answer 502

A

In EAP architecture, the device requesting access to the network.

Answer 503

A

A two-way encryption scheme in which encryption and decryption are both performed by the same key. Also known as shared-key encryption.

Answer 504

A

A protocol enabling different appliances and software applications to transmit logs or event records to a central server.

Answer 505

A

A processor that integrates the platform functionality of multiple logical controllers onto a single chip.

Answer 506

A

Analysis of historical cyberattacks and adversary actions.

Answer 507

A

Linux utility for showing the last lines in a file.

Answer 508

A

Social engineering technique to gain access to a building by following someone who is unaware of their presence.

Answer 509

A

Tape media provides robust, high-speed, high-capacity backup storage. Tape drives and autoloader libraries can be connected to the SATA and SAS buses or accessed via a SAN.

Answer 510

A

A command-line packet sniffing utility.

Answer 511

A

A command-line utility that replays packets saved to a file back through a network adapter.

Answer 512

A

A category of security control that is implemented as a system (hardware, software, or firmware). Technical controls may also be described as logical controls.

Answer 513

A

A mechanism used in the first version of WPA to improve the security of wireless encryption mechanisms, compared to the flawed WEP standard.

Answer 514

A

An AAA protocol developed by Cisco that is often used to authenticate to administrator accounts for network appliance management.

Answer 515

A

A hardware device inserted into a cable to copy frames for analysis.

Answer 516

A

Using the cellular data plan of a mobile device to provide Internet access to a laptop or PC. The PC can be tethered to the mobile by USB, Bluetooth, or Wi-Fi (a mobile hotspot). Also known as hotspot.

Answer 517

A

a field is used to indicate a priority value for a layer 3 (IP) packet to facilitate Quality of Service (QoS) or Class of Service (CoS) scheduling.

Answer 518

A

Utility for gathering results from open source intelligence queries.

Answer 519

A

An access point that requires a wireless controller in order to function.

Answer 520

A

Vulnerabilities that arise from dependencies in business relationships with suppliers and customers.

Answer 521

A

The person or entity responsible for an event that has been identified as a security incident or as a risk.

Answer 522

A

Cybersecurity technique designed to detect presence of threats that have not been discovered by normal security monitoring.

Answer 523

A

Animated map showing threat sources in near real-time.

Answer 524

A

The potential vulnerability that occurs when there is a change between when an app checked a resource and when the app used the resource.

Answer 525

A

The potential vulnerability that occurs when there is a change between when an app checked a resource and when the app used the resource.

Answer 526

A

In forensics, identifying whether a time zone offset has been applied to a file’s time stamp.

Answer 527

A

An improvement on HOTP that forces one-time passwords to expire after a short period of time.

Answer 528

A

In digital forensics, a tool that shows the sequence of file system events within a source image in a graphical format.

Answer 529

A

A physical or virtual item that contains authentication and/or authorization data, commonly used in multifactor authentication.

Answer 530

A

A deidentification method where a unique token is substituted for real data.

Answer 531

A

In cloud computing, a virtual router deployed to facilitate connections between VPC subnets and VPN gateways.

Answer 532

A

A security protocol that uses certificates for authentication and encryption to protect web communication.

Answer 533

A

The process of detecting patterns within a dataset over time, and using those patterns to make predictions about future events or better understand past events.

Answer 534

A

A malicious software program hidden within an innocuous-seeming piece of software. Usually, the Trojan is used to try to compromise the security of the target computer. Also known as Trojan.

Answer 535

A

A protocol for exchanging cyber threat intelligence between organizations.

Answer 536

A

A protocol for exchanging cyber threat intelligence between organizations.

Answer 537

A

A specification for hardware-based storage of digital certificates, keys, hashed passwords, and other user and platform identification information.

Answer 538

A

An attack—also called typosquatting—in which an attacker registers a domain name with a common misspelling of an existing domain, so that a user who misspells a URL they enter into a browser is taken to the attacker’s website. Also known as URL hijacking.

Answer 539

A

Enterprise software for controlling device settings, apps, and corporate data storage on all types of fixed, mobile, and IoT computing devices.

Answer 540

A

All-in-one security appliances and agents that combine the functions of a firewall, malware scanner, intrusion detection, vulnerability scanner, data loss prevention, content filtering, and so on.

Answer 541

A

Hardware plug to prevent malicious data transfer when a device is plugged into a USB charging point.

Answer 542

A

A system that can provide automated identification of suspicious activity by user accounts and computer hosts.

Answer 543

A

Policies and procedures to identify vulnerabilities and ensure security of the supply chain.

Answer 544

A

The user desktop and software applications provisioned as an instance under VDI.

Answer 545

A

A virtualization implementation that separates the personal computing environment from a user’s physical computer.

Answer 546

A

A logically separate network, created by using switching technology. Even though hosts on two VLANs may be physically connected to the same cabling, local traffic is isolated to each VLAN so they must use a router to communicate.

Answer 547

A

An attack where malware running in a VM is able to interact directly with the hypervisor or host kernel.

Answer 548

A

Configuration vulnerability where provisioning and deprovisioning of virtual assets is not properly authorized and monitored.

Answer 549

A

A private network segment made available to a single cloud consumer on a public cloud.

Answer 550

A

A secure tunnel created between two endpoints connected via an unsecure network (typically the Internet).

Answer 551

A

Code designed to infect computer files (or disks) when it is activated.

Answer 552

A

A human-based attack where the attacker extracts information while speaking over the phone or leveraging IPbased voice messaging services (VoIP).

Answer 553

A

Programming languages used to implement macros and scripting in Office document automation.

Answer 554

A

A weakness that could be triggered accidentally or exploited intentionally to cause a security breach.

Answer 555

A

An evaluation of a system’s security and ability to meet compliance requirements based on the configuration state of the system, as represented by information collected from the system.

Answer 556

A

The practice of using a Wi-Fi sniffer to detect WLANs and then either making use of them (if they are open/unsecured) or trying to break into them (using WEP and WPA cracking tools).

Answer 557

A

A location that is dormant or performs noncritical functions under normal conditions, but which can be rapidly converted to a key operations site if needed.

Answer 558

A

An attack in which an attacker targets specific groups or organizations, discovers which websites they frequent, and injects malicious code into those sites.

Answer 559

A

“A firewall designed specifically to protect software running on web servers and their backend databases from code injection and DoS
attacks”

Answer 560

A

An email-based or web-based form of phishing which targets senior executives or wealthy individuals.

Answer 561

A

Staff administering, evaluating, and supervising a penetration test or incident response exercise.

Answer 562

A

Standards for authenticating and encrypting access to Wi-Fi networks. Also known as WPA2, WPA3.

Answer 563

A

A feature of WPA and WPA2 that allows enrollment in a wireless network based on an 8-digit PIN.

Answer 564

A

Forensics tool for Windows that allows collection and inspection of binary code in disk and memory images.

Answer 565

A

A legacy mechanism for encrypting data sent over a wireless connection.

Answer 566

A

A vulnerability in software that is unpatched by the developer or an attack that exploits such a vulnerability.

Answer 567

A

A method of sanitizing a drive by setting all bits to zero.

Answer 568

A

Low-power wireless communications open source protocol used primarily for home automation. ZigBee uses radio frequencies in the 2.4 GHz band and a mesh topology.

Answer 569

A

Low-power wireless communications protocol used primarily for home automation. Z-Wave uses radio frequencies in the high 800 to low 900 MHz and a mesh topology

Answer 570

A

Information about sessions between hosts that is gathered by a stateful firewall.

Answer 571

A

A technique used in firewalls to analyze packets down to the application layer rather than filtering packets only by header information, enabling the firewall to enforce tighter and more security.

Answer 572

A

Audit specifications designed to ensure that cloud/hosting providers meet professional standards. A SOC2 Type II report is created for a restricted audience, while SOC3 reports are provided for general consumption.

Answer 573

A

A technique for obscuring the presence of a message, often by embedding information within a file or other entity.

Answer 574

A

One of a set of precompiled database statements that can be used to validate input to a database.

Answer 575

A

A type of symmetric encryption that combines a stream of plaintext bits or bytes with a pseudorandom stream initialized by a secret key.

Answer 576

A

A software testing method that evaluates how software performs under extreme load.

Answer 577

A

A mechanism to account for unexpected error conditions that might arise during code execution. Effective error handling reduces the chances that a program could be exploited. 1

Answer 578

A

An attack that injects a database query into the input data directed at a server by accessing the client side of the application.

Answer 579

A

A framework for analyzing cybersecurity incidents.

Brainscape's Knowledge GenomeTM

Brainscape Glossarry Flashcards

Brainscape's Knowledge Genome^TM