C

Question 1

CAM Table

Answer 1

Maps MAC addresses to IP address, allowing a switch to send traffic to the correct port.

Question 2

Capture The Flag

Answer 2

An exercise that pits technologists against one another in an attempt to attack a system and achieve a specific goal, such as stealing a sensitive file. 8

Question 3

Card Cloning Attack

Answer 3

A kind of attack that focuses on capturing information from cards like RFID and magstripe cards often used for entry access. 8

Question 4

Carrier unlocking

Answer 4

Allows mobile phones to be used with other cellular providers. 8

Question 5

CCMP (Counter Mode With Cipher Block Chaining Message Authentication Code Protocol)

Answer 5

Encryption technology used in the WPA2 protocol. It implements AES (Advanced Encryption Standard) with a 128- bit key as a stream cipher. 8

Question 6

Cellular

Answer 6

A kind of wireless connection that provides connectivity for mobile devices like cell phones by dividing geographic areas into “cells”, with tower coverage allowing wireless communications between devices and towers or cell sites. 8

Question 7

Center For Internet Security (CIS)

Answer 7

An industry organization that publishes hundreds of benchmarks for commonly used platforms. 8

Question 8

Centralized

Answer 8

Centralized approach to commuting places a significant portion of an organization’s infrastructure within a Single environment. 8

Question 9

Centralized Proxy

Answer 9

Traffic is routed through the device. 9

Question 10

Certificate

Answer 10

Certificates can be stored on a system or paired with a storage device or security token and are often used to identify systems or devices as well as individuals. 9

Question 11

Certificate Authorities (CA)

Answer 11

CA are the glue that binds the public key infrastructure together. These neutral organizations offer notarization services for digital certificates. 9

Question 12

Certificate Chaining

Answer 12

The use of a series of intermediate CAs in the certificate authority trust model. 9

Question 13

Certificate Revocation List (CRL)

Answer 13

Used to ensure that the certificate was not revoked. 9

Question 14

Certificate Signing Request (CSR)

Answer 14

Provides your public key to the certificate authority to create an X.509 digital certificate containing your identifying information and a copy of your public key. The CA then digitally signs the certificate using the CA’s private key and provides you with a copy of your signed digital certificate.

Question 15

Certificate Stapling

Answer 15

This is an extension to the Online Certificate Status Protocol (OCSP) that relieves some of the burden placed upon certificate authorities by the original protocol. The web server contacts the OCSP server itself and receives a signed and timestamped response from the OCSP server, which it then attaches to the digital certificate. 9

Question 16

Certification

Answer 16

The comprehensive evaluation, made in support of the accreditation process, of the technical and nontechnical security features of an IT system and other safeguards to establish the extent to which a particular design and implementation meets a set of specified security requirements.9

Question 17

Chain of Custody

Answer 17

The process by which investigators document the handling of evidence from collection through use in court. 9

Question 18

Challenge Handshake Authentication Protocol (CHAP)

Answer 18

A protocol that challenges a user or system to verify its identity without sending a secrete key over the network. 9

Question 19

Change Management

Answer 19

Process that defines how the organization will review, approve, and implement proposed changes to information systems in a manner that manages both Cybersecurity and operational risk.9

Question 20

Choose Your Own Device (CYOD)

Answer 20

The organization owns the device but allows the user to select and maintain it.

Question 21

Chosen Plain Text

Answer 21

The attacker obtains the ciphertexts corresponding to a set of plain texts of their own choosing.

Question 22

CIA Triad

Answer 22

The 3 essential security principles of confidentiality, integrity, and availability. 9

Question 23

Cipher

Answer 23

A system that hides the true meaning of a message. Ciphers use a variety of techniques to alter and/or rearrange the characters or words of a message to achieve confidentiality. 9

Question 24

Clean Desk Policy

Answer 24

A policy used to instruct workers how and why to clean off their desks at the end of each work period. In relation to security, such a policy has a primary goal of reducing disclosure of sensitive information. 10

Question 25

Closed Circuit Television (CCTV)

Answer 25

Displays what the camera is seeing on a screen. Some CCTV systems include recording capabilities as well. 10

Question 26

Closed Sourc Intelligence

Answer 26

Intelligence information, typically from a commercial vendor that is provided only to specific groups. 10

Question 27

Cloud Access Security Broker (CASB)

Answer 27

A security policy enforcement solution that consistently enforces security policies across cloud providers. 10

Question 28

Cloud Auditors

Answer 28

Independent organizations that provide third-party assessments of cloud services and operations. 10

Question 29

Cloud Bursting

Answer 29

Moving the execution of an application to the cloud on an as-needed basis. 10

Question 30

Cloud Carriers

Answer 30

The intermediaries that provide the connectivity that allows the delivery of cloud services from providers to consumers. 10

Question 31

Cloud Computing

Answer 31

A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources. 10

Question 32

Cloud Consumers

Answer 32

The organizations and individuals who purchase cloud services from cloud service providers.

Question 33

Cloud Partners

Answer 33

The organizations that offer ancillary products or services that support or integrate with the offerings of a cloud service provider. 10

Question 34

Cloud Service Providers

Answer 34

The firms that offer cloud computing services to their customers.

Question 35

Clustering

Answer 35

Describes groups of computers connected together to perform the same task.

Question 36

Code Injection Attacks

Answer 36

Attacks seeking to insert attacker-written code into the legitimate code created by web application developer. 10

Question 37

Code of Conduct/Ethics

Answer 37

A document that describes expected behavior of employees and affiliates and covers situations not specifically addressed in policy.10

Question 38

Code Repositories

Answer 38

Centralized locations for the storage and management of application source code. 10

Question 39

Code Review

Answer 39

A form of vulnerability assessment where flaws in code or errors in logic are detected by combing through source code. 10

Question 40

Code Signing

Answer 40

A way for developers to confirm the authenticity of their code to end users.10

Question 41

Code Aisles

Answer 41

Server room aisles that blow cold air from the floor.11

Question 42

Cold Sites

Answer 42

Standby facilities large enough to handle the processing load of an organization and with appropriate electrical and environmental support systems. 11

Question 43

Collisions

Answer 43

Cases where a hash function produces the same value for two different methods. 11

Question 44

Column Level Encryption (CLE)

Answer 44

Allows for specific columns within tables

Question 45

Common Configuration Enumeration (CCE)

Answer 45

Provides a standard nomenclature for discussing configuration issues. 11

Question 46

Common Name

Answer 46

Clearly describes the certificate owner.

Question 47

Common Platform enumeration (CPE)

Answer 47

Provides a standard nomenclature for describing security related software flaws. 11

Question 48

Common Vulnerabilities and Exposure (CVE)

Answer 48

Common Vulnerabilities and Exposure (CVE) Provides a standard nomenclature for describing security related software flaws. 11

Question 49

Common Vulnerability Scoring System (CVSS)

Answer 49

Common Vulnerability Scoring System (CVSS) – Security Content Automation Protocol (SCAP) Component that provides a standardized scoring system for describing the characteristics and severity of security vulnerabilities. 11

Question 50

Community Cloud

Answer 50

Cloud delivery model in which the infrastructure is shared by organizations with something in common. 11

Question 51

Company Owned Business ONLY (COBO)

Answer 51

Company Owned Business ONLY (COBO) – Most frequently used to describe company owned devices used only for business work. 11

Question 52

Compensating Controls

Answer 52

Gap controls that fill in the coverage between other types of vulnerability mitigation techniques. 11

Question 53

Compliance Reporting

Answer 53

Ensures that organizations meet the regulatory requirements and maintain transparency within the organization and with external stakeholders. 11

Question 54

Compliance Risk

Answer 54

The risk that a security breach causes an organization to run afoul of legal or regulatory requirements. 11

Question 55

Computer Based Training (CBT)

Answer 55

Computer Based Training (CBT)- method of Delivery training content to users by digital means.

Question 56

Concurrent Session Usage

Answer 56

An indicator of compromise that occurs when a session is used from more than one location or device at a time. 11

Question 57

Confidential

Answer 57

Information that requires some protection. 11

Question 58

Confidentiality

Answer 58

Ensures that unauthorized individuals are not able to gain access to sensitive information. 11

Question 59

Confidentiality Metric (C)

Answer 59

Confidentiality Metric – A metric that describes the type of information disclosure that might occur if an attacker successfully exploits the vulnerability. 12

Question 60

Configuration Management

Answer 60

The Process of logging, auditing, and monitoring activities related to security controls and security mechanisms over time. This data is then used to identify agents of change, such as object, subjects, programs, communication pathways, or even the network itself. 12

Question 61

Conflicts of interest

Answer 61

Arises when a vendor has a competing interest that could influence their behavior in a way that is not aligned with the best interest of the organization. 12

Question 62

Conservative Risk Appetite

Answer 62

Organizations tend to avoid high risk and focus on maintaining stability and protecting existing assets. 12

Question 63

Container

Answer 63

Standardized software packages that include all code and libraries to facilitate execution on any hardware and operating system supporting the same containerization platform. 12

Question 64

Containerization

Answer 64

This is an increasingly common solution to handling separation of work and personal use contexts on devices. 12

Question 65

Containment

Answer 65

Prevention of the spread of malicious code or other attacks.

Question 66

Content filters

Answer 66

Devices or software that allow or block traffic based on content rules. 12

Question 67

Content Aware authentication

Answer 67

Goes beyond PINs, passwords, and biometrics to better reflect user behavior. 12

Question 68

Continuity of Operations

Answer 68

Ensuring that operations will continue even if issues ranging from single system failures to wide scale natural disasters occur. 12

Question 69

Continuous Delivery (CD)

Answer 69

Continuous Delivery (CD) – Sometimes called continuous delivery; it rolls out tested changes into production automatically as soon as they have been tested. 12

Question 70

Continuous Integration (CI)

Answer 70

Continuous Integration (CI)– A development practice that checks code into a shared repository on a consistent, ongoing basis.

Question 71

Continuous Monitoring

Answer 71

A monitoring practice that uses automation to facilitate 24/7 monitoring of systems and networks. 12

Question 72

Continuous Risk Assessment

Answer 72

Involves ongoing monitoring and analysis of risks. 12

Question 73

Continuous Validation

Answer 73

Using continuous integration and continuous deployment methods requires building continuous validation and automated Secuity testing into the pipeline testing process. 12

Question 74

Control Objectives

Answer 74

The requirements of the level of protection required to preserve the confidentiality, integrity, and availability of an organization’s information and systems. 13

Question 75

Control Objectives for Information and Related Technologies (COBIT)

Answer 75

Control Objectives for Information and Related Technologies (COBIT)– Describes the common requirements that organizations should have in place surrounding their information systems. 13

Question 76

Cookie

Answer 76

A plain-text file stored on your machine that contains information about you (and your preferences) for use by a database server. Although cookies are frequently used for various legitimate purposes, they can also be used by malicious websites to track user activities. 13

Question 77

Corporate-Owned

Answer 77

Provides the greatest control but least flexibility for devices.

Question 78

Corporate-Owned, personally Enabled (COPE)

Answer 78

Corporate-Owned, personally Enabled (COPE)– Corporate provided devices that allow reasonable personal use while meeting enterprise security and control needs. 13

Question 79

Corrective Controls

Answer 79

A type of access control that modifies the environment to return systems to normal after an unwanted or unauthorized activity has occurred. 13

Question 80

Credential Harvesting

Answer 80

The process of gathering credentials like usernames and passwords.

Question 81

Credential Management Policy

Answer 81

A document that describes the account life cycle from provisioning through active use and decommissioning. 13

Question 82

Credential Reply

Answer 82

Attacks are form of network attack that requires the attacker to be able to capture valid network data and to re-send it or to delay it so that the attacker’s own use of the data is successful. 13

Question 83

Credentialed Scanning

Answer 83

Access operating systems, databases, and applications, among other sources. 13

Question 84

Cross Site Request Forgery (XSRF/CSRF)

Answer 84

Cross Site Request Forgery (XSRF/CSRF) An attack that is similar in nature to that of XSS. However, with XSRF, the attack is focused on the visiting user’s web browser more so than the website being visited. 13

Question 85

Cross-Site Scripting (XSS)

Answer 85

Cross-Site Scripting (XSS)–Running a script routine on a user’s machine from a website without their permission. 13

Question 86

Crossover Error Rate (CER)

Answer 86

Crossover Error Rate (CER)–The point at which the false rejection rate (FRR) and the false acceptance rate (FAR) are equal. Sometimes called equal error rate (ERR)

Question 87

Cryptanalysis

Answer 87

The study of methods to defeat codes and ciphers. 13

Question 88

Cryptocurrency

Answer 88

The first major application of the blockchain. Blockchain allows the existence of a currency that has no central regulator. 13

Question 89

Cryptography

Answer 89

Algorithms applied to data that are designed to ensure confidentiality, integrity, authentication, and/or nonrepudiation. The art of creating and implementing secret codes and ciphers. 14

Question 90

Cryptology

Answer 90

Together, cryptography and cryptanalysis are commonly referred to as cryptology. 14

Question 91

Cryptosystems

Answer 91

Specific implementations of a code or cipher in hardware and software. 14

Question 92

Cryptovariables

Answer 92

Cryptographic keys

Question 93

Curl

Answer 93

A tool that is found on linux systems and that is used to transfer data via URLs.

Question 94

CVSS base score

Answer 94

A single number representing the overall risk posed by the vulnerability. 14

Question 95

CVSS Vector

Answer 95

A vector that uses a single line format to convey the ratings of a vulnerability on all 6 of the metrics. 14

Question 96

Cyber kill chain

Answer 96

A seven-step process of mapping attacks from their beginning to end. 14

Question 97

Cybersecurity Framework CSF

Answer 97

– NIST cybersecurity framework provides organization against cybersecurity risks.

Question 98

Cybersecurity Insurance

Answer 98

Insurance policy designed to protect an organization against cybersecurity risks. 14

Question 99

CYOD

Answer 99

Choose Your Own Device