C(s)

Question 1

Cable modem

Answer 1

Provide Internet access via broadband cable TV

Question 2

Cache memory

Answer 2

The fastest memory on the system, required to keep up with the CPU as it fetches and executes instructions

Question 3

Caesar Cipher

Answer 3

A rot-3 substitution cipher

Question 4

Callback

Answer 4

Modern-based authentication system

Question 5

Caller ID

Answer 5

Identifies the calling phone number, sometimes used as a weak authentication method

Question 6

Candidate keys

Answer 6

Any attribute (column) in the table with unique values

Question 7

CMM

Answer 7

Capability Maturity Model, a maturity framework for evaluating and improving the software development process

Question 8

CSMA

Answer 8

Carrier Sense Multiple Access, a method used by Ethernet networks to allowed shared usage of a baseband network, and avoid collisions

Question 9

CASE

Answer 9

Computer-aided software engineering, uses programs to create assist in the creation and maintenance of other computer programs

Question 10

CBC

Answer 10

Cipher Block Chaining , a block mode of DES that XORs the previous encrypted block of cipher-text to the next block plaintext to be encrypted

Question 11

CCD

Answer 11

Charged Couple Discharge, a digital CCTV

Question 12

CCMP

Answer 12

Counter Mode CBC MAC Protocol, used by WPA2 to create a MIC

Question 13

CCTV

Answer 13

Closed Circuit Television, a detective device used to aid guards in in detecting the presence of intruders in restricted areas

Question 14

CDN

Answer 14

Content Distribution Networks (also Content Delivery Networks) use a series of distributed caching servers to improve performance and lower the latency of downloaded online content

Question 15

CPU

Answer 15

Central Processing Unit, the “brains” of the computer, capable of controlling and performing mathematical calculations

Question 16

Centralized access control

Answer 16

Concentrates Access control in one logical point for a system or organization

Question 17

CER

Answer 17

Crossover error rate, describes the point where the false reject rate(FRR) and false accept rate(FAR) are equal

Question 18

Certificate Authority

Answer 18

PKI component that authenticates the identity of a person or organization before issuing a certificate to them

Question 19

CRL

Answer 19

Certificate Revocation Lists, PKI component which lists digital certificates that have been revoked

Question 20

Certification

Answer 20

A detailed inspection that verifies whether a system meets the documented security requirements

Question 21

CFB

Answer 21

Cipher Feedback, a stream mode DES that is similar to block-mode CBC

Question 22

Chain of custody

Answer 22

Requires that once evidence is acquired, full documentation regarding who, what, when, and where evidence was handled is maintained

Question 23

Chaining

Answer 23

Block cipher mechanism that seeds the previous Encrypted block into the next block to be encrypted

Question 24

CHAP

Answer 24

Challenge Handshake Authentication Protocol, a more secure network authentication protocol that uses a shared secret

Question 25

Change management

Answer 25

The process of understanding, communicating , and documenting changes

Question 26

CSU/DSU

Answer 26

Channel Service Unit/Data Service Unit, DCE device

Question 27

Checklist testing

Answer 27

Lists all necessary components required for successful recovery, and ensures that they are, or will be , readily available should a disaster occur. Also known as consistency testing

Question 28

CIA triad

Answer 28

Confidentiality, integrity, and availability

Question 29

CIDR

Answer 29

Classless Inter-Domain Routing, allows for many network sizes beyond the arbitrary state-full network sizes

Question 30

Cipher

Answer 30

A cryptographic algorithm

Question 31

Cipher disk

Answer 31

Cryptographic device that uses two concentric disks each with alphabet around the periphery

Question 32

Ciphertext

Answer 32

An encrypted message

Question 33

Circuit-level proxy

Answer 33

Proxy firewall that operates at Layer 5

Question 34

Circuit-switched network

Answer 34

Network that provides a dedicated circuit or channel between two nodes

Question 35

Circumstantial evidence

Answer 35

Evidence that serves to establish the circumstances related to particular points or even other evidence

Question 36

CIRT

Answer 36

Computer Incident Response Team, a team that performs incident handling

Question 37

CISC

Answer 37

Complex Instruction Set Computer, CPU instructions that are longer and more powerful

Question 38

Civil law

Answer 38

Law that resolves disputes between individuals or organizations

Question 39

Civil law (legal system)

Answer 39

Legal system that leverages codified laws or statutes to determine what is considered within the bounds of law

Question 40

Clark-Wilson

Answer 40

Real-world integrity model that protects integrity by having subjects access objects via programs

Question 41

Class I gate

Answer 41

Residential gate designed for home use

Question 42

Class II gate

Answer 42

Commercial gate, such as a parking garage gate

Question 43

Class III gate

Answer 43

Industrial/limited access gate, such as a large loading dock

Question 44

Class IV gate

Answer 44

Restricted access gate, used at an airport or prison

Question 45

Classful addresses

Answer 45

IPv4 Networks in classes A through E

Question 46

Clearance

Answer 46

A determination, typically made by a senior security professional, about whether or not a user can be trusted with a specific level of information

Question 47

Client-side attacks

Answer 47

Attack where a user downloads malicious content

Question 48

Clipper Chip

Answer 48

(Failed) 1993 Escrowed Encryption Standard (EES), which used the Skipjack algorithm

Question 49

Clipping level

Answer 49

A minimum reporting threshold level

Question 50

Closed source

Answer 50

Software released in executable form: the source code is kept confidential

Question 51

Closed system

Answer 51

System using proprietary hardware or software

Question 52

CMP

Answer 52

Crisis Management Plan

Question 53

Coaxial

Answer 53

Network cabling that has an inner copper core separated by an insulator from a metallic braid or shield

Question 54

COBIT

Answer 54

Control Objectives for Information and related Technology, a control framework for employing information security governance best practices within an organization

Question 55

COCOM

Answer 55

Committee for Multilateral Export Controls, a munitions law which was in effect from 1947 to 1994. It was designed to control the export of critical technologies (including cryptography) to “Iron Curtain” countries during the Cold War

Question 56

Code Repositories

Answer 56

Secure service for storing source code of projects, a public example is GitHub

Question 57

Codebreakers(The)

Answer 57

David Kahn’s history of cryptography

Question 58

Cohesion

Answer 58

OOP concept that describes an independent object. Objects with high cohesion have low coupling

Question 59

Cold site

Answer 59

A backup site with raised floor, power, utilities, and physical security, and no configured systems or data

Question 60

Collection Limitation Principle

Answer 60

OECD Privacy Guideline Principle which states personal data collection should have limits, be obtained in a lawful manner, and, unless there is a compelling reason to the contrary, with the individuals knowledge and approval

Question 61

Collision

Answer 61

Two or more plaintexts that generate the same hash

Question 62

Collusion

Answer 62

An agreement between two or more individuals to subvert the security of a system

Question 63

Color of law

Answer 63

Acting on the authority of law enforcement

Question 64

COM

Answer 64

Component Object Model, locates, and connects objects locally

Question 65

Combinatorial software testing

Answer 65

Black box testing method that seeks to identify and test all unique combinations of software inputs

Question 66

Commandments of Computer Ethics

Answer 66

The Computer Ethnics Institute code of ethics

Question 67

Commit

Answer 67

Makes changes to a database permanent

Question 68

Common criteria

Answer 68

An internationally agreed upon standard for describing and testing the security of IT products

Question 69

CORBA

Answer 69

Common Object Request Broker Architecture, an open vendor-neutral networked object broker framework

Question 70

Compartmentalization

Answer 70

Technical enforcement of need to know

Question 71

Compensating Controls

Answer 71

Additional security controls put in place to compensate for weaknesses in other Controls

Question 72

Compensatory damages

Answer 72

Damages provides as compensation

Question 73

Compiler

Answer 73

Convert source code, such as C or Basic , and compile it into machine code

Question 74

Computer bus

Answer 74

The primary communication channel on a computer system

Question 75

Computer crimes

Answer 75

Crimes using computers

Question 76

Computer Fraud and Abuse Act

Answer 76

Title 18 United States Code Section 1030

Question 77

CSIRT

Answer 77

Computer Security Incident Response Team, the group that is tasked with monitoring, identifying, and responding to security incidents

Question 78

COTS

Answer 78

Commercial Off-the-Shelf Software, third-party developed commercial software available to the general public

Question 79

BIA

Answer 79

Conduct the business impact analysis (BIA) second step of the NIST SP 800-34 contingency planning process

Question 80

Confidentiality

Answer 80

Seeks to prevent the unauthorized disclosure of information

Question 81

Configuration management

Answer 81

The process of developing a consistent system security configuration that can be leveraged throughout an organization

Question 82

Confusion

Answer 82

The relationship between the plaintext and cipher-text should be as confused (or as random) as possible

Question 83

Containment phase

Answer 83

Incident response phase that attempts to keep further damage from occurring as a result of the incident

Question 84

Content-dependent Access control

Answer 84

Adds additional criteria beyond identification and authentication: the actual content the subject is attempting to access

Question 85

Context-dependent Access control

Answer 85

Adds additional criteria beyond identification and authentication: the context of the access, such as time

Question 86

COOP

Answer 86

Continuity of Operations Plan, a plan to maintain operations during a disaster

Question 87

Continuity of Support Plan

Answer 87

Focuses narrowly on a support of specific IT systems and applications

Question 88

CPPT

Answer 88

Continuity planning project team, a team comprised of stakeholders within an organization and focuses on identifying who would need to play a role if a specific emergency event were to occur

Question 89

Contraband check

Answer 89

Seek to identify objects that are prohibited to enter a secure perimeter (such as an airplane)

Question 90

Control Unit

Answer 90

CPU component that acts as a traffic cop, sending instructions to the ALU

Question 91

Convergence

Answer 91

All routers on a network agree on the state of routing

Question 92

Corrective Comtrols

Answer 92

Controls that correct a damaged system or process

Question 93

Corroborative evidence

Answer 93

Evidence that provides additional support for a fact that might have been called into question

Question 94

CTR

Answer 94

Counter, a stream mode of DES that uses a counter for feedback

Question 95

Coupling

Answer 95

OOP concept that connects objects to others. Highly coupled objects have low cohesion

Question 96

Covert channel

Answer 96

Any communication that violates security policy

Question 97

Cracker

Answer 97

A black hat hacker

Question 98

Criminal law

Answer 98

Law where the victim can be seen as society itself

Question 99

Crippleware

Answer 99

Partially functioning proprietary software, often with key features disabled. The user is typically required to make a payment to unlock the full functionality

Question 100

Crossover

Answer 100

Genetic algorithm concept that combines two algorithms

Question 101

Cross-site scripting

Answer 101

Or XSS , third-party execution of web scripting languages such as JavaScript within the security context of a trusted site

Question 102

Cryptanalysis

Answer 102

The science of breaking encrypted messages (recovering their meaning)

Question 103

Cryptographic Protocol governance

Answer 103

Describes the process of selecting the right cipher and implementation for the right job

Question 104

Cryptography

Answer 104

Science of creating messages whose meaning is hidden

Question 105

Crypytology

Answer 105

The science of secure communication

Question 106

CSRF

Answer 106

Cross-site request forgery, third-party redirect of static content within the security context of a trusted site

Question 107

Custodian

Answer 107

Provides hands-on protection of assets

Question 108

Customary law

Answer 108

Customs or practices that are so commonly accepted by a group that the custom is treated as a law

Question 109

CWR

Answer 109

New TCP flag, congestion window reduced

Question 110

Cyber Incident response plan

Answer 110

Plan designed to respond to disruptive cyber events , including network-based attacks, worms, computer viruses, Trojan horses

Question 111

Cybersquatting

Answer 111

Registering internet domain names associated with another organization’s intellectual property