CASP+ Glossary Flashcards
2 Step Verification
An authentication method that uses out of band mechanisms and generates a token serverside that is sent to the user to provide for verification. This might be an SMS message with a code, a phone call, a push notification to a mobile phone or email
3D Printing
An emerging tech that uses special purpose printers that build 3D objects rather than printing on paper. Printing is done by adding layers on top of layers according to model using computer aided design (CAD) software. It allows for rapid design and the creation of just about anything
802.1x
An authentication protocol that uses Extensible Authentication Protocol (EAP) for wireless, ethernet, or VPN gateway to provide authentication
Access Control List (ACL)
A broad term that outlines how objects are allowed to interact with each other on a network or system. In networking, devices like switches or routers may grant or deny access based on their own ACLs. Similar to a firewall, it helps filters and route traffic
Access Space Layout Randomization (ASLR)
A buffer overflow prevention control that makes it difficult to guess the memory locations of executables stored in memory
Adversary Emulation
A discipline in cyber that involves using TTPs (tactics, techniques and procedures) of a specific threat actor in a realistic way to test current defenses
Agile Model
In this approach to software development, an interative process is used to release well tested code in smaller blocks. Development is continuous. It is adaptive to allow for changes throughout the process. It focuses on rapid development, sometimes at the expense of security
Air Gap
A host that is physically disconnected from any network so as to protect that network by being segmented from it (This is a form of segregation)
Aircrack-ng
A suite of tools for assessing and analyzing WiFi. It is used to monitor, attack, test and crack WiFi networks
Analytical Zone
A form of cloud based data zone where data is used for practical purposes
Annual Loss Expectancy (ALE)
The total cost of all the single loss events that happen over the course of a year - added together. ALE = SLE x ARO
Annual Rate of Occurrence (ARO)
The number of times in a year that a single loss event occurs
Anonymization
A process that removes data that could be used to uniquely identify a person. It is a common requirement in compliance laws.
AV Software
Software that detects and identifies malicious software on an endpoint. Originally, AV programs were signature based file scans that would detect viruses, but now they monitor when processes are launched, intercept them and look for signature matches
API CASB Configuration
A configuration of CASB (Cloud Access Security Broker) where an API brokers connection between the cloud provider and the customer
Application Virtualization
A client accesses an application hosted on a server. This usually occurs through a browser. It allows for specific apps to shared from a single server through a users browser
Asset Reporting Format (ARF)
A SCAP Language that correlates reporting formats to device information
Asset Value
Within Qualitative risk analysis, this is the value that a given asset is worth
Attestation of Compliance
The set of policies, contracts and standards between two entities that have been designated as essential. It will identify how the relationship will be governed including how incidents will be reported and addressed, the use of independent auditors, data protection requirements and violation agreements
Attribute Based Access Control (ABAC)
An access control method that is fine grained, as it utilizes a combination of any attributes to determine a users access level. Uses eXtensible Access Control Markup Language (XACML)
Authentication Bypass
An attack that exploits how logins are received and processed by web applications. An example would be sending an SQL string rather than the login credentials the app is expecting
AWS CloudTrail
An audit logging service for AWS apps
AWS CloudWatch
A graphical reporting and analytics service that provides monitoring and alerting in AWS
BGP/Route Hijacking
An attack that involves hijacking BGP routing. BGP is the routing protocol of the Internet. it is designed when security wasnt a consideration, so it depends on interconnected networks to truthfully and accurately maintain the routing tables
Big Data
Data collections that are too big for traditional database tools to utilize. Ideally suited to AI as the larger dataset for AI to study, the more effective it will be
Binwalk
A tool that can be used to inspect binary firmware image files to better understand what is inside the file itself
Blob Storage
A cloud based storage model that supports the storage of large amounts of unstructured data. It is used to store archives and backups
Block Cipher
An encryption where plaintext is separated into equal sized blocks, usually 128 bits in size. If there isnt enough data to fill a block, it is padded to make up the rest of the space. Each block is then encrypted based on the mode of operation being used
Block Storage
A loud based storage model that supports high performance, transactional apps like databases
Bootstrapping
A method of automation in a cloud deployment that involes automatically deploying instances
BYOD
Bring your own device
A mobile device policy where employee owns the device, but the device must meet corporate specifications and allow auditing. With this type of policy, it is not as easy to fully secure devices as when they are corporately owned and issued by the co
