CCNP SCOR Book Terms Flashcards
______________ is a security technology that actively monitors network or system activities to detect and prevent unauthorized access, attacks, or malicious activities. It works by analyzing traffic patterns and taking action to block or mitigate threats in real-time.
Intrusion Prevention (IPS)
______________ are devices or systems that monitor network traffic and system behavior to detect potential security threats or intrusions. These sensors are part of Intrusion Detection and Prevention Systems (IDPS).
Intrusion Sensors
______________ refers to how and where intrusion sensors are positioned within a network. Common deployment modes include inline (in the data path), passive (monitoring only), and TAP (Test Access Point) mode.
Sensors Deployment Mode
______________ are intrusion sensors placed at various points within a network to monitor and analyze network traffic for signs of intrusions or threats.
Network-Based Sensors
______________ are installed on individual host systems (such as servers or endpoints) to monitor the behavior and security of those hosts.
Host-Based Sensors
______________ are methods and techniques used to identify and classify security threats and attacks, such as signature-based detection, anomaly-based detection, and behavior-based detection.
Attack Detection Strategies
______________ refers to the protection of data and information from threats and vulnerabilities, including measures to prevent unauthorized access, data leakage, and content-based attacks.
Content Security
______________ focuses on securing individual devices (endpoints) such as computers, mobile devices, and servers from various threats, including malware, unauthorized access, and data breaches.
Endpoint Security
______________ is any software designed to harm, exploit, or compromise the security of a computer system. Common types of malware include viruses, worms, Trojans, and spyware.
Malware (Malicious Software)
______________ is an IEEE standard for port-based network access control. It provides authentication and authorization mechanisms for controlling access to network resources.
802.1x
______________ refers to the flow of email messages within an email system, including sending, receiving, routing, and processing emails.
Email Pipeline
A ______________ is a visual representation of ideas, concepts, or information arranged in a hierarchical and interconnected manner. It is often used for brainstorming, organizing thoughts, or summarizing complex topics.
Mind-Map
______________ is a security appliance used for email security, including features like spam filtering, malware detection, email encryption, and email content filtering.
Cisco ESA (Email Security Appliance)
______________ refers to techniques and tactics used by attackers to bypass or evade email security measures, such as spam filters or antivirus scanners.
Email Security Evasion
______________ is the process of encoding email messages to protect their contents from unauthorized access. It ensures that only the intended recipient can read the email.
Email Encryption
______________ are security threats that originate from web-based sources, including malicious websites, phishing sites, and web-based malware distribution.
Web-Based Threats
______________ refer to the capabilities and functions of a Web Security Appliance, which is used to enforce web security policies, filter web content, and protect against web-based threats.
WSA Features (Web Security Appliance)
______________ is a protocol used to redirect web traffic for caching and security purposes. It allows network devices to intercept and redirect web traffic to a caching or security appliance.
Web Cache Communications Protocol (WCCP)
______________ is a cloud-based web security solution that provides web content filtering, threat protection, and visibility for web traffic.
Cisco Cloud Web Security
______________ are components that facilitate the integration of Cisco Cloud Web Security with on-premises network infrastructure.
Cisco CWS Connectors
______________ are a type of malware that attaches itself to a legitimate program or file and spreads when the infected program is executed. Viruses can cause various forms of damage to a computer system.
Viruses
______________ are self-replicating malware that spread across networks and systems without the need for user intervention. They can propagate rapidly and cause widespread disruptions.
Worms
In a security context, a “______________” typically refers to a malicious or harmful piece of code or script that triggers a destructive action when activated.
Bomb
A ______________ is a type of malware that disguises itself as a legitimate or benign program but, when executed, performs malicious actions without the user’s knowledge.
Horses (Trojan Horses), or simply “Trojan”
______________ are hidden or unauthorized access points in a computer system or software that allow attackers to gain entry and control the system.
Backdoors
______________ are software or techniques used to take advantage of vulnerabilities or weaknesses in computer systems, applications, or networks for malicious purposes.
Exploits
______________ are software or hardware devices that record keystrokes on a computer or mobile device, often used to capture sensitive information like passwords.
Key Loggers
______________ are stealthy malware that provide unauthorized access to a computer or network while concealing their presence. They often tamper with system functions and are difficult to detect.
Rootkits
______________ is a type of malware that encrypts a victim’s files and demands a ransom payment in exchange for a decryption key to restore access to the files.
Ransomware
______________ refers to software or tools designed to detect, prevent, and remove various forms of malware from computer systems.
Antimalware
______________ software is a subset of antimalware that specifically focuses on detecting and preventing computer viruses.
Antivirus
______________ is a security system or software that monitors and analyzes the behavior of applications and processes running on a host (such as an endpoint) to detect and prevent unauthorized or malicious activities.
HIPS (Host Intrusion Prevention System)
______________ is the process of converting plaintext data into ciphertext to protect it from unauthorized access. It ensures that only authorized parties can decrypt and access the data.
Data Encryption
______________ are secure communication tunnels that allow users to access a private network over a public network (typically the internet). They provide encryption and privacy for data transmission.
VPNs (Virtual Private Networks)
______________ is the science of securing communication and data through mathematical techniques, including encryption and decryption.
Cryptography
______________ is a process of converting data (such as passwords) into a fixed-length string of characters, which is often used for data verification and security.
Hashing
______________ is a type of encryption where the same key is used for both encryption and decryption. It is often faster but requires secure key distribution.
Symmetric Encryption
______________ (or Public-Key Cryptography) uses a pair of public and private keys for encryption and decryption. It provides secure key exchange and digital signatures.
Asymmetric Encryption
______________ are cryptographic techniques that provide authentication, integrity, and non-repudiation for digital documents or messages.
Digital Signatures
______________ refers to advanced encryption techniques and standards that aim to enhance security and address emerging threats in modern computing environments.
Next Generation Encryption
______________ is a framework that manages digital keys and certificates for secure communication. It includes processes, policies, and technologies for issuing, managing, and revoking digital certificates.
Public Key Infrastructure (PKI)
______________ are electronic credentials used to verify the identity of entities in a network. They contain a public key, identity information, and are signed by a Certificate Authority (CA).
Digital Certificate
______________ are trusted entities that issue digital certificates and verify the authenticity of certificate holders.
Certificate Authorities
______________ is the process of verifying the identity of a user or system by validating their digital certificate.
Digital Certificate Authentication
______________ refers to the process of obtaining a digital certificate, while ______________ is the process of invalidating or revoking a certificate before its expiration.
Enrollment & Revocation
______________ is the act of requesting and obtaining a digital certificate from a Certificate Authority.
Certificate Enrollment
______________ is the process of declaring a digital certificate as no longer valid before its expiration date.
Certificate Revocation
______________ refer to the design and structure of a Public Key Infrastructure, including the hierarchy of CAs, certificate policies, and trust models.
PKI Architectures
______________ is the process of allowing or blocking network packets based on predefined rules or criteria.
Packet Filtering
______________ are rules or policies that specify which network traffic is allowed or denied based on source, destination, and protocol.
Access Control List (ACL)
______________ is a firewall technique that keeps track of the state of active connections and allows related packets to pass through.
Stateful Filtering
______________ is a Cisco firewall feature that uses zones to define security policies and controls traffic flow between zones.
Zone-Based Firewall
______________ is a security device that combines firewall, VPN, and other security features to protect network resources.
Cisco ASA (Adaptive Security Appliance)
______________ is the process of controlling and managing network traffic to prevent unauthorized access or malicious activities.
Traffic Filtering
The ______________ is the part of a network device responsible for managing and controlling device operations and protocols.
Control Plane
______________ refers to the design and structure of network devices, including hardware and software components.
Network Device Architecture
______________ is a security mechanism that ensures the authenticity and integrity of routing protocol messages.
Routing Protocol Authentication
______________ is the process of selectively allowing or denying specific routes in a routing table.
Route Filtering
______________ is a security feature that restricts the rate of traffic directed at a device’s control plane to protect it from resource exhaustion or attacks.
Control Plane Policing (CoPP)
______________ includes mechanisms and strategies to secure a device’s control plane from unauthorized access and attacks.
Control Plane Protection
______________ safeguard a device’s central processing unit (CPU) from excessive loads and resource depletion.
CPU Protection Mechanisms
______________ mechanisms ensure the security and integrity of a device’s memory, preventing unauthorized access or tampering.
Memory Protection
The ______________ is responsible for managing and configuring network devices, including tasks such as device administration and monitoring.
Management Plane
______________ is a protocol used for network management and monitoring, allowing devices to exchange information about their status and performance.
SNMP (Simple Network Management Protocol)
______________ is a protocol used to synchronize the time of network devices, ensuring accurate timestamps for events and logs.
NTP (Network Time Protocol)
______________ involves recording events, activities, and system messages for analysis, troubleshooting, and security monitoring.
Logging
______________ is a network protocol that automates the assignment of IP addresses and network configuration to devices on a network.
Dynamic Host Configuration Protocol (DHCP)
______________ is an extension of DHCP used for assigning IPv6 addresses and configuration parameters to devices on an IPv6 network.
DHCPv6
______________ is a protocol used for translating human-readable domain names into IP addresses, facilitating network communication.
Domain Network System (DNS) Protocol
______________ is a technique used by attackers to impersonate another IP address to conceal their identity or gain unauthorized access.
IP Spoofing
______________ are used as mitigation tools to control network traffic and restrict access to specific resources.
ACLs (Access Control Lists)
______________ is a mitigation tool that verifies the source IP address of incoming packets to prevent IP spoofing.
URPF (Unicast Reverse Path Forwarding)
A ______________ is an attack that overwhelms a network or system with excessive traffic, rendering it unavailable to legitimate users.
DoS-Attack (Denial-of-Service Attack)
______________ is a security feature that protects against TCP SYN flooding attacks by managing incomplete connection requests.
TCP Intercept
______________ is a traffic control mechanism that enforces bandwidth limits and controls the rate of traffic.
Policing
______________ is a security technique used to mitigate DDoS attacks by redirecting attack traffic to a null route.
RTBH (Remote Triggered Black Hole)
______________ are additional fields in an IP packet header used for specific purposes, and they can introduce security risks if misused.
IP Options
______________ refers to strategies and technologies used to detect, prevent, and respond to security attacks.
Attack Mitigation
______________ is the process of breaking large IP packets into smaller fragments for transmission, which can be a security concern.
IP Fragmentation
______________ is a Cisco technology that identifies and classifies network applications and services for traffic analysis and control.
NBAR (Network-Based Application Recognition)
______________ are part of IPv6 packets and provide additional information for packet processing. ______________ involves handling and securing these headers to prevent attacks and ensure proper packet processing.
Extension Headers / Extension Headers Processing & Security
______________ refers to the examination and handling of IPv6 extension headers, including header insertion, inspection, and processing as packets traverse the network.
Extension Header Processing
______________ is a process of dividing large IPv6 packets into smaller fragments to accommodate networks with smaller Maximum Transmission Unit (MTU) sizes.
IPv6 Fragmentation
______________ involves strategies and measures to protect against security threats related to IPv6 fragmentation, such as fragmentation-based attacks.
IPv6 Fragmentation Attacks Mitigation
______________ is a key component of IPv6 networking that allows devices to discover and communicate with neighboring devices on the same network segment.
Neighbor Discovery
______________ are ICMPv6 messages used for various purposes, including router discovery, neighbor discovery, and address resolution in IPv6 networks.
Neighbor Discovery Messages
______________ is a security extension for Neighbor Discovery that provides mechanisms for securing neighbor and router discovery processes in IPv6 networks.
Secure Neighbor Discovery (SEND)
______________ is a proprietary Cisco protocol used for discovering and sharing information about directly connected Cisco devices on a network.
Cisco Discovery Protocol (CDP)
______________ is a network protocol used to prevent loops in Ethernet networks by dynamically disabling redundant links while keeping a loop-free path.
Spanning Tree Protocol (STP)
______________ include mechanisms to protect Spanning Tree Protocol implementations from misuse and attacks.
Spanning Tree Protocol (STP) Security Features
______________ are used to partition a VLAN into sub-VLANs, allowing network segmentation while sharing the same IP subnet.
Private VLANs
______________ is a feature that isolates specific ports on a switch to prevent direct communication between devices on those ports.
Protected Ports (or Port Isolation)
______________ is a feature that monitors and limits the rate of broadcast, multicast, or unicast storms to prevent network congestion and disruptions.
Storm Control
______________ involves securing network devices by implementing security best practices and configuring security features to reduce vulnerabilities.
Device Hardening
______________ is a comprehensive framework and methodology for designing and implementing secure network architectures.
Cisco SAFE (Security Architecture for Enterprise)
______________ refers to strategies and techniques used to protect against Layer 2 (data link layer) attacks in a network.
L2 Attacks Mitigation
______________ are security threats targeting the Spanning Tree Protocol, aiming to disrupt network operations by exploiting vulnerabilities in STP implementations.
STP Attacks
______________ are malicious activities that manipulate or poison ARP tables to redirect network traffic or conduct man-in-the-middle attacks.
ARP Attacks (Address Resolution Protocol Attacks)
______________ is a protocol used to map IP addresses to MAC addresses in Ethernet networks, facilitating communication between devices on the same local network.
Address Resolution Protocol (ARP)
______________ is a security feature that restricts access to command-line interface (CLI) commands based on user roles and privileges.
Role-Based CLI Access
______________ involves establishing secure and encrypted communication tunnels over public networks, allowing remote access and private data transfer.
VPN (Virtual Private Network) Working
______________ is the process of encapsulating one network protocol within another for secure and efficient data transmission over an untrusted network.
Tunneling
______________ encompasses measures and protocols used to secure Virtual Private Network connections and protect data confidentiality and integrity.
VPN Security
______________ involves setting up GRE tunnels for encapsulating a wide range of network protocols within point-to-point connections.
GRE (Generic Routing Encapsulation) Configuration
______________ is a key management protocol used in IPsec VPNs to establish security associations and exchange encryption keys.
IKEv1 (Internet Key Exchange version 1)
______________ is the process of establishing secure IPsec tunnels for encrypted communication between network devices or sites.
IPsec Tunneling
______________ involves configuring IPsec VPNs on Cisco ASA devices for secure remote access and site-to-site connectivity.
IPsec on the ASA (Adaptive Security Appliance)
______________ is a technology that simplifies and enhances WAN management by centralizing control and dynamically routing traffic over multiple network connections.
Software Defined WAN (SD-WAN)
______________ is a Cisco solution that uses software-defined networking (SDN) principles to automate network provisioning, policy enforcement, and segmentation.
Software Defined Access (SD-Access)
______________ is Cisco’s approach to data center networking that focuses on automation, policy-based management, and application-aware networking.
Application Centric Infrastructure (ACI)
______________ encompasses the design and components of Cisco’s Application Centric Infrastructure solution for data centers.
Cisco ACI Architecture
______________ are software-based network switches used in virtualized environments to connect virtual machines (VMs) and manage traffic.
Virtual Switches
An ______________ is a physical location where different Internet service providers (ISPs) connect their networks to exchange traffic.
Internet Exchange Point (IXP)
A ______________ is a wide area network that connects geographically dispersed locations using private network infrastructure, such as leased lines or MPLS.
Private WAN
______________ is an open-source cloud computing platform that provides infrastructure-as-a-service (IaaS) capabilities for building and managing private and public clouds.
OpenStack
______________ refers to the design and framework of Software-Defined Networking, which separates network control and data planes for greater flexibility and automation.
SDN Architecture
______________ is the protocol used for transmitting and receiving web page data and other resources on the World Wide Web.
HTTP (Hypertext Transfer Protocol)
______________ are three-digit numeric codes used in HTTP responses to indicate the status of a web request, such as 200 (OK) or 404 (Not Found).
HTTP Message Codes
______________ is a secure version of HTTP that uses encryption (TLS/SSL) to protect the confidentiality and integrity of data exchanged between a web server and a client.
HTTP Secure (HTTPS)
______________ is a central management console used to configure, monitor, and manage Cisco security products and services.
SMC (Security Management Center)
A ______________ is a network security device or software solution that provides web content filtering, threat protection, and policy enforcement to protect users and networks from web-based threats.
Web Security Appliance
______________ is a specific Cisco appliance designed for web security. It offers features like web filtering, antivirus scanning, and URL categorization to protect against web threats.
Cisco Web Security Appliance (WSA)
______________ is a protocol used for sending email messages between servers. It is a fundamental component of email communication.
Simple Mail Transfer Protocol (SMTP)
______________ is an appliance that provides email security services, including spam filtering, malware detection, and content filtering to protect against email-based threats.
Cisco Email Security Appliance (ESA)
______________ refers to the command-line interface (CLI) used for configuring and managing Cisco Email Security Appliances.
ESA Command Line
An ______________ is a component of the Email Security Appliance that receives incoming email messages and processes them through various security filters.
ESA Listener
______________ involve the configuration, monitoring, and management tasks related to the Cisco Email Security Appliance.
ESA Operations
An ______________ is a dedicated device or software solution designed to protect email communication by filtering out spam, viruses, and other email threats.
Email Security Appliance (ESA)
______________ are sets of rules and configurations that define how email security is enforced, including spam policies, content filtering, and encryption policies.
ESA Policies
______________ is a distributed system used for translating domain names (e.g., www.example.com) into IP addresses, facilitating internet communication.
Domain Name System (DNS)
______________ includes the hierarchical organization of DNS servers and domains, starting with the root DNS servers at the top.
DNS Structure
______________ include DNS servers (such as authoritative, recursive, and caching servers) and DNS clients that interact to resolve domain names.
DNS Components
______________ are data entries in DNS databases that contain information about domain names, IP addresses, mail servers, and other DNS-related information.
DNS Records
______________ is a cloud-based security service provided by Cisco (Cisco Umbrella) that offers DNS and web filtering to protect against threats and provide visibility into internet traffic.
Umbrella
______________ are configurations that define how DNS traffic is inspected and protected against security threats like DNS-based attacks.
DNS Layer Security Policies
______________ define rules for inspecting and controlling content and applications to ensure security and compliance.
Content & Application Inspection Policies
______________ specify how files are inspected for malware and other threats, including rules for scanning, blocking, or allowing file transfers.
File Inspection Policies
______________ determine which destinations (IP addresses, domains) are allowed or blocked for communication within a network.
Destination Lists Policies
An ______________ is a proxy server that dynamically adjusts its behavior based on the type of traffic it handles, enhancing security and performance.
Intelligent Proxy
______________ is the process of decrypting encrypted SSL/TLS traffic to inspect its contents for security purposes.
SSL Decryption
______________ is a Cisco security product that provides identity-based access control and policy enforcement within a network.
ISE (Identity Services Engine)
______________ involves integrating ISE with Microsoft Active Directory (AD) to leverage AD user and group information for access control decisions.
AD Integration
______________ are rules and configurations that dictate how network access is granted or denied based on user identity and attributes.
ISE Policies
______________ in ISE involves identifying and categorizing network devices and endpoints based on their characteristics and behavior.
Profiling
______________ is a feature in ISE that allows for dynamic policy changes and actions after initial network access is granted, such as reauthentication or session termination.
Change of Authorization (CoA)
______________ are mechanisms used by ISE to collect information about endpoints and devices on the network for profiling purposes.
Profiling Probes
______________ refer to different configurations and methods for implementing 802.1x authentication, such as single-host or multi-host mode.
802.1x Deployment Modes
______________ in ISE provide a secure and controlled onboarding process for guest users accessing the network.
Guest Services
______________ is a method in ISE where users are redirected to a central web portal for authentication and access control.
Central Web Authentication
______________ features and configurations go beyond basic identity and access control, offering more extensive policy options and integrations.
Advanced ISE
______________ involves deploying multiple ISE nodes to provide high availability, scalability, and redundancy in a network.
Distributed ISE
______________ are predefined roles that determine the function and capabilities of an ISE node, such as Policy Service Persona (PSP) or Monitoring Persona.
ISE Personas
______________ in ISE are collections of ISE nodes that work together to provide services and redundancy in a distributed deployment.
Node Groups
______________ allows an ISE node to operate in multiple personas simultaneously to provide a range of services.
ISE Multimode
______________ involves collecting and analyzing data about network traffic, devices, and performance to improve security and visibility.
Network Telemetry
______________ is a network visibility and security analytics solution that detects and mitigates threats by analyzing network traffic and behavior.
Cisco StealthWatch
______________ is a network protocol used for collecting and monitoring network traffic flow data for analysis and security monitoring.
NetFlow
______________ are logical groupings of network devices and hosts based on common characteristics, used for policy enforcement and management.
Hosts Groups
