CCNP SCOR Book Terms Flashcards
______________ is a security technology that actively monitors network or system activities to detect and prevent unauthorized access, attacks, or malicious activities. It works by analyzing traffic patterns and taking action to block or mitigate threats in real-time.
Intrusion Prevention (IPS)
______________ are devices or systems that monitor network traffic and system behavior to detect potential security threats or intrusions. These sensors are part of Intrusion Detection and Prevention Systems (IDPS).
Intrusion Sensors
______________ refers to how and where intrusion sensors are positioned within a network. Common deployment modes include inline (in the data path), passive (monitoring only), and TAP (Test Access Point) mode.
Sensors Deployment Mode
______________ are intrusion sensors placed at various points within a network to monitor and analyze network traffic for signs of intrusions or threats.
Network-Based Sensors
______________ are installed on individual host systems (such as servers or endpoints) to monitor the behavior and security of those hosts.
Host-Based Sensors
______________ are methods and techniques used to identify and classify security threats and attacks, such as signature-based detection, anomaly-based detection, and behavior-based detection.
Attack Detection Strategies
______________ refers to the protection of data and information from threats and vulnerabilities, including measures to prevent unauthorized access, data leakage, and content-based attacks.
Content Security
______________ focuses on securing individual devices (endpoints) such as computers, mobile devices, and servers from various threats, including malware, unauthorized access, and data breaches.
Endpoint Security
______________ is any software designed to harm, exploit, or compromise the security of a computer system. Common types of malware include viruses, worms, Trojans, and spyware.
Malware (Malicious Software)
______________ is an IEEE standard for port-based network access control. It provides authentication and authorization mechanisms for controlling access to network resources.
802.1x
______________ refers to the flow of email messages within an email system, including sending, receiving, routing, and processing emails.
Email Pipeline
A ______________ is a visual representation of ideas, concepts, or information arranged in a hierarchical and interconnected manner. It is often used for brainstorming, organizing thoughts, or summarizing complex topics.
Mind-Map
______________ is a security appliance used for email security, including features like spam filtering, malware detection, email encryption, and email content filtering.
Cisco ESA (Email Security Appliance)
______________ refers to techniques and tactics used by attackers to bypass or evade email security measures, such as spam filters or antivirus scanners.
Email Security Evasion
______________ is the process of encoding email messages to protect their contents from unauthorized access. It ensures that only the intended recipient can read the email.
Email Encryption
______________ are security threats that originate from web-based sources, including malicious websites, phishing sites, and web-based malware distribution.
Web-Based Threats
______________ refer to the capabilities and functions of a Web Security Appliance, which is used to enforce web security policies, filter web content, and protect against web-based threats.
WSA Features (Web Security Appliance)
______________ is a protocol used to redirect web traffic for caching and security purposes. It allows network devices to intercept and redirect web traffic to a caching or security appliance.
Web Cache Communications Protocol (WCCP)
______________ is a cloud-based web security solution that provides web content filtering, threat protection, and visibility for web traffic.
Cisco Cloud Web Security
______________ are components that facilitate the integration of Cisco Cloud Web Security with on-premises network infrastructure.
Cisco CWS Connectors
______________ are a type of malware that attaches itself to a legitimate program or file and spreads when the infected program is executed. Viruses can cause various forms of damage to a computer system.
Viruses
______________ are self-replicating malware that spread across networks and systems without the need for user intervention. They can propagate rapidly and cause widespread disruptions.
Worms
In a security context, a “______________” typically refers to a malicious or harmful piece of code or script that triggers a destructive action when activated.
Bomb
A ______________ is a type of malware that disguises itself as a legitimate or benign program but, when executed, performs malicious actions without the user’s knowledge.
Horses (Trojan Horses), or simply “Trojan”
______________ are hidden or unauthorized access points in a computer system or software that allow attackers to gain entry and control the system.
Backdoors
______________ are software or techniques used to take advantage of vulnerabilities or weaknesses in computer systems, applications, or networks for malicious purposes.
Exploits
______________ are software or hardware devices that record keystrokes on a computer or mobile device, often used to capture sensitive information like passwords.
Key Loggers
______________ are stealthy malware that provide unauthorized access to a computer or network while concealing their presence. They often tamper with system functions and are difficult to detect.
Rootkits
______________ is a type of malware that encrypts a victim’s files and demands a ransom payment in exchange for a decryption key to restore access to the files.
Ransomware
______________ refers to software or tools designed to detect, prevent, and remove various forms of malware from computer systems.
Antimalware
______________ software is a subset of antimalware that specifically focuses on detecting and preventing computer viruses.
Antivirus
______________ is a security system or software that monitors and analyzes the behavior of applications and processes running on a host (such as an endpoint) to detect and prevent unauthorized or malicious activities.
HIPS (Host Intrusion Prevention System)
______________ is the process of converting plaintext data into ciphertext to protect it from unauthorized access. It ensures that only authorized parties can decrypt and access the data.
Data Encryption
______________ are secure communication tunnels that allow users to access a private network over a public network (typically the internet). They provide encryption and privacy for data transmission.
VPNs (Virtual Private Networks)
______________ is the science of securing communication and data through mathematical techniques, including encryption and decryption.
Cryptography
______________ is a process of converting data (such as passwords) into a fixed-length string of characters, which is often used for data verification and security.
Hashing
______________ is a type of encryption where the same key is used for both encryption and decryption. It is often faster but requires secure key distribution.
Symmetric Encryption
______________ (or Public-Key Cryptography) uses a pair of public and private keys for encryption and decryption. It provides secure key exchange and digital signatures.
Asymmetric Encryption
______________ are cryptographic techniques that provide authentication, integrity, and non-repudiation for digital documents or messages.
Digital Signatures
______________ refers to advanced encryption techniques and standards that aim to enhance security and address emerging threats in modern computing environments.
Next Generation Encryption
______________ is a framework that manages digital keys and certificates for secure communication. It includes processes, policies, and technologies for issuing, managing, and revoking digital certificates.
Public Key Infrastructure (PKI)
______________ are electronic credentials used to verify the identity of entities in a network. They contain a public key, identity information, and are signed by a Certificate Authority (CA).
Digital Certificate
______________ are trusted entities that issue digital certificates and verify the authenticity of certificate holders.
Certificate Authorities
______________ is the process of verifying the identity of a user or system by validating their digital certificate.
Digital Certificate Authentication
______________ refers to the process of obtaining a digital certificate, while ______________ is the process of invalidating or revoking a certificate before its expiration.
Enrollment & Revocation
______________ is the act of requesting and obtaining a digital certificate from a Certificate Authority.
Certificate Enrollment
______________ is the process of declaring a digital certificate as no longer valid before its expiration date.
Certificate Revocation
______________ refer to the design and structure of a Public Key Infrastructure, including the hierarchy of CAs, certificate policies, and trust models.
PKI Architectures
______________ is the process of allowing or blocking network packets based on predefined rules or criteria.
Packet Filtering
______________ are rules or policies that specify which network traffic is allowed or denied based on source, destination, and protocol.
Access Control List (ACL)
______________ is a firewall technique that keeps track of the state of active connections and allows related packets to pass through.
Stateful Filtering
______________ is a Cisco firewall feature that uses zones to define security policies and controls traffic flow between zones.
Zone-Based Firewall
______________ is a security device that combines firewall, VPN, and other security features to protect network resources.
Cisco ASA (Adaptive Security Appliance)
______________ is the process of controlling and managing network traffic to prevent unauthorized access or malicious activities.
Traffic Filtering
The ______________ is the part of a network device responsible for managing and controlling device operations and protocols.
Control Plane
______________ refers to the design and structure of network devices, including hardware and software components.
Network Device Architecture
______________ is a security mechanism that ensures the authenticity and integrity of routing protocol messages.
Routing Protocol Authentication
______________ is the process of selectively allowing or denying specific routes in a routing table.
Route Filtering
______________ is a security feature that restricts the rate of traffic directed at a device’s control plane to protect it from resource exhaustion or attacks.
Control Plane Policing (CoPP)
______________ includes mechanisms and strategies to secure a device’s control plane from unauthorized access and attacks.
Control Plane Protection
______________ safeguard a device’s central processing unit (CPU) from excessive loads and resource depletion.
CPU Protection Mechanisms
______________ mechanisms ensure the security and integrity of a device’s memory, preventing unauthorized access or tampering.
Memory Protection
The ______________ is responsible for managing and configuring network devices, including tasks such as device administration and monitoring.
Management Plane