COMP TIA Acronyms 1 Flashcards
Is the type of cryptography where block cipher algorithms are applied three times to each data block. The key size increased in Triple-DES to ensure additional security through encryption capabilities
Triple Data Encryption Standard (3DES)
A framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services
Authentication, Authorization, and Accounting (AAA)
An authorization methodology that sets and enforces policies based on characteristics, such as department, location, manager, and time of day
Attribute Based Access Control (ABAC)
Made up of rules that either allow access to a computer environment or deny it. In a way, an ACL is like a guest list at an exclusive club
Access Control (ACL)
Is a database and set of services that connect users with the network resources they need to get their work done. The database (or directory) contains critical information about your environment, including what users and computers there are who’s allowed to do what
Active Directory (AD)
Is the specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST)
Advanced Encryption Standard (AES)
Verifies origin of data and also payload to confirm if there has been modification done in between during transmission between source and destination
Authentication Header (AH)
Is a service the Cybersecurity and Infrastructure Security Agency (CISA) provides to enable real-time exchange of machine-readable cyber threat indicators and defensive measures between public and private sector organizations
Automated Indicator Sharing (AIS)
Is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is expressed as ALE=ARO X SLE
Annualized Loss Expectancy
A stand alone device or computer that allows wireless devices (such as laptop computers) to connect to and communicate with a wired computer network
Access Point (AP)
Mechanism that enable two software components to communicate with each other using a set of definitions and protocols.
Application Programming Interface (API)
A prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period
Advanced Persistent Threat (APT)
The probability that a risk will occur in a particular year
Annualized Rate of Occurrence (ARO)
Is a protocol or procedure that connects an ever-changing Internet Protocol (IP) address to a fixed physical machine address, also known as a media access control (MAC) address, in a local area network (LAN)
Address Resolution Protocol (ARP)
A technique that is used to increase the difficulty of performing a buffer overflow attack that requires the attacker to know the location of an executable in memory
Address Space Layout Randomization (ASP)
Enables web servers to dynamically generate webpages and create interactive web applications by using server-side scripting technology. The use of ASP pages with Microsoft Internet Information Services (IIS) is currently supported in all supported version
Active Server Pages (ASP)
Is a guideline for classifying and describing cyberattacks and intrusions. It was created by the Mitre Corporation and released in 2013
Adversarial Tactics, Techniques and Common Knowledge (ATT&CK)
A document stipulating constraints and practices that a user must agree to for access to a corporate network, the internet or other resources
Acceptable Use Policy (AUP)
Designed to detect and destroy computer viruses
Antivirus (AV)
Is a Unix shell and command language used for scripting. It provides command-based programming to interpret and execute user commands
Bourne Again Shell (BASH)
Created to help speed up the recovery of an organization filing a threat or disaster. The plan puts in place mechanisms and functions to allow personnel and assets to minimize company downtime
Business Continuity Planning (BCP)
A set of rules that determine the best network routes for data transmission on the internet. The internet consists of private, public, corporate, and government networks linked together through standardized protocols, devices and communication technologies
Border Gateway Protocol (BGP)
Is a systematic process to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident or emergency
Business Impact Analysis (BIA)
A program fixed and embedded on a device’s microprocessor that helps to initialize hardware operations and manage the data flow to and from the operating system (OS) at the time of bootup
Basic Input/Output System (BIOS)
The message that are transmitted across LAN networks to enable switches to participate in Spanning Tree Protocol (STP) by gathering information about each other
Bridge Protocol Data Unit (BPDU)
The trend of employees using personal devices to connect to their organizational networks and access work-related systems and potentially sensitive or confidential data
Bring Your Own Device (BYOD)
Is a trusted entity that issues Secure Sockets Layer (SSL) certificates. These digital certificates are data files used to cryptographically link an entity with a public key
Certificate Authority (CA)
Test designed to determine if an online user is really a human and not a bot
Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA)
Is basically an official document issued when an element of a plan hasn’t been implemented or executed properly. When any changes need to be made in the process, a corrective action report has to be prepared so that procedures are updates for future use
Corrective Action Report (CAR)
Are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed
Cloud Access Security Broker
Is a mode of operation for a block-cipher, one in which a sequence of bits are encrypted as a single unit, or block, with a cipher key applied to the entire block
Cipher Block Chaining (CBC)
Is any course of instruction whose primary means of delivery is a computer
Computer Based Training (CBT)
An encryption protocol based on the U.S. Federal government’s Advanced Encryption Standard (AES) algorithm and uses the Counter Mode with CBD-MAC (CCM) mode of operation
Counter-Mode/CBC-MAC Protocol (CCMP)
Is a group formed in 1998 by the U.S. Defense Advanced Research Projects Agency-and coordinated through Carnegie Mellon
Computer Emergency Response Team (CERT)
Is an AES block cipher mode similar to the CBC mode in the sense that for the encryption of a block, Bi, the cipher of the previous block, Ci-1 is required
Cipher Feedback (CFB)
Is an identity checking protocol that periodically re-authenticates the user during an online session. Properly implemented CHAP is replay attack resistant, and far more secure than the Password Authentication Protocol (PAP)
Challenge-Handshake Authentication Protocol (CHAP)
Managing and successfully implementing the information and computer technology systems of a company
Chief Information Officer (CIO)
Group of individuals usually consisting of Security Analysts organized to develop, recommend and coordinate immediate mitigation actions for containment, eradication, and recovery resulting from computer security incidents
Computer Incident Response Team (CIRT)
To develop, validate, and promote timely best practice solutions that help people, business and governments protect themselves against pervasive cyber threats
Center for Internet Security (CIS)
Is software that helps users create, manage, and modify content on a website without the need for technical knowledge.
Content Management System (CMS)
The worlds leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment
Cloud Security Alliance (CSA)
Is a group of IT professionals that provides an organization with services and support surrounding the assessment, management and prevention of cybersecurity-related emergencies, as well as coordination of incident response efforts
Computer Security Incident Response Team (CSIRT)
A third party company offering cloud-based platform, infrastructure, application or storage service.
Cloud Service Provider (CSP)
Is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated With help of Social Engineering
Cross-Site Request Forgery (CSRF)
A simple counter-based block cipher implementation Every time a counter initiated value is encrypted and given as input to XOR with plaintext which results in ciphertext block
Counter-Mode (CTM)
Is a database of publicly disclosed information security issues
Common Vulnerabilities and Exposures (CVE)
Is a free and open industry standard for assessing the severity of computer system security vulnerabilities
Common Vulnerabilities and Scoring System (CVSS)
A hardware management model in which employees select a preferred device from a company-approved range of options
Choose your own Device (CYOD)
Is the principle of restricting access to objects based on the identity of the subject (the user or group to which the user belongs)
Discretionary Access Control (DAC)
Responsible for maintaining, securing, and operating databases and also ensures that data is correctly stored and returned
Database Administrator (DBA)
A malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood or internal traffic
Distributed Denial-of-Service (DDoS)
Helps protect you from executable code launching from places its not supposed to
Data Execution Prevention (DEP)
