Cybersecurity Flashcards

Question 1

Q

Absolute file path

Answer

A

The full file path, which starts from the root

Question 2

Q

Access controls

Answer

A

Security controls that manage access, authorization, and accountability of information

Question 3

Q

Active packet sniffing

Answer

A

A type of attack where data packets are manipulated in transit

Question 4

Q

Address Resolution Protocol (ARP)

Answer

A

A network protocol used to determine the MAC address of the next router or device on the path

Question 5

Q

Advanced persistent threat (APT)

Answer

A

An instance when a threat actor maintains unauthorized access to a system for an extended period of time

Question 6

Q

Adversarial artificial intelligence (AI)

Answer

A

A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently

Question 7

Q

Adware

Answer

A

A type of legitimate software that is sometimes used to display digital advertisements in applications

Question 8

Q

Algorithm

Answer

A

A set of rules used to solve a problem

Question 9

Q

Analysis

Answer

A

The investigation and validation of alerts

Question 10

Q

Angler phishing

Answer

A

A technique where attackers impersonate customer service representatives on social media

Question 11

Q

Anomaly-based analysis

Answer

A

A detection method that identifies abnormal behavior

Question 12

Q

Antivirus software

Answer

A

A software program used to prevent, detect, and eliminate malware and viruses

Question 13

Q

Application

Answer

A

A program that performs a specific task

Question 14

Q

Application programming interface (API) token

Answer

A

A small block of encrypted code that contains information about a user

Question 15

Q

Argument (Linux)

Answer

A

Specific information needed by a command

Question 16

Q

Argument (Python)

Answer

A

The data brought into a function when it is called

Question 17

Q

Array

Answer

A

A data type that stores data in a comma-separated ordered list

Question 18

Q

Assess

Answer

A

The fifth step of the NIST RMF that means to determine if established controls are implemented correctly

Question 19

Q

Asset

Answer

A

An item perceived as having value to an organization

Question 20

Q

Asset classification

Answer

A

The practice of labeling assets based on sensitivity and importance to an organization

Question 21

Q

Asset inventory

Answer

A

A catalog of assets that need to be protected

Question 22

Q

Asset management

Answer

A

The process of tracking assets and the risks that affect them

Question 23

Q

Asymmetric encryption

Answer

A

The use of a public and private key pair for encryption and decryption of data

Question 24

Q

Attack surface

Answer

A

All the potential vulnerabilities that a threat actor could exploit

Question 25

Q

Attack tree

Answer

A

A diagram that maps threats to assets

Question 26

Q

Attack vectors

Answer

A

The pathways attackers use to penetrate security defenses

Question 27

Q

Authentication

Answer

A

The process of verifying who someone is

Question 28

Q

Authorization

Answer

A

The concept of granting access to specific resources in a system

Question 29

Q

Authorize

Answer

A

The sixth step of the NIST RMF that refers to being accountable for the security and privacy risks that might exist in an organization

Question 30

Q

Automation

Answer

A

The use of technology to reduce human and manual effort to perform common and repetitive tasks

Question 31

Q

Availability

Answer

A

The idea that data is accessible to those who are authorized to access it

Question 32

Q

Baiting

Answer

A

A social engineering tactic that tempts people into compromising their security

Question 33

Q

Bandwidth

Answer

A

The maximum data transmission capacity over a network, measured by bits per second

Question 34

Q

Baseline configuration (baseline image)

Answer

A

A documented set of specifications within a system that is used as a basis for future builds, releases, and updates

Question 35

Q

Bash

Answer

A

The default shell in most Linux distributions

Question 36

Q

Basic auth

Answer

A

The technology used to establish a user’s request to access a server

Question 37

Q

Basic Input/Output System (BIOS)

Answer

A

A microchip that contains loading instructions for the computer and is prevalent in older systems

Question 38

Q

Biometrics

Answer

A

The unique physical characteristics that can be used to verify a person’s identity

Question 39

Q

Bit

Answer

A

The smallest unit of data measurement on a computer

Question 40

Q

Boolean data

Answer

A

Data that can only be one of two values: either True or False

Question 41

Q

Bootloader

Answer

A

A software program that boots the operating system

Question 42

Q

Botnet

Answer

A

A collection of computers infected by malware that are under the control of a single threat actor, known as the “bot-herder”

Question 43

Q

Bracket notation

Answer

A

The indices placed in square brackets

Question 44

Q

Broken chain of custody

Answer

A

Inconsistencies in the collection and logging of evidence in the chain of custody

Question 45

Q

Brute force attack

Answer

A

The trial and error process of discovering private information

Question 46

Q

Bug bounty

Answer

A

Programs that encourage freelance hackers to find and report vulnerabilities

Question 47

Q

Built-in function

Answer

A

A function that exists within Python and can be called directly

Question 48

Q

Business continuity

Answer

A

An organization’s ability to maintain their everyday productivity by establishing risk disaster recovery plans

Question 49

Q

Business continuity plan (BCP)

Answer

A

A document that outlines the procedures to sustain business operations during and after a significant disruption

Question 50

Q

Business Email Compromise (BEC)

Answer

A

A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

Question 51

Q

Categorize

Answer

A

The second step of the NIST RMF that is used to develop risk management processes and tasks

Question 52

Q

CentOS

Answer

A

An open-source distribution that is closely related to Red Hat

Question 53

Q

Central Processing Unit (CPU)

Answer

A

A computer’s main processor, which is used to perform general computing tasks on a computer

Question 54

Q

Chain of custody

Answer

A

The process of documenting evidence possession and control during an incident lifecycle

Question 55

Q

Chronicle

Answer

A

A cloud-native tool designed to retain, analyze, and search data

Question 56

Q

Cipher

Answer

A

An algorithm that encrypts information

Question 57

Q

Cloud-based firewalls

Answer

A

Software firewalls that are hosted by the cloud service provider

Question 58

Q

Cloud computing

Answer

A

The practice of using remote servers, applications, and network services that are hosted on the internet instead of on local physical devices

Question 59

Q

Cloud network

Answer

A

A collection of servers or computers that stores resources and data in remote data centers that can be accessed via the internet

Question 60

Q

Cloud security:

Answer

A

The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users

Question 61

Q

Command

Answer

A

An instruction telling the computer to do something

Question 62

Q

Command and control (C2)

Answer

A

The techniques used by malicious actors to maintain communications with compromised systems

Question 63

Q

Command-line interface (CLI)

Answer

A

A text-based user interface that uses commands to interact with the computer

Question 64

Q

Comment

Answer

A

A note programmers make about the intention behind their code

Answer 65

A

A log format that uses key-value pairs to structure data and identify fields and their corresponding values

Answer 66

A

An openly accessible dictionary of known vulnerabilities and exposures

Answer 67

A

A measurement system that scores the severity of a vulnerability

Answer 68

A

The process of adhering to internal standards and external regulations

Answer 69

A

A specialized group of security professionals that are trained in incident management and response

Answer 70

A

Malicious code written to interfere with computer operations and cause damage to data and software

Answer 71

A

A statement that evaluates code to determine if it meets a specified set of conditions

Answer 72

A

The idea that only authorized users can access specific assets or data

Answer 73

A

Data that often has limits on the number of people who have access to it

Answer 74

A

A model that helps inform how organizations consider risk when setting up systems and security policies

Answer 75

A

A file used to configure the settings of an application

Answer 76

A

The act of limiting and preventing additional damage caused by an incident

Answer 77

A

A subnet that protects the internal network from the uncontrolled zone

Answer 78

A

An injection attack that inserts code into a vulnerable website or web application

Answer 79

A

The practice of gathering information using public input and collaboration

Answer 80

A

An attack that affects secure forms of communication between a sender and intended recipient

Answer 81

A

A mechanism that decrypts ciphertext

Answer 82

A

The process of transforming information into a form that unintended readers can’t understand

Answer 83

A

A form of malware that installs software to illegally mine cryptocurrencies

Answer 84

A

An organization that volunteers to analyze and distribute information on eligible CVEs

Answer 85

A

The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation

Answer 86

A

Information that is translated, processed, or stored by a computer

Answer 87

A

Data not currently being accessed

Answer 88

A

An organized collection of information or data

Answer 89

A

A person that determines the procedure and purpose for processing data

Answer 90

A

Anyone or anything that’s responsible for the safe handling, transport, and storage of information

Answer 91

A

Unauthorized transmission of data from a system

Answer 92

A

Data traveling from one point to another

Answer 93

A

Data being accessed by one or more users

Answer 94

A

The person who decides who can access, edit, use, or destroy their information

Answer 95

A

A basic unit of information that travels from one device to another within a network

Answer 96

A

A specific piece of information

Answer 97

A

A person that is responsible for processing data on behalf of the data controller

Answer 98

A

An individual that is responsible for monitoring the compliance of an organization’s data protection procedures

Answer 99

A

A category for a particular type of data item

Answer 100

A

Data representing a date and/or time

Answer 101

A

A software tool that helps to locate the source of an error and assess its causes

Answer 102

A

The practice of identifying and fixing errors in code

Answer 103

A

A layered approach to vulnerability management that reduces risk

Answer 104

A

An attack that targets a network or server and floods it with network traffic

Answer 105

A

A NIST core function related to identifying potential security incidents and improving monitoring capabilities to increase the speed and efficiency of detections

Answer 106

A

The prompt discovery of security events

Answer 107

A

Data that consists of one or more key-value pairs

Answer 108

A

A file that verifies the identity of a public key holder

Answer 109

A

The practice of collecting and analyzing data to determine what has happened after an attack

Answer 110

A

A file that organizes where other files are stored

Answer 111

A

A plan that allows an organization’s security team to outline the steps needed to minimize the impact of a security incident

Answer 112

A

A type of denial of service attack that uses multiple devices or servers located in different locations to flood the target network with unwanted traffic

Answer 113

A

The different versions of Linux

Answer 114

A

Any form of recorded content that is used for a specific purpose

Answer 115

A

An instance when malicious script exists in the webpage a browser loads

Answer 116

A

A networking protocol that translates internet domain names into IP addresses

Answer 117

A

A type of malware that comes packed with malicious code which is delivered and installed onto a target system

Answer 118

A

A brief summary of your experience, skills, and background

Answer 119

A

A process performed by a VPN service that protects your data by wrapping sensitive data in other data packets

Answer 120

A

The process of converting data from a readable format to an encoded format

Answer 121

A

Any device connected on a network

Answer 122

A

An application that monitors an endpoint for malicious activity

Answer 123

A

The complete removal of the incident elements from all affected systems

Answer 124

A

A set of actions that outline who should be notified when an incident alert occurs and how that incident should be handled

Answer 125

A

An observable occurrence on a network, system, or device

Answer 126

A

An error that involves code that cannot be executed even though it is syntactically correct

Answer 127

A

An operator that does not include the value of comparison

Answer 128

A

A way of taking advantage of a vulnerability

Answer 129

A

A mistake that can be exploited by a threat

Answer 130

A

Anything outside the organization that has the potential to harm organizational assets

Answer 131

A

A state where the presence of a threat is not detected

Answer 132

A

An alert that incorrectly detects the presence of a threat

Answer 133

A

Malware that does not need to be installed by the user because it uses legitimate programs that are already installed to infect a computer

Answer 134

A

The location of a file or directory

Answer 135

A

The component of the Linux OS that organizes data

Answer 136

A

Selecting data that match a certain condition

Answer 137

A

Documentation that provides a comprehensive review of an incident

Answer 138

A

A network security device that monitors traffic to or from a network

Answer 139

A

Data consisting of a number with a decimal point

Answer 140

A

A column in a table that is a primary key in another table

Answer 141

A

A server that regulates and restricts a person’s access to the internet

Answer 142

A

A section of code that can be reused in a program

Answer 143

A

A variable that is available through the entire program

Answer 144

A

A user interface that uses icons on the screen to manage different tasks on the computer

Answer 145

A

Any person who uses computers to gain access to computer systems, networks, or data

Answer 146

A

A person who uses hacking to achieve a political goal

Answer 147

A

A hardware component used for long-term memory

Answer 148

A

The physical components of a computer

Answer 149

A

An instance when different inputs produce the same hash value

Answer 150

A

An algorithm that produces a code that can’t be decrypted

Answer 151

A

A data structure that’s used to store and reference hash values

Answer 152

A

A U.S. federal law established to protect patients’ health information

Answer 153

A

A system or resource created as a decoy vulnerable to attacks with the purpose of attracting potential intruders

Answer 154

A

An application that monitors the activity of the host on which it’s installed

Answer 155

A

A network device that broadcasts information to every device on the network

Answer 156

A

An application layer protocol that provides a method of communication between clients and website servers

Answer 157

A

A network protocol that provides a secure method of communication between clients and website servers

Answer 158

A

A NIST core function related to management of cybersecurity risk and its effect on an organization’s people and assets

Answer 159

A

A collection of processes and technologies that helps organizations manage digital identities in their environment

Answer 160

A

A set of standards that define communication for wireless LANs

Answer 161

A

An object that cannot be changed after it is created and assigned a value

Answer 162

A

The fourth step of the NIST RMF that means to implement security and privacy plans for an organization

Answer 163

A

An incident type that occurs when an employee of an organization violates the organization’s acceptable use policies

Answer 164

A

An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies

Answer 165

A

The process of identifying a potential security incident, triaging it, and handing it off to a more experienced team member

Answer 166

A

A form of documentation used in incident response

Answer 167

A

An organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach

Answer 168

A

A document that outlines the procedures to take in each step of incident response

Answer 169

A

An operator that includes the value of comparison

Answer 170

A

Space added at the beginning of a line of code

Answer 171

A

A number assigned to every element in a sequence that indicates its position

Answer 172

A

The series of observed events that indicate a real-time incident

Answer 173

A

Observable evidence that suggests signs of a potential security incident

Answer 174

A

The protection of unauthorized access and distribution of data

Answer 175

A

The practice of keeping data in all states away from unauthorized users

Answer 176

A

Malicious code inserted into a vulnerable application

Answer 177

A

Programming that validates inputs from users and other programs

Answer 178

A

Data consisting of a number that does not include a decimal point

Answer 179

A

A software application for writing code that provides editing assistance and error correction tools

Answer 180

A

The idea that the data is correct, authentic, and reliable

Answer 181

A

The components required to run the computer

Answer 182

A

A current or former employee, external vendor, or trusted partner who poses a security risk

Answer 183

A

An internet protocol used by devices to tell each other about data transmission errors across the network

Answer 184

A

A type of DoS attack performed by an attacker repeatedly sending ICMP request packets to a network server

Answer 185

A

A set of standards used for routing and addressing data packets as they travel between devices on a network

Answer 186

A

A unique string of characters that identifies the location of a device on the internet

Answer 187

A

A computer program that translates Python code into runnable instructions line by line

Answer 188

A

An application that monitors system activity and alerts on possible intrusions

Answer 189

A

An application that monitors system activity for intrusive activity and takes action to stop the activity

Answer 190

A

A network attack performed when an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to a network

Answer 191

A

Code that repeatedly executes a set of instructions

Answer 192

A

An open-source distribution of Linux that is widely used in the security industry

Answer 193

A

The component of the Linux OS that manages processes and memory

Answer 194

A

A set of data that represents two linked items: a key, and its corresponding value

Answer 195

A

An operating system that is outdated but still being used

Answer 196

A

A meeting that includes all involved parties after a major incident

Answer 197

A

A collection of modules that provide code users can access in their programs

Answer 198

A

An open-source operating system

Answer 199

A

The concept of combining two lists into one by placing the elements of the second list directly after the elements of the first list

Answer 200

A

Data structure that consists of a collection of data in sequential form

Answer 201

A

A type of malware that downloads strains of malicious code from an external source and installs them onto a target system

Answer 202

A

A network that spans small areas like an office building, a school, or a home

Answer 203

A

A variable assigned within a function

Answer 204

A

A record of events that occur within an organization’s systems

Answer 205

A

The process of examining logs to identify events of interest

Answer 206

A

The recording of events occurring on computer systems and networks

Answer 207

A

An error that results when the logic used in code produces unintended results

Answer 208

A

The process of collecting, storing, analyzing, and disposing of log data

Answer 209

A

The part of a loop that determines when the loop terminates

Answer 210

A

A variable that is used to control the iterations of a loop

Answer 211

A

Software designed to harm devices or networks

Answer 212

A

An incident type that occurs when malicious software designed to disrupt a system infiltrates an organization’s computers or network

Answer 213

A

A unique alphanumeric identifier that is assigned to each physical device on a network

Answer 214

A

A function that belongs to a specific data type

Answer 215

A

Key technical attributes such as response time, availability, and failure rate, which are used to assess the performance of a software application

Answer 216

A

A collection of non-profit research and development centers

Answer 217

A

A device that connects your router to the internet and brings internet access to the LAN

Answer 218

A

A Python file that contains additional functions, variables, classes, and any kind of runnable code

Answer 219

A

The seventh step of the NIST RMF that means be aware of how systems are operating

Answer 220

A

A security measure that requires a user to verify their identity in two or more ways to access a system or network

Answer 221

A

A command-line file editor that is available by default in many Linux distributions

Answer 222

A

A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

Answer 223

A

A framework for incident response consisting of four phases: Preparation; Detection and Analysis; Containment, Eradication and Recovery, and Post-incident activity

Answer 224

A

A unified framework for protecting the security of information systems within the U.S. federal government

Answer 225

A

A group of connected devices

Answer 226

A

An application that collects and monitors network traffic and network data

Answer 227

A

The data that’s transmitted between devices on a network

Answer 228

A

Hardware that connects computers to a network

Answer 229

A

The process of examining network logs to identify events of interest

Answer 230

A

A tool designed to capture and analyze data traffic within a network

Answer 231

A

A set of rules used by two or more devices on a network to describe the order of delivery and the structure of data

Answer 232

A

The practice of keeping an organization’s network infrastructure secure from unauthorized access

Answer 233

A

A security technique that divides the network into segments

Answer 234

A

The amount of data that moves across a network

Answer 235

A

The concept that the authenticity of information can’t be denied

Answer 236

A

An online interface for writing, storing, and running code

Answer 237

A

Data consisting of numbers

Answer 238

A

An open-standard authorization protocol that shares designated access between applications

Answer 239

A

A data type that stores data in a comma-separated list of key-value pairs

Answer 240

A

An attack where a malicious actor places themselves in the middle of an authorized connection and intercepts or alters the data in transit

Answer 241

A

The collection and analysis of information from publicly available sources to generate usable intelligence

Answer 242

A

A standardized concept that describes the seven layers computers use to communicate and send data over the network

Answer 243

A

A non-profit organization focused on improving software security

Answer 244

A

The interface between computer hardware and the user

Answer 245

A

A symbol or keyword that represents an operation

Answer 246

A

Input that modifies the behavior of a command

Answer 247

A

A sequence outlining the order of data that must be preserved from first to last

Answer 248

A

A globally recognized standard awareness document that lists the top 10 most critical security risks to web applications

Answer 249

A

A piece of software that can be combined with other packages to form an application

Answer 250

A

A tool that helps users install, manage, and remove packages or applications

Answer 251

A

A file containing data packets intercepted from an interface or network

Answer 252

A

The practice of capturing and inspecting data packets across a network

Answer 253

A

An object that is included in a function definition for use in that function

Answer 254

A

An open-source distribution that is commonly used for security

Answer 255

A

The process of converting data into a more readable format

Answer 256

A

A type of attack where a malicious actor connects to a network hub and looks at all traffic on the network

Answer 257

A

An attempt to access password secured devices, systems, networks, or data

Answer 258

A

A software and operating system update that addresses security vulnerabilities within a program or product

Answer 259

A

A set of security standards formed by major organizations in the financial industry

Answer 260

A

A simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes

Answer 261

A

A resource that provides stylistic guidelines for programmers working in Python

Answer 262

A

Hardware components that are attached and controlled by the computer system

Answer 263

A

The type of access granted for a file or directory

Answer 264

A

Any information used to infer an individual’s identity

Answer 265

A

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Answer 266

A

A collection of software tools needed to launch a phishing campaign

Answer 267

A

A security incident that affects not only digital but also physical environments where the incident is deployed

Answer 268

A

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Answer 269

A

A type of DoS attack caused when a hacker pings a system by sending it an oversized ICMP packet that is bigger than 64KB

Answer 270

A

A manual that provides details about any operational action

Answer 271

A

A set of rules that reduce risk and protect information

Answer 272

A

A software-based location that organizes the sending and receiving of data between devices on a network

Answer 273

A

A firewall function that blocks or allows certain port numbers to limit unwanted communication

Answer 274

A

The process of reviewing an incident to identify areas for improvement during incident handling

Answer 275

A

A type of unwanted software that is bundled in with legitimate programs which might display ads, cause device slowdown, or install other software

Answer 276

A

Information that should be kept from the public

Answer 277

A

The first step of the NIST RMF related to activities that are necessary to manage security and privacy risks before a breach occurs

Answer 278

A

A coding technique that executes SQL statements before passing them on to a database

Answer 279

A

A column where every row has a unique entry

Answer 280

A

The concept of granting only the minimal access and authorization required to complete a task or function

Answer 281

A

The act of safeguarding personal information from unauthorized use

Answer 282

A

Step-by-step instructions to perform a specific security task

Answer 283

A

A popular threat modeling framework that’s used across many industries

Answer 284

A

A process that can be used to create a specific set of instructions for a computer to execute tasks

Answer 285

A

A NIST core function used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats

Answer 286

A

Information that relates to the past, present, or future physical or mental health or condition of an individual

Answer 287

A

The process of properly working with fragile and volatile digital evidence

Answer 288

A

A server that fulfills the requests of its clients by forwarding them to other servers

Answer 289

A

Data that is already accessible to the public and poses a minimal risk to the organization if viewed or shared by others

Answer 290

A

An encryption framework that secures the exchange of online information

Answer 291

A

An extensive collection of Python code that often comes packaged with Python

Answer 292

A

A request for data from a database table or a combination of tables

Answer 293

A

A type of baiting used to trick someone into believing that they’ll be rewarded in return for sharing access, information, or money

Answer 294

A

A file of pre-generated hash values and their associated plaintext

Answer 295

A

A hardware component used for short-term memory

Answer 296

A

A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access

Answer 297

A

A friendly relationship in which the people involved understand each other’s ideas and communicate well with each other

Answer 298

A

A NIST core function related to returning affected systems back to normal operation

Answer 299

A

The process of returning affected systems back to normal operations

Answer 300

A

A subscription-based distribution of Linux built for enterprise use

Answer 301

A

An instance when malicious script is sent to a server and activated during the server’s response

Answer 302

A

A sequence of characters that forms a pattern

Answer 303

A

Rules set by a government or other authority to control the way something is done

Answer 304

A

A structured database containing tables that are related to each other

Answer 305

A

A file path that starts from the user’s current directory

Answer 306

A

A network attack performed when a malicious actor intercepts a data packet in transit and delays it or repeats it at another time

Answer 307

A

The ability to prepare for, respond to, and recover from disruptions

Answer 308

A

A NIST core function related to making sure that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process

Answer 309

A

A Python statement that executes inside a function and sends information back to the function call

Answer 310

A

A server that regulates and restricts the internet’s access to an internal server

Answer 311

A

Anything that can impact the confidentiality, integrity, or availability of an asset

Answer 312

A

The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach

Answer 313

A

The highest-level directory in Linux

Answer 314

A

Malware that provides remote, administrative access to a computer

Answer 315

A

A user with elevated privileges to modify the system

Answer 316

A

A network device that connects multiple networks together

Answer 317

A

An additional safeguard that’s used to strengthen hash functions

Answer 318

A

Malware that employs tactics to frighten users into infecting their device

Answer 319

A

Splunk’s query language

Answer 320

A

A secure protocol used to transfer files from one device to another over a network

Answer 321

A

A security protocol used to create a shell with a remote system

Answer 322

A

A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats

Answer 323

A

A review of an organization’s security controls, policies, and procedures against a set of expectations

Answer 324

A

Safeguards designed to reduce specific security risks

Answer 325

A

Guidelines for making appropriate decisions as a security professional

Answer 326

A

Guidelines used for building plans to help mitigate risk and threats to data and privacy

Answer 327

A

Practices that help support, define, and direct security efforts of an organization

Answer 328

A

The process of strengthening a system to reduce its vulnerabilities and attack surface

Answer 329

A

An application that collects and analyzes log data to monitor critical activities in an organization

Answer 330

A

The ability to evaluate risk and constantly seek out and identify the potential or actual breach of a system, application, or data

Answer 331

A

An organizational unit dedicated to monitoring networks, systems, and devices for security threats or attacks

Answer 332

A

A collection of applications, tools, and workflows that use automation to respond to security events

Answer 333

A

An organization’s ability to manage its defense of critical assets and data and react to change

Answer 334

A

A segment of a company’s network that protects the internal network from the internet

Answer 335

A

The third step of the NIST RMF that means to choose, customize, and capture documentation of the controls that protect an organization

Answer 336

A

A type of data that includes personally identifiable information (PII), sensitive personally identifiable information (SPII), or protected health information (PHI)

Answer 337

A

A specific type of PII that falls under stricter handling guidelines

Answer 338

A

The principle that users should not be given levels of authorization that would allow them to misuse a system

Answer 339

A

a sequence of network HTTP requests and responses associated with the same user

Answer 340

A

A token that websites use to validate a session and determine how long that session should last

Answer 341

A

An event when attackers obtain a legitimate user’s session ID

Answer 342

A

A unique token that identifies a user and their device while accessing a system

Answer 343

A

Data that consists of an unordered collection of unique values

Answer 344

A

The idea that all individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security

Answer 345

A

The command-line interpreter

Answer 346

A

A pattern that is associated with malicious activity

Answer 347

A

A detection method used to find events of interest

Answer 348

A

A network protocol used for monitoring and managing devices on a network

Answer 349

A

A technology that combines several different logins into one

Answer 350

A

The use of text messages to trick users to obtain sensitive information or to impersonate a known source

Answer 351

A

A network attack performed when an attacker sniffs an authorized user’s IP address and floods it with ICMP packets

Answer 352

A

A manipulation technique that exploits human error to gain private information, access, or valuables

Answer 353

A

A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack

Answer 354

A

A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

Answer 355

A

The rate at which a device sends and receives data, measured by bits per second

Answer 356

A

A cloud-hosted tool used to collect, search, and monitor log data

Answer 357

A

A self-hosted tool used to retain, analyze, and search an organization’s log data to provide security information and alerts in real-time

Answer 358

A

Malware that’s used to gather and sell information without consent

Answer 359

A

A programming language used to create, interact with, and request information from a database

Answer 360

A

An attack that executes unexpected queries on a database

Answer 361

A

An individual or group that has an interest in any decision or activity of an organization

Answer 362

A

An error message returned by the OS through the shell

Answer 363

A

Information received by the OS via the command line

Answer 364

A

Information returned by the OS through the shell

Answer 365

A

References that inform how to set policies

Answer 366

A

An interview technique used to answer behavioral and situational questions

Answer 367

A

A class of firewall that keeps track of information passing through it and proactively filters out threats

Answer 368

A

A class of firewall that operates based on predefined rules and that does not keep track of information from data packets

Answer 369

A

An instance when malicious script is injected directly on the server

Answer 370

A

The process of joining two strings together

Answer 371

A

Data consisting of an ordered sequence of characters

Answer 372

A

A manual that informs the writing, formatting, and design of documents

Answer 373

A

The subdivision of a network into logical groups called subnets

Answer 374

A

A continuous sequence of characters within a string

Answer 375

A

A command that temporarily grants elevated permissions to specific users

Answer 376

A

An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

Answer 377

A

An open-source intrusion detection system, intrusion prevention system, and network analysis tool

Answer 378

A

A device that makes connections between specific devices on a network by sending and receiving data between them

Answer 379

A

The use of a single secret key to exchange information

Answer 380

A

A type of DoS attack that simulates a TCP/IP connection and floods a server with SYN packets

Answer 381

A

The rules that determine what is correctly structured in a computing language

Answer 382

A

An error that involves invalid usage of a programming language

Answer 383

A

A social engineering tactic in which unauthorized people follow an authorized person into a restricted area

Answer 384

A

A framework used to visualize how data is organized and transmitted across a network

Answer 385

A

A command-line network protocol analyzer

Answer 386

A

Skills that require knowledge of specific tools, procedures, and policies

Answer 387

A

The collection and transmission of data for analysis

Answer 388

A

Any circumstance or event that can negatively impact assets

Answer 389

A

Any person or group who presents a security risk

Answer 390

A

The proactive search for threats on a network

Answer 391

A

Evidence-based threat information that provides context about existing or emerging threats

Answer 392

A

The process of identifying assets, their vulnerabilities, and how each is exposed to threats

Answer 393

A

Skills from other areas that can apply to different careers

Answer 394

A

An internet communication protocol that allows two devices to form a connection and stream data

Answer 395

A

The prioritizing of incidents according to their level of importance or urgency

Answer 396

A

Malware that looks like a legitimate file or program

Answer 397

A

A state where there is no detection of malicious activity

Answer 398

A

An alert that correctly detects the presence of an attack

Answer 399

A

Data structure that consists of a collection of data that cannot be changed

Answer 400

A

An error that results from using the wrong data type

Answer 401

A

An open-source, user-friendly distribution that is widely used in security and other industries

Answer 402

A

An incident type that occurs when an individual gains digital or physical access to a system or application without permission

Answer 403

A

Any network outside your organization’s control

Answer 404

A

A microchip that contains loading instructions for the computer and replaces BIOS on more modern systems

Answer 405

A

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network

Answer 406

A

The person interacting with a computer

Answer 407

A

A connectionless protocol that does not establish a connection between devices before transmissions

Answer 408

A

A function that programmers design for their specific needs

Answer 409

A

A program that allows the user to control the functions of the operating system

Answer 410

A

The process of creating and maintaining a user’s digital identity

Answer 411

A

A container that stores data

Answer 412

A

A virtual version of a physical computer

Answer 413

A

A network security service that changes your public IP address and hides your virtual location so that you can keep your data private when you are using a public network like the internet

Answer 414

A

Malicious code written to interfere with computer operations and cause damage to data and software

Answer 415

A

A service that allows anyone to analyze suspicious files, domains, URLs, and IP addresses for malicious content

Answer 416

A

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Answer 417

A

A way of displaying various types of data quickly in one place

Answer 418

A

A weakness that can be exploited by a threat

Answer 419

A

The internal review process of an organization’s security systems

Answer 420

A

The process of finding and patching vulnerabilities

Answer 421

A

Software that automatically compares existing common vulnerabilities and exposures against the technologies on the network

Answer 422

A

A type of attack when a threat actor compromises a website frequently visited by a specific group of users

Answer 423

A

Malicious code or behavior that’s used to take advantage of coding flaws in a web application

Answer 424

A

A category of spear phishing attempts that are aimed at high-ranking executives in an organization

Answer 425

A

A network that spans a large geographic area like a city, state, or country

Answer 426

A

A wireless security protocol for devices to connect to the internet

Answer 427

A

A special character that can be substituted with any other character

Answer 428

A

An open-source network protocol analyzer

Answer 429

A

A file that can be altered by anyone in the world

Answer 430

A

Malware that can duplicate and spread itself across systems on its own

Answer 431

A

A computer language used to create rules for searching through ingested log data

Answer 432

A

An exploit that was previously unknown

Brainscape's Knowledge GenomeTM

Cybersecurity Flashcards

Brainscape's Knowledge Genome^TM