D

Question 1

DAD Triad

Answer 1

The 3 key treats to cybersecurity efforts: disclosure, alteration, and denial.

Question 2

Dark Web

Answer 2

An anonymous network created through encryption technology and often used for illicit activity. 14

Question 3

Dashboard Reporting

Answer 3

Utilizes visual aids like graphs and charts to summarize risk data, usually in real time.

Question 4

Data At Rest

Answer 4

Stored data that resides on hard drives, on tapes, in the cloud, or on other storage media.

Question 5

Data Breach Notification Law

Answer 5

Laws requiring the notification of data subjects after a known or suspected breach.

Question 6

Data Classification Policy

Answer 6

A document that describes the classification structure used by the organization and the process used to properly assign classification to data.

Question 7

Data Controller

Answer 7

In the context of a data processor, as defined by the European Union data protection laws, the person or entity that controls processing of the data.

Question 8

Data custodian

Answer 8

The user who is assigned the task of implementing the prescribed protection defined by the security policy and upper management. The data custodian preforms any and all activities necessary to provide adequate protection for data and to fulfill the requirements and responsibilities delegated to them from upper management.

Question 9

Data Exfiltration Attack

Answer 9

An attack in which access to sensitive information is gained and then removed from an organization. 15

Question 10

Data Exposure

Answer 10

The concept that sensitive personal information in databases exposes and organization to risk in the event that information is stolen by an attacker. 15

Question 11

Data Governance Policy

Answer 11

A document that clearly states the owner of information created or used by the organization

Question 12

Data In Transit

Answer 12

Data that is in transit over a network

Question 13

Data In Use

Answer 13

Data that is actively in use by a computer system 15

Question 14

Data Inventory

Answer 14

The first step in managing sensitive data is developing a data inventory of the types of information maintained by the organization and the places where that data is stored, processed, and transmitted. 15

Question 15

Data Loss

Answer 15

The exposure of sensitive information to unauthorized individuals. 15

Question 16

Data Loss Prevention (DLP)

Answer 16

Any systems that identify, monitor, and protect data to prevent it from unauthorized use, modification, destruction, egress, or exfiltration from a location.

Question 17

Data Masking

Answer 17

A tool that redacts sensitive information by replacing some of or all sensitive fields with blank characters. 15

Question 18

Data Minimization

Answer 18

The techniques seeking to reduce risk by reducing the amount of sensitive information maintained on a regular basis. 15

Question 19

Data Obfuscation

Answer 19

The process that transforms data into a format where the original information can not be retrieved. 15

Question 20

Data Owner

Answer 20

The person responsible for classifying information for placement and protection with the security solution. 15

Question 21

Data Ownership

Answer 21

The organization designates specific senior executives as the data owners fo different data types. 16

Question 22

Data Processor

Answer 22

An individual or entity who processes personal data solely on behalf of the data controller. 16

Question 23

Data Protection Office (DPO)

Answer 23

Data Protection Officer - A specific individual who bears overall responsibility for carrying out the organization’s data privacy efforts.16

Question 24

Data Retention Policy

Answer 24

A document that outlines what information the organization will maintain, and the length of time different categories of work product will be retained before destruction. 16

Question 25

Data Sovereignty

Answer 25

A principle that states that data is subject to the legal restrictions of any jurisdiction where it is collected, stored or processed. 16

Question 26

Data Steward

Answer 26

An individual who is responsible for carrying out an organizations data security policies and overseeing data usage based on those policies.

Question 27

Data subject

Answer 27

Individual whose personal data is being processed.

Question 28

Database Encryption

Answer 28

Targets data at the database level. It is a method used to protect sensitive policies and overseeing data usage based on those policies. 16

Question 29

Database Normalization

Answer 29

The process of removing duplication in a relational database. 16

Question 30

Dead Code

Answer 30

Code that is in use in an organization, but nobody is responsible for the maintenance of that code, and in fact, nobody even know where the original source file reside. 16

Question 31

Debug Modes

Answer 31

The feature that gives developers crucial error information needed to troubleshoot applications in the development process. 16

Question 32

Decentralized

Answer 32

An approach that reduces single points of failure by spreading technology components across multiple providers.

Question 33

DDOS

Answer 33

One of the most common forms of the distributed denial of service attacks is a network based DDOS. Malicious actors commonly use large scale botnets to conduct network DDoS attacks, and commercial services exist that conduct DDOS attacks and DDoS like behavior for stress and load testing purposes. 16

Question 34

Defensive Penetration Testing

Answer 34

Focuses on evaluating an organization’s ability to defend against cyberattacks, Unlike offensive penetration testing, which aims to exploit vulnerabilities, defensive penetration testing involves assessing the effectiveness of security policies, procedures, and technologies in detecting and mitigating threats. 16

Question 35

Deidentification Process

Answer 35

Removes the ability to link data back to an individual, reducing its sensitivity. 16

Question 36

Demilitarized Zone (DMZ)

Answer 36

A network zone that resides between an internal network and the internet used to host systems that require public access. 16

Question 37

Digital Signatures

Answer 37

Message integrity is enforced using encrypted message digests, known as digital signatures, created upon transmission. 17

Question 38

Denial

Answer 38

The unintended disruption of an authorized user’s legitimate access to information. 17

Question 39

Deny Listing

Answer 39

Developers use this method to control user input by describing potentially malicious input that must be blocked during input validation. 17

Question 40

Deprovisioned

Answer 40

When an account is terminated. 17

Question 41

Detective Controls

Answer 41

A type of access control that is deployed to discover or detect unwanted or unauthorized activity. 17

Question 41

Deterrent Controls

Answer 41

A type of access control that is deployed to discourage violation of security policies. 17

Question 42

Development environment

Answer 42

Typically used for developers or other builders to do their work. 17

Question 43

Device Driver

Answer 43

Software interface between hardware devices and the operating system. 17

Question 44

DevOps

Answer 44

Software interface between hardware devices and the operating system. 17

Question 45

DevSecOps

Answer 45

DevOps Model that includes securrity as a coe component.

Question 46

Diamond Model of Intrusion Analysis

Answer 46

An intrusion analysis model that focuses on adversaries, infrastructure, victims, and capabilities using a diamond shape to guide analysis through the connected vertices. 17

Question 47

Dictionary Attack

Answer 47

The act of attempting to crack passwords by testing them against a list of dictionary words. 17

Question 48

Differential Backup

Answer 48

A type of backup that stores all files that have been modified since the time of the most recent full backup. 17

Question 49

Dig

Answer 49

A tool that performs a lookup of an IP address to return a domain name, or a domain name to return an IP address, and looks up specific DNS information like MX (Mail server), A, and other DNS records. 17

Question 50

Digital Certificates

Answer 50

An Electonic document used to securely share private key with third parties based on the assurance provided by a certificate authority (CA). 17

Question 51

Digital Rights Management (DRM)

Answer 51

A type of protection software that uses encryption to enforce copyright restrictions on digital media. Over the past decade, publishers attempted to deploy DRM schemes across a variety of media types, including music, movies, and books. 17

Question 52

Digital Signatures

Answer 52

Message integrity is enforced using encrypted message digests, known as digital signatures, created upon transmission of a message.

Question 53

Directive Controls

Answer 53

Informed employees and others what they should do to achieve security objectives. 18

Question 54

Directory Services

Answer 54

A centralized database of resources available to the network, much like a telephone directory for services and assets. Users, clients, and processes consult the directory service to learn where a desired system or resource resides. 18

Question 55

Directory Traversal

Answer 55

An attack that allows an attacker to jump out of the web root directory structure and into any other part of the file system hosted by the web server’s host operating system. 18

Question 56

Disassociation

Answer 56

An attack in which the intruder sends a frame to a wireless access point with a spoofed address to make it look as if it came from the victim and then disconnects them from the network. 18

Question 57

Disaster Recovery Plan (DRP)

Answer 57

Disaster Recovery Plan -Term that describes the actions an organization takes to resume normal operations after a disaster interrupts normal activity. 18

Question 58

Disclosure

Answer 58

The occurrence of violation of violation of confidentiality when resources are made accessible to unauthorize entities. 18

Question 59

Discretionary Access Control

Answer 59

A mechanism used to control access to objects. The owner or creator of an object controls and defines the access other subjects have to it 18

Question 60

Disposition

Answer 60

A software development phase that occurs when a product or system reaches the end of life. 18

Question 61

Disruption/Chaos Attack

Answer 61

Attacks that are motivated by a desire to cause chaos and disrupt normal operations. 18

Question 62

DLL Injection attack

Answer 62

A variant of SQL injection, where commands may attempt to load dynamic link libraries (DLL) containing malicious code. 18

Question 63

DNS Filtering

Answer 63

Used by many organizations to block malicious domains.18

Question 64

DNS Poisoning

Answer 64

Can be accomplished in multiple ways. One form is another form of the on-path attack where an attacker provides a DNS response while pretending to be an authoritative DNS server. Vulnerabilities in DNS protocols or implementations can also permit DNS poisoning, but they are rarer.

Question 65

DNS sinkhole

Answer 65

A DNS server that is configured to provide incorrect answers to specific DNS queries. 19

Question 66

Dnsenum

Answer 66

A DNS server that is configured to provide incorrect answers to specific DNS queries. 19

Question 67

DNSENUM

Answer 67

a command line tool that is used to find DNS servers and entries for a domain. 19

Question 68

Domain based message authentication reporting and conformance (DMARC)

Answer 68

Domain based message authentication reporting and conformance (DMARC)-A protocol that uses SPF and DKIM to determine if an email message is authentic. 19

Question 69

Domain hijacking

Answer 69

Changes the registration of a domain. 19

Question 70

Domain reputation

Answer 70

Services and tolls provide information about whether a domain is a trusted email sender or sends a lot of spam email. 19

Question 71

Domain Name System (DNS)

Answer 71

Domain Name System (DNS)–The network service used in TCP/IP networks that translates hostnames to IP addresses. 19

Question 72

Domain Name System Security Extensions (DNSSEC)

Answer 72

Domain Name System Security Extensions (DNSSEC)–Provide authentication of DNS data, allowing DNS queries to be validated even if they are not encrypted. 19

Question 73

Domain Validation (DV) Certificates

Answer 73

Domain Validation (DV) Certificates The CA simply verifies that the certificate subject has control of the domain name. 19

Question 74

DomainKeys Identified Mail (DKIM)

Answer 74

DomainKeys Identified Mail (DKIM)-Allows organizations to add content to messages to identify them as being from their domain. 19

Question 75

Downgrade Attack

Answer 75

Sometimes used against secure communications such as TLS in an attempt to get the user or system to inadvertently shift to a less secure cryptographic modes. 19

Question 76

Due Care

Answer 76

Refers to the ongoing efforts to ensure that the implemented policies and controls are effective and continuously maintained. 20

Question 76

Due diligence

Answer 76

Involves thoroughly vetting potential vendors to ensure that they meet the organizations standards and requirements. 20

Question 77

Dumpster diving

Answer 77

Looking through trash for clues to find users passwords and other pertinent information. 20

Question 78

Dynamic Code Analysis

Answer 78

Analyzing the execution of code while providing it with input to test the software. 20

Question 79

Dynamic Host Configuration Protocol (DHCP)

Answer 79

Dynamic Host Configuration Protocol (DHCP)– A protocol used to assign TCP/IP configuration settings to systems upon bootup. DHCP uses UDP