Definitions Flashcards

Question 1

Q

3DES

Answer

A

Triple Digital Encryption Standard. A symmetric algorithm used to encrypt data and provide confidentiality. It is a block cipher that encrypts data in 64-bit blocks.

Question 2

Q

AAA

Answer

A

Authentication, authorization, and accounting. A group of technologies used in remote access systems. Authentication verifies a user’s identification. Authorization determines if a user should have access. Accounting tracks a user’s access with logs. Sometimes called AAAs of security.

Question 3

Q

ABAC

Answer

A

Attribute-based access control. An access control model that grants access to resources based on attributes assigned to subjects and objects.

Question 4

Q

acceptable use policy (AUP)

Answer

A

A policy defining proper system usage and the rules of behavior for employees. It often describes the purpose of computer systems and networks, how users can access them, and the responsibilities of users when accessing the systems.

Question 5

Q

access point (AP)

Answer

A

A device that connects wireless clients to wireless networks. Sometimes called wireless access point (WAP).

Question 6

Q

accounting

Answer

A

The process of tracking the activity of users and recording this activity in logs. One method of accounting is audit logs that create an audit trail.

Question 7

Q

ACLs

Answer

A

Access control lists. Lists of rules used by routers and stateless firewalls. These devices use the ACL to control traffic based on networks, subnets, IP addresses, ports, and some protocols.

Question 8

Q

active reconnaissance

Answer

A

A penetration testing method used to collect information. It sends data to systems and analyzes responses to gain information on the target. Compare with passive reconnaissance.

Question 9

Q

ad hoc

Answer

A

A connection mode used by wireless devices without an AP. When wireless devices connect through an AP, they are using infrastructure mode.

Question 10

Q

administrative controls

Answer

A

Security controls implemented via administrative or management methods.

Question 11

Q

AES

Answer

A

Advanced Encryption Standard. A strong symmetric block cipher that encrypts data in 128-bit blocks. AES can use key sizes of 128 bits, 192 bits, or 256 bits.

Question 12

Q

affinity

Answer

A

A scheduling method used with load balancers. It uses the client’s IP address to ensure the client is redirected to the same server during a session.

Question 13

Q

aggregation switch

Answer

A

A switch used to connect multiple switches together into a network. Switches connect to the aggregation switch and it connects to a router.

Question 14

Q

agile

Answer

A

A software development life cycle model that focuses on interaction between customers, developers, and testers. Compare with waterfall.

Question 15

Q

AH

Answer

A

Authentication Header. An option within IPsec to provide authentication and integrity.

Question 16

Q

airgap

Answer

A

A physical security control that provides physical isolation. Systems separated by an airgap don’t typically have any physical connections to other systems.

Question 17

Q

ALE

Answer

A

Annual (or annualized) loss expectancy. The expected loss for a year. It is used to measure risk with ARO and SLE in a quantitative risk assessment. The calculation is SLE × ARO = ALE.

Question 18

Q

amplification attack

Answer

A

An attack that increases the amount of bandwidth sent to a victim.

Question 19

Q

anomaly

Answer

A

A type of monitoring on intrusion detection and intrusion prevention systems. It detects attacks by comparing operations against a baseline. It is also known as heuristic detection.

Question 20

Q

ANT

Answer

A

A proprietary wireless protocol used by some mobile devices. It is not an acronym.

Question 21

Q

antispoofing

Answer

A

A method used on some routers to protect against spoofing attacks. A common implementation is to implement specific rules to block certain traffic.

Question 22

Q

antivirus

Answer

A

Software that protects systems from malware. Although it is called antivirus software, it protects against most malware, including viruses, Trojans, worms, and more.

Question 23

Q

application blacklist

Answer

A

A list of applications that a system blocks. Users are unable to install or run any applications on the list.

Question 24

Q

application cell

Answer

A

Also known as application containers. A virtualization technology that runs services or applications within isolated application cells (or containers). Each container shares the kernel of the host.

Question 25

Q

application whitelist

Answer

A

A list of applications that a system allows. Users are only able to install or run applications on the list.

Question 26

Q

APT

Answer

A

Advanced persistent threat. A group that has both the capability and intent to launch sophisticated and targeted attacks.

Question 27

Q

ARO

Answer

A

Annual (or annualized) rate of occurrence. The number of times a loss is expected to occur in a year. It is used to measure risk with ALE and SLE in a quantitative risk assessment.

Question 28

Q

arp

Answer

A

A command-line tool used to show and manipulate the Address Resolution Protocol (ARP) cache.

Question 29

Q

ARP poisoning

Answer

A

An attack that misleads systems about the actual MAC address of a system.

Question 30

Q

asset value

Answer

A

An element of a risk assessment. It identifies the value of an asset and can include any product, system, resource, or process. The value can be a specific monetary value or a subjective value.

Question 31

Q

asymmetric encryption

Answer

A

A type of encryption using two keys to encrypt and decrypt data. It uses a public key and a private key. Compare with symmetric encryption.

Question 32

Q

attestation

Answer

A

A process that checks and validates system files during the boot process. TPMs sometimes use remote attestation, sending a report to a remote system for attestation.

Question 33

Q

audit trail

Answer

A

A record of events recorded in one or more logs. When security professionals have access to all the logs, they can re-create the events that occurred leading up to a security incident.

Question 34

Q

authentication

Answer

A

The process that occurs when a user proves an identity, such as with a password.

Question 35

Q

authorization

Answer

A

The process of granting access to resources for users who prove their identity (such as with a username and password), based on their proven identity.

Question 36

Q

availability

Answer

A

One of the three main goals of information security known as the CIA security triad. Availability ensures that systems and data are up and operational when needed. Compare with confidentiality and integrity.

Question 37

Q

backdoor

Answer

A

An alternate method of accessing a system. Malware often adds a
backdoor into a system after it infects it.

Question 38

Q

background check

Answer

A

A check into a person’s history, typically to determine eligibility for a job.

Question 39

Q

banner grabbing

Answer

A

A method used to gain information about a remote system. It identifies the operating system and other details on the remote system.

Question 40

Q

bcrypt

Answer

A

A key stretching algorithm. It is used to protect passwords. Bcrypt salts passwords with additional bits before encrypting them with Blowfish. This thwarts rainbow table attacks.

Question 41

Q

BIOS

Answer

A

Basic Input/Output System. A computer’s firmware used to manipulate different settings such as the date and time, boot drive, and access password. UEFI is the designated replacement for BIOS.

Question 42

Q

birthday

Answer

A

A password attack named after the birthday paradox in probability theory. The paradox states that for any random group of 23 people, there is a 50 percent chance that 2 of them have the same birthday.

Question 43

Q

black box test

Answer

A

A type of penetration test. Testers have zero knowledge of the environment prior to starting the test. Compare with gray box test and white box test.

Question 44

Q

block cipher

Answer

A

An encryption method that encrypts data in fixed-sized blocks. Compare with stream cipher.

Question 45

Q

Blowfish

Answer

A

A strong symmetric block cipher. It encrypts data in 64-bit blocks and supports key sizes between 32 and 448 bits. Compare with Twofish.

Question 46

Q

bluejacking

Answer

A

An attack against Bluetooth devices. It is the practice of sending unsolicited messages to nearby Bluetooth devices.

Question 47

Q

bluesnarfing

Answer

A

An attack against Bluetooth devices. Attackers gain unauthorized access to Bluetooth devices and can access all the data on the device.

Question 48

Q

bollards

Answer

A

Short vertical posts that act as a barricade. Bollards block vehicles but not people.

Question 49

Q

bots

Answer

A

Software robots that function automatically. A botnet is a group of computers that are joined together. Attackers often use malware to join computers to a botnet, and then use the botnet to launch attacks.

Question 50

Q

BPA

Answer

A

Business partners agreement. A written agreement that details the relationship between business partners, including their obligations toward the partnership.

Question 51

Q

bridge

Answer

A

A network device used to connect multiple networks together. It can be used instead of a router in some situations.

Question 52

Q

brute force

Answer

A

A password attack that attempts to guess a password. Online brute force attacks guess passwords of online systems. Offline attacks guess passwords contained in a file or database.

Question 53

Q

buffer overflow

Answer

A

An error that occurs when an application receives more input, or different input, than it expects. It exposes system memory that is normally inaccessible.

Question 54

Q

business impact analysis (BIA)

Answer

A

A process that helps an organization identify critical systems and components that are essential to the organization’s success.

Question 55

Q

BYOD

Answer

A

Bring your own device. A mobile device deployment model. Employees can connect their personally owned device to the network. Compare with COPE and CYOD.

Question 56

Q

CA

Answer

A

Certificate Authority. An organization that manages, issues, and signs certificates. A CA is a main element of a PKI.

Question 57

Q

CAC

Answer

A

Common Access Card. A specialized type of smart card used by the U.S. Department of Defense. It includes photo identification and provides confidentiality, integrity, authentication, and non-repudiation.

Question 58

Q

captive portal

Answer

A

A technical solution that forces wireless clients using web browsers to complete a process before accessing a network. It is often used to ensure users agree to an acceptable use policy or pay for access.

Question 59

Q

carrier unlocking

Answer

A

The process of unlocking a mobile phone from a specific cellular provider.

Question 60

Q

CBC

Answer

A

Cipher Block Chaining. A mode of operation used for encryption that effectively converts a block cipher into a stream cipher. It uses an IV for the first block and each subsequent block is combined with the previous block.

Question 61

Q

CCMP

Answer

A

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol. An encryption protocol based on AES and used with WPA2 for wireless security. It is more secure than TKIP, which was used with the original release of WPA.

Question 62

Q

CER

Answer

A

Canonical Encoding Rules. A base format for PKI certificates. They are binary encoded files. Compare with DER.

Question 63

Q

certificate

Answer

A

A digital file used for encryption, authentication, digital signatures, and more. Public certificates include a public key used for asymmetric encryption.

Question 64

Q

certificate chaining

Answer

A

A process that combines all certificates within a trust model. It includes all the certificates in the trust chain from the root CA down to the certificate issued to the end user.

Answer 65

A

A process that provides assurances that evidence has been controlled and handled properly after collection. Forensic experts establish a chain of custody when they first collect evidence.

Answer 66

A

The process used to prevent unauthorized changes. Unauthorized changes often result in unintended outages.

Answer 67

A

Challenge Handshake Authentication Protocol. An authentication mechanism where a server challenges a client. Compare with MS-CHAPv2 and PAP.

Answer 68

A

A Linux command used to change the root directory. It is often used for sandboxing.

Answer 69

A

The result of encrypting plaintext. Ciphertext is not in an easily readable format until it is decrypted.

Answer 70

A

A security policy requiring employees to keep their areas organized and free of papers. The goal is to reduce threats of security incidents by protecting sensitive data.

Answer 71

A

An attack that tricks users into clicking something other than what they think they’re clicking.

Answer 72

A

A software tool or service that enforces cloud-based security requirements. It is placed between the organization’s resources and the cloud, monitors all network traffic, and can enforce security policies.

Answer 73

A

Cloud model types that identify who has access to cloud resources. Public clouds are for any organization. Private clouds are for a single organization. Community clouds are shared among community organizations. A hybrid cloud is a combination of two or more clouds.

Answer 74

A

The process of assigning a certificate to code. The certificate includes a digital signature and validates the code.

Answer 75

A

An alternate location for operations. A cold site will have power and connectivity needed for activation, but little else. Compare with hot site and warm site.

Answer 76

A

A hash vulnerability that can be used to discover passwords. A hash collision occurs when two different passwords create the same hash.

Answer 77

A

Security controls that are alternative controls used when a primary security control is not feasible.

Answer 78

A

Code that has been optimized by an application and converted into an executable file. Compare with runtime code.

Answer 79

A

Data meant to be kept secret among a certain group of people. As an example, salary data is meant to be kept secret and not shared with everyone within a company.

Answer 80

A

One of the three main goals of information security known as the CIA security triad. Confidentiality ensures that unauthorized entities cannot access data. Encryption and access controls help protect against the loss of confidentiality. Compare with availability and integrity.

Answer 81

A

A type of vulnerability scanner that verifies systems are configured correctly. It will often use a file that identifies the proper configuration for systems.

Answer 82

A

A cryptography concept that indicates ciphertext is significantly different than plaintext.

Answer 83

A

A method used to isolate applications in mobile devices. It isolates and protects the application, including any data used by the application.

Answer 84

A

An authentication method using multiple elements to authenticate a user and a mobile device. It can include identity, geolocation, the device type, and more.

Answer 85

A

The planning process that identifies an alternate location for operations after a critical outage. It can include a hot site, cold site, or warm site.

Answer 86

A

The use of different security control types, such as technical controls, administrative controls, and physical controls. Compare with vendor diversity.

Answer 87

A

An AP that is managed by a controller. Also called a thin AP. Compare with fat AP.

Answer 88

A

Corporate-owned, personally enabled. A mobile device deployment
model. The organization purchases and issues devices to employees. Compare with BYOD and CYOD.

Answer 89

A

Security controls that attempt to reverse the impact of a security incident.

Answer 90

A

Certificate revocation list. A list of certificates that a CA has revoked. Certificates are commonly revoked if they are compromised, or issued to an employee who has left the organization.

Answer 91

A

Thepoint where the false acceptance rate (FAR) crosses over with the false rejection rate (FRR). A lower CER indicates a more accurate biometric system.

Answer 92

A

A web application attack. XSRF attacks trick users into performing actions on web sites, such as making purchases, without their knowledge.

Answer 93

A

A web application vulnerability. Attackers embed malicious HTML or JavaScript code into a web site’s code, which executes when a user visits the site.

Answer 94

A

A type of ransomware that encrypts the user’s data.

Answer 95

A

A set of hardware, software, and/or firmware that implements cryptographic functions. Compare with crypto service provider.

Answer 96

A

A software library of cryptographic standards and algorithms. These libraries are typically distributed within crypto modules.

Answer 97

A

Certificate signing request. A method of requesting a certificate from a CA. It starts by creating an RSA-based private/public key pair and then including the public key in the CSR.

Answer 98

A

Counter mode. A mode of operation used for encryption that combines an IV with a counter. The combined result is used to encrypt blocks.

Answer 99

A

Mobile device firmware other than the firmware provided with the device. People sometimes use custom firmware to root Android devices.

Answer 100

A

A group of experts who respond to security incidents. Also known as CIRT.

Answer 101

A

Choose your own device. A mobile device deployment model. Employees can connect their personally owned device to the network as long as the device is on a preapproved list. Compare with BYOD and COPE.

Answer 102

A

Discretionary access control. An access control model where all objects have owners and owners can modify permissions for the objects (files and folders). Microsoft NTFS uses the DAC model.

Answer 103

A

Any data stored on media. It’s common to encrypt sensitive data- at-rest.

Answer 104

A

A security feature that prevents code from executing in memory regions marked as nonexecutable. It helps block malware.

Answer 105

A

The unauthorized transfer of data outside an organization.

Answer 106

A

Any data sent over a network. It’s common to encrypt sensitive data-in-transit.

Answer 107

A

Any data currently being used by a computer. Because the computer needs to process the data, it is not encrypted while in use.

Answer 108

A

A security policy specifying how long data should be kept (retained).

Answer 109

A

A term that refers to the legal implications of data stored in different countries. It is primarily a concern related to backups stored in alternate locations via the cloud.

Answer 110

A

Distributed denial-of-service. An attack on a system launched from multiple sources intended to make a computer’s resources or services unavailable to users. DDoS attacks typically include sustained, abnormally high network traffic. Compare with DoS.

Answer 111

A

Code that is never executed or used. It is often caused by logic errors.

Answer 112

A

The use of multiple layers of security to protect resources. Control diversity and vendor diversity are two methods organizations implement to provide defense in depth.

Answer 113

A

The process of removing data from magnetic media using a very powerful electronic magnet. Degaussing is sometimes used to remove data from backup tapes or to destroy hard disks.

Answer 114

A

Distinguished Encoding Rules. A base format for PKI certificates. They are BASE64 ASCII encoded files. Compare with CER.

Answer 115

A

Data Encryption Standard. A legacy symmetric encryption standard used to provide confidentiality. It has been compromised and AES or 3DES should be used instead.

Answer 116

A

Security controls that attempt to detect security incidents after they have occurred.

Answer 117

A

Security controls that attempt to discourage individuals from causing a security incident.

Answer 118

A

A password attack that uses a file of words and character combinations. The attack tries every entry within the file when trying to guess a password.

Answer 119

A

A type of backup that backs up all the data that has changed or is different since the last full backup.

Answer 120

A

An asymmetric algorithm used to privately share symmetric keys. DH Ephemeral (DHE) uses ephemeral keys, which are re- created for each session. Elliptic Curve DHE (ECDHE) uses elliptic curve cryptography to generate encryption keys.

Answer 121

A

A cryptography concept that ensures that small changes in plaintext result in significant changes in ciphertext.

Answer 122

A

A command-line tool used to test DNS on Linux systems. Compare with nslookup.

Answer 123

A

An encrypted hash of a message, encrypted with the sender’s private key. It provides authentication, non-repudiation, and integrity.

Answer 124

A

A policy that identifies when administrators should

disable user accounts.

Answer 125

A

An attack that removes wireless clients from a wireless network.

Answer 126

A

A NAC agent that runs on a client, but deletes itself later. It checks the client for health. Compare with permanent agent.

Answer 127

A

An attack that injects a Dynamic Link Library (DLL) into memory and runs it. Attackers rewrite the DLL, inserting malicious code.

Answer 128

A

Data loss prevention. A group of technologies used to prevent data loss. They can block the use of USB devices, monitor outgoing email to detect and block unauthorized data transfers, and monitor data stored in the cloud.

Answer 129

A

Demilitarized zone. A buffer zone between the Internet and an internal network. Internet clients can access the services hosted on servers in the DMZ, but the DMZ provides a layer of protection for the internal network.

Answer 130

A

Domain Name System. A service used to resolve host names to IP addresses. DNS zones include records such as A records for IPv4 addresses and AAAA records for IPv6 addresses.

Answer 131

A

Domain Name System Security Extensions. A suite of extensions to DNS used to protect the integrity of DNS records and prevent some DNS attacks.

Answer 132

A

An attack that modifies or corrupts DNS results. DNSSEC helps prevent DNS poisoning.

Answer 133

A

An attack that changes the registration of a domain name without permission from the owner.

Answer 134

A

Denial-of-service. An attack from a single source that attempts to disrupt the services provided by the attacked system. Compare with DDoS.

Answer 135

A

A type of attack that forces a system to downgrade its security. The attacker then exploits the lesser security control.

Answer 136

A

Digital signature algorithm. An encrypted hash of a message used for authentication, non- repudiation, and integrity. The sender’s private key encrypts the hash of the message.

Answer 137

A

The practice of searching through trash looking to gain information from discarded documents. Shredding or burning papers helps prevent the success of dumpster diving.

Answer 138

A

Extensible Authentication Protocol. An authentication framework that provides general guidance for authentication methods. Variations include PEAP, EAP-TLS, EAP-TTLS, and EAP-FAST.

Answer 139

A

EAP-Flexible Authentication via Secure Tunneling (EAP- FAST). A Cisco-designed replacement for Lightweight EAP (LEAP). EAP- FAST supports certificates, but they are optional.

Answer 140

A

Extensible Authentication Protocol-Transport Layer Security. An
extension of EAP sometimes used with 802.1x. This is one of the most secure EAP standards and is widely implemented. It requires certificates on the 802.1x server and on the clients.

Answer 141

A

Extensible Authentication Protocol-Tunneled Transport Layer Security. An extension of EAP sometimes used with 802.1x. It allows systems to use some older authentication methods such as PAP within a TLS tunnel. It requires a certificate on the 802.1x server but not on the clients.

Answer 142

A

Electronic Codebook. A legacy mode of operation used for encryption. It is weak and should not be used.

Answer 143

A

Any device that has a dedicated function and uses a computer system to perform that function. It includes a CPU, an operating system, and one or more applications.

Answer 144

A

Electromagnetic interference. Interference caused by motors, power lines, and fluorescent lights. EMI shielding prevents outside interference sources from corrupting data and prevents data from emanating outside the cable.

Answer 145

A

Electromagnetic pulse. A short burst of energy that can potentially damage electronic equipment. It can result from electrostatic discharge (ESD), lightning, and military weapons.

Answer 146

A

A process that scrambles, or ciphers, data to make it unreadable. Encryption normally includes a public algorithm and a private key. Compare with asymmetric and symmetric encryption.

Answer 147

A

A wireless mode that uses an 802.1x server for security. It forces users to authenticate with a username and password. Compare with Open and PSK modes.

Answer 148

A

A type of key used in cryptography. Ephemeral keys have very short lifetimes and are re-created for each session.

Answer 149

A

A programming process that handles errors gracefully.

Answer 150

A

Encapsulating Security Payload. An option within IPsec to provide
confidentiality, integrity, and authentication.

Answer 151

A

A type of rogue AP. An evil twin has the same SSID as a legitimate AP.

Answer 152

A

An interview conducted with departing employees just before they leave an organization.

Answer 153

A

Tools used to store information about security vulnerabilities. They are often used by penetration testers (and attackers) to detect and exploit software.

Answer 154

A

The part of an internal network shared with outside entities. Extranets are often used to provide access to authorized business partners, customers, vendors, or others.

Answer 155

A

A biometric method that identifies people based on facial features.

Answer 156

A

A security incident that isn’t detected or reported. As an example, a NIDS false negative occurs if an attack is active on the network
but the NIDS does not raise an alert.

Answer 157

A

An alert on an event that isn’t a security incident. As an example, a NIDS false positive occurs if the NIDS raises an alert but activity on the network is normal.

Answer 158

A

False acceptance rate. Also called the false match rate. A rate that identifies the percentage of times a biometric authentication system incorrectly indicates a match.

Answer 159

A

A room or enclosure that prevents signals from emanating beyond the room or enclosure.

Answer 160

A

An AP that includes everything needed to connect wireless clients to a wireless network. Fat APs must be configured independently. Sometimes called a stand-alone AP. Compare with thin AP.

Answer 161

A

The capability of a system to suffer a fault, but continue to operate. Said another way, the system can tolerate the fault as if it never occurred.

Answer 162

A

Full disk encryption. A method to encrypt an entire disk. Compare with SED.

Answer 163

A

Two or more members of a federated identity management system. Used for single sign-on.

Answer 164

A

Biometric systems that scan fingerprints for authentication.

Answer 165

A

A software or a network device used to filter traffic. Firewalls can be application-based (running on a host), or a network-based device. Stateful firewalls filter traffic using rules within an ACL. Stateless firewalls filter traffic based on its state within a session.

Answer 166

A

Over-the-air updates for mobile device firmware that keep them up to date. These are typically downloaded to the device from the Internet and applied to update the device.

Answer 167

A

A method of thwarting flood attacks. On switches, a flood guard thwarts MAC flood attacks. On routers, a flood guard prevents SYN flood attacks.

Answer 168

A

A structure used to provide a foundation. Cybersecurity frameworks typically use a structure of basic concepts and provide guidance to professionals on how to implement security.

Answer 169

A

False rejection rate. Also called the false nonmatch rate. A rate that identifies the percentage of times a biometric authentication system incorrectly rejects a valid match.

Answer 170

A

File Transfer Protocol Secure. An extension of FTP that uses TLS to encrypt FTP traffic. Some implementations of FTPS use TCP ports 989 and 990.

Answer 171

A

A type of backup that backs up all the selected data. A full backup could be considered a normal backup.

Answer 172

A

An encrypted connection used with VPNs. When a user is connected to a VPN, all traffic from the user is encrypted. Compare with split tunnel.

Answer 173

A

Galois/Counter Mode. A mode of operation used for encryption. It combines the Counter (CTM) mode with hashing techniques for data authenticity and confidentiality.

Answer 174

A

A virtual fence or geographic boundary. It uses GPS to create the boundary. Apps can then respond when a mobile device is within the virtual fence.

Answer 175

A

The location of a device identified by GPS. It can help locate a lost or stolen mobile device.

Answer 176

A

Group Policy Object. A technology used within Microsoft Windows to manage users and computers. It is implemented on a domain controller within a domain.

Answer 177

A

Global Positioning System. A satellite-based navigation system that identifies the location of a device or vehicle. Mobile devices often incorporate GPS capabilities.

Answer 178

A

A process of adding geographical data to files such as pictures. It typically includes latitude and longitude coordinates of the location where the picture was taken or the file was created.

Answer 179

A

A type of penetration test. Testers have some knowledge of the environment prior to starting the test. Compare with black box test and white box test.

Answer 180

A

A role-based access control method that uses groups as roles.

Answer 181

A

A pre-created account in Windows systems. It is disabled by default.

Answer 182

A

An attacker who launches attacks as part of an activist movement or to further a cause.

Answer 183

A

A known secure starting point. TPMs have a private key burned into the hardware that provides a hardware root of trust.

Answer 184

A

A number created by executing a hashing algorithm against data, such as a file or message. Hashing is commonly used for integrity. Common hashing algorithms are MD5, SHA-1, and HMAC.

Answer 185

A

A type of monitoring on intrusion detection and intrusion prevention systems. It detects attacks by comparing traffic against a baseline. It is also known as anomaly detection.

Answer 186

A

Host-based intrusion detection system. Software installed on a system to detect attacks. It protects local resources on the host. A host-based intrusion prevention system (HIPS) is an extension of a HIDS. It is software installed on a system to detect and block attacks.

Answer 187

A

A term that indicates a system or component remains available close to 100 percent of the time.

Answer 188

A

Hash-based Message Authentication Code. A hashing algorithm used to verify integrity and authenticity of a message with the use of a shared secret. It is typically combined with another hashing algorithm such as SHA.

Answer 189

A

A message, often circulated through email, that tells of impending doom from a virus or other security threat that simply doesn’t exist.

Answer 190

A

Smart devices used within the home that have IP addresses. These are typically accessible via the Internet and are part of the Internet of things (IoT).

Answer 191

A

A server designed to attract an attacker. It typically has weakened security encouraging attackers to investigate it.

Answer 192

A

A group of honeypots in a network. Honeynets are often configured in virtual networks.

Answer 193

A

A method commonly used in data centers to keep equipment cool. Cool air flows from the front of the cabinets to the back, making the front aisle cooler and the back aisle warmer.

Answer 194

A

HMAC-based One-Time Password. An open standard used for creating one-time passwords. It combines a secret key and a counter, and then uses HMAC to create a hash of the result.

Answer 195

A

An alternate location for operations. A hot site typically includes everything needed to be operational within 60 minutes. Compare with cold site and warm site.

Answer 196

A

Hardware security module. A removable or external device that can generate, store, and manage RSA keys used in asymmetric encryption. Compare with TPM.

Answer 197

A

Hypertext Transfer Protocol Secure. A protocol used to encrypt HTTP
traffic. HTTPS encrypts traffic with TLS using TCP port 443.

Answer 198

A

Heating, ventilation, and air conditioning. A physical security control that increases availability by regulating airflow within data centers and server rooms.

Answer 199

A

Infrastructure as a Service. A cloud computing model that allows an organization to rent access to hardware in a self-managed platform. Compare with PaaS and SaaS.

Answer 200

A

Industrial control system. A system that controls large systems such as power plants or water treatment facilities. A SCADA system controls the ICS.

Answer 201

A

The process that occurs when a user claims an identity, such as with a username.

Answer 202

A

An authentication protocol used in VPNs and wired and wireless networks. VPNs often implement it as a RADIUS server. Wired networks use it for port-based authentication. Wireless networks use it in Enterprise mode. It can be used with certificate-based authentication.

Answer 203

A

A command-line tool used on Linux systems to show and manipulate settings on a network interface card (NIC). Similar to ipconfig used on Windows systems.

Answer 204

A

Internet Message Access Protocol version 4. A protocol used to store and manage email on servers. IMAP4 uses TCP port 143. Secure IMAP4 uses TLS to encrypt IMAP4 traffic.

Answer 205

A

The magnitude of harm related to a risk. It is the negative result of an event, such as the loss of confidentiality, integrity, or availability of a system or data. Compare with likelihood of occurrence.

Answer 206

A

A rule in an ACL that blocks all traffic that hasn’t been explicitly allowed. The implicit deny rule is the last rule in an ACL.

Answer 207

A

The process of responding to a security incident. Organizations often create an incident response plan that outlines the procedures to be used when responding to an incident.

Answer 208

A

The procedures documented in an incident response policy.

Answer 209

A

The phases of incident response, including preparation, identification, containment, eradication, recovery, and lessons learned.

Answer 210

A

A type of backup that backs up all the data that has changed since the last full or incremental backup.

Answer 211

A

An attack that injects code or commands. Common injection attacks are DLL injection, command injection, and SQL injection attacks.

Answer 212

A

A configuration that forces traffic to pass through a device. A NIPS is placed inline, allowing it to prevent malicious traffic from entering a network. Sometimes called in-band. Compare with out- of-band.

Answer 213

A

A programming process that verifies data is valid before using it.

Answer 214

A

An attacker who launches attacks from within an organization, typically as an employee.

Answer 215

A

An application attack that attempts to use or create a numeric value that is too big for an application to handle. Input handling and error handling thwart the attack.

Answer 216

A

One of the three main goals of information security known as the CIA security triad. Integrity provides assurance that data or system configurations have not been modified. Audit logs and hashing are two methods used to ensure integrity. Compare with availability and confidentiality.

Answer 217

A

An internal network. People use an intranet to communicate and share content with each other.

Answer 218

A

Internet of things. The network of physical devices connected to the Internet. It typically refers to smart devices with an IP address, such as wearable technology and home automation systems.

Answer 219

A

A command-line tool used on Linux systems to show and manipulate settings on a network interface card (NIC). Developers created this to replace ifconfig.

Answer 220

A

A command-line tool used on Windows systems to show the configuration settings on a NIC.

Answer 221

A

Internet Protocol security. A suite of protocols used to encrypt data-in- transit that can operate in both Tunnel mode and Transport mode. It uses Tunnel mode for VPN traffic and Transport mode in private networks.

Answer 222

A

An attack that changes the source IP address.

Answer 223

A

Biometric systems that scan the iris of an eye for authentication.

Answer 224

A

Interconnection security agreement. An agreement that specifies technical and security requirements for connections between two or more entities. Compare with MOU/MOA.

Answer 225

A

A wireless attack that attempts to discover

the IV. Legacy wireless security protocols are susceptible to IV attacks.

Answer 226

A

The process of modifying an Apple mobile device to remove software restrictions. It allows a user to install software from any third-party source. Compare with rooting.

Answer 227

A

A DoS attack against wireless networks. It transmits noise on the same frequency used by a wireless network.

Answer 228

A

A process that ensures employees rotate through different jobs to learn the processes and procedures in each job. It can sometimes detect fraudulent activity.

Answer 229

A

Key Distribution Center. Also known as a TGT server. Part of the Kerberos protocol used for network authentication. The KDC issues timestamped tickets that expire.

Answer 230

A

A network authentication mechanism used with Windows Active Directory domains and some Unix environments known as realms. It uses a KDC to issue tickets.

Answer 231

A

The central part of the operating system. In container virtualization, guests share the kernel.

Answer 232

A

The process of placing a copy of a private key in a safe environment.

Answer 233

A

Software or hardware used to capture a user’s keystrokes. Keystrokes are stored in a file and can be manually retrieved or automatically sent to an attacker.

Answer 234

A

A technique used to increase the strength of stored passwords. It adds additional bits (called salts) and can help thwart brute force and rainbow table attacks.

Answer 235

A

A cryptographic attack that decrypts encrypted data. In this attack, the attacker knows the plaintext used to create ciphertext.

Answer 236

A

The process of ensuring data is tagged clearly so that users know its classification. Labels can be physical labels, such as on backup tapes, or digital labels embedded in files.

Answer 237

A

Lightweight Directory Access Protocol. A protocol used to communicate with directories such as Microsoft Active Directory. It identifies objects with query strings using codes such as CN=Users and DC=GetCertifiedGetAhead.

Answer 238

A

Lightweight Directory Access Protocol Secure. A protocol used to encrypt LDAP traffic with TLS.

Answer 239

A

A core principle of secure systems design. Systems should be deployed with only the applications, services, and protocols needed to meet their purpose.

Answer 240

A

A security principle that specifies that individuals and processes are granted only the rights and permissions needed to perform assigned tasks or functions, but no more.

Answer 241

A

A court order to maintain data for evidence.

Answer 242

A

The probability that something will occur. It is

used with impact in a qualitative risk assessment. Compare with impact.

Answer 243

A

Hardware or software that balances the load between two or more servers. Scheduling methods include source address IP affinity and round-robin.

Answer 244

A

Policies that prevent users from logging on from certain locations, or require that they log on only from specific locations.

Answer 245

A

A type of malware that executes in response to an event. The event might be a specific date or time, or a user action such as when a user launches a specific program.

Answer 246

A

A method of preventing switching loop or bridge loop problems. Both STP and RSTP prevent switching loops.

Answer 247

A

Mandatory access control. An access control model that uses sensitivity labels assigned to objects (files and folders) and subjects (users). MAC restricts access based on a need to know.

Media access control. A 48-bit address used to identify network interface cards. It is also called a hardware address or a physical address.

Answer 248

A

A form of network access control to allow or block access based on the MAC address. It is configured on switches for port security or on APs for wireless security.

Answer 249

A

An attack that changes the source MAC address.

Answer 250

A

A server that examines and processes all incoming and outgoing email. It typically includes a spam filter and DLP capabilities. Some gateways also provide encryption services.

Answer 251

A

Malicious software. It includes a wide range of software that has malicious intent, such as viruses, worms, ransomware, rootkits, logic bombs, and more.

Answer 252

A

A policy that forces employees to take a vacation. The goal is to deter malicious activity, such as fraud and embezzlement, and detect malicious activity when it occurs.

Answer 253

A

An attack that infects vulnerable web browsers. It can allow the attacker to capture browser session data, including keystrokes.

Answer 254

A

An attack using active interception or eavesdropping. It uses a third computer to capture traffic sent between two other systems.

Answer 255

A

A physical security mechanism designed to control access to a secure area. A mantrap prevents tailgating.

Answer 256

A

Message Digest 5. A hashing function used to provide integrity. MD5 creates 128-bit hashes, which are also referred to as MD5 checksums. Experts consider MD5 cracked.

Answer 257

A

Mobile device management. A group of applications and/or technologies used to manage mobile devices. MDM tools can monitor mobile devices and ensure they are in compliance with security policies.

Answer 258

A

An application flaw that consumes memory without releasing it.

Answer 259

A

Multi-function devices. Any device that performs multiple functions. As an example, many printers are MFDs because they can print, scan, and copy documents. Many also include faxing capabilities.

Answer 260

A

Multimedia Messaging Service. A method used to send text messages. It is an extension of SMS and supports sending multimedia content.

Answer 261

A

Memorandum of understanding or memorandum of agreement. A type of agreement that defines responsibilities of each party. Compare with ISA.

Answer 262

A

Microsoft Challenge Handshake Authentication Protocol version 2. Microsoft implementation of CHAP. MS-CHAPv2 provides mutual authentication. Compare with CHAP and PAP.

Answer 263

A

Mean time between failures. A metric that provides a measure of a system’s reliability and is usually represented in hours. The MTBF identifies the average time between failures.

Answer 264

A

Mean time to recover. A metric that identifies the average time it takes to restore a failed system. Organizations that have maintenance contracts often specify the MTTR as a part of the contract.

Answer 265

A

A type of authentication that uses methods from more than one factor of authentication.

Answer 266

A

Network access control. A system that inspects clients to ensure they are healthy. Agents inspect clients and agents can be permanent or dissolvable (also known as agentless).

Answer 267

A

Network Address Translation. A service that translates public IP addresses to private IP addresses and private IP addresses to public IP addresses.

Answer 268

A

Non-disclosure agreement. An agreement that is designed to prohibit personnel from sharing proprietary data. It can be used with employees within the organization and with other organizations.

Answer 269

A

A command-line tool used to connect to remote systems.

Answer 270

A

A command-line tool used to show network statistics on a system.

Answer 271

A

A process used to discover devices on a network,

including how they are connected.

Answer 272

A

A tool used to discover devices on a network, including their IP addresses, their operating system, along with services and protocols running on the devices.

Answer 273

A

An attack against mobile devices that use near field communication (NFC). NFC is a group of standards that allow mobile devices to communicate with nearby mobile devices.

Answer 274

A

Network-based intrusion detection system. A device that detects attacks and raises alerts. A NIDS is installed on network devices, such as routers or firewalls, and monitors network traffic.

Answer 275

A

Network-based intrusion prevention system. A device that detects and stops attacks in progress. A NIPS is placed inline (also called in-band) with traffic so that it can actively monitor data streams.

Answer 276

A

National Institute of Standards and Technology. NIST is a part of the U.S. Department of Commerce, and it includes an Information Technology Laboratory (ITL). The ITL publishes special publications related to security that are freely available to anyone.

Answer 277

A

A command-line tool used to scan networks. It is a type of network scanner.

Answer 278

A

A number used once. Cryptography elements frequently use a nonce to add randomness.

Answer 279

A

A method used in virtual desktops where changes made by a user are not saved. Most (or all) users have the same desktop. When users log off, the desktop reverts to its original state.

Answer 280

A

The ability to prevent a party from denying an action. Digital signatures and access logs provide non-repudiation.

Answer 281

A

The process of organizing tables and columns in a database. Normalization reduces redundant data and improves overall database performance.

Answer 282

A

A command-line tool used to test DNS on Microsoft systems. Compare with dig.

Answer 283

A

New Technology LAN Manager. A suite of protocols that provide confidentiality, integrity, and authentication within Windows systems. Versions include NTLM, NTLMv2, and NTLM2 Session.

Answer 284

A

An open source standard used for authorization with Internet-based
single sign-on solutions.

Answer 285

A

An attempt to make something unclear or difficult to understand. Steganography methods use obfuscation to hide data within data.

Answer 286

A

Online Certificate Status Protocol. An alternative to using a CRL. It allows entities to query a CA with the serial number of a certificate. The CA answers with good, revoked, or unknown.

Answer 287

A

The process of granting individuals access to an organization’s computing resources after being hired. It typically includes giving the employee a user account with appropriate permissions.

Answer 288

A

A wireless mode that doesn’t use security. Compare with Enterprise and PSK modes.

Answer 289

A

An open source standard used for identification on the Internet. It is typically used with OAuth and it allows clients to verify the identity of end users without managing their credentials.

Answer 290

A

A method of gathering data using public sources, such as social media sites and news outlets.

Answer 291

A

A term that refers to the order in which you should collect evidence. For example, data in memory is more volatile than data on a disk drive, so it should be collected first.

Answer 292

A

A configuration that allows a device to collect traffic without the traffic passing through it. Sometimes called passive. Compare with inline.

Answer 293

A

PKCS#7. A common format for PKI certificates. They are DER-based
(ASCII) and commonly used to share public keys.

Answer 294

A

PKCS#12. A common format for PKI certificates. They are CER-based (binary) and often hold certificates with the private key. They are commonly encrypted.

Answer 295

A

Platform as a Service. A cloud computing model that provides cloud customers with a preconfigured computing platform they can use as needed. Compare with IaaS and SaaS.

Answer 296

A

Password Authentication Protocol. An older authentication protocol where passwords or PINs are sent across the network in cleartext. Compare with CHAP and MS-CHAPv2.

Answer 297

A

A penetration testing method used to collect information. It typically uses open-source intelligence. Compare with active reconnaissance.

Answer 298

A

A password attack that captures and uses the hash of a password. It attempts to log on as the user with the hash and is commonly associated with the Microsoft NTLM protocol.

Answer 299

A

A tool used to discover passwords.

Answer 300

A

The process used to keep systems up to date with current patches. It typically includes evaluating and testing patches before deploying them.

Answer 301

A

Password-Based Key Derivation Function 2. A key stretching technique that adds additional bits to a password as a salt. It helps prevent brute force and rainbow table attacks.

Answer 302

A

Protected Extensible Authentication Protocol. An extension of EAP sometimes used with 802.1x. PEAP requires a certificate on the 802.1x server.

Answer 303

A

Privacy Enhanced Mail. A common format for PKI certificates. It can use either CER (ASCII) or DER (binary) formats and can be used for almost any type of certificates.

Answer 304

A

A method of testing targeted systems to determine if vulnerabilities can be exploited. Penetration tests are intrusive. Compare with vulnerability scanner.

Answer 305

A

A characteristic of encryption keys ensuring that keys are random. Perfect forward secrecy methods do not use deterministic algorithms.

Answer 306

A

A NAC agent that is installed on a client. It checks the client for health. Compare with dissolvable agent.

Answer 307

A

An audit that analyzes user privileges. It identifies the privileges (rights and permissions) granted to users, and compares them against what the users need.

Answer 308

A

Personal Information Exchange. A common format for PKI certificates. It is the predecessor to P12 certificates.

Answer 309

A

Personal Health Information. PII that includes health information.

Answer 310

A

The practice of sending email to users with the purpose of tricking them into revealing personal information or clicking on a link.

Answer 311

A

Security controls that you can physically touch.

Answer 312

A

Personally Identifiable Information. Information about individuals that can be used to trace a person’s identity, such as a full name, birth date, biometric data, and more.

Answer 313

A

A command-line tool used to test connectivity with remote systems.

Answer 314

A

A security mechanism used by some web sites to prevent web site impersonation. Web sites provide clients with a list of public key hashes. Clients store the list and use it to validate the web site.

Answer 315

A

Personal Identity Verification card. A specialized type of smart card used by U.S. federal agencies. It includes photo identification and provides confidentiality, integrity, authentication, and non-repudiation.

Answer 316

A

One of the steps in penetration testing. After escalating privileges, the tester uses additional tools to gain additional information on the exploited computer or on the network.

Answer 317

A

Text displayed in a readable format. Encryption converts plaintext to ciphertext.

Answer 318

A

A programming practice that uses a pointer to reference a memory area. A failed dereference operation can corrupt memory and sometimes even cause an application to crash.

Answer 319

A

Post Office Protocol version 3. A protocol used to transfer email from mail servers to clients.

Answer 320

A

A monitoring port on a switch. All traffic going through the switch is also sent to the port mirror.

Answer 321

A

Security controls that attempt to prevent a security incident from occurring.

Answer 322

A

An assessment used to identify and reduce risks related to potential loss of PII. Compare with privacy threshold assessment.

Answer 323

A

An assessment used to help identify if a

system is processing PII. Compare with privacy impact assessment.

Answer 324

A

Information about an individual that should remain private. Personally Identifiable Information (PII) and Personal Health Information (PHI) are two examples.

Answer 325

A

Part of a matched key pair used in asymmetric encryption. The private key always stays private. Compare with public key.

Answer 326

A

The process of gaining elevated rights and permissions. Malware typically uses a variety of techniques to gain elevated privileges.

Answer 327

A

An account with elevated privileges, such as an administrator account.

Answer 328

A

Data that is related to ownership. Common examples are information related to patents or trade secrets.

Answer 329

A

A tool used to capture network traffic. Both professionals and attackers use protocol analyzers to examine packets. A protocol analyzer can be used to view data sent in clear text.

Answer 330

A

Small credit card-sized cards that activate when they are in close proximity to a card reader. They are often used by authorized personnel to open doors.

Answer 331

A

A server (or servers) used to forward requests for services such as HTTP or HTTPS. A forward proxy server forwards requests from internal clients to external servers. A reverse proxy accepts requests from the Internet and forwards them to an internal web server. A transparent proxy does not modify requests, but nontransparent proxies include URL filters. An application proxy is used for a specific application, but most proxy servers are used for multiple protocols.

Answer 332

A

Pre-shared key. A wireless mode that uses a pre-shared key (similar to a password or passphrase) for security. Compare with Enterprise and Open modes.

Answer 333

A

Data that is available to anyone. It might be in brochures, in press releases, or on web sites.

Answer 334

A

Part of a matched key pair used in asymmetric encryption. The public key is publicly available. Compare with private key.

Answer 335

A

A group of technologies used to request, create, manage, store, distribute, and revoke digital certificates.

Answer 336

A

A process that is performed after shredding papers. It reduces the shredded paper to a mash or puree.

Answer 337

A

A process used to physically destroy items such as optical discs that aren’t erased by a degausser.

Answer 338

A

A general sanitization term indicating that all sensitive data has been removed from a device.

Answer 339

A

The services that send messages to mobile devices.

Answer 340

A

A risk assessment that uses judgment to

categorize risks. It is based on impact and likelihood of occurrence.

Answer 341

A

A risk assessment that uses specific monetary amounts to identify cost and asset value. It then uses the SLE and ARO to calculate the ALE.

Answer 342

A

A programming flaw that occurs when two sets of code attempt to access the same resource. The first one to access the resource wins, which can result in inconsistent results.

Answer 343

A

Remote Authentication Dial-In User Service. An authentication service that provides central authentication for remote access clients. Alternatives are TACACS+ and Diameter.

Answer 344

A

Redundant array of inexpensive disks. Multiple disks added together to increase performance or provide protection against faults. Common types include RAID-1, RAID-5, RAID-6, and RAID-10.

Answer 345

A

A file containing precomputed hashes for character combinations. Rainbow tables are used to discover passwords. PBKDF2 and bcrypt thwart rainbow table attacks.

Answer 346

A

A type of malware used to extort money from individuals and organizations. Ransomware typically encrypts the user’s data and demands a ransom before decrypting the data.

Answer 347

A

Remote access Trojan. Malware that allows an attacker to take control of a system from a remote location.

Answer 348

A

A symmetric stream cipher that can use between 40 and 2,048 bits. Experts consider it cracked and recommend using stronger alternatives.

Answer 349

A

An offset used by recorders to identify times on recordings. If you know when the recording started, you can use the offset to identify the actual time at any point in the recording.

Answer 350

A

An alternate location for business functions after a major disaster.

Answer 351

A

The process of adding duplication to critical system components and networks to provide fault tolerance.

Answer 352

A

A driver manipulation method. Developers rewrite the code without changing the driver’s behavior.

Answer 353

A

The process of sending a signal to a remote device to erase all data. It is useful when a mobile device is lost or stolen.

Answer 354

A

An attack where the data is captured and replayed. Attackers typically modify data before replaying it.

Answer 355

A

The malicious result of many DoS and DDoS attacks. The attack overloads a computer’s resources (such as the processor and memory), resulting in service interruption.

Answer 356

A

Biometric systems that scan the retina of an eye for

authentication.

Answer 357

A

Attacks against radio-frequency identification (RFID) systems. Some common RFID attacks are eavesdropping, replay, and DoS.

Answer 358

A

RACE Integrity Primitives Evaluation Message Digest. A hash function used for integrity. It creates fixed-length hashes of 128, 160, 256, or 320 bits.

Answer 359

A

The possibility or likelihood of a threat exploiting a vulnerability resulting in a loss. Compare with threat and vulnerability.

Answer 360

A

A process used to identify and prioritize risks. It includes quantitative risk assessments and qualitative risk assessments.

Answer 361

A

The practice of identifying, monitoring, and limiting risks to a manageable level. It includes risk response techniques, qualitative risk assessments, and quantitative risk assessments.

Answer 362

A

The process of reducing risk by implementing controls. Security controls reduce risk by reducing vulnerabilities associated with a risk, or by reducing the impact of a threat.

Answer 363

A

A document listing information about risks. It typically includes risk scores along with recommended security controls to reduce the risk scores.

Answer 364

A

Methods used to manage risks. Common risk response techniques are accept, transfer, avoid, and mitigate.

Answer 365

A

An unauthorized AP. It can be placed by an attacker or an employee who hasn’t obtained permission to do so.

Answer 366

A

Role-based access control. An access control model that uses roles based on jobs and functions to define access. It is often implemented with groups (providing group-based privileges).

Answer 367

A

A PKI certificate identifying a root CA.

Answer 368

A

The process of modifying an Android device, giving the user root-
level, or administrator, access. Compare with jailbreaking.

Answer 369

A

A type of malware that has system-level access to a computer. Rootkits are often able to hide themselves from users and antivirus software.

Answer 370

A

A substitution cipher that uses a key of 13. To encrypt a message, you would rotate each letter 13 spaces. To decrypt a message, you would rotate each letter 13 spaces.

Answer 371

A

A scheduling method used with load balancers. It redirects each client request to servers in a predetermined order.

Answer 372

A

A network device that connects multiple network segments together into a single network. They route traffic based on the destination IP address and do not pass broadcast traffic. Routers use ACLs.

Answer 373

A

Recovery point objective. A term that refers to the amount of data you can afford to lose by identifying a point in time where data loss is acceptable. It is often identified in a BIA.

Answer 374

A

Rivest, Shamir, and Adleman. An asymmetric algorithm used to encrypt data and digitally sign transmissions. It is named after its creators,
Rivest, Shamir, and Adleman.

Answer 375

A

Rapid Spanning Tree Protocol. An improvement of STP to prevent switching loop problems.

Answer 376

A

Recovery time objective. The maximum amount of time it should take to restore a system after an outage. It is derived from the maximum allowable outage time identified in the BIA.

Answer 377

A

Real-time operating system. An operating system that reacts to input within a specific time. Many embedded systems include an RTOS.

Answer 378

A

Rule-based access control. An access control model that uses rules to define access. Rule- based access control is based on a set of approved instructions, such as an access control list, or rules that trigger in response to an event, such as modifying ACLs after detecting an attack.

Answer 379

A

Code that is interpreted when it is executed. Compare with compiled code.

Answer 380

A

Software as a Service. A cloud computing model that provides applications over the Internet. Webmail is an example of a cloud-based technology. Compare with IaaS and PaaS.

Answer 381

A

A random set of data added to a password when creating the hash. PBKDF2 and bcrypt are two protocols that use salts.

Answer 382

A

Security Assertion Markup Language. An XML-based standard used to exchange authentication and authorization information between different parties.SAMLprovidesSSOforweb-based applications.

Answer 383

A

The use of an isolated area on a system, typically for testing. Virtual machines are often used to test patches in an isolated sandbox. Application developers sometimes use the chroot command to change the root directory creating a sandbox.

Answer 384

A

The process of destroying or removing all sensitive data from systems and devices. Data sanitization methods include burning, shredding, pulping, pulverizing, degaussing, purging, and wiping.

Answer 385

A

Satellite communications. A communication system that allows devices to connect to a satellite for communications. Many cars include satellite communication capabilities.

Answer 386

A

Supervisory control and data acquisition. A system used to control an ICS such as a power plant or water treatment facility. Ideally, a SCADA is within an isolated network.

Answer 387

A

A physical security device used to reduce visibility of a computer screen. Screen filters help prevent shoulder surfing.

Answer 388

A

An attacker with little expertise or sophistication. Script kiddies use existing scripts to launch attacks.

Answer 389

A

Software defined network. A method of using software and virtualization technologies to replace hardware routers. SDNs separate the data
and control planes.

Answer 390

A

A process that checks and validates system files during the boot process. A TPM typically uses a secure boot process.

Answer 391

A

A software development process using an agile-aligned methodology. It considers security through the lifetime of the project.

Answer 392

A

An adverse event or series of events that can negatively affect the confidentiality, integrity, or availability of an organization’s information technology (IT) systems and data.

Answer 393

A

Self-encrypting drive. A drive that includes the hardware and software necessary to encrypt a hard drive. Users typically enter credentials to decrypt and use the drive.

Answer 394

A

A security principle that prevents any single person or entity from controlling all the functions of a critical or sensitive process. It’s designed to prevent fraud, theft, and errors.

Answer 395

A

An account used by a service or application.

Answer 396

A

An attack that attempts to impersonate a user by capturing

and using a session ID. Session IDs are stored in cookies.

Answer 397

A

Secure File Transfer Protocol. An extension of Secure Shell (SSH) used to encrypt FTP traffic. SFTP transmits data using TCP port 22.

Answer 398

A

Secure Hash Algorithm. A hashing function used to provide integrity. Versions include SHA-1, SHA-2, and SHA-3.

Answer 399

A

An open source federated identity solution.

Answer 400

A

A driver manipulation method. It uses additional code to modify the
behavior of a driver.

Answer 401

A

The practice of looking over someone’s shoulder to obtain information, such as on a computer screen. A screen filter placed over a monitor helps reduce the success of shoulder surfing.

Answer 402

A

A method of destroying data or sanitizing media. Cross-cut paper shredders cut papers into fine particles. File shredders remove all remnants of a file by overwriting the contents multiple times.

Answer 403

A

The process of copying an application package to a mobile device. It is useful for developers when testing apps, but can be risky if users sideload unauthorized apps to their device.

Answer 404

A

Security information and event management. A security system that attempts to look at security events throughout the organization.

Answer 405

A

A type of monitoring used on intrusion detection and intrusion prevention systems. It detects attacks based on known attack patterns documented as attack signatures.

Answer 406

A

A component within a system that can cause the entire system to fail if the component fails.

Answer 407

A

Service level agreement. An agreement between a company and a vendor that stipulates performance expectations, such as minimum uptime and maximum downtime levels.

Answer 408

A

Single loss expectancy. The monetary value of any single loss. It is used
to measure risk with ALE and ARO in a quantitative risk assessment. The calculation is SLE × ARO = ALE.

Answer 409

A

A credit card-sized card that has an embedded microchip and a certificate. It is used for authentication in the something you have factor of authentication.

Answer 410

A

Secure/Multipurpose Internet Mail Extensions. A popular standard used to secure email. S/ MIME provides confidentiality, integrity, authentication, and non-repudiation.

Answer 411

A

Short Message Service. A basic text messaging service. Compare with MMS.

Answer 412

A

A copy of a virtual machine (VM) at a moment in time. If you later have problems with the VM, you can revert it to the state it was in when you took the snapshot. Some backup programs also use snapshots to create a copy of data at a moment in time.

Answer 413

A

Simple Network Management Protocol version 3. A protocol used to monitor and manage network devices such as routers and switches.

Answer 414

A

System on a chip. An integrated circuit that includes a computing system within the hardware. Many mobile devices include an SoC.

Answer 415

A

The practice of using social tactics to gain information. Social engineers attempt to gain information from people, or get people to do things they wouldn’t normally do.

Answer 416

A

An authentication factor using biometrics, such as a fingerprint scanner.

Answer 417

A

An authentication factor indicating action, such as gestures on a touch screen.

Answer 418

A

An authentication factor using something physical, such as a smart card or token.

Answer 419

A

An authentication factor indicating knowledge, such as a password or PIN.

Answer 420

A

An authentication factor indicating location, often using geolocation technologies.

Answer 421

A

Unwanted or unsolicited email. Attackers often launch attacks using spam.

Answer 422

A

A method of blocking unwanted email. By blocking email, it often blocks malware.

Answer 423

A

A targeted form of phishing. Spear phishing attacks attempt to target specific groups of users, such as those within a specific organization, or even a single user.

Answer 424

A

An encrypted connection used with VPNs. A split tunnel only encrypts traffic going to private IP addresses used in the private network. Compare with full tunnel.

Answer 425

A

Software installed on users’ systems without their awareness or consent. Its purpose is often to monitor the user’s computer and the user’s activity.

Answer 426

A

Secure Real-time Transport Protocol. A protocol used to encrypt and provide authentication for Real-time Transport Protocol (RTP) traffic. RTP is used for audio/video streaming.

Answer 427

A

Secure Shell. A protocol used to encrypt network traffic. SSH encrypts a wide variety of traffic such as SFTP. SSH uses TCP port 22.

Answer 428

A

Service set identifier. The name of a wireless network. SSIDs can be set to broadcast so users can easily see it. Disabling SSID broadcast hides it from casual users.

Answer 429

A

Secure Sockets Layer. The predecessor to TLS. SSL is used to encrypt data-in-transit with the use of certificates.

Answer 430

A

Devices used to create separate SSL (or TLS) sessions. They allow other security devices to examine encrypted traffic sent to and from the Internet.

Answer 431

A

Devices used to handle TLS traffic. Servers can off- load TLS traffic to improve performance.

Answer 432

A

Single sign-on. An authentication method where users can access multiple resources on a network using a single account. SSO can provide central authentication.

Answer 433

A

A document that provides step-by- step instructions on how to perform common tasks or routine operations.

Answer 434

A

The process of appending a digitally signed OCSP response to a certificate. It reduces the overall OCSP traffic sent to a CA.

Answer 435

A

A command (not an acronym) used to upgrade an unencrypted connection to an encrypted connection on the same port.

Answer 436

A

The practice of hiding data within data. For example, it’s possible to embed text files within an image, hiding them from casual users. It is one way to obscure data to hide it.

Answer 437

A

A method used to isolate data on mobile devices. It allows personal data to be stored in one location and encrypted corporate data to be stored elsewhere.

Answer 438

A

A group of SQL statements that execute as a whole, similar to a mini-program. Developers use stored procedures to prevent SQL injection attacks.

Answer 439

A

Spanning Tree Protocol. A protocol enabled on most switches that protects against switching loops. A switching loop can be caused if two ports of a switch are connected.

Answer 440

A

An encryption method that encrypts data as a stream of bits or bytes. Compare with
block cipher.

Answer 441

A

An encryption method that replaces characters with other characters.

Answer 442

A

An evaluation of the supply chain needed to produce and sell a product. It includes raw materials and all the processes required to create and distribute a finished product.

Answer 443

A

A network device used to connect devices. Layer 2 switches send
traffic to ports based on their MAC addresses. Layer 3 switches send traffic to ports based on their IP addresses and support VLANs.

Answer 444

A

A type of encryption using a single key to encrypt and decrypt data. Compare with asymmetric encryption.

Answer 445

A

A vulnerability that occurs when an organization has more systems than it needs, and systems it owns are underutilized. Compare with VM sprawl.

Answer 446

A

A discussion-based exercise where participants talk through an event while sitting at a table or in a conference room. It is often used to test business continuity plans.

Answer 447

A

TerminalAccess Controller Access-Control System Plus. An authentication service that provides central authentication for remote access clients. It can be used as an alternative to RADIUS.

Answer 448

A

A social engineering attack where one person follows behind another person without using credentials. Mantraps help prevent tailgating.

Answer 449

A

Monitoring ports on a network device. IDSs use taps to capture traffic.

Answer 450

A

A command-line protocol analyzer. Administrators use it to capture packets.

Answer 451

A

Security controls implemented through technology.

Answer 452

A

The process of sharing an Internet connection from one mobile device to another.

Answer 453

A

An AP that is managed by a controller. Sometimes called a controller-based AP. Compare with fat AP.

Answer 454

A

An app store other than the primary source for mobile device apps. It refers to an app store other than the App Store or Google Play for Apple and Android devices, respectively.

Answer 455

A

Any circumstance or event that has the potential to compromise confidentiality, integrity, or availability. Compare with risk and vulnerability.

Answer 456

A

An evaluation of potential threats. Some common types of threat assessments are environmental, manmade, internal, and external.

Answer 457

A

An account restriction that prevents users from logging on at certain times.

Answer 458

A

Temporal Key Integrity Protocol. A legacy wireless security protocol. CCMP is the recommended replacement.

Answer 459

A

Transport Layer Security. The replacement for SSL. TLS is used to encrypt data-in-transit. Like SSL, it uses certificates issued by CAs.

Answer 460

A

An authentication device or file. A hardware token is a physical device used in the something you have factor of authentication. A software token is a small file used by authentication services indicating a user has logged on.

Answer 461

A

Time-based One-Time Password. An open source standard similar to HOTP. It uses a timestamp instead of a counter. One-time passwords created with TOTP expire after 30 seconds.

Answer 462

A

Trusted Platform Module. A hardware chip on the motherboard included with many laptops and some mobile devices. It provides full disk encryption. Compare with HSM.

Answer 463

A

A command-line tool used to trace the route between two systems.

Answer 464

A

An indirect trust relationship created by two or more direct trust relationships.

Answer 465

A

Malware also known as a Trojan horse. A Trojan often looks useful, but is malicious.

Answer 466

A

An operating system that is configured to meet a set of security requirements. It ensures that only authorized personnel can access data based on their permissions.

Answer 467

A

cA symmetric key block cipher. It encrypts data in 128-bit blocks and supports 128-, 192-, or 256-bit keys. Compare with Blowfish.

Answer 468

A

A virtualization technology. Type I hypervisors (or bare- metal hypervisors) run directly on the system hardware. They don’t need to run within an operating system.

Answer 469

A

A virtualization technology. Type II hypervisors run as software within a host operating system. The Microsoft Hyper-V hypervisor runs within a Microsoft operating system to host VMs.

Answer 470

A

The purchase of a domain name that is close to a legitimate domain name. Attackers often try to trick users who inadvertently use the wrong domain name. Also called URL hijacking.

Answer 471

A

Unmanned aerial vehicles. Flying vehicles piloted by remote control or
onboard computers.

Answer 472

A

Unified Extensible Firmware Interface. A method used to boot some systems and intended to replace Basic Input/Output System (BIOS) firmware.

Answer 473

A

The purchase of a domain name that is close to a legitimate domain name. Attackers often try to trick users who inadvertently use the wrong domain name. Also called typo squatting.

Answer 474

A

Universal Serial Bus On-The-Go. A cable used to connect mobile devices to other devices. It is one of many methods that you can use to connect a mobile device to external media.

Answer 475

A

A methodology used in system analysis and software engineering to identify and clarify requirements to achieve a goal. For example, a use case of supporting confidentiality can help an organization identify the steps required to protect the confidentiality of data.

Answer 476

A

Unified threat management. A group of security controls combined in a single solution. UTM appliances can inspect data streams for malicious content and block it.

Answer 477

A

A virtual desktop infrastructure or virtual desktop environment. Users access a server hosting virtual desktops and run the desktop operating system from the server.

Answer 478

A

The practice of implementing security controls from different vendors to increase security. Compare with control diversity.

Answer 479

A

A method of tracking changes to software as it is updated.

Answer 480

A

A technology that allows you to host multiple virtual machines on a single physical system. Different types include Type I, Type II, and application cell/container virtualization.

Answer 481

A

Malicious code that attaches itself to a host application. The host application must be executed to run, and the malicious code executes when the host application is executed.

Answer 482

A

Virtual local area network. A method of segmenting traffic. A VLAN logically groups several different computers together without regard to their physical location.

Answer 483

A

An attack that allows an attacker to access the host system from within a virtual machine. The primary protection is to keep hosts and guests up to date with current patches.

Answer 484

A

A vulnerability that occurs when an organization has many VMs that aren’t properly managed. Unmanaged VMs are not kept up to date with current patches. Compare with system sprawl.

Answer 485

A

A biometric method that identifies who is speaking using speech recognition methods to identify different acoustic features.

Answer 486

A

Virtual private network. A method that provides access to a private network over a public network such as the Internet. VPN concentrators are dedicated devices used to provide VPN access to large groups of users.

Answer 487

A

A weakness. It can be a weakness in the hardware, the software, the configuration, or even the users operating the system. Compare with risk and threat.

Answer 488

A

A tool used to detect vulnerabilities. A scan typically identifies vulnerabilities, misconfigurations, and a lack of security controls. It passively tests security controls.

Answer 489

A

An alternate location for operations. A compromise between an
expensive hot site and a cold site. Compare with cold site and hot site

Answer 490

A

A software development life cycle model using a top-down approach. It uses multiple stages with each stage starting after the previous stage is complete. Compare with agile.

Answer 491

A

An attack method that infects web sites that a group is likely to trust and visit.

Answer 492

A

Smart devices that a person can wear or have implanted.

Answer 493

A

A firewall specifically designed to protect a web application, such as a web server. A WAF inspects the contents of traffic to a web server and can detect malicious content, such as code used in a cross-
scripting attack, and block it.

Answer 494

A

A form of spear phishing that attempts to target high-level executives. When successful, attackers gain confidential company information that they might not be able to get anywhere else.

Answer 495

A

A type of penetration test. Testers have full knowledge of the environment prior to starting the test. Compare with black box test and gray box test.

Answer 496

A

A standard that allows devices to connect without a wireless access point.

Answer 497

A

A certificate that can be used for multiple domains with the same root domain. It starts with an asterisk.

Answer 498

A

The process of completely removing all remnants of data on a disk. A bit-level overwrite writes patterns of 1s and 0s multiple times to ensure data on a disk is unreadable.

Answer 499

A

A network scanner that scans wireless frequency bands. Scanners can help discover rogue APs and crack passwords used by wireless APs.

Answer 500

A

Self-replicating malware that travels through a network. Worms do not need user interaction to execute.

Answer 501

A

Wi-Fi Protected Access. A legacy wireless security protocol. It has been superseded by WPA2.

Answer 502

A

Wi-Fi Protected Access II. A wireless security protocol. It supports CCMP for encryption, which is based on AES. It can use Open mode, a pre- shared key, or Enterprise mode.

Answer 503

A

Wi-Fi Protected Setup. A method that allows users to easily configure a wireless network, often by using only a PIN. WPS brute force attacks can discover the PIN.

Answer 504

A

An attack against an AP. A WPS attack discovers the eight-digit WPS PIN and uses it to discover the AP passphrase.

Answer 505

A

Extensible Markup Language. A language used by many databases for
inputting or exporting data. XML uses formatting rules to describe the data.

Answer 506

A

A logical operation used in some encryption schemes. XOR operations compare two inputs. If the two inputs are the same, it outputs True. If the two inputs are different, it outputs False.

Answer 507

A

A vulnerability or bug that is unknown to trusted sources but can be exploited by attackers. Zero-day attacks take advantage of zero-day vulnerabilities.

Brainscape's Knowledge GenomeTM

Definitions Flashcards

Brainscape's Knowledge Genome^TM