Domain 1

Question 1

Acceptable risk

Answer 1

A suitable level of risk commensurate with the potential benefits of the organization’s operations as determined by senior management.

Question 2

Audit/auditing

Answer 2

The tools, processes, and activities used to perform compliance reviews.

Question 3

Availability

Answer 3

Ensuring timely and reliable access to and use of information by authorized users.

Question 4

Business continuity (BC)

Answer 4

Actions, processes, and tools for ensuring an organization can continue critical operations during a contingency.

Question 5

Business continuity and disaster recovery (BCDR)

Answer 5

A term used to jointly describe business continuity and disaster recovery efforts.

Question 6

Business impact analysis (BIA)

Answer 6

A list of the organization’s assets, annotated to reflect the criticality of each asset to the organization.

Question 7

Compliance

Answer 7

Adherence to a mandate; both the actions demonstrating adherence and the tools, processes, and documentation that are used in adherence.

Question 8

Confidentiality

Answer 8

Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

Question 9

Data custodian

Answer 9

The person/role within the organization who usually manages the data on a day-to-day basis on behalf of the data owner/controller.

Question 10

Data owner/ controller

Answer 10

An entity that collects or creates PII.

Question 11

Data subject

Answer 11

The individual human related to a set of personal data.

Question 12

Disaster recovery (DR)

Answer 12

Those tasks and activities required to bring an organization back from contingency operations and reinstate regular operations.

Question 13

Due care

Answer 13

A legal concept pertaining to the duty owed by a provider to a customer.

Question 14

Due diligence

Answer 14

Actions taken by a vendor to demonstrate/ provide due care.

Question 15

Governance

Answer 15

The process of how an organization is managed; usually includes all aspects of how decisions are made for that organization, such as policies, roles, and procedures the organization uses to make those decisions.

Question 16

Governance committee

Answer 16

A formal body of personnel who determine how decisions will be made within the organization and the entity that can approve changes and exceptions to current relevant governance.

Question 17

Guidelines

Answer 17

Suggested practices and expectations of activity to best accomplish tasks and attain goals.

Question 18

Integrity

Answer 18

Guarding against improper information modification or destruction and includes ensuring information non-repudiation and authenticity.

Question 19

Intellectual property

Answer 19

Intangible assets (notably includes software and data).

Question 20

Maximum allowable downtime (MAD)

Answer 20

The measure of how long an organization can survive an interruption of critical functions. [also known as maximum tolerable downtime (MTD)]

Question 21

Personally identifiable information (PII)

Answer 21

Any data about a human being that could be used to identify that person.

Question 22

Policy

Answer 22

Documents published and promulgated by senior management dictating and describing the organization’s strategic goals.

Question 23

Privacy

Answer 23

The right of a human individual to control the distribution of information about him- or herself.

Question 24

Procedures

Answer 24

Explicit, repeatable activities to accomplish a specific task. Procedures can address one-time or infrequent actions or common, regular occurrences.

Question 25

Recovery point objective (RPO)

Answer 25

A measure of how much data the organization can lose before the organization is no longer viable.

Question 26

Recovery time objective (RTO)

Answer 26

The target time set for recovering from any interruption.

Question 27

Residual risk

Answer 27

The risk remaining after security controls have been put in place as a means of risk mitigation.

Question 28

Risk

Answer 28

The possibility of damage or harm and the likelihood that damage or harm will be realized.

Question 29

Risk acceptance

Answer 29

Determining that the potential benefits of a business function outweigh the possible risk impact/likelihood and performing that business function with no other action.

Question 30

Risk avoidance

Answer 30

Determining that the impact and/or likelihood of a specific risk is too great to be offset by the potential benefits and not performing a certain business function because of that determination.

Question 31

Risk mitigation

Answer 31

Putting security controls in place to attenuate the possible impact and/or likelihood of a specific risk.

Question 32

Risk transference

Answer 32

Paying an external party to accept the financial impact of a given risk.

Question 33

Security control framework

Answer 33

A notional construct outlining the organization’s approach to security, including a list of specific security processes, procedures, and solutions used by the organization.

Question 34

Security governance

Answer 34

The entirety of the policies, roles, and processes the organization uses to make security decisions in an organization.

Question 35

Standards

Answer 35

Specific mandates explicitly stating expectations of performance or conformance.

Question 36

Internet Protocol (IPv4)

Answer 36

The dominant protocol that operates at layer 3 of the OSI) 7-Layer Model. IP is responsible for addressing packets so that they can be transmitted from the source to the destination hosts.

Question 37

Internet Protocol (IPv6)

Answer 37

A modernization of IPv4 that includes a much larger address field: IPv6 addresses are 128 bits that support 2128 hosts.

Question 38

Internetworking

Answer 38

Two different sets of servers and communications elements using network protocol stacks to communicate with each other and coordinate their activities with each other.

Question 39

Intrusion Detection System (IDS)

Answer 39

A security service that monitors and analyzes network or system events for the purpose of finding and providing real-time or near real-time warning of attempts to access system resources in an unauthorized manner.

Question 40

Intrusion Prevention Systems (IPS)

Answer 40

Uses available information to determine if an attack is underway and sends alerts but also blocks the attack from reaching its intended target.

Question 41

Kill Chain, Cyber Kill Chain

Answer 41

A generalized attack model consisting of actions on the objective and six broad, overlapping sets of operational activities: reconnaissance, weaponization, delivery, exploitation, installation, command and control. APT actors often combine these operations in complex ways to achieve their goals; such attacks may span over many months. For defenders, the kill chain model highlights the temporary gain in security that can result by improved systems and organizational hardening across any or all of these areas.

Question 42

Lightweight Directory Access Protocol (LDAP)

Answer 42

Authentication is specified as simple (basic), simple using SSL/TLS, or Simple Authentication and Security Layer (SASL).

Question 43

Logical Link Control (LLC)

Answer 43

One of two sublayers that together make up the data link layer in the OSI.

Question 44

Man-in-the- Middle (MITM)

Answer 44

A form of active attack in which the attacker inserts themselves into the physical or logical communications flow between two parties and masquerades to each as the other, falsifying or altering the data exchanged as the attacker chooses to. Also known as MITM. Man (machine)-in-the-browser (MITB) attacks focus on layer 7 vulnerabilities to masquerade as client to the server and as server to the client.

Question 45

Media Access Control (MAC)

Answer 45

The 48-bit hex number assigned to all network cards. The first 24 bits are assigned to the card manufacturer with the send being a unique value (address) for that card.

Question 46

Microsegmented Networks, Microsegmentation

Answer 46

Part of a zero trust strategy that breaks LANs into very small, highly localized zones using firewalls or similar technologies. At the limit, this places a firewall at every connection point.

Question 47

Modem

Answer 47

Provides modulation and demodulation of binary data into analog signals for transmission through telephone, cable, fiber, or other signaling systems.

Question 48

Multiprotocol Label Switching (MPLS)

Answer 48

A WAN protocol that operates at both layer 2 and layer 3 and does label switching.

Question 49

Network Function Virtualization (NFV)

Answer 49

Alternately referred to as virtual network function. The objective of NFV is to decouple functions, such as firewall management, intrusion detection, NAT and name service resolution, away from specific hardware implementation and move them into software solutions. NFV’s focus is to optimize distinct network services.

Question 50

Network Management

Answer 50

Monitors network performance and identifies attacks and failures. Mechanisms include components that enable network administrators to monitor and restrict resource access.

Question 51

North-South Network Data Flow (or Traffic)

Answer 51

Data flowing either from the organization to external destinations (northbound) or into the organization from external sources (southbound). In SDN terms, data flowing up (northbound) or down (southbound) the stack of data/control/applications planes.

Question 52

Open Shortest Path First (OSPF)

Answer 52

An interior gateway routing protocol developed for IP networks based on the shortest path first or link-state algorithm.

Question 53

OSI Layer 1

Answer 53

Physical Layer

Question 54

OSI Layer 2

Answer 54

Data Link Layer

Question 55

OSI Layer 3

Answer 55

Network Layer

Question 56

OSI Layer 4

Answer 56

Transport Layer

Question 57

OSI Layer 5

Answer 57

Session Layer

Question 58

OSI Layer 6

Answer 58

Presentation Layer

Question 59

OSI Layer 7

Answer 59

Application Layer

Question 60

Packet

Answer 60

Representation of data at layer 3 of the OSI 7-Layer Model.

Question 61

Packet Loss

Answer 61

Degradation of VoIP or other streaming data caused by lost packets. A technique called packet loss concealment (PLC) is used in VoIP communications to mask the effect of dropped packets

Question 62

Packet-Switched Networks

Answer 62

Networks that do not use a dedicated connection between endpoints.

Question 63

Point-to-Point Protocol (PPP)

Answer 63

Provides a standard method for transporting multiprotocol datagrams over point-to-point links.

Question 64

Port Address Translation (PAT)

Answer 64

An extension to network address translation (NAT) to translate all addresses to one routable IP address and translate the source port number in the packet to a unique value.

Question 65

Quality of Service (QoS)

Answer 65

Refers to the capability of a network to provide better service to selected network traffic over various technologies, including frame relay, ATM, Ethernet and 802.1 networks, SONET, and IP-routed networks that may use any or all of these underlying technologies.

Question 66

Registered Ports

Answer 66

Ports 1024-49151. These ports typically accompany non-system applications associated with vendors and developers.

Question 67

Remote Procedure Call (RPC)

Answer 67

A protocol that enables one system to execute instructions on other hosts across a network infrastructure.

Question 68

Root of Trust (RoT)

Answer 68

Hardware-based mechanisms that guarantee the integrity of the hardware prior to loading the OS of a computer.

Question 69

Segment

Answer 69

Data representation (or datagram name) at Layer 4 of the OSI 7-Layer Model. A portion of a larger network, usually isolated by firewalls or routers at either end from other portions of the network. See also Microsegmented Networks, Microsegmentation.

Question 70

Simple Network Management Protocol (SNMP)

Answer 70

An IP protocol for collecting and organizing information about managed devices on IP networks. It can be used to determine the “health” of networking devices including routers, switches, servers, workstations, printers, and modem racks.

Question 71

Smurf

Answer 71

ICMP echo request sent to the network broadcast address of a spoofed victim causing all nodes to respond to the victim with an echo reply.

Question 72

Software-Defined Networking (SDN)

Answer 72

Any of a broad range of techniques that enable network management, routing, forwarding and control functions to be directed by software. This is generally done by abstracting the control and management planes from the data plane and its forwarding functions.

Question 73

Software-Defined Wide Area Network (SD-WAN)

Answer 73

An extension of the SDN practices to connect to entities spread across the internet to support WAN architecture especially related to cloud migration.

Question 74

Teardrop Attack

Answer 74

Exploits the reassembly of fragmented IP packets in the fragment offset field that indicates the starting position, or offset, of the data contained in a fragmented packet relative to the data of the original unfragmented packet.

Question 75

Terminal Emulation Protocol (Telnet)

Answer 75

A command-line protocol designed to give command-line access from one host to another.

Question 76

Transmission Control Protocol (TCP)

Answer 76

The major transport protocol in the internet suite of protocols providing reliable, connection-oriented, full-duplex streams.

Question 77

Transmission Control Protocol over Internet Protocol (TCP/IP)

Answer 77

The name of the IETF’s four-layer networking model, and its protocol stack.

Question 78

Transport Control Protocol/Internet Protocol (TCP/IP) Model

Answer 78

Internetworking protocol model created by the IETF, which specifies four layers of functionality: link layer (physical communications), internet layer (network-to-network communication), transport layer (basic channels for connections and connectionless exchange of data between hosts) and application layer, where other protocols and user applications programs make use of network services.

Question 79

Trusted Platform Module (TPM)

Answer 79

A tamper-resistant integrated circuit built into some computer motherboards that can perform cryptographic operations (including key generation) and protect small amounts of sensitive information, such as passwords and cryptographic keys.

Question 80

Unbound (Wireless) Network(s)

Answer 80

Network in which physical layer interconnections are done using radio, light or other means not confined to wires, cables or fibers. Devices on unbound networks may or may not be mobile. See also Bound Network(s).

Question 81

Virtual Local Area Networks (VLANs)

Answer 81

Allow network administrators to use switches to create software-based LAN segments that can be defined based on factors other than physical location.

Question 82

Voice over Internet Protocol (VoIP)

Answer 82

A set of technologies that enables voice to be sent over a packet network.

Question 83

Web Application Firewall (WAF)

Answer 83

A software-based firewall, which monitors and filters exchanges between an applications program and a host. WAFs usually involve inspection and filtering of HTTP and HTTPS conversations.

Question 84

Wi-Fi (Wireless LAN IEEE 802.11x)

Answer 84

Primarily associated with computer networking, Wi-Fi uses the IEEE 802.11x specification to create a wireless LAN either public or private.

Question 85

WiMAX (Broadband Wireless Access IEEE 802.16)

Answer 85

A well-known example of wireless broadband. WiMAX can potentially deliver data rates of more than 30 Mbps.

Question 86

Zero Trust Model / Architecture

Answer 86

Replaces trust, but verify as security design principle by asserting that all activities attempted, by all users or entities, must be subject to control, authentication, authorization, and management at the most granular level possible. NIST and others have proposed zero trust architectures as guidance frameworks for organizations to use as they combine microsegmentation, access control, behavior modeling, and threat intelligence (among other techniques) in moving toward a zero trust implementation.