Domain 3.1: Security Architecture and Engineering Flashcards

Question

# Define: Deterministic Decryption

Answer 1

Decrypting data using fixed rules or algorithms, as opposed to probabilistic decryption methods. ## Footnote A type of decryption that involves using a specific set of rules or algorithms to decrypt data. This is different from probabilistic decryption, which involves using a combination of trial and error and probability to decrypt data. Deterministic decryption is often used in security applications where speed and efficiency are important, such as in password cracking or data recovery.

Answer 2

An attempt to gain unauthorized access using a predefined list of commonly used passwords. ## Footnote An attack that uses a list of predefined values (often common or predictable passwords) in an attempt to gain unauthorized access to a system. Attackers systematically try all the words or phrases from this 'dictionary' against a user account or encrypted file. While the method can be time-consuming, its success rate is considerably high against weak passwords, emphasizing the need for users to create complex and unique passwords. *For more information, view this lecture on [Type 1 authentication - "Something you know" or "Knowledge factors"](https://courses.thorteaches.com/courses/take/cissp/lessons/19178829-type-1-authentication-something-you-know-or-knowledge-factors). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Dictionary_attack).*

Answer 3

A cryptanalysis method studying input differences to decrypt ciphertext without brute force. ## Footnote A method of analyzing and potentially breaking cryptographic systems, especially symmetric key schemes. It involves the study of how differences in an input can affect the resultant difference in the output. By observing these differences, an attacker might be able to infer the secret key used for encryption, thereby decrypting the contents without the need for brute force. *For more information, view this lecture on [Attacks on our cryptography- Part 3.](https://courses.thorteaches.com/courses/take/cissp/lessons/19423096-attacks-on-our-cryptography-part-3). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Differential_cryptanalysis).*

Answer 4

A method for secure cryptographic key exchange over an unsecured communication channel. ## Footnote Named after its inventors, Whitfield Diffie, and Martin Hellman, Diffie-Hellman is a method of securely exchanging cryptographic keys over a public channel. The strength of Diffie-Hellman lies in its ability to facilitate the sharing of a secret key between two parties, each starting with their own private key, without the need to share any secret information directly. *For more information, view this lecture on [Asymmetric encryption- Part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/19314179-asymmetric-encryption-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange).*

Answer 5

A principle making the plaintext-ciphertext relationship complex to resist statistical analysis. ## Footnote In cryptography, diffusion refers to the way that the relationship between the plaintext (the original, readable data) and the ciphertext (the encrypted data) is made as complex as possible. The principle of diffusion is to disperse the influence of a single plaintext character over many ciphertext characters so that changing one character in the plaintext results in multiple character changes in the ciphertext. This ensures that the statistical structure of the plaintext is dissipated in the ciphertext, making it more resistant to statistical analysis and, thereby, more secure. Diffusion is typically achieved through techniques like confusion, which is the practice of making the relationship between the encryption key and the ciphertext as complex as possible. *For more information, view this lecture on [Introduction to Cryptography- Part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/19121903-introduction-to-cryptography-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Confusion_and_diffusion).*

Answer 6

A process using digital certificates to confirm the authorship and integrity of software or code. ## Footnote The process of using a digital certificate to sign a piece of software or code. This signature verifies the identity of the software author and assures the recipient that the code has not been altered or corrupted since it was signed. This helps protect users from installing malicious software disguised as legitimate applications. *For more information, view this lecture on [Digital signatures.](https://courses.thorteaches.com/courses/take/cissp/lessons/19149728-digital-signatures). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Code_signing).*

Answer 7

A standard for digital signatures, ensuring the authenticity of messages and documents. ## Footnote A federal Information Processing Standard for digital signatures, which was introduced by the US National Institute of Standards and Technology (NIST) in 1991. DSA is used for the creation of a digital signature, which can be used to authenticate the identity of the sender of a message or the signer of a document and to ensure that the original content of the message or document has not been altered. Signatures generated by DSA are unique not only to the document but also to the signer, ensuring both authenticity and non-repudiation. *For more information, view this lecture on [Digital signatures.](https://courses.thorteaches.com/courses/take/cissp/lessons/19149728-digital-signatures). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Digital_Signature_Algorithm).*

Answer 8

Digital Twins replicate physical systems or devices virtually, enabling real-time analysis, testing, and predictive modeling of security, performance, and maintenance requirements. ## Footnote Originating in IoT and manufacturing, a digital twin mirrors sensors, processes, and data flows. In cybersecurity, it simulates potential attack vectors, system behaviors under stress, or patch impacts before changes go live. Insights from these simulations guide risk assessment, intrusion detection, and design optimizations. With continuous data input, digital twins offer adaptive modeling that enhances resilience and operational efficiency. Effective use demands robust data accuracy, integration, and security. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Digital_twin).*

Answer 9

An attack leveraging paired letter frequency to break substitution ciphers. ## Footnote A Digraph Attack is a cryptanalytic method that studies pairs of letters (digraphs) in ciphertext to detect patterns that reveal the underlying substitution cipher. By analyzing the frequency and distribution of these letter pairs, attackers can deduce likely plaintext mappings. This technique is particularly effective against simple ciphers and demonstrates the vulnerability of static encryption methods against statistical analysis. *For more information, view this lecture on [Attacks on our cryptography- Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19149711-attacks-on-our-cryptography-part-1).*

Answer 10

A vulnerability allowing unauthorized file system access beyond the intended directory structure. ## Footnote A kind of security vulnerability that allows unauthorized access to directories and files on a system. It works by exploiting insufficient security validation or sanitization of user-supplied input file names, enabling attackers to step out of the intended directory tree and access other parts of the file system. Such attacks could potentially allow unauthorized viewing, copying, or modifying of sensitive information. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Directory_traversal_attack).*

Answer 11

The problem of finding the exponent in modular arithmetic, fundamental in cryptography. ## Footnote The discrete logarithm problem involves determining the exponent in modular arithmetic expressions, given the base and the result. Its computational complexity underpins the security of several cryptographic systems, such as Diffie-Hellman key exchange and certain public-key algorithms, making it a cornerstone in modern cryptographic practices. *For more information, view this lecture on [Asymmetric encryption- Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19149672-asymmetric-encryption-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Discrete_logarithm).*

Answer 12

Computers without internal storage, relying on network connections to servers for operating systems, applications, and data. ## Footnote Computers that do not have internal storage. Instead, they rely on a network connection to a server from which they access operating systems, applications, and data. This approach can reduce the risk of local data theft or loss and makes system maintenance easier, as updates and changes can be performed centrally on the server. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 4](https://courses.thorteaches.com/courses/take/cissp/lessons/18591381-virtualization-cloud-and-distributed-computing-part-4). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Diskless_node).*

Answer 13

A network where data processing tasks are distributed across multiple computers, enhancing efficiency and reliability. ## Footnote A computational network structure in which data processing tasks are divided and managed across multiple geographically dispersed computers or nodes. Each node in the network works on a portion of the overall task, and the nodes may communicate with each other to share resources, balance load, and provide redundancy. This type of network is designed to improve data processing efficiency and reliability, as it can continue to function even if some of its components fail. Distributed data processing networks are integral to the functioning of large-scale, high-availability systems and are commonly used in cloud services, content delivery networks, and large-scale computing platforms. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Distributed_computing).*

Answer 14

A computational model with components across multiple machines, enhancing resource use, reliability, and scalability for task processing. ## Footnote A networked computational model in which software and data components residing on multiple machines work in harmony to accomplish tasks or processes. This model optimizes the use of resources, enhances reliability and scalability, and enables the simultaneous processing of tasks, leading to faster completion times and efficient system utilization. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/18591372-virtualization-cloud-and-distributed-computing-part-1). Or view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 5](https://courses.thorteaches.com/courses/take/cissp/lessons/29450175-virtualization-cloud-and-distributed-computing-part-5). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Distributed_system).*

Answer 15

Docker is a platform that allows developers to package applications and dependencies into portable containers, ensuring consistency across various environments. ## Footnote By encapsulating code, runtime, system tools, and libraries in a single container image, Docker removes the “it works on my machine” dilemma. Containers launch quickly, use fewer resources than virtual machines, and simplify scaling in complex deployments. Docker registries store, version, and distribute images. Security best practices include regularly scanning images for vulnerabilities, using minimal base images, and isolating containers effectively. Docker has revolutionized DevOps and microservices, streamlining lightweight deployments. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Docker_(software)).*

Answer 16

A system using pressurized air or nitrogen instead of water, preventing pipe freezing and efficiently extinguishing fires when activated. ## Footnote A type of fire suppression system where the pipes are filled with pressurized air or nitrogen rather than water. This system is typically used in environments where temperatures can fall below freezing, such as in unheated buildings or outdoor locations. The dry pipe valve prevents water from entering the pipe until a fire causes the system to activate. Once activated, the air escapes, and the water pressure opens the valve, releasing water through the sprinkler heads to extinguish the fire. This delay ensures that pipes don't freeze and burst, which would render a wet pipe system ineffective in these conditions. *For more information, view this lecture on [Fire suppression- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149928-fire-suppression-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Fire_sprinkler_system#Dry_pipe).*

Answer 17

A cloud-based service offering data science capabilities such as analytics and machine learning without maintaining infrastructure. ## Footnote A cloud-based service that offers data science capabilities, including analytics, machine learning, and big data processing, without the need for organizations to maintain their own data science infrastructure. DSaaS enables access to advanced tools, algorithms, and expertise, facilitating data-driven decision-making and insights.

Answer 18

Dividing a hard drive or database into segments that can be easily modified, improving resource utilization. ## Footnote In computing, it's a method of dividing a hard drive or a database into segments that can be easily modified in size. This allows for the efficient use of space and resources by allocating and deallocating partitions as needed, without the need for a static predefined partition size. Dynamic partitioning can improve performance and flexibility for both storage and memory management in operating systems and database management systems. It enables the system to adapt to changing workloads and data requirements dynamically.

Answer 19

Computational infrastructures that process data closer to where it's generated, reducing latency and conserving bandwidth. ## Footnote Computing infrastructures that process data geographically closer to where it is generated rather than in a centralized data-processing warehouse. Edge computing brings computation and data storage to the proximity of data sources to lessen response times and save bandwidth. This concept is particularly relevant in the context of the Internet of Things (IoT), where edge devices, such as sensors or smart devices, produce vast amounts of data that can be processed locally to provide real-time analysis and insights. Edge computing supports a variety of applications, from mobile computing to autonomous vehicles, and is instrumental in distributed networks that require rapid processing without significant transmission delays. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 5](https://courses.thorteaches.com/courses/take/cissp/lessons/29450175-virtualization-cloud-and-distributed-computing-part-5). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Edge_computing).*

Answer 20

A system for exchanging business documents in a standard electronic format between partners, streamlining transactions. ## Footnote A computer-to-computer exchange of business documents in a standard electronic format between business partners. EDI replaces postal mail, fax, and email, enabling stakeholders to transfer documents like purchase orders, invoices, shipping notices, and many other types of business documents quickly and accurately. This standardized communication method allows different companies, possibly with different business systems, to connect and share data efficiently, leading to streamlined processes, reduced costs, and minimal human errors. EDI is commonly used in supply chain management, manufacturing, healthcare, and retail. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Electronic_data_interchange).*

Answer 21

A system for cryptographic key management, involving generation, distribution, and destruction of keys. ## Footnote A system designed to handle the generation, distribution, accounting, and destruction of cryptographic keys. As part of a robust encryption strategy, the EKMS ensures that the necessary cryptographic keys are available when needed and are kept secure at all times to prevent unauthorized access to encrypted data. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Electronic_Key_Management_System).*

Answer 22

A public-key cryptosystem used for digital signatures and encryption, based on the Diffie-Hellman key exchange method. ## Footnote A public key cryptosystem based on the Diffie-Hellman key exchange. It was developed by Taher ElGamal in 1985 and is used for digital signatures, key agreements, and encryption. The El Gamal encryption system is an alternative to the RSA algorithm and relies on the difficulty of calculating discrete logarithms for providing security. It has the property that each plaintext message is encrypted to a different ciphertext message using a randomly chosen parameter, even if the same plaintext message is encrypted multiple times. *For more information, view this lecture on [Asymmetric encryption- Part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/19314179-asymmetric-encryption-part-2) Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/ElGamal_encryption).*

Answer 23

The quick ability of cloud services to scale resources up or down as demand changes, optimizing utilization and performance. ## Footnote The ability of a cloud system to quickly scale up or down in response to changes in demand or usage. It is used in cloud computing to ensure that a system has the necessary resources to handle sudden increases in traffic or workload without affecting performance or availability. Examples include auto-scaling, load balancing, and resource allocation. *For more information, view this lecture on [Secure Access Service Edge](https://courses.thorteaches.com/courses/take/cissp/lessons/54398562-new-2024-sase-secure-access-service-edge). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cloud_computing).*

Answer 24

Energy areas that may be used in side-channel attacks, requiring measures such as shielding to mitigate risks. ## Footnote Invisible areas of energy, often referred to as radiation, are associated with the use of electrical power and various forms of natural and man-made lighting. In the context of security, EMFs can be a concern as they may be used in side-channel attacks where an adversary could potentially capture information from the radiation emitted by a device. Measures such as shielding and maintaining a secure physical distance can be used to mitigate this risk. *For more information, view this lecture on [Emanations and Covert Channels](https://courses.thorteaches.com/courses/take/cissp/lessons/18591390-emanations-and-covert-channels). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Electromagnetic_field).*

Answer 25

A block cipher mode where plaintext blocks are encrypted independently, not hiding data patterns well. ## Footnote Electronic Code Book (ECB) Mode is the simplest form of block cipher encryption where each block of plaintext is encrypted independently. Its main weakness lies in not hiding data patterns well, as identical plaintext blocks produce identical ciphertext blocks. This predictability can lead to security vulnerabilities, making ECBs unsuitable for the encryption of large amounts of data, especially if they contain repetitive information. *For more information, view this lecture on [Symmetric encryption- Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19149624-symmetric-encryption-part-1) Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#ECB).*

Answer 26

A public-key encryption technique using elliptic curves, providing strong security with smaller keys. ## Footnote A public key encryption technique based on elliptic curve theory that can be used to create faster, smaller, and more efficient cryptographic keys. ECC generates keys through the properties of the elliptic curve equation instead of the traditional method of generation as the product of very large prime numbers, offering equivalent security with lower computing power and battery resource usage. *For more information, view this lecture on [Asymmetric encryption- Part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/19314179-asymmetric-encryption-part-2) Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Elliptic-curve_cryptography).*

Answer 27

A cryptographic algorithm for digital signatures using elliptic curve theory. ## Footnote A cryptographic algorithm that uses elliptic curves for the creation of digital signatures. It's widely recognized for its strength despite using shorter key lengths, which results in more efficient processing. ECDSA provides assurance of data integrity, sender authenticity, and non-repudiation, meaning the signer cannot credibly deny having signed the data. *For more information, view this lecture on [Asymmetric encryption- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/19314179-asymmetric-encryption-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm).*

Answer 28

A computer system with a specific function within a larger system, often subject to real-time computing constraints. ## Footnote A dedicated computer system with a specific function within a larger mechanical or electrical system, often with real-time computing constraints. It is embedded as part of a complete device, often including hardware and mechanical parts. Embedded systems control many devices in common use today and are typically designed for specific control tasks with varying degrees of complexity. They range from simple microcontroller-based systems to complex systems-on-chips (SoCs) and are found in numerous applications, including consumer electronics, automobiles, medical devices, industrial controls, and aerospace. *For more information, view this lecture on [Hardware architecture- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/45831595-hardware-architecture-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Embedded_system).*

Answer 29

Advanced cloud-based services and infrastructure, such as AI platforms and serverless computing, with new vulnerabilities. ## Footnote The new and advanced developments in cloud-based services and infrastructure. It covers technologies such as serverless computing, artificial intelligence (AI) and machine learning (ML) platforms, edge computing, and advanced security solutions in the cloud. As these technologies evolve and gain adoption, they bring along new potential vulnerabilities and attack vectors, making their secure implementation and management critical.

Answer 30

Disruption of a circuit's performance due to external electromagnetic sources, potentially causing data loss or errors. ## Footnote The disruption of an electrical circuit's performance due to external electromagnetic radiation or other electrical devices. EMI can interfere with the normal operation of electronic devices, including computers and networking equipment, which can lead to data loss, system errors, or even equipment failure, creating potential risks for data integrity and system availability. *For more information, view this lecture on [Emanations and Covert Channels](https://courses.thorteaches.com/courses/take/cissp/lessons/18591390-emanations-and-covert-channels). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Electromagnetic_interference).*

Answer 31

Converting information from one format to another for standardization, secrecy, compression, or compatibility with computer systems. ## Footnote The process of converting information from one format or code to another for the purposes of standardization, speed, secrecy, or compressions. In computer systems, encoding can refer to transforming data into a form that can be easily used by different types of systems. For example, encoding is commonly used for transforming raw data into a binary format that is understandable by computers. It also refers to the conversion of data for transmission, storage, or encryption, often using schemes such as Base64 and UTF-8 for text or more complex schemes like encoding video for digital formats. *For more information, view this lecture on [Introduction to Cryptography- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19121869-introduction-to-cryptography-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Code).*

Answer 32

Converting data into a secure and unreadable format to protect it from unauthorized access during storage or transmission. ## Footnote The process of converting information or data into a secure format that cannot be read without proper authorization, typically using a key. It protects data privacy by ensuring that only those who have the encryption key can access the original data, making it essential for secure communication over potentially vulnerable networks like the Internet. Encryption is used in various applications, including online transactions, confidential communications, and safeguarding sensitive information. *For more information, view this lecture on [The encryption we use today](https://courses.thorteaches.com/courses/take/cissp/lessons/19215118-the-encryption-we-use-today). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Encryption).*

Answer 33

A mathematical process that transforms plaintext into ciphertext, using various techniques to secure data. ## Footnote A mathematical process used to convert plaintext into ciphertext. Encryption algorithms are designed to encode data in such a way that it can only be decrypted by authorized parties. Common encryption algorithms include AES (Advanced Encryption Standard), DES (Data Encryption Standard), and RSA (Rivest-Shamir-Adleman). They use a variety of techniques, such as substitution, transposition, and mathematical transformations, to ensure data security. *For more information, view this lecture on [Introduction to Cryptography- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19121869-introduction-to-cryptography-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Algorithm).*

Answer 34

A string of characters used in cryptography to encode or decode data securely, crucial for maintaining data privacy. ## Footnote A string of characters used in conjunction with an encryption algorithm to encode or decode data. In symmetric encryption, the same key is used for both encryption and decryption, while in asymmetric encryption, two related keys are used - a public key for encryption and a private key for decryption. The security of encrypted data is highly dependent on the strength and secrecy of the encryption key. *For more information, view this lecture on [The encryption we use today](https://courses.thorteaches.com/courses/take/cissp/lessons/19215118-the-encryption-we-use-today). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Key_(cryptography)).*

Answer 35

The Enigma machine was a World War II-era encryption device used by German military forces to encode communications, famously decoded by Allied cryptanalysts. ## Footnote Featuring rotors and plugboard connections, Enigma converted plaintext into complex cipher text, reconfiguring itself with each keypress. Allied breakthroughs, notably at Bletchley Park, significantly shortened the war by revealing strategic plans. The system’s cryptographic strength hinged on daily key changes and mechanical complexity. Modern cryptography owes its development, in part, to insights gleaned from cracking the Enigma. *For more information, view this lecture on [The history of Cryptography - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149612-the-history-of-cryptography-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Enigma_machine).*

Answer 36

A framework defining an organization's structure and operation to align with objectives, involving business processes and IT systems. ## Footnote A strategic planning framework that defines the structure and operation of an organization. It seeks to align an organization's structure with its objectives, facilitating systematic analyses, design, planning, and implementation of an organization's strategies. EA involves the detailed modeling of business processes, information flows, IT systems, and technological infrastructure. By providing a holistic view of an organization's assets, processes, and policies, EA supports informed decision-making, promotes efficiency, and guides the effective integration of IT with business goals. *For more information, view this lecture on [Hardware architecture- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/18591300-hardware-architecture-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Enterprise_architecture).*

Answer 37

The hardware, operating system, software libraries, and data surrounding a computer program or application. ## Footnote In general terms, an environment refers to the surrounding conditions or context in which an organism, system, or object operates. In computing, an environment is the setting in which a computer program or software application runs – it's about the hardware, operating system, software libraries, and data that exist outside the program itself. The term is also used to describe the configuration of software or hardware tools to create a specific type of runtime environment, such as a development, test, or production environment. Each environment serves a particular purpose in the software development lifecycle and operates under different parameters. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Deployment_environment).*

Answer 38

A temporary cryptographic key used for a single session or short duration, then discarded, enhancing security for communications. ## Footnote A cryptographic key that is used only once or for a brief period of time before being discarded. It is typically employed in secure communications to ensure the confidentiality and integrity of each individual session. The use of ephemeral keys enhances security by ensuring that even if a key is compromised, it can't be used to decrypt other sessions or gain long-term access to sensitive information. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Ephemeral_key).*

Answer 39

Temporary storage that is lost upon rebooting or terminating the instance, used for short-term data and applications. ## Footnote Temporary data storage that is not persistent across reboots or termination of the instance. It is often used in cloud computing environments for temporary storage of information such as swap files, buffers, or session data. Data stored in ephemeral storage is typically lost once the instance is stopped, terminated, or crashes, making it unsuitable for long-term data retention but useful for transient data and applications that do not require durable storage.

Answer 40

A data protection method splitting data into fragments and encoding with redundant pieces for fault-tolerance. ## Footnote A method of data protection in which data is broken into fragments, expanded and encoded with redundant data pieces, and stored across a set of different locations or storage media. The objective is to enable the reconstruction of data by using information about the data that's stored elsewhere in the network, thus providing high fault-tolerance. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Erasure_code).*

Answer 41

A third party trusted to securely hold cryptographic keys, releasing them only under specific conditions, balancing security and lawful access. ## Footnote A trusted third-party entity that holds encryption keys in a secure environment. These keys can be released if certain conditions are met, such as the loss of original keys by the owner or a lawful request by authorities. The escrow agent's role is critical in maintaining the balance between security and lawful access. *For more information, view this lecture on [Digital signatures](https://courses.thorteaches.com/courses/take/cissp/lessons/19149728-digital-signatures). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Escrow).*

Answer 42

The operational status of a system performing user-oriented functions, needing protection to ensure data and system security. ## Footnote The operating status of a system when it's performing its primary, user-oriented functions, as opposed to its administrative or maintenance-oriented tasks. In terms of security, ensuring the protection of the system and the data it handles during its executive state is of utmost importance.

Answer 43

Unauthorized movement of data to an external location, often by attackers, leading to privacy breaches or intellectual property theft. ## Footnote The unauthorized transfer of data from a computer or other device to an external location or party. In cybersecurity, it often refers to data being illicitly copied or transmitted out of a network by an attacker or malware. Exfiltration can result in significant privacy breaches, intellectual property theft, and security incidents. Preventing exfiltration is a key focus of data loss prevention (DLP) strategies and security controls. *For more information, view this lecture on [Data Protection](https://courses.thorteaches.com/courses/take/cissp/lessons/25649829-data-protection). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_exfiltration).*

Answer 44

FAAS is a cloud computing model where developers deploy individual functions instead of managing entire servers, paying only for execution time and resource consumption. ## Footnote Part of the serverless architecture, FAAS platforms (e.g., AWS Lambda) simplify scalability by automatically spinning up or down as demand fluctuates. Developers focus on writing code in discrete units triggered by events like HTTP requests or data modifications. This approach optimizes resource use, lowers operational overhead, and encourages microservices-based designs, supporting faster product iterations and agile development cycles. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Serverless_computing).*

Answer 45

A security feature ensuring a system remains secure or locked during a failure, maintaining protection. ## Footnote A security term describing a feature or state where, upon failure, a system remains secure. In a fail-secure setup, if a component or system fails, it defaults to a locked or protected state rather than an open or unsecured one. This concept is commonly applied to access control systems, such as locked doors that remain locked during a power outage, ensuring that security is maintained even when the system's primary operation is compromised. *For more information, view this lecture on [Secure design principles](https://courses.thorteaches.com/courses/take/cissp/lessons/25340659-secure-design-principles). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Fail-safe#Fail_safe_and_fail_secure).*

Answer 46

A system design defaulting to an "open" state during failure, prioritizing availability over security. ## Footnote A fail-open design refers to a security system's configuration that, in the event of a system failure, defaults to an "open" state, allowing all traffic or access. This approach prioritizes availability and continuity of operations over strict access control, often used in scenarios where service disruption is unacceptable despite the potential security risks it could introduce. This could also be doors that fail-open in case of an emergency, to allow for safe egress from a building. *For more information, view this lecture on [Secure design principles](https://courses.thorteaches.com/courses/take/cissp/lessons/25340659-secure-design-principles). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Fail-safe).*

Answer 47

A design ensuring a system defaults to a safe condition upon failure, minimizing harm or damage. ## Footnote A fail-safe design ensures that in the event of a system failure or malfunction, the system will default to a safe or minimal risk condition to prevent or minimize harm or damage. Failsafe mechanisms are critical in various industries and technologies, such as in aviation, automotive safety systems, and nuclear power plants, where a failure could have severe consequences. In computing, a failsafe may involve switching to a backup system or mode of operation that maintains service continuity at a reduced capacity. *For more information, view this lecture on [Secure design principles](https://courses.thorteaches.com/courses/take/cissp/lessons/25340659-secure-design-principles). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Fail-safe).*

Answer 48

A fail-over design providing a reduced level of service during failure, maintaining some continuity. ## Footnote A type of fail-over system that is designed to provide a reduced level of service in the event of a failure or interruption. It is used to ensure the availability of services in case of failure but at a lower level than the primary system. For example, a fail-soft system may provide a limited number of services in case of a failure rather than all services. *For more information, view this lecture on [Secure Design Principles](https://courses.thorteaches.com/courses/take/cissp/lessons/25340659-secure-design-principles). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Fault_tolerance#Terminology).*

Answer 49

In programming, execution passing from one case to another in switch-case statements without breaks. ## Footnote In programming, fall-through logic occurs in switch-case statements where the absence of a break statement causes the execution to continue from one case into the subsequent case. It's intentional in certain programming scenarios but should be used cautiously to prevent logic errors. In security, careful design is required to avoid unintended actions from fall-through behavior, especially in authentication or access control decisions.

Answer 50

An enclosure that blocks electromagnetic fields, used to protect electronic equipment from interference and prevent data eavesdropping. ## Footnote An enclosure used to block electromagnetic fields. It is typically formed by a conductive material or a mesh of such material. Named after the English scientist Michael Faraday, who invented them in 1836, Faraday cages work by distributing charge or radiation around the cage's exterior, thus canceling out electric charges or radiation fields inside the enclosure. Faraday cages are used to protect electronic equipment from lightning strikes and electromagnetic interference (EMI) as well as to prevent EMI from emanating from electronic devices. They are also used in secure environments to prevent eavesdropping or data theft via electronic means. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Faraday_cage).*

Answer 51

Introducing faults into a system to test its resilience and validate error detection and recovery capabilities. ## Footnote The deliberate introduction of faults or errors into a system to test its resilience and to validate its error detection and recovery capabilities. It can simulate various failure conditions and helps in understanding how a system behaves under abnormal conditions. *For more information, view this lecture on [Attacks on our cryptography- Part 3](https://courses.thorteaches.com/courses/take/cissp/lessons/19423096-attacks-on-our-cryptography-part-3). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Fault_injection).*

Answer 52

A symmetric encryption structure that divides data into two halves for iterative processing. ## Footnote A Feistel cipher divides data into two halves and subjects them to multiple rounds of processing with a round function and mixing operations, such as XOR. This symmetric structure simplifies decryption by reversing the process, forming the basis for many modern block ciphers and contributing to robust encryption methods. *For more information, view this lecture on [Symmetric encryption- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/19215140-symmetric-encryption-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Feistel_cipher).*

Answer 53

A barrier, physical or computational, that prevents unauthorized access, used to protect assets and enforce a security perimeter. ## Footnote In a physical security context, a fence is a barrier used to enclose or secure an area, typically made from posts connected by boards, wire, or rails, and is designed to prevent intrusion or escape. In computing, fencing can refer to a network security measure that isolates a node or system to protect the rest of the network when a security issue is detected. It also refers to a method of multiprocessing to prevent data corruption by coordinating exclusive access to shared resources. *For more information, view this lecture on [Physical security- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/19149796-physical-security-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Physical_security#Physical_barriers).*

Answer 54

A file system used for simple storage devices, managing space with an index table, compatible with many platforms. ## Footnote An older type of file system that was widely used for simple storage devices due to its simplicity and compatibility. It maintains a table (FAT) that acts as an index to manage disk space, keeping track of where files are stored. FAT file systems include FAT12, FAT16, and FAT32, differing in disk and partition size support. Despite its limitations in file size and disk capacity, FAT is still used in many situations for its cross-platform compatibility, especially on flash drives and other removable media. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/File_Allocation_Table).*

Answer 55

Fileless Malware operates primarily in memory, exploiting legitimate processes or registry keys without relying on traditional executable files, making it harder to detect. ## Footnote Attackers leverage scripting languages (e.g., PowerShell) or inject malicious code into running processes to bypass antivirus solutions that focus on scanning files. Memory-resident malware can persist only until a system restarts or it can embed deeper, relying on advanced tactics. Security measures include monitoring process behavior, enforcing application control, and restricting script execution policies. Detecting fileless malware requires endpoint monitoring tools that watch for anomalous in-memory activities, helping defenders stay ahead of stealthy attacks. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Fileless_malware).*

Answer 56

Encrypting individual files or directories, offering granular control over data security and access management. ## Footnote A method of data protection where individual files or directories are encrypted by the file system itself. This form of encryption is highly flexible, allowing users to select exactly which data to encrypt and to manage access on a file-by-file basis. As a result, even if the physical media on which the files are stored is compromised, the data remains inaccessible without the appropriate decryption key. *For more information, view this lecture on [The encryption we use today](https://courses.thorteaches.com/courses/take/cissp/lessons/19215118-the-encryption-we-use-today). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Filesystem-level_encryption).*

Answer 57

Categories that classify fires by the type of combustible material involved. ## Footnote Fire classes categorize fires based on the nature of the fuel involved, such as solids, liquids, gases, or electrical equipment. This classification informs the selection of appropriate extinguishing agents and firefighting techniques. Understanding fire classes is crucial for effective fire prevention strategies, emergency response planning, and ensuring that safety measures are tailored to the specific risks present in different environments. *For more information, view this lecture on [Fire suppression- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149928-fire-suppression-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Fire_class).*

Answer 58

Methods and systems designed to extinguish or prevent the spread of fire, critical for safeguarding facilities like data centers. ## Footnote The various methods and systems designed to extinguish or prevent the spread of fire in a building or facility. These methods can be manual, like fire extinguishers and fire blankets, or automatic, like sprinkler systems or gas-based systems. These systems are particularly important in data centers or server rooms where high temperatures or fires can cause catastrophic damage. *For more information, view this lecture on [Fire suppression- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149928-fire-suppression-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Fire_suppression_system).*

Answer 59

A weakness or defect in a system that can lead to malfunctions or vulnerabilities, requiring timely resolution. ## Footnote A weakness or a defect in a system, be it in a software, hardware component, network design, or business process. This could be a result of coding errors in software, design oversights, or configuration errors. When a flaw is discovered, it often needs to be rectified quickly to prevent exploitation that could compromise system integrity, confidentiality, or availability. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Vulnerability_(computing)).*

Answer 60

Automated encryption of data before storage or transmission, ensuring its security and integrity. ## Footnote A policy where data is automatically encrypted before it is stored or transmitted, ensuring that the information remains secure and inaccessible to unauthorized users. This process can be performed at different levels, such as at the file, disk, or network level, and is key in protecting sensitive data from unauthorized access or potential data breaches. *For more information, view this lecture on [The encryption we use today](https://courses.thorteaches.com/courses/take/cissp/lessons/19215118-the-encryption-we-use-today).*

Answer 61

A cryptanalysis method studying the frequency of letters or groups in ciphertext to identify patterns and decrypt information. ## Footnote A method used in cryptanalysis to study the frequency of letters or groups of letters in a ciphertext. The technique is based on the fact that, in any given stretch of written language, certain letters and combinations of letters occur with varying frequencies. If an unauthorized entity conducts frequency analysis successfully, it can potentially decrypt and access sensitive information without authorization. *For more information, view this lecture on [Introduction to Cryptography- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/19121903-introduction-to-cryptography-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Frequency_analysis).*

Answer 62

A security measure encrypting the entire hard drive, preventing unauthorized data access if a device is lost or stolen. ## Footnote A security measure used to protect all data on a hard drive. By encrypting every bit of data, including files, folders, and the operating system itself, FDE renders the stored information unreadable to unauthorized individuals. This measure is particularly useful if a device gets lost or stolen, as it prevents unauthorized access to the data, ensuring only those with the correct decryption key or password can access the information. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Disk_encryption).*

Answer 63

Gait analysis examines a person’s walking pattern, often used as a biometric to identify or authenticate individuals by their unique movement characteristics. ## Footnote By measuring stride length, speed, and joint motion, systems discern subtle differences unique to each person’s gait. While potentially convenient for continuous authentication, gait recognition faces challenges like variability from footwear, mood, or injuries. Still, it’s gaining traction in security fields and healthcare. Privacy concerns arise due to the potential for covert tracking, necessitating clear regulations and ethical implementations. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Gait_analysis).*

Answer 64

A physical or logical checkpoint used to control access to a system or area, essential for enforcing a secure boundary. ## Footnote In security, a gate is a physical or logical point of entry used to control access to a system or area. It can range from simple turnstiles to sophisticated biometric access systems. The gate's classification often indicates its application, such as residential (Class I), commercial (Class II), industrial (Class III), and high security (Class IV), each with a corresponding level of access control and security measures as outlined in ASTM standards for gates and barriers. *For more information, view this lecture on [Physical security- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/19149796-physical-security-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Gate).*

Answer 65

A device that converts mechanical energy into electrical power for backup or primary use. ## Footnote A Generator is a machine that transforms mechanical energy—often from engines or turbines—into electrical energy. It serves as a backup power source during outages or as the primary energy supply in areas without grid access. Generators vary in size and application, ensuring continuity of operations in critical infrastructure and remote locations by providing a reliable alternative to conventional power sources. *For more information, view this lecture on [Electricity](https://courses.thorteaches.com/courses/take/cissp/lessons/19149858-electricity). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Motor%E2%80%93generator).*

Answer 66

Specialized cloud services for government agencies, handling sensitive data with high-security and compliance levels. ## Footnote A type of cloud computing service that is designed specifically for government agencies to store, manage, and process sensitive data. It is used in situations where the data being handled requires a high level of security and compliance with government regulations. Examples include storing and processing data for military operations, social security records, and tax information.

Answer 67

A model defining information protection in computer systems, outlining rights and actions for secure architectures. ## Footnote A formal framework used to define and analyze the protection of information in a computer system. It outlines a set of eight basic rights or rules (procedures) that can be defined for a system regarding the creation and deletion of objects and subjects, providing, transferring, and deleting access rights. The model focuses on the actions that subjects can execute over objects while taking into consideration the permissions and prohibitions applied to these actions, making it a fundamental model in the study of secure systems' architecture. *For more information, view this lecture on [Security models and concepts - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/47772487-security-models-and-concepts-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Graham%E2%80%93Denning_model).*

Answer 68

A project developed from scratch on undeveloped land without legacy constraints. ## Footnote Greenfield refers to initiatives or projects undertaken on previously unused or undeveloped sites, free from the constraints of existing infrastructure. This environment allows for innovative planning and design, with modern standards and technologies implemented from the ground up. Greenfield projects offer flexibility and the potential for optimized performance, but they require significant planning and investment to build new infrastructures. *For more information, view this lecture on [Site selection- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149825-site-selection-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Greenfield_land).*

Answer 69

Distributed computing that leverages networked resources to solve complex problems. ## Footnote Grid computing connects disparate computing resources across networks to work collectively on large-scale tasks. By pooling processing power and storage, it enables efficient handling of complex computations, scientific simulations, and data-intensive projects, often across geographically separated sites, optimizing resource use and performance. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 4](https://courses.thorteaches.com/courses/take/cissp/lessons/18591381-virtualization-cloud-and-distributed-computing-part-4). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Grid_computing).*

Answer 70

Security vulnerabilities that allow VMs to access or manipulate the host system, breaching isolation. ## Footnote Guest escape vulnerabilities in virtualization refer to security flaws that allow a guest virtual machine (VM) to break out of its isolated environment and potentially access or manipulate the underlying host system. This type of vulnerability poses significant risks in multi-tenant virtualized environments, including cloud systems, where it could lead to unauthorized access to other VMs or sensitive host resources. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Virtual_machine_escape).*

Answer 71

Fire suppression chemicals originally using Halon, now substituted with eco-friendly agents. ## Footnote Halon and replacements refer to a class of fire suppression agents that initially centered on Halon compounds known for rapid fire extinguishment but harmful environmental effects. In response to environmental concerns, newer, eco-friendly alternatives have been developed. These replacements maintain high efficacy in fire suppression while reducing ozone depletion potential, aligning with modern environmental regulations and sustainability goals. *For more information, view this lecture on [Fire suppression- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/19974054-fire-suppression-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Gaseous_fire_suppression).*

Answer 72

Strengthening or securing a system to guard against vulnerabilities, involving security controls and configuration changes. ## Footnote The process of strengthening or securing a system, network, or application to protect against potential vulnerabilities or threats. Hardening can involve a range of measures, such as implementing security controls, disabling unnecessary services, or applying patches and updates. Examples of hardening activities include configuring firewalls, disabling unused ports, and applying security patches to operating systems. *For more information, view this lecture on [Asset tracking and hardware hardening](https://courses.thorteaches.com/courses/take/cissp/lessons/20679155-asset-tracking-and-hardware-hardening). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Hardening_(computing)).*

Answer 73

The process of enhancing system security by reducing potential attack surfaces, including disabling services and applying patches. ## Footnote The process of securing a system by reducing its vulnerability to attack. This is often done by disabling unnecessary services, applying security patches, and using firewalls and intrusion detection systems. It is used in cybersecurity to protect systems from unauthorized access. Examples include disabling unneeded network ports, implementing access controls, and regularly updating software. *For more information, view this lecture on [Asset tracking and hardware hardening](https://courses.thorteaches.com/courses/take/cissp/lessons/20679155-asset-tracking-and-hardware-hardening). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Hardening_(computing)).*

Answer 74

Strengthening the security of devices using cloud services to protect against threats, involving updates, access control, and encryption. ## Footnote Implementing security measures to protect devices connected to cloud services and the data they handle from threats. It can include techniques like ensuring firmware is up-to-date, using robust access controls, disabling unnecessary services, encrypting data, and configuring network security appropriately. Since cloud devices often handle sensitive data and are connected to the Internet, they can be attractive targets for attackers, making hardening a crucial aspect of maintaining their security. *For more information, view this lecture on [Asset tracking and hardware hardening](https://courses.thorteaches.com/courses/take/cissp/lessons/20679155-asset-tracking-and-hardware-hardening).*

Answer 75

The tangible components of a computer system, including processors and storage devices, essential for system operation. ## Footnote The physical components of a computer system, such as the motherboard, processor, and memory. This is a crucial part of a computer system, as it provides the necessary components for running software and storing data. Examples of hardware include CPUs, RAM, and storage drives. *For more information, view this lecture on [Hardware architecture- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/18591300-hardware-architecture-part-1) and [Hardware architecture- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/45831595-hardware-architecture-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Computer_hardware).*

Answer 76

Encryption implemented on dedicated hardware for improved speed and robust security. ## Footnote Hardware encryption uses dedicated physical components to perform cryptographic functions. It offloads the encryption workload from the main processor and provides enhanced protection against software-based attacks, making it ideal for securing data on storage devices and enterprise systems. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Hardware-based_encryption).*

Answer 77

A device that manages digital keys and performs cryptographic functions, essential for protecting sensitive data. ## Footnote A physical device that securely generates, stores, and manages digital keys. It is used in cryptography to protect sensitive data, such as cryptographic keys and passwords. Examples of HSMs include smart cards and USB security tokens. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Hardware_security_module).*

Answer 78

Dividing a network into separate segments with dedicated hardware, enhancing security by isolating threats. ## Footnote Hardware segmentation is the practice of dividing a network into physically separate segments, each with dedicated hardware such as switches and routers. This approach can enhance security by containing threats within a segment and preventing unauthorized access across different parts of the network. It is particularly useful for protecting high-value assets within an organization. *For more information, view this lecture on [Hardware architecture- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/18591300-hardware-architecture-part-1). Or view this lecture on [Hardware architecture- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/45831595-hardware-architecture-part-2).*

Answer 79

A cryptographic key permanently embedded within hardware, resistant to modification or extraction. ## Footnote A hardwired key in cryptography is a secret key that is embedded directly within hardware and is not designed to be modified or replaced. This type of key is used for specific cryptographic functions and is known for its resistance to extraction or tampering due to its physical integration into the hardware.

Answer 80

A model for access control policies in computing, focusing on privilege escalation prevention. ## Footnote A formal model used for expressing access control policies and analyzing their security properties. Named after its creators, Michael A. Harrison, Walter L. Ruzzo, and Jeffrey D. Ullman, the model focuses on determining whether a system configuration could allow a subject to acquire unauthorized access rights. It's particularly known for its undecidable safety problem - it's not generally possible to determine whether a given system is 'safe' against privilege escalation. *For more information, view this lecture on [Security models and concepts - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/47772487-security-models-and-concepts-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/HRU_(security)).*

Answer 81

Converting data into a fixed-length string of characters, often used for integrity verification and secure storage. ## Footnote The process of converting data into a fixed-length, unique value known as a hash. This is used in cryptography to verify the integrity of data, as any change to the data will result in a different hash value. Examples of hashing include using a hash function to create a digital signature and generating a checksum for a file. *For more information, view this lecture on [Hashing- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149697-hashing-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Hash_function).*

Answer 82

An occurrence where two distinct inputs produce the same hash output, a potential security concern. ## Footnote A hash collision occurs when two distinct inputs produce identical hash values using the same hashing algorithm. Collisions present a security concern, as they may be exploited to deceive systems relying on hashes for data integrity verification. Strong hashing algorithms are designed to minimize the probability of collisions. *For more information, view this lecture on [Hashing- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149697-hashing-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Collision_(computer_science)).*

Answer 83

The output of a hashing function, representing input data and used for verifying data integrity. ## Footnote The fixed-length output produced by a hash function. This is a unique value that represents the input data, and any change to the input data will result in a different hash value. Examples of hash values include a password hash and a digital signature. *For more information, view this lecture on [Hashing- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149697-hashing-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Hash_function).*

Answer 84

A technique combining a hash function and a secret key to verify message authenticity. ## Footnote A cryptographic technique that uses a hash function and a secret key to verify the authenticity and integrity of a message. It is used in secure communication protocols to prevent tampering and replay attacks. Examples of HMAC include using it to authenticate HTTP requests and verify the authenticity of digital signatures. *For more information, view this lecture on [MAC, HMAC, SSL, and TLS](https://courses.thorteaches.com/courses/take/cissp/lessons/19149773-mac-hmac-ssl-and-tls). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/HMAC).*

Answer 85

An algorithm transforming data into a fixed-size string, used for secure data storage and integrity checks. ## Footnote An algorithm that maps data of any size to a fixed size. The output, or hash, is a string of characters that represents the input data. In security, hash functions are used for a variety of purposes, including data integrity checks, password storage, and digital signatures. A secure hash function has the property that it's computationally infeasible to derive the original input from its hash, making it useful for storing sensitive information like passwords in a form that prevents their recovery even if the hash is known. *For more information, view this lecture on [Hashing- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149697-hashing-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Hash_function).*

Answer 86

A cryptographic hash function producing variable-length hash outputs from input data. ## Footnote HAVAL is a flexible cryptographic hash function that allows users to choose the length of the output hash and the number of processing rounds. Its adaptability makes it suitable for various applications where different levels of security and performance are required, ensuring data integrity through variable hash sizes. *For more information, view this lecture on [Hashing- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/19314170-hashing-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/HAVAL).*

Answer 87

Systems regulating temperature and air quality, crucial for equipment and occupant comfort. ## Footnote The technology and systems used to regulate temperature, air quality, and humidity in a building or space. It is used to ensure the comfort and health of building occupants and to protect sensitive equipment from environmental threats. Examples include thermostats, air filters, and ventilation systems. *For more information, view this lecture on [Fire suppression and hot and cold aisles](https://courses.thorteaches.com/courses/take/cissp/lessons/19149912-fire-suppression-and-hot-and-cold-aisles). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/HVAC).*

Answer 88

Describes data with a high level of detail or precision, offering specific insights but posing management challenges. ## Footnote The level of detail or precision in a data set. When data is highly granular, it has a high level of specificity, meaning that it is divided into many small, distinct units. This can be useful for analyzing data in detail, but it can also make it more difficult to process and manage. Examples of data with high granularity include detailed transaction records, sensor data, and social media posts.

Answer 89

Systems designed for large, complex computing tasks at fast speeds, used in research and analysis. ## Footnote A type of computer system that is designed to handle extremely large and complex computing tasks at high speeds. These systems are often used in scientific research, financial modeling, and data analysis. Examples include supercomputers, grid computing systems, and clusters of computers working together. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 5](https://courses.thorteaches.com/courses/take/cissp/lessons/29450175-virtualization-cloud-and-distributed-computing-part-5). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/High-performance_computing).*

Answer 90

Unauthorized control over computing resources, leading to data breaches and service disruptions. ## Footnote In cybersecurity, hijacking refers to various forms of unauthorized control over a computing resource, like taking over web sessions, diverting network traffic, or commandeering system functions. It often results in data breaches, service disruption, or facilitating further attacks such as spamming or phishing from a trusted source. *For more information, view this lecture on [Attacks on our cryptography- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149711-attacks-on-our-cryptography-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Hijacking).*

Answer 91

Cyberattacks taking control of sessions or connections, like session hijacking and man-in-the-middle attacks. ## Footnote A type of cyberattack in which an attacker takes control of a legitimate user's session or network connection without the user's knowledge or consent. This concept is used in the context of computer security to describe attacks that aim to steal sensitive information or gain unauthorized access to a system. Examples of hijacking attacks include session hijacking, where an attacker takes control of a user's session, and man-in-the-middle attacks, where an attacker intercepts and modifies communications between two parties. *For more information, view this lecture on [Attacks on our cryptography- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149711-attacks-on-our-cryptography-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Hijacking).*

Answer 92

Encryption allowing computations on encrypted data, preserving privacy in untrusted environments. ## Footnote A term used in the context of encryption that refers to the ability to perform computations on encrypted data without decrypting it first. Homomorphic encryption allows for the processing of data while maintaining its ciphertext form, ensuring that the data remains secure even in untrusted environments. Once the computation is performed, the results are also in an encrypted form and can be decrypted only with the appropriate key. This property is particularly valuable for privacy-preserving data analysis and cloud computing, where sensitive data can be processed by external servers without exposing the underlying data to those servers. Homomorphic encryption is an active area of research and can be partial, somewhat, or fully homomorphic, depending on the types and complexity of operations it supports. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Homomorphic_encryption).*

Answer 93

Horizontal scalability involves adding more nodes or instances to a system (often servers or containers) to handle increased workload or user demands without changing the core architecture. ## Footnote Instead of upgrading hardware in a single system (vertical scaling), organizations distribute tasks across multiple machines, achieving elasticity and fault tolerance. Load balancers and orchestration tools like Kubernetes help manage these distributed resources efficiently. Horizontal scaling supports high availability, making services resilient to individual node failures. This approach suits applications that require ongoing expansion while optimizing performance and cost. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Database_scalability).*

Answer 94

A computer or device on a network providing data or services to other connected devices. ## Footnote A computer or other device connected to a network that provides data, services, or resources to clients. In network architecture, hosts can serve as servers, offering web pages, applications, or storage, and enable users to access and utilize these resources. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Host_(network)).*

Answer 95

An attack where an attacker breaches a virtualized environment to access the underlying host system. ## Footnote A type of attack in which an attacker gains access to the host system in a virtualized environment. It is used to bypass security measures and gain access to sensitive data or systems. Examples include using vulnerabilities in the host system or exploiting misconfigurations in the virtual environment. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Virtual_machine_escape).*

Answer 96

Segregating systems on a network to prevent malware spread or unauthorized access spread. ## Footnote The practice of segregating individual systems or devices on a network to limit the spread of malware or the progression of an attacker. It is often implemented through network segmentation and firewall rules that restrict communication between hosts. By keeping systems isolated, if one device is compromised, the threat is less likely to spread to other devices. This can be particularly valuable in incident response scenarios, where a compromised host can be isolated to prevent further network contamination.

Answer 97

A data center design for efficient equipment cooling by managing air flow separation. ## Footnote A layout design for data centers aimed at efficient cooling of equipment. In this configuration, rows of server racks are arranged so that the fronts of the servers (cold aisles), which intake air, face each other, and the backs of the servers (hot aisles), which exhaust air, also face each other. This design allows for more efficient cooling by keeping the cold intake and hot exhaust air separate, reducing energy costs and optimizing the longevity and performance of the equipment. As such, maintaining the integrity of hot and cold aisle configuration can be a part of physical security and risk management strategy in data centers. *For more information, view this lecture on [Fire suppression and hot and cold aisles](https://courses.thorteaches.com/courses/take/cissp/lessons/19149912-fire-suppression-and-hot-and-cold-aisles). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Server_room#Hot_aisle_/_cold_aisle).*

Answer 98

Replacing or adding components without shutting down or rebooting the system, enhancing uptime. ## Footnote Hot swapping is a method that allows the replacement or addition of computer system components without requiring a shutdown or reboot. This capability is crucial for essential systems that require high availability and minimal downtime. Hot swapping enables maintenance and upgrades, such as installing new storage drives or network cards while the system remains operational. *For more information, view this lecture on [Redundancy](https://courses.thorteaches.com/courses/take/cissp/lessons/19180421-redundancy). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Hot_swapping).*

Answer 99

A computing environment combining on-premises, private, and public cloud services with orchestration. ## Footnote A computing environment that combines a mix of on-premises, private cloud, and third-party, public cloud services with orchestration among these platforms. This allows organizations to benefit from the scalability and cost-effectiveness of public cloud computing while maintaining control over critical applications and sensitive data, providing a balanced approach to managing security and operational needs. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/18591376-virtualization-cloud-and-distributed-computing-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Hybrid_cloud).*

Answer 100

Combining symmetric and asymmetric encryption for secure and efficient data transmission. ## Footnote An approach to secure communication that combines the strengths of both symmetric and asymmetric encryption methods. The data is encrypted using a symmetric key for speed and efficiency, while the symmetric key itself is then encrypted with an asymmetric key for secure transmission. This blend of techniques allows large volumes of data to be transmitted securely and efficiently. *For more information, view this lecture on [The Encryption We Use Today](https://courses.thorteaches.com/courses/take/cissp/lessons/19215118-the-encryption-we-use-today). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Hybrid_cryptosystem).*

Answer 101

A system partly maintained on an organization's servers and partly on third-party servers, often for control over critical data and cloud scalability. ## Footnote A system configuration where part of an organization's data or services are maintained on their own servers (self-hosted) while other parts are hosted on third-party servers, often cloud services. This allows organizations to maintain control over critical or sensitive data or applications while still leveraging the scalability, accessibility, and often cost-savings associated with third-party hosted services. *For more information, view this lecture on [Audit Strategies for Cloud and Hybrid Environments - Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/54399235-new-2024-audit-strategies-for-cloud-and-hybrid-environments-part-2).*

Answer 102

Software that creates and manages virtual machines, separating the operating system from the underlying physical hardware. ## Footnote A piece of software, firmware, or hardware that creates and runs virtual machines (VMs). It separates the operating system and applications from the underlying physical hardware, which allows multiple computing environments to coexist on the same physical host. Hypervisors can be a target for attacks aimed at breaching VMs, so it's vital to ensure they are securely configured and maintained. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/18591372-virtualization-cloud-and-distributed-computing-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Hypervisor).*

Answer 103

IAAS is a cloud computing model offering on-demand access to virtualized computing resources—servers, storage, networking—so organizations can run and scale applications without maintaining physical hardware. ## Footnote Providers like AWS, Azure, or Google Cloud manage underlying infrastructure layers. Customers control operating systems, middleware, and deployed code, paying for actual resource usage. IAAS reduces capital expenses, accelerates deployments, and integrates with a wide range of services. Proper governance, security configurations, and monitoring remain critical to protect data and maintain compliance. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 3](https://courses.thorteaches.com/courses/take/cissp/lessons/18591378-virtualization-cloud-and-distributed-computing-part-3). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Infrastructure_as_a_service).*

Answer 104

Security risks specific to the Infrastructure as a Service model, like misconfiguration, inadequate access control, and tenant isolation breaches. ## Footnote IaaS Threats encompass security risks unique to the infrastructure as a Service model, which provides virtualized computing resources over the cloud. These risks range from misconfiguration and inadequate access controls to compromised virtual machines and tenant isolation breaches. To counter these threats, it's crucial to implement measures like secure API usage, multi-factor authentication, and regular security audits. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 3](https://courses.thorteaches.com/courses/take/cissp/lessons/18591378-virtualization-cloud-and-distributed-computing-part-3).*

Answer 105

A practice of replacing systems or components rather than updating them, enhancing reliability and predictability. ## Footnote The concept of replacing existing infrastructure components or systems instead of updating them. With an immutable infrastructure, once a system or component is deployed, it is not modified – any changes lead to a new deployment of a system or component. This philosophy is intended to increase the reliability, consistency, and repeatability of infrastructure, helping to mitigate risks associated with changes and providing a high level of auditability.

Answer 106

Targeting vulnerabilities in the application of cryptographic systems rather than inherent weakness in cryptographic algorithms. ## Footnote An attack that targets vulnerabilities in the implementation of a cryptographic system rather than inherent weaknesses in the cryptographic algorithms. This can involve exploiting errors in software coding, hardware design, or system configuration to gain unauthorized access or disrupt operations. Such attacks highlight the importance of robust, error-free, and secure implementation of cryptographic systems to resist potential threats. *For more information, view this lecture on [Attacks on our Cryptography- Part 3](https://courses.thorteaches.com/courses/take/cissp/lessons/19423096-attacks-on-our-cryptography-part-3).*

Answer 107

Holding individuals responsible for their actions, creating a culture of accountability to prevent security incidents. ## Footnote The practice of holding individuals accountable for their actions, including any security breaches or violations. This can help to ensure that employees take responsibility for their actions and can help to prevent security incidents by creating a culture of accountability within the organization. An example of individual accountability might be requiring employees to sign a security policy acknowledging their responsibility to protect company data. *For more information, view this lecture on [IAAA- Part 2- Identification, Authentication, Authorization, and Accountability](https://courses.thorteaches.com/courses/take/cissp/lessons/18551980-iaaa-part-2-identification-authentication-authorization-and-accountability).*

Answer 108

Systems controlling industrial processes, vulnerable to cyber attacks that can disrupt critical infrastructure. ## Footnote Systems that are used to control and monitor industrial processes, such as manufacturing, power generation, and transportation. ICS can be vulnerable to cyber-attacks, which can disrupt critical infrastructure and cause significant damage. An example of an ICS might be a system that controls the flow of oil or gas through a pipeline. *For more information, view this lecture on [Industrial Control Systems](https://courses.thorteaches.com/courses/take/cissp/lessons/19121862-industrial-control-systems). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Industrial_control_system).*

Answer 109

Deriving unauthorized information by analyzing data patterns and outputs. ## Footnote Inference in a security context refers to deducing sensitive information indirectly through the analysis of system outputs, data patterns, or statistical anomalies. This process can reveal confidential details even when direct access is restricted, underscoring the need for robust design measures to prevent leakage through indirect data correlations. *For more information, view this lecture on [Database Security](https://courses.thorteaches.com/courses/take/cissp/lessons/19121852-database-security). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Inference).*

Answer 110

The structure and organization of data within an organization, aiding in the management and efficiency of information systems. ## Footnote The structure and organization of an organization's data, information, and knowledge. This includes how the data is organized, how it is accessed, and how it is used. Information architecture is used to improve the efficiency and effectiveness of an organization's information management systems. Examples of information architecture include data models, information systems, and knowledge management systems. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Information_architecture).*

Answer 111

A representation of data movement within an organization, identifying where information is handled to implement security safeguards. ## Footnote An information flow model is a diagrammatic representation that identifies how data moves through an organization's systems and processes. This model is critical in pinpointing where sensitive or critical information is handled and determining potential points of data leakage or exposure, allowing for the implementation of necessary safeguards. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Information_flow_(information_theory)).*

Answer 112

A device detecting object presence by interrupting an infrared beam, used for security systems and manufacturing. ## Footnote A type of sensor that is used to detect the presence of objects or people in a particular area. It consists of an infrared transmitter and receiver that are mounted on opposite sides of a doorway or other opening and is used to trigger an alarm or other response if an object or person crosses the beam. Examples include the use of infrared beam sensors in security systems to detect intruders and in manufacturing environments to detect the presence of workers or machinery. *For more information, view this lecture on [Physical Security- Part 5](https://courses.thorteaches.com/courses/take/cissp/lessons/19149815-physical-security-part-5).*

Answer 113

A cloud service model offering virtualized computing resources over the internet, used for scalable infrastructure solutions. ## Footnote A cloud computing model where a service provider offers infrastructure resources, such as computing power, storage, and networking, as a service to customers. It is used in organizations to provide scalable and flexible infrastructure resources without the need to invest in and maintain on-premises infrastructure. Examples - Amazon Web Services, Microsoft Azure, and Google Cloud Platform. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 3](https://courses.thorteaches.com/courses/take/cissp/lessons/18591378-virtualization-cloud-and-distributed-computing-part-3). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Infrastructure_as_a_service).*

Answer 114

Managing and provisioning IT infrastructure through automated code and processes, used in cloud environments for efficient deployment. ## Footnote The practice of managing and provisioning IT infrastructure using code and automated processes. It is commonly used in cloud computing environments to ensure that infrastructure can be quickly and consistently deployed, managed, and updated. For example, an IaC system might use scripts and configuration files to automatically spin up new servers, configure security settings, and deploy applications in a cloud environment. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Infrastructure_as_code).*

Answer 115

A random value used in encryption to ensure unique ciphertext outputs for the same plaintext input. ## Footnote A random value used in some encryption algorithms to ensure that the same plaintext input always produces a different ciphertext output. IVs are commonly used in block cipher algorithms to prevent patterns or repetitions in the encrypted data, which could make it more vulnerable to attack. An example of IV usage could be in a secure messaging app that uses IVs to prevent an attacker from guessing the encryption key based on repeated messages. *For more information, view this lecture on [Symmetric Encryption- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149624-symmetric-encryption-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Initialization_vector).*

Answer 116

Setting a system or device to its original state or configuration, often used for system resets and software installations. ## Footnote The process of setting a system or device to its default or initial state. It is used in computer programming and system administration to reset a system or device to its original configuration. Examples -resetting a computer's BIOS settings, formatting a hard drive, and restoring a database to its initial state.

Answer 117

A value derived from data to verify its integrity during transmission or storage. ## Footnote A value that is calculated from a block of data to ensure that the data has not been altered or corrupted during transmission. It is used in data integrity checks, error detection, and data compression. Examples of integrity check values include a checksum, a cyclic redundancy check (CRC), and a hash value.

Answer 118

Capturing or diverting communications without permission, often a concern for private or sensitive data. ## Footnote The act of capturing or diverting data or communication without the knowledge or consent of the sender or receiver. It is used in surveillance, network security, and cybercrime investigations. Examples of interception include wiretapping, packet sniffing, and phishing attacks.

Answer 119

Primary storage within devices, such as drives, where data and applications are directly stored. ## Footnote The primary storage location in computers and other devices, such as hard drives or solid-state drives, where data and applications are stored directly on the device itself. This storage is typically faster and more secure than external or cloud-based storage, as it allows for quicker data access and is less exposed to external threats, but it is also limited by the physical storage capacity of the device. *For more information, view this lecture on [Data Handling, Data Storage, and Data Retention](https://courses.thorteaches.com/courses/take/cissp/lessons/18588262-data-handling-data-storage-and-data-retention). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Reference_(computer_science)#External_and_internal_storage).*

Answer 120

A network of smart, connected devices that can collect and exchange data, impacting various aspects of daily life. ## Footnote The network of physical devices, vehicles, and other objects embedded with sensors, software, and other technologies for the purpose of collecting and exchanging data. Examples of IoT in use include a smart thermostat adjusting the temperature in a home based on occupancy or a wearable fitness tracker sending data to a user's smartphone. *For more information, view this lecture on [IOT (Internet Of Things)](https://courses.thorteaches.com/courses/take/cissp/lessons/18591385-iot-internet-of-things). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Internet_of_things).*

Answer 121

Challenges that arise when trying to ensure multiple platform-as-a-service offerings work together seamlessly. ## Footnote Challenges in achieving compatibility and communication between different platforms as a service (PaaS) provider. It is used in cloud computing to ensure seamless integration and compatibility between different PaaS solutions. Examples include difficulties in transferring data between different cloud providers or compatibility issues with different versions of PaaS software. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 3](https://courses.thorteaches.com/courses/take/cissp/lessons/18591378-virtualization-cloud-and-distributed-computing-part-3).*

Answer 122

A signal causing the CPU to stop its current activities to address an event or condition requiring immediate attention. ## Footnote A signal from a device or software program to the central processing unit (CPU) of a computer, indicating that the device or program needs immediate attention. It is used in computer systems to allow devices and programs to communicate with the CPU and get processing time. Examples of interrupts include keyboard input, mouse movement, and network activity. *For more information, view this lecture on [Hardware Architecture- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/18591300-hardware-architecture-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Interrupt).*

Answer 123

Apple's mobile operating system for devices like iPhone and iPad, providing a platform for users and developers. ## Footnote The operating system used by Apple's iPhone, iPad, and iPod Touch devices. It is used to manage and control the hardware and software components of these devices, as well as provide a platform for third-party applications. Examples of iOS features include the home screen, app store, and Siri voice assistant. *For more information, view this lecture on [Mobile Device Security](https://courses.thorteaches.com/courses/take/cissp/lessons/19148750-mobile-device-security). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/IOS).*

Answer 124

The design and structuring of information systems in an organization, ensuring effective and secure operations. ## Footnote The structural design of information systems in an organization. It encompasses various aspects such as hardware, software, networking, and data storage, and their interconnections. The architecture defines the blueprint for the system and ensures that all components work together effectively, consistently, and securely, aligning with the organization's goals and strategic direction. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Enterprise_architecture).*

Answer 125

Hardware, software, networking, and services required for operating an enterprise's IT environment. ## Footnote The composite hardware, software, network resources, and services required for the existence, operation, and management of an enterprise's operational environment. The infrastructure serves as the foundation for delivering services essential for the organization, which must be designed, managed, and secured to effectively support business activities. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Information_technology_infrastructure).*

Answer 126

Jailbreaks remove software restrictions on devices like iPhones, granting root or administrator-level control otherwise blocked by the operating system or manufacturer. ## Footnote This process allows installing unofficial apps, customizing the interface, and bypassing limitations set by vendors. However, jailbreaking can void warranties, weaken device security, and expose users to malicious apps. While enthusiasts seek enhanced functionality and personal freedom, companies caution that it invites additional vulnerabilities. Balancing device customization with security requires diligent user practices, including cautious app sourcing and timely software patches. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Jailbreak_(iOS)).*

Answer 127

A set of rotating disks used to encode messages with variable substitution. ## Footnote The Jefferson Disk, also known as the Bazeries Cylinder, is a historical encryption tool that employs multiple rotating disks marked with letters. By rearranging and aligning these disks, a wide array of substitution combinations can be achieved, significantly enhancing the complexity and security of encoded messages during its time. *For more information, view this lecture on [The history of Cryptography- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/19215103-the-history-of-cryptography-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Jefferson_disk).*

Answer 128

The principle stating a cryptographic system should remain secure even if everything about it is known except the key. ## Footnote Kerckhoffs' Principle states that a cryptographic system should be secure even if everything about the system is public knowledge, except for the key. It underlines the need for cryptographic algorithms to be open to scrutiny without compromising security, thereby placing the burden of secrecy solely on the key and not on the system's design. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle).*

Answer 129

An operating mode granting full system control to execute any instructions, crucial for low-level system tasks. ## Footnote A mode of operation in an operating system where the system has complete control over the hardware and can execute any instructions. It is used for low-level tasks and is protected from user interference to prevent system instability. It is used in operating systems and computer architecture. Examples include managing memory or controlling device drivers. *For more information, view this lecture on [Secure system design concepts](https://courses.thorteaches.com/courses/take/cissp/lessons/18591293-secure-system-design-concepts). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Kernel_(operating_system)).*

Answer 130

The phenomenon where different cryptographic keys generate the same ciphertext from identical plaintext. ## Footnote Key clustering refers to a phenomenon in cryptography where different encryption keys produce the same ciphertext from the same plaintext. This can be viewed as a weakness in the encryption algorithm since it effectively reduces the number of unique keys and may allow an attacker more chances to find a key that decrypts the ciphertext successfully. *For more information, view this lecture on [Attacks on our cryptography- Part 3](https://courses.thorteaches.com/courses/take/cissp/lessons/19423096-attacks-on-our-cryptography-part-3).*

Answer 131

Algorithms generating keys from a secret value, aiding in secure cryptographic operations. ## Footnote Cryptographic algorithms are used to generate a sequence of keys from a secret value, such as a master key or passphrase. These derived keys are used in various cryptographic operations, ensuring that even if one key is compromised, others remain secure. KDFs are often used in applications that require multiple keys for different purposes, helping to maintain a secure environment by preventing key reuse and producing cryptographically strong keys. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Key_derivation_function).*

Answer 132

The size of a cryptographic key in bits, determining the key's strength and security level. ## Footnote The number of bits in a cryptographic key, which determines the strength and security of the key. It is commonly used in encryption algorithms to determine the level of security provided by the key. Examples include a key length of 128 bits, a key length of 192 bits, and a key length of 256 bits. *For more information, view this lecture on [The encryption we use today](https://courses.thorteaches.com/courses/take/cissp/lessons/19215118-the-encryption-we-use-today). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Key_size).*

Answer 133

An inventory of cryptographic keys detailing ownership, associated assets, and usage policies. ## Footnote A key list is an inventory of cryptographic keys that includes important information such as key owners, associated assets, and usage policies. It is essential for managing and tracking the lifecycle of keys within an organization's cryptographic infrastructure to ensure proper key usage and facilitate security operations.

Answer 134

The administrative task of maintaining cryptographic keys securely throughout their lifecycle. ## Footnote The administrative process of handling and maintaining the lifecycle of cryptographic keys in a secure manner. This lifecycle includes key creation, distribution, storage, rotation, and disposal. Proper key management ensures that keys are only accessible to authorized entities, protecting encrypted data from unauthorized access and mitigating the potential impact of key compromise. *For more information, view this lecture on [Digital signatures](https://courses.thorteaches.com/courses/take/cissp/lessons/19149728-digital-signatures). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Key_management).*

Answer 135

Systems managing cryptographic keys' lifecycle to secure data and communications. ## Footnote A system or set of tools and protocols used to manage cryptographic keys within an organization. It is used to ensure the secure and efficient generation, distribution, storage, and revocation of keys used for encryption and authentication. Examples of KMI components include a key server, a key management application, and a certificate authority.

Answer 136

Guidelines and procedures for handling cryptographic keys securely within an organization. ## Footnote Key management practices are the specific guidelines and procedures followed by an organization to handle cryptographic keys securely. They include aspects like key generation, protection, storage, and destruction, and are crucial to prevent unauthorized access and to maintain the confidentiality and integrity of encrypted data. *For more information, view this lecture on [Digital signatures](https://courses.thorteaches.com/courses/take/cissp/lessons/19149728-digital-signatures). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Key_management).*

Domain 3.1: Security Architecture and Engineering Flashcards

Learn essential terms related to secure system design, hardware, and cryptographic principles.