Domain 4

Question 1

Acknowledgment (ACK)

Answer 1

An acknowledgment of a signal being received.

Question 2

Address Resolution Protocol (ARP)

Answer 2

Used at the Media Access Control (MAC) layer to provide for direct communication between two devices within the same LAN segment.

Question 3

Advanced Persistent Threat (APT)

Answer 3

An adversary with sophisticated levels of expertise and significant resources who is able to use multiple different attack vectors (e.g., cyber, physical and deception) to achieve its objectives. Its objectives are typically to establish and extend footholds within the IT infrastructure of organizations in order to continually exfiltrate information and/or to undermine or impede critical aspects of a mission, program or organization, or place itself in a position to do so in the future. Moreover, the APT pursues its objectives repeatedly over an extended period of time, adapting to a defender’s efforts to resist it, and with determination to maintain the level of interaction needed to execute its objectives.

Question 4

Application Programming Interface (API)

Answer 4

Mobile code mechanisms that provide ways for applications to share data, methods or functions over a network. Usually implemented either in XML or JavaScript Object Notation (JSON). A reference to a software access point or library function with a well- defined syntax and well-defined functionality.

Question 5

Bandwidth

Answer 5

The amount of information transmitted over a period of time. A process consisting of learning or education could necessitate higher bandwidth than a quick status update, which would require a lower bandwidth.

Question 6

Bit

Answer 6

Most essential representation of data (zero or one) at layer 1 of the OSI 7-Layer Model.

Question 7

Bluetooth (Wireless Personal Area Network IEEE 802.15)

Answer 7

Bluetooth wireless technology is an open standard for short-range RF communication used primarily to establish wireless personal area networks (WPANs). It has been integrated into many types of business and consumer devices.

Question 8

Bound Network(s)

Answer 8

Network in which devices are connected at layer 1 by means of physical cables, wires or fiber. Often referred to as wired networks, Ethernet networks or by wiring or cable standard used, (e.g., fiber network, Cat 5 or Cat 6 network). See also Unbound (wireless) Network(s).

Question 9

Boundary Routers

Answer 9

Primarily advertise routes that external hosts can use to reach internal ones.

Question 10

Bridges

Answer 10

A device that creates a single aggregate network from separate network segments. Using the OSI model, this device aggregates networks at layer 2.

Question 11

Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)

Answer 11

A method of flow control in a network. To prevent more than one station from accessing the network simultaneously, the sending station announces its intent to send, and other stations wait until the sending station announces its completion.

Question 12

Carrier Sense Multiple Access with Collision Detection (CSMA/CD)

Answer 12

A method of flow control in a network. If more than one station accesses the network simultaneously, the other stations detect the event and subsequently attempt retransmission.

Question 13

Cellular Network

Answer 13

A radio network distributed over land areas called cells, each served by at least one fixed-location transceiver, known as a cell site or base station.

Question 14

Circuit-Switched Network

Answer 14

A network that establishes a dedicated circuit between endpoints.

Question 15

Code-Division Multiple Access (CDMA)

Answer 15

Every call’s data is encoded with a unique key, then the calls are all transmitted at once.

Question 16

Concentrators

Answer 16

Multiplex connected devices into one signal to be transmitted on a network.

Question 17

Content Distribution Network (CDN)

Answer 17

A large, distributed system of servers deployed in multiple data centers, which moves content to achieve QoS and availability requirements.

Question 18

Control Plane

Answer 18

Control of network functionality and programmability is directly made to devices at this layer. OpenFlow was the original framework/protocol specified to interface with devices through southbound interfaces.

Question 19

Converged Protocols

Answer 19

A protocol that combines (or converges) standard protocols (such as TCP/IP) with proprietary or other non-standard protocols. These can sometimes provide greatly enhanced functionality and security to meet the needs of specific situations or industries. Adopting them can also complicate enterprise-wide security engineering efforts by requiring additional specialist knowledge and skills to manage and secure.

Question 20

Domain Name Service (DNS)

Answer 20

This acronym can be applied to three interrelated elements: a service, a physical server and a network protocol.

Question 21

Driver (Device Driver)

Answer 21

Software layer that provides an interface for accessing the functions of hardware devices. Typically used by the OS.

Question 22

Dynamic Host Configuration Protocol (DHCP)

Answer 22

An industry standard protocol used to dynamically assign IP addresses to network devices.

Question 23

Dynamic or Private Ports

Answer 23

Ports 49152-65535. Whenever a service is requested that is associated with well- known or registered ports, those services will respond with a dynamic port.

Question 24

East-West Data Flow (or Traffic)

Answer 24

Network data traffic that flows laterally across a set of internal systems, networks or subnetworks within an IT architecture. These can be flows within a data center or between geographically disperse locations. Contrast with north-south data flows, in which northbound data is leaving the Within SDNs, east-west data flow is within a data plane, control plane or application plane. North-south data flows, in SDN terms, is data flowing up and down the stack of data/ control/application planes. organization and southbound is entering it.

Question 25

Fiber Distributed Data Interface (FDDI)

Answer 25

A LAN standard, defined by ANSI X3T9.5, specifying a 100Mbps token- passing network using fiber-optic cable, with transmission distances of up to two kilometers.

Question 26

Fibre Channel over Ethernet (FCoE)

Answer 26

A lightweight encapsulation protocol that lacks the reliable data transport of the TCP layer.

Question 27

File Transfer Protocol (FTP)

Answer 27

The internet protocol (and program) used to transfer files between hosts.

Question 28

Firewalls

Answer 28

Devices that enforce administrative security policies by filtering incoming traffic based on a set of rules.

Question 29

Firmware

Answer 29

Computer programs and data stored in hardware typically in read-only memory (ROM) or programmable read-only memory (PROM)—such that the programs and data cannot be dynamically written or modified during execution of the programs.

Question 30

Frame

Answer 30

Data represented at layer 2 of the OSI 7-Layer Model.

Question 31

Gateway Device

Answer 31

A firewall or other device sitting at the edge of a network to regulate traffic and enforce rules.

Question 32

Hypertext Transfer Protocol (HTTP)

Answer 32

A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser. The protocol used to transport hypertext files across the internet.

Question 33

Internet Control Message Protocol (ICMP)

Answer 33

An IP network protocol standardized by the IETF through RFC 792 to determine if a particular service or host is available.

Question 34

Internet Group Management Protocol (IGMP)

Answer 34

Used to manage multicasting groups that are a set of hosts anywhere on a network that are listening for a transmission.

Question 35

Internet of Things (IoT)

Answer 35

A virtual network made up of small, dedicated-use devices that are typically designed as small form factor, embedded hardware with a limited functionality OS. They may interface with the physical world and tend to be pervasively deployed where they exist.

Question 36

Internet Protocol (IPv4)

Answer 36

The dominant protocol that operates at layer 3 of the OSI) 7-Layer Model. IP is responsible for addressing packets so that they can be transmitted from the source to the destination hosts.

Question 37

Internet Protocol (IPv6)

Answer 37

A modernization of IPv4 that includes a much larger address field: IPv6 addresses are 128 bits that support 2128 hosts.

Question 38

Internetworking

Answer 38

Two different sets of servers and communications elements using network protocol stacks to communicate with each other and coordinate their activities with each other.

Question 39

Intrusion Detection System (IDS)

Answer 39

A security service that monitors and analyzes network or system events for the purpose of finding and providing real-time or near real-time warning of attempts to access system resources in an unauthorized manner.

Question 40

Intrusion Prevention Systems (IPS)

Answer 40

Uses available information to determine if an attack is underway and sends alerts but also blocks the attack from reaching its intended target.

Question 41

Kill Chain, Cyber Kill Chain

Answer 41

A generalized attack model consisting of actions on the objective and six broad, overlapping sets of operational activities: reconnaissance, weaponization, delivery, exploitation, installation, command and control. APT actors often combine these operations in complex ways to achieve their goals; such attacks may span over many months. For defenders, the kill chain model highlights the temporary gain in security that can result by improved systems and organizational hardening across any or all of these areas.

Question 42

Lightweight Directory Access Protocol (LDAP)

Answer 42

Authentication is specified as simple (basic), simple using SSL/TLS, or Simple Authentication and Security Layer (SASL).

Question 43

Logical Link Control (LLC)

Answer 43

One of two sublayers that together make up the data link layer in the OSI.

Question 44

Man-in-the- Middle (MITM)

Answer 44

A form of active attack in which the attacker inserts themselves into the physical or logical communications flow between two parties and masquerades to each as the other, falsifying or altering the data exchanged as the attacker chooses to. Also known as MITM. Man (machine)-in-the-browser (MITB) attacks focus on layer 7 vulnerabilities to masquerade as client to the server and as server to the client.

Question 45

Media Access Control (MAC)

Answer 45

The 48-bit hex number assigned to all network cards. The first 24 bits are assigned to the card manufacturer with the send being a unique value (address) for that card.

Question 46

Microsegmented Networks, Microsegmentation

Answer 46

Part of a zero trust strategy that breaks LANs into very small, highly localized zones using firewalls or similar technologies. At the limit, this places a firewall at every connection point.

Question 47

Modem

Answer 47

Provides modulation and demodulation of binary data into analog signals for transmission through telephone, cable, fiber, or other signaling systems.

Question 48

Multiprotocol Label Switching (MPLS)

Answer 48

A WAN protocol that operates at both layer 2 and layer 3 and does label switching.

Question 49

Network Function Virtualization (NFV)

Answer 49

Alternately referred to as virtual network function. The objective of NFV is to decouple functions, such as firewall management, intrusion detection, NAT and name service resolution, away from specific hardware implementation and move them into software solutions. NFV’s focus is to optimize distinct network services.

Question 50

Network Management

Answer 50

Monitors network performance and identifies attacks and failures. Mechanisms include components that enable network administrators to monitor and restrict resource access.

Question 51

North-South Network Data Flow (or Traffic)

Answer 51

Data flowing either from the organization to external destinations (northbound) or into the organization from external sources (southbound). In SDN terms, data flowing up (northbound) or down (southbound) the stack of data/control/applications planes.

Question 52

Open Shortest Path First (OSPF)

Answer 52

An interior gateway routing protocol developed for IP networks based on the shortest path first or link-state algorithm.

Question 53

OSI Layer 1

Answer 53

Physical Layer

Question 54

OSI Layer 2

Answer 54

Data Link Layer

Question 55

OSI Layer 3

Answer 55

Network Layer

Question 56

OSI Layer 4

Answer 56

Transport Layer

Question 57

OSI Layer 5

Answer 57

Session Layer

Question 58

OSI Layer 6

Answer 58

Presentation Layer

Question 59

OSI Layer 7

Answer 59

Application Layer

Question 60

Packet

Answer 60

Representation of data at layer 3 of the OSI 7-Layer Model.

Question 61

Packet Loss

Answer 61

Degradation of VoIP or other streaming data caused by lost packets. A technique called packet loss concealment (PLC) is used in VoIP communications to mask the effect of dropped packets

Question 62

Packet-Switched Networks

Answer 62

Networks that do not use a dedicated connection between endpoints.

Question 63

Point-to-Point Protocol (PPP)

Answer 63

Provides a standard method for transporting multiprotocol datagrams over point-to-point links.

Question 64

Port Address Translation (PAT)

Answer 64

An extension to network address translation (NAT) to translate all addresses to one routable IP address and translate the source port number in the packet to a unique value.

Question 65

Quality of Service (QoS)

Answer 65

Refers to the capability of a network to provide better service to selected network traffic over various technologies, including frame relay, ATM, Ethernet and 802.1 networks, SONET, and IP-routed networks that may use any or all of these underlying technologies.

Question 66

Registered Ports

Answer 66

Ports 1024-49151. These ports typically accompany non-system applications associated with vendors and developers.

Question 67

Remote Procedure Call (RPC)

Answer 67

A protocol that enables one system to execute instructions on other hosts across a network infrastructure.

Question 68

Root of Trust (RoT)

Answer 68

Hardware-based mechanisms that guarantee the integrity of the hardware prior to loading the OS of a computer.

Question 69

Segment

Answer 69

Data representation (or datagram name) at Layer 4 of the OSI 7-Layer Model. A portion of a larger network, usually isolated by firewalls or routers at either end from other portions of the network. See also Microsegmented Networks, Microsegmentation.

Question 70

Simple Network Management Protocol (SNMP)

Answer 70

An IP protocol for collecting and organizing information about managed devices on IP networks. It can be used to determine the “health” of networking devices including routers, switches, servers, workstations, printers, and modem racks.

Question 71

Smurf

Answer 71

ICMP echo request sent to the network broadcast address of a spoofed victim causing all nodes to respond to the victim with an echo reply.

Question 72

Software-Defined Networking (SDN)

Answer 72

Any of a broad range of techniques that enable network management, routing, forwarding and control functions to be directed by software. This is generally done by abstracting the control and management planes from the data plane and its forwarding functions.

Question 73

Software-Defined Wide Area Network (SD-WAN)

Answer 73

An extension of the SDN practices to connect to entities spread across the internet to support WAN architecture especially related to cloud migration.

Question 74

Teardrop Attack

Answer 74

Exploits the reassembly of fragmented IP packets in the fragment offset field that indicates the starting position, or offset, of the data contained in a fragmented packet relative to the data of the original unfragmented packet.

Question 75

Terminal Emulation Protocol (Telnet)

Answer 75

A command-line protocol designed to give command-line access from one host to another.

Question 76

Transmission Control Protocol (TCP)

Answer 76

The major transport protocol in the internet suite of protocols providing reliable, connection-oriented, full-duplex streams.

Question 77

Transmission Control Protocol over Internet Protocol (TCP/IP)

Answer 77

The name of the IETF’s four-layer networking model, and its protocol stack.

Question 78

Transport Control Protocol/Internet Protocol (TCP/IP) Model

Answer 78

Internetworking protocol model created by the IETF, which specifies four layers of functionality: link layer (physical communications), internet layer (network-to-network communication), transport layer (basic channels for connections and connectionless exchange of data between hosts) and application layer, where other protocols and user applications programs make use of network services.

Question 79

Trusted Platform Module (TPM)

Answer 79

A tamper-resistant integrated circuit built into some computer motherboards that can perform cryptographic operations (including key generation) and protect small amounts of sensitive information, such as passwords and cryptographic keys.

Question 80

Unbound (Wireless) Network(s)

Answer 80

Network in which physical layer interconnections are done using radio, light or other means not confined to wires, cables or fibers. Devices on unbound networks may or may not be mobile. See also Bound Network(s).

Question 81

Virtual Local Area Networks (VLANs)

Answer 81

Allow network administrators to use switches to create software-based LAN segments that can be defined based on factors other than physical location.

Question 82

Voice over Internet Protocol (VoIP)

Answer 82

A set of technologies that enables voice to be sent over a packet network.

Question 83

Web Application Firewall (WAF)

Answer 83

A software-based firewall, which monitors and filters exchanges between an applications program and a host. WAFs usually involve inspection and filtering of HTTP and HTTPS conversations.

Question 84

Wi-Fi (Wireless LAN IEEE 802.11x)

Answer 84

Primarily associated with computer networking, Wi-Fi uses the IEEE 802.11x specification to create a wireless LAN either public or private.

Question 85

WiMAX (Broadband Wireless Access IEEE 802.16)

Answer 85

A well-known example of wireless broadband. WiMAX can potentially deliver data rates of more than 30 Mbps.

Question 86

Zero Trust Model / Architecture

Answer 86

Replaces trust, but verify as security design principle by asserting that all activities attempted, by all users or entities, must be subject to control, authentication, authorization, and management at the most granular level possible. NIST and others have proposed zero trust architectures as guidance frameworks for organizations to use as they combine microsegmentation, access control, behavior modeling, and threat intelligence (among other techniques) in moving toward a zero trust implementation.