E-L

Question 1

Eavesdropping

Answer 1

Listening on a private communication without permission

Question 2

Egress

Answer 2

Network communications going out

Question 3

Elliptical curve cryptography (ECC)

Answer 3

An algorithm that combines plane geometry with algebra to achieve stronger authentication with smaller keys compared to traditional methods, such as RSA, which primarily use algebraic factoring. Smaller keys are more suitable to mobile devices.

Question 4

Encapsulation security payload (ESP)

Answer 4

Protocol, which is designed to provide a mix of security services in IPv4 and IPv6. ESP can be used to provide confidentiality, data origin authentication, connectionless integrity, and anti-replay service and limited traffic flow confidentiality.

Question 5

Encryption key

Answer 5

piece of digital information, used by an encryption algorithm to convert the plaintext to the ciphertext

Question 6

Eradication

Answer 6

when containment measures have been deployed after an incident occurs, the root cause of the incident must be identified and removed from the network. Eradication methods include; restoring backups to achieve a clean state of the system, removing the root cause, improving defenses and performing vulnerability analysis to find further potential damage form the same root cause.

Question 7

Event

Answer 7

Something that happens at a specific place or time

Question 8

Exploit

Answer 8

Full use of a vulnerability for the benefit of an attacker.

Question 9

File Transfer Protocol (FTP)

Answer 9

A protocol used to transfer files over a transmission control protocol/ Internet protocol (TCP/IP) network

Question 10

Firewall

Answer 10

A system or combination of systems that enforces a boundary between two or more networks, typically forming a barrier between a secure and an open environment such as the Internet

Question 11

Gateway

Answer 11

device (router, firewall) on a network that services as an entrance to another network

Question 12

governance

Answer 12

ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives. conditions can include the cost of capital, foreign exchange rates, etc. Options can include shifting manufacturing to other locations, subctontracting portions of the enterprise to third parties, selecting a product mix from many available choices.

Question 13

Guideline

Answer 13

A description of a particular way of accomplishing something that is less prescriptive than a procedure

Question 14

Hash function

Answer 14

An algorithm that maps or translate one set of bits into another so that a message yields the same result every time the algorithm is executed using the same message as input. It i computationally infeasible for a message to be derived or reconstituted from the result produced by the algorithm or to find 2 different messages that produce the same hash result using the same algorithm.

Question 15

Hash total

Answer 15

total of any numeric data field in a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.

Question 16

Hashing

Answer 16

Using a hash function (algorithm) to create hash valued or checksums that validate message integrity.

Question 17

Honeypot

Answer 17

specially configured server, also known as a decoy server, designed to attract and monitor intruders in a manner such that their actions do not affect production systems. Also known as “decoy server”

Question 18

Horizontal defense in depth

Answer 18

Controls are placed in various places in the path to access an asset

Question 19

Hubs

Answer 19

A common connection point for devices in a network, hubs are used to connect segments of a local area network (LAN). A hub contains multiple ports. When a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets.

Question 20

Hypertext Transfer Protocol (HTTP)

Answer 20

communication protocol used to connect to servers on the WWW. It is primary function is to establish a connection with a web server and transmit hypertext markup language (HTML), extensible markup language (XML) or other pages to client browsers

Question 21

IEEE (Institute of Electrical and Electronic Engineers)

Answer 21

an organization composed of engineers, scientists and students

Question 22

IEEE 802.11

Answer 22

A family of specifications developed by the IEEE for wireless local area network (WLAN) technology. 802.11 specifies an over-the-air interface between a wireless client and a base station or between 2 wireless clients.

Question 23

Imaging

Answer 23

A process that allows one to obtain a bit-for-bit copy of data to avoid damage of original data or information when multiple analyses may be performed.

Question 24

Impact

Answer 24

Magnitude of loss resulting from a threat exploiting a vulnerability

Question 25

Impact Analysis

Answer 25

A study to prioritize the criticality of information resources for the enterprise base on costs of adverse events. In an impact analysis, threats to asset are identified and potential business losses determined for different time periods. This assessment is used to justify the extent of safeguards that are required and recovery time frames

Question 26

Incident

Answer 26

any event that is not part of the standard operations of a service and that causes, or may cause, an interruption to, or a reduction in, the quality of that service

Question 27

incident response

Answer 27

may include: evacuation of a facility, initiating a disaster recovery plan (DRP), performing damage assessment, and any other measures necessary to bring an enterprise to a more stable status.

Question 28

incident response plan

Answer 28

operational component of incident management. The plan includes documented procedures and guidelines for defining the criticality of incidents, reporting and escalation process, and recovery procedures

Question 29

Information security

Answer 29

Ensures that within the enterprise, information is protected against disclosure to unauthorized users (confidentiality), improper modification (integrity), and nonaccess when required (availability).

Question 30

Infrastructure as a Service (IaaS)

Answer 30

Offers the capability to provision processing, storage, networks, and other fundamental computing resources, enabling the customer to deploy and run arbitrary software, which can include operating system (OSs) and applications

Question 31

Ingestion

Answer 31

a process to convert information extracted to a format that can be understood by investigators

Question 32

Ingress

Answer 32

Network communications coming in

Question 33

Inherent risk

Answer 33

risk level or exposure without taking into account the actions that mgmt has taken or might take

Question 34

Injection

Answer 34

a general term for attack types which consist of injecting code that is then interpreted/ executed by the application

Question 35

Integrity

Answer 35

guarding against improper information modification/ destruction, and includes ensuring information repudiation and authenticity.

Question 36

Internet Assigned Numbers Authority (IANA)

Answer 36

Responsible for the global coordination of the DNS root, IP addressing, and other Internet protocol resources

Question 37

Internet Control Message Protocol (ICMP)

Answer 37

A set of protocols that allow systems to communicate information about the state of service on other systems. For example, ICMP is used in determining whether systems are up, maximum packet sizes on links, whether a destination host/network/port is available.

Question 38

Internet Protocol (IP)

Answer 38

Specifies the format of packets and the addressing scheme.

Question 39

Internet Protocol (IP) packet spoofing

Answer 39

attack using packets with the spoofed source Internet packet (IP) addresses. This technique exploits applications that use authentication based on IP addresses.

Question 40

Internetwork Packet Exchange/ Sequenced Packet Exchange (IPX/ SPX)

Answer 40

IPX is layer 3 of the open systems interconnect (OSI) model network protocol; SPX is layer 4 transport protocol. The SPX layer sits on the op of IPX layer and provides connection-oriented services between 2 nodes on the network.

Question 41

interrogation

Answer 41

used to obtain prior indicators or relationships, including personal information, from extracted data

Question 42

Investigation

Answer 42

collection and analysis of evidence with the goal to identifying the perpetrator of an attack or unauthorized use or access

Question 43

IP Authentication Header (AH)

Answer 43

Protocol used to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replays. Ah ensures data inegrity with a checksum that a message authentication code, such as MD5, generates. To ensure data origin authentication, AH includes a secret shared key in the algorithm that it uses for authentication. To ensure replay protection, AH uses a sequence number field within the IP authentication header.

Question 44

IP Security (IPSec)

Answer 44

A set of protocols developed by the Internet Engineering Task Force (IETF) to support the secure exchange of packets.

Question 45

IT Governance

Answer 45

The responsibility of executives and the BoD, consist of the leadership organization structures and processes that ensure that the enterprise’s IT sustains and extends the enterprise’s strategies and objectives

Question 46

Kernel mode

Answer 46

used of execution of privileged instruction for the internal operations of the system. No protections from errors or malicious activity and all parts of the system and memory are accessible

Question 47

Key risk indicator (KRI)

Answer 47

subset of risk indicators that are highly relevant and posses a high probability of predicting or indicating important risk.

Question 48

Keylogger

Answer 48

Software used to record all keystrokes on a computer

Question 49

Latency

Answer 49

Time it takes a system and network delay to respond. More specifically, system latency is the time a system takes to retrieve data. Network latency is the time it takes for a packet to travel from source to the final destination.

Question 50

Layer 2 switches

Answer 50

Data link level devices that can divide and interconnect network segments and help to reduce collision domains in Ethernet-based network

Question 51

Layer 3 and 4 switches

Answer 51

switchese with operating cabilities at layer 3 and layer 4 of the open systems interconnect (OSI) model. These switches look at the incoming packet’s network protocol and then compare the designation IP address to the list of addresses in their tables, to actively calculate the best way to send packet to its destination.

Question 52

Layer 4-7 switches

Answer 52

used for load balancing among groups of servers. Also known as content-switches, content services switches, web-switches or application-switches

Question 53

Local area network (LAN)

Answer 53

Communication network that serves several users within a specified geographic area. A personal computer LAN functions as a distributed processing system n which each computer in the network does its own processing and manages some of its data. Shared data are stored in a file server that acts a a remote disk drive for all users in the network.