Exam A Flashcards
Someone or something forges the sender’s information and pretends to be a legitimate source, for the purpose of gaining access to personal information, acquiring money, spreading malware, or stealing data. If a DNS server has been modified to hand out the IP address of a different server, then it’s ** the IP address of the attacker.
Spoofing
Attackers place themselves between two devices (often a web browser and a web server) and intercept or modify communications between the two. The attackers can then collect information as well as impersonate either of the two agents.
On-Path
When multiple third-parties work together to create a service outage.
DDoS (Distributed Denial of Service Attack)
When a service is unavailable due to the effects of a third-party.
DoS Denial of Service
Threat that seems real but doesn’t actually exist.
Hoax
Method that gathers information without direct interaction with the target system using search engines and social networking sites.
Passive Footprinting
Primary protocol used to send data between a web browser and a website. Encrypted in order to increase security data transfer and used for transmitting sensitive data such as login into a bank account, email service or health insurance provider.
HTTPS
When a pen- testing team is given only SOME information.
Partially Known environment (Gray Box)
Threat actor motivated by nationalism and tasked with gaining secrets from or disrupting other nations via cyber means.
Nation State Threat Actor
Involves splitting and distributing data across different partitions to enhance security and optimize performance.
Data partition
A system that provides a short term use for data storage.
Temporary File System
Single piece of hardware that combines several functionalities such as printing, scanning, copying, and sometimes faxing into one unit.
MFD (Multi-Function Device)
Refers to the network of physical objects or things embedded with sensors, software, and other technologies that enable them to connect and exchange data with other devices and systems over the internet.
IoT
OS designed to handle and respond to events or data within a strict time constraint.
RTOS (Real Time Operating Systems)
Integrated circuit that combines many high level functions of an electronic device onto a single chip instead of using separate components mounted to a motherboard.
SoC (System on a Chip)
international standard for privacy information management. It provides guidelines to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS).
ISO 27701 (International Organization for Standardization)
Set of technologies and practices that enable organizations to collect security threat data and alerts from various sources, automate incident response actions, and orchestrate workflows across different security tools and teams.
SOAR (Security Orchestration, Automation, and Response)
System that manages digital keys and digital certificates that verify authenticity of the entities on a network.
PKI (Public Key Infrastructure)
Way of linking different identity management systems together. Allows users from one organization to access resources of another organization without needing separate credentials.I.E. Using your gmail account to log into a different website.
Federation
Average time between component failures during operation. Used to predict the time between one failure and the next. Example: best to describe how often the firewall hardware is expected to fail between repairs.
MTBF - Mean Time Between Failures