Extra Terms

Question 1

What is PKI?

Answer 1

A framework of programs, procedures, communication protocols, and public key cryptography that enables a diverse group of individuals to communicate securely.

Question 2

What does OWASP stand for?

Answer 2

Open Web Application Security Project, an international nonprofit that focuses on identifying software vulnerabilities and educating developers in the practice of secure coding.

Question 3

What are Joint Operating Agreements?

Answer 3

Agreements that provide nearby relocation sites so disruption is limited to the organization’s own facility/campus and can be addressed at a different location.

Question 4

What are the layers of the OSI Model?

Answer 4

Physical; Data Link; Network; Transport; Session; Presentation; Application.

Question 5

What is the Cross-Certification Model?

Answer 5

A model where every participating organization has to review and approve every other organization; does not scale well.

Question 6

What is FPE?

Answer 6

Format-Preserving Encryption, a technique used to scramble contents of data using a mathematical algorithm while keeping the structural arrangement of the data.

Question 7

What are the Logging Levels?

Answer 7

OFF > FATAL > ERROR > WARN > INFO > DEBUG > TRACE > ALL.

Question 8

What does OFF mean in Logging Levels?

Answer 8

Used to turn off logging.

Question 9

What does FATAL mean in Logging Levels?

Answer 9

Indicates the application is about to stop due to a serious problem/corruption; the situation is catastrophic.

Question 10

What does ERROR mean in Logging Levels?

Answer 10

Indicates an inability to access a service/file; a severe issue is stopping functions within the application from operating efficiently.

Question 11

What does WARN mean in Logging Levels?

Answer 11

Indicates a detected unexpected application problem.

Question 12

What does INFO mean in Logging Levels?

Answer 12

Indicates normal behavior of applications.

Question 13

What does DEBUG mean in Logging Levels?

Answer 13

Provides diagnostic information in a detailed manner for diagnosing, troubleshooting, or testing an application.

Question 14

What does TRACE mean in Logging Levels?

Answer 14

Captures all details about the behavior of the application; used to see events within the application and what happened in third-party libraries.

Question 15

What does ALL mean in Logging Levels?

Answer 15

Shows all or custom logged definitions.

Question 16

What is the Management Plane?

Answer 16

Technology that allows an admin to remotely manage a fleet of servers; logical infrastructure design used to configure cloud resources.

Question 17

What is the role of the Information Commissioner?

Answer 17

Responsible for enforcing the UK’s GDPR and offering advice and assistance to both the council and individual groups whose information is being held.

Question 18

What is the NIS Directive?

Answer 18

The first piece of EU-wide cybersecurity legislation; requires notification to competent authorities or CSIRT.

Question 19

What is NIST 800-145?

Answer 19

The NIST definition of Cloud Computing; a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources.

Question 20

What does NIST 800-146 cover?

Answer 20

Reprises the NIST-established definition of cloud computing, describes benefits and open issues, and provides guidelines and recommendations.

Question 21

What are Functional Requirements?

Answer 21

Performance aspects necessary for a business task to be accomplished.

Example: A salesperson in the field must be able to connect to the organization’s network remotely.

Question 22

What are Nonfunctional Requirements?

Answer 22

Aspects that are not necessary for accomplishing a business task but are desired or expected.

Example: The salesperson’s remote connection must be secure.

Question 23

What are DFDs?

Answer 23

Data Flow Diagrams, useful in systems/software engineering to establish functional requirements before technology selection.

Question 24

What is Eucalyptus?

Answer 24

Computer software for building AWS-compatible private/hybrid cloud computing environments; supports multitenancy.

Question 25

What does ISO/IEC 17788 provide?

Answer 25

An overview of cloud computing and a set of terms and definitions.

Question 26

What is NIST 500-292?

Answer 26

Guidelines for the adoption of cloud computing into the Federal Government.

Question 27

What are Metastructure protocols?

Answer 27

Protocols and mechanisms that provide the interface between the infrastructure layer and other layers.

Question 28

What is PRE?

Answer 28

Proxy Re-Encryption, which allows a proxy to convert ciphertext encrypted under one key into an encryption of the same message under another key.

Question 29

What is Software-Defined Infrastructure?

Answer 29

Technical computing infrastructure entirely under the control of software with no operator or human intervention.

Question 30

What is Chaos Engineering?

Answer 30

A method of testing software that deliberately introduces failure and faulty scenarios to verify resilience.

Question 31

What is Microsoft’s SDL?

Answer 31

Security Development Lifecycle, a software development process based on the spiral model to help developers create secure applications.

Question 32

What does NIST 800-92 cover?

Answer 32

Log management.

Question 33

What does NIST 800-40 address?

Answer 33

Enterprise patch management planning.

Question 34

What are the types of backups?

Answer 34

Full; Copy; Differential; Incremental.

Question 35

What is Differential backup?

Answer 35

Backs up all data changed since the last full backup.

Example: If a full backup was done on Sunday, a differential backup on Monday will include only files changed since Sunday.

Question 36

What is Incremental backup?

Answer 36

Backs up data that changed since the last backup; can be time-consuming to restore data.