Full List

Question 1

CIA

Answer 1

• Confidentiality: prevent unauthorized information disclosure.
• Integrity: data remains unaltered
• Availability: information is accessible to authorized users

Question 2

AAA

Answer 2

• Authentication: prove your identity, e.g. password
• Authorization: what resources you have access to.
• Accounting: record of the resources used, e.g. login time, logout time

Question 3

PKI

Answer 3

Public Key Infrastructure: A system of policies, procedures, and technology for managing digital certificates to securely link public keys to people or devices, enabling trusted communication.

Question 4

TPM

Answer 4

Trusted Platform Module: a microprocessor that provides cryptographic functions for a single device, e.g. storing BitLocker keys.

Question 5

HSM

Answer 5

Hardware Security Module: a dedicated device for storing and managing encryption keys for many devices, typically used in large environments.

Question 6

CA

Answer 6

Certificate Authority: A trusted organization that issues and manages digital certificates to verify the identity of entities.

Question 7

CRL

Answer 7

Certificate Revocation List: list of invalidated certificates that’s maintained by the Certificate Authority.

Question 8

OCSP

Answer 8

Online Certificate Status Protocol: real-time certificate validity checks through browser.

Question 9

CSR

Answer 9

Certificate Signing Request: request the Certificate Authority to issue a digital certificate.

Question 10

SMS

Answer 10

Short Message Service: a text messaging service that allows the exchange of short text messages between mobile devices.

Question 11

IM

Answer 11

Instant Messaging: the exchange of near-real-time messages through online software.

Question 12

MSP

Answer 12

Managed Service Providers: A company that manages IT infrastructure and services for organizations remotely.

Question 13

TOC/TOU

Answer 13

Time-of-check to Time-of-use: exploiting the gap between verification and execution in race conditions. A race condition is exploiting processes running simultaneously.

Question 14

SQLi

Answer 14

Structured Query Language injection: injecting malicious SQL commands into a database query.

Question 15

XSS

Answer 15

Cross Site Scripting: injecting scripts into web pages viewed by users.

Question 16

VM escape

Answer 16

Virtual Machine escape: gaining access to a host from a virtual machine.

Question 17

RFID cloning

Answer 17

Radio Frequency Identification cloning: duplicating RFID cards or tags.

Question 18

DDoS

Answer 18

Distributed Denial of Service: flooding a service with requests from several computers to cause downtime.

Question 19

DNS attack

Answer 19

Domain Name System: exploiting vulnerabilities in DNS to redirect traffic from a website.

Question 20

IoT

Answer 20

Internet of Things: A network of interconnected devices that communicate and exchange data over the internet.

Question 21

VLAN

Answer 21

Virtual Local Area Network: a network segmentation technique that groups devices logically to improve performance and security

Question 22

ACL

Answer 22

Access Control List: a list of rules that lists access permissions based on an allow/deny list.

Question 23

HIPS

Answer 23

Host-based Intrusion Prevention System: a security software that detects and prevents unauthorized access to a system on a host.

Question 24

IaC

Answer 24

Infrastructure as Code: Managing and provisioning infrastructure through code, useful in software development to build, test, and deploy applications.

Question 25

SDN

Answer 25

Software-defined Networking: network infrastructure that enables the network to be centrally controlled using software applications.

Question 26

ICS/SCADA

Answer 26

Industrial Control Systems & Supervisory Control and Data Acquisition System: systems used to monitor and control industrial processes, e.g. power generation, energy, manufacturing.

Question 27

RTOS

Answer 27

Real-time Operating System: low-latency systems with high security demands, an OS with deterministic processing schedule, e.g. military environments.

Question 28

IPS/IDS

Answer 28

Intrusion Prevention/Detection System: designed to monitor and alert (IDS) or actively block (IPS) malicious activities in a network.

Question 29

PSK

Answer 29

Pre-shared Key: A shared password used for authentication in wireless networks like WPA2/WPA3.

Question 30

EAP

Answer 30

Extensible Authentication Protocol: authentication framework for secure communication, can be used withan authentication database like RADIUS, LDAP, or TACACS+.

Question 31

802.1X

Answer 31

IEEE 802.1X: port-based network access control that authenticates users using EAP

Question 32

WAF

Answer 32

Web Application Firewall: a firewall that protects against web threats like SQL injection, it applies rules to HTTP/HTTPS conversations.

Question 33

UTM

Answer 33

Unified Threat Management: all-in-one security appliance in one device, can contain IDS/IPS, URL filter, spam filter, etc.

Question 34

NGFW

Answer 34

Next-generation Firewall: advanced firewall with application-layer filtering, has deep packet inspection.

Question 35

VPN

Answer 35

Virtual Private Network: encrypting data going through a public network for secure remote access.

Question 36

TLS

Answer 36

Transport Layer Security: encrypting data communication over a network through port 443 (HTTPS) at the application layer.

Question 37

IPSec

Answer 37

Internet Protocol Security: secures internet communications by encrypting and authenticating data packets at the network layer.

Question 38

SD-WAN

Answer 38

Software-defined Wide Area Network: a WAN built for the cloud giving efficient access to public cloud applications.

Question 39

SASE

Answer 39

Secure Access Service Edge: a next-generation VPN that allows you to connect securely from different locations, or anywhere.

Question 40

UPS

Answer 40

Uninterruptible Power Supply: battery backup to keep systems running temporarily during power loss.

Question 41

MDM

Answer 41

Mobile Device Management: software for managing and securing mobile devices within an organization.

Question 42

BYOD

Answer 42

Bring Your Own Device: employees using personal devices at work.

Question 43

COPE

Answer 43

Corporate-owned, personally enabled: company provides the device with limited personal use.

Question 44

CYOD

Answer 44

Choose Your Own Device: employees choose from pre-approved devices.

Question 45

WPA3

Answer 45

Wi-Fi Protected Access 3: advanced encryption for web networks.

Question 46

RADIUS

Answer 46

Remote Authentication Dial-in User Service: protocol that provides centralized authentication, authorization, and accounting (AAA) for users accessing a network.

Question 47

OSINT

Answer 47

Open-Source Intelligence: the process of gathering publicly available information to assess threats.

Question 48

CVSS

Answer 48

Common Vulnerability Scoring System: evaluate and rank reported vulnerabilities in a standardized way.

Question 49

CVE

Answer 49

Common Vulnerability Enumeration: identifying and cataloging known vulnerabilities, maintained by MITRE.

Question 50

SCAP

Answer 50

Security Content Automation Protocol: framework for managing security policies and compliance.

Question 51

SIEM

Answer 51

Security Information and Event Management: centralised logging and analysis tool used to detect, analyze, and respond to security threats.

Question 52

DLP

Answer 52

Data Loss Protection: protecting sensitive data from unauthorized sharing or data exflitration.

Question 53

SNMP traps

Answer 53

Simple Network Management Protocol traps: alerts sent by devices to monitor systems.

Question 54

URL scanning

Answer 54

Uniform Resource Locator scanning: analysis of URLs for malicious content.

Question 55

DMARC

Answer 55

Domain-based Message Authentication Reporting and Conformance: builds on SPF and DKIM, letting domain owners set policies for handling unauthenticated emails and receive compliance reports.

Question 56

DKIM

Answer 56

DomainKeys Identified Mail: digitally signs outgoing emails, validated by receivers using a public key in DNS.

Question 57

SPF

Answer 57

Sender Policy Framework: list of all servers authorized to send emails for a domain.

Question 58

NAC

Answer 58

Network Access Controls: controls and restricts device access to a network based on policies.

Question 59

EDR/XDR

Answer 59

Endpoint Detection and Response/Extended Detection and Response: advanced tools for detecting and responding to endpoint or network based threats.

Question 60

SSO

Answer 60

Single Sign On: enables users to authenticate on several sites with one set of credentials.

Question 61

LDAP

Answer 61

Lightweight Directory Access Protocol: protocol for reading and writing directories over an internet network.

Question 62

OAuth

Answer 62

Open Authorization: an authorization framework that determines what resource a user will be able to access.

Question 63

SAML

Answer 63

Security Assertions Markup Language: open standard for authentication and authorization, not originally designed for mobile.

Question 64

RBAC

Answer 64

Role-based Access Control: a security model where access permissions are assigned based on user roles within an organization.

Question 65

PDACERL (Incident Response Phases)

Answer 65

• Preparation
• Detection
• Analysis
• Containment
• Eradication
• Recovery
• Lessons Learned

Question 66

AUP

Answer 66

Acceptable Use Policy: defines acceptable usage of company resources.

Question 67

SDLC

Answer 67

Software Development Life Cycle: the development process involved to build a software application, security must be applied at every stage.

Question 68

SLE

Answer 68

Single Loss Expectancy: cost of a single incident

Question 69

ALE

Answer 69

Annualized Loss Expectancy: yearly cost of a risk, ARO x SLE

Question 70

ARO

Answer 70

Annualized Rate of Occurrence: frequency of incidents per year.

Question 71

RTO

Answer 71

Recovery Time Objective: time to restore services after an incident.

Question 72

RPO

Answer 72

Recovery Point Objective: maximum tolerable data loss measured in time.

Question 73

MTTR

Answer 73

Mean Time to Repair: average time requested to fix issue.

Question 74

MTBF

Answer 74

Mean Time Between Failures: time between outages, e.g. total uptime, number of breakdowns

Question 75

SLA

Answer 75

Service Level Agreement: minumum terms for services provided, e.g. uptime, response time agreement.

Question 76

MOA

Answer 76

Memorandum of Agreement: documenting mutual obligations, usually a formal or legal document.

Question 77

MOU

Answer 77

Memorandum of Understanding: outlining informal agreements, states common goals.

Question 78

MSA

Answer 78

Master Service Agreement: legal contract and agreement of terms, governs long term relationships.

Question 79

WO/SOW

Answer 79

Work Order/Statement of Work: specific list of items to be completed, specific project terms.

Question 80

NDA

Answer 80

Non-disclosure Agreement: protecting shared sensitive information, confidentiality agreement.

Question 81

BPA

Answer 81

Business Partners Agreement: guidelines for business partnerships, lists specific individuals and scope.

Question 82

MFA

Answer 82

Multifactor Authentication: A security method requiring multiple forms of verification, such as something you know (password), have (token), or are (biometric).