General Flashcards

Question 1

Q

Apache log file path

Answer

A

/var/log/httpd/access_log

Question 2

Q

/var/log/httpd/access_log

Answer

A

This file records all requests processed by the Apache server

Question 3

Q

httpd_log

Answer

A

Log file for WebSphere, an old web server application from the early 2000’s for z/OS

Question 4

Q

http_log

Answer

A

C header library for http logging, utilized by Apache

Question 5

Q

apache_log

Answer

A

Binary/executable file used for parsing Apache logs in a Postgres DB

Question 6

Q

The incident response policy contains procedures and guidelines, divided into these categories

Answer

A

Preparation
Detection/Analysis
Containment
Eradication/Recovery
Post-incident stages

Question 7

Q

Incident Response Procedures

Answer

A

Provide detailed, tactical information to the CSIRT

Question 8

Q

CSIRT

Answer

A

Cybersecurity Incident Response Team

Question 9

Q

A Policy is

Answer

A

a statement of intent

Question 10

Q

A Guideline is

Answer

A

A statement by which to determine a course of action, aiming to streamline a routine process

Question 11

Q

A Framework is

Answer

A

A basic structure underlying a system, concept, or text

Question 12

Q

Mimikatz

Answer

A

Post-exploitation tool that dumps passwords from memory, as well as hashes, PINs, and Kerberos tickets

Question 13

Q

Tool for performing pass-the-hash, pass-the-ticket, or building Golden Kerberos tickets

Question 14

Q

Extensible Configuration Checklist Description Format (XCCDF)

Answer

A

XCCDF is a specification language for writing security checklists, benchmarks, and related kinds of documents in XML.

Question 15

Q

Common Vulnerabilities and Exposures (CVE)

Answer

A

Provides a reference-method for publicly known information-security vulnerabilities and exposures

Question 16

Q

Common Configuration Enumeration (CCE)

Answer

A

Provides unique identifiers to system configuration issues to facilitate fast and accurate correlation of configuration data across multiple information sources and tools

Used with vulnerability scanners

Question 17

Q

Common Platform Enumeration (CPE)

Answer

A

A structured naming scheme for IT systems, software, and packages

Question 18

Q

Used to identify an endpoint’s characteristics when conducting network authentication

Answer

A

Network Access Control (NAC)

Question 19

Q

Port Security

Answer

A

Enables an administrator to configure individual switch ports to allow only a specified number of source MAC addresses ingressing the port

Question 20

Q

Shellshock/Bash Bug/Bashdoor

Answer

A

A critical Bash vulnerability that was discovered in 2014 that enabled RCE by encoding a script in an environment variable via the “function export” feature

Question 21

Q

Logjam

Answer

A

A TLS downgrade attack, discovered in 2015

Question 22

Q

Drupalgeddon

Answer

A

A highly critical Drupal vulnerability discovered in 2014 that allows RCE

Question 23

Q

Stagefright

Answer

A

A critical Android vulnerability that enables RCE by utilizing Multimedia Messages (MMS), discovered in 2015

Question 24

Q

Heartbleed

Answer

A

A high severity vulnerability in OpenSSL effecting the TLS protocol via improperly handled Heartbeat Extension packets (bad input validation), causing a “buffer-over-read” condition that allows the retreival of sensitive information in process memory

Question 25

Q

Root Cause Analysis

Answer

A

Helps understand why important alerts were missed and guides improvements in your alert management system to prevent similar oversights

Question 26

Q

Alert Fatigue

Answer

A

A common cause of missed security alerts, due to a security team being inundated with an excessive volume of alerts

Question 27

Q

CVSS Metric - AV

Answer

A

Access Vector

Question 28

Q

CVSS Metric - AC

Answer

A

Access Complexity

Question 29

Q

CVSS Metric - PR

Answer

A

Privilege Required

Question 30

Q

CVSS Metric - UI

Answer

A

User Interaction

Question 31

Q

CVSS Metric - S

Question 32

Q

CVSS Metric - C

Answer

A

Confidentiality

Question 33

Q

CVSS Metric - I

Answer

A

Integrity

Question 34

Q

CVSS Metric - A

Answer

A

Availability

Question 35

Q

Nmap Filtered Result

Answer

A

A network obstacle is blocking the port so Nmap cannot tell whether it is open or closed

Question 36

Q

Gramm-Leach-Bliley Act (GLBA)

Answer

A

Protects the privacy of an individual’s financial information held by financial institutions

Question 37

Q

Sarbanes-Oxley Act (SOX)

Answer

A

Dictates requirements for retaining documents related to an organization’s financial and business operations

Question 38

Q

Security framework that assumes a unidirectional workflow

Answer

A

Lockheed Martin Cyber Killchain; Fails to consider attacker retreat

Question 39

Q

Attack framework developed in response to unidirectional workflows

Answer

A

AT&T Alienvault

Question 40

Q

Best security mitigation for ICS/SCADA and IoT networks

Answer

A

User Entity Behavioral Analysis (UEBA) to compare behavior to a known good baseline

Question 41

Q

Sensitive/Commonly Abused Ports

Question 42

Q

Advanced Persistent Threat (APT)

Answer

A

A stealthy threat actor, typically a nation-state or state-sponsored, that can remain undetected for an extended period of time

EUBA unlikely to detect this kind of threat actor, should be discovered through endpoint analysis

Question 43

Q

Regex \b

Answer

A

Delimiter for a “whole word”

Question 44

Q

Developed Capabilities (MITRE)

Answer

A

A threat actor’s capability to identify and exploit zero-day vulnerabilities

Question 45

Q

Acquired and Augmented (MITRE)

Answer

A

Refers to the utiliation of commodity malware and techniques (aka script kiddies)

Question 46

Q

Advanced Capabilities (MITRE)

Answer

A

A threat actor’s capability to introduce vulnerabilities through the supply chain attacks

Question 47

Q

Integrated Capabilities (MITRE)

Answer

A

Refers to non-cyber tools, such as political or military assets

Question 48

Q

Formal Verification Methods

Answer

A

A mathematical model of the inputs and outputs of a system to prove that the system works as specified in all cases

Provides the single greatest mitigation for critical software which cannot have errors (corner cases)

Question 49

Q

User Acceptance Testing (UAT)

Answer

A

A beta phase of software testing by a limited set of users who report their findings

Question 50

Q

eFUSE

Answer

A

Intel-designed mecahnism to allow software instructions to blow a transistor in the hardware chip.

eFUSE prevents firmware downgrades

Question 51

Q

FERPA

Answer

A

Family Education Rights and Privacy Act

Privacy act that relates to Education

Question 52

Q

Dynamic Threat Models

Answer

A

Diamond, MITRE ATT&CK, AT&T Alienvault

Question 53

Q

Open Web Application Security Project (OWASP)

Answer

A

International non-profit organization dedicated to web application security

Question 54

Q

NetBIOS

Answer

A

A legacy transport layer protocol that allows Windows computers to talk to eachother on the same network, and was used as a legacy implementation of SMB on port 139

Question 55

Q

LPR (Protocol)

Answer

A

Line Printer Remote Protocol (TCP 515)

Question 56

Q

AppSocket (RAW)

Answer

A

Non Windows printing protocol

Utilizes smaller packet headers and requires no further processing by the receiving printer

Offers no security and very vulnerable

Port 9100

Question 57

Q

Internet Printing Protocol (IPP) supports

Answer

A

Authentication, access control, and encryption

Question 58

Q

Proprietary ISO Framework

Question 59

Q

Security Intelligence

Answer

A

Collects, analyzes and disseminates information on the status of security systems (internal)

Question 60

Q

Cyber Threat Intelligence

Answer

A

Investigation, collection and dissemination of information about emerging threats and the threat landscape (external)

Question 61

Q

Cisco Talos

Answer

A

A reputational threat research intelligence supplier

Question 62

Q

Information Sharing and Analysis Centers (ISAC)

Answer

A

(USA) Not-for-profit group set up to share sector-specific threat intelligence and security best practices amongst its members. ISACs are available for Critical Infrastructure, Government, Healthcare and other industries.

Question 63

Q

Cyber Security Information Sharing Partnership (CSIP)

Answer

A

The UK’s alternative to USA’s ISACs

Question 64

Q

Indicator of Attack

Answer

A

Evidence that an intrusion is ongoing

Answer 61

A

Evidence that an attack has happened

Answer 62

A

Refers to the correlation of IoCs into attack patterns (killchain)

Answer 63

A

Structured Threat Information eXpression

Answer 64

A

Language standard for the dissemination of IOC data via JSON included in the OASIS CTI framework

Answer 65

A

Trusted Automation eXchange of Indicator Information

Answer 66

A

Application protocol for exchanging CTI over HTTPS using a REST API

Answer 67

A

CTI framework developed by Mandiant of XML formatted data to be used in automated incident detection and threat analysis

Answer 68

A

Malware Information Sharing Project

Answer 69

A

Cyber Threat Intelligence

Answer 70

A

A formal classification of the resources and expertise available to a particular threat actor (ie. Acquired or Augmented tools)

Answer 71

A

The point at which a network or application receives external connections or inputs/outputs that are potential vectors to be exploited by a threat actor

Answer 72

A

A specific path by which a threat actor gain unauthorized access to a system

Answer 73

A

Open-source intelligence technique that use Google search operators to locate vulnerable web servers and applications. The Google Hacking Database contains a reference for optimized GH search strings aka “Dorks”.

Answer 74

A

A search engine optimized for identifying vulnerable internet-attached devices

Answer 75

A

Community-driven database that keeps track of IP addresses reported for abusive behavior

Answer 76

A

Cisco-developed means of reporting network flow information and metadata to a structured database

Answer 77

A

Open source IDS/IPS for UNIX/Linux that contains a scripting engine that can be used to act on significant events by generating an alert or executing a process

Answer 78

A

Method used by malware to evade block lists by dynamically generating domain names for C2 networks, primarily used in a “Fast Flux Network” and usually generates a high volume of NXDOMAIN errors.

Answer 79

A

Use Secure Recursive DNS Resolvers

Answer 80

A

Method used by malware to hide the presence of C2 networks by continually changing the host IP addresses in domain records using domain generation algorithms

Answer 81

A

Condition that occurs when a firewall is under-resourced and cannot log data fast enough, therefore some data is missed

Answer 82

A

A firewall enumeration technique that sends packets with a TTL of 1 to a variety of ports in an attempt to identify hosts behind an open port

Answer 83

A

Means of mitigating DoS or intrusion attacks by routing traffic to a null interface, effectively dropping the traffic

Answer 84

A

DoS attack mitigation strategy that directs the traffic that is flooding a target IP address to a different network for analysis

Answer 85

A

Unused physical network ports or unused IP address space within a local network often used by attackers

Answer 86

A

A server that receives traffic and sends (forwards) it to another network. Can filter or modify data in the process of forwarding.

Answer 87

A

A type of proxy server that protects servers from direct contact with client requests

Answer 88

A

A type of proxy that requires explicit clientside configuration that a user is generally aware of

Answer 89

A

A proxy server that redirects requests and responses without the client being explicitly configured to use it

Answer 90

A

A firewall designed specifically to protect software running on webservers and their backend databases from code injection and DoS attacks

Answer 91

A

IDS or IPS/SIEM

Answer 92

A

Open source Linux-based platform for security monitoring, incident response, and threat hunting that bundles Snort, Suricata, Zeek, Wireshark and NetworkMiner, and other log and incident management tools

Answer 93

A

Security measures applied to physical or logical ports on a networked device

Answer 94

A

Advanced Threat Protection (ATP), Advanced Endpoint Protection (AEP), NextGen AV (NGAV)

Answer 95

A

A malware analysis sandbox for Windows binaries

Answer 96

A

Malware analysis VM for Linux, Windows and Mac binaries

Answer 97

A

Malware sandbox tool that performs some automated malware classification and accepts Windows, Linux, Mac and Android binaries

Answer 98

A

The first two bytes of a binary header that indicates its file type. FileSignatures.net serves as a resource for information on Magic Numbers.

Answer 99

A

The first two bytes of an executable binary, AKA MZ in ASCII.

Answer 100

A

An executable self-extracting archive

Answer 101

A

Replaces a genuine executable with a malicious one

Answer 102

A

Exploits a programs manifest to load a malicious DLL at runtime

Answer 103

A

Dropper starts a process in a suspended state and rewrites the memory locations for the program with malware code

Answer 104

A

Any lightweight code designed to run an exploit on a target

Answer 105

A

Program for identifying, classifying and describing malware samples. Commonly used for analyzing pcaps against Yara rules.

Answer 106

A

A standardized language for sharing structured information about malware that is copmlementary to STIX and TAXII to improve the automated sharing of threat intelligence

Answer 107

A

Mail User Agent

Answer 108

A

Mail Delivery Agent

Answer 109

A

Message Transfer Agent

Answer 110

A

Multipurpose Internet Mail Extensions

Answer 111

A

Allows a body of an email to support different formats, such as HTML, RTF, encoded binary and attachments

Answer 112

A

Message data that contains scripts or objects that target some vulnerability in the message client

Answer 113

A

Email encryption standard that adds digital signatures and public key cryptography to traditional MIME communications

Answer 114

A

Sender Policy Framework

Answer 115

A

Single DNS record identifying hosts authorized to send mail for the domain that can include other SPF records (Ex: TXT @ v=spf1 mx include:_spf.google.com include:email.domain.com -all)

Answer 116

A

DomainKeys Identified Mail

Answer 117

A

Provides a cryptgoraphic authentication mechanism for mail utilizing a public key published as DNS record, performed serverside (Ex: v=DKIM1;k=rsa;p=PublicKeyGoesHere)

Answer 118

A

Domain-Based Message Authentication, Reporting and Conformance

Answer 119

A

Framework for ensuring proper application of SPF and DKIM utilizing a policy published as a DNS record (Ex: v=DMARC1; p=reject; sp=reject; pct=100; rua=mailto:user@ex.domain.tld; ruf=mailto:user@ruf.domain.tld; fo=1)

Answer 120

A

A solution that provides real time or near real time analysis of security alerts generated by network hardware and appliances

Answer 121

A

Process where data is reformatted or restructured to facilitate the scanning and analysis process

Answer 122

A

Windows alternative to grep

Answer 123

A

CLI for the administration of Windows systems using WMI, often used for reviewing log files on a remote machine

Answer 124

A

Digital forensics case management suite that provides workflows to assist in investigations

Answer 125

A

Digital forensics investigation suite for Windows which can utilize server clustering for faster processing speeds

Answer 126

A

Commandline utilities for imaging and file analysis that interfaces with Autopsy

Answer 127

A

The process of extracting data from a computer when that data has no associated file system metadata

Answer 128

A

A table that contains metadata with the location of each file in terms of blocks/clusters for disks formatted as NTFS (FAT uses a File Allocation Table instead)

Answer 129

A

Open source CLI tool included in Sleuth Kit/Autopsy that is used to conduct file carving on Linux and Windows

Answer 130

A

An IOC where data is transmitted with a hidden element, such as non standard data inside of a ping packet

Answer 131

A

Distributed Reflection DoS

Answer 132

A

Means for a network node to advertise its presence and establish a link with other nodes, often seen in specified intervals

Answer 133

A

When a website experiences DoS conditions due to sudden popularity

Answer 134

A

Occurs when an attacker redirects an IP to a MAC that was not its intended destination, best remediated by an IDS

Answer 135

A

Phase of an attack or penetration test in which the attacker or tester gathers information about the target before attacking it

Answer 136

A

49,152 - 65,535

Answer 137

A

The usage of commonly used programs to exfiltrate data, such as IM, SMS, Email, FTP or P2P programs

Answer 138

A

The exfiltration of data using covert techniques such as data segmentation, obfuscation and encoding, with the aim of evading detection

Answer 139

A

Linux command that provides the parent/child relationship of all the processes on a system

Answer 140

A

Linux command that lists the attributes of all the current processes

Answer 141

A

A Linux Init daemon

Answer 142

A

Linux equivalent of a DLL

Answer 143

A

A means of exploiting a vulnerability in an application to execute arbitrary code or to crash the process with a memory leak

Answer 144

A

A file that records the names of applications that have been run, as well as the date and time, file path, run count and DLLs used by the executable

Answer 145

A

An application usage cache that is stored in the Registry as the key. (Ex. HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\AppCompatCache\AppCompatCache) Often used for applications that require specialized compatibility settings.

Answer 146

A

An application usage cache that is stored as a hive file (Ex. C:\Windows\appcompat\Programs\Amcache.hve)

Answer 147

A

The ability of a threat actor to maintain covert access to a target host or network

Answer 148

A

Tool that manages cron jobs, the Linux equivalent of scheduled tasks. “crontab -l” lists the currently scheduled cron jobs

Answer 149

A

Software for evidence extraction from smartphones and other mobile devices, cloud data and metadata using a universal forensic extraction device (UFED)

Answer 150

A

Mobile device forensics tools created by AccessData, the developers of FTK

Answer 151

A

Mobile device forensics tool created by Guidance Software, the developers of EnCase

Answer 152

A

Using an infected host to attack another host (Using SSH with the -D flag, you can set up a local proxy and port forwarding on a target)

Answer 153

A

Network based attack where the attacker steals hashed user credentials and uses them as is to try to authenticate to the same network the hashed credentials originated on. Only use Domain Admin accounts for logging into Domain Controllers to prevent pass the hash exploits

Answer 154

A

A Kerberos ticket that can grant other tickets in an Active Directory environment (AKA TGT). Admins should regularly change the krbtgt account password.

Answer 155

A

The trust anchor of the AD domain which functions like a private key of a RCA (root cert authority) and generates ticket-granting tickets (TGT) that are used by users to access services within Kerberos

Answer 156

A

The plans and processes used during the response to a disruptive event

Answer 157

A

The plans used during the event of a disaster

Answer 158

A

An exercise that tests a framework of controls using an incident scenario conducted by a “red team”

Answer 159

A

A military decision making model created to help responders think clearly in the “fog of war”, consisting of Observe, Orient, Decide and Act

Answer 160

A

Removes an affected component from a larger environment

Answer 161

A

Achieves the isolation of a host or group of hosts using network technologies and architecture

Answer 162

A

Group of procedures that an organization uses to govern the disposal of obsolete information and equipment

Answer 163

A

The comprehensive process of evaluating, measuring, and mitigating the many risks that pervade an organization, usually as defined by business stakeholders rather than engineers

Answer 164

A

Metric to determine the expected financial loss from a single event. SLE = AV * EF, (Asset Value * Exposure Factor)

Answer 165

A

Asset Value, Monetary value of the asset

Answer 166

A

Exposure Factor, The percentage of loss that would result

Answer 167

A

Number of times per year that a specific threat is expected to occur

Answer 168

A

Expected financial loss for multiple events during a year

Answer 169

A

A systemic activity that identifies organizational risks and determines their effect on ongoing mission critical operations

Answer 170

A

The longest period of time a business can be inoperable without causing irrevocable business failure

Answer 171

A

Length of time it takes after an event to resume normal business operations and activities

Answer 172

A

The length of time in addition to the RTO of individual systems to perform reintegration and testing of a restored or upgraded system

Answer 173

A

The longest period of time that an organization can tolerate lost data being unrecoverable

Answer 174

A

Response that involves moving or sharing the responsibility of a risk to another entity, usually involving insurance

Answer 175

A

Response that reduces a risk to fit within an organization’s risk appetite

Answer 176

A

Ceasing an activity that presents risk

Answer 177

A

Document highlighting the results of risk assessments in an easily comprehensible format that is disseminated to stakeholders

Answer 178

A

Includes the ethernet header during packet capture.

Answer 179

A

Displays the IP addresses in numeric form

Answer 180

A

Line buffered mode

Answer 181

A

Packet buffered mode

Answer 182

A

Listen only on a specified port

Answer 183

A

Print each packet in ASCII

Answer 184

A

Set snap length (0 for unlimited, all traffic)

Answer 185

A

Set buffer size

Answer 186

A

Limit captured packets to provided value (e.g. 20 packets)

Answer 187

A

“AND”, &&, “OR”, ||, “NOT”, !

Answer 188

A

Automated building and testing of an application after it’s source code has been updated

Answer 189

A

Delivers the newest version of an application to a production or testing environment, which can then be approved for release by a human

Answer 190

A

All changes to code that pass CI/CD checks are automatically released without the need for human intervention

Answer 191

A

Constant evaluation of an environment for changes to quickly detect new risks and improve business operations

Answer 192

A

Captures specified data that is determined to be useful, rather than collecting all data

Answer 193

A

TLS was developed in 1999 as SSLv3.1 before being renamed to TLS and the two terms are often used interchangably although SSL is not considered to be secure

Answer 194

A

Web application scanner

Answer 195

A

Infrastructure vulnerability scanner

Answer 196

A

Infrastructure vulnerability scanner

Answer 197

A

Infrastructure vulnerability scanner

Answer 198

A

Translates special characters into an encoded form that isn’t dangerous to the target system (Ex: < to < in HTML)

Answer 199

A

Ensures data entering a system is formatted as expected

Answer 200

A

Layering various technical controls to further secure infrastructure

Answer 201

A

Commonly used to bypass detection mechanisms in a network, and will commonly end with two equal signs (Ex. aGVsbG8gd29ybGQNCg==)

Answer 202

A

Run Subkey (HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE \Software\Microsoft\Windows\CurrentVersion\Run)

Answer 203

A

TCP connect scan

Answer 204

A

Service discovery scan

Answer 205

A

Scan ports, no ping

Answer 206

A

Scan port or port range

Answer 207

A

Scan all ports on system

Answer 208

A

Fast port scan

Answer 209

A

Syn Port Scan, Only performs a partial connection and thus does not reveal you to your target

Answer 210

A

TCP Connect Scan, Detects open TCP ports

Answer 211

A

UDP Port Scan, Detects open UDP ports

Answer 212

A

Ack Port Scan, Detects if a port is stateful and/or filtered

Answer 213

A

Performs host discovery but does not scan any ports (use for quick scans)

Answer 214

A

Performs ARP discovery on a local network

Answer 215

A

Does not resolve DNS, speeds up some scans

Answer 216

A

Aggression Detection Mode, which is a combination of OS and service discovery

Answer 217

A

OS Detection

Answer 218

A

Output Normal

Answer 219

A

Output XML

Answer 220

A

Output Greppable

Answer 221

A

Output All (types)

Answer 222

A

When an attacker uses a common password(s) to attempt to access multiple accounts

Answer 223

A

The automated injection of stolen username and password pairs (credentials) to an authentication system

Answer 224

A

Device Drivers (Most privileged)

Answer 225

A

Device Drivers (Less privileged)

Answer 226

A

Applications

Answer 227

A

A method of sanitizing by physical destruction of the media via shredding, incineration or degaussing

Answer 228

A

Overwriting data once with repetitive data, or resetting a device to factory settings

Answer 229

A

Eliminating information from being feasibly recovered even in a laboratory environment

Answer 230

A

Static code analyzer

Answer 231

A

File integrity monitoring program

Answer 232

A

Authenticate claims, not to authenticate users. It’s a standard designed to allow a website or application to access resources hosted by other web apps on behalf of a user.

Answer 233

A

OIDC is an identity authentication protocol that is an extension of open authorization (OAuth) 2.0 to standardize the process for authenticating and authorizing users when they sign in to access digital services.

Answer 234

A

Domain Generation Algorithm

Answer 235

A

Security Content Automation Protocol

Answer 236

A

A method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization

Answer 237

A

The Open Group Architecture Framework

Answer 238

A

A prescriptive framework that divides the enterprise architecture into four domains: Technical, Business, Applications and Data

Answer 239

A

Re-running functional and non-functional tests to ensure that previously developed and tested software still performs after a change

Answer 240

A

which bash

Answer 241

A

NIST’s SP 800-63-3 recommends SMS be depreciated for MFA, as it may be accessible to attackers

Answer 242

A

Property Lists (plists)

Answer 243

A

Used to manage network resources

Answer 244

A

Used to manage domain groups

Answer 245

A

Adds or removes a computer from a domain (ran on primary DC)

Answer 246

A

OWASP Zed Attack Proxy

Answer 247

A

The worlds most popular FOSS web application scanner

Answer 248

A

Windows Scheduler command

Answer 249

A

Older location for Linux startup services configuration. Potential location for evidence of a backdoor.

Answer 250

A

FPGAs are often used to provide “Physically Unclonable Functions” (PUFs) that generate a digital fingerprint based on unique features of a device

Answer 251

A

XML External Entity

Answer 252

A

Type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser.

Answer 253

A

Security
Pre-EFI initialization
Driver Execution Environment
Boot Device Select
Transient System Load
Runtime

Answer 254

A

Validates a user’s identity when using SAML for authentication

Answer 255

A

Provide services to members of a federation (SAML)

Answer 256

A

Federal Information Security Management Act

Answer 257

A

United States federal law that defines a comprehensive framework to protect government information, operations, and assets (Compliance)

Brainscape's Knowledge GenomeTM

General Flashcards

Brainscape's Knowledge Genome^TM