General Knowledge

Question 1

Older computer systems, software, or hardware that are still in use but may be outdated or no longer supported by their manufacturers. They can pose security risks due to their inability to handle modern security threats.

Example: A company continues to use an old version of an operating system, which lacks security patches for newly discovered vulnerabilities.

Answer 1

Legacy Systems

Question 2

Systems, software, or devices that no longer receive updates or support from the manufacturer, making them vulnerable to security threats because they don’t get patches or fixes for newly discovered vulnerabilities.

Example: A network device that is no longer supported by its manufacturer, and its firmware is not updated to address security flaws.

Answer 2

Newly Released Systems

Question 3

Newly launched systems, software, or devices that may have undiscovered vulnerabilities, as they have not been extensively tested in the real-world environment, potentially making them targets for attackers.

Example: A newly released operating system may have bugs or security vulnerabilities that haven’t been found yet, making it an early target for exploitation.

Answer 3

Unsupported Systems

Question 4

A security protocol for wireless networks designed to provide stronger data encryption and protection than WEP. It uses dynamic encryption keys and provides better overall security for Wi-Fi networks.

Example: A home router using this type of encryption to secure its wireless network from unauthorized access.

Answer 4

WPA (Wi-Fi Protected Access)

Question 5

A feature designed to simplify the process of connecting devices to a secure Wi-Fi network, often using a PIN or pressing a button on the router. However, it has known security vulnerabilities. Should be avoided.

Example: Pressing this button on a router to connect a new device, such as a smartphone, to the network without entering the Wi-Fi password.

Answer 5

WPS (Wi-Fi Protected Setup)

Question 6

An older and now outdated wireless security protocol used to secure Wi-Fi networks. It uses static encryption keys, making it vulnerable to attacks such as cracking. Should be avoided.

Example: An older Wi-Fi router that still uses this type of encryption, which can be easily cracked by attackers.

Answer 6

WEP (Wired Equivalent Privacy)

Question 7

A protocol for enabling mobile devices to access internet services, often used for browsing websites and accessing email on older mobile phones.

Example: A mobile phone using this to access a weather service before the widespread use of smartphones with full web browsers.

Answer 7

WAP (Wireless Application Protocol)

Question 8

A security system that monitors and filters HTTP traffic between a web application and the internet. It is designed to protect web applications from attacks such as SQL injection, cross-site scripting (XSS), and other vulnerabilities.

Answer 8

WAF (Web Application Firewall)

Question 9

A device that allows wireless devices to connect to a wired network using Wi-Fi or other wireless communication standards. It acts as an interface between the wireless client and the wired network.

Example: A home router functioning as this to allow laptops and smartphones to connect to the internet over Wi-Fi.

Answer 9

WAP (Wireless Access Point)

Question 10

A formal agreement between a company and a service provider to manage and maintain security services for the company’s network or IT systems. It outlines the responsibilities, scope, and expectations for both parties.

Answer 10

MSA (Managed Security Agreement)

Question 11

A service model where a provider offers continuous monitoring of an organization’s network, systems, or applications, often to detect and respond to security incidents.

Answer 11

MaaS (Monitoring as a Service)

Question 12

A company that provides outsourced IT services, such as network management, security, and software maintenance, on a subscription basis.

Answer 12

MSP (Managed Service Provider)

Question 13

A specialized type of MSP that focuses specifically on providing security services, including intrusion detection, firewall management, and vulnerability assessments, often on a 24/7 basis.

Answer 13

MSSP (Managed Security Service Provider)

Question 14

A file format used for storing executable functions and procedures that can be shared and used by multiple programs simultaneously. These help save memory and disk space by allowing programs to use common code.

Answer 14

DLL (Dynamic Link Library)

Question 15

A set of rules and protocols that allow different software applications to communicate with each other. These define the methods and data formats used for interactions between systems.

Answer 15

API (Application Programming Interface)

Question 16

A file format used to store a program that can be run directly by the operating system. These types of files contain machine code that is executed when the file is opened.

Answer 16

EXE (Executable File)

Question 17

A configuration file used to store settings for software applications. These types of files typically contain plain text with sections for different types of settings and values.

Answer 17

INI (Initialization File)

Question 18

A security solution that monitors and responds to suspicious activities on endpoint devices, such as computers and mobile devices, to detect and mitigate threats.

Example: alerts administrators when unusual behavior, such as file encryption, is detected on a user’s device.

Answer 18

EDR (Endpoint Detection and Response)

Question 19

A framework of policies and technologies used to manage and control user identities and access to resources within an organization.

Example: ensure only authorized users can access sensitive data based on their roles and permissions.

Answer 19

IAM (Identity and Access Management)

Question 20

A security framework used to manage user access and actions within a network, ensuring the right users are authenticated, authorized, and their actions are logged for auditing.

Example: uses this to verify the user’s identity, grant access to resources, and track their usage for compliance.

Answer 20

AAA (Authentication, Authorization, and Accounting)

Question 21

A network security device that monitors network traffic for malicious activity and takes immediate action to block or prevent identified threats.

Example: automatically blocks traffic from a known malicious IP address to prevent a DDoS attack.

Answer 21

IPS (Intrusion Prevention System)

Question 22

A technology that allows users to access desktop environments hosted on remote servers, providing flexibility and centralized management of desktop systems.

Answer 22

VDI (Virtual Desktop Infrastructure)

Question 23

A network architecture that uses software to control and manage network resources dynamically, improving flexibility, scalability, and efficiency.

Example: Allows an administrator to configure and manage network traffic using software instead of manually configuring each hardware device.

Answer 23

SDN (Software-Defined Networking)

Question 24

A private, isolated section of a public cloud where users can deploy and manage resources, maintaining control over the network and security settings.

Answer 24

VPC (Virtual Private Cloud)

Question 25

A metric used in biometric security systems that measures the rate at which unauthorized individuals are incorrectly accepted as legitimate users.

Answer 25

FAR (False Acceptance Rate)

Question 26

The point at which the False Acceptance Rate (FAR) and False Rejection Rate (FRR) are equal, representing the system’s balance between accuracy and security.

Answer 26

CER (Crossover Error Rate)

Question 27

An error-detecting code used to verify the integrity of data by comparing a computed value to a known checksum to detect changes in the data.

Answer 27

CRC (Cyclic Redundancy Check)

Question 28

A metric used in biometric systems to measure the rate at which authorized users are incorrectly rejected or denied access.

Answer 28

FRR (False Rejection Rate)

Question 29

A set of technologies and processes used to streamline security operations by automating workflows, integrating security tools, and improving response times to incidents.

Answer 29

SOAR (Security Orchestration, Automation, and Response)

Question 30

A metric used in risk management to represent the percentage of asset value that could be lost due to a specific threat or incident.

Answer 30

EF (Exposure Factor)

Question 31

A security feature that prevents code from executing in certain regions of memory that should only contain data, helping protect against attacks like buffer overflows.

Answer 31

DEP (Data Execution Prevention)

Question 32

A security control that monitors and detects changes to files, configurations, or system settings, ensuring that unauthorized or malicious modifications are identified and reported.

Answer 32

FIM (File Integrity Monitoring)

Question 33

The process of distributing content from a source to multiple recipients or platforms, often used for delivering updated information such as news or blog posts.

Answer 33

Syndication

Question 34

A system that allows different organizations or domains to share resources, authentication, and user information securely, enabling single sign-on (SSO) across multiple systems.

Answer 34

Federation

Question 35

A relationship or connection between two or more entities, often used in the context of shared resources, collaborations, or trust.

Answer 35

Association

Question 36

The process of distributing or spreading information or changes across systems, networks, or domains. In cybersecurity, it often refers to how threats or updates spread across an environment.

Answer 36

Propagation

Question 37

An open standard for authorization that allows third-party applications to access a user’s resources without sharing their login credentials, typically using tokens instead of passwords.

Answer 37

OAuth

Question 38

An authentication protocol that allows users to authenticate once with a trusted identity provider (like Google or Facebook) and then access multiple third-party applications without needing to log in again.

Answer 38

OpenID

Question 39

An open standard for exchanging authentication and authorization data between parties, particularly between identity providers and service providers. This is commonly used in Single Sign-On (SSO) scenarios to enable users to authenticate once and access multiple applications.

Answer 39

SAML (Security Assertion Markup Language)

Question 40

The process of determining and enforcing the order in which tasks or operations are executed to achieve a desired outcome.

Example: Ensuring a backup job runs before a system update to preserve data integrity.

Answer 40

Sequencing

Question 41

The automated arrangement, coordination, and management of complex systems, services, or workflows to streamline operations.

Example: Managing the deployment of multiple containers across a cloud environment using Kubernetes.

Answer 41

Orchestration

Question 42

The use of tools or technology to perform tasks or processes without manual intervention.

Example: Configuring a system to automatically apply security patches as they become available.

Answer 42

Automation

Question 43

Writing small programs or scripts to automate repetitive tasks or configure systems efficiently.

Example: Creating a Python script to automate the generation of weekly system performance reports.

Answer 43

Scripting

Question 44

A detailed, step-by-step guide for performing specific operational tasks or resolving technical issues, often used in IT environments.

Example: A guide that outlines the exact steps to restart a database server after a failure.

Answer 44

Runbook

Question 45

A collection of strategies, processes, or workflows used to respond to specific scenarios, typically in cybersecurity or IT operations.

Example: Outlines procedures for handling a ransomware attack, including identifying infected systems and notifying stakeholders.

Answer 45

Playbook

Question 46

A software development methodology focusing on quick prototyping and iterative feedback to deliver applications faster and with higher user input.

Answer 46

RAD (Rapid Application Development)

Question 47

A structured process for designing, developing, testing, and maintaining software, consisting of stages like planning, analysis, design, implementation, testing, deployment, and maintenance.

Answer 47

SDLC (Software Development Life Cycle)

Question 48

A programming paradigm based on the concept of “objects,” which represent data and behavior, and principles like inheritance, encapsulation, and polymorphism.

Answer 48

OOP (Object-Oriented Programming)

Question 49

A cloud-based service model where users access software applications over the internet without managing the underlying infrastructure.

Answer 49

SaaS (Software as a Service)

Question 50

An industrial computer designed to control and automate machinery and processes in manufacturing, energy, and other industries. It operates in real-time and is highly reliable for repetitive tasks.

Answer 50

PLC (Programmable Logic Controller)

Question 51

An industrial computer used to automate and control machinery and processes in manufacturing environments.

Example: This controls the speed of a conveyor belt in an automated production line based on sensor data.

Answer 51

PLC - Programmable Logic Controller