Glossary

Question 1

active decoy

Answer 1

A system designed to
distract potential attackers away from
an organization’s critical systems and
data. It creates a false environment
that looks like a real system, complete
with fake data, applications, and other
elements. The decoy system is closely
monitored to detect malicious activity
and provide early warning and detailed
insight into an attacker’s tactics and
techniques.

Question 2

Address SpaceLayout Randomization

Answer 2

A technique that randomizes
where components in a running
application are placed in memory to
protect against buffer overflows.

Question 3

Advanced Persistent Threat

Answer 3

An attacker’s ability to obtain, maintain, and diversify access to network systems using expoits and malware.

Question 4

Adversarial Tactics, Techniques, and Common Knowledge

Answer 4

A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and procedures.

Question 5

Application Programming Interface

Answer 5

Methods exposed by a script or program that allow other scripts or programs to use it. For example, an API enables software developers to access functions of the TCP/IP network stack under a particular operating system.

Question 6

Application Virtualization

Answer 6

A software dilivery model where the code runs on a server and is streamed to a client.

Question 7

Arachni

Answer 7

An open-source web application scanner.

Question 8

ARP Poisoning

Answer 8

A network-based attack where an attacker with an access to the target local network segment redirects an IP address to the MAC address of a computer that is not the intended recipient. This can be used to perfrom a variety of attacks, including DoS, Spoofing, and Man in the Middle.

Question 9

Attack Surface

Answer 9

The points at which a network or application receive external connections or inputs/outputs that are potential vectors to be exploited by a threat actor.

Question 10

Beaconing

Answer 10

A means for a network node to advertise its presence and establish a link with oter nodes, such as the beacon management frame sent by an AP. Legitimate software and appliances do this, but it is also associated with Remote Access Trojans communicating with a Command & Control server.

Question 11

Broken Authentication

Answer 11

A software vulnerability where the authentication mechanism allows an attacker to gain entry, such as displaying cleartext credentials, using weak session tokens or permitting brute force login requests.

Question 12

Buffer Overflow

Answer 12

An attack in which data goes past the boundary of the destination buffer and begins to corrupt adjacent memory. THis can allow the attacker to crash the system or execute arbitrary code.

Question 13

Burp Suite

Answer 13

A proprietary interception proxy and web application assessment tool.

Question 14

Business Continuity

Answer 14

A collection of processes that enable an organiztation to maintain normal business operations in the face of some adverse event.

Question 15

Cardholder data

Answer 15

Any type of personally identifiable information associated with a person who has a payment card, such as a credit or debit card

Question 16

Center for Internet Security

Answer 16

A not-for-profit organization (founded partly by SANS). It publishes the well-known “Top 20 Critical Security Controls” (or system design recommendations)

Question 17

Change management

Answer 17

The process through which changes to the configuration of information systems are implemented as part of the organization’s overall configuration management efforts.

Question 18

closure meetings

Answer 18

Sessions held at the end of a project or phase in which you discuss and document areas for improvement and capture lessons learned for use in future projects.

Question 19

Cloud access security broker

Answer 19

Enterprise management software desinged to mediate access to cloud services by users across all types of devices.

Question 20

Cloud deployment model

Answer 20

Classifying the ownership and management of a cloud as public, private, community or hybrid.

Question 21

Command and Control

Answer 21

Infrastructure of hosts and service with which attackers direct, distribute, and control malware over botnets.

Question 22

Common configuration enumeration

Answer 22

A scheme for provisioning secure configuration checks across multiple sources developed by MITREE and adopted by NIST.

Question 23

Common Platform Enumeration

Answer 23

A scheme for identifying hardware devices, operating systems, and applications developed by MITRE.

Question 24

Common Protocol over non-standard port

Answer 24

Communicating TCP/IP application traffic, such as HTTP, FTP, or DNS, over a port that is not the well-known or registered port established for that protocol.

Question 25

Common vulnerabilities and exposures

Answer 25

A scheme for identifying vulnerabilities developed by MITRE and adopted by NIST.

Question 26

Common Vulnerability Scoring System

Answer 26

A risk management approach to quantifying vulnerability data and then taking into account the degree of risk to different types of systems or information.

Question 27

compensating control

Answer 27

A security measaure that takes on risk mitigation when a primary control fails or cannot completely meet expectations.

Question 28

configuration baseline

Answer 28

Settings for services and policy configuration for a network appliance or for a server operating in a particular application role (web server, mail server, file/print server, and so on).

Question 29

Container

Answer 29

An operating system virtualization deployment containing everything required to run a service, application, or microservice.

Question 30

cookie

Answer 30

A text file used to store information about a user when they visit a website. Some sites use cookies to support user sessions.

Question 31

Corrective control

Answer 31

A type of security control that acts after an incident to eliminate or minimize its impact.

Question 32

credential stuffing

Answer 32

A brute force attack in which stolen user account names and passwords are tested against multiple websites.

Question 33

Criminal syndicates

Answer 33

A type of threat actor that uses hacking and computer fraud for commercial gain.

Question 34

cross-site request forgery

Answer 34

A malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser.

Question 35

cross-site scripting

Answer 35

A malicious script hosted on the attacker’s site or coded in a link injected onto a trusted site, designed to compromise clients browsing the trusted site, circumventing the browser’s security model of trusted zones.

Question 36

Cyber threat intelligence

Answer 36

The process of investigating, collecting, analyzing, and disseminating information about emerging threats and threat sources.

Question 37

Dark Web

Answer 37

Resources on the Internet tat are distributed between anonymized nodes and protected from general access by multiple layers of encryption and routing.

Question 38

data exfiltration

Answer 38

The process by which an attacker takes data that is stored inside of a private network and moves it to an external network.

Question 39

Data Historian

Answer 39

Software that aggregates
and catalogs data from multiple sources
within an industrial control system.

Question 40

Data loss prevention

Answer 40

A software solution that detects and
prevents sensitive information from
being stored on unauthorized systems
or transmitted over unauthorized
networks.

Question 41

Detective Control

Answer 41

A type of security control that acts during an incident to indetify or record that it is happening.

Question 42

Directory traversal

Answer 42

An application attack that allows access to commands, files, and directories that may or may not be connected to the web document root directory.

Question 43

disaster recovery plan

Answer 43

A documented and resourced plan showing actions and responsibilities to be used in response to critical incidents.

Question 44

Disitributed denial of service attack

Answer 44

An attack that uses multiple compromised hosts(botnet) to overwhelm a service with requests or response traffic

Question 45

distributed denial-of-service

Answer 45

An attack that involves the use of infected Internet-connected computers and device to disrupt the normal flow of traffic of a server or service by overwhelming the target with traffic.

Question 46

Domain-based Message Authentication, Reporting, and Conformance

Answer 46

A framework for ensuring proper application of SPF and DKIM, utilizing a policy published as a DNS record.

Question 47

DomainKeys Identified Mail

Answer 47

A cryptographic authentication mechanism for mail, utilizing a public key published as a DNS record.

Question 48

dynamic analysis

Answer 48

Software testing that examines code behavior during runtime. It helps identify potential security issues, potential performance issues, and other probles.

Question 49

endpoint detection and response

Answer 49

A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.

Question 50

Executive summary

Answer 50

A part of the written report that is a high-level and concise overview of the penetration test, its findings and their impact.

Question 51

exploit

Answer 51

A specific method by which malware code infects a target host, often via some vulnerability in a software process.

Question 51

eXtensible Markup Language

Answer 51

A system for structuring documents so that they are human and machine readable. Information within the document is place within tags, which describe how information within the document is structured.

Question 51

federation

Answer 51

A process that provides a shared login capability across multiple systems and eterprises. It essentially connects the identity management services of multiple systems.

Question 51

file inclusion

Answer 51

A web application vulnerability that allows an attacker either to download a file from an arbitrarty location on the host file system or to upload an executable or script file to open a backdoor.

Question 51

fingerprinting

Answer 51

Identifying the type and version of an operating system (or server application) by analyzing its responses to network scans.

Question 51

footprint

Answer 51

An attack that aims to list resources on the network, host, or system as a whole to identify potential targets for further attack.

Question 51

fuzzing

Answer 51

A dynamic code analysis technique that involves sending a running application random and unusual input so as to evaluate how the app responds.

Question 51

hacktivist

Answer 51

A threat actor that is motivated by a social issue or political cause.

Question 51

Hardening

Answer 51

A process of making a host or app configuration secure by reducing its attack surface through running only necessary services, installing monitoring software to protect against malware and intrusions, and establishing a maintenace schedule to ensure the system is patched to be secure against software exploits.

Question 52

hash

Answer 52

The theoretically indecipherable fixed-length output of the hashing process

Question 53

heap overflow

Answer 53

A software vulnerability where input is allowed to overwrite memory locations within the area of a process’s memory allocation used to store dynamically sized variables

Question 54

High-interaction honeypot

Answer 54

A design to mimic real production systems, making it difficult for attackers to tell the difference between the honeypot and a real system. This aims to capture more detailed attack information than can be accomplished by using a low-interaction honeypot, allowing security teams to understand an attacker better.

Question 55

honeypot

Answer 55

A host, network, or file set up with the purpose of luring attackers away from assets of actual value and/or discovering attack strategies and weaknesses in the security configuration.

Question 56

human-machine Interface

Answer 56

Input and output controls on a PLC to allow a user to configure and monitor the system

Question 57

hybrid cloud

Answer 57

Cloud deployment that uses both pricate and public elements.

Question 58

impossible travel

Answer 58

A tracking of information such as GPS address, IP address, or user’s device to pinpoint a user’s location and determine whether a behavior was physically possible.

Question 59

in-band authentication

Answer 59

Use of a communication channel that is the same as the one currently being used.

Question 60

incident response plan

Answer 60

Specific procedures that must be performed if a certain type of event is detected or reported

Question 61

Indicator of Compromise

Answer 61

A sign that an asset or network has been attacked or is currently under attack.

Question 62

Indicators of attack

Answer 62

Signs or clues indicating a malicious attack on a system or network is currently occurring. These include, but are not limited to, unusual network traffic, strange log file entries, or suspicious user account activity.

Question 63

industrial control system

Answer 63

Network managing embedded devices (computer systems that are designed to perform a specific, dedicated function).

Question 64

Information Sharing and Analysis Center

Answer 64

A not-for-profit group set up to share sector-specific threat intelligence and security best practices among its members.

Question 65

Input Validation

Answer 65

Any technique used to ensure that the data entered into a field or variable in an application is handled appropriately by that application.

Question 66

insecure object reference

Answer 66

A coding vulnerability where unvalidated input is used to select a resource object, such as a file or database.

Question 67

integer overflow

Answer 67

An attack in which a computed result is too large to fit in its assigned storage space, which may lead to crashing or data corruption, and may trigger a buffer overflow.

Question 68

intellectual property

Answer 68

Data that is of commercial value and can be granted rights of ownership, such as copyrights, patents, and trademarks.

Question 69

International Organization for Standardization

Answer 69

Develops many standards and frameworks governing the use of computers, networks, and telecommunications, including ones for information security (27k series) and risk management (31k series)

Question 70

internet relay chat

Answer 70

A group communications protocol that enables users to chat, send private messages, and share files.

Question 71

intrusion detection system

Answer 71

A security appliance or software that analyzes data from a packet sniffer to identify traffic that violates policies or rules

Question 72

JavaScript Object Notation

Answer 72

A file format that uses attribute-value pairs to define configurations in a structure that is easy for both humans and machines to read and consume.