Glossary Flashcards

Question 1

Q

heat map risk matrix

Answer

A

A graphical table indicating the likelihood and impact of risk factors identified for a workflow, project, or department for reference by stakeholders.

Question 2

Q

lessons learned report (LLR)

Answer

A

An analysis of events that can provide insight into how to improve response and support processes in the future.

Question 3

Q

network log

Answer

A

A target for system and access events generated by a network appliance, such as a switch, wireless access point, or router.

Question 4

Q

File Transfer Protocol (FTP)

Answer

A

Application protocol used to transfer files between network hosts. Variants include S(ecure)FTP, FTP with SSL (FTPS and FTPES), and T(rivial)FTP. FTP utilizes ports 20 and 21.

Question 5

Q

quantitative risk analysis

Answer

A

A numerical method that is used to assess the probability and impact of risk and measure the impact.

Question 6

Q

provenance

Answer

A

In digital forensics, being able to trace the source of evidence to a crime scene and show that it has not been tampered with.

Question 7

Q

Internet header

Answer

A

A record of the email servers involved in transferring an email message from a sender to a recpient.

Question 8

Q

clean desk policy

Answer

A

An organizational policy that mandates employee work areas be free from potentially sensitive information; sensitive documents must not be left out where unauthorized personnel might see them.

Question 9

Q

capacity planning

Answer

A

A practice which involves estimating the personnel, storage, computer hardware, software, and connection infrastructure resources required over some future period of time.

Question 10

Q

port mirroring (SPAN)

Answer

A

Copying ingress and/or egress communications from one or more switch ports to another port. This is used to monitor communications passing over the switch.

Question 11

Q

Internet Protocol Security (IPSec)

Answer

A

Network protocol suite used to secure data through authentication and encryption as the data travels across the network or the Internet.

Question 12

Q

geographic dispersion

Answer

A

A resiliency mechanism where processing and data storage resources are replicated between physically distant sites.

Question 13

Q

mean time to repair/replace/recover (MTTR)

Answer

A

A metric representing average time taken for a device or component to be repaired, replaced, or otherwise recover from a failure.

Question 14

Q

logic bomb

Answer

A

A malicious program or script that is set to run under particular circumstances or in response to a defined event.

Question 15

Q

password best practices

Answer

A

Rules to govern secure selection and maintenance of knowledge factor authentication secrets, such as length, complexity, age, and reuse.

Question 16

Q

environmental attack

Answer

A

A physical threat directed against power, cooling, or fire suppression systems.

Question 17

Q

representational state transfer (REST)

Answer

A

A standardized, stateless architectural style used by web applications for communication and integration.

Question 18

Q

listener/collector

Answer

A

A network appliance that gathers or receives log and/or state data from other network systems.

Question 19

Q

pretexting

Answer

A

Social engineering tactic where a team will communicate, whether directly or indirectly, a lie or half-truth in order to get someone to believe a falsehood.

Question 20

Q

Remote Authentication Dial-in User Service (RADIUS)

Answer

A

AAA protocol used to manage remote and wireless authentication infrastructures.

Question 21

Q

network functions virtualization (NFV)

Answer

A

Provisioning virtual network appliances, such as switches, routers, and firewalls, via VMs and containers.

Question 22

Q

behavior-based detection

Answer

A

A network monitoring system that detects changes in normal operating data sequences and identifies abnormal sequences.

Question 23

Q

onboarding

Answer

A

The process of bringing in a new employee, contractor, or supplier.

Question 24

Q

information security policies

Answer

A

A document or series of documents that are backed by senior management and that detail requirements for protecting technology and information assets from threats and misuse.

Question 25

Q

cloud deployment model

Answer

A

Classifying the ownership and management of a cloud as public, private, community, or hybrid.

Question 26

Q

regulated data

Answer

A

Information that has storage and handling compliance requirements defined by national and state legislation and/or industry regulations.

Question 27

Q

proprietary information

Answer

A

Information created by an organization, typically about the products or services that it makes or provides.

Question 28

Q

cloning

Answer

A

The process of quickly duplicating a virtual machine’s configuration when several identical machines are needed immediately.

Question 29

Q

key length

Answer

A

Size of a cryptographic key in bits. Longer keys generally offer better security, but key lengths for different ciphers are not directly comparable.

Question 30

Q

data breach

Answer

A

When confidential or private data is read, copied, or changed without authorization. Data breach events may have notification and reporting requirements.

Question 31

Q

backup power generator

Answer

A

A standby power supply fueled by diesel or propane. In the event of a power outage, a UPS must provide transitionary power, as a backup generator cannot be cut in fast enough.

Question 32

Q

DNS sinkhole

Answer

A

A temporary DNS record that redirects malicious traffic to a controlled IP address.

Question 33

Q

availability

Answer

A

The fundamental security goal of ensuring that computer systems operate continuously and that authorized persons can access data that they need.

Question 34

Q

hybrid password attack

Answer

A

An attack that uses multiple attack methods, including dictionary, rainbow table, and brute force attacks, when trying to crack a password.

Question 35

Q

forgery attack

Answer

A

An attack that exploits weak authentication to perform a request via a hijacked session.

Question 36

Q

baseline configuration

Answer

A

A collection of security and configuration settings that are to be applied to a particular system or network in the organization.

Question 37

Q

non-transparent proxy

Answer

A

A server that redirects requests and responses for clients configured with the proxy address and port.

Question 38

Q

missing logs

Answer

A

A potential indicator of malicious activity where events or log files are deleted or tampered with.

Question 39

Q

address resolution protocol (ARP)

Answer

A

Broadcast mechanism by which the hardware MAC address of an interface is matched to an IP address on a local network segment.

Question 40

Q

brute force attack

Answer

A

A type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack encrypted passwords.

Question 41

Q

active reconnaissance

Answer

A

Penetration testing techniques that interact with target systems directly.

Question 42

Q

data controller

Answer

A

In privacy regulations, the entity that determines why and how personal data is collected, stored, and used.

Question 43

Q

playbook

Answer

A

A checklist of actions to perform to detect and respond to a specific type of incident.

Question 44

Q

e-discovery

Answer

A

Procedures and tools to collect, preserve, and analyze digital evidence.

Question 45

Q

Information Sharing and Analysis Center (ISAC)

Answer

A

A not-for-profit group set up to share sector-specific threat intelligence and security best practices among its members.

Question 46

Q

certificate signing request (CSR)

Answer

A

A Base64 ASCII file that a subject sends to a CA to get a certificate.

Question 47

Q

Kerberos

Answer

A

A single sign-on authentication and authorization service that is based on a time-sensitive, ticket-granting system.

Question 48

Q

advanced persistent threat (APT)

Answer

A

Threat actors with the ability to craft novel exploits and techniques to obtain, maintain, and diversify unauthorized access to network systems over a long period.

Question 49

Q

recovery time objective (RTO)

Answer

A

The maximum time allowed to restore a system after a failure event.

Question 50

Q

Extensible Authentication Protocol over LAN (EAPoL)

Answer

A

A port-based network access control (PNAC) mechanism that allows the use of EAP authentication when a host connects to an Ethernet switch.

Question 51

Q

access badge

Answer

A

An authentication mechanism that allows a user to present a smart card to operate an entry system.

Question 52

Q

layer 4 firewall

Answer

A

A stateful inspection firewall that can monitor TCP sessions and UDP traffic.

Question 53

Q

cable lock

Answer

A

Devices can be physically secured against theft using cable ties and padlocks. Some systems also feature lockable faceplates, preventing access to the power switch and removable drives.

Question 54

Q

NetFlow

Answer

A

Cisco-developed means of reporting network flow information to a structured database. NetFlow allows better understanding of IP traffic flows as used by different network applications and hosts.

Question 55

Q

chain of custody

Answer

A

Record of handling evidence from collection to presentation in court to disposal.

Question 56

Q

organized crime

Answer

A

A type of threat actor that uses hacking and computer fraud for commercial gain.

Question 57

Q

fencing

Answer

A

A security barrier designed to prevent unauthorized access to a site perimeter.

Question 58

Q

fraud

Answer

A

Falsifying records, such as an internal fraud that involves tampering with accounts.

Question 59

Q

access control vestibule

Answer

A

A secure entry system with two gateways, only one of which is open at any one time.

Question 60

Q

false rejection rate (FRR)

Answer

A

A biometric assessment metric that measures the number of valid subjects who are denied access.

Question 61

Q

Post Office Protocol (POP)

Answer

A

Application protocol that enables a client to download email messages from a server mailbox to a client over port TCP/110 or secure port TCP/995.

Question 62

Q

Memorandum of Agreement (MoA)

Answer

A

A legal document forming the basis for two parties to cooperate without a formal contract (a cooperative agreement). MOAs are often used by public bodies.

Question 63

Q

passive reconnaissance

Answer

A

Penetration testing techniques that do not interact with target systems directly.

Question 64

Q

malicious update

Answer

A

A vulnerability in a software repository or supply chain that a threat actor can exploit to add malicious code to a package.

Answer 65

A

Data held about bank and investment accounts, plus information such as payroll and tax returns.

Answer 66

A

Any method by which cryptographic keys are transferred among users, thus enabling the use of a cryptographic algorithm.

Answer 67

A

A malicious script hosted on the attacker’s site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site, circumventing the browser’s security model of trusted zones.

Answer 68

A

A text file used to store information about a user when they visit a website. Some sites use cookies to support user sessions.

Answer 69

A

A cryptographic technique that provides secure key exchange.

Answer 70

A

Devices that can report state and configuration data and be remotely managed over IP networks.

Answer 71

A

Placement and configuration of a network security control so that it becomes part of the cable path.

Answer 72

A

The process by which an attacker takes data that is stored inside of a private network and moves it to an external network.

Answer 73

A

An attack method where input characters are encoded in such a way as to evade vulnerable input validation measures.

Answer 74

A

A method used by file systems to record changes not yet made to the file system in an object called a journal.

Answer 75

A

A legal principal that a subject has used best practice or reasonable care when setting up, configuring, and maintaining a system.

Answer 76

A

Assessment techniques that extend to site and other physical security systems.

Answer 77

A

A collection of processes that enable an organization to maintain normal business operations in the face of some adverse event.

Answer 78

A

Resources and other services that must be available and running for a service to start.

Answer 79

A

Sending an unsolicited message or picture message using a Bluetooth connection.

Answer 80

A

A type of FTP using TLS for confidentiality.

Answer 81

A

In zero trust architecture, functions that define policy and determine access decisions.

Answer 82

A

Procedures and guidelines covering appropriate priorities, actions, and responsibilities in the event of security incidents, divided into preparation, detection, analysis, containment, eradication/recovery, and lessons learned stages.

Answer 83

A

The process of investigating, collecting, analyzing, and disseminating information about emerging threats and threat sources.

Answer 84

A

Infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets.

Answer 85

A

The science and practice of altering data to make it unintelligible to unauthorized parties.

Answer 86

A

A process of making a host or app configuration secure by reducing its attack surface, through running only necessary services, installing monitoring software to protect against malware and intrusions, and establishing a maintenance schedule to ensure the system is patched to be secure against software exploits.

Answer 87

A

Network topology enforced by switch, router, and firewall configuration where hosts on one network segment are prevented from or restricted in communicating with hosts on other segments.

Answer 88

A

A risk evaluation parameter that defines the likelihood of a company detecting a risk occurrence before it impacts the project, process, or end user.

Answer 89

A

A standard for encapsulating EAP communications over a LAN (EAPoL) or WLAN (EAPoW) to implement port-based authentication.

Answer 90

A

Deception strategy that returns spoofed data in response to network probes.

Answer 91

A

Blocklists of known threat sources, such as malware signatures, IP address ranges, and DNS domains.

Answer 92

A

A network-based attack where an attacker with access to the target local network segment redirects an IP address to the MAC address of a computer that is not the intended recipient. This can be used to perform a variety of attacks, including DoS, spoofing, and on-path (previously known as man-in-the-middle).

Answer 93

A

Process and supporting technologies for tracking, controlling, and securing the organization’s mobile infrastructure.

Answer 94

A

A holistic approach that combines different types of penetration testing methodologies and techniques to evaluate an organization’s security operations.

Answer 95

A

The longest period that a process can be inoperable without causing irrevocable business failure.

Answer 96

A

The collection of access control entries (ACEs) that determines which subjects (user accounts, host IP addresses, and so on) are allowed or denied access to the object and the privileges given (read-only, read/write, and so on).

Answer 97

A

A type of threat actor who is assigned privileges on the system and causes an intentional or unintentional incident.

Answer 98

A

An event that interrupts standard operations or compromises security policy.

Answer 99

A

A system for structuring documents so that they are human and machine readable. Information within the document is placed within tags, which describe how information within the document is structured.

Answer 100

A

An individual that is identified by privacy data.

Answer 101

A

Company officer with the primary role of making effective use of new and emerging computing platforms and innovations.

Answer 102

A

The “hostile” or attacking team in a penetration test or incident response exercise.

Answer 103

A

A fully configured alternate processing site that can be brought online either instantly or very quickly after a disaster.

Answer 104

A

A feature of many proxy servers that enables the servers to retain a copy of frequently requested web pages.

Answer 105

A

The degree of access that a threat actor possesses before initiating an attack. An external threat actor has no standing privileges, while an internal actor has been granted some access permissions.

Answer 106

A

Best practice recommendations and advice for configuration items where detailed, strictly enforceable policies and standards are impractical.

Answer 107

A

A function that converts an arbitrary-length string input to a fixed-length string output. A cryptographic hash function does this in a way that reduces the chance of collisions, where two different inputs produce the same output.

Answer 108

A

A cryptographic hash function producing a 128-bit output.

Answer 109

A

An attack directed against cabled and/or wireless network infrastructure, including reconnaissance, denial of service, credential harvesting, on-path, privilege escalation, and data exfiltration.

Answer 110

A

A wireless network authentication mode where the access point acts as pass-through for credentials that are verified by an AAA server.

Answer 111

A

A component of AI that enables a machine to develop strategies for solving a task given a labeled dataset where features have been manually identified but without further explicit instructions.

Answer 112

A

A target for security-related events generated by host-based malware and intrusion detection agents.

Answer 113

A

A cloud that is deployed for shared use by cooperating tenants.

Answer 114

A

The total cost of a risk to an organization on an annual basis. This is determined by multiplying the SLE by the annual rate of occurrence (ARO).

Answer 115

A

Protection against system failure by providing extra (redundant) capacity. Generally, fault-tolerant systems identify and eliminate single points of failure.

Answer 116

A

An access control model where each resource is protected by an access control list (ACL) managed by the resource’s owner (or owners).

Answer 117

A

A type of software that reviews system files to ensure that they have not been tampered with.

Answer 118

A

The process of gathering and submitting computer evidence for trial. Digital evidence is latent, meaning that it must be interpreted. This means that great care must be taken to prove that the evidence has not been tampered with or falsified.

Answer 119

A

A concept in which an expanding list of transactional records listed in a public ledger is secured using cryptography.

Answer 120

A

A security process that provides identification, authentication, and authorization mechanisms for users, computers, and other entities to work with organizational assets like networks, operating systems, and applications.

Answer 121

A

A security control configuration that ensures continued access to the resource in the event of failure.

Answer 122

A

A model in which data processing and storage are distributed across multiple locations or devices.

Answer 123

A

Identifies how business processes should deal with both minor and disaster-level disruption by ensuring that there is processing redundancy supporting the workflow.

Answer 124

A

A type of control that enforces a rule of behavior through a policy or contract.

Answer 125

A

The elapsed time between an incident occurring and a response being implemented.

Answer 126

A

In vulnerability assessment, factors or metrics due to local network or host configuration that increase or decrease the base likelihood and impact risk level.

Answer 127

A

Endpoint protection that can detect and prevent malicious activity via signature and heuristic pattern matching.

Answer 128

A

Developed by Cisco and Microsoft to support VPNs over PPP and TCP/IP. PPTP is highly vulnerable to password cracking attacks and considered obsolete.

Answer 129

A

Computing architecture where on-demand resources provisioned with the attributes of high availability, scalability, and elasticity are billed to customers on the basis of metered utilization.

Answer 130

A

A hardened server that provides access to other hosts.

Answer 131

A

Encryption of all data on a disk (including system files, temporary files, and the pagefile) can be accomplished via a supported OS, third-party software, or at the controller level by the disk device itself.

Answer 132

A

An email-based social engineering attack in which the attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim.

Answer 133

A

A senior (executive) role with ultimate responsibility for maintaining the confidentiality, integrity, and availability of an information asset.

Answer 134

A

Documents and records that relate to matters of law, such as contracts, property, court cases, and regulatory filings.

Answer 135

A

A security concept where a centralized platform verifies subject identification, ensures the subject is assigned relevant permissions, and then logs these actions to create an audit trail.

Answer 136

A

A formal classification of the resources and expertise available to a threat actor.

Answer 137

A

An attack that involves the use of infected Internet-connected computers and devices to disrupt the normal flow of traffic of a server or service by overwhelming the target with traffic.

Answer 138

A

Sturdy vertical posts installed to control road traffic or designed to prevent ram-raiding and vehicle-ramming attacks.

Answer 139

A

A standard for two-way radio communications over very short (around four inches) distances, facilitating contactless payment and similar technologies. NFC is based on RFID.

Answer 140

A

Accessing the administrative interface of a network appliance using a separate network from the usual data network. This could use a separate VLAN or a different kind of link, such as a dial-up modem.

Answer 141

A

Social engineering attack where an attacker pretends to be someone they are not.

Answer 142

A

A type of security control that acts before an incident to eliminate or reduce the likelihood that an attack can succeed.

Answer 143

A

Software code or security research that remains in the ownership of the developer and may only be used under permitted license conditions.

Answer 144

A

Identification and authentication information presented in the X.509 format and issued by a certificate authority (CA) as a guarantee that a key pair (as identified by the public key embedded in the certificate) is valid for a particular subject (user or host).

Answer 145

A

In qualitative risk analysis, the chance of an event that is expressed as a subjectively determined scale, such as high or low.

Answer 146

A

A security measure that takes on risk mitigation when a primary control fails or cannot completely meet expectations.

Answer 147

A

A software vulnerability where an attacker is able to circumvent access controls and retrieve confidential or sensitive data from the file system or database.

Answer 148

A

The security goal of ensuring that the party that sent a transmission or created data remains associated with that data and cannot deny sending or creating that data.

Answer 149

A

An attack that uses a captured authentication token to start an unauthorized session without having to discover the plaintext password for an account.

Answer 150

A

A type of attack that falsifies an information resource that is normally trusted by others.

Answer 151

A

A model where all data processing and storage is performed in a single location.

Answer 152

A

A forensics process that summarizes significant contents of digital data using open, repeatable, and unbiased methods and tools.

Answer 153

A

The process an organization uses to maintain the existence of and control over certain data in order to comply with business policies and/or applicable laws and regulations.

Answer 154

A

A scheme for identifying vulnerabilities developed by MITRE and adopted by NIST.

Answer 155

A

A thing of economic value. For accounting purposes, assets are classified in different ways, such as tangible and intangible or short term and long term. Asset management means identifying each asset and recording its location, attributes, and value in a database.

Answer 156

A

A policy that governs employees’ use of company equipment and Internet services. ISPs may also apply AUPs to their customers.

Answer 157

A

A scan that uses credentials, such as usernames and passwords, to take a deep dive during the vulnerability scan, which will produce more information while auditing the network.

Answer 158

A

Training and education programs delivered using computer devices and e-learning instructional models and design.

Answer 159

A

A type of network isolation that physically separates a host from other hosts or a network from all other networks.

Answer 160

A

Policy that prevents access to an account under certain conditions, such as an excessive number of failed authentication attempts.

Answer 161

A

The process of determining what rights and privileges a particular entity has.

Answer 162

A

The longest period that an organization can tolerate lost data being unrecoverable.

Answer 163

A

An application vulnerability that is defined by how an application responds to unexpected errors that can lead to holes in the security of an app.

Answer 164

A

Target for data-at-rest encryption, ranging from more granular (file or row/record) to less granular (volume/partition/disk or database).

Answer 165

A

A potential indicator of malicious activity where an account has started multiple sessions on one or more hosts.

Answer 166

A

When attackers send malicious scripts to a web app’s client-side implementation of JavaScript to execute their attack solely on the client.

Answer 167

A

Publicly available information plus the tools used to aggregate and search it.

Answer 168

A

The process of deploying an account, host, or application to a target production environment. This involves proving the identity or integrity of the resource, and issuing it with credentials and access permissions.

Answer 169

A

Collaborative groups that exchange data about emerging cybersecurity threats and vulnerabilities.

Answer 170

A

An attack directed against cabling infrastructure, hardware devices, or the environment of the site facilities hosting a network.

Answer 171

A

Multifactor authentication scheme that uses ownership and biometric factors, but not knowledge factors.

Answer 172

A

In the context of support procedures, incident response, and breach-reporting, escalation is the process of involving expert and senior staff to assist in problem management.

Answer 173

A

Auditing software that collects status and configuration information from network devices. Many products are based on the Simple Network Management Protocol (SNMP).

Answer 174

A

A brute force attack in which multiple user accounts are tested with a dictionary of common passwords.

Answer 175

A

Considerations for positioning security controls to protect network zones and individual hosts to implement a defense in depth strategy and to meet overall security goals.

Answer 176

A

When a user accesses or modifies specific resources that they are not entitled to.

Answer 177

A

Malware that creates a backdoor remote administration channel to allow a threat actor to access and control the infected host.

Answer 178

A

A combination of software development, security operations, and systems operations, and refers to the practice of integrating each discipline with the others.

Answer 179

A

Information stored or recorded as a property of an object, state of a system, or transaction.

Answer 180

A

A high performance mode of operation for symmetric encryption. Provides a special characteristic called authenticated encryption with associated data, or AEAD.

Answer 181

A

A scan that uses fewer permissions and many times can only find missing patches or updates.

Answer 182

A

A set of rules governing user security information, such as password expiration and uniqueness, which can be set globally.

Answer 183

A

Detailed instructions for completing a task in a way that complies with policies and standards.

Answer 184

A

The points at which a network or application receive external connections or inputs/outputs that are potential vectors to be exploited by a threat actor.

Answer 185

A

A sign that an asset or network has been attacked or is currently under attack.

Answer 186

A

In a Wi-Fi site survey, a diagram showing signal strength and channel uitilization at different locations.

Answer 187

A

Functions that enforce policy decisions configured in the control plane and facilitate data transfers.

Answer 188

A

A person who has a business interest in the outcome of a project or is actively involved in its work.

Answer 189

A

IPSec sub-protocol that enables encryption and authentication of the header and payload of a data packet.

Answer 190

A

A software solution that detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks.

Answer 191

A

Spoofing frames to disconnect a wireless station to try to obtain authentication data to crack.

Answer 192

A

Social engineering techniques for gathering valid credentials to use to gain unauthorized access.

Answer 193

A

A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.

Answer 194

A

Framework for creating a security association (SA) used with IPSec. An SA establishes that two hosts trust one another (authenticate) and agree on secure protocols and cipher suites to use to exchange data.

Answer 195

A

In authentication design, different technologies for implementing authentication, such as knowledge, ownership/token, and biometric/inherence. These are characterized as something you know/have/are.

Answer 196

A

Framework for negotiating authentication methods that enable systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication and to establish secure tunnels through which to submit credentials.

Answer 197

A

Any attack where the attacker tries to gain unauthorized access to and use of passwords.

Answer 198

A

A collection of attributes that define a unique identifier for any given resource within an X.500-like directory.

Answer 199

A

Standards-based version of the Netflow framework.

Answer 200

A

A test that uses active tools and security utilities to evaluate security by simulating an attack on a system. A pen test will verify that a threat exists, then will actively test and bypass security controls, and will finally exploit vulnerabilities on the system.

Answer 201

A

An access control technique that evaluates a set of attributes that each subject possesses to determine if access should be granted.

Answer 202

A

A message digest encrypted using the sender’s private key that is appended to a message to authenticate the sender and prove message integrity.

Answer 203

A

An authentication mechanism that allows a user to perform a biometric scan to operate an entry or access system. Physical characteristics stored as a digital data template can be used to authenticate a user. Typical features used include facial pattern, iris, retina, fingerprint pattern, and signature recognition.

Answer 204

A

The comprehensive process of evaluating, measuring, and mitigating the many risks that pervade an organization.

Answer 205

A

In load balancing, the configuration option that enables a client to maintain a connection with a load-balanced server over the duration of the session. Also referred to as sticky sessions.

Answer 206

A

Parsing information from multiple log and security event data sources so that it can be presented in a consistent and searchable format.

Answer 207

A

A basic principle of security stating that something should be allocated the minimum necessary rights, privileges, or information to perform its role.

Answer 208

A

An advanced strip socket that provides filtered output voltage. A managed unit supports remote administration.

Answer 209

A

A malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser.

Answer 210

A

Cybersecurity resilience tools and techniques to increase the cost of attack planning for the threat actor.

Answer 211

A

A security copy of production data made to removable media, typically according to a regular schedule. Different backup types (full, incremental, or differential) balance media capacity, time required to backup, and time required to restore.

Answer 212

A

Security strategy that positions the layers of diverse security control categories and functions as opposed to lying on perimeter controls.

Answer 213

A

An IT best practice framework, emphasizing the alignment of IT Service Management (ITSM) with business needs. ITIL was first developed in 1989 by the UK government. ITIL 4 was released in 2019 and is now marketed by AXELOS.

Answer 214

A

The first experienced person or team to arrive at the scene of an incident.

Answer 215

A

A security appliance or software that analyzes data from a packet sniffer to identify traffic that violates policies or rules.

Answer 216

A

A risk management approach to quantifying vulnerability data and then taking into account the degree of risk to different types of systems or information.

Answer 217

A

The concept that most types of IT requirements can be deployed as a cloud service model.

Answer 218

A

A cryptographic attack where the attacker exploits the need for backward compatibility to force a computer system to abandon the use of encrypted messages in favor of plaintext messages.

Answer 219

A

An attack where a threat actor injects false resource records into a client or server cache to redirect a domain name to an IP address of the attacker’s choosing.

Answer 220

A

A group account is a collection of user accounts that is useful when establishing file permissions and user rights because when many individuals need the same level of access, a group could be established containing all the relevant users.

Answer 221

A

A means of encoding information into passive tags which can be energized and read by radio waves from a reader device.

Answer 222

A

An attack in which data goes past the boundary of the destination buffer and begins to corrupt adjacent memory. This can allow the attacker to crash the system or execute arbitrary code.

Answer 223

A

In security scanning, a case that is not reported when it should be.

Answer 224

A

A characteristic of transport encryption that ensures if a key is compromised, the compromise will only affect a single session and not facilitate recovery of plaintext data from other sessions.

Answer 225

A

Linux command that makes a bit-by-bit copy of an input file, typically used for disk imaging.

Answer 226

A

Cipher that uses public and private keys. The keys are mathematically linked, using either Rivel, Shamir, Adleman (RSA), or elliptic curve cryptography (ECC) alogrithms, but the private key is not derivable from the public one. An asymmetric key cannot reverse the operation it performs, so the public key cannot decrypt what it has encrypted, for example.

Answer 227

A

Policies, procedures, and support software for managing accounts and credentials with administrative permissions.

Answer 228

A

An incident response process that hardens systems, defines policies and procedures, establishes lines of communication, and puts resources in place.

Answer 229

A

Software that cannot definitively be classed as malicious, but may not have been chosen by or wanted by the user.

Answer 230

A

Network (Internet) layer protocol in the TCP/IP suite providing packet addressing and routing for all higher-level protocols in the suite.

Answer 231

A

Classifying the provision of cloud services and the limit of the cloud service provider’s responsibility as software, platform, infrastructure, and so on.

Answer 232

A

A group of hosts or devices that has been infected by a control program called a bot, which enables attackers to exploit the hosts to mount attacks.

Answer 233

A

An analysis that measures the difference between the current and desired states in order to help assess the scope of work included in a project.

Answer 234

A

Settings for services and policy configuration for a network appliance or for a server operating in a particular application role (web server, mail server, file/print server, and so on).

Answer 235

A

An asset disposal technique that ensures that data remnants are rendered physically inaccessible and irrevocable, through degaussing, shredding, or incineration.

Answer 236

A

Identifying, testing, and deploying OS and application updates. Patches are often classified as critical, security-critical, recommended, and optional.

Answer 237

A

A type of OS that prioritizes deterministic execution of operations to ensure consistent response for time-critical tasks.

Answer 238

A

Removes the protective seal and any OS-specific restrictions to give users greater control over the device.

Answer 239

A

Operations that transform a plaintext into a ciphertext with cryptographic properties, also called a cipher. There are symmetric, asymmetric, and hash cipher types.

Answer 240

A

A series of standards defining the use of certificate authorities and digital certificates.

Answer 241

A

Agreement by two companies to work together closely, such as the partner agreements that large IT companies set up with resellers and solution providers.

Answer 242

A

A PNAC switch or router that activates EAPoL and passes a supplicant’s authentication data to an authenticating server, such as a RADIUS server.

Answer 243

A

A server that mediates the communications between a client and another server. It can filter and often modify communications as well as provide caching services to improve performance.

Answer 244

A

A potential indicator of malicious activity where audit logs show unauthorized attempts to read or copy a file or other data.

Answer 245

A

Backup that writes job data to media that is stored in the same physical location as the production system.

Answer 246

A

An authentication token generated by a cryptoprocessor on a dedicated hardware device. As the token is never transmitted directly, this implements an ownership factor within a multifactor authentication scheme.

Answer 247

A

A method of validating a particular entity’s or individual’s unique credentials.

Answer 248

A

A standalone hardware device that performs only the function of a firewall, which is embedded into the appliance’s firmware.

Answer 249

A

In cryptography, the act of two different plaintext inputs producing the same exact ciphertext output.

Answer 250

A

In storage encryption, the private key that is used to encrypt the symmetric bulk media encryption key (MEK). This means that a user must authenticate to decrypt the MEK and access the media.

Answer 251

A

A biometric evaluation factor expressing the point at which FAR and FRR meet, with a low value indicating better performance.

Answer 252

A

A challenge-response authentication protocol created by Microsoft for use in its products.

Answer 253

A

Risk that remains even after controls are put into place.

Answer 254

A

A metric for a device or component that predicts the expected time between failures.

Answer 255

A

Leaders and subject matter experts with responsibility for defining policies, procedures, and standards within a particular domain or scope.

Answer 256

A

A cloud that is deployed for use by a single entity.

Answer 257

A

A group communications protocol that enables users to chat, send private messages, and share files.

Answer 258

A

A potential indicator of malicious activity where event dates or timestamps are not consistent.

Answer 259

A

A process that provides a shared login capability across multiple systems and enterprises. It essentially connects the identity management services of multiple systems.

Answer 260

A

An individual who is responsible for managing the system on which data assets are stored, including being responsible for enforcing access control, encryption, and backup/recovery measures.

Answer 261

A

In privacy regulations, an entity trusted with a copy of personal data to perform storage and/or analysis on behalf of the data collector.

Answer 262

A

Where a threat actor is able to execute arbitrary shell commands on a host via a vulnerable web application.

Answer 263

A

Business or organizational activity that is too critical to be deferred for anything more than a few hours, if at all.

Answer 264

A

A security appliance or software that combines detection capabilities with functions that can actively block attacks.

Answer 265

A

Using features of HTML5 to implement remote desktop/VPN connections via browser software (clientless).

Answer 266

A

Software that aggregates and catalogs data from multiple sources within an industrial control system.

Answer 267

A

Usually a preliminary or exploratory agreement to express an intent to work together that is not legally binding and does not involve the exchange of money.

Answer 268

A

In asymmetric encryption, the private key is known only to the holder and is linked to, but not derivable from, a public key distributed to those with whom the holder wants to communicate securely. A private key can be used to encrypt data that can be decrypted by the linked public key or vice versa.

Answer 269

A

A software delivery model where the code runs on a server and is streamed to a client.

Answer 270

A

When an individual or organization has investments or obligations that could compromise their ability to act objectively, impartially, or in the best interest of another party.

Answer 271

A

Often used to refer to someone who breaks into computer systems or spreads viruses, ethical hackers prefer to think of themselves as experts on and explorers of computer security systems.

Answer 272

A

Software that serves a malicious purpose, typically installed without the user’s consent (or knowledge).

Answer 273

A

The process of determining the probability of occurrence and the impact of identified risks by using logical reasoning when numeric data is not readily available.

Answer 274

A

A method used to verify both the integrity and authenticity of a message by combining a cryptographic hash of the message with a secret key.

Answer 275

A

Detective and preventive security controls that use an agent or network configuration to monitor hosts. This allows for more accurate credentialed scanning, but consumes some host resources and is detectable by threat actors.

Answer 276

A

Organization providing infrastructure, application, and/or storage services via an “as a service” subscription-based, cloud-centric offering.

Answer 277

A

A host (honeypot), network (honeynet), file (honeyfile), or credential/token (honeytoken) set up with the purpose of luring attackers away from assets of actual value and/or discovering attack strategies and weaknesses in the security configuration.

Answer 278

A

A predetermined alternate location where a network can be rebuilt after a disaster.

Answer 279

A

A file containing data captured from system memory.

Answer 280

A

A type of threat actor that is supported by the resources of its host country’s military and security services.

Answer 281

A

A de-identification method where generic or placeholder labels are substituted for real data while preserving the structure or format of the original data.

Answer 282

A

Inspecting traffic to locate and block viruses.

Answer 283

A

An operating system virtualization deployment containing everything required to run a service, application, or microservice.

Answer 284

A

In asset management, the policies and procedures that govern the removal of devices and software from production networks, and their subsequent disposal through sale, donation, or as waste.

Answer 285

A

Demanding payment to prevent or halt some type of attack.

Answer 286

A

When an attacker uses a compromised host (the pivot) as a platform from which to spread an attack to other points in the network.

Answer 287

A

A framework for implementing authentication providers in Linux.

Answer 288

A

The defensive team in a penetration test or incident response exercise.

Answer 289

A

Reward scheme operated by software and web services vendors for reporting vulnerabilities.

Answer 290

A

In a federated network, the service that holds the user account and performs authentication.

Answer 291

A

Applying an access control list to a switch or access point so that only clients with approved MAC addresses can connect to it.

Answer 292

A

A process executed without proper authorization from the system owner for the purpose of damaging or compromising the system.

Answer 293

A

Security settings that control access to objects including file system items and network resources.

Answer 294

A

An enterprise mobile device provisioning model where employees are offered a selection of corporate devices for work and, optionally, private use.

Answer 295

A

Distributed public record of transactions that underpins the integrity of blockchains.

Answer 296

A

Physical security mechanisms that ensure a site is sufficiently illuminated for employees and guests to feel safe and for camera-based surveillance systems to work well.

Answer 297

A

An attack where the attacker intercepts some authentication data and reuses it to try to reestablish a session.

Answer 298

A

The information security standard for organizations that process credit or bank card payments.

Answer 299

A

The science, art, and practice of breaking codes and ciphers.

Answer 300

A

Backup that writes job data to media that is stored in a separate physical location to the production system.

Answer 301

A

A single hash function, symmetric cipher, or asymmetric cipher.

Answer 302

A

A cloud service model that provisions application and database services as a platform for development of apps.

Answer 303

A

Specific procedures that must be performed if a certain type of event is detected or reported.

Answer 304

A

The method by which emerging risks are identified and analyzed so that changes can be adopted to proactively avoid issues from occuring.

Answer 305

A

Advances in firewall technology, from app awareness, user-based filtering, and intrusion prevention to cloud inspection.

Answer 306

A

A general term for the collected protocols, policies, and hardware that authenticate and authorize access to a network at the device level.

Answer 307

A

Analysis of the headers and payload data of one or more frames in captured network traffic.

Answer 308

A

A password that is generated for use in one specific session and becomes invalid after the session ends.

Answer 309

A

A mechanism for encoding characters as hexadecimal values delimited by the percent sign.

Answer 310

A

Risk that an event will pose if no controls are put in place to mitigate it.

Answer 311

A

A contract that establishes precedence and guidelines for any business documents that are executed between two parties.

Answer 312

A

A process through which an organization’s information systems components are kept in a controlled state that meets the organization’s requirements, including those for security and compliance.

Answer 313

A

Policies and processes that ensure asset and service purchases and contracts are fully managed, secure, use authorized suppliers/vendors, and meet business goals.

Answer 314

A

Running primary and backup systems simultaneously to validate the functionality and performance of backup systems without disrupting normal operations.

Answer 315

A

Automatically copying data between two processing systems either simultaneously on both systems (synchronous) or from a primary to a secondary location (asynchronous).

Answer 316

A

Software that can suggest and store site and app passwords to reduce risks from poor user choices and behavior. Most browsers have a built-in password manager.

Answer 317

A

In key management, the storage of a backup key with a third party.

Answer 318

A

Malicious software or hardware that can record user keystrokes.

Answer 319

A

An incident response process in which indicators are assessed to determine validity, impact, and category.

Answer 320

A

A threat actor with a malicious purpose.

Answer 321

A

The actions taken to gather information about an individual’s or organization’s computer systems and software. This typically involves collecting information such as the types of systems and software used, user account information, data types, and network configuration.

Answer 322

A

In cryptography, a key that is used within the context of a single session only.

Answer 323

A

Applying encryption at the table, field, or record level via a database management system rather than via the file system.

Answer 324

A

Application protocol for operating remote connections to a host using a graphical interface. The protocol sends screen data from the remote host to the client and transfers mouse and keyboard input from the client to the remote host. It uses TCP port 3389.

Answer 325

A

A framework of certificate authorities, digital certificates, software, services, and other cryptographic components deployed for the purpose of validating subject identities.

Answer 326

A

An attack that exploits weak request handling or input validation to run arbitrary code in a client browser or on a server.

Answer 327

A

The process of ensuring that all HR and other requirements are covered when an employee leaves an organization.

Answer 328

A

A component of Kerberos that authenticates users and issues tickets (tokens).

Answer 329

A

Input and output controls on a PLC to allow a user to configure and monitor the system.

Answer 330

A

An agreement that stipulates that entities will not share confidential information, knowledge, or materials with unauthorized third parties.

Answer 331

A

Methods of disguising the nature and purpose of buildings or parts of buildings.

Answer 332

A

A process designed to preserve all relevant information when litigation is reasonably expected to occur.

Answer 333

A

A document listing authorized contacts for notification and collaboration during a security incident.

Answer 334

A

On a Windows domain, a way to deploy per-user and per-computer settings such as password policy, account restrictions, firewall status, and so on.

Answer 335

A

A type of password attack that compares encrypted passwords against a predetermined list of possible password values.

Answer 336

A

Network managing embedded devices (computer systems that are designed to perform a specific, dedicated function).

Answer 337

A

Security framework and tools to facilitate use of personally owned devices to access corporate networks and data.

Answer 338

A

The mathematical measure of the possibility of a risk occurring.

Answer 339

A

Information that is being transmitted between two hosts, such as over a private network or the Internet.

Answer 340

A

The process of applying confidentiality and privacy labels to information.

Answer 341

A

Making a copy of a contactless access card.

Answer 342

A

A type of IDS that monitors a computer system for unexpected behavior or drastic changes to the system’s state.

Answer 343

A

Tracking authorized usage of a resource or use of rights by a subject and alerting when unauthorized use is detected or attempted.

Answer 344

A

Provisioning architecture in which deployment of resources is performed by scripted automation and orchestration.

Answer 345

A

A means of determining a receiver’s position on Earth based on information received from orbital satellites.

Answer 346

A

Information that is present in the volatile memory of a host, such as system memory or cache.

Answer 347

A

A target for event data related to access rules that have been configured for logging.

Answer 348

A

Technology that can derive a device’s location when indoors by triangulating its proximity to radio sources such as Bluetooth beacons or Wi-Fi access points.

Answer 349

A

An enterprise mobile device provisioning model where the device is the property of the organization and personal use is prohibited.

Answer 350

A

In security scanning, a case that is reported when it should not be.

Answer 351

A

The severity of the risk if realized by factors such as the scope, value of the asset, or the financial impacts of the event.

Answer 352

A

A function of log analysis that links log and state data to identify a pattern that should be logged or alerted as an event.

Answer 353

A

In vendor management, structured means of obtaining consistent information, enabling more effective risk analysis and comparison.

Answer 354

A

In risk calculation, the percentage of an asset’s value that would be lost during a security incident or disaster scenario.

Answer 355

A

Creating and monitoring effective policies and procedures to manage assets, such as data, and ensure compliance with industry regulations and local, national, and global legislation.

Answer 356

A

List of classified data or information stored or processed by a system.

Answer 357

A

A security configuration where access is denied to any entity (software process, IP/domain, and so on) unless the entity appears on an allow list.

Answer 358

A

An enumeration, vulnerability, or incident detection scan that analyzes only intercepted network traffic rather than sending probes to a target. More generally, passive reconnaissance techniques are those that do not require direct interaction with the target.

Answer 359

A

In PKI, procedures and tools that centralize generation and storage of cryptographic keys.

Answer 360

A

An attack where the threat actor makes an independent connection between two victims and is able to read and possibly modify traffic.

Answer 361

A

Information that is primarily stored on specific media, rather than moving from one medium to another.

Answer 362

A

The process by which the need for change is recorded and approved.

Answer 363

A

The science of creating machines with the ability to develop problem-solving and analysis strategies without significant human direction or intervention.

Answer 364

A

A hacker engaged in authorized penetration testing or other security consultancy.

Answer 365

A

Lists of cryptographic algorithms that a server and client can use to negotiate a secure connection.

Answer 366

A

An enterprise mobile device provisioning model where the device remains the property of the organization, but certain personal use, such as private email, social networking, and web browsing, is permitted.

Answer 367

A

In risk calculation, an expression of the probability/likelihood of a risk as the number of times per year a particular loss is expected to occur.

Answer 368

A

In quantitative risk analysis, the chance of an event that is expressed as a percentage.

Answer 369

A

Company officer with the primary responsibility for management of information technology assets and procedures.

Answer 370

A

Standards, best practices, and guidelines for effective security risk management. Some frameworks are general in nature, while others are specific to industry or technology types.

Answer 371

A

A cloud deployment that uses both private and public elements.

Answer 372

A

Systems that automatically detect users, hosts, and services that deviate from what is expected, or systems and training that encourage reporting of this by employees.

Answer 373

A

The fundamental security goal of keeping organizational information accurate, free of errors, and without unauthorized modifications.

Answer 374

A

Scrambling the characters used in a message so that the message can be seen but not understood or modified unless it can be deciphered. Encryption provides for a secure means of transmitting data and authenticating users. It is also used to store data securely. Encryption uses different types of cipher and one or more keys. The size of the key is one factor in determining the strength of the encryption product.

Answer 375

A

Malware that hijacks computer resources to create cryptocurrency.

Answer 376

A

A private network facility that is owned and operated by an organization for use by its employees only.

Answer 377

A

In threat hunting, the concept that threat actor and defender may use deception or counterattacking strategies to gain positional advantage.

Answer 378

A

Malware that tries to extort money from the victim by blocking normal operation of a computer and/or encrypting the victim’s files and demanding payment.

Answer 379

A

A specific path by which a threat actor gains unauthorized access to a system.

Answer 380

A

A network scope that uses close-range wireless technologies (usually based on Bluetooth or NFC) to establish communications between personal devices, such as smartphones, laptops, and printers/peripheral devices.

Answer 381

A

A type of security control that acts after an incident to eliminate or minimize its impact.

Answer 382

A

Application protocol providing a means for a client to access and manage email messages stored in a mailbox on a remote server. IMAP4 utilizes TCP port number 143, while the secure version IMAPS uses TCP/993.

Answer 383

A

A standard for federated identity management, allowing resource servers or consumer sites to work with user accounts created and managed on a separate identity provider.

Answer 384

A

A type of password attack that exploits weaknesses in the mathematical algorithms used to encrypt passwords, in order to take advantage of the probability of different password inputs producing the same encrypted output.

Answer 385

A

An incident response process in which malicious tools and configurations on hosts and networks are removed.

Answer 386

A

Systematic activity that identifies organizational risks and determines their effect on ongoing, mission critical operations.

Answer 387

A

A metric that defines how closely systems approach the goal of providing data availability 100% of the time while maintaining a high level of system performance.

Answer 388

A

A threat actor that is motivated by a social issue or political cause.

Answer 389

A

Methods exposed by a script or program that allow other scripts or programs to use it. For example, an API enables software developers to access functions of the TCP/IP network stack under a particular operating system.

Answer 390

A

The basic principle of security stating that unless something has explicitly been granted access, it should be denied access.

Answer 391

A

A cloud service model that provisions virtual machines and network infrastructure.

Answer 392

A

Standards for implementing device encryption on storage devices.

Answer 393

A

Typically the job title of the person with overall responsibility for information assurance and systems security. This may also be referred to as chief information security officer (CISO).

Answer 394

A

A model developed by Lockheed Martin that describes the stages by which a threat actor progresses to a network intrusion.

Answer 395

A

A software application running on a single host and designed to protect only that host.

Answer 396

A

A technique that strengthens potentially weak input for cryptographic key generation, such as passwords or passphrases created by people, against brute force attacks.

Answer 397

A

A vulnerability that allows an attacker to run their own code or a module that exploits such a vulnerability.

Answer 398

A

An authentication scheme that requires the user to present at least two different factors as credentials; for example, something you know, something you have, something you are, something you do, and somewhere you are. Specifying two factors is known as “2FA.”

Answer 399

A

A number used in conjunction with authentication devices such as smart cards; as the PIN should be known only to the user, loss of the smart card should not represent a security risk.

Answer 400

A

Infrastructure, protocols, and software that allow a host to join a local network from a physically remote location, or that allow a session on a host to be established over a network.

Answer 401

A

A scanner that reads data from an RFID or NFC tag when in range.

Answer 402

A

A vulnerability that allows an attacker to transmit code from a remote host for execution on a target host or a module that exploits such a vulnerability.

Answer 403

A

A type of switch, router, or software that distributes client requests between different resources, such as communications links or similarly configured servers. This provides fault tolerance and improves throughput.

Answer 404

A

A method of implementing LDAP using SSL/TLS encryption.

Answer 405

A

A security control configuration that blocks access to a resource in the event of failure.

Answer 406

A

Any technique used to ensure that the data entered into a field or variable in an application is handled appropriately by that application.

Answer 407

A

A load balancing technique where a group of servers are configured as a unit and work together to provide network services.

Answer 408

A

Capability of an authenticator or other cryptographic module to prove that it is a root of trust and can provide reliable reporting to prove that a device or computer is a trustworthy platform.

Answer 409

A

Security protocol that provides authentication of DNS data and upholds DNS data integrity.

Answer 410

A

A wireless attack where an attacker gains access to unauthorized information on a device using a Bluetooth connection.

Answer 411

A

A cloud that is deployed for shared use by multiple independent tenants.

Answer 412

A

A biometric assessment metric that measures the number of unauthorized users who are mistakenly allowed access.

Answer 413

A

A documented and resourced plan showing actions and responsibilities to be used in response to critical incidents.

Answer 414

A

A software vulnerability when the resulting outcome from execution processes is directly dependent on the order and timing of certain events, and those events fail to execute in the order and timing intended by the developer.

Answer 415

A

Any type of physical, application, or network attack that affects the availability of a managed resource.

Answer 416

A

Three principles of security control and management. Also known as the information security triad. Also referred to in reverse order as the AIC triad.

Answer 417

A

An X500 attribute expressing a host or username; also used as the subject identifier for a digital certificate.

Answer 418

A

A network service that stores identity information about all the objects in a particular network, including users, groups, servers, client computers, and printers.

Answer 419

A

A potential indicator of malicious activity where authentication attempts are made from different geographical locations within a short timeframe.

Answer 420

A

A file format that uses attribute-value pairs to define configurations in a structure that is easy for both humans and machines to read and consume.

Answer 421

A

An electronic system that is designed to perform a specific, dedicated function, such as a microcontroller in a medical drip or components in a control system managing a water treatment plant.

Answer 422

A

Information stored in a file that human beings cannot read without a specialized processor to decode the binary or complex structure.

Answer 423

A

A cloud deployment model where the cloud consumer uses mutiple public cloud services.

Answer 424

A

Allows clients to request the status of a digital certificate to check whether it is revoked.

Answer 425

A

Senior executives and external stakeholders with responsibility for setting strategy and ensuring compliance.

Answer 426

A

A strictly enforceable ruleset that determines how a task should be completed.

Answer 427

A

OS and applications software can be configured to log events automatically. This provides valuable troubleshooting information. Security logs provide an audit trail of actions performed on the system as well as warning of suspicious activity. It is important that log configuration and files be made tamperproof.

Answer 428

A

A wireless access point that deceives users into believing that it is a legitimate network access point.

Answer 429

A

A type of security control that acts during an incident to identify or record that it is happening.

Answer 430

A

Develops computer security standards used by US federal agencies and publishes cybersecurity best practice guides and research.

Answer 431

A

A vulnerability that a threat actor can exploit to run malicious code with the same privilege level as the vulnerable process.

Answer 432

A

An asset disposal technique that relies on a third party to use sanitization or destruction methods for data remnant removal, and provides documentary evidence that the process is complete and successful.

Answer 433

A

Linux command for managing file permissions.

Answer 434

A

IPSec protocol that provides authentication for the origin of transmitted data as well as integrity and protection against replay attacks.

Answer 435

A

A security configuration where access is generally permitted to a software process, IP/domain, or other subject unless it is listed as explicitly prohibited.

Answer 436

A

Software capable of detecting and removing virus infections and (in most cases) other types of malware, such as worms, Trojans, rootkits, adware, spyware, password crackers, network mappers, DoS tools, and so on.

Answer 437

A

The fundamental security goal of keeping information and communications private and protecting them from unauthorized access.

Answer 438

A

A type of attack that subverts network security systems and policies to transfer data without authorization or detection.

Answer 439

A

The practice of exploiting flaws in an operating system or other application to gain a greater level of access than was intended for the user or application.

Answer 440

A

Data that has been enciphered and cannot be read without the cipher key.

Answer 441

A

Software testing that examines code behavior during runtime. It helps identify potential security issues, potential performance issues, and other problems.

Answer 442

A

A layer 3 firewall technology that compares packet headers against ACLs to determine which network traffic to accept.

Answer 443

A

Demanding payment to prevent the release of information.

Answer 444

A

The identification or estimation of the physical location of an object, such as a radar source, mobile phone, or Internet-connected computing device.

Answer 445

A

An attack type that will entice a victim into using or opening a removable device, document, image, or program that conceals malware.

Answer 446

A

Removing or severely restricting communications paths to a particular device or system.

Answer 447

A

A target for event data related to detection/prevention rules that have been configured for logging.

Answer 448

A

A security monitoring tool that monitors network packets for anomalous behavior based on known signatures.

Answer 449

A

A small unit of supplemental code meant to address either a security problem or a functionality flaw in a software package or operating system.

Answer 450

A

An incident response process that correlates event data to determine whether they are indicators of an incident.

Answer 451

A

A device that provides a connection between wireless devices and can connect to wired networks, implementing an infrastructure mode WLAN.

Answer 452

A

Security control that can enforce a virtual boundary based on real-world geography.

Answer 453

A

An independent, single-function module with well-defined and lightweight interfaces and operations. Typically this style of architecture allows for rapid, frequent, and reliable delivery of complex applications.

Answer 454

A

A stateful inspection firewall that can filter traffic based on specific application protocol headers and data, such as web or email data.

Answer 455

A

Software or services installed and managed on a customer’s computing infrastructure rather than in the cloud or hosted by a third-party provider.

Answer 456

A

A cryptographic authentication mechanism for mail utilizing a public key published as a DNS record.

Answer 457

A

During asymmetric encryption, this key is freely distributed and can be used to perform the reverse encryption or decryption operation of the linked private key in the pair.

Answer 458

A

A method of validating a certificate by tracing each CA that signs the certificate, up through the hierarchy to the root CA. Also referred to as chain of trust.

Answer 459

A

Standards for implementing data access over cellular networks are implemented as successive generations. For 2G (up to about 48 Kb/s) and 3G (up to about 42 Mb/s), there are competing GSM and CDMA provider networks. Standards for 4G (up to about 90 Mb/s) and 5G (up to about 300 Mb/s) are developed under converged LTE standards.

Answer 460

A

A malicious request to a legitimate server is created and sent as a link to the victim, so that a server-side flaw causes the malicious component to run on the target’s browser.

Answer 461

A

Resources on the Internet that are distributed between anonymized nodes and protected from general access by multiple layers of encryption and routing.

Answer 462

A

Overprovisioning resources at the component, host, and/or site level so that there is failover to a working instance in the event of a problem.

Answer 463

A

The process of adjusting detection and correlation rules to reduce incidence of false positives and low-priority alerts.

Answer 464

A

An incident response process in which scope of affected systems is constrained using isolation, segmentation, and quarantine techniques and tools.

Answer 465

A

Professional behavior depends on basic ethical standards, such as honesty and fairness. Some professions may have developed codes of ethics to cover difficult situations; some businesses may also have a code of ethics to communicate the values it expects its employees to practice.

Answer 466

A

An access control model where resources are protected by inflexible, system-defined rules. Resources (objects) and users (subjects) are allocated a clearance level (or label).

Answer 467

A

Team with responsibility for incident response. The CIRT must have expertise across a number of business domains (IT, HR, legal, and marketing, for instance).

Answer 468

A

A list of certificates that were revoked before their expiration date.

Answer 469

A

A wireless network authentication mode where a passphrase-based mechanism is used to allow group authentication to a wireless network. The passphrase is used to derive an encryption key.

Answer 470

A

The process by which a user account (and its credentials) is issued to the correct person. Sometimes referred to as enrollment.

Answer 471

A

An incident response process in which hosts, networks, and systems are brought back to a secure baseline configuration.

Answer 472

A

A term used in US and UK common law to require that people only be convicted of crimes following the fair application of the laws of the land.

Answer 473

A

In threat hunting, using sources of threat intelligence data to automate detection of adversary IoCs and TTPs.

Answer 474

A

US federal law that protects the storage, reading, modification, and transmission of personal healthcare data.

Answer 475

A

The process by which an attacker is able to move from one part of a computing environment to another.

Answer 476

A

A type of wireless network where connected devices communicate directly with each other instead of over an established medium.

Answer 477

A

Framework for ensuring proper application of SPF and DKIM, utilizing a policy published as a DNS record.

Answer 478

A

Complete loss of building power.

Answer 479

A

An impersonation attack in which a request for a website, typically an e-commerce site, is redirected to a similar-looking, but fake, website.

Answer 480

A

A console presenting selected information in an easily digestible format, such as a visualization.

Answer 481

A

Protocol used to access network directory databases, which store information about authorized users and their privileges, as well as other organizational information.

Answer 482

A

In digital forensics, the method and tools used to create a forensically sound copy of data from a source device, such as system memory or a hard disk.

Answer 483

A

Software that records information about a PC and its user. Adware is used to describe software that the user has acknowledged can record information about their habits.

Answer 484

A

The method of using a digital signature to ensure the source and integrity of programming code.

Answer 485

A

Processing, memory, storage, and networking resources that allow a host or network appliance to handle a given workload.

Answer 486

A

A technique that ensures a redundant component, device, or application can quickly and efficiently take over the functionality of an asset that has failed.

Answer 487

A

The process through which changes to the configuration of information systems are implemented as part of the organization’s overall configuration management efforts.

Answer 488

A

Information stored in a file type that human beings can access and understand using basic viewer software, such as documents, images, video, and audio.

Answer 489

A

A network-based attack where the attacker dramatically increases the bandwidth sent to a victim during a DDoS attack by implementing an amplification factor.

Answer 490

A

The process of removing an account, host, or application from the production environment. This requires revoking any privileged access that had been assigned to the object.

Answer 491

A

A technique that essentially “hides” or “camouflages” code or other information so that it is harder to read by unauthorized users.

Answer 492

A

Enumeration and inventory processes and software that ensure physical and data assets comply with configuration and performance baselines, and have not been tampered with or suffered other unauthorized access.

Answer 493

A

A method that uses feature comparisons and likenesses rather than specific signature matching to identify whether the target of observation is malicious.

Answer 494

A

An application attack that allows access to commands, files, and directories that may or may not be connected to the web document root directory.

Answer 495

A

A technique for removing duplicate copies of repeated data. In SIEM, the removal of redundant information provided by several monitored systems.

Answer 496

A

A Windows console related to viewing and exporting events in the Windows logging file format.

Answer 497

A

A mechanism for gaining access to a computer that bypasses or subverts the normal method of authentication.

Answer 498

A

Techniques and tools designed to mitigate risks from application vulnerabilities in third-party code, such as libraries and dependencies.

Answer 499

A

The order in which volatile data should be recovered from various storage locations and devices after a security incident occurs.

Answer 500

A

An impersonation attack in which the attacker gains control of an employee’s account and uses it to convince other employees to perform fraudulent actions.

Brainscape's Knowledge GenomeTM

Glossary Flashcards

Brainscape's Knowledge Genome^TM