Glossary Flashcards

Be able to define all terms associated with CompTIA Sec+

1
Q

Define 3DES

A

Digital Encryption Standard version 3 is a type of Symetric encryption algorythm use to encrypt data at block ciphers of 64-bit, also provides confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is AAA?

A

Authorization, Authentication, Accounting

Authentication verifies identity.

Authorization verifies accesibility to asstets.

Accounting tracks user access with logs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is ABAC?

A

Attribute-based access control, An access control model based on attributes of its subjects and objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define AUP?

A

Accessible Use Policy defines proper system usage and rules of behavior for employees within an organization. This can include the purpose of system or a network, how users interact with them and the responsabilities of the users when accessing a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are Access Points?

A

A device that provides an extension of WiFi signal or generates a WiFi signal. Sometimes called WAP (Wireless Access Point)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define Accounting

A

The process of tracking the activity of users and recording this activity in logs, by the use of audit logs that create an audit trail.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are Access Control Lists?

A

List of rules used by routers and stateless firewalls. These devices use the ACL to control traffic based on networks, subnets, IP addresses, ports and some protocols.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Active Reconnaissance?

A

Penetration Testing method used to collect information. It sends data into systems and analyzes responds to gain information on the target.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define Ad Hoc

A

A connection used by wireless devices without an AP. When wireless devices connect through an AP, they are using infrastructure mode.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Whate are Administrative Controls?

A

Security controls implemented via administrative or management methods.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define AES

A

Advanced Encryption Standard, a strong Symmetric block cipher that encrypts data in 128 bit block. AES can use key sizes 128, 192, 256.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Affinity is?

A

A scheduling method used with load balancers. It uses the client’s IP address to ensure client is redirected to the same server during a session.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Aggregation Switch is?

A

A switch used to connect multiple switches together into a network. Switches connect to the aggregation switch and it connects to a router.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Agile?

A

A software development life cycle model that focuses on interaction between, customers, developers and testers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define AH

A

Authentication Header. An option within IPSec to provide authentication and integrity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is airgap?

A

A physicical security control that provides physical isolation. Systems seperated by an airgap dont typically have any physical connections to other systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is ALE?

A

Annual loss expectancy. The expected loss for a year. It is used to measure risk with ARO (Annual Rate of Occurance) and SLE (Single Loss Expectancy) in a quantitative risk assessment. The equation goes:

SLE x ARO = ALE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Amplification Attack is?

A

An attack that increases the amount of bandwidth sent to a victim.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Anomaly is?

A

Type of monitoring on intrusion detection and intrusion prevention systems. It detects attacks by comparing operations against baseline. It is also known as heuristic detection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Define ANT

A

Propietary wireless protocol used by some mobile devices. It is not an acronym.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is Antispoofing

A

A method used on some routers to protect against spoofing attacks. A common configuration is to implement specific rules to block certain traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Antivirus is?

A

Software that protects systems from malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Define Application Blacklist

A

A list of applications that a system blocks. Users are unable to install or run any applications on the list.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

what is Application cell ?

A

Also known as application container. A virtualization technology that runs services or applications within isolated application cells or container. Each container shares the kernel of the host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Application Whitelist is:

A

A list of applications that a system allows. Users are only able to install or run applications on the list.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

APT is

A

Advanced Persistent Threat. A group that has both capability and intent to launch sophisticated and targeted attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Define ARO

A

Annual Rate of Occurence. The number of times a loss is expected to occur in a year. It is used to measure risk with ALE and SLE in a quantitative risk assessment.

SLE x ARO = ALE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is arp?

A

A command-lline tool used to show and manipulate the address resolution protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Define ARP poisoning

A

An attack that misleads systems about the actual MAC address of a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is Asset Value?

A

An element of a risk assessment. It identifies the value of an asset and can include any product, system, resource, or process. The value can be a specific monetary value or a subjective value.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Assymetric Encryption is?

A

A type of encryption using two keys to encrypt and decrypt data. It uses a public key and a private key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Audit trail is?

A

A record of events recorded in one or more logs. When security professionals have access to all the logs, they can recreate the events that occured leading up to a security incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is authentication?

A

The process that occurs when a user proves an identity, such as with a password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Define Availaibility

A

One of the three main goals of information security known as the CIA security triad. Availaibility ensures that systems and data are up and operational when needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Explain the term backdoor

A

An alternate method of accessing a system. Malware often adds a backdoor into a system it infects it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What is a background check

A

A check into a person’s history, typically to determine eligibility for a job.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Banner grabbing is:

A

A method used t_o gain information about a remote system_. If identifies the operating system and other details on the remote system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Bycrypt is

A

A key stretching algorithm. It is used to protect passwords. Bycrypt salts passwords with additional bits before encrypting them with Blowfish. This thwarts rainbow tables attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

BIOS is:

A

Basic Input/Output System. A computer’s firmware used to manupulate different settings such as the date and time, boot drive and access passwords. UEFI is the designated replacement for BIOS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What is birthday?

A

A password attack named after the birthday paradox, in probability theory. The paradox states that for any random group of 23 people, there is a 50% chance that 2 of them have the same birthday.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Define Black Box Test:

A

A type of penetration test. Testers have zero knowledge of the environment prior to starting the test.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Block Cipher is:

A

An encryption method that encrypts data in fixed size blocks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Define Blowfish:

A

A strong symmetric Encryption method. It encrypts data in 64-bit blocks and supports key sizes between 32 bits and 448 bits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Bluejacking is:

A

An attack agains Bluetooth devices. It is a practice of sending unsolicited messages to nearby Bluetooth devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is Bluesnarfing:

A

An attack against Bluetooth devices. Attackers gain unauthorized access to Bluetooth devices and can access all the data on the device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Bollards are?

A

Short vertical posts that act as a barricade. Bollards block vehicles, not people.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Bots

A

Software robots that function automatically. A botnet is a gorup of computers that are joined together. Attackers often use malware to join computers to a botnet, and then use the botnet to launch attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

BPA is:

A

Business Partner Agreement, A written agreement that details the relationship between business partners, including their obligations toward the partnership.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Bridge is

A

A network device used to connect multiple networks together. It can be used instead of a router.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Define Brute Force:

A

A password attack that attempts to guess a password. Online brute force attacks guess passwords of online systems. Offline attacks guess passwors contained in a file or database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Buffer Overflow is:

A

An error that occurs when an application receives more input, or different than it expects. It exposes system memory that is normally inaccessible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Define BIA:

A

Business Impact Analysis is a process by which an organization identfies critical systems and components that are esential to the ornganization’s success.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What is BYOD?

A

Bring Your Own Device, A mobile device deployment model. Employees can connect their personally owned device to the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

CA is

A

Certificate Authority an organization that manages, issues and signs certificates. A CA is a main element of PKI.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Define CAC

A

Common Access Card. A specialized type of smart card used by the US dept. of Defense. It includes photo identification and provides confidentiality, integrity, authentication and non-repudiation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Captive Portal is

A

A technical solution that forces wireless clients using web browsers to complete a process before accessing a network. It is often used to ensure users afree to an acccestable use policy or pay for accessn.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

What is Carrier Unlocking

A

A process of unlicking a mobile phone from specific cellular provider.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Define CBC:

A

Cipher Block Chaining. A mode of operation used for encryption that effectively converts a block cipher into a stream cipher. It uses a IV for the first block and each subsequent block is combined with the previous block.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Define CCMP

A

Counter Mode w/ Cipher Block Chaining Message Protocol. An encryption protocol based on AES and used with WPA-2 for wire;ess security.It is more secure than TKIP was used with the original release of WPA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

What is CER

A

Canonical Encoding Rules, a base format for PKI. They are binary encoded files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Define certificate

A

A digital file used for encryption, authetntication, digital signatures and more. Public certificates include a public key use dfor asymmetric encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

What is certificate chaining?

A

A process that combines ll certificates within a trust model. It includes all the certificates in the tust chain from the root ca down to the certificate issued to the end user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

What is a chain of custody?

A

A process that provides assurance that evidence has been controlles and handled properly after collection. Forensic experts establish a chain of custody when they first collecte evidence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

change management is:

A

The process used to prevent unauthorized changes. Unauthorized chanes often result in unintended outages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Define CHAP

A

Challenge Handshake Authentication Protocol. An Authentication mechanism where server challenges a client.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

chroot is:

A

A linux command used to change the root directory. It is often used for sandboxing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Define ciphertext

A

The result of encryptiing plaintext. Ciphertext is no in an easily readable format unitl decrypted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

What is clean desk policy?

A

A security policy requiring employees to keep thheir areas orazined and free of papers. The goal is to reduce threats of security incidents by prtecting sesitive data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

What is clickjacking?

A

An attack that tricks users into clicking something other than what they think they’re clicking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

Cloud Access Security Broker (CASB)?

A

A software toool or service that enforces cloud-based security requirements. It is placed between the organization’s resources and the cloud, monitors all network traffic and can enforce security policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

What is Cloud deployement model:

A

Cloud model types that identify who has access to cloud resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Code signing is:

A

The process of assigning a certificate to code. The certificate includes a digital signature and validetes the code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

What is a Cold Site?

A

An alternate location for operations. A cold site will have power and connectivity needed for activation and validates the code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

What is collision?

A

A hash vulnerability, that can be used to discover passwords. A hash collision occurs when two different passwords create the same hash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

What are compensating controls?

A

Security controls that are alternative controls used when a primary security control is no feasible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

Compiled code is:

A

Code that has been optimized by an application and converted into an executed file. Compare with runtime code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

What is confidential data:

A

Data meant to be kept secret among a certain group of people. As an example, salary data is meant to be kept secret and not shared with everyone within a company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

Define Confidendiality

A

One of the three main goals of information security known as the CIA security triad. Confidentiality ensures that unauthorized entities cannot aces data. Ecryption and access controls help protect against the loss of confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

Configuration compliance scanner is:

A

A type of vulnerability scanner that verifies systems are configured correctly. It will often use a file that identifies the proper configuration for systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

Confusion is

A

A cryptography concept that indicates ciphertext is significantly different than plaintext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

Containerization is:

A

A method used to isolate applications in mobile devices. It isolates and protects the application, onclding any data used by the application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

Context-aware-authentication is:

A

An authentication method using multiple elements to authenticate a user and a mobile device. It can include an identity, geolocation, the device type and more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

Continuity of operations planning

A

The planning process that identifies an alternate location for operations after a critical outage. It can include a hot site, cold site, or a warm site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

Control diversity is:

A

The use of different security control types, such as technical controls administrative controls, and pshysical controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

Define Controller-based AP:

A

An AP that is managed by a controller. Also called a thin AP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

COPE

A

Corporate Owned, Personally Enabled. A mobile device deployment model. The organization purchases and issues devices to employees.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

What are corrective controls?

A

Security controls that attempt to reverse the impact of a security incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

What is Cross-Over Error Rate?

A

The point where the false acceptance rate crosses over with the false rejection rate. A lower CER indicates to an employee more a more accurate biometric system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

CRL is:

A

Certificate Revocation List. A list of certificates that a CA has revoked Certificates are commonly revoked if they are compromised, or issued to an employee who has left the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

Define XSRF:

A

Cross-site Request Forgery is a web application attack. XSRF attack tick users into peforming actions on websites, such as making purchases.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

Define XSS

A

A web application vulnerability. Attackers embed malicious HTML or AjavaScript code into a web site’s code which executes when the user vists the site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

What is cypto-malware:

A

A type of ransomware that encypts the user’s data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

What is crypto module?

A

A set of hardware, software, and/or firmware that implements cryptographic functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

What is Crypto Service Provider?

A

A software library of cryptographic standards and algorithms. These libraries are typically distributed within crypto modules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

Define CSR:

A

Certificate Signining Request. A method of requesting a certificate from a CA. It starts by creating an RSA-Based private/public key pair and then including the public key in the CSR.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

Define CTM:

A

Counter Mode. A mode of operation used for encryption that combines an IV with a counter. The combined result is used to encrypt blocks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

Custom firmware:

A

Mobile device firmware other than the firmware provided wiht the device. People sometimes use custom firmware to root Android devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

Cyber-incident response team is:

A

A group of experts who respond to seucrity incidents. also known as CIRT.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

Define CYOD:

A

Choose Your Own Device. A mobile device deployment model. Employees can connect personally owned device to the network as long as the device is on a prepaproved list.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

DAC is:

A

Discretionary Access Control. An access control model where all objects have owners and owners can modify permissions for the objects (file and folres). Microsoft NTFS uses teh DAC model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

Data at rest is:

A

Any data stores on media. Its common to encrypt sinsitve data at rest.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

Define DEP:

A

A security feature that prevents code from executing in memory reguins marked as nonexecutable. It helps block malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

What is Data exfiltration?

A

The unauthorized transfer of data outside an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

Data retention policy is:

A

A security policy specifying how long data should be kept retained.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

Data sovereignity is:

A

A term that referes to the legal implications of data sotred in different countries. It is primarily a concern related to backups sotred in alternate locations via the cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
106
Q

DDos

A

Distributed Denial of Service Attack. An attack on a system launched from multiple sources intended to make computers resources or services unavailable to users. DDos attacks typically include sustained, abnormally high netork traffic. Compare with DoS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
107
Q

What is Dead Code?

A

Code that is never executred or used. It is often caused by logic errors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
108
Q

Defense in depth is:

A

The use of multiple layers of security to protect resources. Control diversity and vendor diverisyt are two methods organizations implement to provide defense in depth.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

What is degaussing?

A

The process of removing data from magnetic media using a very powerful electronic magnet. Degaussing is somtimes used to remove data from backup tapes or to destroy hard disks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
110
Q

Define DER

A

Distinguished Encoding Rules. A base format for PKI certificates. They are BASE 64 ASCII econded files. Compare with CER.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
111
Q

Define DES

A

Data Encryption Standard. A legacy symmetric encryption standards used to provide confidentiality. IT hgas been compromised and AES or DES should be used instead.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
112
Q

Detective controls

A

Security controls that attempt to detect secuiry incidents after they have occured.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
113
Q

What is a Dictionary?

A

A password attack that uses a file of words and character comninations. The attack tries every entry within the file when trying to guess a password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
114
Q

What is a differential backup?

A

A type of back up that backs up all the data that has changed or is different since the last full backup.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
115
Q

Define DH:

A

Deffie-Hellmann, An asymmetric algorithm used to privetly share symmetric keys. DH Ephemeral (DHE) uses ephemeral keys, which are re-created for each session. Elliptic Curve - DHE (ECDHDE) uses elliptic curve cyprtography to generate ecryption keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
116
Q

What is difussion?

A

A cyrptography concept that ensures that small changes in plaintext result in significant changes in ciphertext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
117
Q

What is dig?

A

A command-line tool used to dest DNS on Linux Systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
118
Q

Digital Signature is:

A

An encrypted hash of a message, encrypted with the sender’s private key. It provides authentication, non-repudiation and integrity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
119
Q

Disablement Policy is:

A

A policy that identifies when administratods shoulddisable user accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
120
Q

Disassociation Attacks are:

A

An attack that removes wireleess clients from wirtelss network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
121
Q

What is a dissolvable agent:

A

A nac Agent that runs on a client, but deletees itslef later. It checks the clien for health. Compare with permanent agent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
122
Q

DLL Injection is:

A

An attack that injects a Dynamic link library into memory and runs it. Attackers rewrite the DLL, inserting malicious code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
123
Q

What is DLP:

A

Data Loss Prevention. A gorup of techonologies used to prevent data loss. They can block the use of USB devices, monitor outgoing email to detech and block unauthorized data transfers, and monitor data stores in the cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
124
Q

What is DMZ?

A

Demilitrized Zone, A buffer zone between the internet and the internal network. Internet clients can access the services hosted on servers in the DMZ, but the DMZ provides a layer protection for the internal network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
125
Q

Define DNS:

A

Domain Name System, a Aservice used to resolve host names to IP addresses. DNS zones inlcude records such as A records for IPv4 addresses and AAAA records for IPv6 addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
126
Q

What is DNSSEC?

A

Domain Name System Security Extensions, A suite of extension to DNS used to protect the integrity of DNS records and prevent some DNS attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
127
Q

DNS poisoning

A

An attack that modifies or corrupts DNS results. DNSSEC helps prevent DNS from the owner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
128
Q

Domain hijacking is:

A

An attack that changes the registration of a domain name withough permission from the owner.

129
Q

What is DoS

A

Denial of service. An attack from a single source that attempts to disrupt the services provided by the attacked system. Compare with DDoS.

130
Q

Downgrade Attack is:

A

Atype of attack that forces a system to downgrade its security. The attacker then exploits the lesser security control.

131
Q

DSA

A

Digital Signature Algorithm. An encrypted hash of a message used for authentication, non-repudiation and integrity. The sender’s private key encrypts the hash of the message.

132
Q

Dumpster Diving:

A

The practice of searching through trash looking to gain information from discarded documents. Shredding or burning papers helpsprevent the successe of dumspter diving.

133
Q

EAP

A

Extensible Authentication Protocol. An authentication framework that provides general guidance for authentication methods. Variation include PEAP, EAP-TLS, EAP-TTLS, and EAP-FAST.

134
Q

EAP FAST is:

A

EAP-Flexible. Authentication via Secure Tunneling EAP-FAST. A cisco designed reaplcement for Lightweight EAP (LEAP). It supports certifiates, but they are optional.

135
Q

EAP TLS

A

Extensible Authentication Protocol-Transport Layer Security. An extension of EAP sometimes used witrh 802.1x. This is one of the most secure EAP standars and is widely implemented. It requires certificates on the 802/1x server and on the clients.

136
Q

EAP-TTLS is

A

Extensible Autheitcation Protocol-Tunneled Transport Layer Security. An extension of EAP, sometimes used with 802.1x. It allows systems to use some older autheitcation methods such as PAP whthin TLS Tunnel. It requires a certificate on the 802.1x server but not on the clients.

137
Q

ECB is:

A

Electronic CodeBook is a legacy mode ofoperation used for encryption. It is weak and should be depretacted.

138
Q

What are embedded systems:

A

Any device that has dedicated function and uses a computer system to perform that function. It includes a CPU, an operating system and one or more applications.

139
Q

EMI is

A

Electromagnetic Interference, which is caused by motors, powerlines and fluorescnt lights. EMI shielding prevents outside interference sources from corrupting data and prevents data from emanating outside the cable.

140
Q

What is EMP?

A

Electromagnetic pulse. A short burst of energy that can potentially damage electronic equipment. It can result from electrostatic discharge (ESD), lightning and military weapons.

141
Q

What is encryption?

A

A process that scrambles or ciphers data to make it unreadable. Encryption normally includes a public algorithm and a privete key. Compare with asymetcis and symmetric encyrption.

142
Q

Enterprise is

A

A wireless mode that uses an 802.1x server for seuciryt. It forces users to authenticate with a Username and password. Compare with open and PSK modles.

143
Q

ESP

A

Encapsulating Security Payload, an operation within IPSec, to provide confidentiality, integrity, and autentication.

144
Q

What is an Evil Twin:

A

A type of rogue AP, an evil twin has the same SSID as a legitimate AP.

145
Q

Exit interview is:

A

An interview conducted with departing employees, just before they leave an organization.

146
Q

What is an exploitation framework:

A

Tools used to store information about the security vulnerabiliteis. They are often used by penetraion testers (and attackers), to detecht and exploit software.

147
Q

Extranet is:

A

The part of an internal network shared with outside entities. Extranets are often used to provide access to authorized business partners cutomers, vendors or others.

148
Q

Facial Recognition is:

A

A biometric method that identifies poeple based on facial features.

149
Q

False Negative is:

A

A security inicident that isn’t detected or reported. As an example, a NIDS false negativs occurs if an attack is active on the network but the NIDS does not raise the alert.

150
Q

What is False Positive:

A

An alert on the event that isnt a secyruty indicent. An example, a NIDS false positive occurs if the NIDS raises an alert but activity on the network is normal.

151
Q

FAR is:

A

False Acceptance Rate, also called the false match rate. A rate that identifies the percentage of ties a biometics authentication system incorrectly indicates a match.

152
Q

What is a Faraday Cage?

A

A room or enclosure that prevents signals from emanting beyond the room or enclosure.

153
Q

fat AP is:

A

An AP that includes everything needed to connect wireless clients to a wireless network. Fat APs, must be configured independently. Sometimes called a stand-alone AP. Comapre with thin AP.

154
Q

what is faul tolerance?

A

The capability of a system to suffer a fault, but continue to operate. Said another way, the system that can tolerate a the fault as if it never occured.

155
Q

What is FDE?

A

Full Disk Encyption, A method to encypt an entire disk. Compare SED

156
Q

What is federation?

A

Two or more members of a federeated identity management system. Used for single sign-on.

157
Q

Fingerprint Scanners are:

A

Biometric system that can fingerprint for authentication

158
Q

What is a firewall:

A

A software or network device used to filter traffic. Firewall can be application-based (running on a host), or a network-based device. Stateful firewalls filter traffic using rules within an ACL. Stateless firewalls filter traffic based on its state within a session.

159
Q

What are firmware OTA Updates?

A

Over-the-air updates for mobile device firmware that keep them up to date. These are typically downlodaded to the device from the internet and applied to update the device.

160
Q

What is flood guard?

A

A methid of thwarting flood attacks. On swithces a flood guard thwarts MAC Flood attacks. On routers a flood guard preventes SYN flood attacks.

161
Q

What is a framework?

A

A structure used to provide a foundation. Cybersecyrity frameowrks typucalle yse a structure of basic comncepts and provide guidance to professionals on how to implement security.

162
Q

What is FRR?

A

False Rejection Rate, also called the false nonmatch rate. A rate that identifies the percentage of times a biometric authentication system incorrectly rejects a valid match.

163
Q

What is a FTPs:

A

File Transfer Protocol Secure. An extension of FTP that uses TLS to encrypt FTP traffic. Some implementations of FTPS use TCP ports 989, 990.

164
Q

What is Full Backup?

A

A type of backup that backs up all the selected data. A fill backup could be considered a Normal Backup.

165
Q

What is a full Tunnel?

A

An encrypted connection used with VPNs. When a user is connected to a VPN all traffic from the user us encrypted. Compate with Split tunnel.

166
Q

What is GCM?

A

Galois/Counter Mode A mode of operation used for encryption. It combines the Counter Mode (CTM), with hashing techniques for data authenticity and condifentiality.

167
Q

What is Geofencing?

A

A virtual fence or geographic boundary. It uses GPS to create the boundary. Apps can then respond when a mobile device is within a virutal fence.

168
Q

What is geolocation?

A

The location of adevice identified by GPS. It can help locate a lost or stolen movile device.

169
Q

What is GPO?

A

Group Policy Object. A technology used withhin Microsoft Windows to amange users and computers. It is implemented on a domain controller wihin a domain.

170
Q

GPS is:

A

Global Positioning System. A satellite-based navigation system that identifies the location oa device or vehicle. Mobile devices often incorporate GPS capabilities.

171
Q

GPS Tagging is:

A

A process of adding geopgraphical data to files such as pictures. It typically includes latitude and longitude coordinates of the location where the picture was taken or the file was created.

172
Q

What is gray-box test:

A

A type of penetration test. Testers have some knowldge of the environment prior to starting the test.

173
Q

Group Based Access Control is:

A

A role-based access control method that uses groups as roles.

174
Q

What is a Guest Account?:

A

A pre-created account in Windows Systems. It is disabled by default.

175
Q

Hacktivist is:

A

An attacker who launches attacks as part of an activist movement or to further a cause.

176
Q

What is a Hardware root of trust?

A

A known secure starting point. TPMs have a private key bruned into the hardware that provides a hardware root of trust.

177
Q

Hash is:

A

A number created by executing a hashing algorithm against data, such as a file or message Hashing is commmonly used for intefrity. Common hashing algorithms are MD5, SHA1, HMAC.

178
Q

What is Heuristic?

A

Also known as behavioral, A type of monitoring on intrusion detection and intrusion prevention systems. It detects attacks by comparing traffic against a baseline. It is also known as anomally detection.

179
Q

HIDS is:

A

Host-Based instrusion detection system. Software installed on a system to detech attacks. It protects local resources on the host. A host-based intrusion prevention system (HIPS) is an extension of a HIDS. It is software installed on a sustem to detech and block attacks.

180
Q

High Availaibility is:

A

A term that indicates a system or component remains available close to 100 of the time.

181
Q

HMAC is:

A

Hash-based Message Authentication Code, A hashing algorithm used to verify integrity, and authenticity of a message with the use of a shared secret. It is typically comabines with another hashing algorithm such as SHA.

182
Q

What’s a HOAX?

A

A message often circulated through email, that tells of impending doom from a virus or other security threat that simply doesnt exist.

183
Q

Home Automation is:

A

Smart devices used within the home that have IP Addresses. These are typically accessible via the internet and are part of the internet of things.

184
Q

Honeypot is:

A

A server designed to attackt an attacker. It typically has weakened security encouraging attackers to investigate it.

185
Q

Honeynet is:

A

A group of honeypots in a network. Honeynets are often configured in virtual networks.

186
Q

Hot and cold Aisles:

A

A method commonly used in data centers to keep equipment cool. Cool air flows from the front of the cainets to the back, making the fron aisle cooler and the back aisle warmer.

187
Q

HOTP is:

A

HMAC Based OTP. An open standard used for creating OTP it combines a secret-key and a counter. and then uses HMAC to create a hash of the result.

188
Q

Hot Site is:

A

An alternate location for operations. A hot site typically includes eveything needed to be operational within 60 minutes. Compare with cold site and warm site.

189
Q

Define HSM:

A

Hardware Security Module: A removable or external device that can generate, store and manage RSA keys used in asymmetric encryption. Compare with TPM.

190
Q

HTTPS is:

A

Hypertext transfer Procotol Secure. A protocol use dto encrypt HTTP traffic. HTTPS encrypts traffic with TLS using port 443.

191
Q

What is HVAC:

A

Heating ventilation and air conditioning. A physical security control that increases availibility by regulating airflow within data centers and server rooms.

192
Q

Define IaaS:

A

Infrastructure as a Service: A cloud computing model that allows an organization to rent access to hardware in a self-managed platform. Compare with PaaS and SaaS.

193
Q

Define ICS:

A

Industrial Control System:. A system that controls large systems such as power plants or water treatment facilities. A SCADA system controls the ICS.

194
Q

Define Identification:

A

The processs that ocuurs when a user claims an identity, such as with a username.

195
Q

IEEE 802.1X

A

Authentication protocol used in VPNs, wired and wireless networks. VPNs often implement it as a RADIUS server. Wired networks use it for port based authentication. Wirelesss netowrks use it in Enterprise Mode. It can be used with certificate-based authentication.

196
Q

What is ifconfig:

A

A command-line tool used on Linux systems to show and manipulate settings on a netowork interface card (NIC). Similiar to IPCONFIG used on Windows Systems.

197
Q

IMAP4

A

Internet Message Access Protocol version 4. A protocol used to share and manage email on servers. IMAP4 uses TCP port 143. Secure IMAP4 uses TLS to encrypt traffic.

198
Q

What is impact?

A

The magnitude of harm related to a risk. It is the negative result of an event such as the loss of condidentiality, integrity, or availaiblity of a system or data. Compare, with the likelyhod of occurance.

199
Q

Explain implicit deny:

A

A rule in an ACL tha blocks all traffic that hasnt been explicitly allowed. The implicit deny rules is the last rule in an ACL.

200
Q

What is an incident response:

A

The process of responding to a security incident. Organizations often create an incident response plan that outlines the procedures to be used when responding to an incident.

201
Q

IRP (Incident Response Plan) is:

A

The proceudres documented in an incident response policy.

202
Q

Incident repsonse process is:

A

The phases of incident repsonse, incluiding preparation identification containment, eradication, recovert and lessons learned.

203
Q

Incremental backup is:

A

A type of backup that backs up all the data that has changed since the last full incremental backup.

204
Q

Injection Attack is:

A

An attack that injects code or commands. Common injection attacks are DLL injection commant injection, and SQL Injection attacks.

205
Q

Explain inline:

A

A configuration that forces traffic to pass through a device. A NIPS is placed inline, allowing it to prevent malicious traffic from entering a network. Sometimes called in band. Compare with out-of-band.

206
Q

What is input validation

A

A programing process that verifies data is valid before using it.

207
Q

What is an Insider?

A

An attacker who launches attacks from within an organization, typically as an employee

208
Q

What is Integer Overflow:

A

An application attack that attempts to use or create a numeric value that is so big for an application to handle. Input handling and error handling thwart the attack.

209
Q

Define Integrity:

A

One of the three main foals of information security known as the CIA security triad. Integrity provides assurance that data or system configurations have not been modified. Audit logs and hashing are two mthods used to snsure intefiryt. Compare with availability and confidentiality.

210
Q

What is Intranet:

A

An internal network. Poeple use an intranet to communicate and share content with each other.

211
Q

Define IoT:

A

Internet of Things. The network of physical devices connected to the internet. It typically refers to smart devices with an IP adress, such as a wearable technology and home automation systems.

212
Q

What is IP:

A

A command-line tool used on Linux based systems to show and manupulate settings on network interface card (NIC). Developers replaced created this to replace ifconfig.

213
Q

What is IPCONFIG:

A

A command-line tool used on Windows Systems to show the configuration settings on a NIC.

214
Q

Define IPSec:

A

Internet Protocol Security, A suite of protocols used to encrypt data-in-transit that can operate in both tunnel mode and transport mode. It uses tunnel mode and Transport mode in private networks.

215
Q

IP Spoofing is:

A

An attack that changes the source IP Address.

216
Q

What are Iris Scanners?

A

Biometric Systems that scan the iris of an eye for authentication.

217
Q

What is an ISA?

A

interconnection security agreement. An agreement that specifies thecnical and security requirements for connections between two or more entities. Compare with MOU/MOA.

218
Q

IV is:

A

A wireless attack that attempts to discover the Initialization Vector Legacy security protocols are susceptible to IV Attacks.

219
Q

Define Jailbreaking:

A

The process of modifying an Apple movile device to remove software restrictions. It allows a user to install software from any third party source. Comparable to “rooting”.

220
Q

What is jamming?

A

A DoS attack agains wireless networks. It transmits noise onthe same frequency used by a wireless network.

221
Q

Explain job rotation:

A

A process that ensures employees rotate through different jobs to learn the process and procedures in each job. It can sometimes detect fraudulent activity.

222
Q

What is KDC?

A

Key-Distribution Center. Also known as a TFT Server. Part of the Kerberos protocol used for network authentication. The KDC issues a timestamped tickets that expire.

223
Q

What is Kerberos?

A

A network authentication mechanism used with WindowsActiv Directory domains and some Unix enviromentmts known as “realms”. It uses a KDC to issue tickets.

224
Q

What is kernel

A

The central par of the operating system. In container virtualization, guests share the kernel

225
Q

What is a Keylogger?

A

Software of ardware used to capture a user’s keystrokes. Keystrokes are stored in a file and can be manually retrieved or automatically sent to an attacker.

226
Q

What is keystretching?

A

A technique used to incerase the strength of stored passwords. It adds additional bits (called salts) and can help thwart brute force and rainbow table attacks.

227
Q

What is Known Plaintext?

A

A cryptographic attack that decrypts encrypted data. In this attack, the attacker knows the plaintext used to create ciphertext.

228
Q

What is labeling?

A

The process of ensuring data tagged clearly so that users know its classification. Lables can be physical labels, such as on backup tapes, or digital labels embedded in files.

229
Q

LDAP is:

A

Lightweight Directory Access Protocol, a protocol used to communicate with directoroes as Microsoft Active Directory. It identifies objects with query strings using codes such as CN=Users and DC=TestDomain.

230
Q

LDAPS

A

Lightweight Directory Access Protocol Secure. A protocol used to encrypt LDAP traffic with TLS.

231
Q

What is least functionality?

A

A core principle of secure systems design. Systems should be deplyed with only the applications, services and protocols needed to meet their purpose.

232
Q

What is least privilege?

A

A security principle that specifies that individuals and process are granted only the rights and permissions needed to perfom assigned the tasks or functions, but not more.

233
Q

What is a Legal Hold?

A

A cour order to maintain data for evidence.

234
Q

What is the Likelihood of Occurance?

A

The probability that something will occur. It is used with imacpt in a qualitative risk assessment. Compare with Impact.

235
Q

What is a Load Balancer:

A

A hardware or software that balances the load between two or more servers. Scheduling methods include soruce address IP affinity and round-robin.

236
Q

What are location-based policies?

A

Policies that prvent users from logging on from certain locations, or require that they log on only from specific locations.

237
Q

What is a logic bomb?

A

A type of malware that executes in response to an event. The event might be a specific date or time, or user action such as when

238
Q

What is loop prevention?

A

A method of preventing switching loop or bridge lopp problems. Both stp and rstp prevent switching loops.

239
Q

What is MAC (Mandatory Access Control)?

A

Mandatory Access Control. An access control model that uses sensitivty lables assigned to objects. and subjects MAC restrics access based on a need to know.

240
Q

MAC (Media Access Control) is:

A

A 48-bit address used to identify network interface cards. It is also called a hardware address or a physical address.

241
Q

What is MAC Filtering?

A

A form of network access control to allow or block acces based on the MAC address. It is configured on siwtches for port security or on APs for wireless security

242
Q

MAC Spoofing is:

A

An attack that changes soruce MAC Address.

243
Q

What is a Mail Gateway?

A

A server that examines and processes all incoming and outgoing email. It typically incldes a spam filter and DLP capabilities. Some gateways also provide encryption services.

244
Q

What is malware?

A

Malicious software. It includes a wide range of software that has malicious intent, such as viruses worms, ransomware, rootkits logic bombs and more.

245
Q

What is a mandatory vacation?

A

A policy that forces emplyees to take vacation The goal is to deter malicious activity, such as a fraud and embezzelment and detect malicious activity whrn it occurs.

246
Q

What is a man-in-the-browser?

A

An attack that ionfects vulnerable web brosers. Ir can allow the to capture session data including keystrokes.

247
Q

Man-in-the-middle (MITM) is?

A

An attack using active interception or eavesdropping. It uses a third computer to capture browser session data, incldugin keystrokes.

248
Q

What is a Mantrap?

A

A physical secyrity mechanism designed to control access to a secure area, a Mantrap prevents tailgating.

249
Q

Define MD5:

A

Message Digest version 5, A haching function used to provide integrity. MD5 creates a 128-bit hashes, which are also referred to as MD5 checksums. Experts consider MD5 cracked.

250
Q

Mobile Device Management is

A

A group of application and/or technologies used to manage devices. MDM tools can monitor mobile devices and ensure they are in complience with security policies.

251
Q

What is a memory leak?

A

An application flaw that consumes memory without releasing it.

252
Q

MFD is?

A

Multufuntion devices. Any device that performs multiple funtions. As an example, many printers are MFds because they can print, scan and copy documents. Many also include faxing capabilities.

253
Q

What is MMS?

A

Multimedia Messaging Service. A method used to send text messages. It is an extension of SMS and supports sending multimedia content.

254
Q

What is a MOA/MOU?

A

Memorandum of understanding of memorandum of agreement. A type of adreement that defines responsabilities of each party. Compare with ISA.

255
Q

Define MS-CHAPv2:

A

Microsoft Challenge Handshake Authentication Protocol version 2. Microsoft implementation of CHAP. MS-CHAPv2 provides mutual authentication. Compare with CHAP and PAP.

256
Q

What is MTBF?

A

Mean Time between failures. A metric that provides a measrue of a system’s reliability an is usually represented in hours. The MTBF identifies the average time between failures.

257
Q

What is MTTR?

A

Mean Time to Recover. A metric that identifies the average time it takes to restore a failed system. Organizations that have maintenance contracts often specify the MTTR as part of the contract.

258
Q

Multifactor Authentication is:

A

A type of authentication that uses methods from more that one factor of authentication.

259
Q

What is NAC?

A

Network Access Control A system that inspects clients to ensure they are healthy. Agents inspect clients and agents cna be permanent or dissolvable (also known as agentless).

260
Q

What is NAT?

A

Network Address Translation, A service that translates public IP addresses to private IP addresses and private IP addresses to public IP Addresses.

261
Q

What is an NDA?

A

Non-Disclosure Agreement, an agreement that is designed to prohibit personnel from sharing propietary data. It can be used with eomplyees within the organization and with other organizations.

262
Q

What is NETCAT?

A

A command-line tool used to connect to remote systems.

263
Q

Define netstat:

A

A command-line tool used to show network statistics on a system.

264
Q

What is network mapping?

A

A process used to discover devices on a network, including how they are connected.

265
Q

Explain what a Network Scanner is:

A

A tool used to discover on a network, including their IP Addresses, their operating system, along with services and protocols running on the devices.

266
Q

NFC Attack is:

A

An attack against mobile devices that use near field communication (NFC). NFC is a gorup of standards that allow mobile devices to communicate with nearby mobile devices.

267
Q

NIDS is:

A

A network based instursion detection system. A device that detects attacks and raises alerts. A NIDS is installed on network devices, such as routers or firewalls, and monitors network traffic.

268
Q

What is NIPS?

A

A network based intrusion prevention system. A device that detects and stops attacks in progress. A NIPS is placed inline (also called in-nad) with traffic that it can actively monitor data streams.

269
Q

What is NIST?

A

National Institute of Standards and Technology. NIST is a part of the US. Department of Commenrce, and it includes an information Technology Laboratory. The ITL publishes special publicaitions related to security that are freely availaible to anyone.

270
Q

What is NMAP?

A

A command-line tool used to scan networks. It is a type of network scanner.

271
Q

Explain NONCE:

A

A number used once. Cyrptography elements frequently use a nonce to add randomness.

272
Q

What is non-persistence?

A

A method used in virtual desktops where changes made by a user are not saved. Most (or all) users have the same desktop. Whe users log-off the destop revers to its original state.

273
Q

Non-Repudiation is:

A

The ability to prevent a party from denying an action. Digital Signatures and access logs provide non repudiation.

274
Q

What is normalization?

A

The process of organizing and columns in a database. Normalization reduces redundant data and improves overall database performance.

275
Q

What is nslookup?

A

A command-line tool used to test DNS on Microsoft Systems. Compare with dig.

276
Q

What is a NTLM?

A

New Technology LAN Manager. A suite of protocols that provide confidentiality, integrity and authentication within Windows Systems. Versions include NTLM, NTLMv2, and NTLM2 Session.

277
Q

What is OAuth?

A

An open source standard used for authorization with internet-based single sign-on solutions.

278
Q

Define Obfuscation:

A

An attempt to make something unclear or difficult to understand. Steganography methods use obfuscation to hide data within data.

279
Q

What is OCSP?

A

Online Certificate Status Protocol, an alternative to using a CRL, it allows entities to query a CA with the serial number of certificate. The CA answers with good, revoked, or unknown.

280
Q

What is onboarding?

A

The process of granting individuals access to an organizations computing resources after being hired. It typically includes giving the employee a user account with appropriate permissions.

281
Q

What is open?

A

A wireless mode that doesnt use security. Compare with enterprise and PSK modes.

282
Q

What is OpenID Connect?

A

An open source standard used for identification on the internet. It is typically used with OAth and it allows clients to verify the identity of end users without managing their credentials.

283
Q

Open Source intelligence is:

A

A method of gathering data using public sources such as social media sites and news outlets.

284
Q

What is order of volatility?

A

A term that refers to the order in which you should collect evidence. For example data in memory is more volatile than data on a disk drive. So it should be collected first.

285
Q

What is out-of-band?

A

A configuration that allows a device to cllect traffic without the traffic passing through it. Sometimes called passive, compare with inline.

286
Q

What is P7B?

A

PKCS#7. A common format for PKI certificates. They are DER-Based (ASCII) and commonly used to share public keys.

287
Q

What is P12?

A

PKCS #12 A common format for PKI certificates. They are CER-Based (binary) and often hold certificates with the private key. They are commonly encrypted.

288
Q

Define PaaS:

A

Platform as a Service. A cloud computing model that provides cloud customers with a preconfigured computing platform they can use as needed. Compare with IaaS and SaaS.

289
Q

PAP is:

A

Password Authentication Protocol. An older authentication protocol where passwords or PINs are sent accreoss the network in cleartext. Compare with CHAP and MS-CHAPv2

290
Q

Passive Recoinnassance is:

A

A penetration testing method used to collect information. It typically uses open source intelligence. Compare with active recoinnassance.

291
Q

What is pass the hash?

A

A password attack that captures and uses the hash of a password. It attempts to log on as the user with the hash and is commonly associated with the Microsoft NTLM protocol.

292
Q

What is a password cracker?

A

A tool used to discover passwords.

293
Q

What is patch management?

A

The process used to keep systems up to date with current patches. It typically includes evaluating and testing patches before deploying them.

294
Q

PBKDF2 is:

A

A password based Key Derivation Function 2. A key stretching techinque that adds addionationl bits to a password as a salt. It helps prevent brue force and rainbow tables attack.

295
Q

What is PEAP?

A

Protected Enhanced Mail. A common format for PKI certificates. It can use either CER (ASCII) or DER(Binary) formats and can be used for almost any type of certificates.

296
Q

What is perfect forward secrecy?

A

A charactieristic of encryption keys ensuring that keys are random. Perfect forward secrecy methods do not use determinist algorythms.

297
Q

What is a Permanent Agent?

A

A NAC agent that is installed on a client. It checks the client with dissolvable agent.

298
Q

What is permission auditing review?

A

An audit that analyzes user privileges. It identifies privileges rights and permissions granted to users, and compares them agains what the user needs.

299
Q

What is PFX?

A

Personal Information Exchange. A common format for PKI certificates. It is the predecessor to P12 certificates.

300
Q

Define PHI:

A

Personal Health information. PII that includes health information.

301
Q

What is Phishing?

A

The practice of sending email to users with the purpose of tricking them into revealing personal infromation or clicking on a link.

302
Q

Physical controls are?

A

Security controls that you can physically touch.

303
Q

Define PII:

A

Personal Identifiable Information. Information about individuals that can be used to trace a persons identity, such as a full name, birth date biometric data and more.

304
Q

What is Ping?

A

A command-line tool used to test connectivity with remote systems.

305
Q

What is pinning?

A

A security mechanism used by some web sites to prvent web site imperonation. Web sites procide clients with a list of public key hashes. Clients store the list and use it to validate the web site.

306
Q

Define PIV:

A

Personal identity verification card. A apecialized type of smart card used by US federal agencies. It includes photo identification and provides confidentiality integrity, authentication and non repudiation.

307
Q

What is pivot?

A

Pivot is one of the steps in penetration testing. After escaliting privileges, the tester uses additional tools to gain additional information on the exploited computer or on the network.

308
Q

Describe plaitext:

A

Text displayed in a readable format. Encryption converts plaintext to ciphertext.

309
Q

What is a pointer dereference?

A

A programming practice that uses a pointer to refrence a memory area. A failed derefenrece operation can corrupt memory and sometimes even cause an application to crash.

310
Q

What is POP3?

A

Post Office Porotocoll version 3. A protocol used to transfer email from mail servers to clients.

311
Q

What is port mirror?

A

A monitoring port on a switch. All traffic going through the switch it also sent to the port mirror.

312
Q

What are preventive control?

A

Security controls that attempt to prevent a security incident from occuring.

313
Q

What is a Privacy Impact Assessment?

A

An assessment used to identify and reduce risks related to potential loss of PII. Compare with privacy threshold assessment.

314
Q

What is Privacy Threshold Assessment?

A

An assessment used to help identify is a system is processing PII. Compare with Privacy Impact Assessment.

315
Q

What is private data?

A

Information about an individual that shoyld remain private. Personally Identifiable Information and Personal Health Information are two examples.

316
Q

What is a Private key?

A

A part of a matched key pair used in assysmetric encryption. The priavte key always stays private.

317
Q

What is privilege escalation?

A

The process of gianing elevated rights and permissions. Malware typically uses a variety of techniques to gain elevated privileges.

318
Q

Privileged Account is:

A

An account with elevated privileges. Such as an administrator account.

319
Q

What is propietary Data?

A

Data that is related to ownershop. Common examples are information realted to parents of trade secrets.