Glossary Flashcards
Be able to define all terms associated with CompTIA Sec+
Define 3DES
Digital Encryption Standard version 3 is a type of Symetric encryption algorythm use to encrypt data at block ciphers of 64-bit, also provides confidentiality
What is AAA?
Authorization, Authentication, Accounting
Authentication verifies identity.
Authorization verifies accesibility to asstets.
Accounting tracks user access with logs.
What is ABAC?
Attribute-based access control, An access control model based on attributes of its subjects and objects.
Define AUP?
Accessible Use Policy defines proper system usage and rules of behavior for employees within an organization. This can include the purpose of system or a network, how users interact with them and the responsabilities of the users when accessing a system.
What are Access Points?
A device that provides an extension of WiFi signal or generates a WiFi signal. Sometimes called WAP (Wireless Access Point)
Define Accounting
The process of tracking the activity of users and recording this activity in logs, by the use of audit logs that create an audit trail.
What are Access Control Lists?
List of rules used by routers and stateless firewalls. These devices use the ACL to control traffic based on networks, subnets, IP addresses, ports and some protocols.
What is Active Reconnaissance?
Penetration Testing method used to collect information. It sends data into systems and analyzes responds to gain information on the target.
Define Ad Hoc
A connection used by wireless devices without an AP. When wireless devices connect through an AP, they are using infrastructure mode.
Whate are Administrative Controls?
Security controls implemented via administrative or management methods.
Define AES
Advanced Encryption Standard, a strong Symmetric block cipher that encrypts data in 128 bit block. AES can use key sizes 128, 192, 256.
Affinity is?
A scheduling method used with load balancers. It uses the client’s IP address to ensure client is redirected to the same server during a session.
Aggregation Switch is?
A switch used to connect multiple switches together into a network. Switches connect to the aggregation switch and it connects to a router.
What is Agile?
A software development life cycle model that focuses on interaction between, customers, developers and testers.
Define AH
Authentication Header. An option within IPSec to provide authentication and integrity.
What is airgap?
A physicical security control that provides physical isolation. Systems seperated by an airgap dont typically have any physical connections to other systems.
What is ALE?
Annual loss expectancy. The expected loss for a year. It is used to measure risk with ARO (Annual Rate of Occurance) and SLE (Single Loss Expectancy) in a quantitative risk assessment. The equation goes:
SLE x ARO = ALE
Amplification Attack is?
An attack that increases the amount of bandwidth sent to a victim.
Anomaly is?
Type of monitoring on intrusion detection and intrusion prevention systems. It detects attacks by comparing operations against baseline. It is also known as heuristic detection.
Define ANT
Propietary wireless protocol used by some mobile devices. It is not an acronym.
What is Antispoofing
A method used on some routers to protect against spoofing attacks. A common configuration is to implement specific rules to block certain traffic.
Antivirus is?
Software that protects systems from malware.
Define Application Blacklist
A list of applications that a system blocks. Users are unable to install or run any applications on the list.
what is Application cell ?
Also known as application container. A virtualization technology that runs services or applications within isolated application cells or container. Each container shares the kernel of the host.
Application Whitelist is:
A list of applications that a system allows. Users are only able to install or run applications on the list.
APT is
Advanced Persistent Threat. A group that has both capability and intent to launch sophisticated and targeted attacks.
Define ARO
Annual Rate of Occurence. The number of times a loss is expected to occur in a year. It is used to measure risk with ALE and SLE in a quantitative risk assessment.
SLE x ARO = ALE
What is arp?
A command-lline tool used to show and manipulate the address resolution protocol.
Define ARP poisoning
An attack that misleads systems about the actual MAC address of a system.
What is Asset Value?
An element of a risk assessment. It identifies the value of an asset and can include any product, system, resource, or process. The value can be a specific monetary value or a subjective value.
Assymetric Encryption is?
A type of encryption using two keys to encrypt and decrypt data. It uses a public key and a private key.
Audit trail is?
A record of events recorded in one or more logs. When security professionals have access to all the logs, they can recreate the events that occured leading up to a security incident.
What is authentication?
The process that occurs when a user proves an identity, such as with a password.
Define Availaibility
One of the three main goals of information security known as the CIA security triad. Availaibility ensures that systems and data are up and operational when needed.
Explain the term backdoor
An alternate method of accessing a system. Malware often adds a backdoor into a system it infects it.
What is a background check
A check into a person’s history, typically to determine eligibility for a job.
Banner grabbing is:
A method used t_o gain information about a remote system_. If identifies the operating system and other details on the remote system.
Bycrypt is
A key stretching algorithm. It is used to protect passwords. Bycrypt salts passwords with additional bits before encrypting them with Blowfish. This thwarts rainbow tables attacks.
BIOS is:
Basic Input/Output System. A computer’s firmware used to manupulate different settings such as the date and time, boot drive and access passwords. UEFI is the designated replacement for BIOS.
What is birthday?
A password attack named after the birthday paradox, in probability theory. The paradox states that for any random group of 23 people, there is a 50% chance that 2 of them have the same birthday.
Define Black Box Test:
A type of penetration test. Testers have zero knowledge of the environment prior to starting the test.
Block Cipher is:
An encryption method that encrypts data in fixed size blocks.
Define Blowfish:
A strong symmetric Encryption method. It encrypts data in 64-bit blocks and supports key sizes between 32 bits and 448 bits.
Bluejacking is:
An attack agains Bluetooth devices. It is a practice of sending unsolicited messages to nearby Bluetooth devices.
What is Bluesnarfing:
An attack against Bluetooth devices. Attackers gain unauthorized access to Bluetooth devices and can access all the data on the device.
Bollards are?
Short vertical posts that act as a barricade. Bollards block vehicles, not people.
Bots
Software robots that function automatically. A botnet is a gorup of computers that are joined together. Attackers often use malware to join computers to a botnet, and then use the botnet to launch attacks.
BPA is:
Business Partner Agreement, A written agreement that details the relationship between business partners, including their obligations toward the partnership.
Bridge is
A network device used to connect multiple networks together. It can be used instead of a router.
Define Brute Force:
A password attack that attempts to guess a password. Online brute force attacks guess passwords of online systems. Offline attacks guess passwors contained in a file or database.
Buffer Overflow is:
An error that occurs when an application receives more input, or different than it expects. It exposes system memory that is normally inaccessible.
Define BIA:
Business Impact Analysis is a process by which an organization identfies critical systems and components that are esential to the ornganization’s success.
What is BYOD?
Bring Your Own Device, A mobile device deployment model. Employees can connect their personally owned device to the network.
CA is
Certificate Authority an organization that manages, issues and signs certificates. A CA is a main element of PKI.
Define CAC
Common Access Card. A specialized type of smart card used by the US dept. of Defense. It includes photo identification and provides confidentiality, integrity, authentication and non-repudiation.
Captive Portal is
A technical solution that forces wireless clients using web browsers to complete a process before accessing a network. It is often used to ensure users afree to an acccestable use policy or pay for accessn.
What is Carrier Unlocking
A process of unlicking a mobile phone from specific cellular provider.
Define CBC:
Cipher Block Chaining. A mode of operation used for encryption that effectively converts a block cipher into a stream cipher. It uses a IV for the first block and each subsequent block is combined with the previous block.
Define CCMP
Counter Mode w/ Cipher Block Chaining Message Protocol. An encryption protocol based on AES and used with WPA-2 for wire;ess security.It is more secure than TKIP was used with the original release of WPA.
What is CER
Canonical Encoding Rules, a base format for PKI. They are binary encoded files.
Define certificate
A digital file used for encryption, authetntication, digital signatures and more. Public certificates include a public key use dfor asymmetric encryption.
What is certificate chaining?
A process that combines ll certificates within a trust model. It includes all the certificates in the tust chain from the root ca down to the certificate issued to the end user.
What is a chain of custody?
A process that provides assurance that evidence has been controlles and handled properly after collection. Forensic experts establish a chain of custody when they first collecte evidence.
change management is:
The process used to prevent unauthorized changes. Unauthorized chanes often result in unintended outages.
Define CHAP
Challenge Handshake Authentication Protocol. An Authentication mechanism where server challenges a client.
chroot is:
A linux command used to change the root directory. It is often used for sandboxing.
Define ciphertext
The result of encryptiing plaintext. Ciphertext is no in an easily readable format unitl decrypted.
What is clean desk policy?
A security policy requiring employees to keep thheir areas orazined and free of papers. The goal is to reduce threats of security incidents by prtecting sesitive data.
What is clickjacking?
An attack that tricks users into clicking something other than what they think they’re clicking.
Cloud Access Security Broker (CASB)?
A software toool or service that enforces cloud-based security requirements. It is placed between the organization’s resources and the cloud, monitors all network traffic and can enforce security policies.
What is Cloud deployement model:
Cloud model types that identify who has access to cloud resources.
Code signing is:
The process of assigning a certificate to code. The certificate includes a digital signature and validetes the code.
What is a Cold Site?
An alternate location for operations. A cold site will have power and connectivity needed for activation and validates the code.
What is collision?
A hash vulnerability, that can be used to discover passwords. A hash collision occurs when two different passwords create the same hash.
What are compensating controls?
Security controls that are alternative controls used when a primary security control is no feasible.
Compiled code is:
Code that has been optimized by an application and converted into an executed file. Compare with runtime code.
What is confidential data:
Data meant to be kept secret among a certain group of people. As an example, salary data is meant to be kept secret and not shared with everyone within a company.
Define Confidendiality
One of the three main goals of information security known as the CIA security triad. Confidentiality ensures that unauthorized entities cannot aces data. Ecryption and access controls help protect against the loss of confidentiality.
Configuration compliance scanner is:
A type of vulnerability scanner that verifies systems are configured correctly. It will often use a file that identifies the proper configuration for systems.
Confusion is
A cryptography concept that indicates ciphertext is significantly different than plaintext.
Containerization is:
A method used to isolate applications in mobile devices. It isolates and protects the application, onclding any data used by the application.
Context-aware-authentication is:
An authentication method using multiple elements to authenticate a user and a mobile device. It can include an identity, geolocation, the device type and more.
Continuity of operations planning
The planning process that identifies an alternate location for operations after a critical outage. It can include a hot site, cold site, or a warm site.
Control diversity is:
The use of different security control types, such as technical controls administrative controls, and pshysical controls.
Define Controller-based AP:
An AP that is managed by a controller. Also called a thin AP.
COPE
Corporate Owned, Personally Enabled. A mobile device deployment model. The organization purchases and issues devices to employees.
What are corrective controls?
Security controls that attempt to reverse the impact of a security incident.
What is Cross-Over Error Rate?
The point where the false acceptance rate crosses over with the false rejection rate. A lower CER indicates to an employee more a more accurate biometric system.
CRL is:
Certificate Revocation List. A list of certificates that a CA has revoked Certificates are commonly revoked if they are compromised, or issued to an employee who has left the organization.
Define XSRF:
Cross-site Request Forgery is a web application attack. XSRF attack tick users into peforming actions on websites, such as making purchases.
Define XSS
A web application vulnerability. Attackers embed malicious HTML or AjavaScript code into a web site’s code which executes when the user vists the site.
What is cypto-malware:
A type of ransomware that encypts the user’s data.
What is crypto module?
A set of hardware, software, and/or firmware that implements cryptographic functions.
What is Crypto Service Provider?
A software library of cryptographic standards and algorithms. These libraries are typically distributed within crypto modules.
Define CSR:
Certificate Signining Request. A method of requesting a certificate from a CA. It starts by creating an RSA-Based private/public key pair and then including the public key in the CSR.
Define CTM:
Counter Mode. A mode of operation used for encryption that combines an IV with a counter. The combined result is used to encrypt blocks.
Custom firmware:
Mobile device firmware other than the firmware provided wiht the device. People sometimes use custom firmware to root Android devices.
Cyber-incident response team is:
A group of experts who respond to seucrity incidents. also known as CIRT.
Define CYOD:
Choose Your Own Device. A mobile device deployment model. Employees can connect personally owned device to the network as long as the device is on a prepaproved list.
DAC is:
Discretionary Access Control. An access control model where all objects have owners and owners can modify permissions for the objects (file and folres). Microsoft NTFS uses teh DAC model.
Data at rest is:
Any data stores on media. Its common to encrypt sinsitve data at rest.
Define DEP:
A security feature that prevents code from executing in memory reguins marked as nonexecutable. It helps block malware.
What is Data exfiltration?
The unauthorized transfer of data outside an organization.
Data retention policy is:
A security policy specifying how long data should be kept retained.
Data sovereignity is:
A term that referes to the legal implications of data sotred in different countries. It is primarily a concern related to backups sotred in alternate locations via the cloud.
DDos
Distributed Denial of Service Attack. An attack on a system launched from multiple sources intended to make computers resources or services unavailable to users. DDos attacks typically include sustained, abnormally high netork traffic. Compare with DoS.
What is Dead Code?
Code that is never executred or used. It is often caused by logic errors.
Defense in depth is:
The use of multiple layers of security to protect resources. Control diversity and vendor diverisyt are two methods organizations implement to provide defense in depth.
What is degaussing?
The process of removing data from magnetic media using a very powerful electronic magnet. Degaussing is somtimes used to remove data from backup tapes or to destroy hard disks.
Define DER
Distinguished Encoding Rules. A base format for PKI certificates. They are BASE 64 ASCII econded files. Compare with CER.
Define DES
Data Encryption Standard. A legacy symmetric encryption standards used to provide confidentiality. IT hgas been compromised and AES or DES should be used instead.
Detective controls
Security controls that attempt to detect secuiry incidents after they have occured.
What is a Dictionary?
A password attack that uses a file of words and character comninations. The attack tries every entry within the file when trying to guess a password.
What is a differential backup?
A type of back up that backs up all the data that has changed or is different since the last full backup.
Define DH:
Deffie-Hellmann, An asymmetric algorithm used to privetly share symmetric keys. DH Ephemeral (DHE) uses ephemeral keys, which are re-created for each session. Elliptic Curve - DHE (ECDHDE) uses elliptic curve cyprtography to generate ecryption keys.
What is difussion?
A cyrptography concept that ensures that small changes in plaintext result in significant changes in ciphertext.
What is dig?
A command-line tool used to dest DNS on Linux Systems.
Digital Signature is:
An encrypted hash of a message, encrypted with the sender’s private key. It provides authentication, non-repudiation and integrity.
Disablement Policy is:
A policy that identifies when administratods shoulddisable user accounts.
Disassociation Attacks are:
An attack that removes wireleess clients from wirtelss network.
What is a dissolvable agent:
A nac Agent that runs on a client, but deletees itslef later. It checks the clien for health. Compare with permanent agent.
DLL Injection is:
An attack that injects a Dynamic link library into memory and runs it. Attackers rewrite the DLL, inserting malicious code.
What is DLP:
Data Loss Prevention. A gorup of techonologies used to prevent data loss. They can block the use of USB devices, monitor outgoing email to detech and block unauthorized data transfers, and monitor data stores in the cloud.
What is DMZ?
Demilitrized Zone, A buffer zone between the internet and the internal network. Internet clients can access the services hosted on servers in the DMZ, but the DMZ provides a layer protection for the internal network.
Define DNS:
Domain Name System, a Aservice used to resolve host names to IP addresses. DNS zones inlcude records such as A records for IPv4 addresses and AAAA records for IPv6 addresses.
What is DNSSEC?
Domain Name System Security Extensions, A suite of extension to DNS used to protect the integrity of DNS records and prevent some DNS attacks.
DNS poisoning
An attack that modifies or corrupts DNS results. DNSSEC helps prevent DNS from the owner.