Glossary Flashcards

Question 1

Q

Define 3DES

Answer

A

Digital Encryption Standard version 3 is a type of Symetric encryption algorythm use to encrypt data at block ciphers of 64-bit, also provides confidentiality

Question 2

Q

What is AAA?

Answer

A

Authorization, Authentication, Accounting

Authentication verifies identity.

Authorization verifies accesibility to asstets.

Accounting tracks user access with logs.

Question 3

Q

What is ABAC?

Answer

A

Attribute-based access control, An access control model based on attributes of its subjects and objects.

Question 4

Q

Define AUP?

Answer

A

Accessible Use Policy defines proper system usage and rules of behavior for employees within an organization. This can include the purpose of system or a network, how users interact with them and the responsabilities of the users when accessing a system.

Question 5

Q

What are Access Points?

Answer

A

A device that provides an extension of WiFi signal or generates a WiFi signal. Sometimes called WAP (Wireless Access Point)

Question 6

Q

Define Accounting

Answer

A

The process of tracking the activity of users and recording this activity in logs, by the use of audit logs that create an audit trail.

Question 7

Q

What are Access Control Lists?

Answer

A

List of rules used by routers and stateless firewalls. These devices use the ACL to control traffic based on networks, subnets, IP addresses, ports and some protocols.

Question 8

Q

What is Active Reconnaissance?

Answer

A

Penetration Testing method used to collect information. It sends data into systems and analyzes responds to gain information on the target.

Question 9

Q

Define Ad Hoc

Answer

A

A connection used by wireless devices without an AP. When wireless devices connect through an AP, they are using infrastructure mode.

Question 10

Q

Whate are Administrative Controls?

Answer

A

Security controls implemented via administrative or management methods.

Question 11

Q

Define AES

Answer

A

Advanced Encryption Standard, a strong Symmetric block cipher that encrypts data in 128 bit block. AES can use key sizes 128, 192, 256.

Question 12

Q

Affinity is?

Answer

A

A scheduling method used with load balancers. It uses the client’s IP address to ensure client is redirected to the same server during a session.

Question 13

Q

Aggregation Switch is?

Answer

A

A switch used to connect multiple switches together into a network. Switches connect to the aggregation switch and it connects to a router.

Question 14

Q

What is Agile?

Answer

A

A software development life cycle model that focuses on interaction between, customers, developers and testers.

Question 15

Q

Define AH

Answer

A

Authentication Header. An option within IPSec to provide authentication and integrity.

Question 16

Q

What is airgap?

Answer

A

A physicical security control that provides physical isolation. Systems seperated by an airgap dont typically have any physical connections to other systems.

Question 17

Q

What is ALE?

Answer

A

Annual loss expectancy. The expected loss for a year. It is used to measure risk with ARO (Annual Rate of Occurance) and SLE (Single Loss Expectancy) in a quantitative risk assessment. The equation goes:

SLE x ARO = ALE

Question 18

Q

Amplification Attack is?

Answer

A

An attack that increases the amount of bandwidth sent to a victim.

Question 19

Q

Anomaly is?

Answer

A

Type of monitoring on intrusion detection and intrusion prevention systems. It detects attacks by comparing operations against baseline. It is also known as heuristic detection.

Question 20

Q

Define ANT

Answer

A

Propietary wireless protocol used by some mobile devices. It is not an acronym.

Question 21

Q

What is Antispoofing

Answer

A

A method used on some routers to protect against spoofing attacks. A common configuration is to implement specific rules to block certain traffic.

Question 22

Q

Antivirus is?

Answer

A

Software that protects systems from malware.

Question 23

Q

Define Application Blacklist

Answer

A

A list of applications that a system blocks. Users are unable to install or run any applications on the list.

Question 24

Q

what is Application cell ?

Answer

A

Also known as application container. A virtualization technology that runs services or applications within isolated application cells or container. Each container shares the kernel of the host.

Question 25

Q

Application Whitelist is:

Answer

A

A list of applications that a system allows. Users are only able to install or run applications on the list.

Question 26

Q

APT is

Answer

A

Advanced Persistent Threat. A group that has both capability and intent to launch sophisticated and targeted attacks.

Question 27

Q

Define ARO

Answer

A

Annual Rate of Occurence. The number of times a loss is expected to occur in a year. It is used to measure risk with ALE and SLE in a quantitative risk assessment.

SLE x ARO = ALE

Question 28

Q

What is arp?

Answer

A

A command-lline tool used to show and manipulate the address resolution protocol.

Question 29

Q

Define ARP poisoning

Answer

A

An attack that misleads systems about the actual MAC address of a system.

Question 30

Q

What is Asset Value?

Answer

A

An element of a risk assessment. It identifies the value of an asset and can include any product, system, resource, or process. The value can be a specific monetary value or a subjective value.

Question 31

Q

Assymetric Encryption is?

Answer

A

A type of encryption using two keys to encrypt and decrypt data. It uses a public key and a private key.

Question 32

Q

Audit trail is?

Answer

A

A record of events recorded in one or more logs. When security professionals have access to all the logs, they can recreate the events that occured leading up to a security incident.

Question 33

Q

What is authentication?

Answer

A

The process that occurs when a user proves an identity, such as with a password.

Question 34

Q

Define Availaibility

Answer

A

One of the three main goals of information security known as the CIA security triad. Availaibility ensures that systems and data are up and operational when needed.

Question 35

Q

Explain the term backdoor

Answer

A

An alternate method of accessing a system. Malware often adds a backdoor into a system it infects it.

Question 36

Q

What is a background check

Answer

A

A check into a person’s history, typically to determine eligibility for a job.

Question 37

Q

Banner grabbing is:

Answer

A

A method used t_o gain information about a remote system_. If identifies the operating system and other details on the remote system.

Question 38

Q

Bycrypt is

Answer

A

A key stretching algorithm. It is used to protect passwords. Bycrypt salts passwords with additional bits before encrypting them with Blowfish. This thwarts rainbow tables attacks.

Question 39

Q

BIOS is:

Answer

A

Basic Input/Output System. A computer’s firmware used to manupulate different settings such as the date and time, boot drive and access passwords. UEFI is the designated replacement for BIOS.

Question 40

Q

What is birthday?

Answer

A

A password attack named after the birthday paradox, in probability theory. The paradox states that for any random group of 23 people, there is a 50% chance that 2 of them have the same birthday.

Question 41

Q

Define Black Box Test:

Answer

A

A type of penetration test. Testers have zero knowledge of the environment prior to starting the test.

Question 42

Q

Block Cipher is:

Answer

A

An encryption method that encrypts data in fixed size blocks.

Question 43

Q

Define Blowfish:

Answer

A

A strong symmetric Encryption method. It encrypts data in 64-bit blocks and supports key sizes between 32 bits and 448 bits.

Question 44

Q

Bluejacking is:

Answer

A

An attack agains Bluetooth devices. It is a practice of sending unsolicited messages to nearby Bluetooth devices.

Question 45

Q

What is Bluesnarfing:

Answer

A

An attack against Bluetooth devices. Attackers gain unauthorized access to Bluetooth devices and can access all the data on the device.

Question 46

Q

Bollards are?

Answer

A

Short vertical posts that act as a barricade. Bollards block vehicles, not people.

Question 47

Q

Bots

Answer

A

Software robots that function automatically. A botnet is a gorup of computers that are joined together. Attackers often use malware to join computers to a botnet, and then use the botnet to launch attacks.

Question 48

Q

BPA is:

Answer

A

Business Partner Agreement, A written agreement that details the relationship between business partners, including their obligations toward the partnership.

Question 49

Q

Bridge is

Answer

A

A network device used to connect multiple networks together. It can be used instead of a router.

Question 50

Q

Define Brute Force:

Answer

A

A password attack that attempts to guess a password. Online brute force attacks guess passwords of online systems. Offline attacks guess passwors contained in a file or database.

Question 51

Q

Buffer Overflow is:

Answer

A

An error that occurs when an application receives more input, or different than it expects. It exposes system memory that is normally inaccessible.

Question 52

Q

Define BIA:

Answer

A

Business Impact Analysis is a process by which an organization identfies critical systems and components that are esential to the ornganization’s success.

Question 53

Q

What is BYOD?

Answer

A

Bring Your Own Device, A mobile device deployment model. Employees can connect their personally owned device to the network.

Question 54

Q

CA is

Answer

A

Certificate Authority an organization that manages, issues and signs certificates. A CA is a main element of PKI.

Question 55

Q

Define CAC

Answer

A

Common Access Card. A specialized type of smart card used by the US dept. of Defense. It includes photo identification and provides confidentiality, integrity, authentication and non-repudiation.

Question 56

Q

Captive Portal is

Answer

A

A technical solution that forces wireless clients using web browsers to complete a process before accessing a network. It is often used to ensure users afree to an acccestable use policy or pay for accessn.

Question 57

Q

What is Carrier Unlocking

Answer

A

A process of unlicking a mobile phone from specific cellular provider.

Question 58

Q

Define CBC:

Answer

A

Cipher Block Chaining. A mode of operation used for encryption that effectively converts a block cipher into a stream cipher. It uses a IV for the first block and each subsequent block is combined with the previous block.

Question 59

Q

Define CCMP

Answer

A

Counter Mode w/ Cipher Block Chaining Message Protocol. An encryption protocol based on AES and used with WPA-2 for wire;ess security.It is more secure than TKIP was used with the original release of WPA.

Question 60

Q

What is CER

Answer

A

Canonical Encoding Rules, a base format for PKI. They are binary encoded files.

Question 61

Q

Define certificate

Answer

A

A digital file used for encryption, authetntication, digital signatures and more. Public certificates include a public key use dfor asymmetric encryption.

Question 62

Q

What is certificate chaining?

Answer

A

A process that combines ll certificates within a trust model. It includes all the certificates in the tust chain from the root ca down to the certificate issued to the end user.

Question 63

Q

What is a chain of custody?

Answer

A

A process that provides assurance that evidence has been controlles and handled properly after collection. Forensic experts establish a chain of custody when they first collecte evidence.

Question 64

Q

change management is:

Answer

A

The process used to prevent unauthorized changes. Unauthorized chanes often result in unintended outages.

Answer 65

A

Challenge Handshake Authentication Protocol. An Authentication mechanism where server challenges a client.

Answer 66

A

A linux command used to change the root directory. It is often used for sandboxing.

Answer 67

A

The result of encryptiing plaintext. Ciphertext is no in an easily readable format unitl decrypted.

Answer 68

A

A security policy requiring employees to keep thheir areas orazined and free of papers. The goal is to reduce threats of security incidents by prtecting sesitive data.

Answer 69

A

An attack that tricks users into clicking something other than what they think they’re clicking.

Answer 70

A

A software toool or service that enforces cloud-based security requirements. It is placed between the organization’s resources and the cloud, monitors all network traffic and can enforce security policies.

Answer 71

A

Cloud model types that identify who has access to cloud resources.

Answer 72

A

The process of assigning a certificate to code. The certificate includes a digital signature and validetes the code.

Answer 73

A

An alternate location for operations. A cold site will have power and connectivity needed for activation and validates the code.

Answer 74

A

A hash vulnerability, that can be used to discover passwords. A hash collision occurs when two different passwords create the same hash.

Answer 75

A

Security controls that are alternative controls used when a primary security control is no feasible.

Answer 76

A

Code that has been optimized by an application and converted into an executed file. Compare with runtime code.

Answer 77

A

Data meant to be kept secret among a certain group of people. As an example, salary data is meant to be kept secret and not shared with everyone within a company.

Answer 78

A

One of the three main goals of information security known as the CIA security triad. Confidentiality ensures that unauthorized entities cannot aces data. Ecryption and access controls help protect against the loss of confidentiality.

Answer 79

A

A type of vulnerability scanner that verifies systems are configured correctly. It will often use a file that identifies the proper configuration for systems.

Answer 80

A

A cryptography concept that indicates ciphertext is significantly different than plaintext.

Answer 81

A

A method used to isolate applications in mobile devices. It isolates and protects the application, onclding any data used by the application.

Answer 82

A

An authentication method using multiple elements to authenticate a user and a mobile device. It can include an identity, geolocation, the device type and more.

Answer 83

A

The planning process that identifies an alternate location for operations after a critical outage. It can include a hot site, cold site, or a warm site.

Answer 84

A

The use of different security control types, such as technical controls administrative controls, and pshysical controls.

Answer 85

A

An AP that is managed by a controller. Also called a thin AP.

Answer 86

A

Corporate Owned, Personally Enabled. A mobile device deployment model. The organization purchases and issues devices to employees.

Answer 87

A

Security controls that attempt to reverse the impact of a security incident.

Answer 88

A

The point where the false acceptance rate crosses over with the false rejection rate. A lower CER indicates to an employee more a more accurate biometric system.

Answer 89

A

Certificate Revocation List. A list of certificates that a CA has revoked Certificates are commonly revoked if they are compromised, or issued to an employee who has left the organization.

Answer 90

A

Cross-site Request Forgery is a web application attack. XSRF attack tick users into peforming actions on websites, such as making purchases.

Answer 91

A

A web application vulnerability. Attackers embed malicious HTML or AjavaScript code into a web site’s code which executes when the user vists the site.

Answer 92

A

A type of ransomware that encypts the user’s data.

Answer 93

A

A set of hardware, software, and/or firmware that implements cryptographic functions.

Answer 94

A

A software library of cryptographic standards and algorithms. These libraries are typically distributed within crypto modules.

Answer 95

A

Certificate Signining Request. A method of requesting a certificate from a CA. It starts by creating an RSA-Based private/public key pair and then including the public key in the CSR.

Answer 96

A

Counter Mode. A mode of operation used for encryption that combines an IV with a counter. The combined result is used to encrypt blocks.

Answer 97

A

Mobile device firmware other than the firmware provided wiht the device. People sometimes use custom firmware to root Android devices.

Answer 98

A

A group of experts who respond to seucrity incidents. also known as CIRT.

Answer 99

A

Choose Your Own Device. A mobile device deployment model. Employees can connect personally owned device to the network as long as the device is on a prepaproved list.

Answer 100

A

Discretionary Access Control. An access control model where all objects have owners and owners can modify permissions for the objects (file and folres). Microsoft NTFS uses teh DAC model.

Answer 101

A

Any data stores on media. Its common to encrypt sinsitve data at rest.

Answer 102

A

A security feature that prevents code from executing in memory reguins marked as nonexecutable. It helps block malware.

Answer 103

A

The unauthorized transfer of data outside an organization.

Answer 104

A

A security policy specifying how long data should be kept retained.

Answer 105

A

A term that referes to the legal implications of data sotred in different countries. It is primarily a concern related to backups sotred in alternate locations via the cloud.

Answer 106

A

Distributed Denial of Service Attack. An attack on a system launched from multiple sources intended to make computers resources or services unavailable to users. DDos attacks typically include sustained, abnormally high netork traffic. Compare with DoS.

Answer 107

A

Code that is never executred or used. It is often caused by logic errors.

Answer 108

A

The use of multiple layers of security to protect resources. Control diversity and vendor diverisyt are two methods organizations implement to provide defense in depth.

Answer 109

A

The process of removing data from magnetic media using a very powerful electronic magnet. Degaussing is somtimes used to remove data from backup tapes or to destroy hard disks.

Answer 110

A

Distinguished Encoding Rules. A base format for PKI certificates. They are BASE 64 ASCII econded files. Compare with CER.

Answer 111

A

Data Encryption Standard. A legacy symmetric encryption standards used to provide confidentiality. IT hgas been compromised and AES or DES should be used instead.

Answer 112

A

Security controls that attempt to detect secuiry incidents after they have occured.

Answer 113

A

A password attack that uses a file of words and character comninations. The attack tries every entry within the file when trying to guess a password.

Answer 114

A

A type of back up that backs up all the data that has changed or is different since the last full backup.

Answer 115

A

Deffie-Hellmann, An asymmetric algorithm used to privetly share symmetric keys. DH Ephemeral (DHE) uses ephemeral keys, which are re-created for each session. Elliptic Curve - DHE (ECDHDE) uses elliptic curve cyprtography to generate ecryption keys.

Answer 116

A

A cyrptography concept that ensures that small changes in plaintext result in significant changes in ciphertext.

Answer 117

A

A command-line tool used to dest DNS on Linux Systems.

Answer 118

A

An encrypted hash of a message, encrypted with the sender’s private key. It provides authentication, non-repudiation and integrity.

Answer 119

A

A policy that identifies when administratods shoulddisable user accounts.

Answer 120

A

An attack that removes wireleess clients from wirtelss network.

Answer 121

A

A nac Agent that runs on a client, but deletees itslef later. It checks the clien for health. Compare with permanent agent.

Answer 122

A

An attack that injects a Dynamic link library into memory and runs it. Attackers rewrite the DLL, inserting malicious code.

Answer 123

A

Data Loss Prevention. A gorup of techonologies used to prevent data loss. They can block the use of USB devices, monitor outgoing email to detech and block unauthorized data transfers, and monitor data stores in the cloud.

Answer 124

A

Demilitrized Zone, A buffer zone between the internet and the internal network. Internet clients can access the services hosted on servers in the DMZ, but the DMZ provides a layer protection for the internal network.

Answer 125

A

Domain Name System, a Aservice used to resolve host names to IP addresses. DNS zones inlcude records such as A records for IPv4 addresses and AAAA records for IPv6 addresses.

Answer 126

A

Domain Name System Security Extensions, A suite of extension to DNS used to protect the integrity of DNS records and prevent some DNS attacks.

Answer 127

A

An attack that modifies or corrupts DNS results. DNSSEC helps prevent DNS from the owner.

Answer 128

A

An attack that changes the registration of a domain name withough permission from the owner.

Answer 129

A

Denial of service. An attack from a single source that attempts to disrupt the services provided by the attacked system. Compare with DDoS.

Answer 130

A

Atype of attack that forces a system to downgrade its security. The attacker then exploits the lesser security control.

Answer 131

A

Digital Signature Algorithm. An encrypted hash of a message used for authentication, non-repudiation and integrity. The sender’s private key encrypts the hash of the message.

Answer 132

A

The practice of searching through trash looking to gain information from discarded documents. Shredding or burning papers helpsprevent the successe of dumspter diving.

Answer 133

A

Extensible Authentication Protocol. An authentication framework that provides general guidance for authentication methods. Variation include PEAP, EAP-TLS, EAP-TTLS, and EAP-FAST.

Answer 134

A

EAP-Flexible. Authentication via Secure Tunneling EAP-FAST. A cisco designed reaplcement for Lightweight EAP (LEAP). It supports certifiates, but they are optional.

Answer 135

A

Extensible Authentication Protocol-Transport Layer Security. An extension of EAP sometimes used witrh 802.1x. This is one of the most secure EAP standars and is widely implemented. It requires certificates on the 802/1x server and on the clients.

Answer 136

A

Extensible Autheitcation Protocol-Tunneled Transport Layer Security. An extension of EAP, sometimes used with 802.1x. It allows systems to use some older autheitcation methods such as PAP whthin TLS Tunnel. It requires a certificate on the 802.1x server but not on the clients.

Answer 137

A

Electronic CodeBook is a legacy mode ofoperation used for encryption. It is weak and should be depretacted.

Answer 138

A

Any device that has dedicated function and uses a computer system to perform that function. It includes a CPU, an operating system and one or more applications.

Answer 139

A

Electromagnetic Interference, which is caused by motors, powerlines and fluorescnt lights. EMI shielding prevents outside interference sources from corrupting data and prevents data from emanating outside the cable.

Answer 140

A

Electromagnetic pulse. A short burst of energy that can potentially damage electronic equipment. It can result from electrostatic discharge (ESD), lightning and military weapons.

Answer 141

A

A process that scrambles or ciphers data to make it unreadable. Encryption normally includes a public algorithm and a privete key. Compare with asymetcis and symmetric encyrption.

Answer 142

A

A wireless mode that uses an 802.1x server for seuciryt. It forces users to authenticate with a Username and password. Compare with open and PSK modles.

Answer 143

A

Encapsulating Security Payload, an operation within IPSec, to provide confidentiality, integrity, and autentication.

Answer 144

A

A type of rogue AP, an evil twin has the same SSID as a legitimate AP.

Answer 145

A

An interview conducted with departing employees, just before they leave an organization.

Answer 146

A

Tools used to store information about the security vulnerabiliteis. They are often used by penetraion testers (and attackers), to detecht and exploit software.

Answer 147

A

The part of an internal network shared with outside entities. Extranets are often used to provide access to authorized business partners cutomers, vendors or others.

Answer 148

A

A biometric method that identifies poeple based on facial features.

Answer 149

A

A security inicident that isn’t detected or reported. As an example, a NIDS false negativs occurs if an attack is active on the network but the NIDS does not raise the alert.

Answer 150

A

An alert on the event that isnt a secyruty indicent. An example, a NIDS false positive occurs if the NIDS raises an alert but activity on the network is normal.

Answer 151

A

False Acceptance Rate, also called the false match rate. A rate that identifies the percentage of ties a biometics authentication system incorrectly indicates a match.

Answer 152

A

A room or enclosure that prevents signals from emanting beyond the room or enclosure.

Answer 153

A

An AP that includes everything needed to connect wireless clients to a wireless network. Fat APs, must be configured independently. Sometimes called a stand-alone AP. Comapre with thin AP.

Answer 154

A

The capability of a system to suffer a fault, but continue to operate. Said another way, the system that can tolerate a the fault as if it never occured.

Answer 155

A

Full Disk Encyption, A method to encypt an entire disk. Compare SED

Answer 156

A

Two or more members of a federeated identity management system. Used for single sign-on.

Answer 157

A

Biometric system that can fingerprint for authentication

Answer 158

A

A software or network device used to filter traffic. Firewall can be application-based (running on a host), or a network-based device. Stateful firewalls filter traffic using rules within an ACL. Stateless firewalls filter traffic based on its state within a session.

Answer 159

A

Over-the-air updates for mobile device firmware that keep them up to date. These are typically downlodaded to the device from the internet and applied to update the device.

Answer 160

A

A methid of thwarting flood attacks. On swithces a flood guard thwarts MAC Flood attacks. On routers a flood guard preventes SYN flood attacks.

Answer 161

A

A structure used to provide a foundation. Cybersecyrity frameowrks typucalle yse a structure of basic comncepts and provide guidance to professionals on how to implement security.

Answer 162

A

False Rejection Rate, also called the false nonmatch rate. A rate that identifies the percentage of times a biometric authentication system incorrectly rejects a valid match.

Answer 163

A

File Transfer Protocol Secure. An extension of FTP that uses TLS to encrypt FTP traffic. Some implementations of FTPS use TCP ports 989, 990.

Answer 164

A

A type of backup that backs up all the selected data. A fill backup could be considered a Normal Backup.

Answer 165

A

An encrypted connection used with VPNs. When a user is connected to a VPN all traffic from the user us encrypted. Compate with Split tunnel.

Answer 166

A

Galois/Counter Mode A mode of operation used for encryption. It combines the Counter Mode (CTM), with hashing techniques for data authenticity and condifentiality.

Answer 167

A

A virtual fence or geographic boundary. It uses GPS to create the boundary. Apps can then respond when a mobile device is within a virutal fence.

Answer 168

A

The location of adevice identified by GPS. It can help locate a lost or stolen movile device.

Answer 169

A

Group Policy Object. A technology used withhin Microsoft Windows to amange users and computers. It is implemented on a domain controller wihin a domain.

Answer 170

A

Global Positioning System. A satellite-based navigation system that identifies the location oa device or vehicle. Mobile devices often incorporate GPS capabilities.

Answer 171

A

A process of adding geopgraphical data to files such as pictures. It typically includes latitude and longitude coordinates of the location where the picture was taken or the file was created.

Answer 172

A

A type of penetration test. Testers have some knowldge of the environment prior to starting the test.

Answer 173

A

A role-based access control method that uses groups as roles.

Answer 174

A

A pre-created account in Windows Systems. It is disabled by default.

Answer 175

A

An attacker who launches attacks as part of an activist movement or to further a cause.

Answer 176

A

A known secure starting point. TPMs have a private key bruned into the hardware that provides a hardware root of trust.

Answer 177

A

A number created by executing a hashing algorithm against data, such as a file or message Hashing is commmonly used for intefrity. Common hashing algorithms are MD5, SHA1, HMAC.

Answer 178

A

Also known as behavioral, A type of monitoring on intrusion detection and intrusion prevention systems. It detects attacks by comparing traffic against a baseline. It is also known as anomally detection.

Answer 179

A

Host-Based instrusion detection system. Software installed on a system to detech attacks. It protects local resources on the host. A host-based intrusion prevention system (HIPS) is an extension of a HIDS. It is software installed on a sustem to detech and block attacks.

Answer 180

A

A term that indicates a system or component remains available close to 100 of the time.

Answer 181

A

Hash-based Message Authentication Code, A hashing algorithm used to verify integrity, and authenticity of a message with the use of a shared secret. It is typically comabines with another hashing algorithm such as SHA.

Answer 182

A

A message often circulated through email, that tells of impending doom from a virus or other security threat that simply doesnt exist.

Answer 183

A

Smart devices used within the home that have IP Addresses. These are typically accessible via the internet and are part of the internet of things.

Answer 184

A

A server designed to attackt an attacker. It typically has weakened security encouraging attackers to investigate it.

Answer 185

A

A group of honeypots in a network. Honeynets are often configured in virtual networks.

Answer 186

A

A method commonly used in data centers to keep equipment cool. Cool air flows from the front of the cainets to the back, making the fron aisle cooler and the back aisle warmer.

Answer 187

A

HMAC Based OTP. An open standard used for creating OTP it combines a secret-key and a counter. and then uses HMAC to create a hash of the result.

Answer 188

A

An alternate location for operations. A hot site typically includes eveything needed to be operational within 60 minutes. Compare with cold site and warm site.

Answer 189

A

Hardware Security Module: A removable or external device that can generate, store and manage RSA keys used in asymmetric encryption. Compare with TPM.

Answer 190

A

Hypertext transfer Procotol Secure. A protocol use dto encrypt HTTP traffic. HTTPS encrypts traffic with TLS using port 443.

Answer 191

A

Heating ventilation and air conditioning. A physical security control that increases availibility by regulating airflow within data centers and server rooms.

Answer 192

A

Infrastructure as a Service: A cloud computing model that allows an organization to rent access to hardware in a self-managed platform. Compare with PaaS and SaaS.

Answer 193

A

Industrial Control System:. A system that controls large systems such as power plants or water treatment facilities. A SCADA system controls the ICS.

Answer 194

A

The processs that ocuurs when a user claims an identity, such as with a username.

Answer 195

A

Authentication protocol used in VPNs, wired and wireless networks. VPNs often implement it as a RADIUS server. Wired networks use it for port based authentication. Wirelesss netowrks use it in Enterprise Mode. It can be used with certificate-based authentication.

Answer 196

A

A command-line tool used on Linux systems to show and manipulate settings on a netowork interface card (NIC). Similiar to IPCONFIG used on Windows Systems.

Answer 197

A

Internet Message Access Protocol version 4. A protocol used to share and manage email on servers. IMAP4 uses TCP port 143. Secure IMAP4 uses TLS to encrypt traffic.

Answer 198

A

The magnitude of harm related to a risk. It is the negative result of an event such as the loss of condidentiality, integrity, or availaiblity of a system or data. Compare, with the likelyhod of occurance.

Answer 199

A

A rule in an ACL tha blocks all traffic that hasnt been explicitly allowed. The implicit deny rules is the last rule in an ACL.

Answer 200

A

The process of responding to a security incident. Organizations often create an incident response plan that outlines the procedures to be used when responding to an incident.

Answer 201

A

The proceudres documented in an incident response policy.

Answer 202

A

The phases of incident repsonse, incluiding preparation identification containment, eradication, recovert and lessons learned.

Answer 203

A

A type of backup that backs up all the data that has changed since the last full incremental backup.

Answer 204

A

An attack that injects code or commands. Common injection attacks are DLL injection commant injection, and SQL Injection attacks.

Answer 205

A

A configuration that forces traffic to pass through a device. A NIPS is placed inline, allowing it to prevent malicious traffic from entering a network. Sometimes called in band. Compare with out-of-band.

Answer 206

A

A programing process that verifies data is valid before using it.

Answer 207

A

An attacker who launches attacks from within an organization, typically as an employee

Answer 208

A

An application attack that attempts to use or create a numeric value that is so big for an application to handle. Input handling and error handling thwart the attack.

Answer 209

A

One of the three main foals of information security known as the CIA security triad. Integrity provides assurance that data or system configurations have not been modified. Audit logs and hashing are two mthods used to snsure intefiryt. Compare with availability and confidentiality.

Answer 210

A

An internal network. Poeple use an intranet to communicate and share content with each other.

Answer 211

A

Internet of Things. The network of physical devices connected to the internet. It typically refers to smart devices with an IP adress, such as a wearable technology and home automation systems.

Answer 212

A

A command-line tool used on Linux based systems to show and manupulate settings on network interface card (NIC). Developers replaced created this to replace ifconfig.

Answer 213

A

A command-line tool used on Windows Systems to show the configuration settings on a NIC.

Answer 214

A

Internet Protocol Security, A suite of protocols used to encrypt data-in-transit that can operate in both tunnel mode and transport mode. It uses tunnel mode and Transport mode in private networks.

Answer 215

A

An attack that changes the source IP Address.

Answer 216

A

Biometric Systems that scan the iris of an eye for authentication.

Answer 217

A

interconnection security agreement. An agreement that specifies thecnical and security requirements for connections between two or more entities. Compare with MOU/MOA.

Answer 218

A

A wireless attack that attempts to discover the Initialization Vector Legacy security protocols are susceptible to IV Attacks.

Answer 219

A

The process of modifying an Apple movile device to remove software restrictions. It allows a user to install software from any third party source. Comparable to “rooting”.

Answer 220

A

A DoS attack agains wireless networks. It transmits noise onthe same frequency used by a wireless network.

Answer 221

A

A process that ensures employees rotate through different jobs to learn the process and procedures in each job. It can sometimes detect fraudulent activity.

Answer 222

A

Key-Distribution Center. Also known as a TFT Server. Part of the Kerberos protocol used for network authentication. The KDC issues a timestamped tickets that expire.

Answer 223

A

A network authentication mechanism used with WindowsActiv Directory domains and some Unix enviromentmts known as “realms”. It uses a KDC to issue tickets.

Answer 224

A

The central par of the operating system. In container virtualization, guests share the kernel

Answer 225

A

Software of ardware used to capture a user’s keystrokes. Keystrokes are stored in a file and can be manually retrieved or automatically sent to an attacker.

Answer 226

A

A technique used to incerase the strength of stored passwords. It adds additional bits (called salts) and can help thwart brute force and rainbow table attacks.

Answer 227

A

A cryptographic attack that decrypts encrypted data. In this attack, the attacker knows the plaintext used to create ciphertext.

Answer 228

A

The process of ensuring data tagged clearly so that users know its classification. Lables can be physical labels, such as on backup tapes, or digital labels embedded in files.

Answer 229

A

Lightweight Directory Access Protocol, a protocol used to communicate with directoroes as Microsoft Active Directory. It identifies objects with query strings using codes such as CN=Users and DC=TestDomain.

Answer 230

A

Lightweight Directory Access Protocol Secure. A protocol used to encrypt LDAP traffic with TLS.

Answer 231

A

A core principle of secure systems design. Systems should be deplyed with only the applications, services and protocols needed to meet their purpose.

Answer 232

A

A security principle that specifies that individuals and process are granted only the rights and permissions needed to perfom assigned the tasks or functions, but not more.

Answer 233

A

A cour order to maintain data for evidence.

Answer 234

A

The probability that something will occur. It is used with imacpt in a qualitative risk assessment. Compare with Impact.

Answer 235

A

A hardware or software that balances the load between two or more servers. Scheduling methods include soruce address IP affinity and round-robin.

Answer 236

A

Policies that prvent users from logging on from certain locations, or require that they log on only from specific locations.

Answer 237

A

A type of malware that executes in response to an event. The event might be a specific date or time, or user action such as when

Answer 238

A

A method of preventing switching loop or bridge lopp problems. Both stp and rstp prevent switching loops.

Answer 239

A

Mandatory Access Control. An access control model that uses sensitivty lables assigned to objects. and subjects MAC restrics access based on a need to know.

Answer 240

A

A 48-bit address used to identify network interface cards. It is also called a hardware address or a physical address.

Answer 241

A

A form of network access control to allow or block acces based on the MAC address. It is configured on siwtches for port security or on APs for wireless security

Answer 242

A

An attack that changes soruce MAC Address.

Answer 243

A

A server that examines and processes all incoming and outgoing email. It typically incldes a spam filter and DLP capabilities. Some gateways also provide encryption services.

Answer 244

A

Malicious software. It includes a wide range of software that has malicious intent, such as viruses worms, ransomware, rootkits logic bombs and more.

Answer 245

A

A policy that forces emplyees to take vacation The goal is to deter malicious activity, such as a fraud and embezzelment and detect malicious activity whrn it occurs.

Answer 246

A

An attack that ionfects vulnerable web brosers. Ir can allow the to capture session data including keystrokes.

Answer 247

A

An attack using active interception or eavesdropping. It uses a third computer to capture browser session data, incldugin keystrokes.

Answer 248

A

A physical secyrity mechanism designed to control access to a secure area, a Mantrap prevents tailgating.

Answer 249

A

Message Digest version 5, A haching function used to provide integrity. MD5 creates a 128-bit hashes, which are also referred to as MD5 checksums. Experts consider MD5 cracked.

Answer 250

A

A group of application and/or technologies used to manage devices. MDM tools can monitor mobile devices and ensure they are in complience with security policies.

Answer 251

A

An application flaw that consumes memory without releasing it.

Answer 252

A

Multufuntion devices. Any device that performs multiple funtions. As an example, many printers are MFds because they can print, scan and copy documents. Many also include faxing capabilities.

Answer 253

A

Multimedia Messaging Service. A method used to send text messages. It is an extension of SMS and supports sending multimedia content.

Answer 254

A

Memorandum of understanding of memorandum of agreement. A type of adreement that defines responsabilities of each party. Compare with ISA.

Answer 255

A

Microsoft Challenge Handshake Authentication Protocol version 2. Microsoft implementation of CHAP. MS-CHAPv2 provides mutual authentication. Compare with CHAP and PAP.

Answer 256

A

Mean Time between failures. A metric that provides a measrue of a system’s reliability an is usually represented in hours. The MTBF identifies the average time between failures.

Answer 257

A

Mean Time to Recover. A metric that identifies the average time it takes to restore a failed system. Organizations that have maintenance contracts often specify the MTTR as part of the contract.

Answer 258

A

A type of authentication that uses methods from more that one factor of authentication.

Answer 259

A

Network Access Control A system that inspects clients to ensure they are healthy. Agents inspect clients and agents cna be permanent or dissolvable (also known as agentless).

Answer 260

A

Network Address Translation, A service that translates public IP addresses to private IP addresses and private IP addresses to public IP Addresses.

Answer 261

A

Non-Disclosure Agreement, an agreement that is designed to prohibit personnel from sharing propietary data. It can be used with eomplyees within the organization and with other organizations.

Answer 262

A

A command-line tool used to connect to remote systems.

Answer 263

A

A command-line tool used to show network statistics on a system.

Answer 264

A

A process used to discover devices on a network, including how they are connected.

Answer 265

A

A tool used to discover on a network, including their IP Addresses, their operating system, along with services and protocols running on the devices.

Answer 266

A

An attack against mobile devices that use near field communication (NFC). NFC is a gorup of standards that allow mobile devices to communicate with nearby mobile devices.

Answer 267

A

A network based instursion detection system. A device that detects attacks and raises alerts. A NIDS is installed on network devices, such as routers or firewalls, and monitors network traffic.

Answer 268

A

A network based intrusion prevention system. A device that detects and stops attacks in progress. A NIPS is placed inline (also called in-nad) with traffic that it can actively monitor data streams.

Answer 269

A

National Institute of Standards and Technology. NIST is a part of the US. Department of Commenrce, and it includes an information Technology Laboratory. The ITL publishes special publicaitions related to security that are freely availaible to anyone.

Answer 270

A

A command-line tool used to scan networks. It is a type of network scanner.

Answer 271

A

A number used once. Cyrptography elements frequently use a nonce to add randomness.

Answer 272

A

A method used in virtual desktops where changes made by a user are not saved. Most (or all) users have the same desktop. Whe users log-off the destop revers to its original state.

Answer 273

A

The ability to prevent a party from denying an action. Digital Signatures and access logs provide non repudiation.

Answer 274

A

The process of organizing and columns in a database. Normalization reduces redundant data and improves overall database performance.

Answer 275

A

A command-line tool used to test DNS on Microsoft Systems. Compare with dig.

Answer 276

A

New Technology LAN Manager. A suite of protocols that provide confidentiality, integrity and authentication within Windows Systems. Versions include NTLM, NTLMv2, and NTLM2 Session.

Answer 277

A

An open source standard used for authorization with internet-based single sign-on solutions.

Answer 278

A

An attempt to make something unclear or difficult to understand. Steganography methods use obfuscation to hide data within data.

Answer 279

A

Online Certificate Status Protocol, an alternative to using a CRL, it allows entities to query a CA with the serial number of certificate. The CA answers with good, revoked, or unknown.

Answer 280

A

The process of granting individuals access to an organizations computing resources after being hired. It typically includes giving the employee a user account with appropriate permissions.

Answer 281

A

A wireless mode that doesnt use security. Compare with enterprise and PSK modes.

Answer 282

A

An open source standard used for identification on the internet. It is typically used with OAth and it allows clients to verify the identity of end users without managing their credentials.

Answer 283

A

A method of gathering data using public sources such as social media sites and news outlets.

Answer 284

A

A term that refers to the order in which you should collect evidence. For example data in memory is more volatile than data on a disk drive. So it should be collected first.

Answer 285

A

A configuration that allows a device to cllect traffic without the traffic passing through it. Sometimes called passive, compare with inline.

Answer 286

A

PKCS#7. A common format for PKI certificates. They are DER-Based (ASCII) and commonly used to share public keys.

Answer 287

A

PKCS #12 A common format for PKI certificates. They are CER-Based (binary) and often hold certificates with the private key. They are commonly encrypted.

Answer 288

A

Platform as a Service. A cloud computing model that provides cloud customers with a preconfigured computing platform they can use as needed. Compare with IaaS and SaaS.

Answer 289

A

Password Authentication Protocol. An older authentication protocol where passwords or PINs are sent accreoss the network in cleartext. Compare with CHAP and MS-CHAPv2

Answer 290

A

A penetration testing method used to collect information. It typically uses open source intelligence. Compare with active recoinnassance.

Answer 291

A

A password attack that captures and uses the hash of a password. It attempts to log on as the user with the hash and is commonly associated with the Microsoft NTLM protocol.

Answer 292

A

A tool used to discover passwords.

Answer 293

A

The process used to keep systems up to date with current patches. It typically includes evaluating and testing patches before deploying them.

Answer 294

A

A password based Key Derivation Function 2. A key stretching techinque that adds addionationl bits to a password as a salt. It helps prevent brue force and rainbow tables attack.

Answer 295

A

Protected Enhanced Mail. A common format for PKI certificates. It can use either CER (ASCII) or DER(Binary) formats and can be used for almost any type of certificates.

Answer 296

A

A charactieristic of encryption keys ensuring that keys are random. Perfect forward secrecy methods do not use determinist algorythms.

Answer 297

A

A NAC agent that is installed on a client. It checks the client with dissolvable agent.

Answer 298

A

An audit that analyzes user privileges. It identifies privileges rights and permissions granted to users, and compares them agains what the user needs.

Answer 299

A

Personal Information Exchange. A common format for PKI certificates. It is the predecessor to P12 certificates.

Answer 300

A

Personal Health information. PII that includes health information.

Answer 301

A

The practice of sending email to users with the purpose of tricking them into revealing personal infromation or clicking on a link.

Answer 302

A

Security controls that you can physically touch.

Answer 303

A

Personal Identifiable Information. Information about individuals that can be used to trace a persons identity, such as a full name, birth date biometric data and more.

Answer 304

A

A command-line tool used to test connectivity with remote systems.

Answer 305

A

A security mechanism used by some web sites to prvent web site imperonation. Web sites procide clients with a list of public key hashes. Clients store the list and use it to validate the web site.

Answer 306

A

Personal identity verification card. A apecialized type of smart card used by US federal agencies. It includes photo identification and provides confidentiality integrity, authentication and non repudiation.

Answer 307

A

Pivot is one of the steps in penetration testing. After escaliting privileges, the tester uses additional tools to gain additional information on the exploited computer or on the network.

Answer 308

A

Text displayed in a readable format. Encryption converts plaintext to ciphertext.

Answer 309

A

A programming practice that uses a pointer to refrence a memory area. A failed derefenrece operation can corrupt memory and sometimes even cause an application to crash.

Answer 310

A

Post Office Porotocoll version 3. A protocol used to transfer email from mail servers to clients.

Answer 311

A

A monitoring port on a switch. All traffic going through the switch it also sent to the port mirror.

Answer 312

A

Security controls that attempt to prevent a security incident from occuring.

Answer 313

A

An assessment used to identify and reduce risks related to potential loss of PII. Compare with privacy threshold assessment.

Answer 314

A

An assessment used to help identify is a system is processing PII. Compare with Privacy Impact Assessment.

Answer 315

A

Information about an individual that shoyld remain private. Personally Identifiable Information and Personal Health Information are two examples.

Answer 316

A

A part of a matched key pair used in assysmetric encryption. The priavte key always stays private.

Answer 317

A

The process of gianing elevated rights and permissions. Malware typically uses a variety of techniques to gain elevated privileges.

Answer 318

A

An account with elevated privileges. Such as an administrator account.

Answer 319

A

Data that is related to ownershop. Common examples are information realted to parents of trade secrets.

Brainscape's Knowledge GenomeTM

Glossary Flashcards

Be able to define all terms associated with CompTIA Sec+

Brainscape's Knowledge Genome^TM