Glossary Flashcards

Question 1

Q

acceptable interruption window

Answer

A

the maximum period of time that a system can be unavailable before compromising the achievement of the enterprise’s business objectives

Question 2

Q

acceptable use policy

Answer

A

a policy that establishes an agreement between users and the enterprise and defines for all parties’ the ranges of use that are approved before gaining access to a network or the Internet.

Question 3

Q

access control list (ACL)

Answer

A

an internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals. Also referred to as access control tables

Question 4

Q

access path

Answer

A

The logical route that an end user takes to access computerized information. Typically includes a route through the operating system, telecommunications software, selected application software and the access control system.

Question 5

Q

access rights

Answer

A

The permission or privileges granted to users, programs or workstations to create, change, delete or
view data and files within a system, as defined by rules established by data owners and the information
security policy.

Question 6

Q

accountability

Answer

A

the ability to map a given activity or event back to the responsibly party

Question 7

Q

advanced encryption standard (AES)

Answer

A

a public algorithm that supports keys from 128 bits to 256 bits in size.

Question 8

Q

advanced persistent threat (APT)

Answer

A

an adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives using multiple attack vectors.

Question 9

Q

The APT:

Answer

A

Pursues its objectives repeatedly over an extended period of time
Adapts to defenders’ efforts to resist it
Is determined to maintain the level of interaction needed to execute its objectives

Question 10

Q

adware

Answer

A

a software package that automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. This is usually done without any notification to the user or without the user’s consent. Some programs display ads as an alternative to shareware registration fees. These are advertising supported software, but not spyware.

Question 11

Q

Alert situation

Answer

A

The point in an emergency procedure when the elapsed time passes a threshold and the interruption is not resolved. The enterprise entering into an alert situation initiates a series of escalation steps.

Question 12

Q

Alternate facilities

Answer

A

Locations and infrastructures from which emergency or backup processes are executed, when the main premises are unavailable or destroyed; includes other buildings, offices or data processing centers.

Question 13

Q

Alternate process

Answer

A

Automatic or manual process designed and established to continue critical business processes
from point-of-failure to return-to- normal.

Question 14

Q

anti-malware

Answer

A

a technology widely used to prevent, detect and remove many categories of malware, including computer viruses, worms, Trojans, keyloggers, malicious browser plug-ins, adware, and spyware.

Question 15

Q

anti virus software

Answer

A

an application software deployed at multiple points in an IT architecture. It is designed to detect and potentially eliminate virus code before damage is done and repair or quarantine files that have already been infected

Question 16

Q

application layer

Answer

A

in the open system interconnection (OSI) communications model, the application layer provides services for an application program to ensure the effective communication with another application program in a network is possible. The application layer is not the application that is doing the communication; a service layer that provides these services.

Question 17

Q

Architecture

Answer

A

Description of the fundamental underlying design of the components of the business system, or of one element of the business system (technology) the relationships among them, and the manner in which they support enterprise objectives.

Question 18

Q

Asymmetric key ( public key)

Answer

A

A cipher technique in which different cryptographic keys are used to encrypt and decrypt a message.

Question 19

Q

Attack mechanism

Answer

A

A method used to deliver the payload. Unless the attacker is personally performing the attack, an attack mechanism may involve an exploit delivering a payload to the target.

Question 20

Q

Attack vector

Answer

A

A path or route used by the adversary to gain access to the target, asset. There are two types of attack vectors ingress and egress also known as data exfiltration.

Question 21

Q

Audit trail

Answer

A

A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source.

Question 22

Q

Authentication

Answer

A

The act of verifying the identity of a user and the users eligibility to access computerized information. Authentication is designed to protect against fraudulent logon activity. It can also refer to the verification of the correctness of a piece of data

Question 23

Q

Availability

Answer

A

Ensuring timely and reliable access to and use of information

Question 24

Q

Back door

Answer

A

A means of regaining access to a compromise system by installing software or Configuring existing software to enable remote access under attack or to find conditions.

Question 25

Q

Bastion

Answer

A

System heavily fortified against attacks

Question 26

Q

Biometrics

Answer

A

A security technique that verifies an individuals identity by analyzing a unique physical attributes such as a handprint.

Question 27

Q

Block cipher

Answer

A

A public algorithm that operates on plain text in blocks of bits.

Question 28

Q

Botnet

Answer

A

A term derived from robot network, is a large automated and distributed network of previously compromised computers that can be simultaneously controlled to launch large scale attacks such as a denial of service attack on selective victims.

Question 29

Q

Boundary

Answer

A

Logical and physical controls to find a perimeter between the organization and the outside world.

Question 30

Q

Bridges

Answer

A

Data link layer devices developed in the early 1980s to connect local area network’s or create two separate local area network’s or wide area network segments from a single segment to reduce collision domains. Bridges act as store and forward devices in moving frames toward their destination. This is achieved by analyzing the media access control header of a data packet which represents the hardware address of a NIC.

Question 31

Q

Brute force attack

Answer

A

Repeatedly trying all possible combinations of passwords or encryption keys until the correct one is found.

Question 32

Q

Buffer overflow

Answer

A

Occurs when a program or process tries to store more data in a buffer, temporary data storage error, then it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information- which has to go somewhere -can overflow into adjacent buffers, corrupting or overriding the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an
increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user’s files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices
supplied the vulnerability.

Question 33

Q

Business continuity plan BCP

Answer

A

A plan used by an enterprise to respond to disruption of critical business processes. Depends on the contingency plan for restoration of critical systems.

Question 34

Q

Business impact analysis/assessment BIA

Answer

A

Evaluating the criticality and sensitivity of information assets. An exercise that determines the impact of losing the support of any resources to an enterprise, establishes the escalation of that loss overtime, identifies the minimum resources needed to recover, and prioritizes the recovery of processes and the supporting system. This process also includes addressing income loss, unexpected expense, legal issues, interdependent processes, and loss of public reputation or public confidence.

Question 35

Q

Certificate authority CA

Answer

A

A trusted third-party that serves authentication infrastructure or enterprises and registers entities and issues them certificates

Question 36

Q

Certificate revocation list CRL

Answer

A

An instrument for checking the continued validity of the certificates for which the certification authority has responsibility. The CRL details digital certificates that are no longer valid. The time gap between two updates is very critical and is also a risk in digital certificates verification.

Question 37

Q

Checksum

Answer

A

A mathematical value that is assigned to a file and used to “test” the file at a later date to verify that the data contained in the file has not been maliciously changed. A cryptographic checksum is created by performing a complicated series of mathematical operations (known as a cryptographic algorithm) that translates the data in the file into a fixed string of digits called a hash value, which is then used as the checksum. Without knowing which cryptographic algorithm was used to create the hash value, it is highly unlikely that an unauthorized person would be able to change data without inadvertently changing the corresponding checksum. Cryptographic checksums are used in data transmission and data storage. Cryptographic checksums are also known as message authentication codes, integrity check-values, modification detection codes or message integrity codes.

Question 38

Q

Chief Information Security Officer (CISO)

Answer

A

person in charge of information security within the enterprise

Question 39

Q

chief security officer (CSO)

Answer

A

person usually responsible for all security matters both physical and digital in enterprise

Question 40

Q

cipher

Answer

A

an algorithm to perform encryption

Question 41

Q

ciphertext

Answer

A

information generated by an encryption algorithm to protect the plaintext and that is unintelligible to the unauthorized reader

Question 42

Q

clear text

Answer

A

data not encrypted also known as plain text

Question 43

Q

cloud computing

Answer

A

Convenient, on-demand network access to a shared pool of resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Question 44

Q

collision

Answer

A

The situation that occurs when two or more demands are made simultaneously on equipment that can
handle only one at any given instant

Question 45

Q

Common attack pattern enumeration and classification (CAPEC)

Answer

A

A catalogue of attack patterns as “an abstraction mechanism for helping describe how an attack against vulnerable systems or networks is executed”published by the MITRE Corporation.

Question 46

Q

Compartmentalization

Answer

A

A process for protecting very high value assets or in environments where trust is an issue. Access to an asset requires two or more processes, controls or individuals

Question 47

Q

Compliance

Answer

A

Adherence to, and the ability to demonstrate adherence to, mandated requirements defined by laws and regulations, as well as voluntary requirements resulting from contractual obligations and internal policies.

Question 48

Q

Compliance documents

Answer

A

Policies, standard and procedures that document the actions that are required or prohibited. Violations may be subject to disciplinary actions.

Question 49

Q

Computer emergency response team (CERT)

Answer

A

A group of people integrated at the enterprise with clear lines of reporting and responsibilities for standby support in case of an information systems emergency. This group will act as an efficient corrective control, and should also act as a single point of contact for all incidents and issues related to information systems.

Question 50

Q

Confidentiality

Answer

A

Preserving authorized restrictions on access and disclosure, including means for protecting privacy and proprietary information.

Question 51

Q

Configuration management

Answer

A

The control of changes to a set of configuration items over a system life cycle.

Question 52

Q

Consumerization

Answer

A

A new model in which emerging technologies are first embraced by the consumer market and later spread to the business.

Question 53

Q

Containment

Answer

A

Actions taken to limit exposure after an incident has been identified and confirmed.

Question 54

Q

Content filtering

Answer

A

Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed instead of the attributes of the packet itself (e.g., source/target IP address, transmission control protocol [TCP] flags).

Question 55

Q

Control

Answer

A

The means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be of an administrative, technical, management, or legal nature. Also used as a synonym for safeguard or countermeasure.

Question 56

Q

Critical infrastructure

Answer

A

Systems whose incapacity or destruction would have a debilitating effect on the economic security of an enterprise, community or nation.

Question 57

Q

Criticality

Answer

A

The importance of a particular asset or function to the enterprise, and the impact if that asset or function is not available.

Question 58

Q

Criticality analysis

Answer

A

An analysis to evaluate resources or business functions to identify their importance to the enterprise, and the impact if a function cannot be completed or a resource is not available.

Question 59

Q

Cross-site scripting (XSS)—

Answer

A

A type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. (OWASP)

Question 60

Q

Cryptosystem—

Answer

A

A pair of algorithms that take a key and convert plaintext to ciphertext and back.

Question 61

Q

Cyberespionage—

Answer

A

Activities conducted in the name of security, business, politics or technology to find information
that ought to remain secret. It is not inherently military.

Question 62

Q

Cybersecurity—

Answer

A

The protection of information assets by addressing threats to information processed, stored, and
transported by internetworked information systems.

Question 63

Q

Cybersecurity architecture—

Answer

A

Describes the structure, components and topology (connections and layout) of
security controls within an enterprise’s IT infrastructure. The security architecture shows how defense in depth is
implemented and how layers of control are linked and is essential to designing and implementing security controls in
any complex environment

Question 64

Q

Cyberwarfare

Answer

A

Activities supported by military organizations with the purpose to threat the survival and well-being
of society/foreign entity

Answer 65

A

The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification. Levels of sensitivity of data are assigned according to predefined categories as data are created, amended, enhanced, stored or transmitted. The classification level is an indication of the value or importance of the data to the enterprise.

Answer 66

A

The individual(s) and department(s) responsible for the storage and safeguarding of computerized data.

Answer 67

A

An algorithm for encoding binary data. It is a secret key cryptosystem
published by the National Bureau of Standards (NBS), the predecessor of the US National Institute of Standards and
Technology (NIST). DES and its variants has been replaced by the Advanced Encryption Standard (AES).

Answer 68

A

Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.

Answer 69

A

Refers to the policies that govern data and records management for meeting internal, legal and
regulatory data archival requirements.

Answer 70

A

The process of distributing computer processing to different locations within an enterprise.

Answer 71

A

The practice of layering defenses to provide added protection. Defense in depth increases security by raising the effort needed in an attack. This strategy places multiple barriers between an attacker and an enterprise’s computing and information resources.

Answer 72

A

A screened (firewalled) network segment that acts as a buffer zone between a trusted and untrusted network. A DMZ is typically used to house systems such as web servers that must be accessible from
both internal networks and the Internet.

Answer 73

A

An assault on a service from a single source that floods it with so many requests
that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate.

Answer 74

A

A piece of information, a digitized form of signature, that provides sender authenticity, message integrity and nonrepudiation. A digital signature is generated using the sender’s private key or applying a one-way hash function.

Answer 75

A

The process of identifying, preserving, analyzing and presenting digital evidence in a manner that
is legally acceptable in any legal proceedings.

Answer 76

A

A piece of information, a digitized form of signature, that provides sender authenticity, message integrity and nonrepudiation. A digital signature is generated using the sender’s private key or applying a one-way
hash function.

Answer 77

A

A set of human, physical, technical and procedural resources to recover, within a defined time and cost, an activity interrupted by an emergency or disaster.

Answer 78

A

A means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject.

Answer 79

A

A hierarchical database that is distributed across the Internet that allows names to be resolved into IP addresses (and vice versa) to locate services such as web and email servers.

Answer 80

A

Tunneling over DNS to gain network access. Lower-level attack vector
for simple to complex data transmission, slow but difficult to detect.

Answer 81

A

The level of care expected from a reasonable person of similar competency under similar conditions.

Answer 82

A

The performance of those actions that are generally regarded as prudent, responsible and necessary to conduct a thorough and objective investigation, review and/or analysis.

Answer 83

A

Dynamic and/or private ports–49152 through 65535: Not listed by IANA because of their dynamic
nature.

Answer 84

A

Network communications going out.

Answer 85

A

An algorithm that combines plane geometry with algebra to achieve stronger
authentication with smaller keys compared to traditional methods, such as RSA, which primarily use algebraic
factoring. Smaller keys are more suitable to mobile devices.

Answer 86

A

Protocol, which is designed to provide a mix of security services in IPv4 and IPv6. ESP can be used to provide confidentiality, data origin authentication, connectionless integrity, an
anti-replay service (a form of partial sequence integrity), and (limited) traffic flow confidentiality (RFC 4303). The
ESP header is inserted after the IP header and before the next layer protocol header (transport mode) or before an
encapsulated IP header (tunnel mode).

Answer 87

A

The process of taking an unencrypted message (plaintext), applying a mathematical function to it
(encryption algorithm with a key) and producing an encrypted message (ciphertext).

Answer 88

A

A mathematically based function or calculation that encrypts/decrypts data

Answer 89

A

A piece of information, in a digitized form, used by an encryption algorithm to convert the
plaintext to the ciphertext.

Answer 90

A

When containment measures have been deployed after an incident occurs, the root cause of the
incident must be identified and removed from the network. Eradication methods include: restoring backups to
achieve a clean state of the system, removing the root cause, improving defenses and performing vulnerability
analysis to find further potential damage from the same root cause.

Answer 91

A

A popular network protocol and cabling scheme that uses a bus topology and carrier sense multiple
access/collision detection (CSMA/CD) to prevent network failures or collisions when two devices try to access the
network at the same time.

Answer 92

A

Information that proves or disproves a stated issue. Information that an auditor gathers in the course of
performing an IS audit; relevant if it pertains to the audit objectives and has a logical relationship to the findings and
conclusions it is used to support.

Answer 93

A

Full use of a vulnerability for the benefit of an attacker

Answer 94

A

A protocol used to transfer files over a Transmission Control Protocol/ Internet
Protocol (TCP/IP) network (Internet, UNIX, etc.).

Answer 95

A

A system or combination of systems that enforces a boundary between two or more networks, typically
forming a barrier between a secure and an open environment such as the Internet.

Answer 96

A

The process of collecting, assessing, classifying and documenting digital evidence to assist
in the identification of an offender and the method of compromise.

Answer 97

A

A device (router, firewall) on a network that serves as an entrance to another network.

Answer 98

A

Ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreedon enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring
performance and compliance against agreed-on direction and objectives. Conditions can include the cost of capital,
foreign exchange rates, etc. Options can include shifting manufacturing to other locations, subcontracting portions of
the enterprise to third parties, selecting a product mix from many available choices, etc.

Answer 99

A

A business term used to group the three close-related

disciplines responsible for the protection of assets and operations.

Answer 100

A

A description of a particular way of accomplishing something that is less prescriptive than a procedure

Answer 101

A

An individual who attempts to gain unauthorized access to a computer system.

Answer 102

A

An algorithm that maps or translates one set of bits into another (generally smaller) so that a
message yields the same result every time the algorithm is executed using the same message as input. It is
computationally infeasible for a message to be derived or reconstituted from the result produced by the algorithm or
to find two different messages that produce the same hash result using the same algorithm.

Answer 103

A

The total of any numeric data field in a document or computer file. This total is checked against a
control total of the same field to facilitate accuracy of processing.

Answer 104

A

Using a hash function (algorithm) to create hash valued or checksums that validate message integrity.

Answer 105

A

An exploitation of a valid network session for unauthorized purposes.

Answer 106

A

A specially configured server, also known as a decoy server, designed to attract and monitor intruders in
a manner such that their actions do not affect production systems. Also known as “decoy server.”

Answer 107

A

Controls are placed in various places in the path to access an asset.

Answer 108

A

A common connection point for devices in a network, hubs are used to connect segments of a local area
network (LAN). A hub contains multiple ports. When a packet arrives at one port, it is copied to the other ports so
that all segments of the LAN can see all packets.

Answer 109

A

A person prepared to act as a network layer of defense through education and awareness.

Answer 110

A

A communication protocol used to connect to servers on the World Wide
Web. Its primary function is to establish a connection with a web server and transmit hypertext markup language
(HTML), extensible markup language (XML) or other pages to client browsers.

Answer 111

A

Pronounced I-triple-E; an organization composed of

engineers, scientists and students. Best known for developing standards for the computer and electronics industry.

Answer 112

A

A family of specifications developed by the Institute of Electrical and Electronics Engineers (IEEE)
for wireless local area network (WLAN) technology. 802.11 specifies an over-the- air interface between a wireless
client and a base station or between two wireless clients.

Answer 113

A

A process that allows one to obtain a bit-for-bit copy of data to avoid damage of original data or
information when multiple analyses may be performed. The imaging process is made to obtain residual data, such
as deleted files, fragments of deleted files and other information present, from the disk for analysis. This is possible
because imaging duplicates the disk surface, sector by sector.

Answer 114

A

Magnitude of loss resulting from a threat exploiting a vulnerability.

Answer 115

A

A study to prioritize the criticality of information resources for the enterprise based on costs (or
consequences) of adverse events. In an impact analysis, threats to assets are identified and potential business losses
determined for different time periods. This assessment is used to justify the extent of safeguards that are required and
recovery time frames. This analysis is the basis for establishing the recovery strategy.

Answer 116

A

Any event that is not part of the standard operation of a service and that causes, or may cause, an
interruption to, or a reduction in, the quality of that service.

Answer 117

A

The response of an enterprise to a disaster or other significant event that may significantly affect
the enterprise, its people, or its ability to function productively. An incident response may include evacuation of a
facility, initiating a disaster recovery plan (DRP), performing damage assessment, and any other measures necessary
to bring an enterprise to a more stable status.

Answer 118

A

The operational component of incident management. The plan includes documented
procedures and guidelines for defining the criticality of incidents, reporting and escalation process, and recovery
procedures

Answer 119

A

Ensures that within the enterprise, information is protected against disclosure to unauthorized
users (confidentiality), improper modification (integrity), and nonaccess when required (availability).

Answer 120

A

The overall combination of technical, operational and procedural measures and
management structures implemented to provide for the confidentiality, integrity and availability of information based
on business requirements and risk analysis.

Answer 121

A

The combination of strategic, managerial and operational activities involved in
gathering, processing, storing, distributing and using information and its related technologies.
Information systems are distinct from information technology (IT) in that an information system has an IT
component that interacts with the process components.

Answer 122

A

Offers the capability to provision processing, storage, networks and other
fundamental computing resources, enabling the customer to deploy and run arbitrary software, which can include
operating systems (OSs) and applications.

Answer 123

A

A process to convert information extracted to a format that can be understood by investigators. See also
Normalization.

Answer 124

A

Network communications coming in.

Answer 125

A

The risk level or exposure without taking into account the actions that management has taken or
might take (e.g., implementing controls).

Answer 126

A

A general term for attack types which consist of injecting code that is then interpreted/ executed by the
application (OWASP).

Answer 127

A

The guarding against improper information modification or destruction, and includes ensuring
information nonrepudiation and authenticity.

Answer 128

A

The world’s largest developer of voluntary International Standards.

Answer 129

A

Responsible for the global coordination of the DNS root, IP

addressing, and other Internet protocol resources.

Answer 130

A

A set of protocols that allow systems to communicate information about the state of services on other systems. For example, ICMP is used in determining whether systems are up, maximum packet sizes on links, whether a destination host/network/port is available. Hackers typically use (abuse) ICMP to determine information about the remote site.

Answer 131

A

Specifies the format of packets and the addressing scheme.

Answer 132

A

An attack using packets with the spoofed source Internet packet (IP)
addresses. This technique exploits applications that use authentication based on IP addresses. This technique also
may enable an unauthorized user to gain root access on the target system.

Answer 133

A

A third party that provides individuals and enterprises with access to the Internet and a variety of other Internet-related services.

Answer 134

A

IPX is Layer 3 of the open systems
interconnect (OSI) model network protocol; SPX is Layer 4 transport protocol. The SPX layer sits on top of the IPX
layer and provides connection- oriented services between two nodes on the network.

Answer 135

A

The process of monitoring the events occurring in a computer system or network to detect
signs of unauthorized access or attack.

Answer 136

A

Inspects network and host security activity to identify suspicious patterns that may indicate a network or system attack.

Answer 137

A

A preemptive approach to network security used to identify potential threats and respond to them to stop, or at least limit, damage or disruption.

Answer 138

A

A system designed to not only detect attacks, but also to prevent the intended victim hosts from being affected by the attacks.

Answer 139

A

A unique binary number used to identify devices on a TCP/IP network.

Answer 140

A

Protocol used to provide connectionless integrity and data origin authentication for IP datagrams (hereafter referred to as just “integrity”) and to provide protection against replays. (RFC 4302). AH ensures data integrity with a checksum that a message authentication code, such as MD5, generates. To ensure data origin authentication, AH includes a secret shared key in the algorithm that it uses for authentication. To ensure replay protection, AH uses a sequence number field within the IP authentication header.

Answer 141

A

A set of protocols developed by the Internet Engineering Task Force (IETF) to support the secure exchange of packets.

Answer 142

A

The responsibility of executives and the board of directors; consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the enterprise’s strategies and objectives.

Answer 143

A

Used for execution of privileged instructions for the internal operation of the system. In kernel mode,
there are no protections from errors or malicious activity and all parts of the system and memory are accessible.

Answer 144

A

The size of the encryption key measured in bits.

Answer 145

A

A subset of risk indicators that are highly relevant and possess a high probability of predicting or indicating important risk. See also Risk Indicator.

Answer 146

A

Software used to record all keystrokes on a computer.

Answer 147

A

The time it takes a system and network delay to respond. More specifically, system latency is the time a system
takes to retrieve data. Network latency is the time it takes for a packet to travel from source to the final destination.

Answer 148

A

Data link level devices that can divide and interconnect network segments and help to reduce
collision domains in Ethernet-based networks.

Answer 149

A

Switches with operating capabilities at Layer 3 and Layer 4 of the open systems interconnect (OSI) model. These switches look at the incoming packet’s networking protocol, e.g., IP, and then compare the destination IP address to the list of addresses in their tables, to actively calculate the best way to send a packet to its destination.

Answer 150

A

Used for load balancing among groups of servers. Also known as content- switches, content
services switches, web-switches or application-switches.

Answer 151

A

Outdated computer systems.

Answer 152

A

Communication network that serves several users within a specified geographic area.
A personal computer LAN functions as a distributed processing system in which each computer in the network does
its own processing and manages some of its data. Shared data are stored in a file server that acts as a remote disk
drive for all users in the network.

Answer 153

A

To record details of information or events in an organized record-keeping system, usually sequenced in the order in which they occurred.

Answer 154

A

Ability to interact with computer resources granted using identification, authentication and
authorization.

Answer 155

A

The policies, procedures, organizational structure and electronic access controls designed to restrict access to computer software and data files.

Answer 156

A

A unique identifier assigned to network interfaces for communications on
the physical network segment.

Answer 157

A

Represents the hardware address of an network interface controller (NIC) inside a data packet.

Answer 158

A

An electronic mail (email) server that relays messages so that neither the sender nor the recipient
is a local user.

Answer 159

A

A large high-speed computer, especially one supporting numerous workstations or peripherals

Answer 160

A

Short for malicious software. Designed to infiltrate, damage or obtain information from a computer system
without the owner’s consent. Malware is commonly taken to include computer viruses, worms, Trojan horses, spyware
and adware. Spyware is generally used for marketing purposes and, as such, is not malicious, although it is generally
unwanted. Spyware can, however, be used to gather information for identity theft or other clearly illicit purposes.

Answer 161

A

A means of restricting access to data based on varying degrees of security requirements for information contained in the objects and the corresponding security clearance of users or programs acting on their behalf.

Answer 162

A

An attack strategy in which the attacker intercepts the communication stream between
two parts of the victim system and then replaces the traffic between the two components with the intruder’s own,
eventually assuming control of the communication.

Answer 163

A

A computerized technique of blocking out the display of sensitive information, such as passwords, on a
computer terminal or report.

Answer 164

A

An American National Standards Institute (ANSI) standard checksum that is computed using Data Encryption Standard (DES).

Answer 165

A

A smaller extrapolated version of the original message created using a message digest algorithm

Answer 166

A

Message digest algorithms are SHA1, MD2, MD4 and MD5. These algorithms are oneway functions unlike private and public key encryption algorithms. All digest algorithms take a message of arbitrary
length and produce a 128-bit message digest.

Answer 167

A

—A data network intended to serve an area the size of a large city.

Answer 168

A

Using this method, an attacker fragments the IP packet into smaller ones and pushes it
through the firewall, in the hope that only the first of the sequence of fragmented packets would be examined and the
others would pass without review

Answer 169

A

An alternate site that contains the same information as the original. Mirrored sites are set up for backup and disaster recovery and to balance the traffic load for numerous download requests. Such download mirrors are often placed in different locations throughout the Internet.

Answer 170

A

Rules outlining or delineating the way in which information about the use of computers,
networks, applications and information is captured and interpreted.

Answer 171

A

Develops tests, test methods, reference data, proof-of concept implementations, and technical analyses to advance the development and productive use of information technology. NIST is a US government entity that creates mandatory standards that are followed by federal agencies and those doing business with them.
Identify
Protect
Detect
Respond
Recover

Answer 172

A

A program that allows applications on different computers to

communicate within a local area network (LAN).

Answer 173

A

A methodology of modifying network address information in datagram
packet headers while they are in transit across a traffic routing device for the purpose of remapping one IP address
space into another.

Answer 174

A

A communication card that when inserted into a computer, allows it to communicate
with other computers on a network. Most NICs are designed for a particular type of network or protocol

Answer 175

A

Used for the distribution, inquiry, retrieval, and posting of Netnews articles
using a reliable stream-based mechanism. For news-reading clients, NNTP enables retrieval of news articles that are
stored in a central database, giving subscribers the ability to select only those articles they wish to read (RFC 3977).

Answer 176

A

A common technique to implement network security is to segment an organization’s
network into separate zones that can be separately controlled, monitored and protected.

Answer 177

A

Identifies patterns in network communications. Traffic analysis does not need to have the actual content of the communication but analyzes where traffic is taking place, when and for how long communications occur and the size of information transferred.

Answer 178

A

The use of transported probes or traces to assemble information, track traffic and identify vulnerabilities.

Answer 179

A

The assurance that a party cannot later deny originating data; provision of proof of the integrity
and origin of the data and that can be verified by a third party. A digital signature can provide nonrepudiation.

Answer 180

A

The elimination of redundant data

Answer 181

A

The deliberate act of creating source or machine code that is difficult for humans to understand.

Answer 182

A

A model for the design of a network. The open systems interconnect (OSI) model defines groups of functionality required to network computers into layers. Each layer implements a standard protocol to implement its functionality. There are seven layers in the OSI model.

application
presentation
session
transport
network
data link
physical

Answer 183

A

A master control program that runs the computer and acts as a scheduler and traffic controller

Answer 184

A

An open community dedicated to enabling organizations to

conceive, develop, acquire, operate, and maintain applications that can be trusted.

Answer 185

A

Represents the consequences of actions previously taken; often referred to as a lag indicator. Outcome measures frequently focus on results at the end of a time period and characterize historic performance. They are also referred to as a key goal indicator (KGI) and used to indicate whether goals have been met. These can be measured only after the fact and, therefore, are called “lag indicators.”

Answer 186

A

Data unit that is routed from source to destination in a packet-switched network. A packet contains both routing information and data. Transmission Control Protocol/Internet Protocol (TCP/IP) is such a packet-switched network.

Answer 187

A

Controlling access to a network by analyzing the attributes of the incoming and outgoing packets and either letting them pass, or denying them, based on a list of rules.

Answer 188

A

The process of transmitting messages in convenient pieces that can be reassembled at the destination

Answer 189

A

A response option in intrusion detection in which the system simply reports and records the problem detected, relying on the user to take subsequent action.

Answer 190

A

A tool that tests the strength of user passwords by searching for passwords that are easy to
guess. It repeatedly tries words from specially crafted dictionaries and often also generates thousands (and in some
cases, even millions) of permutations of characters, numbers and symbols.

Answer 191

A

Fixes to software programming errors and vulnerabilities.

Answer 192

A

An area of systems management that involves acquiring, testing and installing multiple patches (code changes) to an administered computer system in order to maintain up-to-date software and often to address security risk. Patch management tasks include the following: maintaining current knowledge of available patches; deciding what patches are appropriate for particular systems; ensuring that patches are installed properly; testing systems after installation; and documenting all associate procedures, such as specific configurations required.
A number of products are available to automate patch management tasks. Patches are sometimes ineffective and can sometimes cause more problems than they fix. Patch management experts suggest that system administrators take simple steps to avoid problems, such as performing backups and testing patches on noncritical systems prior to installations. Patch management can be viewed as part of change management.

Answer 193

A

The section of fundamental data in a transmission. In malicious software this refers to the section containing the harmful data/code.

Answer 194

A

—A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers.

Answer 195

A

This is a type of electronic mail (email) attack that attempts to convince a user that the originator is
genuine, but with the intention of obtaining information for use in social engineering. Phishing attacks may take the
form of masquerading as a lottery organization advising the recipient or the user’s bank of a large win; in either
case, the intent is to obtain account and personal identification number (PIN) details. Alternative attacks may seek to
obtain apparently innocuous business information, which may be used in another form of active attack.

Answer 196

A

Offers the capability to deploy onto the cloud infrastructure customer- created or -acquired applications that are created using programming languages and tools supported by the provider.

Answer 197

A

Generally, a document that records a high-level principle or course of action that has been decided on. The intended purpose is to influence and guide both present and future decision making to be in line with the philosophy, objectives and strategic plans established by the enterprise’s management teams.
In addition to policy content, policies need to describe the consequences of failing to comply with the policy, the means for handling exceptions, and the manner in which compliance with the policy will be checked and measured.

Answer 198

A

A process or application- specific software element serving as a communication end point for the Transport Layer IP protocols (UDP and TCP).

Answer 199

A

The act of probing a system to identify open ports.

Answer 200

A

Controls used to allow the least privilege access needed to complete a task.

Answer 201

A

Freedom from unauthorized intrusion or disclosure of information about an individual. probe—Inspect a
network or system to find weak spots.

Answer 202

A

A document containing a detailed description of the steps necessary to perform specific operations in conformance with applicable standards. Procedures are defined as part of processes.

Answer 203

A

The rules by which a network operates and controls the flow and priority of transmissions

Answer 204

A

A server that acts on behalf of a user. Typical proxies accept a connection from a user, make a decision as to whether the user or client IP address is permitted to use the proxy, perhaps perform additional authentication, and complete a connection to a remote destination on behalf of the user.

Answer 205

A

A cryptographic system that uses two keys: one is a public key, which is known to everyone, and the second is a private or secret key, which is only known to the recipient of the message. See also Asymmetric Key.

Answer 206

A

A series of processes and technologies for the association of cryptographic keys with the entity to whom those keys were issued.

Answer 207

A

A communications system that sets up a dedicated channel (or circuit)
between two points for the duration of the transmission.

Answer 208

A

Malware that restricts access to the compromised systems until a ransom demand is satisfied.

Answer 209

A

Emergency processing agreement between two or more enterprises with similar equipment or applications. Typically, participants of a reciprocal agreement promise to provide processing time to each other when an emergency arises.

Answer 210

A

The phase in the incident response plan that ensures that affected systems or services are restored to a condition specified in the service delivery objectives (SDOs) or business continuity plan (BCP).

Answer 211

A

Execution of a response or task according to a written procedure.

Answer 212

A

Determined based on the acceptable data loss in case of a disruption of operations. It indicates the earliest point in time that is acceptable to recover the data. The RPO effectively quantifies the permissible amount of data loss in case of interruption.

Answer 213

A

The amount of time allowed for the recovery of a business function or resource after a disaster occurs.

Answer 214

A

A recovery strategy involving the duplication of key IT components, including data or other key business processes, whereby fast recovery can take place.

Answer 215

A

The individual institution that validates an entity’s proof of identity and ownership of a key pair.

Answer 216

A

Rules or laws defined and enforced by an authority to regulate conduct.

Answer 217

A

Rules or laws that regulate conduct and that the enterprise must obey to become compliant.

Answer 218

A

After vulnerabilities are identified and assessed, appropriate remediation can take place to mitigate or eliminate the vulnerability.

Answer 219

A

Refers to any combination of hardware and software to enable the remote access to tools or
information that typically reside on a network of IT devices.
Originally coined by Microsoft when referring to their built-in NT remote access tools, RAS was a service provided
by Windows NT which allowed most of the services that would be available on a network to be accessed over a
modem link. Over the years, many vendors have provided both hardware and software solutions to gain remote
access to various types of networked information. In fact, most modern routers include a basic RAS capability that
can be enabled for any dial-up interface.

Answer 220

A

Any type of storage device that can be removed from the system while is running.

Answer 221

A

A physical layer device that regenerates and propagates electrical signals between two network
segments. Repeaters receive signals from one network segment and amplify (regenerate) the signal to compensate for
signals (analog or digital) distorted by transmission loss due to reduction of signal strength during transmission (i.e.,
attenuation).

Answer 222

A

The ability to copy a message or stream of messages between two parties and replay (retransmit) them to
one or more of the parties.

Answer 223

A

The remaining risk after management has implemented a risk response.

Answer 224

A

The ability of a system or network to resist failure or to recover quickly from any disruption, usually with minimal recognizable effect.

Answer 225

A

An exploit technique in which the attacker uses control of the call stack to indirectly execute cherry-picked machine instructions immediately prior to the return instruction in subroutines within the existing program code.

Answer 226

A

The combination of the probability of an event and its consequence (ISO/IEC 73)

Answer 227

A

If the risk is within the enterprise’s risk tolerance or if the cost of otherwise mitigating the risk is higher than the potential loss, the enterprise can assume the risk and absorb any losses

Answer 228

A

A process used to identify and evaluate risk and its potential effects. Risk assessments are used to identify those items or areas that present the highest risk, vulnerability or exposure to the enterprise for inclusion in the IS annual audit plan. Risk assessments are also used to manage the project delivery and project benefit risk

Answer 229

A

The process for systematically avoiding risk, constituting one approach to managing risk

Answer 230

A

The coordinated activities to direct and control an enterprise with regard to risk. In the International Standard, the term “control” is used as a synonym for “measure.” (ISO/IEC Guide 73:2002) One of the governance objectives. Entails recognizing risk; assessing the impact and likelihood of that risk; and developing strategies, such as avoiding the risk, reducing the negative effect of the risk and/or transferring the risk, to manage it within the context of the enterprise’s risk appetite. (COBIT 5)

Answer 231

A

The management of risk through the use of countermeasures and controls.

Answer 232

A

The implementation of controls or countermeasures to reduce the likelihood or impact of a risk to a level within the organization’s risk tolerance.

Answer 233

A

The acceptable level of variation that management is willing to allow for any particular risk as the enterprise pursues its objectives.

Answer 234

A

The process of assigning risk to another enterprise, usually through the purchase of an insurance policy or by outsourcing the service.

Answer 235

A

The process of selection and implementation of measures to modify risk (ISO/IEC Guide 73:2002).

Answer 236

A

A process of diagnosis to establish the origins of events, which can be used for learning from consequences, typically from errors and problems.

Answer 237

A

A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system.

Answer 238

A

A networking device that can send (route) data packets from one local area network (LAN) or wide area
network (WAN) to another, based on addressing at the network layer (Layer 3) in the open systems interconnection
(OSI) model. Networks connected by routers can use different or similar networking protocols. Routers usually
are capable of filtering packets based on parameters, such as source addresses, destination addresses, protocol and
network applications (ports).

Answer 239

A

A public key cryptosystem developed by R. Rivest, A. Shamir and L. Adleman used for both encryption and digital signatures. The RSA has two different keys, the public encryption key and the secret decryption key. The strength of the RSA depends on the difficulty of the prime number factorization. For applications with high-level security, the number of the decryption key bits should be greater than 512 bits.

Answer 240

A

A practice, procedure or mechanism that reduces risk.

Answer 241

A

A standard that will ensure that credit card and associated payment order
information travels safely and securely between the various involved parties on the Internet.

Answer 242

A

Provides cryptographic security services for electronic
messaging applications: authentication, message integrity and nonrepudiation of origin (using digital signatures) and
privacy and data security (using encryption) to provide a consistent way to send and receive MIME data (RFC 2311).

Answer 243

A

A protocol that is used to transmit private documents through the Internet.
The SSL protocol uses a private key to encrypt the data that are to be transferred through the SSL connection

Answer 244

A

An application layer protocol, HTTPS transmits individual

messages or pages securely between a web client and server by establishing an SSL-type connection.

Answer 245

A

Network protocol that uses cryptography to secure communication, remote command line
login and remote command execution between two networked computers.

Answer 246

A

The next generation of managed security services dedicated to the delivery, over
the Internet, of specialized information-security services.

Answer 247

A

A standard of measurement used in management of security-related activities.

Answer 248

A

The boundary that defines the area of security concern and security policy coverage.

Answer 249

A

Network segmentation is the process of logically grouping network assets, resources, and
applications together into compartmentalized areas that have no trust of each other.

Answer 250

A

A basic internal control that prevents or detects errors and irregularities
by assigning to separate individuals the responsibility for initiating and recording transactions and for the custody of
assets. Segregation/ separation of duties is commonly used in large IT organizations so that no single person is in a
position to introduce fraudulent or malicious code without detection.

Answer 251

A

A measure of the impact that improper disclosure of information may have on an enterprise.

Answer 252

A

Directly related to the business needs, SDO is the level of services to be reached during the alternate process mode until the normal situation is restored.

Answer 253

A

An agreement, preferably documented, between a service provider and the
customer(s)/user(s) that defines minimum performance targets for a service and how they will be measured.

Answer 254

A

A small electronic device that contains electronic memory, and possibly an embedded integrated circuit. Smart cards can be used for a number of purposes including the storage of digital certificates or digital cash, or they can be used as a token to authenticate users.

Answer 255

A

The process by which data traversing a network are captured or monitored.

Answer 256

A

An attack based on deceiving users or administrators at the target site into revealing
confidential or sensitive information.

Answer 257

A

Offers the capability to use the provider’s applications running on cloud
infrastructure. The applications are accessible from various client devices through a thin client interface such as a
web browser (e.g., web-based email).

Answer 258

A

A transmission technique where the sender of a packet can specify the route that packet should follow through the network.

Answer 259

A

Computer-generated messages sent as unsolicited advertising.

Answer 260

A

An attack where social engineering techniques are used to masquerade as a trusted party to obtain important information such as passwords from the victim

Answer 261

A

Faking the sending address of a transmission in order to gain illegal entry into a secure system.

Answer 262

A

Software whose purpose is to monitor a computer user’s actions (e.g., websites visited) and report these actions to a third party, without the informed consent of that machine’s owner or legitimate user. A particularly malicious form of spyware is software that monitors keystrokes to obtain passwords or otherwise gathers sensitive information such as credit card numbers, which it then transmits to a malicious third party. The term has also come to refer more broadly to software that subverts the computer’s operation for the benefit of a third party

Answer 263

A

Results from failure of the application to appropriately validate input. When specially crafted user-controlled input consisting of SQL syntax is used without proper validation as part of SQL queries, it is possible to glean information from the database in ways not envisaged during application design. (MITRE)

Answer 264

A

A firewall architecture that tracks each connection traversing all interfaces of the firewall and makes sure they are valid

Answer 265

A

Systems used to control and monitor industrial and manufacturing processes, and utility facilities.

Answer 266

A

Typically associated as a data link layer device, switches enable local area network (LAN) segments to be
created and interconnected, which has the added benefit of reducing collision domains in Ethernet-based networks.

Answer 267

A

System in which a different key (or set of keys) is used by each pair of trading partners to ensure that no one else can read their messages. The same key is used for encryption and decryption. See also
Private Key Cryptosystem.

Answer 268

A

The phases deployed in the development or acquisition of a software system. SDLC is an approach used to plan, design, develop, test and implement an application system or a major modification to an application system. Typical phases of SDLC include the feasibility study, requirements study, requirements definition, detailed design, programming, testing, installation and post implementation review, but not the service delivery or benefits realization activities.

Answer 269

A

A process to eliminate as much security risk as possible by removing all nonessential software
programs, protocols, services and utilities from the system.

Answer 270

A

Network protocol used to enable remote access to a server computer. Commands typed are run on the remote server.

Answer 271

A

Anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can
result in harm. A potential cause of an unwanted incident (ISO/IEC 13335).

Answer 272

A

Methods and things used to exploit a vulnerability. Examples include determination, capability, motive and resources.

Answer 273

A

An evaluation of the type, scope and nature of events or actions that can result in adverse consequences; identification of the threats that exist against enterprise assets. The threat analysis usually defines the level of threat and the likelihood of it materializing.

Answer 274

A

Any event during which a threat element/actor acts against an asset in a manner that has the potential to directly result in harm.

Answer 275

A

The path or route used by the adversary to gain access to the target.

Answer 276

A

The physical layout of how computers are linked together. Examples of topology include ring, star and bus.

Answer 277

A

Includes the original cost of the computer plus the cost of: software, hardware and
software upgrades, maintenance, technical support, training, and certain activities performed by users.

Answer 278

A

A connection-based Internet protocol that supports reliable data transfer connections. Packet data are verified using checksums and retransmitted if they are missing or corrupted. The application plays no part in validating the transfer.

Answer 279

A

Provides the basis for the Internet; a set of communication protocols that encompass media access, packet transport, session communication, file transfer, electronic mail (email), terminal emulation, remote file access and network management.

Answer 280

A

A protocol that provides communications privacy over the Internet. The protocol allows client-server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery (RFC 2246).
Transport Layer Security (TLS) is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. The TLS Record Protocol provides connection security with some encryption method such as the Data Encryption Standard (DES). The TLS Record Protocol can also be used without encryption. The TLS Handshake Protocol allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged.

Answer 281

A

A block cipher created from the Data Encryption Standard (DES) cipher by using it three times.

Answer 282

A

Purposefully hidden malicious or damaging code within an authorized computer program. Unlike viruses, they do not replicate themselves, but they can be just as destructive to a single computer.

Answer 283

A

The paths that the encapsulated packets follow in an Internet virtual private network (VPN)

Answer 284

A

Used to protect traffic between different networks when traffic must travel through intermediate or untrusted networks. Tunnel mode encapsulates the entire IP packet with and AH or ESP header and an additional IP header.

Answer 285

A

The use of two independent mechqanisms for authentication, (e.g., requiring a smart
card and a password) typically the combination of something you know, are or have.

Answer 286

A

The string of characters that form a web address.

Answer 287

A

A connectionless Internet protocol that is designed for network efficiency and speed at the expense of reliability. A data request by the client is served by sending packets without testing to verify whether they actually arrive at the destination, not whether they were corrupted in transit. It is up to the application to determine these factors and request retransmissions.

Answer 288

A

Can be a pop- up ad that impersonates a system dialog, an ad that impersonates a system warning, or an ad that impersonates an application user interface in a mobile device.

Answer 289

A

A process to create, modify, disable and delete user accounts and their profiles across IT infrastructure and business applications.

Answer 290

A

Controls are placed at different system layers – hardware, operating system, application, database or user levels

Answer 291

A

Logical segmentation of a LAN into different broadcast domains. A VLAN is set up by configuring ports on a switch, so devices attached to these ports may communicate as if they were attached to the same physical network segment, although the devices are located on different LAN segments. A VLAN is based on logical rather than physical connections.

Answer 292

A

A secure private network that uses the public telecommunications infrastructure
to transmit data. In contrast to a much more expensive system of owned or leased lines that can only be used by
one company, VPNs are used by enterprises for both extranets and wide areas of intranets. Using encryption and
authentication, a VPN encrypts all data that pass between two Internet points, maintaining privacy and security.

Answer 293

A

A system used to establish VPN tunnels and handle large numbers
of simultaneous connections. This system provides authentication, authorization and accounting services.

Answer 294

A

The process of adding a “guest application” and data onto a “virtual server,” recognizing that the guest application will ultimately part company from this physical server.

Answer 295

A

A program with the ability to reproduce by modifying other programs to include a copy of itself. A virus may contain destructive code that can move into multiple programs, data files or devices on a system and spread through multiple systems in a network.

Answer 296

A

The file of virus patterns that are compared with existing files to determine whether they are infected with a virus or worm.

Answer 297

A

Also called IP Telephony, Internet Telephony and Broadband Phone, a technology that makes it possible to have a voice conversation over the Internet or over any dedicated Internet Protocol (IP) network instead of over dedicated voice transmission lines.

Answer 298

A

Data that changes frequently and can be lost when the system’s power is shut down.

Answer 299

A

A weakness in the design, implementation, operation or internal control of a process that could expose the system to adverse threats from threat events.

Answer 300

A

A process of identifying and classifying vulnerabilities.

Answer 301

A

An automated process to proactively identify security weaknesses in a network or
individual system

Answer 302

A

Similar to a hot site but not fully equipped with all of the necessary hardware needed for recovery.

Answer 303

A

The business of providing the equipment and services required to host and maintain files for one or more websites and provide fast Internet connections to those sites. Most hosting is “shared,” which means that websites of multiple companies are on the same server to share/reduce costs

Answer 304

A

Using the client-server model and the World Wide Web’s HyperText Transfer Protocol (HTTP), Web Server is a software program that serves web pages to users.

Answer 305

A

A computer network connecting different remote locations that may range from short distances, such as a floor or building, to extremely long transmissions that encompass a large region or several countries.

Answer 306

A

A class of systems used to secure wireless (Wi-Fi) computer networks. WPA was created in response to several serious weaknesses that researchers found in the previous system, Wired Equivalent Privacy (WEP). WPA implements the majority of the IEEE 802.11i standard, and was intended as an intermediate measure to take the place of WEP while 802.11i was prepared. WPA is designed to work with all wireless network interface cards, but not necessarily with first generation wireless access points. WPA2 implements the full standard, but will not work with some older network cards. Both provide good security with two significant issues. First, either WPA or WPA2 must be enabled and chosen in preference to WEP; WEP is usually presented as the first security choice in most installation instructions. Second, in the “personal” mode, the most likely choice for homes and small offices, a pass phrase is required that, for full security, must be longer than the typical six to eight character passwords users are taught to employ.

Answer 307

A

Wireless security protocol that supports 802.11i encryption standards to provide greater security. This protocol uses Advanced Encryption Standards (AES) and Temporal Key Integrity Protocol (TKIP) for stronger encryption.

Answer 308

A

A scheme that is part of the IEEE 802.11 wireless networking standard to secure IEEE 802.11 wireless networks (also known as Wi-Fi networks). Because a wireless network broadcasts messages using radio, it is particularly susceptible to eavesdropping. WEP was intended to provide comparable confidentiality to a traditional wired network (in particular, it does not protect users of the network from each other), hence the name. Several serious weaknesses were identified by cryptanalysts, and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite the
weaknesses, WEP provides a level of security that can deter casual snooping.

Answer 309

A

Two or more systems networked using a wireless distribution method.

Answer 310

A

A programmed network attack in which a self-replicating program does not attach itself to programs, but rather spreads independently of users’ action.

Answer 311

A

A devices that allows the acquisition of information on a drive without creating the possibility of accidentally damaging the drive.

Answer 312

A

The use of hardware or software to prevent data to be overwritten or deleted.

Answer 313

A

A vulnerability that is exploited before the software creator/vendor is even aware of its existence.

Answer 314

A

network port scanner and service detector

Answer 315

A

penetration testing software

Answer 316

A

802.11 WEP and WPA-PSK keys cracking program

Answer 317

A

open-source IDS/IPS

Answer 318

A

displays detailed network status information

Answer 319

A

networking utility that reads and writes data across network connections, using the TCP/IP protocol

Answer 320

A

command line packet analyzer

Answer 321

A

password cracker

Answer 322

A

802.11 layer 2 wireless network detector, sniffer and IDS

Answer 323

A

program for logging into or executing commands on a remote machine.

Answer 324

A

A simple packet-filtering router that examines individual packets and enforces rules based on addresses, protocols and ports

Answer 325

A

Keeps track of all connections in a state table. This allows it to enforce rules based on packets in the context of the communications session.

Answer 326

A

Operates at layer seven (the application layer) and is able to examine the actual protocol being used for communications, such as Hypertext Transfer Protocol (HTTP). These firewalls are much more sensitive to suspicious activity related to the content of the message itself, not just the address information.

Answer 327

A

Sometimes called deep packet inspection—is an enhancement to third generation firewalls and brings in the functionality of an intrusion prevention system (IPS) and will often inspect Secure Sockets Layer (SSL) or Secure Shell (SSH) connections.

Answer 328

A

Injection flaws occur when untrusted data is sent to an interpreter. The attacker can trick the interpreter into executing unintended commands or accessing unauthorized data. Injection flaws are prevalent and are often found in SQL and LDAP queries and OS commands.

Answer 329

A

If an application function related to authentication or session management is not implemented correctly, it can allow an attacker to compromise passwords, keys or session tokens and impersonate users.

Answer 330

A

XSS flaws occur when an application takes untrusted data and sends it to a web browser without proper validation. This is the most prevalent web application security flaw. Attackers can use XSS to hijack user sessions, insert hostile content, deface websites and redirect users.

Answer 331

A

A direct object reference occurs when a developer exposes a reference to an internal implementation object. Attackers can manipulate these references to access unauthorized data.

Answer 332

A

Security settings must be defined, implemented and maintained for applications, frameworks, application servers, web servers, database servers and platforms. Security misconfiguration can give attackers unauthorized access to system data or functionality.

Answer 333

A

If web applications do not properly secure sensitive data through the use of encryption, attackers may steal or modify sensitive data such as health records, credit cards, tax IDs and authentication credentials.

Answer 334

A

When function level access rights are not verified, attackers can forge requests to access functionality without authorization.

Answer 335

A

A CSRF attack occurs when an attacker forces a user’s browser to send forged HTTP requests, including session cookies. This allows an attacker to trick victims into performing operations on the illegitimate website.

Answer 336

A

Certain components such as libraries, frameworks and other software modules usually run with full privileges. Attackers can exploit a vulnerable component to access data or take over a server.

Answer 337

A

Web applications frequently redirect or forward users to other pages. When untrusted data are used to determine the destination, an attacker can redirect victims to phishing or malware sites.

Answer 338

A

Identity management is comprised of many components that provide a collective and common infrastructure, including directory services, authentication services (validating who the user is) and authorization services (ensuring the user has appropriate privileges to access systems based on a personalized profile). It also includes usermanagement capabilities, such as user provisioning and deprovisioning, and can include the utilization of federated identity management (FIM).

Answer 339

A

Privileged access permits administrators to maintain and protect systems and networks. Privileged users can often access any information stored within a system, which means they can modify or circumvent existing safeguards such as access controls and logging. “Privileged user” typically refers to the administrators of systems, networks, servers
or workstations.

Answer 340

A

Its purpose is to ensure that that changes to processes, systems, software, applications, platforms and configuration are introduced in an orderly, controlled manner. Controls are implemented in the form of a structured review process intended to evaluate and minimize the potential for disruption that a proposed change, maintenance activity or patch may introduce. Effective controls ensure that all changes are categorized, prioritized and authorized. The process generally includes mechanisms for tracking and documenting changes to demonstrate accountability and compliance with best practices.

Answer 341

A

Maintaining the security configurations of network devices, systems, applications and other IT resources is critically important to ensure security controls are properly installed and maintained.

Answer 342

A

Patches are solutions to software programming errors. In many cases, security vulnerabilities are introduced by coding errors. Therefore, it is vital that software bugs that are identified as security vulnerabilities be patched as soon as possible. Most software vendors release regular software updates and patches as the vulnerabilities are identified and fixed.

Answer 343

A

Horizontal defense in depth—Controls are placed in various places in the path of access for an asset, which is
functionally equivalent to concentric ring

Answer 344

A

Vertical defense in depth—Controls are placed at different system layers—hardware, operating system, application, database or user levels

Brainscape's Knowledge GenomeTM

Glossary Flashcards

Brainscape's Knowledge Genome^TM