Glossary Flashcards

Question

Cellular Network

Answer 1

A radio network distributed over land areas called cells, each served by at least one fixed-location transceiver, known as a cell site or base station.

Answer 2

An entity trusted by one or more users as an authority that issues, revokes, and manages digital certificates to bind individuals and entities to their public keys.

Answer 3

A formal, methodical, comprehensive process for requesting, reviewing, and approving changes to the baseline of the IT environment.

Answer 4

Security model with the three security concepts of confidentiality, integrity, and availability make up the CIA Triad. It is also sometimes referred to as the AIC Triad.

Answer 5

The altered form of a plaintext message, so as to be unreadable for anyone except the intended recipients. Something that has been turned into a secret.

Answer 6

Arrangement of assets into categories.

Answer 7

The removal of sensitive data from storage devices in such a way that there is assurance that the data may not be reconstructed using normal system functions or software recovery utilities.

Answer 8

Every call’s data is encoded with a unique key, then the calls are all transmitted at once.

Answer 9

A set of standards that addresses the need for interoperability between hardware and software products.

Answer 10

Adherence to a mandate; both the actions demonstrating adherence and the tools, processes, and documentation that are used in adherence.

Answer 11

A program written with functions and intent to copy and disperse itself without the knowledge and cooperation of the owner or user of the computer.

Answer 12

Multiplex connected devices into one signal to be transmitted on a network.

Answer 13

This criterion requires sufficient test cases for each condition in a program decision to take on all possible outcomes at least once. It differs from branch coverage only when multiple conditions must be evaluated to reach a decision.

Answer 14

Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

Answer 15

A formal, methodical, comprehensive process for establishing a baseline of the IT environment (and each of the assets within that environment).

Answer 16

Provided by mixing (changing) the key values used during the repeated rounds of encryption. When the key is modified for each round, it provides added complexity that the attacker would encounter.

Answer 17

Is a large distributed system of servers deployed in multiple data centers across the internet.

Answer 18

An information flow that is not controlled by a security control and has the opportunity of disclosing confidential information.

Answer 19

Performed to simulate the threats that are associated with external adversaries. While the security staff has no knowledge of the covert test, the organization management is fully aware and consents to the test.

Answer 20

This is achieved when the type I and type II are equal.

Answer 21

The study of techniques for attempting to defeat cryptographic techniques and, more generally, information security services provided through cryptography.

Answer 22

Secret writing. Today provides the ability to achieve confidentiality, integrity, authenticity, non-repudiation, and access control.

Answer 23

The science that deals with hidden, disguised, or encrypted information and communications.

Answer 24

The critical point where a material’s intrinsic magnetic alignment changes direction.

Answer 25

Responsible for protecting an asset that has value, while in the custodian’s possession.

Answer 26

Entails analyzing the data that the organization retains, determining its importance and value, and then assigning it to a category.

Answer 27

The person/role within the organization who usually manages the data on a day-to-day basis on behalf of the data owner/controller.

Answer 28

This criteria requires sufficient test cases for each feasible data flow to be executed at least once.

Answer 29

A decision-making technique that is based on a series of analytical techniques taken from the fields of mathematics, statistics, cybernetics, and genetics.

Answer 30

An entity that collects or creates PII.

Answer 31

The individual human related to a set of personal data.

Answer 32

A suite of application programs that typically manages large, structured sets of persistent data.

Answer 33

Describes the relationship between the data elements and provides a framework for organizing the data.

Answer 34

Considered to be a minimum level of coverage for most software products, but decision coverage alone is insufficient for high-integrity applications.

Answer 35

The reverse process from encryption. It is the process of converting a ciphertext message back into plaintext through the use of the cryptographic algorithm and the appropriate key that was used to do the original encryption.

Answer 36

Eliminating data using a controlled, legally defensible, and regulatory compliant way.

Answer 37

An approach based on lean and agile principles in which business owners and the development, operations, and quality assurance departments collaborate.

Answer 38

Provided by mixing up the location of the plaintext throughout the ciphertext. The strongest algorithms exhibit a high degree of confusion and diffusion.

Answer 39

An electronic document that contains the name of an organization or individual, the business address, the digital signature of the certificate authority issuing the certificate, the certificate holder’s public key, a serial number, and the expiration date. Used to bind individuals and entities to their public keys. Issued by a trusted third party referred to as a Certificate Authority (CA).

Answer 40

A broad range of technologies that grant control and protection to content providers over their own digital media. May use cryptography techniques.

Answer 41

Provide authentication of a sender and integrity of a sender’s message and non-repudiation services.

Answer 42

Those tasks and activities required to bring an organization back from contingency operations and reinstate regular operations.

Answer 43

A broad range of technologies that grant control and protection to content providers over their own digital media. May use cryptography techniques.

Answer 44

Provide authentication of a sender and integrity of a sender’s message and non-repudiation services.

Answer 45

Those tasks and activities required to bring an organization back from contingency operations and reinstate regular operations.

Answer 46

The system owner decides who gets access.

Answer 47

A legal concept pertaining to the duty owed by a provider to a customer.

Answer 48

Actions taken by a vendor to demonstrate/ provide due care.

Answer 49

Ports 49152–65535. Whenever a service is requested that is associated with Well-Known or Registered Ports those services will respond with a dynamic port.

Answer 50

When the system under test is executed and its behavior is observed.

Answer 51

The action of changing a message into another format through the use of a code.

Answer 52

The process of converting the message from its plaintext to ciphertext.

Answer 53

This is erroneous recognition either by confusing one user with another, or by accepting an imposter as a legitimate user.

Answer 54

This is failure to recognize a legitimate user.

Answer 55

A lightweight encapsulation protocol, and it lacks the reliable data transport of the TCP layer.

Answer 56

Devices that enforce administrative security policies by filtering incoming traffic based on a set of rules.

Answer 57

Data represented at Layer 2 of the Open Systems Interconnection (OSI) model.

Answer 58

Each call is transformed into digital data that is given a channel and a time slot.

Answer 59

The process of how an organization is managed; usually includes all aspects of how decisions are made for that organization, such as policies, roles, and procedures the organization uses to make those decisions.

Answer 60

A formal body of personnel who determine how decisions will be made within the organization and the entity that can approve changes and exceptions to current relevant governance.

Answer 61

Suggested practices and expectations of activity to best accomplish tasks and attain goals.

Answer 62

Accepts an input message of any length and generates, through a one-way operation, a fixed-length output called a message digest or hash.

Answer 63

Machines that exist on the network, but do not contain sensitive or valuable data, and are meant to distract and occupy malicious or unauthorized intruders, as a means of delaying their attempts to access production data/assets. A number of machines of this kind, linked together as a network or subnet, are referred to as a “honeynet.”

Answer 64

Cloud-based services that broker identity and access management (IAM) functions to target systems on customers’ premises and/or in the cloud.

Answer 65

The process of collecting and verifying information about a person for the purpose of proving that a person who has requested an account, a credential, or other special privilege is indeed who he or she claims to be and establishing a reliable relationship that can be trusted electronically between the individual and said credential for purposes of electronic authentication.

Answer 66

A non-secret binary vector used as the initializing input algorithm, or a random starting point, for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance and to synchronize cryptographic equipment.

Answer 67

A management technique that simultaneously integrates all essential acquisition activities through the use of multidisciplinary teams to optimize the design, manufacturing, and supportability processes.

Answer 68

Guarding against improper information modification or destruction and includes ensuring information non-repudiation and authenticity.

Answer 69

Intangible assets (notably includes software and data).

Answer 70

Provides a means to send error messages and a way to probe the network to determine network availability.

Answer 71

Is the dominant protocol that operates at the Open Systems Interconnection (OSI) Network Layer 3. IP is responsible for addressing packets so that they can be transmitted from the source to the destination hosts.

Answer 72

Is a modernization of IPv4 that includes a much larger address field: IPv6 addresses are 128 bits that support 2128 hosts.

Answer 73

A solution that monitors the environment and automatically recognizes malicious attempts to gain unauthorized access.

Answer 74

A solution that monitors the environment and automatically takes action when it recognizes malicious attempts to gain unauthorized access.

Answer 75

Complete list of items.

Answer 76

The practice of having personnel become familiar with multiple positions within the organization as a means to reduce single points of failure and to better detect insider threats.

Answer 77

When different encryption keys generate the same ciphertext from the same plaintext message.

Answer 78

The size of a key, usually measured in bits, that a cryptographic algorithm uses in ciphering or deciphering protected information.

Answer 79

The input that controls the operation of the cryptographic algorithm. It determines the behavior of the algorithm and permits the reliable encryption and decryption of the message.

Answer 80

A mathematical, statistical, and visualization method of identifying valid and useful patterns in data.

Answer 81

The practice of only granting a user the minimal permissions necessary to perform their explicit job function.

Answer 82

Phases that an asset goes through from creation to destruction.

Answer 83

A record of actions and events that have taken place on a computer system.

Answer 84

Non-physical system that allows access based upon pre-determined policies.

Answer 85

This criterion requires sufficient test cases for all program loops to be executed for zero, one, two, and many iterations covering initialization, typical running, and termination (boundary) conditions.

Answer 86

Access control that requires the system itself to manage access controls in accordance with the organization’s security policies.

Answer 87

The measure of how long an organization can survive an interruption of critical functions.[also known as maximum tolerable downtime (MTD)]

Answer 88

Any object that contains data.

Answer 89

A small block of data that is generated using a secret key and then appended to the message, used to address integrity.

Answer 90

A small representation of a larger message. Message digests are used to ensure the authentication and integrity of information, not the confidentiality.

Answer 91

Information about the data.

Answer 92

A use case from the point of view of an actor hostile to the system under design.

Answer 93

These criteria require sufficient test cases to exercise all possible combinations of conditions in a program decision.

Answer 94

Ensures that a user is who he or she claims to be. The more factors used to determine a person’s identity, the greater the trust of authenticity.

Answer 95

Is a wide area networking protocol that operates at both Layer2 and 3 and does label switching.

Answer 96

Primarily associated with organizations that assign clearance levels to all users and classification levels to all assets; restricts users with the same clearance level from sharing information unless they are working on the same effort. Entails compartmentalization.

Answer 97

This ensures the application can gracefully handle invalid input or unexpected user behavior.

Answer 98

The objective of NFV is to decouple functions such as firewall management, intrusion detection, network address translation, or name service resolution away from specific hardware implementation into software solutions.

Answer 99

Inability to deny. In cryptography, a service that ensures the sender cannot deny a message was sent and the integrity of the message is intact, and the receiver cannot claim receiving a different message.

Answer 100

Hiding plaintext within other plaintext. A form of steganography.

Answer 101

The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.

Answer 102

An interior gateway routing protocol developed for IP networks based on the shortest path first or link-state algorithm.

Answer 103

Physical layer.

Answer 104

Data-link layer.

Answer 105

Network layer.

Answer 106

Transport layer.

Answer 107

Session layer.

Answer 108

Presentation layer.

Answer 109

Application layer.

Answer 110

Overt testing can be used with both internal and external testing. When used from an internal perspective, the bad actor simulated is an employee of the organization. The organization’s IT staff is made aware of the testing and can assist the assessor in limiting the impact of the test by providing specific guidelines for the test scope and parameters.

Answer 111

Possessing something, usually of value.

Answer 112

Representation of data at Layer 3 of the Open Systems Interconnection (OSI) model.

Answer 113

A technique called Packet Loss Concealment (PLC) is used in VoIP communications to mask the effect of dropped packets.

Answer 114

RAID technique; logical mechanism used to mark striped data; allows recovery of missing drive(s) by pulling data from adjacent drives.

Answer 115

An update/fix for an IT asset.

Answer 116

This criteria require sufficient test cases for each feasible path, basis path, etc., from start to exit of a defined program segment, to be executed at least once.

Answer 117

Any data about a human being that could be used to identify that person.

Answer 118

An automated system that manages the passage of people or assets through an opening(s) in a secure perimeter(s) based on a set of authorization rules.

Answer 119

Exceeds maximum packet size and causes receiving system to fail.

Answer 120

Network mapping technique to detect if host replies to a ping, then the attacker knows that a host exists at that address.

Answer 121

The message in its natural format has not been turned into a secret.

Answer 122

Provides a standard method for transporting multiprotocol datagrams over point-to-point links.

Answer 123

Documents published and promulgated by senior management dictating and describing the organization’s strategic goals.

Answer 124

An extension to NAT to translate all addresses to one routable IP address and translate the source port number in the packet to a unique value.

Answer 125

This determines that your application works as expected.

Answer 126

The right of a human individual to control the distribution of information about him- or herself.

Answer 127

Explicit, repeatable activities to accomplish a specific task. Procedures can address one-time or infrequent actions or common, regular occurrences.

Answer 128

The removal of sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique.

Answer 129

Measuring something without using numbers, using adjectives, scales, and grades, etc.

Answer 130

Using numbers to measure something, usually monetary values.

Answer 131

An approach to web monitoring that aims to capture and analyze every transaction of every user of a website or application.

Answer 132

A measure of how much data the organization can lose before the organization is no longer viable.

Answer 133

The target time set for recovering from any interruption.

Answer 134

Ports 1024–49151. These ports typically accompany non-system applications associated with vendors and developers.

Answer 135

This performs certificate registration services on behalf of a Certificate Authority (CA).

Answer 136

Residual magnetism left behind.

Answer 137

The risk remaining after security controls have been put in place as a means of risk mitigation.

Answer 138

Assets of an organization that can be used effectively.

Answer 139

Obligation for doing something. Can be delegated.

Answer 140

The possibility of damage or harm and the likelihood that damage or harm will be realized.

Answer 141

Determining that the potential benefits of a business function outweigh the possible risk impact/likelihood and performing that business function with no other action.

Answer 142

Determining that the impact and/or likelihood of a specific risk is too great to be offset by the potential benefits and not performing a certain business function because of that determination.

Answer 143

Putting security controls in place to attenuate the possible impact and/or likelihood of a specific risk.

Answer 144

Paying an external party to accept the financial impact of a given risk.

Answer 145

An access control model that bases the access control authorizations on the roles (or functions) that the user is assigned within an organization.

Answer 146

An access control model that is based on a list of predefined rules that determine what accesses should be granted.

Answer 147

An isolated test environment that simulates the production environment but will not affect production components/data.

Answer 148

A version of the SAML standard for exchanging authentication and authorization data between security domains.

Answer 149

A notional construct outlining the organization’s approach to security, including a list of specific security processes, procedures, and solutions used by the organization.

Answer 150

The entirety of the policies, roles, and processes the organization uses to make security decisions in an organization.

Answer 151

Data representation at Layer 4 of the Open Systems Interconnection (OSI) model.

Answer 152

The practice of ensuring that no organizational process can be completed by a single person; forces collusion as a means to reduce insider threats.

Answer 153

Is designed to manage multimedia connections.

Answer 154

Involves the use of simply one of the three available factors solely to carry out the authentication process being requested.

Answer 155

ICMP Echo Request sent to the network broadcast address of a spoofed victim causing all nodes to respond to the victim with an Echo Reply.

Answer 156

The level of confidence that software is free from vulnerabilities either intentionally designed into the software or accidentally inserted at any time during its lifecycle and that it functions in the intended manner.

Answer 157

Separates network systems into three components: raw data, how the data is sent, and what purpose the data serves. This involves a focus on data, control, and application (management) functions or “planes”.

Answer 158

Is an extension of the SDN practices to connect to entities spread across the internet to support WAN architecture especially related to cloud migration.

Answer 159

Specific mandates explicitly stating expectations of performance or conformance.

Answer 160

This criterion requires sufficient test cases for each program statement to be executed at least once; however, its achievement is insufficient to provide confidence in a software product’s behavior.

Answer 161

Analysis of the application source code for finding vulnerabilities without executing the application.

Answer 162

Hiding something within something else, or data hidden within other data.

Answer 163

When a cryptosystem performs its encryption on a bit-by-bit basis.

Answer 164

RAID technique; writing a data set across multiple drives.

Answer 165

The process of exchanging one letter or bit for another.

Answer 166

Operate at Layer 2. A switch establishes a collision domain per port.

Answer 167

Operate with a single cryptographic key that is used for both encryption and decryption of the message.

Answer 168

Involves having external agents run scripted transactions against a web application.

Answer 169

Exploits the reassembly of fragmented IP packets in the fragment offset field that indicates the starting position, or offset, of the data contained in a fragmented packet relative to the data of the original unfragmented packet.

Answer 170

A process by which developers can understand security threats to a system, determine risks from those threats, and establish appropriate mitigations.

Answer 171

Allows the operating system to provide well-defined and structured access to processes that need to use resources according to a controlled and tightly managed schedule.

Answer 172

Takes advantage of the dependency on the timing of events that takes place in a multitasking operating system.

Answer 173

Provides connection-oriented data management and reliable data transfer.

Answer 174

Layering model structured into four layers (network interface layer, internet layer, transport layer, host-to-host transport layer, application layer).

Answer 175

The process of reordering the plaintext to hide the message by using the same letters or bits.

Answer 176

The collection of all of the hardware, software, and firmware within a computer system that contains all elements of the system responsible for supporting the security policy and the isolation of objects.

Answer 177

A secure crypto processor and storage module.

Answer 178

Batteries that provide temporary, immediate power during times when utility service is interrupted.

Answer 179

Abstract episodes of interaction between a system and its environment.

Answer 180

The User Datagram Protocol provides connectionless data transfer without error detection and correction.

Answer 181

Allow network administrators to use switches to create software-based LAN segments that can be defined based on factors other than physical location.

Answer 182

Is a technology that allows you to make voice calls using a broadband internet connection instead of a regular (or analog) phone line.

Answer 183

A development model in which each phase contains a list of activities that must be performed and documented before the next phase begins.

Answer 184

Ports 0–1023 ports are related to the common protocols that are utilized in the underlying management of Transport Control Protocol/Internet Protocol (TCP/IP) system, Domain Name Service (DNS), Simple Mail Transfer Protocol (SMTP), etc.

Answer 185

A design that allows one to peek inside the “box” and focuses specifically on using internal knowledge of the software to guide the selection of test data.

Answer 186

A whitelist is a list of email addresses and/or internet addresses that someone knows as “good” senders. A blacklist is a corresponding list of known “bad” senders.

Answer 187

Primarily associated with computer networking, Wi-Fi uses the IEEE 802.11x specification to create a wireless local-area network either public or private.

Answer 188

One well-known example of wireless broadband is WiMAX. WiMAX can potentially deliver data rates of more than 30 megabits per second.

Answer 189

This represents the time and effort required to break a cryptography system.