Glossary P

Question 1

P12 (Public Key Cryptography Standard #12)

Answer 1

Format that allows a private key to be exported along with its digital certificate.

Question 2

P7B

Answer 2

File format for transmitting a chain of digital certificates, using PKCS#7

Question 3

PaaS (Platform as a Service)

Answer 3

A computing method that uses the cloud to provide any platform-type services.

Question 4

PAM (pluggable authentication module)

Answer 4

Framework for implementing authentication providers in Linux.

Question 5

passive scan

Answer 5

An enumeration or vulnerability scan that analyzes only intercepted network traffic rather than sending probes to a target. More generally, passive reconnaissance techniques are those that do not require direct interaction with the target.

Question 6

PAT (port address translation)

Answer 6

Maps private host IP addresses onto a single public IP address. Each host is tracked by assigning it a random high TCP port for communications. Also known as network address port translation (NAPT) or NAT overloading.

Question 7

patch management

Answer 7

Identifying, testing, and deploying OS and application updates. Patches are often classified as critical, security-critical, recommended, and optional.

Question 8

PCI DSS (Payment Card Industry Data Security Standard)

Answer 8

Information security standard for organizations that process credit or bank card payments.

Question 9

PDU (power distribution unit)

Answer 9

Advanced strip socket that provides filtered output voltage. A managed unit supports remote administration.

Question 10

PEAP (Protected Extensible Authentication Protocol)

Answer 10

EAP implementation that uses a server-side certificate to create a secure tunnel for user authentication, referred to as the inner method.

Question 11

PEM (privacy-enhanced mail)

Answer 11

Base64 encoding scheme used to store certificate and key data as ASCII text.

Question 12

penetration testing

Answer 12

A test that uses active tools and security utilities to evaluate security by simulating an attack on a system. A pen test will verify that a threat exists, then will actively test and bypass security controls, and will finally exploit vulnerabilities on the system. Also known as pentest.

Question 13

percent encoding

Answer 13

Mechanism for encoding characters as hexadecimal values delimited by the percent sign

Question 14

persistence (load balancing)

Answer 14

In load balancing, the configuration option that enables a client to maintain a connection with a load-balanced server over the duration of the session. Also referred to as sticky sessions.

Question 15

persistence

Answer 15

In cybersecurity, the ability of a threat actor to maintain covert access to a target host or network.

Question 16

PFS (perfect forward secrecy)

Answer 16

A characteristic of transport encryption that ensures if a key is compromised the compromise will only affect a single session and not facilitate recovery of plaintext data from other sessions.

Question 17

PFX (personal information exchange)

Answer 17

Windows file format for storing a private key and certificate data. The file can be password-protected.

Question 18

pharming

Answer 18

An impersonation attack in which a request for a website, typically an e-commerce site, is redirected to a similar-looking, but fake, website.

Question 19

PHI (protected/personal health information)

Answer 19

Information that identifies someone as the subject of medical and insurance records, plus associated hospital and laboratory test results.

Question 20

phishing

Answer 20

A type of email-based social engineering attack, in which the attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim.

Question 21

physical control

Answer 21

A type of security control that acts against in-person intrusion attempts.

Question 22

PII (personally identifiable information)

Answer 22

Data that can be used to identify or contact an individual (or in the case of identity theft, to impersonate them).

Question 23

pinning

Answer 23

A deprecated method of trusting digital certificates that bypasses the CA hierarchy and chain of trust to minimize man-in-the-middle attacks.

Question 24

PIV card (personal identity verification card)

Answer 24

A smart card that meets the standards for FIPS 201, in that it is resistant to tampering and provides quick electronic authentication of the card’s owner.

Question 25

PKCS (public key cryptography standards)

Answer 25

Series of standards defining the use of certificate authorities and digital certificates.

Question 26

PKI (public key infrastructure)

Answer 26

Framework of certificate authorities, digital certificates, software, services, and other cryptographic components deployed for the purpose of validating subject identities.

Question 27

playbook

Answer 27

A checklist of actions to perform to detect and respond to a specific type of incident PLC (programmable logic controller) A type of computer designed for deployment in an industrial or outdoor setting that can automate and monitor mechanical systems.

Question 28

PNAC (port-based network access control)

Answer 28

A switch (or router) that performs some sort of authentication of the attached device before activating the port.

Question 29

pointer dereferencing

Answer 29

A software vulnerability that can occur when code attempts to read a memory location specified by a pointer, but the memory location is null. Also known as dereferencing.

Question 30

Point-to-Point/Point-to Multipoint Topology

Answer 30

A point-to-point topology is one where two nodes have a dedicated connection to one another. In a point-to-multipoint topology, a central node mediates links between remote nodes. Also known as Point-to-point.

Question 31

port forwarding

Answer 31

A process in which a router takes requests from the Internet for a particular application (such as HTTP) and sends them to a designated host on the LAN. Also known as destination network address translation or DNAT.

Question 32

port mirroring

Answer 32

Copying ingress and/or egress communications from one or more switch ports to another port. This is used to monitor communications passing over the switch. Also known as switched port analyzer or SPAN.

Question 33

port security

Answer 33

Preventing a device attached to a switch port from communicating on the network unless it matches a given MAC address or other protection profile.

Question 34

post-quantum

Answer 34

Anticipating challenges to current cryptographic implementations and general security issues in a world where threat actors have access to significant quantum processing capability.

Question 35

PowerShell

Answer 35

A command shell and scripting language built on the .NET Framework.

Question 36

PPP (Point to Point Protocol)

Answer 36

Dial-up protocol working at layer 2 (Data Link) used to connect devices remotely to networks.

Question 37

PPTP (Point-to-Point Tunneling Protocol)

Answer 37

Developed by Cisco and Microsoft to support VPNs over PPP and TCP/IP. PPTP is highly vulnerable to password cracking attacks and considered obsolete.

Question 38

private cloud

Answer 38

A cloud that is deployed for use by a single entity.

Question 39

private key

Answer 39

In asymmetric encryption, the private key is known only to the holder and is linked to, but not derivable from, a public key distributed to those with which the holder wants to communicate securely. A private key can be used to encrypt data that can be decrypted by the linked public key or vice versa.

Question 40

privilege access management

Answer 40

The use of authentication and authorization mechanisms to provide an administrator with centralized or decentralized control of user and group role-based privilege management.

Question 41

privilege escalation

Answer 41

The practice of exploiting flaws in an operating system or other application to gain a greater level of access than was intended for the user or application.

Question 42

provenance

Answer 42

In digital forensics, being able to trace the source of evidence to a crime scene and show that it has not been tampered with.

Question 43

proxy server

Answer 43

A server that mediates the communications between a client and another server. It can filter and often modify communications, as well as provide caching services to improve performance. Also known as forward proxy.

Question 44

pseudo-anonymization

Answer 44

Removing personal information from a data set to make identification of individuals difficult, even if the data set is combined with other sources.

Question 45

PSK (pre-shared key)

Answer 45

Passphrase-based mechanism to allow group authentication to a wireless network. The passphrase is used to derive an encryption key.

Question 46

PtH attack (pass the hash attack)

Answer 46

A network-based attack where the attacker steals hashed user credentials and uses them as-is to try to authenticate to the same network the hashed credentials originated on.

Question 47

public cloud

Answer 47

A cloud that is deployed for shared use by multiple independent tenants.

Question 48

public key

Answer 48

During asymmetric encryption, this key is freely distributed and can be used to perform the reverse encryption or decryption operation of the linked private key in the pair.

Question 49

PUP (potentially unwanted program)

Answer 49

Software that cannot definitively be classed as malicious, but may not have been chosen by or wanted by the user.

Question 50

purple team

Answer 50

A mode of penetration testing where red and blue teams share information and collaborate throughout the engagement. purpose limitation In data protection, the principle that personal information can be collected and processed only for a stated purpose to which the subject has consented.

Question 51

Python

Answer 51

High-level programming language that is widely used for automation