Glossary Part 2 Flashcards

Question 1

Q

steganography

Answer

A

A technique for obscuring the presence of a message, often by embedding information within a file or other entity.

Question 2

Q

software as a service (SaaS)

Answer

A

A cloud service model that provisions fully developed application services to users.

Question 3

Q

Transport Layer Security virtual private network (TLS VPN)

Answer

A

Virtual private networking solution that uses digital certificates to identify, host, and establish secure tunnels for network traffic.

Question 4

Q

role-based access control (RBAC)

Answer

A

An access control model where resources are protected by ACLs that are managed by administrators and that provide user permissions based on job functions.

Question 5

Q

secure enclave

Answer

A

CPU extensions that protect data stored in system memory so that an untrusted process cannot read it.

Question 6

Q

sensor (alarms)

Answer

A

A component in an alarm system that identifies unauthorized entry via infrared-, ultrasonic-, microwave-, or pressure-based detection of thermal changes or movement.

Question 7

Q

self-signed certificate

Answer

A

A digital certificate that has been signed by the entity that issued it, rather than by a CA.

Question 8

Q

vulnerability

Answer

A

A weakness that could be triggered accidentally or exploited intentionally to cause a security breach.

Question 9

Q

vulnerability feed

Answer

A

A synchronizable list of data and scripts used to check for vulnerabilities. Also referred to as plug-ins or network vulnerability tests (NVTs).

Question 10

Q

risk mitigation

Answer

A

The response of reducing risk to fit within an organization’s willingness to accept risk.

Question 11

Q

sinkhole

Answer

A

A DoS attack mitigation strategy that directs the traffic that is flooding a target IP address to a different network for analysis.

Question 12

Q

system/process audit

Answer

A

An audit process with a wide scope, including assessment of supply chain, configuration, support, monitoring, and cybersecurity factors.

Question 13

Q

state table

Answer

A

Information about sessions between hosts that is gathered by a stateful firewall.

Question 14

Q

serverless

Answer

A

A software architecture that runs functions within virtualized runtime containers in a cloud rather than on dedicated server instances.

Question 15

Q

under-voltage event

Answer

A

When the power that is supplied by the electrical wall socket is insufficient to allow the computer to function correctly. Under-voltage events are long sags in power output that are often caused by overloaded or faulty grid distribution circuits or by a failure in the supply route from the electrical power station to a building.

Question 16

Q

subject alternative name (SAN)

Answer

A

A field in a digital certificate allowing a host to be identified by multiple host names/subdomains.

Question 17

Q

Trojan

Answer

A

A malicious software program hidden within an innocuous-seeming piece of software. Usually, the Trojan is used to try to compromise the security of the target computer.

Question 18

Q

risk deterrence

Answer

A

In risk mitigation, the response of deploying security controls to reduce the likelihood and/or impact of a threat scenario.

Question 19

Q

root certificate authority

Answer

A

In PKI, a CA that issues certificates to intermediate CAs in a hierarchical structure.

Question 20

Q

service disruption

Answer

A

A type of attack that compromises the availability of an asset or business process.

Question 21

Q

SMiShing

Answer

A

A form of phishing that uses SMS text messages to trick a victim into revealing information.

Question 22

Q

serverless computing

Answer

A

Features and capabilities of a server without needing to perform server administration tasks. Serverless computing offloads infrastructure management to the cloud service provider—for example, configuring file storage capability without the requirement of first building and deploying a file server.

Question 23

Q

Temporal Key Integrity Protocol (TKIP)

Answer

A

The mechanism used in the first version of WPA to improve the security of wireless encryption mechanisms, compared to the flawed WEP standard.

Question 24

Q

Sender Policy Framework (SPF)

Answer

A

A DNS record identifying hosts authorized to send mail for the domain.

Question 25

Q

Security-Enhanced Linux (SELinux)

Answer

A

The default context-based permissions scheme provided with CentOS and Red Hat Enterprise Linux.

Question 26

Q

software composition analysis (SCA)

Answer

A

Tools designed to assist with identification of third-party and open-source code during software development and deployment.

Question 27

Q

SYN flood

Answer

A

A DoS attack where the attacker sends numerous SYN requests to a target server, hoping to consume enough resources to prevent the transfer of legitimate traffic.

Question 28

Q

risk identification

Answer

A

Within overall risk assessment, the specific process of listing sources of risk due to threats and vulnerabilities.

Question 29

Q

risk assessment

Answer

A

The process of identifying risks, analyzing them, developing a response strategy for them, and mitigating their future impact.

Question 30

Q

vertical privilege escalation

Answer

A

When an attacker can perform functions that are normally assigned to users in higher roles, and often explicitly denied to the attacker.

Question 31

Q

transparent proxy

Answer

A

A server that redirects requests and responses without the client being explicitly configured to use it. Also referred to as a forced or intercepting proxy.

Question 32

Q

Sarbanes-Oxley Act (SOX)

Answer

A

A law enacted in 2002 that dictates requirements for the storage and retention of documents relating to an organization’s financial and business operations.

Question 33

Q

threat

Answer

A

A potential for an entity to exercise a vulnerability (that is, to breach security).

Question 34

Q

screened subnet

Answer

A

A segment isolated from the rest of a private network by one or more firewalls that accepts connections from the Internet over designated ports.

Question 35

Q

warm site

Answer

A

An alternate processing location that is dormant or performs noncritical functions under normal conditions, but which can be rapidly converted to a key operations site if needed.

Question 36

Q

video surveillance

Answer

A

Physical security control that uses cameras and recording devices to visually monitor the activity in a certain area.

Question 37

Q

security key

Answer

A

Portable HSM with a computer interface, such as USB or NFC, used for multifactor authentication.

Question 38

Q

supply chain

Answer

A

The end-to-end process of supplying, manufacturing, distributing, and finally releasing goods and services to a customer.

Question 39

Q

risk transference

Answer

A

In risk mitigation, the response of moving or sharing the responsibility of risk to another entity, such as by purchasing cybersecurity insurance.

Question 40

Q

risk reporting

Answer

A

A periodic summary of relevant information about a project’s current risks. It provides a summarized overview of known risks, realized risks, and their impact on the organization.

Question 41

Q

sensor

Answer

A

A monitor that records (or “sniffs”) data from frames as they pass over network media, using methods such as a mirror port or TAP device.

Question 42

Q

web filter

Answer

A

A software application or gateway that filters client requests for various types of Internet content (web, FTP, IM, and so on).

Question 43

Q

resource consumption

Answer

A

A potential indicator of malicious activity where CPU, memory, storage, and/or network usage deviates from expected norms.

Question 44

Q

tokenization

Answer

A

A de-identification method where a unique token is substituted for real data.

Question 45

Q

secure baseline

Answer

A

Configuration guides, benchmarks, and best practices for deploying and maintaining a network device or application server in a secure state for its given role.

Question 46

Q

workforce multiplier

Answer

A

A tool or automation that increases employee productivity, enabling them to perform more tasks to the same standard per unit of time.

Question 47

Q

signature-based detection

Answer

A

A network monitoring system that uses a predefined set of rules provided by a software vendor or security personnel to identify events that are unacceptable.

Question 48

Q

risk owner

Answer

A

An individual who is accountable for developing and implementing a risk response strategy for a risk documented in a risk register.

Question 49

Q

server-side

Answer

A

In a web application, input data that is executed or validated as part of a script or process running on the server.

Question 50

Q

software-defined networking (SDN)

Answer

A

APIs and compatible hardware/virtual appliances allowing for programmable network appliances and systems.

Question 51

Q

web application firewall (WAF)

Answer

A

A firewall designed specifically to protect software running on web servers and their back-end databases from code injection and DoS attacks.

Question 52

Q

security identifier (SID)

Answer

A

The value assigned to an account by Windows and that is used by the operating system to identify that account.

Question 53

Q

Transport Layer Security (TLS)

Answer

A

Security protocol that uses certificates for authentication and encryption to protect web communications and other application protocols.

Question 54

Q

risk analysis

Answer

A

Process for qualifying or quantifying the likelihood and impact of a factor.

Question 55

Q

server-side request forgery (SSRF)

Answer

A

An attack where an attacker takes advantage of the trust established between the server and the resources it can access, including itself.

Question 56

Q

salt

Answer

A

A security countermeasure that mitigates the impact of precomputed hash table attacks by adding a random value to (“salting”) each plaintext input.

Question 57

Q

ticket granting ticket (TGT)

Answer

A

In Kerberos, a token issued to an authenticated account to allow access to authorized application servers.

Question 58

Q

trade secrets

Answer

A

Intellectual property that gives a company a competitive advantage but hasn’t been registered with a copyright, trademark, or patent.

Question 59

Q

rule-based access control

Answer

A

A nondiscretionary access control technique that is based on a set of operational rules or restrictions to enforce a least privileges permissions policy.

Question 60

Q

spyware

Answer

A

Software that records information about a PC and its users, often installed without the user’s consent.

Question 61

Q

risk acceptance

Answer

A

The response of determining that a risk is within the organization’s appetite and no countermeasures other than ongoing monitoring is needed.

Question 62

Q

trusted platform module (TPM)

Answer

A

Specification for secure hardware-based storage of encryption keys, hashed passwords, and other user- and platform-identification information.

Question 63

Q

virtual private cloud (VPC)

Answer

A

A private network segment made available to a single cloud consumer on a public cloud.

Question 64

Q

statement of work (SOW)

Answer

A

A document that defines the expectations for a specific business arrangement.

Answer 65

A

A solution that provides real-time or near-real-time analysis of security alerts generated by network hardware and applications.

Answer 66

A

A system that can provide automated identification of suspicious activity by user accounts and computer hosts.

Answer 67

A

An agreement that sets the service requirements and expectations between a consumer and a provider.

Answer 68

A

Remote access tool and protocol. VNC is the basis of macOS screen sharing.

Answer 69

A

The process of reviewing uncompiled source code either manually or using automated tools.

Answer 70

A

A testing technique that replicates the conditions of a real-world disaster scenario or security incident.

Answer 71

A

The ability of a system or network to recover quickly from failure events with no or minimal manual intervention.

Answer 72

A

A target for event data related to access control, such as user authentication and privilege use.

Answer 73

A

Hardware or software configured with a list of known weaknesses and exploits and that can scan for their presence in a host OS or particular application.

Answer 74

A

A cybersecurity technique designed to detect the presence of threats that have not been discovered by normal security monitoring.

Answer 75

A

Personal authentication mechanism for Wi-Fi networks introduced with WPA3 to address vulnerabilities in the WPA-PSK method.

Answer 76

A

Boundary for types and/or levels of risk that can be accepted.

Answer 77

A

An attack in which an attacker targets specific groups or organizations, discovers which websites they frequent, and injects malicious code into those sites.

Answer 78

A

Authentication technology that enables a user to authenticate once and receive authorizations for multiple services.

Answer 79

A

Identifies that responsibility for the implementation of security as applications, data, and workloads are transitioned into a cloud platform are shared between the customer and the cloud service provider (CSP).

Answer 80

A

Used to create the entire architectural instance/copy of an application, disk, or system. It is used in backup processes to restore the system or disk of a particular device at a specific time. A snapshot backup can also be referred to as image backup.

Answer 81

A

A secure tunnel created between two endpoints connected via an unsecure transport network (typically the Internet).

Answer 82

A

A type of malware that replicates between processes in system memory and can spread over client/server network connections.

Answer 83

A

A document highlighting the results of risk assessments in an easily comprehensible format (such as a “traffic light” grid). Its purpose is for department managers and technicians to understand risks associated with the workflows that they manage.

Answer 84

A

Category of risk management that uses alternate mitigating controls to control an accepted risk factor.

Answer 85

A

The practice of encapsulating data from one protocol for safe transfer over another network such as the Internet.

Answer 86

A

Social engineering attack where the threat actor extracts information while speaking over the phone or leveraging IP-based voice messaging services (VoIP).

Answer 87

A

The amount that would be lost in a single occurrence of a particular risk factor.

Answer 88

A

Application protocol supporting secure tunneling and remote terminal emulation and file copy. SSH runs over TCP port 22.

Answer 89

A

Property by which a computing environment is able to gracefully fulfill its ever-increasing resource needs.

Answer 90

A

A computing environment that is isolated from a host system to guarantee that the environment runs in a controlled, secure fashion. Communication links between the sandbox and the host are usually completely prohibited so that malware or faulty software can be analyzed in isolation and without risk to the host.

Answer 91

A

A battery-powered device that supplies AC power that an electronic device can use in the event of power failure.

Answer 92

A

Encryption scheme applied to data-in-motion, such as WPA, IPsec, or TLS.

Answer 93

A

Vulnerabilities that arise from dependencies in business relationships with suppliers and customers.

Answer 94

A

Category of risk management that accepts an unmitigated risk factor.

Answer 95

A

A type of industrial control system that manages large-scale, multiple-site devices and equipment spread over geographically large areas from a host computer.

Answer 96

A

A potential indicator of malicious activity where a file or service resource that should be available is inaccessible.

Answer 97

A

A secure version of the File Transfer Protocol that uses a Secure Shell (SSH) tunnel as an encryption method to transfer, access, and manage files.

Answer 98

A

A disk drive where the controller can automatically encrypt data that is written to it.

Answer 99

A

A forensic tool to prevent the capture or analysis device or workstation from changing data on a target disk or media.

Answer 100

A

In disaster recovery, time additional to the RTO of individual systems to perform reintegration and testing of a restored or upgraded system following an event.

Answer 101

A

Application protocol used for monitoring and managing network devices. SNMP works over UDP ports 161 and 162 by default.

Answer 102

A

A legacy mechanism for encrypting data sent over a wireless connection.

Answer 103

A

In EAP architecture, the device requesting access to the network.

Answer 104

A

The process of thoroughly and completely removing data from a storage medium so that file remnants cannot be recovered.

Answer 105

A

A character string that identifies a particular wireless LAN (WLAN).

Answer 106

A

OTP sent to a registered number or email account or generated by an authenticator app as a means of two-step verification when authenticating account access.

Answer 107

A

The ability of a system to process a task or workload within an acceptable amount of time.

Answer 108

A

A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the confidentiality, integrity, and availability (CIA) of information.

Answer 109

A

A discussion of simulated emergency situations and security incidents.

Answer 110

A

An XML-based web services protocol that is used to exchange messages.

Answer 111

A

Policies or configuration settings that limit a user’s access to resources.

Answer 112

A

In PKI, a public CA that issues certificates for multiple domains and is widely trusted as a root trust by operating systems and browsers.

Answer 113

A

A hardware device inserted into a cable run to copy frames for analysis.

Answer 114

A

A person or entity responsible for an event that has been identified as a security incident or as a risk.

Answer 115

A

Inventory of third-party and open-source code components used in an application or package.

Answer 116

A

Likelihood and impact (or consequence) of a threat actor exercising a vulnerability.

Answer 117

A

Using the cellular data plan of a mobile device to provide Internet access to a laptop or PC. The PC can be tethered to the mobile by USB, Bluetooth, or Wi-Fi (a mobile hotspot).

Answer 118

A

In digital forensics, a tool that shows the sequence of file system events within a source image in a graphical format.

Answer 119

A

Computer hardware, software, or services used on a private network without authorization from the system owner.

Answer 120

A

The security design paradigm where any request (host-to-host or container-to-container) must be authenticated before being allowed.

Answer 121

A

Standards for authenticating and encrypting access to Wi-Fi networks.

Answer 122

A

A cryptographic hashing algorithm created to address possible weaknesses in MDA. The current version is SHA-2.

Answer 123

A

An application-level addressing scheme for TCP/IP, allowing for human-readable resource addressing. For example: protocol://server/file, where “protocol” is the type of resource (HTTP, FTP), “server” is the name of the computer (www.microsoft.com), and “file” is the name of the resource you wish to access.

Answer 124

A

An XML-based data format used to exchange authentication information between a client and a service.

Answer 125

A

An activity where the goal is to use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines.

Answer 126

A

A computing environment where multiple independent operating systems can be installed to a single hardware platform and run simultaneously.

Answer 127

A

Gaining superuser-level access over an Android-based mobile device.

Answer 128

A

Software that tracks the health of a computer’s subsystems using metrics reported by system hardware or sensors. This provides an alerting service for faults such as high temperature, chassis intrusion, and so on.

Answer 129

A

A type of proxy server that protects servers from direct contact with client requests.

Answer 130

A

The ability of threat actors to draw upon funding to acquire personnel, tools, and to develop novel attack types.

Answer 131

A

A widget showing records or metrics in a visual format, such as a graph or table.

Answer 132

A

Documentation about a location for the purposes of building an ideal wireless infrastructure; it often contains optimum locations for wireless antenna and access point placement to provide the required coverage for clients and identify sources of interference.

Answer 133

A

A NIST framework that outlines various accepted practices for automating vulnerability scanning.

Answer 134

A

Application protocol and event-logging format enabling different appliances and software applications to transmit logs or event records to a central server. Syslog works over UDP port 514 by default.

Answer 135

A

Expected outcome or state of a task that has been performed in accordance with policies and procedures. Standards can be determined internally or measured against external frameworks.

Answer 136

A

A strategic assessment of what level of residual risk is acceptable for an organization.

Answer 137

A

A technique used in firewalls to analyze packets down to the application layer rather than filtering packets only by header information, enabling the firewall to enforce tighter and more security.

Answer 138

A

A definition of how a pen test will be executed and what constraints will be in place. This provides the pen tester with guidelines to consult as they conduct their tests so that they don’t have to constantly ask management for permission to do something.

Answer 139

A

Application protocol used to send mail between hosts on the Internet. Messages are sent between servers over TCP port 25 or submitted by a mail client over secure port TCP/587.

Answer 140

A

In risk mitigation, the practice of ceasing activity that presents risk.

Answer 141

A

An area of the network (or of a connected network) where the security configuration is the same for all hosts within it. In physical security, an area separated by barriers that control entry and exit points.

Answer 142

A

An attack that injects a database query into the input data directed at a server by accessing the client side of the application.

Answer 143

A

Services that use software-defined mechanisms and routing policies to implement virtual tunnels and overlay networks over multiple types of transport network.

Answer 144

A

An open source NIDS. A subscription (“oinkcode”) is required to obtain up-to-date rulesets, which allow the detection engine to identify the very latest threats. Non-subscribers can obtain community-authored rulesets.

Answer 145

A

In an IaC architecture, the property that an automation or orchestration action always produces the same result, regardless of the component’s previous state.

Answer 146

A

A technique used to determine the true cause of the problem that, when removed, prevents the problem from occurring again.

Answer 147

A

The process of choosing the type and placement of security controls to ensure the goals of the CIA triad and compliance with any framework requirements.

Answer 148

A

Installing an app to a mobile device without using an app store.

Answer 149

A

Determines the thresholds that separate different levels of risk.

Answer 150

A

A security device similar to a credit card that can store authentication information, such as a user’s private key, on an embedded cryptoprocessor.

Answer 151

A

A component or system that would cause a complete interruption of a service if it failed.

Answer 152

A

In PKI, a digital certificate that will match multiple subdomains of a parent domain.

Answer 153

A

A feature of WPA and WPA2 that allows enrollment in a wireless network based on an eight-digit PIN.

Answer 154

A

Configuration that exposes a large attack surface, such as through unnecessary open service ports, weak or no authentication, use of default credentials, or lack of secure communications/encryption.

Answer 155

A

The practice of ensuring that the assets that make up a project are closely managed when it comes time to make changes.

Answer 156

A

A lightweight block of malicious code that exploits a software vulnerability to gain initial access to a victim system.

Answer 157

A

Malicious code inserted into an executable file image. The malicious code is executed when the file is run and can deliver a payload, such as attempting to infect other files.

Answer 158

A

A scheduling approach used by load balancers to route traffic to devices that have already established connections with the client in question.

Answer 159

A

The cyclical process of identifying, assessing, analyzing, and responding to risks.

Answer 160

A

The process of detecting patterns within a dataset over time, and using those patterns to make predictions about future events or to better understand past events.

Answer 161

A

All-in-one security appliances and agents that combine the functions of a firewall, malware scanner, intrusion detection, vulnerability scanner, data-loss prevention, content filtering, and so on.

Answer 162

A

An attack in which an attacker registers a domain name with a common misspelling of an existing domain, so that a user who misspells a URL they enter into a browser is taken to the attacker’s website.

Answer 163

A

A process that allows researchers and reviewers to safely disclose vulnerabilities to a software developer.

Answer 164

A

Analysis of historical cyberattacks and adversary actions.

Answer 165

A

A mechanism to account for unexpected error conditions that might arise during code execution. Effective error handling reduces the chances that a program could be exploited.

Answer 166

A

Costs accrued by keeping an ineffective system or product in place, rather than replacing it with a better-engineered one.

Answer 167

A

A hardware device that has the primary function of a router, but also has firewall functionality embedded into the router firmware.

Answer 168

A

Signatures and pattern-matching rules supplied to analysis platforms as an automated feed.

Answer 169

A

The processes of planning, analysis, design, implementation, and maintenance that often govern software and systems development.

Answer 170

A

The potential vulnerability that occurs when there is a change between when an app checked a resource and when the app used the resource.

Answer 171

A

A threat actor that causes a vulnerability or exposes an attack vector without malicious intent.

Answer 172

A

Principle of regulated privacy data that protects the data subject’s ability to request its deletion.

Answer 173

A

A program that enforces strict type-checking during compilation and ensures variables and data are used correctly. It prevents memory-related vulnerabilities and injection attacks.

Answer 174

A

A logical network segment comprising a broadcast domain established using a feature of managed switches to assign each port a VLAN ID. Even though hosts on two VLANs may be physically connected to the same switch, local traffic is isolated to each VLAN, so they must use a router to communicate.

Answer 175

A

A networking and security architecture that provides secure access to cloud applications and services while reducing complexity. It combines security services like firewalls, identity and access management, and secure web gateway with networking services such as SD-WAN.

Answer 176

A

A vulnerability in software that is unpatched by the developer or an attack that exploits such a vulnerability.

Answer 177

A

Making a duplicate of a contactless access card by copying its access token and programming a new card with the same data.

Brainscape's Knowledge GenomeTM

Glossary Part 2 Flashcards

Brainscape's Knowledge Genome^TM