Glossary T-U-V-W-X-Z

Question 1

TACACS+ (Terminal Access Controller Access Control System Plus)

Answer 1

An AAA protocol developed by Cisco that is often used to authenticate to administrator accounts for network appliance management.

Question 2

tail command

Answer 2

Linux utility for showing the last lines in a file.

Question 3

tailgating

Answer 3

Social engineering technique to gain access to a building by following someone who is unaware of their presence.

Question 4

TAP (test access port)

Answer 4

A hardware device inserted into a cable to copy frames for analysis.

Question 5

tape

Answer 5

Tape media provides robust, high-speed, high-capacity backup storage. Tape drives and autoloader libraries can be connected to the SATA and SAS buses or accessed via a SAN.

Question 6

TAXII (Trusted Automated eXchange of Indicator Information)

Answer 6

A protocol for supplying codified information to automate incident detection and analysis.

Question 7

tcpdump command

Answer 7

A command-line packet sniffing utility

Question 8

tcpreplay command

Answer 8

A command-line utility that replays packets saved to a file back through a network adapter.

Question 9

technical control

Answer 9

A category of security control that is implemented as a system (hardware, software, or firmware). Technical controls may also be described as logical controls.

Question 10

tethering

Answer 10

Using the cellular data plan of a mobile device to provide Internet access to a laptop or PC. The PC can be tethered to the mobile by USB, Bluetooth, or Wi-Fi (a mobile hotspot). Also known as hotspot.

Question 11

theHarvester

Answer 11

Utility for gathering results from open source intelligence queries

Question 12

thin AP

Answer 12

An access point that requires a wireless controller in order to function.

Question 13

third-party risks

Answer 13

Vulnerabilities that arise from dependencies in business relationships with suppliers and customers.

Question 14

threat actor

Answer 14

The person or entity responsible for an event that has been identified as a security incident or as a risk.

Question 15

threat hunting

Answer 15

Cybersecurity technique designed to detect presence of threats that have not been discovered by normal security monitoring.

Question 16

threat map

Answer 16

Animated map showing threat sources in near real-time.

Question 17

time of day restrictions

Answer 17

Policies or configuration settings that limit a user’s access to resources.

Question 18

time offset

Answer 18

In forensics, identifying whether a time zone offset has been applied to a file’s time stamp.

Question 19

timeline

Answer 19

In digital forensics, a tool that shows the sequence of file system events within a source image in a graphical format.

Question 20

TKIP (Temporal Key Integrity Protocol)

Answer 20

A mechanism used in the first version of WPA to improve the security of wireless encryption mechanisms, compared to the flawed WEP standard.

Question 21

TLS (Transport Layer Security)

Answer 21

A security protocol that uses certificates for authentication and encryption to protect web communication.

Question 22

TOCTTOU (time of check to time of use)

Answer 22

The potential vulnerability that occurs when there is a change between when an app checked a resource and when the app used the resource.

Question 23

token

Answer 23

A physical or virtual item that contains authentication and/or authorization data, commonly used in multifactor authentication.

Question 24

tokenization

Answer 24

A deidentification method where a unique token is substituted for real data.

Question 25

TOTP (Time-based One-time Password)

Answer 25

An improvement on HOTP that forces one-time passwords to expire after a short period of time.

Question 26

TPM (Trusted Platform Module)

Answer 26

A specification for hardware-based storage of digital certificates, keys, hashed passwords, and other user and platform identification information.transit gateway In cloud computing, a virtual router deployed to facilitate connections between VPC subnets and VPN gateways.

Question 27

trend analysis

Answer 27

The process of detecting patterns within a dataset over time, and using those patterns to make predictions about future events or better understand past events.

Question 28

Trojan

Answer 28

A malicious software program hidden within an innocuous-seeming piece of software. Usually, the Trojan is used to try to compromise the security of the target computer. Also known as Trojan.

Question 29

TTP (tactics, techniques, and procedures)

Answer 29

Analysis of historical cyber-attacks and adversary actions.

Question 30

typosquatting

Answer 30

An attack—also called typosquatting—in which an attacker registers a domain name with a common misspelling of an existing domain, so that a user who misspells a URL they enter into a browser is taken to the attacker’s website. Also known as URL hijacking.

Question 31

UEBA (user and entity behavior analytics)

Answer 31

A system that can provide automated identification of suspicious activity by user accounts and computer hosts.

Question 32

UEM (unified endpoint management)

Answer 32

Enterprise software for controlling device settings, apps, and corporate data storage on all types of fixed, mobile, and IoT computing devices.

Question 33

USB data blocker (Universal Serial Bus data blocker)

Answer 33

Hardware plug to prevent malicious data transfer when a device is plugged into a USB charging point.

Question 34

UTM (unified threat management)

Answer 34

All-in-one security appliances and agents that combine the functions of a firewall, malware scanner, intrusion detection, vulnerability scanner, data loss prevention, content filtering, and so on.

Question 35

vault

Answer 35

A secure room with walls and gateway hardened against physical assault.

Question 36

VBA (Visual Basic for Applications)

Answer 36

Programming languages used to implement macros and scripting in Office document automation.

Question 37

VDE (virtual desktop environment)

Answer 37

The user desktop and software applications provisioned as an instance under VDI.

Question 38

VDI (virtual desktop infrastructure)

Answer 38

A virtualization implementation that separates the personal computing environment from a user’s physical computer.

Question 39

vendor management

Answer 39

Policies and procedures to identify vulnerabilities and ensure security of the supply chain.

Question 40

virus

Answer 40

Code designed to infect computer files (or disks) when it is activated.

Question 41

vishing

Answer 41

A human-based attack where the attacker extracts information while speaking over the phone or leveraging IP-based voice messaging services (VoIP).

Question 42

VLAN (virtual local area network)

Answer 42

A logically separate network, created by using switching technology. Even though hosts on two VLANs may be physically connected to the same cabling, local traffic is isolated to each VLAN so they must use a router to communicate.

Question 43

VM escaping (virtual machine escaping)

Answer 43

An attack where malware running in a VM is able to interact directly with the hypervisor or host kernel.

Question 44

VM sprawl (virtual machine sprawl)

Answer 44

Configuration vulnerability where provisioning and deprovisioning of virtual assets is not properly authorized and monitored.

Question 45

VPC (virtual private cloud)

Answer 45

A private network segment made available to a single cloud consumer on a public cloud.

Question 46

VPN (virtual private network)

Answer 46

A secure tunnel created between two endpoints connected via an unsecure network (typically the Internet).

Question 47

vulnerability

Answer 47

A weakness that could be triggered accidentally or exploited intentionally to cause a security breach.

Question 48

vulnerability assessment

Answer 48

An evaluation of a system’s security and ability to meet compliance requirements based on the configuration state of the system, as represented by information collected from the system.

Question 49

WAF (web application firewall)

Answer 49

A firewall designed specifically to protect software running on web servers and their back-end databases from code injection and DoS attacks.

Question 50

war driving

Answer 50

The practice of using a Wi-Fi sniffer to detect WLANs and then either making use of them (if they are open/unsecured) or trying to break into them (using WEP and WPA cracking tools).

Question 51

warm site

Answer 51

A location that is dormant or performs noncritical functions under normal conditions, but which can be rapidly converted to a key operations site if needed.

Question 52

watering hole attack

Answer 52

An attack in which an attacker targets specific groups or organizations, discovers which websites they frequent, and injects malicious code into those sites.

Question 53

WEP (Wired Equivalent Privacy)

Answer 53

A legacy mechanism for encrypting data sent over a wireless connection.

Question 54

whaling

Answer 54

An email-based or web-based form of phishing which targets senior executives or wealthy individuals.

Question 55

white team

Answer 55

Staff administering, evaluating, and supervising a penetration test or incident response exercise.

Question 56

WinHex

Answer 56

Forensics tool for Windows that allows collection and inspection of binary code in disk and memory images.

Question 57

worm

Answer 57

A type of malware that replicates in system memory and can spread over network connections rather than infecting files.

Question 58

WPA (Wi-Fi Protected Access)

Answer 58

Standards for authenticating and encrypting access to Wi-Fi networks. Also known as WPA2, WPA3.

Question 59

WPS (Wi-Fi Protected Setup)

Answer 59

A feature of WPA and WPA2 that allows enrollment in a wireless network based on an 8-digit PIN.

Question 60

XaaS (anything as a service)

Answer 60

Expressing the concept that most types of IT requirements can be deployed as a cloud service model.

Question 61

XML injection

Answer 61

Attack method where malicious XML is passed as input to exploit a vulnerability in the target app.

Question 62

XOR (exclusive OR)

Answer 62

An operation that outputs to true only if one input is true and the other input is false.

Question 63

XSRF (cross-site request forgery)

Answer 63

A malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser. Also known as client-side request forgery or CSRF.

Question 64

XSS (cross-site scripting)

Answer 64

A malicious script hosted on the attacker’s site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site, circumventing the browser’s security model of trusted zones.

Question 65

zero trust

Answer 65

Security design paradigm where any request (host-to-host or container-to-container) must be authenticated before being allowed.

Question 66

zero-day

Answer 66

A vulnerability in software that is unpatched by the developer or an attack that exploits such a vulnerability.

Question 67

zero-fill

Answer 67

A method of sanitizing a drive by setting all bits to zero.

Question 68

ZigBee

Answer 68

Low-power wireless communications open source protocol used primarily for home automation. ZigBee uses radio frequencies in the 2.4 GHz band and a mesh topology.

Question 69

Z-Wave

Answer 69

Low-power wireless communications protocol used primarily for home automation. Z-Wave uses radio frequencies in the high 800 to low 900 MHz and a mesh topology.