Google Cyber Security - Glossary - All Flashcards

1
Q

The full file path, which starts from the root

A

Absolute file path

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security controls that manage access, authorization, and accountability of information

A

Access controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A type of attack where data packets are manipulated in transit

A

Active packet sniffing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A network protocol used to determine the MAC address of the next router or device on the path

A

Address Resolution Protocol (ARP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An instance when a threat actor maintains unauthorized access to a system for an extended period of time

A

Advanced persistent threat (APT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently

A

Adversarial artificial intelligence (AI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A type of legitimate software that is sometimes used to display digital advertisements in applications

A

Adware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A set of rules used to solve a problem

A

Algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The investigation and validation of alerts

A

Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A technique where attackers impersonate customer service representatives on social media

A

Angler phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A detection method that identifies abnormal behavior

A

Anomaly-based analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A software program used to prevent, detect, and eliminate malware and viruses

A

Antivirus software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A program that performs a specific task

A

Application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A small block of encrypted code that contains information about a user

A

Application programming interface (API) token

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Specific information needed by a command

A

Argument (Linux)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The data brought into a function when it is called

A

Argument (Python)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A data type that stores data in a comma-separated ordered list

A

Array

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The fifth step of the NIST RMF that means to determine if established controls are implemented correctly

A

Assess

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

An item perceived as having value to an organization

A

Asset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

The practice of labeling assets based on sensitivity and importance to an organization

A

Asset classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A catalog of assets that need to be protected

A

Asset inventory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

The process of tracking assets and the risks that affect them

A

Asset management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

The use of a public and private key pair for encryption and decryption of data

A

Asymmetric encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

All the potential vulnerabilities that a threat actor could exploit

A

Attack surface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A diagram that maps threats to assets

A

Attack tree

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

The pathways attackers use to penetrate security defenses

A

Attack vectors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

The process of verifying who someone is

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

The concept of granting access to specific resources in a system

A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

The sixth step of the NIST RMF that refers to being accountable for the security and privacy risks that might exist in an organization

A

Authorize

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

The use of technology to reduce human and manual effort to perform common and repetitive tasks

A

Automation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

The idea that data is accessible to those who are authorized to access it

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

A social engineering tactic that tempts people into compromising their security

A

Baiting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

The maximum data transmission capacity over a network, measured by bits per second

A

Bandwidth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

A documented set of specifications within a system that is used as a basis for future builds, releases, and updates

A

Baseline configuration (baseline image)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

The default shell in most Linux distributions

A

Bash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

The technology used to establish a user’s request to access a server

A

Basic auth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

A microchip that contains loading instructions for the computer and is prevalent in older systems

A

Basic Input/Output System (BIOS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

The unique physical characteristics that can be used to verify a person’s identity

A

Biometrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

The smallest unit of data measurement on a computer

A

Bit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Data that can only be one of two values: either True or False

A

Boolean data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

A software program that boots the operating system

A

Bootloader

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

A collection of computers infected by malware that are under the control of a single threat actor, known as the “bot-herder”

A

Botnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

The indices placed in square brackets

A

Bracket notation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Inconsistencies in the collection and logging of evidence in the chain of custody

A

Broken chain of custody

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

The trial and error process of discovering private information

A

Brute force attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Programs that encourage freelance hackers to find and report vulnerabilities

A

Bug bounty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

A function that exists within Python and can be called directly

A

Built-in function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

An organization’s ability to maintain their everyday productivity by establishing risk disaster recovery plans

A

Business continuity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

A document that outlines the procedures to sustain business operations during and after a significant disruption

A

Business continuity plan (BCP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

A

Business Email Compromise (BEC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

The second step of the NIST RMF that is used to develop risk management processes and tasks

A

Categorize

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

An open-source distribution that is closely related to Red Hat

A

CentOS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

A computer’s main processor, which is used to perform general computing tasks on a computer

A

Central Processing Unit (CPU)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

The process of documenting evidence possession and control during an incident lifecycle

A

Chain of custody

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

A cloud-native tool designed to retain, analyze, and search data

A

Chronicle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

An algorithm that encrypts information

A

Cipher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Software firewalls that are hosted by the cloud service provider

A

Cloud-based firewalls:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

The practice of using remote servers, applications, and network services that are hosted on the internet instead of on local physical devices

A

Cloud computing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

A collection of servers or computers that stores resources and data in remote data centers that can be accessed via the internet

A

Cloud network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users

A

Cloud security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

An instruction telling the computer to do something

A

Command

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

The techniques used by malicious actors to maintain communications with compromised systems

A

Command and control (C2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

A text-based user interface that uses commands to interact with the computer

A

Command-line interface (CLI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

A note programmers make about the intention behind their code

A

Comment:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

A log format that uses key-value pairs to structure data and identify fields and their corresponding values

A

Common Event Format (CEF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

An openly accessible dictionary of known vulnerabilities and exposures

A

Common Vulnerabilities and Exposures (CVE®) list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

A measurement system that scores the severity of a vulnerability

A

Common Vulnerability Scoring System (CVSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

The process of adhering to internal standards and external regulations

A

Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

A specialized group of security professionals that are trained in incident management and response

A

Computer security incident response teams (CSIRT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

Malicious code written to interfere with computer operations and cause damage to data and software

A

Computer virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

A statement that evaluates code to determine if it meets a specified set of conditions

A

Conditional statement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

The idea that only authorized users can access specific assets or data

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

Data that often has limits on the number of people who have access to it

A

Confidential data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

A model that helps inform how organizations consider risk when setting up systems and security policies

A

Confidentiality, integrity, availability (CIA) triad

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

A file used to configure the settings of an application

A

Configuration file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

The act of limiting and preventing additional damage caused by an incident

A

Containment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

A subnet that protects the internal network from the uncontrolled zone

A

Controlled zone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

An injection attack that inserts code into a vulnerable website or web application

A

Cross-site scripting (XSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

The practice of gathering information using public input and collaboration

A

Crowdsourcing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

Cryptographic attack: An attack that affects secure forms of communication between a sender and intended recipient

A

Cryptographic attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

A mechanism that decrypts ciphertext

A

Cryptographic key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

The process of transforming information into a form that unintended readers can’t understand

A

Cryptography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

A form of malware that installs software to illegally mine cryptocurrencies

A

Cryptojacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

An organization that volunteers to analyze and distribute information on eligible CVEs

A

CVE Numbering Authority (CNA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation

A

Cybersecurity (or security)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

Information that is translated, processed, or stored by a computer

A

Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

Data not currently being accessed

A

Data at rest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

An organized collection of information or data

A

Database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

A person that determines the procedure and purpose for processing data

A

Data controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

Anyone or anything that’s responsible for the safe handling, transport, and storage of information

A

Data custodian

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

Unauthorized transmission of data from a system

A

Data exfiltration:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

Data traveling from one point to another

A

Data in transit:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

Data being accessed by one or more users

A

Data in use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

The person who decides who can access, edit, use, or destroy their information

A

Data owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

A basic unit of information that travels from one device to another within a network

A

Data packet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

A specific piece of information

A

Data point

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

A person that is responsible for processing data on behalf of the data controller

A

Data processor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

An individual that is responsible for monitoring the compliance of an organization’s data protection procedures

A

Data protection officer (DPO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

A category for a particular type of data item

A

Data type

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

Data representing a date and/or time

A

Date and time data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

A software tool that helps to locate the source of an error and assess its causes

A

Debugger

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

The practice of identifying and fixing errors in code

A

Debugging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

A layered approach to vulnerability management that reduces risk

A

Defense in depth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

An attack that targets a network or server and floods it with network traffic

A

Denial of service (DoS) attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

A NIST core function related to identifying potential security incidents and improving monitoring capabilities to increase the speed and efficiency of detections

A

Detect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
106
Q

The prompt discovery of security events

A

Detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
107
Q

Data that consists of one or more key-value pairs

A

Dictionary data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
108
Q

A file that verifies the identity of a public key holder

A

Digital certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

The practice of collecting and analyzing data to determine what has happened after an attack

A

Digital forensics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
110
Q

A file that organizes where other files are stored

A

Directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
111
Q

A plan that allows an organization’s security team to outline the steps needed to minimize the impact of a security incident

A

Disaster recovery plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
112
Q

A type of denial or service attack that uses multiple devices or servers located in different locations to flood the target network with unwanted traffic

A

Distributed denial of service (DDoS) attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
113
Q

The different versions of Linux

A

Distributions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
114
Q

Any form of recorded content that is used for a specific purpose

A

Documentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
115
Q

An instance when malicious script exists in the webpage a browser loads

A

DOM-based XSS attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
116
Q

A networking protocol that translates internet domain names into IP addresses

A

Domain Name System (DNS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
117
Q

Dropper: A program or a file used to install a rootkit on a target computer

A

Dropper

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
118
Q

A brief summary of your experience, skills, and background

A

Elevator pitch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
119
Q

A process performed by a VPN service that protects your data by wrapping sensitive data in other data packets

A

Encapsulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
120
Q

The process of converting data from a readable format to an encoded format

A

Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
121
Q

Any device connected on a network

A

Endpoint

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
122
Q

An application that monitors an endpoint for malicious activity

A

Endpoint detection and response (EDR)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
123
Q

The complete removal of the incident elements from all affected systems

A

Eradication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
124
Q

A set of actions that outline who should be notified when an incident alert occurs and how that incident should be handled

A

Escalation policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
125
Q

An observable occurrence on a network, system, or device

A

Event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
126
Q

An error that involves code that cannot be executed even though it is syntactically correct

A

Exception

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
127
Q

An operator that does not include the value of comparison

A

Exclusive operator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
128
Q

A way of taking advantage of a vulnerability

A

Exploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
129
Q

A mistake that can be exploited by a threat

A

Exposure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
130
Q

Anything outside the organization that has the potential to harm organizational assets

A

External threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
131
Q

A state where the presence of a threat is not detected

A

False negative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
132
Q

An alert that incorrectly detects the presence of a threat

A

False positive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
133
Q

Malware that does not need to be installed by the user because it uses legitimate programs that are already installed to infect a computer

A

Fileless malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
134
Q

The location of a file or directory

A

File path

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
135
Q

The component of the Linux OS that organizes data

A

Filesystem Hierarchy Standard (FHS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
136
Q

Selecting data that match a certain condition

A

Filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
137
Q

Documentation that provides a comprehensive review of an incident

A

Final report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
138
Q

Firewall: A network security device that monitors traffic to or from a network

A

Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
139
Q

Data consisting of a number with a decimal point

A

Float data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
140
Q

A column in a table that is a primary key in another table

A

Foreign key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
141
Q

A server that regulates and restricts a person’s access to the internet

A

Forward proxy server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
142
Q

A section of code that can be reused in a program

A

Function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
143
Q

A variable that is available through the entire program

A

Global variable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
144
Q

A user interface that uses icons on the screen to manage different tasks on the computer

A

Graphical user interface (GUI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
145
Q

Any person or group who uses computers to gain unauthorized access to data

A

Hacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
146
Q

A person who uses hacking to achieve a political goal

A

Hacktivist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
147
Q

A hardware component used for long-term memory

A

Hard drive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
148
Q

The physical components of a computer

A

Hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
149
Q

An instance when different inputs produce the same hash value

A

Hash collision

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
150
Q

An algorithm that produces a code that can’t be decrypted

A

Hash function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
151
Q

A data structure that’s used to store and reference hash values

A

Hash table

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
152
Q

A U.S. federal law established to protect patients’ health information

A

Health Insurance Portability and Accountability Act (HIPAA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
153
Q

A system or resource created as a decoy vulnerable to attacks with the purpose of attracting potential intruders

A

Honeypot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
154
Q

An application that monitors the activity of the host on which it’s installed

A

Host-based intrusion detection system (HIDS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
155
Q

A network device that broadcasts information to every device on the network

A

Hub

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
156
Q

An application layer protocol that provides a method of communication between clients and website servers

A

Hypertext Transfer Protocol (HTTP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
157
Q

A network protocol that provides a secure method of communication between clients and website servers

A

Hypertext Transfer Protocol Secure (HTTPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
158
Q

A NIST core function related to management of cybersecurity risk and its effect on an organization’s people and assets

A

Identify:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
159
Q

A collection of processes and technologies that helps organizations manage digital identities in their environment

A

Identity and access management (IAM):

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
159
Q

A set of standards that define communication for wireless LANs

A

IEEE 802.11 (Wi-Fi):

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
160
Q

An object that cannot be changed after it is created and assigned a value

A

Immutable:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
161
Q

The fourth step of the NIST RMF that means to implement security and privacy plans for an organization

A

Implement:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
162
Q

An incident type that occurs when an employee of an organization violates the organization’s acceptable use policies

A

Improper usage:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
163
Q

An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies

A

Incident:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
163
Q

Observable evidence that suggests signs of a potential security incident

A

Indicators of compromise (IoC):

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
164
Q

The process of identifying a potential security incident, triaging it, and handing it off to a more experienced team member

A

Incident escalation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
165
Q

A form of documentation used in incident response

A

Incident handler’s journal:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
166
Q

An organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach

A

Incident response:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
167
Q

A document that outlines the procedures to take in each step of incident response

A

Incident response plan:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
168
Q

An operator that includes the value of comparison

A

Inclusive operator:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
169
Q

Space added at the beginning of a line of code

A

Indentation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
170
Q

The practice of keeping data in all states away from unauthorized users

A

Information security (InfoSec):

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
170
Q

The series of observed events that indicate a real-time incident

A

Indicators of attack (IoA):

170
Q

A number assigned to every element in a sequence that indicates its position

A

Index:

171
Q

The protection of unauthorized access and distribution of data

A

Information privacy:

172
Q

Malicious code inserted into a vulnerable application

A

Injection attack:

173
Q

Data consisting of a number that does not include a decimal point

A

Integer data:

174
Q

Programming that validates inputs from users and other programs

A

Input validation:

175
Q

The idea that the data is correct, authentic, and reliable

A

Integrity:

175
Q

A software application for writing code that provides editing assistance and error correction tools

A

Integrated development environment (IDE):

176
Q

The components required to run the computer

A

Internal hardware:

177
Q

A current or former employee, external vendor, or trusted partner who poses a security risk

A

Internal threat:

178
Q

An internet protocol used by devices to tell each other about data transmission errors across the network

A

Internet Control Message Protocol (ICMP):

179
Q

A unique string of characters that identifies the location of a device on the internet

A

Internet Protocol (IP) address:

180
Q

A type of DoS attack performed by an attacker repeatedly sending ICMP request packets to a network server

A

Internet Control Message Protocol flood (ICMP flood):

181
Q

A set of standards used for routing and addressing data packets as they travel between devices on a network

A

Internet Protocol (IP):

182
Q

A computer program that translates Python code into runnable instructions line by line

A

Interpreter:

183
Q

An application that monitors system activity and alerts on possible intrusions

A

Intrusion detection system (IDS):

184
Q

A network attack performed when an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to a network

A

IP spoofing:

185
Q

An application that monitors system activity for intrusive activity and takes action to stop the activity

A

Intrusion prevention system (IPS):

186
Q

Code that repeatedly executes a set of instructions

A

Iterative statement:

187
Q

The component of the Linux OS that manages processes and memory

A

Kernel:

187
Q

An open-source distribution of Linux that is widely used in the security industry

A

KALI LINUX ™:

188
Q

A set of data that represents two linked items: a key, and its corresponding value

A

Key-value pair:

188
Q

A collection of modules that provide code users can access in their programs

A

Library:

189
Q

An operating system that is outdated but still being used

A

Legacy operating system:

190
Q

A meeting that includes all involved parties after a major incident

A

Lessons learned meeting:

191
Q

An open-source operating system

A

Linux:

192
Q

The concept of combining two lists into one by placing the elements of the second list directly after the elements of the first list

A

List concatenation:

193
Q

Data structure that consists of a collection of data in sequential form

A

List data:

194
Q

Malicious code that launches after a user initiates a dropper program

A

Loader:

195
Q

A network that spans small areas like an office building, a school, or a home

A

Local Area Network (LAN):

195
Q

A variable assigned within a function

A

Local variable:

196
Q

The process of examining logs to identify events of interest

A

Log analysis:

197
Q

A record of events that occur within an organization’s systems

A

Log:

198
Q

The recording of events occurring on computer systems and networks

A

Logging:

198
Q

The process of collecting, storing, analyzing, and disposing of log data

A

Log management:

199
Q

An error that results when the logic used in code produces unintended results

A

Logic error:

200
Q

The part of a loop that determines when the loop terminates

A

Loop condition:

201
Q

A variable that is used to control the iterations of a loop

A

Loop variable:

202
Q

Software designed to harm devices or networks

A

Malware:

202
Q

Key technical attributes such as response time, availability, and failure rate, which are used to assess the performance of a software application

A

Metrics:

203
Q

A unique alphanumeric identifier that is assigned to each physical device on a network

A

Media Access Control (MAC) address:

203
Q

An incident type that occurs when malicious software designed to disrupt a system infiltrates an organization’s computers or network

A

Malware infection:

203
Q

A function that belongs to a specific data type

A

Method:

204
Q

A device that connects your router to the internet and brings internet access to the LAN

A

Modem:

204
Q

A collection of non-profit research and development centers

A

MITRE:

205
Q

A Python file that contains additional functions, variables, classes, and any kind of runnable code

A

Module:

205
Q

The seventh step of the NIST RMF that means be aware of how systems are operating

A

Monitor:

206
Q

A group of connected devices

A

Network:

206
Q

A security measure that requires a user to verify their identity in two or more ways to access a system or network

A

Multi-factor authentication (MFA):

207
Q

A command-line file editor that is available by default in many Linux distributions

A

nano:

208
Q

A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

A

National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF):

208
Q

A framework for incident response consisting of four phases: Preparation; Detection and Analysis; Containment, Eradication and Recovery, and Post-incident activity

A

National Institute of Standards and Technology (NIST) Incident Response Lifecycle:

209
Q

A unified framework for protecting the security of information systems within the U.S. federal government

A

National Institute of Standards and Technology (NIST) Special Publication (S.P.) 800-53:

210
Q

The data that’s transmitted between devices on a network

A

Network data:

210
Q

An application that collects and monitors network traffic and network data

A

Network-based intrusion detection system (NIDS):

211
Q

A tool designed to capture and analyze data traffic within a network

A

Network protocol analyzer (packet sniffer):

211
Q

The process of examining network logs to identify events of interest

A

Network log analysis:

211
Q

Hardware that connects computers to a network

A

Network Interface Card (NIC):

212
Q

The practice of keeping an organization’s network infrastructure secure from unauthorized access

A

Network security:

212
Q

A set of rules used by two or more devices on a network to describe the order of delivery and the structure of data

A

Network protocols:

212
Q

A security technique that divides the network into segments

A

Network segmentation:

213
Q

The amount of data that moves across a network

A

Network traffic:

214
Q

The concept that the authenticity of information can’t be denied

A

Non-repudiation:

215
Q

An online interface for writing, storing, and running code

A

Notebook:

216
Q

Data consisting of numbers

A

Numeric data:

217
Q

A data type that stores data in a comma-separated list of key-value pairs

A

Object:

217
Q

An open-standard authorization protocol that shares designated access between applications

A

OAuth:

218
Q

An attack where a malicious actor places themselves in the middle of an authorized connection and intercepts or alters the data in transit

A

On-path attack:

219
Q

The collection and analysis of information from publicly available sources to generate usable intelligence

A

Open-source intelligence (OSINT):

220
Q

A standardized concept that describes the seven layers computers use to communicate and send data over the network

A

Open systems interconnection (OSI) model:

221
Q

The interface between computer hardware and the user

A

Operating system (OS):

221
Q

A non-profit organization focused on improving software security

A

Open Web Application Security Project (OWASP):

222
Q

A symbol or keyword that represents an operation

A

Operator:

223
Q

Input that modifies the behavior of a command

A

Options:

224
Q

The practice of capturing and inspecting data packets across a network

A

Packet sniffing:

224
Q

A sequence outlining the order of data that must be preserved from first to last

A

Order of volatility:

225
Q

A globally recognized standard awareness document that lists the top 10 most critical security risks to web applications

A

OWASP Top 10:

226
Q

A piece of software that can be combined with other packages to form an application

A

Package:

227
Q

A tool that helps users install, manage, and remove packages or applications

A

Package manager:

228
Q

A file containing data packets intercepted from an interface or network

A

Packet capture (P-cap):

229
Q

An object that is included in a function definition for use in that function

A

Parameter (Python):

230
Q

An open-source distribution that is commonly used for security

A

Parrot:

231
Q

The process of converting data into a more readable format

A

Parsing:

232
Q

A type of attack where a malicious actor connects to a network hub and looks at all traffic on the network

A

Passive packet sniffing:

233
Q

An attempt to access password secured devices, systems, networks, or data

A

Password attack:

234
Q

A software and operating system update that addresses security vulnerabilities within a program or product

A

Patch update:

235
Q

Any cardholder data that an organization accepts, transmits, or stores

A

Payment Card Industry Data Security Standards (PCI DSS):

236
Q

A simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes

A

Penetration test (pen test):

237
Q

A resource that provides stylistic guidelines for programmers working in Python

A

PEP 8 style guide:

238
Q

Hardware components that are attached and controlled by the computer system

A

Peripheral devices:

239
Q

The type of access granted for a file or directory

A

Permissions:

240
Q

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

A

Phishing:

240
Q

Any information used to infer an individual’s identity

A

Personally identifiable information (PII):

241
Q

A collection of software tools needed to launch a phishing campaign

A

Phishing kit:

242
Q

A security incident that affects not only digital but also physical environments where the incident is deployed

A

Physical attack:

243
Q

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

A

Physical social engineering:

244
Q

A type of DoS attack caused when a hacker pings a system by sending it an oversized ICMP packet that is bigger than 64KB

A

Ping of death:

245
Q

A manual that provides details about any operational action

A

Playbook:

246
Q

A set of rules that reduce risk and protect information

A

Policy:

247
Q

A software-based location that organizes the sending and receiving of data between devices on a network

A

Port:

248
Q

A firewall function that blocks or allows certain port numbers to limit unwanted communication

A

Port filtering:

249
Q

The process of reviewing an incident to identify areas for improvement during incident handling

A

Post-incident activity:

250
Q

A type of unwanted software that is bundled in with legitimate programs which might display ads, cause device slowdown, or install other software

A

Potentially unwanted application (PUA):

251
Q

Information that should be kept from the public

A

Private data:

252
Q

The first step of the NIST RMF related to activities that are necessary to manage security and privacy risks before a breach occurs

A

Prepare:

253
Q

A column where every row has a unique entry

A

Primary key:

254
Q

A coding technique that executes SQL statements before passing them on to a database

A

Prepared statement:

255
Q

The concept of granting only the minimal access and authorization required to complete a task or function

A

Principle of least privilege:

256
Q

The act of safeguarding personal information from unauthorized use

A

Privacy protection:

257
Q

Step-by-step instructions to perform a specific security task

A

Procedures:

258
Q

A popular threat modeling framework that’s used across many industries

A

Process of Attack Simulation and Threat Analysis (PASTA):

259
Q

A process that can be used to create a specific set of instructions for a computer to execute tasks

A

Programming:

260
Q

A NIST core function used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats

A

Protect:

261
Q

Information that relates to the past, present, or future physical or mental health or condition of an individual

A

Protected health information (PHI):

262
Q

The process of properly working with fragile and volatile digital evidence

A

Protecting and preserving evidence:

263
Q

A server that fulfills the requests of its clients by forwarding them to other servers

A

Proxy server:

264
Q

Data that is already accessible to the public and poses a minimal risk to the organization if viewed or shared by others

A

Public data:

265
Q

An encryption framework that secures the exchange of online information

A

Public key infrastructure (PKI):

266
Q

An extensive collection of Python code that often comes packaged with Python

A

Python Standard Library:

267
Q

A request for data from a database table or a combination of tables

A

Query:

267
Q

A file of pre-generated hash values and their associated plaintext

A

Rainbow table:

268
Q

A type of baiting used to trick someone into believing that they’ll be rewarded in return for sharing access, information, or money

A

Quid pro quo:

269
Q

A hardware component used for short-term memory

A

Random Access Memory (RAM):

270
Q

The process of returning affected systems back to normal operations

A

Recovery:

271
Q

A friendly relationship in which the people involved understand each other’s ideas and communicate well with each other

A

Rapport:

271
Q

Ransomware: A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access

A

Ransomware:

272
Q

A NIST core function related to returning affected systems back to normal operation

A

Recover:

273
Q

An instance when malicious script is sent to a server and activated during the server’s response

A

Reflected XSS attack:

274
Q

A subscription-based distribution of Linux built for enterprise use

A

Red Hat® Enterprise Linux® (also referred to simply as Red Hat in this course):

275
Q

A sequence of characters that forms a pattern

A

Regular expression (regex):

276
Q

Rules set by a government or other authority to control the way something is done

A

Regulations:

277
Q

Relational database: A structured database containing tables that are related to each other

A

Relational database:

278
Q

A file path that starts from the user’s current directory

A

Relative file path:

279
Q

Replay attack: A network attack performed when a malicious actor intercepts a data packet in transit and delays it or repeats it at another time

A

Replay attack:

280
Q

The ability to prepare for, respond to, and recover from disruptions

A

Resiliency:

281
Q

Respond: A NIST core function related to making sure that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process

A

Respond:

282
Q

A Python statement that executes inside a function and sends information back to the function call

A

Return statement:

283
Q

A server that regulates and restricts the internet’s access to an internal server

A

Reverse proxy server:

284
Q

Anything that can impact the confidentiality, integrity, or availability of an asset

A

Risk:

285
Q

The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach

A

Risk mitigation:

286
Q

The highest-level directory in Linux

A

Root directory:

287
Q

A user with elevated privileges to modify the system

A

Root user (or superuser):

288
Q

Rootkit: Malware that provides remote, administrative access to a computer

A

Rootkit:

289
Q

A network device that connects multiple networks together

A

Router:

290
Q

An additional safeguard that’s used to strengthen hash functions

A

Salting:

291
Q

Malware that employs tactics to frighten users into infecting their device

A

Scareware:

292
Q

Splunk’s query language

A

Search Processing Language (SPL):

293
Q

Secure File Transfer Protocol (SFTP): A secure protocol used to transfer files from one device to another over a network

A

Secure File Transfer Protocol (SFTP):

294
Q

A security protocol used to create a shell with a remote system

A

Secure shell (SSH):

295
Q

A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats

A

Security architecture:

296
Q

A review of an organization’s security controls, policies, and procedures against a set of expectations

A

Security audit:

297
Q

Security controls: Safeguards designed to reduce specific security risks

A

Security controls:

298
Q

Guidelines for making appropriate decisions as a security professional

A

Security ethics:

299
Q

Guidelines used for building plans to help mitigate risk and threats to data and privacy

A

Security frameworks:

300
Q

Practices that help support, define, and direct security efforts of an organization

A

Security governance:

301
Q

The process of strengthening a system to reduce its vulnerabilities and attack surface

A

Security hardening:

302
Q

An application that collects and analyzes log data to monitor critical activities in an organization

A

Security information and event management (SIEM):

303
Q

The ability to evaluate risk and constantly seek out and identify the potential or actual breach of a system, application, or data

A

Security mindset:

304
Q

An organizational unit dedicated to monitoring networks, systems, and devices for security threats or attacks

A

Security operations center (SOC):

305
Q

Security zone: A segment of a company’s network that protects the internal network from the internet

A

Security zone:

305
Q

An organization’s ability to manage its defense of critical assets and data and react to change

A

Security posture:

305
Q

A collection of applications, tools, and workflows that use automation to respond to security events

A

Security orchestration, automation, and response (SOAR):

306
Q

The third step of the NIST RMF that means to choose, customize, and capture documentation of the controls that protect an organization

A

Select:

307
Q

A type of data that includes personally identifiable information (PII), sensitive personally identifiable information (SPII), or protected health information (PHI)

A

Sensitive data:

308
Q

The principle that users should not be given levels of authorization that would allow them to misuse a system

A

Separation of duties:

309
Q

A specific type of PII that falls under stricter handling guidelines

A

Sensitive personally identifiable information (SPII):

310
Q

a sequence of network HTTP requests and responses associated with the same user

A

Session:

311
Q

A token that websites use to validate a session and determine how long that session should last

A

Session cookie:

312
Q

An event when attackers obtain a legitimate user’s session ID

A

Session hijacking:

313
Q

Data that consists of an unordered collection of unique values

A

Set data:

313
Q

Session ID: A unique token that identifies a user and their device while accessing a system

A

Session ID: A unique token that identifies a user and their device while accessing a system

314
Q

The command-line interpreter

A

Shell:

314
Q

The idea that all individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security

A

Shared responsibility:

315
Q

A pattern that is associated with malicious activity

A

Signature:

316
Q

A network protocol used for monitoring and managing devices on a network

A

Simple Network Management Protocol (SNMP):

316
Q

A detection method used to find events of interest

A

Signature analysis:

317
Q

A technology that combines several different logins into one

A

Single sign-on (SSO):

318
Q

The use of text messages to trick users to obtain sensitive information or to impersonate a known source

A

Smishing:

319
Q

A network attack performed when an attacker sniffs an authorized user’s IP address and floods it with ICMP packets

A

Smurf attack:

320
Q

A manipulation technique that exploits human error to gain private information, access, or valuables

A

Social engineering:

321
Q

A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack

A

Social media phishing:

322
Q

A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

A

Spear phishing:

323
Q

The rate at which a device sends and receives data, measured by bits per second

A

Speed:

324
Q

A cloud-hosted tool used to collect, search, and monitor log data

A

Splunk Cloud:

325
Q

A self-hosted tool used to retain, analyze, and search an organization’s log data to provide security information and alerts in real-time

A

Splunk Enterprise:

326
Q

Spyware: Malware that’s used to gather and sell information without consent

A

Spyware:

326
Q

A programming language used to create, interact with, and request information from a database

A

SQL (Structured Query Language):

327
Q

An attack that executes unexpected queries on a database

A

SQL injection:

328
Q

Stakeholder: An individual or group that has an interest in any decision or activity of an organization

A

Stakeholder:

329
Q

An error message returned by the OS through the shell

A

Standard error:

330
Q

Information received by the OS via the command line

A

Standard input:

331
Q

Information returned by the OS through the shell

A

Standard output:

332
Q

STAR method: An interview technique used to answer behavioral and situational questions

A

STAR method:

333
Q

Standards: References that inform how to set policies

A

Standards:

334
Q

A class of firewall that keeps track of information passing through it and proactively filters out threats

A

Stateful:

335
Q

A class of firewall that operates based on predefined rules and that does not keep track of information from data packets

A

Stateless:

336
Q

An instance when malicious script is injected directly on the server

A

Stored XSS attack:

337
Q

Data consisting of an ordered sequence of characters

A

String data:

337
Q

The process of joining two strings together

A

String concatenation:

338
Q

A manual that informs the writing, formatting, and design of documents

A

Style guide:

339
Q

A continuous sequence of characters within a string

A

Substring:

339
Q

The subdivision of a network into logical groups called subnets

A

Subnetting:

340
Q

A command that temporarily grants elevated permissions to specific users

A

Sudo:

341
Q

An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

A

Supply-chain attack:

342
Q

Suricata: An open-source intrusion detection system, intrusion prevention system, and network analysis tool

A

Suricata:

343
Q

A device that makes connections between specific devices on a network by sending and receiving data between them

A

Switch:

344
Q

Symmetric encryption: The use of a single secret key to exchange information

A

Symmetric encryption:

345
Q

A type of DoS attack that simulates a TCP/IP connection and floods a server with SYN packets

A

Synchronize (SYN) flood attack:

346
Q

The rules that determine what is correctly structured in a computing language

A

Syntax:

347
Q

An error that involves invalid usage of a programming language

A

Syntax error:

348
Q

Any person or group who presents a security risk

A

Threat actor:

348
Q

A social engineering tactic in which unauthorized people follow an authorized person into a restricted area

A

Tailgating:

348
Q

A framework used to visualize how data is organized and transmitted across a network

A

TCP/IP model:

348
Q

The proactive search for threats on a network

A

Threat hunting:

348
Q

tcpdump: A command-line network protocol analyzer

A

tcpdump:

349
Q

Skills that require knowledge of specific tools, procedures, and policies

A

Technical skills:

349
Q

Threat: Any circumstance or event that can negatively impact assets

A

Threat:

350
Q

The collection and transmission of data for analysis

A

Telemetry:

351
Q

Evidence-based threat information that provides context about existing or emerging threats

A

Threat intelligence:

352
Q

The process of identifying assets, their vulnerabilities, and how each is exposed to threats

A

Threat modeling:

353
Q

Skills from other areas that can apply to different careers

A

Transferable skills:

354
Q

An internet communication protocol that allows two devices to form a connection and stream data

A

Transmission Control Protocol (TCP):

355
Q

The prioritizing of incidents according to their level of importance or urgency

A

Triage:

356
Q

Malware that looks like a legitimate file or program

A

Trojan horse:

357
Q

A state where there is no detection of malicious activity

A

True negative:

358
Q

True positive An alert that correctly detects the presence of an attack

A

True positive

359
Q

Data that consists of a collection of data that cannot be changed

A

Tuple data:

360
Q

An error that results from using the wrong data type

A

Type error:

361
Q

Ubuntu: An open-source, user-friendly distribution that is widely used in security and other industries

A

Ubuntu:

362
Q

Unauthorized access: An incident type that occurs when an individual gains digital or physical access to a system or application without permission

A

Unauthorized access: An incident type that occurs when an individual gains digital or physical access to a system or application without permission

363
Q

A microchip that contains loading instructions for the computer and replaces BIOS on more modern systems

A

Unified Extensible Firmware Interface (UEFI):

363
Q

Any network outside your organization’s control

A

Uncontrolled zone:

364
Q

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network

A

USB baiting:

365
Q

The person interacting with a computer

A

User:

366
Q

A function that programmers design for their specific needs

A

User-defined function:

367
Q

A connectionless protocol that does not establish a connection between devices before transmissions

A

User Datagram Protocol (UDP):

368
Q

A program that allows the user to control the functions of the operating system

A

User interface:

369
Q

The process of creating and maintaining a user’s digital identity

A

User provisioning:

370
Q

A container that stores data

A

Variable:

371
Q

A network security service that changes your public IP address and hides your virtual location so that you can keep your data private when you are using a public network like the internet

A

Virtual Private Network (VPN):

372
Q

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

A

Vishing:

372
Q

A weakness that can be exploited by a threat

A

Vulnerability:

372
Q

Malicious code written to interfere with computer operations and cause damage to data and software

A

Virus:

372
Q

A service that allows anyone to analyze suspicious files, domains, URLs, and IP addresses for malicious content

A

VirusTotal:

372
Q

A way of displaying various types of data quickly in one place

A

Visual dashboard:

372
Q

Vulnerability scanner: Software that automatically compares existing common vulnerabilities and exposures against the technologies on the network

A

Vulnerability scanner:

372
Q

The process of finding and patching vulnerabilities

A

Vulnerability management:

373
Q

Vulnerability assessment: The internal review process of an organization’s security systems

A

Vulnerability assessment:

373
Q

A type of attack when a threat actor compromises a website frequently visited by a specific group of users

A

Watering hole attack:

373
Q

Malicious code or behavior that’s used to take advantage of coding flaws in a web application

A

Web-based exploits:

374
Q

A category of spear phishing attempts that are aimed at high-ranking executives in an organization

A

Whaling:

374
Q

A network that spans a large geographic area like a city, state, or country

A

Wide Area Network (WAN):

375
Q

A wireless security protocol for devices to connect to the internet

A

Wi-Fi Protected Access (WPA):

376
Q

A special character that can be substituted with any other character

A

Wildcard:

377
Q

An open-source network protocol analyzer

A

Wireshark:

378
Q

An exploit that was previously unknown

A

Zero-day:

378
Q

A computer language used to create rules for searching through ingested log data

A

YARA-L:

378
Q

Malware that can duplicate and spread itself across systems on its own

A

Worm:

378
Q

A file that can be altered by anyone in the world

A

World-writable file: