Key Cybersecurity Acronyms and Concepts Flashcards
What does SIEM stand for?
Security Information and Event Management
What does SOAR stand for?
Security Orchestration, Automation, and Response
What does IDS/IPS stand for?
Intrusion Detection System / Intrusion Prevention System
What does EDR stand for?
Endpoint Detection and Response
What does IOC and IOA stand for?
Indicator of Compromise and Indicator of Attack
What does APT stand for?
Advanced Persistent Threat
What does MITRE ATT&CK stand for?
MITRE Adversarial Tactics, Techniques, and Common Knowledge
What does CVSS stand for?
Common Vulnerability Scoring System
What does CVE stand for?
Common Vulnerabilities and Exposures
What does TTP stand for?
Tactics, Techniques, and Procedures
What does NIST CSF stand for?
National Institute of Standards and Technology Cybersecurity Framework
What does RBAC stand for?
Role-Based Access Control
What does BIA stand for?
Business Impact Analysis
What does PKI stand for?
Public Key Infrastructure
What does TLS/SSL stand for?
Transport Layer Security / Secure Sockets Layer
What does OSINT stand for?
Open-Source Intelligence
What does NAC stand for?
Network Access Control
What does OWASP stand for?
Open Web Application Security Project
What does GDPR stand for?
General Data Protection Regulation
What does SAST and DAST stand for?
Static Application Security Testing and Dynamic Application Security Testing
What does RTO and RPO stand for?
Recovery Time Objective and Recovery Point Objective
What does SLA stand for?
Service Level Agreement
What does DLP stand for?
Data Loss Prevention
What does XDR stand for?
Extended Detection and Response
What does DNS stand for?
Domain Name System
What does SIEM EDR stand for?
Security Information and Event Management Endpoint Detection and Response
What is threat intelligence?
Information about existing or emerging threats used to improve defensive strategies.
Define “lateral movement.”
The process by which attackers navigate through a network after initial compromise to gain further access.
What is a vulnerability?
A weakness in a system, application, or network that can be exploited by a threat actor.
Define “incident response.”
The process of identifying, managing, and mitigating security incidents.
What is defense-in-depth?
A security strategy that uses multiple layers of defenses to protect assets.
Define “zero-trust architecture.”
A security model that assumes no user or device should be trusted by default, even inside the network.
What is a playbook?
A documented set of procedures for responding to specific security incidents.
What is phishing?
A social engineering attack in which attackers trick individuals into providing sensitive information.
Define “penetration testing.”
Simulated cyberattacks designed to identify vulnerabilities in systems or networks.
What is encryption?
The process of converting data into a coded format to prevent unauthorized access.
Define “social engineering.”
Psychological manipulation of individuals to gain access to sensitive information.
What is a SIEM system used for?
Aggregating and analyzing security data to detect and respond to threats.
What is malware?
Malicious software designed to disrupt, damage, or gain unauthorized access to systems.
What is port scanning?
A technique used to identify open ports and services on a network.
What is the principle of least privilege?
Providing users and systems only the access they need to perform their job.
Define “multi-factor authentication (MFA).”
A security mechanism requiring multiple forms of verification to gain access.
What is DNS spoofing?
A type of attack where fake DNS responses are sent to redirect users to malicious sites.
Define “spear phishing.”
A targeted phishing attack aimed at specific individuals or organizations.
What is a honeypot?
A decoy system or resource set up to attract and study attackers.
Define “cyber kill chain.”
A framework describing the stages of a cyberattack, from reconnaissance to exploitation.
What is a vulnerability scan?
An automated process that identifies vulnerabilities in systems or networks.
Define “exfiltration.”
The unauthorized transfer of data from a system or network.
What is endpoint detection and response (EDR)?
A solution for monitoring and protecting endpoints (e.g., laptops, servers) against cyber threats.
What is risk assessment?
The process of identifying, evaluating, and prioritizing risks to organizational assets.
What is a SIEM correlation rule?
A set of conditions that define suspicious or malicious activity in logs and events.
What is the MITRE ATT&CK framework?
A matrix that categorizes adversarial behaviors into Tactics, Techniques, and Procedures (TTPs).
What is the OWASP Top 10?
A list of the most critical security risks to web applications.
What is the NIST CSF?
A cybersecurity framework from the National Institute of Standards and Technology used for risk management.
What is ISO 27001?
An international standard for Information Security Management Systems (ISMS).
What are log aggregation tools used for?
Collecting and analyzing logs to identify patterns, threats, or anomalies.
What is Nessus?
A vulnerability scanning tool used to identify weaknesses in systems.
What is Splunk?
A tool for log aggregation and analysis used in SIEM implementations.
What is OpenVAS?
An open-source tool for performing vulnerability assessments.
What is the CIS Controls framework?
A prioritized set of cybersecurity best practices created by the Center for Internet Security.
What is COBIT?
A framework for governance and management of enterprise IT.
What is PCI DSS?
The Payment Card Industry Data Security Standard, which protects payment card information.
What is the Cyber Kill Chain?
A model developed by Lockheed Martin to describe the stages of a cyberattack.
What is Wireshark?
A network protocol analyzer used for packet capture and analysis.
What is Netcat?
A networking tool for reading and writing data across network connections.
What is Burp Suite?
A web vulnerability scanner and penetration testing tool.
What is Metasploit?
A penetration testing framework for exploiting vulnerabilities.
What is the ELK Stack?
A log management suite composed of Elasticsearch, Logstash, and Kibana.
What is Graylog?
An open-source log management and analysis tool.
What is Kali Linux?
A Linux distribution used for penetration testing and security auditing.
What is Responder?
A tool used for performing man-in-the-middle attacks on Windows authentication protocols.
What is the Cloud Security Alliance (CSA)?
An organization that promotes best practices for secure cloud computing.
What is Cyber Threat Intelligence (CTI)?
Information used to understand and mitigate security threats.
What is the Common Vulnerability Scoring System (CVSS)?
A framework for assigning severity scores to vulnerabilities.
What is Snort?
An open-source intrusion detection and prevention system.
What is Zeek (formerly Bro)?
A network analysis framework focused on security monitoring.
What is the SCAP framework?
The Security Content Automation Protocol, used for automating security assessments.
What is OSSEC?
An open-source host-based intrusion detection system (HIDS).
What is Cuckoo Sandbox?
A tool for analyzing malware by running it in a controlled environment.
What is Nessus Agent?
A lightweight endpoint agent designed to run on individual systems for vulnerability scanning.
