M-T Flashcards

1
Q

Media access control (MAC) address

A

A unique identifier assigned to network interfaces for communications on the physical network segment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

MAC header

A

represents the hardware address of an network interface controller (NIC) inside a data packet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Mail relay server

A

An electronic mail (email) server that relays messages so that neither the sender nor the recipient is a local user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Mandatory access control (MAC)

A

a means of restricting access to data based on varying degrees of security requirements for information contained in the objects and the corresponding security clearance of users or programs acting on their behalf.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Man-in-the-middle attack

A

an attack strategy in which the attacker intercepts the communication stream between two parts of the victim system and then replaces the traffic between the 2 components with the intruder’s own, eventually assuming control of the communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

masking

A

a computerized technique of blocking of the display of sensitive information, such as passwords, on a computer terminal or report.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Message authentication code

A

An American National Standards Institute (ANSI) standard checksum that is computed using Data Encryption Standard (DES).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Message digest

A

A smaller extrapolated version of the original message created using a message digest algorithm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Message digest algorithm

A

Message digest algorithms are SHA1, MD2, MD4, and MD5. These algorithms are one-way functions unlike private and public key encryption algorithms. All digest algorithms take a message of arbitrary length and produce a 128-bit message digest.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Metropolitan area network (MAN)

A

A data network intended to serve an area the size of a large city.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Miniature fragment attack

A

Using this method, an attacker fragments the IP packet into smaller ones and pushes it through the firewall, in the hope that only the first of the sequence of fragmented packets would be examined and the others would pass without review.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Mirrored site

A

An alternate site that contains the same information as the original. Mirrored sites are set up for backup and disaster recovery and to balance the traffic load for numerous download requests. Such download mirrors are often placed in different locations throughout the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Multifactor authentication

A

A combination of more than one authentication method

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

National Institute for Standards and Technology (NIST)

A

Develops tests, test methods, reference data, proof-of concept implementations, and technical analyses to advance the development and productive user of IT. NIST is a US govt entity that creates mandatory standards that are followed by federal agencies and those doing business with them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Network basic input/out system (NetBIOS)

A

A program that allows applications on different computers to communicate within a local area network (LAN)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Network address translation (NAT)

A

A methodology of modifying network address information in datagram packet headers while they are in transit across a traffic routing device for the purpose of remapping one IP address space into another.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Network interface card (NIC)

A

A communication card that when inserted into a computer, allows it to communicate with other computers on a network. Most NICs are designed for a particular type of network or protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Network news transfer protocol (NNTP)

A

Used for the distribution, inquiry, retrieval, and posting of Netnews articles using a reliable stream-based mechanism. For news-reading clients, nnTP enables retrieval of news articles that are stored in a central database, giving subscribers the ability to select only those articles they wish to read.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Network segmentation

A

A common technique to implement network security is to segment an organization’s network into separate zones that can be separately controlled, monitored and protected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Network traffic analysis

A

Identifies patterns in network communications. Traffic analysis does not need to have the actual content of the communication but analyzes where traffic is taking place, when and for how long communications occur and the size of information transferred.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Nonintrusive monitoring

A

use of transported probes or traces to assemble information, track traffic and identify vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Nonrepudiation

A

Assurance that a party cannot later deny originating data; provision of proof of the integrity and origin of the data that can be verified by a third party. A digital signature can provide nonrepudiation.

23
Q

Normalization

A

elimination of redundant data

24
Q

Obfuscation

A

Deliberate act of creating source or machine code that is difficult for humans to understand.

25
Q

Open Systems Interconnect (OSI) model

A

Model for the design of a network. The open systems interconnect (OSI) model defines groups of functionality required to network computers into layers. Each layer implements a standard protocol to implement its functionality. There are 7 layers in the OSI model.

26
Q

Operating System (OS)

A

A master control program that runs the computer and acts as a scheduler and traffic controller.

27
Q

Open Web Application Security Project (OWASP)

A

An open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.

28
Q

Outcome measure

A

Represents the consequences of actions previously taken; often referred to as a lag indicator. Outcome measures frequently focus on result at the end of a time period and characterize historic performance. Also referred to as a key goal indicator (KGI)/ “lag indicators” and used to indicate whether goals have been met.

29
Q

Packet filtering

A

COntrolling access to a network by analyzing the attributes of the incoming and outgoing packets and either letting them pass, or denying them, based on a list of rules.

30
Q

Packet switching

A

Process of transmitting messages in convenient pieces that can be reassembled at the destination.

31
Q

Passive response

A

A response option in intrusion detection in which the system simply reports and records the problem detected, relaying on the user to take subsequent action.

32
Q

Payload

A

The section of fundamental data in a transmission, section containing the harmful data/code.

33
Q

Platform as a Service

A

Offers the capability to deploy onto the cloud infrastructure customer- created or acquired applications that are created using programming languages and tools supported by the provided.

34
Q

Policy

A

A document that records a high-level principle or course of action that has been decided on. Intended purpose is to influence and guide both present and future decision making to be in line with the philosophy, objectives and strategic plans established by the enterprise’s mgmt teams.

35
Q

Principle of least privilege/access

A

controls used to allow the least privilege access needed to complete a task.

36
Q

Procedure

A

A document containing a detailed description of the steps necessary to perform specific operations in conformance with applicable standards. Procedures are defined as part of processes.

37
Q

Proxy server

A

A server that acts on behalf of a user. Typical proxies accept a connection from a user, make a decision as to whether the user or client IP address is permitted to use the proxy, perhaps perform additional authentication, and complete a connection to a remote destination on behalf of the user.

38
Q

Public key encryption

A

A cryptographic system that uses 2 keys: one is public key, which is known to everyone, and the second is a private/ secret key, which is only known to the recipient of the message.

39
Q

Public key infrastructure (PKI)

A

A series of processes and technologies for the association of cryptographic keys with the entity to whom those keys were issued.

40
Q

Public switched telephone network (PSTN)

A

A communications system that sets up a dedicated channel (or circuit) between 2 points for the duration of the transmission.

41
Q

Reciprocal agreement

A

Emergency processing agreement between 2 or more enterprises with similar equipment or applications. Typically, participants of a reciprocal agreement promise to provide processing time to each other when an emergency arises.

42
Q

Recovery

A

phase in the incident response plan that ensures that affected systems or services are restored to a condition specified in the service delivery objectives (SDOs) or business continuity plan (BCP).

43
Q

Recovery point objective (RPO)

A

Determined based on the acceptable data loss in case of a disruption of operations. Indicates the earliest point in time that is acceptable to recover the data. RPO effectively quantifies the permissible amount of dat loss in case of interruption.

44
Q

Registration authority (RA)

A

The individual institution that validates an entity’s proof of identity and ownership of a key pair.

45
Q

Repeaters

A

Physical layer device that regenerates and propagates electrical signals between 2 network segments. Repeaters receive signals from 1 network segment and amplify (regenerate) the signal to compensate for signal (analog or digital) distorted by transmission loss due to reduction of signal strength during transmission

46
Q

Return-oriented attacks

A

An exploit technique in which the attacker uses control of the call stack to indirectly execute cherry-picked machine instructions immediately prior to the return instruction in subroutines within the existing program code.

47
Q

Rootkit

A

A software suit designed to aid an intruder in gaining unauthorized administrative access to a computer system.

48
Q

Secure Multipurpose Internet Mail Extensions (S/MIME)

A

Provides cryptographic security services for electronic messaging applications: authentication, message integrity and nonrepudiation of origin (using digital signatures) and privacy and data security (using encryption) to provide a consistent way to send and receive MIME data.

49
Q

Secure Shell

A

Network protocol that uses cryptography to secure communication, remote command line login and remote command execution between 2 networked computer.

50
Q

Security as a Service (SecaaS)

A

Next generation of managed security services dedicated to the delivery, over the internet, of specialized information-security services.

51
Q

Service delivery objective (SDO)

A

Directly related to the business needs, SDO is the level of services to be reached during the alternate process mode until the normal situation is restored.

52
Q

SQL injection

A

Results from failure of the application to appropriately validate input When specially crafted user-controlled input consisting of SQL syntax is used without proper validation as part of SQL queries, it is possible to glean information from the database in ways not envisaged during application design.

53
Q

Stateful inspection

A

A firewall architecture that tracks each connection traversing all interfaces of the firewall and makes sure they are valid.