Messer Exam B Flashcards
CRL
Certificate Revocation List:
a CRL is a type of blocklist of digital certificates that CAs deem as untrustworthy or that they are no longer willing to vouch for.
OCSP
Online Certificate Status Protocol:
an alternative to the certificate revocation list (CRL) and is used to check whether a digital certificate is valid or if it has been revoked.
CA
Certificate Authority:
a trusted third party that issues digital certificates to verify the identity of websites, users, and organizations.
CSR
Certificate Signing Request:
a message that asks a Certificate Authority (CA) to issue a digital certificate. Contains the public key.
Host-based Firewall
works as a shield directly on a server or endpoint device. It analyzes and directs network traffic flow. Its primary role is to enforce security policies that determine what kind of data packets can enter or leave the host system.
Anti-malware
software that protects computers from malware, which is software that can damage or destroy a computer.
Full Device Encryption
a security method for protecting sensitive data at the hardware level by encrypting all data on a disk drive
MDM
Mobile Device Management:
security software that lets organizations manage mobile devices like smartphones, tablets, and laptops.
OSINT
Open Source Intelligence:
the practice of gathering, analyzing, and using information from public sources
Hashing
the process of transforming any given key or a string of characters into another value.
Hashing is used to protect passwords, messages, and documents
Hashing is used to create digital signatures that can be verified with a public key
Digital Signature
a mathematical method that verifies the authenticity of a digital document or message.
Uses:
-to confirm that information came from the signer and hasn’t been changed.
-to protect information in digital messages or documents.
-to identify users.
SPF
Sender Policy Framework:
A DNS record that lists the IP addresses of authorized mail servers for a domain.
Used to stop phishing attacks
Key Escrow
a system that stores keys used to decrypt encrypted data. A third party, or escrow agent, holds the keys and can access them under certain conditions.
Journaling
Helps ensure data integrity by recording changes before they are committed
Can help restore data after a system crash or power failure
Obfuscation
a cybersecurity technique that makes information harder to understand or access.
Data in-Transit
Data at-Rest
Data in-Use
in-Transit: information that’s moving from one location to another, such as over a network or the internet.
at-Rest: data that is stored on a device, such as a computer or server, and is not being actively used. It can include files, spreadsheets, databases, and archived emails.
in-Use: information that is being actively used or processed by a user or application. In memory.
IPS
Intrusion Protection System:
An intrusion prevention system (IPS) is a network security tool that continuously monitors a network for malicious activity and takes action to prevent it.
Security Controls
Deterrent: security measures that discourage people from breaking security policies.
Compensating: alternative security measures used when primary controls are not feasible.
Directive: security measures that direct and guide activities to ensure compliance with security policies. They can include policies, mandates, and other directives.
Detective: detect, log, and alert to security incidents after they occur.
Data Owner
a person or group that manages and is accountable for an organization’s data. Senior manager.
Data Controller
A data controller manages the processing of the data. For example, a payroll department would be a data controller
Data Steward
The data steward manages access rights to the data. The IT team may be the data steward.
Data Processor
A third-party that processes data on behalf of
the data controller.
SDN
Software Defined Networking:
enables efficient network configuration to create grouping and segmentation while improving network performance and monitoring
Buffer Overflow
a vulnerability that lets a malicious hacker inject data into program memory and execute it by giving more data in user input than the program is designed to handle.
DNS Poisoning
happens when fake information is entered into the cache of a domain name server, resulting in DNS queries producing an incorrect reply, sending users to the wrong website.
Federation
a way to share security measures across multiple systems, organizations, and networks.
RADIUS
a networking protocol that authorizes and authenticates users who access a remote network.
DKIM
DomainKeys Identified Mail:
a way to verify that an email is authentic and hasn’t been changed using a digital signature.
RBAC
Role-based access control (RBAC) is a security method that limits access to systems based on a user’s role.
HSM
Hardware security modules are hardened, tamper-resistant hardware devices that secure cryptographic processes by generating, protecting, and managing keys used for encrypting and decrypting data and creating digital signatures and certificates.
MTBF
Mean Time Between Failures
RPO
Recovery Point Objective: is a cybersecurity metric that measures the maximum amount of data loss that an organization can tolerate after an incident.
RTO
“recovery time objective”. It’s the maximum amount of time that a system can be down after a cyber attack or disaster.
MTTR
Mean Time to Repair
Tokenization
Tokenization replaces sensitive data with a non-sensitive placeholder.
Masking
hides data from being viewed. The full credit card numbers are stored in a database, but only a limited view of this data is available when accessing the information from the application.
Salting
adds randomized data when performing a hashing function.
COPE
Corporate-Owned Personally-Enabled: A device owned by an enterprise and issued to an employee. Both the enterprise and the employee can install applications onto the device.
AAA
Authentication, Authorization, and Accounting (AAA) is a framework used to control and track access within a computer network.
IPsec
a collection of protocols that protect data by encrypting and authenticating IP packets. IPsec is used to create secure connections over networks, such as virtual private networks (VPNs).
SIEM
Security information and event management (SIEM) is a cybersecurity tool that helps organizations identify and respond to security threats. SIEM tools analyze data from various sources, such as servers, applications, and firewalls, to generate alerts and automate responses.
Mitigation
the process of taking steps to prevent cyberattacks and protect systems and data
Acceptance
a conscious decision to acknowledge a risk and allow it to persist within the IT environment, without immediate intervention.
Transference
a risk management strategy that moves the financial impact of cyber threats to a third party.
Avoidance
eliminating a specific risk by avoiding activities or situations that could lead to it.
Watering Hole
a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware.
SQL Injection
a code injection technique used to modify or retrieve data from SQL databases. By inserting specialized SQL statements into an entry field, an attacker is able to execute commands that allow for the retrieval of data from the database, the destruction of sensitive data, or other manipulative behaviors.
SCAP
Security Content Automation Protocol is used as a common protocol across multiple security tools.
SLA
SErvice Level Agreement: defines the level of service expected from a vendor, laying out metrics by which service is measured, as well as remedies should service levels not be achieved.
On Path Attack
a cyberattack where an attacker positions themselves between two devices and intercepts or alters their communication.
WAF
A web application firewall (WAF) is a cybersecurity tool that protects web applications from malicious traffic.
SASE
Secure Access Service Edge is a cloud-aware version of a VPN client, and it is commonly deployed as a client on the user device.
Replay Attack
a cyberattack where an attacker intercepts and retransmits a valid data transmission to gain unauthorized access or cause harm.
HIPS
Host Intrusion Prevention System: an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.
LDAP
The Lightweight Directory Access Protocol (LDAP) is a vendor-neutral software protocol used to lookup information or devices within a network.
Secure Enclave
a hardware-based security subsystem that protects sensitive data on Apple devices
DLP
Data Loss Prevention: a security solution that identifies and helps prevent unsafe or inappropriate sharing, transfer, or use of sensitive data.
Mandatory Access Control
Mandatory access control (MAC) is a security system that limits access to resources based on a user’s clearance level and the sensitivity of the information.
Rule Based Access Control
an access control system that allows user access to network resources according to pre-defined rules.
Discretionary Access Control
a policy that gives the owner of an object control over who can access it and how.
Role Based Access Control
a security model where user access to systems, applications, and data is granted based on their predefined role within an organization
DRP
Disaster Recovery Plan
ALE
ALE (Annual Loss Expectancy) is the expected cost for all events in a single year.
SLE
SLE (Single Loss Expectancy) is the monetary loss if a single event occurs.
ARO
ARO (Annualized Rate of Occurrence) describes the number of instances estimated to occur in a year.
