OP

Question 1

Offline files

Answer 1

Computer file storage media that are not physically connected to the computer; typical examples are tapes or tape cartridges used for backup purposes.

Question 2

Open Source Security Testing Methodology

Answer 2

An open and freely available methodology and manual for security testing.

Question 3

Outcome measure

Answer 3

Represents the consequences of actions previously taken; often referred to as a lag indicator

Question 4

Packet filtering

Answer 4

Controlling access to a network by analyzing the attributes of the incoming and outgoing packets and either letting them pass, or denying them, based on a list of rules

Question 5

Packet switching

Answer 5

The process of transmitting messages in convenient pieces that can be reassembled at the destination

Question 6

Packet

Answer 6

Protocol data unit that is routed from source to destination in a packet-switched network

Question 7

Paper test

Answer 7

A walk-through of the steps of a regular test, but without actually performing the steps.

Question 8

Partitioned file

Answer 8

A file format in which the file is divided into multiple sub files and a directory is established to locate each sub file.

Question 9

Passive response

Answer 9

A response option in intrusion detection in which the system simply reports and records the problem detected, relying on the user to take subsequent action.

Question 10

Password cracker

Answer 10

A tool that tests the strength of user passwords by searching for passwords that are easy to guess. It repeatedly tries words from specially crafted dictionaries and often also generates thousands (and in some cases, even millions) of permutations of characters, numbers and symbols.

Question 11

Penetration testing

Answer 11

A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers

Question 12

Personally identifiable information (PII)

Answer 12

Any information that can be used to establish a link between the information and the natural person to whom such information relates, or that is or might be directly or indirectly linked to a natural person

Question 13

Phishing

Answer 13

A type of electronic mail (email) attack that attempts to convince a user that the originator is genuine, but with the intention of obtaining information for use in social engineering

Question 14

Platform as a Service (PaaS)

Answer 14

Offers the capability to deploy onto the cloud infrastructure customer-created or -acquired applications that are created using programming languages and tools supported by the provider

Question 15

Policy

Answer 15

A document that communicates required and prohibited activities and behaviors

Question 16

Port

Answer 16

A process or application-specific software element serving as a communication endpoint for the transport layer IP protocols (UDP and TCP)

Question 17

Privacy

Answer 17

The right of an individual to trust that others will appropriately and respectfully use, store, share and dispose of his/her associated personal and sensitive information within the context, and according to the purposes for which it was collected or derived

Question 18

Private key

Answer 18

A mathematical key (kept secret by the holder) used to create digital signatures and, depending on the algorithm, to decrypt messages or files encrypted (for confidentiality) with the corresponding public key.

Question 19

Procedure

Answer 19

A document containing a detailed description of the steps necessary to perform specific operations in conformance with applicable standards. Procedures are defined as part of processes.

Question 20

Proxy server

Answer 20

A server that acts on behalf of a user

Question 21

Public key

Answer 21

In an asymmetric cryptographic scheme, the key that may be widely published to enable the operation of the scheme.