Other Concepts Flashcards

1
Q

Concept

A

Description

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Honeypot

A

A decoy system or network set up to attract potential attackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Honeynet

A

A network of honeypots designed to simulate an entire network environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Honeyfile

A

A bait file used to attract and monitor malicious activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Honeytoken

A

A fake data entry used to detect unauthorized access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Zero Trust

A

A security model that assumes no implicit trust and requires continuous verification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Control Plane

A

Manages network traffic control, including routing, topology, and policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data Plane

A

Handles the actual movement and processing of data packets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Non-repudiation

A

Assurance that someone cannot deny the validity of something.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Anomalous behavior recognition

A

Detecting unusual behavior patterns that could indicate a security threat.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Attestation

A

A declaration that verifies a system’s integrity or security state.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Evidence of internal audits

A

Documentation proving that internal audits have been conducted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Risk assessment

A

The process of identifying and evaluating risks to an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Risk analysis

A

A detailed examination of risks to determine their impact and likelihood.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Risk register

A

A log of identified risks, their severity, and mitigation measures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Risk tolerance

A

The amount of risk an organization is willing to accept.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Risk management strategies

A

Strategies to manage and mitigate identified risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Risk reporting

A

The process of communicating information about risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Change management

A

Managing changes in a controlled and systematic way.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Owner Role

A

The individual responsible for the security of a specific asset.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Controller Role

A

Entity responsible for determining purposes and means of data processing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Processor Role

A

Entity that processes data on behalf of the controller.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Custodians/stewards

A

Individuals responsible for managing and protecting data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Open public ledger

A

A publicly accessible ledger used to record transactions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Key stretching
Techniques used to increase the time required to crack passwords.
26
Root of trust
A hardware or software component that is inherently trusted.
27
Obfuscation
The deliberate confusion of data to obscure its meaning.
28
Data masking
Techniques used to hide or obscure sensitive data.
29
Tokenization
Replacing sensitive data with a non-sensitive equivalent.
30
Steganography
Concealing a message within another message or file.
31
Key management system
A system used for the management of cryptographic keys.
32
Key exchange
The process of securely exchanging cryptographic keys.
33
Key escrow
Storing encryption keys with a third party for safekeeping.
34
Data exfiltration
The unauthorized transfer of data from a computer.
35
Race conditions
Software bugs that occur due to the timing of actions.
36
Side loading
Installing applications from unofficial sources.
37
Zero Day
A vulnerability that is unknown to those who should be interested in its mitigation.
38
Brute force
An attack where every possible combination of passwords is tried.
39
RFID cloning
Copying the data from an RFID chip to another device.
40
Smurf Attack
A type of attack where a network is flooded with spoofed requests.
41
Trojan
Malicious software disguised as legitimate software.
42
Logic Bomb
Malware that triggers a malicious action when certain conditions are met.
43
Rootkit
A set of software tools used to gain unauthorized access.
44
Credential replay
Reusing captured authentication credentials to gain access.
45
On-path
Intercepting and potentially altering communication between two parties.
46
Spraying
An attack where many password attempts are made using common passwords.
47
Birthday Attack
An attack that exploits the mathematics behind hash functions.
48
Segmentation
Dividing a network into segments to enhance security.
49
Isolation
Separating systems to prevent them from interacting directly.
50
Security zones
Different areas within a network with varying levels of security.
51
Attack Surface
The total number of points where an unauthorized user can try to enter data to or extract data from an environment.
52
Failure modes
The different ways in which a system can fail.
53
Port security
A security feature to restrict unauthorized network access.
54
Jump server
A server that acts as an intermediary between a secure network and external networks.
55
Inline vs. tap/monitor
Monitoring traffic inline vs. passive monitoring via tap.
56
Tunneling
Encapsulating one network protocol within another.
57
Layer 4
Layer 4 of the OSI model, responsible for transport.
58
Layer 7
Layer 7 of the OSI model, responsible for application services.
59
RAID 0
A type of RAID that stripes data across multiple disks for performance but offers no redundancy.
60
RAID 5
A type of RAID that offers a good balance of performance and redundancy.
61
802.1X
A network access control protocol for securing access to a network.
62
Data sovereignty
The concept that data is subject to the laws and regulations of the country in which it is located.
63
Clustering
Linking multiple servers together to work as a single system.
64
Warm Site
A backup site that is not fully equipped but can be operational within a reasonable time.
65
Multi-cloud systems
Using multiple cloud services to prevent reliance on a single provider.
66
Tabletop exercises
Simulated exercises to test the preparedness for emergency situations.
67
Simulation
A simulated environment to test responses to hypothetical scenarios.
68
Parallel Processing
Simultaneous processing by multiple processors to complete a task.
69
Snapshots
Capturing the state of a system at a specific point in time.
70
Secure Baselines
Defined configurations that are known to be secure.
71
Static Code Analysis
Analyzing source code to identify potential vulnerabilities.
72
Data Certification
The process of validating that data meets the necessary standards.
73
Enumeration
Discovering and listing network resources and their services.
74
Classification
Categorizing data based on its sensitivity and importance.
75
NetFlow
NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network flow.
76
IPFIX
IPFIX is an enhanced version of NetFlow v9, and is sometimes called "NetFlow v10"
77
Screened Subnets
Subnets that are separated from the rest of the network for security purposes.
78
Hard Authentication Token
A physical device used to provide secure authentication.
79
Soft Authentication Token
A software-based method of providing secure authentication.
80
Just-in-time Permissions
Granting permissions only when they are needed.
81
Password Vaulting
A secure storage solution for managing passwords.
82
Ephemeral credentials
Credentials that are temporary and expire after use.
83
Passwordless
Authentication without the use of passwords.
84
Root Cause Analysis
Investigating the root cause of security incidents.
85
Legal Hold
A process that ensures the preservation of relevant data for legal proceedings.
86
E-Discovery
The process of identifying and retrieving electronic information.
87
Threat Hunting
Proactively searching for cyber threats within a network.
88
Guard Rails
Pre-defined security policies and procedures to follow.
89
File Integrity Monitoring
Monitoring files to ensure they have not been altered or compromised.