Other Sec Plus Terms Flashcards

1
Q

a type of computerized cryptography where block cipher algorithms are applied three times to each data block. Each block contains 64 bit of data

A

3DES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

a symmetric block cipher algorithm with a block/chunk size of 128 bits

A

AES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

which has a key length of 256 bits, supports the largest bit size and is practically unbreakable by brute force based on current computing power, making it the strongest encryption standard

A

AES256

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

enables the real-time exchange of machine-readable cyber threat indicators and defensive measures to help protect participants of the community and ultimately reduce the prevalence of cyberattacks

A

automated indicator sharing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

is a memory-protection process for operating systems (OSes) that guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory

A

Address space layout randomization ASLR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

works as a secondary RAM, enable the system to remove infrequently accessed modified pages from physical memory to let the system use physical memory more efficiently for more frequently accessed pages

A

page file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

enables web servers to dynamically generate webpages and create interactive web applications by using server-side scripting technology.

A

active server pages ASP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

is a document that outlines how a business will continue operating during an unplanned disruption in service

A

business continuity planning BCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

global routing system of the internet. It manages how packets get routed from network to network through the exchange of routing and reachability information among edge routers

A

Border Gateway Protocol BGP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

predicts the consequences of disruption of a business function and process and gathers information needed to develop recovery strategies

A

Business Impact Analysis BIA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

s used in infrastructure mode to identify the media access control (MAC) address of the access point.

A

Basic Service Set Identifier BSSID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

a report of measures taken to address root causes of non-conformances to prevent recurrence of issues

A

CAR Correction Action Report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Action taken to prevent the occurrence of such non-conformities, generally as a result of a report

A

Preventive Action Report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

is a group of information security experts responsible for the protection against, detection of and response to an organization’s cybersecurity incidents

A

Computer Emergency Response Team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Group of individuals usually consisting of Security Analysts organized to develop, recommend, and coordinate immediate mitigation actions for containment, eradication, and recovery resulting from computer security incidents.

A

Computer Incident Response Team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

software suites that allow site administrators to easily manage the design, functionality, and operation of websites with minimal technical expertise

A

Content Management System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A type of checksum algorithm that is not a cryptographic hash but is used to implement data integrity service where accidental changes to data are expected

A

Cyclic Redundancy Check

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

is an executive responsible for the safety and security of company data, personnel, and assets.

A

chief security officer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

is a hardware device that converts a digital data frame from the communications technology.

A

Channel Service Unit CSU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

uses an arbitrary number (the counter) that changes with each block of text encrypted is encrypted with the cipher, and the result is XOR’d into ciphertext

A

counter mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

top executive that oversees the entire information technology department and is responsible for integrating business needs and requirements into IT planning and operations

A

Chief Technology Officer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

approach generates a public and private key on both sides of the transaction, but only shares the public key

A

diffie hellman DHE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

a protocol that allows an organization to take responsibility for transmitting a message by signing it in a way that mailbox providers can verify

A

Domain Keys Identified Mail DKIM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

helps mail administrators prevent hackers and other attackers from spoofing their organization and domain.

A

Domain-Based Message Authentication Reporting and Conformance DMARC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

when a volume or character of plaintext is separated or divided into several blocks of data, each or every of which is then encrypted independently divides it of other blocks

A

electronic code book

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

a key agreement protocol that allows two parties, each having an elliptic-curve public–private key pair, to establish a shared secret over an insecure channel

A

Elliptic-curve Diffie–Hellman

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

a cryptographic algorithm used by Bitcoin to ensure that funds can only be spent by their rightful owners. While the private key is a secret number, known only to the person that generated it.

A

Elliptic-curve Digital Signature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

facilitates file or directory encryption and decryption with the help of complex cryptographic algorithms.

A

Encrypted File System EFS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

used to track the address of the current instruction running inside the application.

A

EIP Extended Instruction Pointer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

refers to a type of software that organizations use to manage day-to-day business activities such as accounting, procurement, project management, risk management and compliance, and supply chain operations.

A

ERP Enterprise Resource Planning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

you have more than one access point and they all are set to the same SSID and all are connected together in the same VLAN or distribution system so users can roam

A

Extended Service Set Identifier ESSID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

a block cipher mode of operation that uses universal hashing Works with hmac and counter.

A

Galois counter mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Open source that allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories

Successor of PGP

A

GNU Privacy Guard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links or point-to-multipoint links

A

generic routing encapsulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

cryptographic authentication technique that uses a hash function and a secret key. achieve authentication and verify that data is correct and authentic with shared secrets

A

Hash-based Message Authentication Code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

verifying the integrity of operating systems and application software files to determine if tampering or fraud has occurred by comparing them to a trusted “baseline.

A

File Integrity Monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

network layer protocol used by network devices to diagnose network communication issue

Associated with the ping command

A

Internet Control Message Protocol ICMP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

is a symmetric key block cipher encryption algorithm designed to encrypt text to an unreadable format for transmission via the internet. It uses a typical block size of 128 bits and takes 64 bits as an input

A

International Data Encryption Algorithm IDEA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

wall-mounted rack for managing and interconnecting a telecommunications cable between end-user devices

A

Intermediate Distribution Frame IDF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

nurtures, develops, and advances the building of global technologies. As a leading developer of industry standards in a broad range of technologies

A

Institute of Electrical and Electronics Engineers IEEE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

a standard protocol used to set up a secure and authenticated communication channel between two parties via a virtual private network (VPN).

A

Internet Key Exchange IKE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

specific protocol through which individuals can hold real-time online conversations via PCs and other devices

A

Internet Relay Chat IRC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

A document that regulates security-relevant aspects of an intended connection between an agency and an external system

A

Interconnection Security Agreement ISA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

a new class of firewall that can be deployed rapidly with minimum disruption while keeping up the multi-gigabit speeds of internal networks. Instant visibility and protection can be applied to specific parts of the internal network.

A

Internal Segmentation Firewall

45
Q

Individual with assigned responsibility for maintaining the appropriate operational security posture for an information system or program

A

Information Systems Security Officer ISSO

46
Q

a planned course of action designed to help an organization respond effectively to a significant future incident, event or situation that may or may not happen

A

IT Contingency Plan

47
Q

symmetric encryption that allows the access of two or more systems in a network by generating a unique ticket type key for establishing a secure connection over which data is shared and transferred

A

Key Distribution Center

48
Q

A key that encrypts other key (typically Traffic Encryption Keys or TEKs) for transmission or storage.

A

Key Encryption Key

49
Q

is a computer network that connects computers within single large city, multiple cities and towns

A

Metropolitan Area Network

50
Q

is the information in the first sector of a hard disk or a removable drive. It identifies how and where the system’s operating system

A

Master Boot Record

51
Q

a one-way cryptographic function that accepts a message of any length as input and returns as output a fixed-length digest value to be used for authenticating the original message.

A

MD5

52
Q

the primary hub or demarcation point that interconnects private or public IT and telecommunication lines coming into a building to an internal network via any number of intermediate distribution frame

A

Main Distribution Frame

53
Q

designed to provide more secure authentication for 802.11 WLANs (wireless local area networks) that support 802.1X port access control

A

Lightweight Extensible Authentication Protocol

54
Q

a networking technology that routes traffic using the shortest path based on “labels,” rather than network addresses, to handle forwarding over private wide area networks

A

Multiprotocol Label Switching

55
Q

thorough assessment of a measurement process, and typically includes a specially designed experiment that seeks to identify the components of variation in that measurement process

A

Measurement Systems Analysis

56
Q

an identity checking protocol that periodically re-authenticates the user during an online session

A

Challenge Handshake Authentication Protocol

57
Q

an identity checking protocol that periodically re-authenticates the user during an online session. challenge response packet is in a format designed specifically for Windows platforms. does not require the use of plaintext or reversibly encrypted passwords the way CHAP does and uses Md4 hash of the password to validate the response

A

MS Chap

58
Q

a measurement in bytes of the largest data packets that an Internet-connected device can accept

A

Maximum transmission unit MTU

59
Q

is the replacement of network appliance hardware with virtual network machines

A

Network Function Virtualization NFV

60
Q

a suite of security protocols offered by Microsoft to authenticate users’ identity and protect the integrity and confidentiality of their activity.

A

New Technology LAN Manager NTLM

61
Q

Name the seven layers of the OSI

A

Application
Presentation
Session
Transport
Network
Data link
Physical

62
Q

router protocol used to find the best path for packets as they pass through a set of connected networks

A

Open Shortest Path First

63
Q

An open format for describing vulnerabilities within a target system. It standardizes models for analyzing vulnerabilities and presenting basic information about the system being investigated. The report provides a comprehensive overview of the issue

A

Open Vulnerability and Assessment Language OVAL

64
Q

a decentralized platform whereby two individuals systems interact directly with each other, without intermediation by a third party.

A

peer to peer P2P

65
Q

an information security (infosec) mechanism that safeguards identities with special access or capabilities beyond regular users.

A

Privileged Access Management

66
Q

account modules check that the specified account is a valid authentication target under current conditions. This may include conditions like account expiration, time of day, and that the user has access to the requested service.

A

Pluggable Authentication Modules

67
Q

provides a simple method for the peer to establish its identity using a two-way handshake

A

password authentication protocol

68
Q

extension of Network Address Translation (NAT) that permits multiple devices on a LAN to be mapped to a single public IP address to conserve IP addresses.

translates the private unregistered IP addresses into public registered IP addresses

A

Port Address Translation

69
Q

s simply any mechanism for taking a password (something a user remembers or stores in a password manager) and turning it into a symmetric key suitable for cryptographic operations

A

Password-based Key Derivation Function 2 PBKDF2

70
Q

used to describe a business telephone system that offers multiple inbound and outbound lines, call routing, voicemail, and call management features

A

Private Branch Exchange PBX

71
Q

is the standard file format for executables, object code and Dynamic Link Libraries (DLLs) used in 32- and 64-bit versions of Windows operating systems.

A

Portable Executable

72
Q

legacy Open source a popular program used to encrypt and decrypt email over the internet, as well as authenticate messages with digital signatures and encrypted stored files.

A

pretty good privacy PGP

73
Q

are a set of standard protocols, numbered from 1 to 15. These standards were developed to enable secure information exchange on the internet by using a public key infrastructure

A

Public Key Cryptography Standards

74
Q

a TCP/IP protocol that is used to connect one computer system to another.

A

PPP Point to Point Protocol

75
Q

protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating a virtual private network

A

point to point tunneling protocol

76
Q

cameras are built with mechanical parts that allow them to swivel left to right, tilt up and down, and zoom in and out of a scene

A

pan tilt zoom

77
Q

model is based on prototyping and iterative model with no (or less) specific planning. In general, approach to software development means putting lesser emphasis on planning tasks and more emphasis on development and coming up with a prototype.

A

rapid application development

78
Q

one of the most commonly used stream ciphers. It encrypts messages one byte at a time via an algorithm

A

RC4

79
Q

a fast cryptographic hash function that is tuned towards soft- ware implementations on 32-bit architectures

A

RIPEMD

80
Q

defined as the maximum amount of data – as measured by time – that can be lost after a recovery from a disaster, failure, or comparable event before data loss will exceed what is acceptable to an organization

A

Recovery Point Objective

81
Q

a public-key encryption algorithm that uses an asymmetric encryption algorithm to encrypt data

A

RSA

82
Q

filtering is used to push the packet drops off the customer/POP routers and shift them to the edge of the network.

A

Remotely Triggered Black Hole

83
Q

authentication is performed with a hash of a generated key that is unique to each authentication, rather than having the same Pairwise Master Key every time

A

Simultaneous Authentication of Equals SAE

84
Q

is a multi-purpose framework of specifications that supports automated configuration, vulnerability and patch checking, technical control compliance activities, and security measurement.

A

Security Content Automation Protocol SCAP

85
Q

an open source protocol that is widely used to make digital certificate issuance at large organizations easier, more secure, and scalable

A

Simple Certificate Enrollment Protocol

86
Q

is a process of planning, creating, testing, and deploying information systems across hardware and software.

A

Software Development Life Cycle

87
Q

A hashing algorithm shortens the input data into a smaller form that cannot be understood by using bitwise operations, modular additions, and compression functions

A

SHA

88
Q

the monetary value expected from the occurrence of a risk on a single asset

A

single Loss Expectancy

89
Q

network file sharing protocol that allows applications on a computer to read and write to files and to request services from server programs in a computer network

uses port 445 and 139

A

Server Message Block

90
Q

protocol used to send and receive email.
ues port 25

A

SMTP

91
Q

a lightweight XML-based protocol that is used for the exchange of information in decentralized, distributed application environments

A

SOAP Simple Object Access Protocol

92
Q

operations center is to monitor, prevent, detect, investigate, and respond to cyber threats around the clock

A

security operations center

93
Q

is an email authentication method designed to detect forging sender addresses during the delivery of the email.

A

Sender Policy Framework

94
Q

sitting between users and the Internet. gateways provide advanced network protection by inspecting web requests against company policy to ensure malicious applications and websites are blocked and inaccessible

A

Secure Web Gateway

95
Q

connection-oriented protocol a bit slower
protocol that is used on top of IP to ensure reliable transmission of packets. includes mechanisms to solve many of the problems that arise from packet-based messaging, such as lost packets, out of order packets, duplicate packets, and corrupted packets.

A

Transport Control Protocol

96
Q

connectionless protocol a bit faster

a communications protocol that is primarily used to establish low-latency and loss-tolerating connections between applications on the internet

A

User Datagram Protocol

97
Q

a small amount of encrypted data that is issued by a server in the Kerberos authentication model to begin the authentication process

A

Transaction Granting Ticket

98
Q

the digital information used in cryptocurrency transactions to verify the identity of its participants

A

Transaction Signature

99
Q

user behavior analytics , is the process of gathering insight into the network events that users generate every day

A

UEBA User and Entity behavior analytics

100
Q

a subnet – a segmented piece of a larger network – design strategy where all subnet masks can have varying sizes.

A

Variable-length Subnet Masking

101
Q

monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools. The system monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator whenever a rogue access point is detected.

A

Wireless Intrusion Detection System WIDS

102
Q

compares the MAC addresses of all wireless access points on a network against the known signatures of pre-authorized, known wireless access points and alerts an administrator when a discrepancy is found.

A

Wireless Intrusion Prevention System WIPS

103
Q

a data storage technology that allows data to be written to a storage medium a single time and prevents the data from being erased or modified

A

WORM Write Once Read Many

104
Q

exchanging files between two TCP/IP machines but also doesn’t require authentication

Uses port 69

A

TFTP TRIVAL file transfer protocol

105
Q

Process of PII in a dataset , to protected individual idenfitication. Can still be used and protected

A

Data Anonmization

106
Q

Cloud vulnerability can allow an attacker to compromise containers of other teneants on the same host.

A

Shared Tenancy Vulnerability

107
Q

Name the four coding stages in order

A

Development , test , stage and production

108
Q

Name the four risk management strategies

A

Acceptance
Transferrance
Avoidance
Reduction

109
Q

Name the 7 phases of cyber kill chain

A

Phase 1: Reconnaissance
Phase 2: Weaponization
Phase 3: Delivery
Phase 4: Exploitation
Phase 5: Installation
Phase 6: Command and Control
Phase 7: Actions on Objective