Primers

Question 1

SANS Institute

Answer 1

SysAdmin, Audit, Networking, and Security (SANS) Institute is a nonprofit organization established in 1989 to provide valuable information and training to information security professionals. This institute also provides accreditation to organizations. SANS publishes a weekly news digest and original white papers on various topics in Information Security

Question 2

Computer Emergency Response Team (CERT)

Answer 2

After the Morris worm incident, the U.S. government recognized the need for a public
or private entity to deal with incident coordination, response, and remediation efforts
during Internet security situations. The U.S. government contracted Carnegie Mellon
University to create a Computer Emergency Response Team (CERT) in 1988. The
team’s objective was to ensure that appropriate technology and systemsmanagement
practices resisted attacks on networked systems, limited damage, and
ensured continuity of critical services in spite of successful attacks, accidents, or
failures. The team also provided information on industry trends and educated
individuals and partners on security issues.

Question 3

International Information Systems Security Certification Consortium, Inc. (ISC)2

Answer 3

established in 1989 as a nonprofit corporation to educate and to certify information
security professionals. Certifications offered included the Certified Information
Systems Security Professional (CISSP) certification. In 1990, (ISC)2 created the first
prototype for the Common Body of Knowledge (CBK) criteria. CBK defines global
industry standards and serves as a common framework of terms and principles
within the information security industry.

Question 4

National Cyber Security Division (NCSD)

Answer 4

a division of the Office of
Cyber Security & Communications. It is within the U.S. Department of
Homeland Security and is one of the U.S.’s main government organizations
responsible for improving the country’s defense against Internet-based attacks.
NCSD combined the Critical Infrastructure Assurance Office, the National
Infrastructure Protection Center, the Federal Computer Incident Response Center,
and the National Communications System into one organization.

Question 5

recommendations of the DHS Quadrennial Homeland Security

Review report

Answer 5

• Appoint a cybersecurity policy official responsible for coordinating the nation’s
  cybersecurity policies and activities.
• Prepare a cybersecurity incident response plan and enhance public-private
  partnerships.
• Build a cybersecurity-based identity management vision and strategy that
  addresses privacy and civil liberties interests.

Question 6

Thomas Merrill and Larry Roberts

Answer 6

launched the Internet by developing the first
WAN in 1965, which eventually led to the development of IP in 1978 and
ultimately to the growth of the Internet.

Question 7

Netscape Navigator

Answer 7

was the first commercial Web browser and was launched in

1993.

Question 8

Morris Worm

Answer 8

Cyber attacks began with the Morris

Worm in 1988.

Question 9

CERT, NIST, and NCSD.

Answer 9

With the growth of the threat to information in cyberspace and network systems,
the U.S. government appointed certain agencies to set standards and spread
awareness on the subject.

Question 10

U.S. Cyberspace Policy review

Answer 10

started 2009 compiled ten critical

recommendations to improve the cybersecurity policy and implementation.

Question 11

2009 Cyberspace Policy Review

Answer 11

lists ten near-term action item initiatives

that should be undertaken to improve the United States’ cyber posture.

Question 12

ARPANET

Answer 12

Advanced Research Projects Agency Network (ARPANET) was a project
developed by MIT for the Department of Defense.

Question 13

HTCIA

Answer 13

The High Technology Crime Investigation Association (HTCIA), a
professional organization that is devoted to digital forensics for investigation
of crimes was set up in 1999.

Question 14

NCP

Answer 14

Network Control Protocol (NCP) is a host-to-host protocol developed by
ARPANET.

Question 15

NIST

Answer 15

The National Institute of Standards and Technology (NIST) is a government
body that ensures best possible practices are being followed during system
implementations for publicly accessible infrastructures such as electric
grids, dams, and even financial institutions.

Question 16

Image

Answer 16

Collection of individual dots called pixels

Question 17

Analog

Answer 17

Representation of data in a continuous flow

Question 18

Audio

Answer 18

Digitization of signals by using sampling

Question 19

Digital

Answer 19

Representation of data in its discrete form

Question 20

Video

Answer 20

Series of digital images displayed rapidly at a constant rate

Question 21

ASCII

Answer 21

The American Standard Code for Information Interchange (ASCII) is
a standard for encoding data. This standard facilitates the transfer of
data from one type of computer to another.

Question 22

AVI File Format

Answer 22

AVI is a multimedia format introduced by Microsoft and supports
audio and video data as well as audio and video streaming.

Question 23

Binary Number System

Answer 23

The binary, or base-2, system represents numbers using only two
digits: 0 and 1.

Question 24

Decimal Number System

Answer 24

The decimal, or base-10, number system uses digits 0 to 9 to

represent a value.

Question 25

EBCDIC

Answer 25

Extended Binary Coded Decimal Interchange Code (EBCDIC) is an
encoding method used on IBM computers. This technique uses 8-bit
character encoding.

Question 26

FLV File Format

Answer 26

The FLV or Flash Video format is popularly used for delivering
Adobe Flash-based video files over the Internet.

Question 27

GIF File Format

Answer 27

The .GIF file format is a type of bitmap image format which supports
8 bits per pixel. .GIF images are compressed using a lossless data
compression technique.

Question 28

Hexadecimal Number System

Answer 28

The hexadecimal, or base-16, number system uses16 symbols—the
numbers 0 to 9 and capital letters A to F.

Question 29

JPG File Format

Answer 29

The .JPG file format indicates an image file that has been

compressed using JPEG compression.

Question 30

MP3 File Format

Answer 30

The .MP3 file format is a patented digital audio encoding format.
.MP3 files support audio data.

Question 31

MP4 File Format

Answer 31

MP4 is a multimedia format standard and is popular for storing
digital audio and video files, subtitles, and still images. MP4 files are
capable of streaming over the Internet.

Question 32

Octal Number System

Answer 32

The octal, or base-8, number system uses digits 0 to 7 to represent
a value.

Question 33

OGG File Format

Answer 33

OGG was created to meet the need for streaming and manipulating
high quality digital multimedia. It can concurrently support data as
diverse as audio, video, text, and metadata.

Question 34

OGM File Format

Answer 34

OGM was created as an extension of the OGG format, which does
not support video files.

Question 35

PNG File Format

Answer 35

The .PNG file format is a type of bitmap image format that uses a
lossless data compression technique. .PNG is used for images.

Question 36

RAM

Answer 36

Random Access Memory (RAM) is the primary piece of volatile
memory in computer system. The RAM stores temporary data,
which is over written frequently

Question 37

TIF File Format

Answer 37

The .TIF file format for storing images is popular among Apple
Macintosh users.

Question 38

Unicode

Answer 38

Unicode is an encoding scheme that covers characters from the
written languages used by most countries.

Question 39

WAV File Format

Answer 39

The .WAV file format is the standard file format that is used for the
system sounds in computers. The .WAV format is popular because it
facilitates the free exchange of audio files across various operating
systems for processing purposes.

Question 40

WMA File Format

Answer 40

Windows Media Audio (WMA) files can be compressed based on
factors like connection speed and bandwidth. The compression of
these files is higher as compared to the .MP3 files.

Question 41

C:\Documents and Settings or
C:\Users

Answer 41

Stores the user’s application settings,

temporary files, and caches

Question 42

C:\Program Files

Answer 42

Is a repository of the programs installed

on a system

Question 43

C:\Recycling Bin or C:\Recycler

Answer 43

Contains the files deleted through the
GUI. Technically, files are not deleted;
they are moved to this directory. Once
deleted from here, they are permanently
deleted from the system

Question 44

C:\System Volume Information

Answer 44

Hosts the system restore information,
which Windows uses as a backup of the
necessary configuration files used on the
last good start

Question 45

C:\Windows

Answer 45

Contains miscellaneous operating

system and application files

Question 46

C:\Windows\System32

Answer 46

Contains core operating system files

Question 47

C:\Windows\System32\Boot

Answer 47

Contains files necessary for the

operating system to boot up

Question 48

C:\Windows\System32\Catroot or
C:\Windows\System32\Boot\Catroot2

Answer 48

Contains catalog files and signature files

Question 49

C:\Windows\System32\Config

Answer 49

Hosts the registry hives

Question 50

C:\Windows\System32\drivers

Answer 50

Contains installed drivers

Question 51

C:\Windows\ I386

Answer 51

Contains files used for installing,
repairing, updating, and rebuilding
Windows. SMSS.EXE and NTDLL.DLL
are the two files responsible for
implementing the NT framework.

Question 52

bcdedit.exe

Answer 52

In Vista and Windows 7, boot information is stored in a file

called the Boot Configuration Data (BCD) store.

Question 53

boot.ini

Answer 53

In Windows versions pre-Vista, this file specifies operating
system selection defaults, operating system locations, and
operating system prioritization.

Question 54

bootsect.dos

Answer 54

It is a file located in the system partition that allows the option
to boot into another operating system.

Question 55

ntdetect.com

Answer 55

It is a hardware detection program that is located on the root of
the system partition. Ntdetect.com is invoked by the NT loader
(NTLDR) and returns the information it gathers to NTLDR when
finished, so that it can then be passed on to the Windows
kernel.

Question 56

NTLDR

Answer 56

The New Technology loader is the boot loader for all Windows

NT based operating system.

Question 57

ntoskrnl.exe

Answer 57

This file is the Windows kernel

Question 58

HKEY_CLASSES_ROOT

HKCR

Answer 58

The key stores information on how Windows is
supposed to handle different types of files and the
associated programs to run them. This is called
object linking and embedding (OLE).

Question 59

HKEY_CURRENT_USER

HKCU

Answer 59

The key stores configurations for the current user
such as control panel icons, screen resolution,
screen colors, and user folders

Question 60

HKEY_LOCAL_MACHINE

HKLM

Answer 60

The key stores system hardware profile, as well
as all the settings and user preferences for all
user accounts. This hive is independent of the
specific user application settings, unlike HKCU
and HKU. This is also where the five registry
hives are located: Security Accounts Manager
(SAM), Security, Software, Default, and
Hardware. This is the most important registry root
key. If SAM or any of the other hives is not
present upon start up, the blue screen will be
displayed and the computer will not be able to
boot into the OS until the missing hive is replaced.

Question 61

HKEY_USERS (HKU)

Answer 61

The key stores configuration information for all
user profiles. If the computer is on a domain, the
user profiles will not be located here; rather, they
will be found on the domain controller. The
physical data is stored in C:\Documents and
Settings\%USERNAME%\ntuser.dat.

Question 62

HKEY_CURRENT_CONFIG

HKCC

Answer 62

The key stores the current hardware profile.
These settings are deleted and re-populated each
time the computer is rebooted, so as to reflect any
changes made to the hardware. The root key is
populated by the hardware abstraction layer
(Hal.dll), which reports directly to the kernel.

Question 63

Assembly Language

Answer 63

Assembly language consists of a set of limited, basic
commands, which are translated into machine language and
executed.

Question 64

Commercial Software

Answer 64

Commercial software is considered to be closed source
because it refers to proprietary software, where the code is
not freely available for outside programmers to modify and
redistribute. Users of this software have to agree to an End
User Licensing Agreement (EULA) that prohibits them from
reverse engineering the software.

Question 65

File Allocation Table

Answer 65

The FAT file system is comprised of two main components—
a file allocation table and the data. The file allocation table
stores pointers known as symbolic links indicating where the
data files are stored on the hard drive.

Question 66

First Generation

Language

Answer 66

The first generation programming language was machinelevel
coding also known as native code. It was faster and
more efficient because it was executed directly from the
CPU.

Question 67

Fifth Generation

Language

Answer 67

The focus of fifth generation languages is on implementing
artificial intelligence—that is using the computer’s ability to
solve a given problem without the programmer.

Question 68

Fourth Generation

Language

Answer 68

Fourth generation languages are object-oriented and

focused on developing commercial business software.

Question 69

High-Level Language

Answer 69

A high-level language is a programming language which
requires a compiler to interpret the high-level code and
translate it into assembly language

Question 70

Linux

Answer 70

Linux is a free, open source OS. The most popular Linux

distribution is Ubuntu, built from the Debian framework.

Question 71

Machine Language

Answer 71

Machine language is binary language. When a program is
executed on a computer, its source code is translated into a
binary set of instructions, which are then processed and
executed.

Question 72

Master Boot Record

Answer 72

The Master Boot Record (MBR) is stored within the FAT and
is responsible for holding a hard drive’s primary partition
table. The MBR provides instructions for the operating
system to start up.

Question 73

Master File Table

Answer 73

The Master File Table (MFT) is a part of the NTFS and
stores information on every file and directory on the NTFS
file system volume. It is a sophisticated equivalent of the
FAT.

Question 74

Microsoft Management

Console

Answer 74

The Microsoft Management Console (MMC) allows system
administrators to control local and group policies, monitor
hardware, and view event log files.

Question 75

Microsoft System

Configuration Utility

Answer 75

The MS Config utility determines which applications run
when the operating system starts up. It can also be used to
control the default booting mode.

Question 76

New Technology File

System

Answer 76

The NTFS file system is an improvement over FAT. It is
more reliable, includes fault tolerance, and keeps track of
hard disk errors. It also maintains transaction logs, which is
an important feature because it helps in recovering files in
case the hard disk crashes.

Question 77

*nix

Answer 77

*nix is a colloquial expression that represents either the Unix
or Linux operating system. This terminology can be applied
to variants of both Unix and Linux to include FreeBSD,
Solaris, Ubuntu, Debian, Slackware, and Gentoo. The
underlying reason why *nix represents both operating
systems is because the two share similar functionality as an
operating system, including utilizing similar kernels, shell
commands, system permissions, and file systems.

Question 78

Open Source Software

Answer 78

e Open source software is freely distributable software, which
in most cases allows the user access to the source code.
Open source software must meet specific criteria to be
copyrighted under the GNU public license

Question 79

Second Generation

Language

Answer 79

Second generation programming languages were

categorized by assembly-level coding.

Question 80

Snap-Ins

Answer 80

A snap-in is a program that contains a part of the
management functionality. It needs to be explicitly enabled
to interact with the MMC console. A snap-in contains various
elements, such as nodes, views, and context menus, which
form part of the management solution.

Question 81

Task Manager

Answer 81

The Task Manager window displays system performance,
active applications, processes, and running services. The
task manager is also for killing unresponsive applications
and processes.

Question 82

Third Generation

Language

Answer 82

Third generation languages were created in the late 1950s

and refined the usability of the language.

Question 83

Windows Firewall

Answer 83

The Windows firewall safeguards the system from malicious

traffic entering or exiting the computer.

Question 84

Windows NT

Answer 84

Windows NT, a family of operating systems, was released in
1993. It was the first fully 32-bit version of Windows. Its
consumer-oriented counterparts Windows 3.1x and
Windows 9x, were 16-bit/32-bit hybrids. In 1998, Bill Gates
said that NT stood for New Technology for marketing
purposes, it originally stood for N-Ten, the codename of the
Intel i860 XR processor for which NT was initially developed.

Question 85

Windows Registry

Answer 85

The Windows registry is a collective hub for storing a
multitude of settings which are user, system, and application
related.

Question 86

Windows Security

Center

Answer 86

The Windows Security Center or Action Center provides an

overall report on the status of the OS’ security.

Question 87

ANSI

Answer 87

American National Standards Institute (ANSI) is composed
of more than a thousand representatives from various
industries and the government. ANSI represents the United
States in setting international standards.

Question 88

Client-Side Language

Answer 88

A client-side language is the Web programming code that

runs on the computer of the user viewing the Web content.

Question 89

Domain Parking

Answer 89

When a company registers a domain name similar to their
existing name, but does not use the domain, that is domain
parking. Usually, companies set up an HTTP redirect from
the parked page to the existing domain.

Question 90

Domain Squatting

Answer 90

Domain squatting is registering a domain name similar to
an existing one with the intention to profit from the other
domain’s client base.

Question 91

Electronic Industries Alliance

Answer 91

Electronic Industries Alliance (EIA) is a trade organization
that sets standards for its members, helps write ANSI
standards, and lobbies for legislation favorable to growth of
the computer and electronics industries.

Question 92

HTTP Methods

Answer 92

HTTP methods are set of procedures used by a browser
such as Internet Explorer to access and interact with Web
sites.

Question 93

Institute of Electrical and

Electronics Engineers

Answer 93

nstitute of Electrical and Electronics Engineers (IEEE) is an
international society composed of engineering professionals
whose goals are to promote development and education in
electrical engineering and computer science.

Question 94

International Organization for

Standardization

Answer 94

International Organization for Standardization (ISO) is a
collection of organization standards representing 146
countries whose goal is to establish international
technological standards to facilitate global exchange of
information and barrier-free trade.

Question 95

International

Telecommunication Union

Answer 95

International Telecommunication Union (ITU) is a standards
organization that regulates international
telecommunications, such as radio and TV frequencies,
satellite and telephony specifications, networking
infrastructure, and it is involved in setting tariffs for global
communications.

Question 96

IP Address

Answer 96

Multicasting is a one-to-many approach to data distribution;
it is the process by which data is transmitted over a network
to multiple recipients simultaneously.

Question 97

Object

Answer 97

An object refers to the document object and every HTML

element (tag) resides within the object.

Question 98

Open Systems

Interconnection Model

Answer 98

l
The Open Systems Interconnection Model (OSI) model is a
seven-layer networking model used to depict how devices
in a network infrastructure are connected to each other.

Question 99

Packet Sniffing

Answer 99

Packet sniffing is a technique used to see the information

passing over a network.

Question 100

Private IP Classes

Answer 100

Private IP classes contain a list of IP addresses used by
private TCP/IP LANs that do not need to be accessed by
the public.

Question 101

Public IP Classes

Answer 101

Public IP classes contain a list of IP addresses publicly

registered with the Network Information Centre (NIC).

Question 102

Request for Comments

Answer 102

RFC stands for request for comments. It is a document that
contains an idea developed by a committee for public
review before the idea is accepted as a standard.

Question 103

Server-Side Language

Answer 103

A server-side language is the Web programming code that

runs on the server that holds the Web content.

Question 104

Telecommunications Industry

Association

Answer 104

Telecommunications Industry Association (TIA) is a
standards organization for information technology (IT),
wireless, satellite, fiber optics, and telephone equipment.

Question 105

TCP/IP model

Answer 105

It is a four-layer networking model that depicts how

computers can connect to one another

Question 106

Three-Way Handshake

Answer 106

The process to establish a connection between networked
devices such as a client and server is called a three-way
handshake.

Question 107

Application Layer

Answer 107

Application layer is the top layer of the Open System
Interconnectivity (OSI) model. This layer performs
common application services and sends data from one
network to another. This layer is home to the FTP,
HTTP, and e-mail protocols.

Question 108

Buffer Overflow

Answer 108

A buffer overflow takes place when a data storage area

tries to store more or less than its actual capacity.

Question 109

Buffer Underflow

Answer 109

A buffer underflow takes place when the buffer is fed

data at a lower speed than the data being read.

Question 110

CIA Triad

Answer 110

Information security is based on the three core
principles that must be adhered to. These principles
are confidentiality, integrity, and availability which form
the CIA triad.

Question 111

Digital Certificate

Answer 111

Digital certificates are electronic documents that use
digital signatures to associate a public key with a
user’s identity

Question 112

Digital Identity

Answer 112

Digital identity is the Internet profile of a person and is
equivalent to the real identity of that person, but in the
digital world

Question 113

Digital Signature

Answer 113

A digital signature validates the authenticity of a digital

message or document.

Question 114

E-Commerce

Answer 114

E-commerce or electronic commerce consists of the
buying and selling of goods and services on the
Internet.

Question 115

Hash Function

Answer 115

Hash functions are a mathematical approach to
transform a variable length piece of data into a fixed
length, random character output.

Question 116

Message Digest

Answer 116

The output from the hash function is called a message

digest.

Question 117

PAIN

Answer 117

Privacy, authentication, integrity, and nonrepudiation
(PAIN) is an expanded view of the primary goals of
information security.

Question 118

Proxy

Answer 118

A proxy server acts as an intermediary for requests
sent from users who want to access resources from
other servers on the Internet.

Question 119

PKI

Answer 119

A public key infrastructure (PKI) contains components
that enable users of an unsecured public network to
exchange data and money securely by using a public
and a private cryptographic key obtained through a
trusted authority.

Question 120

SQL Injection

Answer 120

SQL injection is a code injection technique that exploits

security vulnerability in the database of an application.

Question 121

Symmetric Encryption

Answer 121

Symmetric encryption is a number or a string of letters
which is applied to a message to change it in a
particular way.

Question 122

Three-Way Handshake

Answer 122

The process to establish a connection between
networked devices such as a client and server is called
a three-way handshake.

Question 123

Tunneling

Answer 123

Tunneling is a method used by two servers to securely

transfer data between them.

Question 124

VPN

Answer 124

A virtual private network (VPN) is a network that uses a
public telecommunication infrastructure to provide
users with secure access to their organization’s
network.

Question 125

Web 2.0

Answer 125

Web 2.0 refers to applications that facilitate interactive
information sharing, interoperability, user-centric
design, and collaboration on the World Wide Web.

Question 126

XSS

Answer 126

Cross-site scripting (XSS) is a type of computer
security vulnerability in which malicious scripts are
injected into trusted Web sites.

Question 127

Adware

Answer 127

An adware is any software application that
automatically displays or downloads advertisements to
a computer after the software is installed on it or while
the application is being used.

Question 128

Antivirus Software

Answer 128

Antivirus software is software that is used to track and

treat computer viruses.

Question 129

Application Programming

Interface

Answer 129

An application programming interface (API) is an
interface implemented by a software program that
allows for direct communication to the program through
routines in the code, allowing for a developer to
enhance portions the existing code. For example,
Google provides an API for some of their application,
such as Google Health.

Question 130

Backdoor

Answer 130

A backdoor is a secret access point to a computer

system that circumvents the normal security.

Question 131

Botnet

Answer 131

A botnet is a collection of malicious software agents

that run autonomously and automatically.

Question 132

Computer Hack

Answer 132

Computer hack is a method used to obtain
unauthorized access to a computer or computer
network

Question 133

Computer Port

Answer 133

Computer port is a hardware circuitry used to link one

device with another.

Question 134

Computer Service

Answer 134

Computer service is a set of functionalities derived

from running a program.

Question 135

Cryptovirology

Answer 135

Cryptovirology is the field of utilizing cryptography to
design powerful malicious software that makes
unpacking and reverse engineering of software
extremely difficult.

Question 136

Kernel Module

Answer 136

Kernel module is a file that contains code to expand
the central component of an operating system.

Question 137

Malware

Answer 137

Malware is any piece of software that is ill intentioned,
often residing on the computer system to perform
malicious actions including spying on the user,
subverting security settings, deleting or damaging data,
or otherwise inconveniencing the user, or programs
with other malicious intent.

Question 138

Rootkit

Answer 138

A rootkit is a collection of programs that enables a
cracker to mask intrusion and gain root or privileged
access to a computer on a network.

Question 139

Shell Command

Answer 139

Shell command is an interface used to execute

operating system commands.

Question 140

Spyware

Answer 140

Spyware is a program that collects various types of
personal information, such as Internet surfing habits
and sites visited by a user

Question 141

Trojan

Answer 141

A trojan is malicious file disguised as a benign file that
appears to perform a desirable function for the user
prior to its execution or installation, but instead
provides unauthorized access to the user’s computer
system through the creation of a backdoor.

Question 142

Virus

Answer 142

A virus is a software program capable of causing harm

to files or programs on the computer

Question 143

Worm

Answer 143

A worm is a malicious file that uses active network
connections to spread from one host computer to
another