Primers Flashcards
1
Q
SANS Institute
A
SysAdmin, Audit, Networking, and Security (SANS) Institute is a nonprofit organization established in 1989 to provide valuable information and training to information security professionals. This institute also provides accreditation to organizations. SANS publishes a weekly news digest and original white papers on various topics in Information Security
2
Q
Computer Emergency Response Team (CERT)
A
After the Morris worm incident, the U.S. government recognized the need for a public
or private entity to deal with incident coordination, response, and remediation efforts
during Internet security situations. The U.S. government contracted Carnegie Mellon
University to create a Computer Emergency Response Team (CERT) in 1988. The
team’s objective was to ensure that appropriate technology and systemsmanagement
practices resisted attacks on networked systems, limited damage, and
ensured continuity of critical services in spite of successful attacks, accidents, or
failures. The team also provided information on industry trends and educated
individuals and partners on security issues.
3
Q
International Information Systems Security Certification Consortium, Inc. (ISC)2
A
established in 1989 as a nonprofit corporation to educate and to certify information
security professionals. Certifications offered included the Certified Information
Systems Security Professional (CISSP) certification. In 1990, (ISC)2 created the first
prototype for the Common Body of Knowledge (CBK) criteria. CBK defines global
industry standards and serves as a common framework of terms and principles
within the information security industry.
4
Q
National Cyber Security Division (NCSD)
A
a division of the Office of
Cyber Security & Communications. It is within the U.S. Department of
Homeland Security and is one of the U.S.’s main government organizations
responsible for improving the country’s defense against Internet-based attacks.
NCSD combined the Critical Infrastructure Assurance Office, the National
Infrastructure Protection Center, the Federal Computer Incident Response Center,
and the National Communications System into one organization.
5
Q
recommendations of the DHS Quadrennial Homeland Security
Review report
A
- Appoint a cybersecurity policy official responsible for coordinating the nation’s
cybersecurity policies and activities. - Prepare a cybersecurity incident response plan and enhance public-private
partnerships. - Build a cybersecurity-based identity management vision and strategy that
addresses privacy and civil liberties interests.
6
Q
Thomas Merrill and Larry Roberts
A
launched the Internet by developing the first
WAN in 1965, which eventually led to the development of IP in 1978 and
ultimately to the growth of the Internet.
7
Q
Netscape Navigator
A
was the first commercial Web browser and was launched in
1993.
8
Q
Morris Worm
A
Cyber attacks began with the Morris
Worm in 1988.
9
Q
CERT, NIST, and NCSD.
A
With the growth of the threat to information in cyberspace and network systems,
the U.S. government appointed certain agencies to set standards and spread
awareness on the subject.
10
Q
U.S. Cyberspace Policy review
A
started 2009 compiled ten critical
recommendations to improve the cybersecurity policy and implementation.
11
Q
2009 Cyberspace Policy Review
A
lists ten near-term action item initiatives
that should be undertaken to improve the United States’ cyber posture.
12
Q
ARPANET
A
Advanced Research Projects Agency Network (ARPANET) was a project
developed by MIT for the Department of Defense.
13
Q
HTCIA
A
The High Technology Crime Investigation Association (HTCIA), a
professional organization that is devoted to digital forensics for investigation
of crimes was set up in 1999.
14
Q
NCP
A
Network Control Protocol (NCP) is a host-to-host protocol developed by
ARPANET.
15
Q
NIST
A
The National Institute of Standards and Technology (NIST) is a government
body that ensures best possible practices are being followed during system
implementations for publicly accessible infrastructures such as electric
grids, dams, and even financial institutions.
16
Q
Image
A
Collection of individual dots called pixels
17
Q
Analog
A
Representation of data in a continuous flow
18
Q
Audio
A
Digitization of signals by using sampling
19
Q
Digital
A
Representation of data in its discrete form
20
Q
Video
A
Series of digital images displayed rapidly at a constant rate
21
Q
ASCII
A
The American Standard Code for Information Interchange (ASCII) is
a standard for encoding data. This standard facilitates the transfer of
data from one type of computer to another.
22
Q
AVI File Format
A
AVI is a multimedia format introduced by Microsoft and supports
audio and video data as well as audio and video streaming.
23
Q
Binary Number System
A
The binary, or base-2, system represents numbers using only two
digits: 0 and 1.
24
Q
Decimal Number System
A
The decimal, or base-10, number system uses digits 0 to 9 to
represent a value.
25
EBCDIC
Extended Binary Coded Decimal Interchange Code (EBCDIC) is an
encoding method used on IBM computers. This technique uses 8-bit
character encoding.
26
FLV File Format
The FLV or Flash Video format is popularly used for delivering
Adobe Flash-based video files over the Internet.
27
GIF File Format
The .GIF file format is a type of bitmap image format which supports
8 bits per pixel. .GIF images are compressed using a lossless data
compression technique.
28
Hexadecimal Number System
The hexadecimal, or base-16, number system uses16 symbols—the
numbers 0 to 9 and capital letters A to F.
29
JPG File Format
The .JPG file format indicates an image file that has been
| compressed using JPEG compression.
30
MP3 File Format
The .MP3 file format is a patented digital audio encoding format.
.MP3 files support audio data.
31
MP4 File Format
MP4 is a multimedia format standard and is popular for storing
digital audio and video files, subtitles, and still images. MP4 files are
capable of streaming over the Internet.
32
Octal Number System
The octal, or base-8, number system uses digits 0 to 7 to represent
a value.
33
OGG File Format
OGG was created to meet the need for streaming and manipulating
high quality digital multimedia. It can concurrently support data as
diverse as audio, video, text, and metadata.
34
OGM File Format
OGM was created as an extension of the OGG format, which does
not support video files.
35
PNG File Format
The .PNG file format is a type of bitmap image format that uses a
lossless data compression technique. .PNG is used for images.
36
RAM
Random Access Memory (RAM) is the primary piece of volatile
memory in computer system. The RAM stores temporary data,
which is over written frequently
37
TIF File Format
The .TIF file format for storing images is popular among Apple
Macintosh users.
38
Unicode
Unicode is an encoding scheme that covers characters from the
written languages used by most countries.
39
WAV File Format
The .WAV file format is the standard file format that is used for the
system sounds in computers. The .WAV format is popular because it
facilitates the free exchange of audio files across various operating
systems for processing purposes.
40
WMA File Format
Windows Media Audio (WMA) files can be compressed based on
factors like connection speed and bandwidth. The compression of
these files is higher as compared to the .MP3 files.
41
C:\Documents and Settings or
C:\Users
Stores the user’s application settings,
| temporary files, and caches
42
C:\Program Files
Is a repository of the programs installed
| on a system
43
C:\Recycling Bin or C:\Recycler
```
Contains the files deleted through the
GUI. Technically, files are not deleted;
they are moved to this directory. Once
deleted from here, they are permanently
deleted from the system
```
44
C:\System Volume Information
Hosts the system restore information,
which Windows uses as a backup of the
necessary configuration files used on the
last good start
45
C:\Windows
Contains miscellaneous operating
| system and application files
46
C:\Windows\System32
Contains core operating system files
47
C:\Windows\System32\Boot
Contains files necessary for the
| operating system to boot up
48
C:\Windows\System32\Catroot or
C:\Windows\System32\Boot\Catroot2
Contains catalog files and signature files
49
C:\Windows\System32\Config
Hosts the registry hives
50
C:\Windows\System32\drivers
Contains installed drivers
51
C:\Windows\ I386
```
Contains files used for installing,
repairing, updating, and rebuilding
Windows. SMSS.EXE and NTDLL.DLL
are the two files responsible for
implementing the NT framework.
```
52
bcdedit.exe
In Vista and Windows 7, boot information is stored in a file
| called the Boot Configuration Data (BCD) store.
53
boot.ini
In Windows versions pre-Vista, this file specifies operating
system selection defaults, operating system locations, and
operating system prioritization.
54
bootsect.dos
It is a file located in the system partition that allows the option
to boot into another operating system.
55
ntdetect.com
It is a hardware detection program that is located on the root of
the system partition. Ntdetect.com is invoked by the NT loader
(NTLDR) and returns the information it gathers to NTLDR when
finished, so that it can then be passed on to the Windows
kernel.
56
NTLDR
The New Technology loader is the boot loader for all Windows
| NT based operating system.
57
ntoskrnl.exe
This file is the Windows kernel
58
HKEY_CLASSES_ROOT
| HKCR
The key stores information on how Windows is
supposed to handle different types of files and the
associated programs to run them. This is called
object linking and embedding (OLE).
59
HKEY_CURRENT_USER
| HKCU
The key stores configurations for the current user
such as control panel icons, screen resolution,
screen colors, and user folders
60
HKEY_LOCAL_MACHINE
| HKLM
The key stores system hardware profile, as well
as all the settings and user preferences for all
user accounts. This hive is independent of the
specific user application settings, unlike HKCU
and HKU. This is also where the five registry
hives are located: Security Accounts Manager
(SAM), Security, Software, Default, and
Hardware. This is the most important registry root
key. If SAM or any of the other hives is not
present upon start up, the blue screen will be
displayed and the computer will not be able to
boot into the OS until the missing hive is replaced.
61
HKEY_USERS (HKU)
The key stores configuration information for all
user profiles. If the computer is on a domain, the
user profiles will not be located here; rather, they
will be found on the domain controller. The
physical data is stored in C:\Documents and
Settings\%USERNAME%\ntuser.dat.
62
HKEY_CURRENT_CONFIG
| HKCC
The key stores the current hardware profile.
These settings are deleted and re-populated each
time the computer is rebooted, so as to reflect any
changes made to the hardware. The root key is
populated by the hardware abstraction layer
(Hal.dll), which reports directly to the kernel.
63
Assembly Language
Assembly language consists of a set of limited, basic
commands, which are translated into machine language and
executed.
64
Commercial Software
Commercial software is considered to be closed source
because it refers to proprietary software, where the code is
not freely available for outside programmers to modify and
redistribute. Users of this software have to agree to an End
User Licensing Agreement (EULA) that prohibits them from
reverse engineering the software.
65
File Allocation Table
The FAT file system is comprised of two main components—
a file allocation table and the data. The file allocation table
stores pointers known as symbolic links indicating where the
data files are stored on the hard drive.
66
First Generation
| Language
The first generation programming language was machinelevel
coding also known as native code. It was faster and
more efficient because it was executed directly from the
CPU.
67
Fifth Generation
| Language
The focus of fifth generation languages is on implementing
artificial intelligence—that is using the computer’s ability to
solve a given problem without the programmer.
68
Fourth Generation
| Language
Fourth generation languages are object-oriented and
| focused on developing commercial business software.
69
High-Level Language
A high-level language is a programming language which
requires a compiler to interpret the high-level code and
translate it into assembly language
70
Linux
Linux is a free, open source OS. The most popular Linux
| distribution is Ubuntu, built from the Debian framework.
71
Machine Language
Machine language is binary language. When a program is
executed on a computer, its source code is translated into a
binary set of instructions, which are then processed and
executed.
72
Master Boot Record
The Master Boot Record (MBR) is stored within the FAT and
is responsible for holding a hard drive’s primary partition
table. The MBR provides instructions for the operating
system to start up.
73
Master File Table
The Master File Table (MFT) is a part of the NTFS and
stores information on every file and directory on the NTFS
file system volume. It is a sophisticated equivalent of the
FAT.
74
Microsoft Management
| Console
The Microsoft Management Console (MMC) allows system
administrators to control local and group policies, monitor
hardware, and view event log files.
75
Microsoft System
| Configuration Utility
The MS Config utility determines which applications run
when the operating system starts up. It can also be used to
control the default booting mode.
76
New Technology File
| System
The NTFS file system is an improvement over FAT. It is
more reliable, includes fault tolerance, and keeps track of
hard disk errors. It also maintains transaction logs, which is
an important feature because it helps in recovering files in
case the hard disk crashes.
77
*nix
*nix is a colloquial expression that represents either the Unix
or Linux operating system. This terminology can be applied
to variants of both Unix and Linux to include FreeBSD,
Solaris, Ubuntu, Debian, Slackware, and Gentoo. The
underlying reason why *nix represents both operating
systems is because the two share similar functionality as an
operating system, including utilizing similar kernels, shell
commands, system permissions, and file systems.
78
Open Source Software
e Open source software is freely distributable software, which
in most cases allows the user access to the source code.
Open source software must meet specific criteria to be
copyrighted under the GNU public license
79
Second Generation
| Language
Second generation programming languages were
| categorized by assembly-level coding.
80
Snap-Ins
A snap-in is a program that contains a part of the
management functionality. It needs to be explicitly enabled
to interact with the MMC console. A snap-in contains various
elements, such as nodes, views, and context menus, which
form part of the management solution.
81
Task Manager
The Task Manager window displays system performance,
active applications, processes, and running services. The
task manager is also for killing unresponsive applications
and processes.
82
Third Generation
| Language
Third generation languages were created in the late 1950s
| and refined the usability of the language.
83
Windows Firewall
The Windows firewall safeguards the system from malicious
| traffic entering or exiting the computer.
84
Windows NT
Windows NT, a family of operating systems, was released in
1993. It was the first fully 32-bit version of Windows. Its
consumer-oriented counterparts Windows 3.1x and
Windows 9x, were 16-bit/32-bit hybrids. In 1998, Bill Gates
said that NT stood for New Technology for marketing
purposes, it originally stood for N-Ten, the codename of the
Intel i860 XR processor for which NT was initially developed.
85
Windows Registry
The Windows registry is a collective hub for storing a
multitude of settings which are user, system, and application
related.
86
Windows Security
| Center
The Windows Security Center or Action Center provides an
| overall report on the status of the OS’ security.
87
ANSI
American National Standards Institute (ANSI) is composed
of more than a thousand representatives from various
industries and the government. ANSI represents the United
States in setting international standards.
88
Client-Side Language
A client-side language is the Web programming code that
| runs on the computer of the user viewing the Web content.
89
Domain Parking
When a company registers a domain name similar to their
existing name, but does not use the domain, that is domain
parking. Usually, companies set up an HTTP redirect from
the parked page to the existing domain.
90
Domain Squatting
Domain squatting is registering a domain name similar to
an existing one with the intention to profit from the other
domain’s client base.
91
Electronic Industries Alliance
Electronic Industries Alliance (EIA) is a trade organization
that sets standards for its members, helps write ANSI
standards, and lobbies for legislation favorable to growth of
the computer and electronics industries.
92
HTTP Methods
HTTP methods are set of procedures used by a browser
such as Internet Explorer to access and interact with Web
sites.
93
Institute of Electrical and
| Electronics Engineers
nstitute of Electrical and Electronics Engineers (IEEE) is an
international society composed of engineering professionals
whose goals are to promote development and education in
electrical engineering and computer science.
94
International Organization for
| Standardization
International Organization for Standardization (ISO) is a
collection of organization standards representing 146
countries whose goal is to establish international
technological standards to facilitate global exchange of
information and barrier-free trade.
95
International
| Telecommunication Union
International Telecommunication Union (ITU) is a standards
organization that regulates international
telecommunications, such as radio and TV frequencies,
satellite and telephony specifications, networking
infrastructure, and it is involved in setting tariffs for global
communications.
96
IP Address
Multicasting is a one-to-many approach to data distribution;
it is the process by which data is transmitted over a network
to multiple recipients simultaneously.
97
Object
An object refers to the document object and every HTML
| element (tag) resides within the object.
98
Open Systems
| Interconnection Model
l
The Open Systems Interconnection Model (OSI) model is a
seven-layer networking model used to depict how devices
in a network infrastructure are connected to each other.
99
Packet Sniffing
Packet sniffing is a technique used to see the information
| passing over a network.
100
Private IP Classes
Private IP classes contain a list of IP addresses used by
private TCP/IP LANs that do not need to be accessed by
the public.
101
Public IP Classes
Public IP classes contain a list of IP addresses publicly
| registered with the Network Information Centre (NIC).
102
Request for Comments
RFC stands for request for comments. It is a document that
contains an idea developed by a committee for public
review before the idea is accepted as a standard.
103
Server-Side Language
A server-side language is the Web programming code that
| runs on the server that holds the Web content.
104
Telecommunications Industry
| Association
Telecommunications Industry Association (TIA) is a
standards organization for information technology (IT),
wireless, satellite, fiber optics, and telephone equipment.
105
TCP/IP model
It is a four-layer networking model that depicts how
| computers can connect to one another
106
Three-Way Handshake
The process to establish a connection between networked
devices such as a client and server is called a three-way
handshake.
107
Application Layer
Application layer is the top layer of the Open System
Interconnectivity (OSI) model. This layer performs
common application services and sends data from one
network to another. This layer is home to the FTP,
HTTP, and e-mail protocols.
108
Buffer Overflow
A buffer overflow takes place when a data storage area
| tries to store more or less than its actual capacity.
109
Buffer Underflow
A buffer underflow takes place when the buffer is fed
| data at a lower speed than the data being read.
110
CIA Triad
Information security is based on the three core
principles that must be adhered to. These principles
are confidentiality, integrity, and availability which form
the CIA triad.
111
Digital Certificate
Digital certificates are electronic documents that use
digital signatures to associate a public key with a
user’s identity
112
Digital Identity
Digital identity is the Internet profile of a person and is
equivalent to the real identity of that person, but in the
digital world
113
Digital Signature
A digital signature validates the authenticity of a digital
| message or document.
114
E-Commerce
E-commerce or electronic commerce consists of the
buying and selling of goods and services on the
Internet.
115
Hash Function
Hash functions are a mathematical approach to
transform a variable length piece of data into a fixed
length, random character output.
116
Message Digest
The output from the hash function is called a message
| digest.
117
PAIN
Privacy, authentication, integrity, and nonrepudiation
(PAIN) is an expanded view of the primary goals of
information security.
118
Proxy
A proxy server acts as an intermediary for requests
sent from users who want to access resources from
other servers on the Internet.
119
PKI
A public key infrastructure (PKI) contains components
that enable users of an unsecured public network to
exchange data and money securely by using a public
and a private cryptographic key obtained through a
trusted authority.
120
SQL Injection
SQL injection is a code injection technique that exploits
| security vulnerability in the database of an application.
121
Symmetric Encryption
Symmetric encryption is a number or a string of letters
which is applied to a message to change it in a
particular way.
122
Three-Way Handshake
The process to establish a connection between
networked devices such as a client and server is called
a three-way handshake.
123
Tunneling
Tunneling is a method used by two servers to securely
| transfer data between them.
124
VPN
A virtual private network (VPN) is a network that uses a
public telecommunication infrastructure to provide
users with secure access to their organization's
network.
125
Web 2.0
Web 2.0 refers to applications that facilitate interactive
information sharing, interoperability, user-centric
design, and collaboration on the World Wide Web.
126
XSS
Cross-site scripting (XSS) is a type of computer
security vulnerability in which malicious scripts are
injected into trusted Web sites.
127
Adware
An adware is any software application that
automatically displays or downloads advertisements to
a computer after the software is installed on it or while
the application is being used.
128
Antivirus Software
Antivirus software is software that is used to track and
| treat computer viruses.
129
Application Programming
| Interface
An application programming interface (API) is an
interface implemented by a software program that
allows for direct communication to the program through
routines in the code, allowing for a developer to
enhance portions the existing code. For example,
Google provides an API for some of their application,
such as Google Health.
130
Backdoor
A backdoor is a secret access point to a computer
| system that circumvents the normal security.
131
Botnet
A botnet is a collection of malicious software agents
| that run autonomously and automatically.
132
Computer Hack
Computer hack is a method used to obtain
unauthorized access to a computer or computer
network
133
Computer Port
Computer port is a hardware circuitry used to link one
| device with another.
134
Computer Service
Computer service is a set of functionalities derived
| from running a program.
135
Cryptovirology
Cryptovirology is the field of utilizing cryptography to
design powerful malicious software that makes
unpacking and reverse engineering of software
extremely difficult.
136
Kernel Module
```
Kernel module is a file that contains code to expand
the central component of an operating system.
```
137
Malware
Malware is any piece of software that is ill intentioned,
often residing on the computer system to perform
malicious actions including spying on the user,
subverting security settings, deleting or damaging data,
or otherwise inconveniencing the user, or programs
with other malicious intent.
138
Rootkit
A rootkit is a collection of programs that enables a
cracker to mask intrusion and gain root or privileged
access to a computer on a network.
139
Shell Command
Shell command is an interface used to execute
| operating system commands.
140
Spyware
Spyware is a program that collects various types of
personal information, such as Internet surfing habits
and sites visited by a user
141
Trojan
A trojan is malicious file disguised as a benign file that
appears to perform a desirable function for the user
prior to its execution or installation, but instead
provides unauthorized access to the user's computer
system through the creation of a backdoor.
142
Virus
A virus is a software program capable of causing harm
| to files or programs on the computer
143
Worm
A worm is a malicious file that uses active network
connections to spread from one host computer to
another
