Protective Measures

Question 1

A data storage virtualization technology that combines multiple physical data storage components into one or more logical units for the purposes of data redundancy, performance improvement, or both.

Answer 1

RAID (Redundant Array of Inexpensive Disks)

Question 2

Splits data across two or more disks, offering improved speed but no redundancy or fault tolerance. Requires at least two drives to strip data across both, improving performance but providing no redundancy. Requires at least two drives to mirror data, ensuring redundancy and fault tolerance.

Example: Files are split into chunks and stored across multiple disks, increasing read and write speeds.

Answer 2

RAID 0 (Striping)

Question 3

Creates an exact copy (mirror) of data on two or more disks, providing redundancy and fault tolerance. Requires at least two drives to mirror data, ensuring redundancy and fault tolerance.

Example: A hard drive failure doesn’t cause data loss, as the data is replicated on a second disk.

Answer 3

RAID 1 (Mirroring)

Question 4

Combines striping (RAID 0) with distributed parity, providing fault tolerance and improved performance using a minimum of three disks. Requires at least three drives, using striping for speed and parity for fault tolerance.

Example: If one disk fails, the data can be rebuilt using parity information from the other disks.

Answer 4

RAID 5 (Striping with Parity)

Question 5

Similar to RAID 5 but with additional parity, allowing for two disks to fail without data loss. Requires at least four drives, providing double parity for fault tolerance, allowing up to two drives to fail.

Example: The system can tolerate the failure of two disks while still maintaining data integrity.

Answer 5

RAID 6 (Striping with Double Parity)

Question 6

Combines RAID 1 and RAID 0, offering both mirroring and striping for speed and redundancy, requiring a minimum of four disks.

Example: Data is mirrored and striped across multiple disks for both high performance and redundancy.

Answer 6

RAID 10 (RAID 1+0)

Question 7

A fully equipped, operational backup site that is ready to take over business operations immediately in the event of a disaster. It is typically a replica of the primary site with real-time data replication.

Example: After a data center failure, employees immediately continue work from a backup location with real-time data and full IT infrastructure.

Answer 7

Hot Site

Question 8

A backup site that is partially equipped with necessary hardware and software but may require additional setup before it can be fully operational. Data may need to be restored.

Example: In case of disaster, a business can access the warm site, but it may take some time to bring all systems fully online.

Answer 8

Cold Site

Question 9

A backup site with minimal equipment and infrastructure, requiring significant setup and data restoration before it becomes functional after a disaster.

Example: After a disaster, a company would need to bring in hardware, install software, and restore data before operations can resume.

Answer 9

Warm Site

Question 10

A portable, temporary disaster recovery site, often in a mobile unit or trailer, designed to quickly provide operations in the event of an emergency.

Example: A company uses a mobile site that can be rapidly deployed to restore operations at a different location if the main site is unavailable.

Answer 10

Mobile Site

Question 11

A strategy for ensuring that critical business functions can continue during and after a disaster or disruptive event. It includes detailed plans for recovery and maintaining operations.

Example: A company develops this to ensure essential services, like customer support and order processing, continue even if the primary data center is unavailable.

Answer 11

COOP (Continuity of Operations Plan)

Question 12

The maximum acceptable amount of data loss measured in time. It defines the point in time to which data must be restored after a disruption.

Example: If the XXX is 4 hours, the company ensures that in the event of a disaster, data can be recovered from no more than 4 hours prior to the incident.

Answer 12

RPO (Recovery Point Objective)

Question 13

The average time taken to repair a system or component after a failure, including diagnosis, repairs, and bringing the system back online. It is a key metric for assessing system reliability and response efficiency.

Answer 13

MTTR (Mean Time to Repair)

Question 14

The maximum acceptable time it takes to restore a system or service after a disruption or disaster. It defines the target time for recovering operations to avoid unacceptable business impacts.

Example: If a system fails, the XXX specifies that it must be restored within 2 hours to prevent significant business disruption.

Answer 14

RTO (Recovery Time Objective)

Question 15

A discussion-based simulation of a disaster or security incident, where team members walk through their roles and responsibilities in a controlled, low-stress environment to test their response plans.

Answer 15

Tabletop exercise

Question 16

A security practice of isolating a program or file in a controlled environment to test its behavior before allowing it to interact with the system. It helps to detect malicious activity and prevent harm.

Answer 16

Sandboxing

Question 17

A process in which system operations automatically switch to a backup component or system in the event of a failure, ensuring continued service availability.

Answer 17

Fail over

Question 18

A method of providing multiple physical paths between a computer and storage devices to increase redundancy and improve performance, ensuring continuous access even if one path fails.

Answer 18

Multipath I/O

Question 19

The process of distributing network or application traffic across multiple servers or resources to optimize performance, prevent overload, and ensure high availability.

Answer 19

Load balancing

Question 20

The simultaneous execution of multiple tasks or processes on different processors or cores to increase computational speed and efficiency.

Answer 20

Parallel processing

Question 21

A more realistic scenario that tests cybersecurity incident response by mimicking actual attacks

Answer 21

Simulation

Question 22

A backup strategy where only data changed since the last backup (either full or incremental) is saved. It reduces storage requirements but requires the last full backup and all previous incremental backups to restore.

Example: After a full backup on Monday, only changes from Tuesday to Wednesday are backed up

Answer 22

Incremental backups

Question 23

A backup method that captures the exact state of a system or data at a specific point in time, often used for virtual machines or databases. It allows quick recovery but may not capture all underlying changes.

Example: This backup captures the current configuration of a virtual machine, enabling quick restoration of its state.

Answer 23

Snapshot backups

Question 24

A traditional backup method that uses magnetic tape to store data, typically used for long-term storage and archiving. Tape backups are slow to restore but offer high capacity and portability.

Example: A company uses these backups to store weekly archives of important data for off-site disaster recovery.

Answer 24

Tape backups

Question 25

A backup method where all changes made since the last full backup are saved. It requires more storage than incremental backups but fewer restore steps.

Example: After a full backup on Monday, this backup on Wednesday includes all changes made since Monday, unlike incremental backups that only capture changes since the last backup.

Answer 25

Differential backups

Question 26

The process of copying data from one system or storage device to another to ensure availability, redundancy, and disaster recovery. It can be synchronous or asynchronous.

Answer 26

Replication

Question 27

A method of recording changes to data in a log (journal) before committing the changes to the database or file system, ensuring consistency and enabling recovery in case of failure.

Answer 27

Journaling

Question 28

A technology that allows a single physical machine to run multiple virtual machines, each with its own operating system and applications, optimizing resource usage and increasing flexibility.

Answer 28

Virtualization

Question 29

A redundancy technique where data is copied exactly from one drive or system to another, ensuring availability and fault tolerance in case of a failure.

Answer 29

Mirroring

Question 30

The component that supplies electrical power to a computer or network device, converting AC power from an outlet into the appropriate DC voltage for internal components.

Answer 30

PSU (Power Supply Unit)

Question 31

A central point in a building or network where all external and internal communication lines are connected and distributed to other network devices or systems.

Answer 31

MDF (Main Distribution Frame)

Question 32

A device used to distribute electrical power to various equipment in a data center or server room, typically offering surge protection and monitoring capabilities.

Answer 32

PDU (Power Distribution Unit)

Question 33

A network equipment closet that connects the MDF to smaller distribution areas (such as individual floors or rooms) and helps manage the distribution of network signals.

Answer 33

IDF (Intermediate Distribution Frame)

Question 34

A device used to distribute electrical power to various equipment in a data center or server room, typically offering surge protection and monitoring capabilities.

Answer 34

PoE (Power over Ethernet)

Question 35

The practice of dividing a network or system into distinct segments based on logical criteria (such as function, role, or security level) rather than physical components, to enhance security and manage traffic more effectively.

Answer 35

Logical segmentation

Question 36

A set of security configurations, standards, and best practices that form a foundation for secure system operations, used to ensure consistency and compliance across systems and networks.

Answer 36

Secure baseline

Question 37

Different levels of access permissions or privileges granted to users or systems based on their roles or needs, dictating what actions can be performed within a system.

Answer 37

Access control levels

Question 38

A security concept where users, systems, or processes are given the minimum level of access necessary to perform their tasks, reducing the risk of unauthorized actions or breaches.

Answer 38

Principle of least privilege

Question 39

The process of gaining full administrative control over an Android device, allowing users to modify system files and settings that are otherwise restricted.

Example: A user roots their phone to install custom ROMs or access system-level features not available through the standard operating system.

Answer 39

Rooting

Question 40

The act of installing apps or software on a device from sources other than official app stores, often by transferring the files directly from a computer or another device.

Answer 40

Sideloading

Question 41

A process of erasing data from a storage device and resetting it to its original state, often involving the creation of new sectors and the removal of all file system structures.

Answer 41

Low-Level Formatting

Question 42

A security feature that allows an administrator or user to remotely erase all data from a device, typically used to protect sensitive information if the device is lost or stolen.

Answer 42

Remote Wipe

Question 43

The practice of separating personal and business data on a device or storage system to enhance security and simplify management, often used in bring-your-own-device (BYOD) scenarios.

Answer 43

Storage Segmentation

Question 44

A security approach where users or systems are granted temporary access to resources or privileges only when needed and for a limited duration, reducing the attack surface.

Answer 44

Just-in-Time Permissions

Question 45

The process of allocating necessary resources (e.g., compute, storage, network) to users, systems, or applications based on demand, ensuring efficiency and scalability.

Answer 45

Resource Provisioning

Question 46

A system or software that enables administrators to monitor, manage, and secure mobile devices used within an organization, including smartphones, tablets, and laptops.

Answer 46

MDM (Mobile Device Management)

Question 47

The process of assessing a physical location to determine the best placement and configuration of network equipment, such as wireless access points, to optimize coverage and performance.

Example: A technician uses signal strength tools to identify the ideal locations for deploying wireless access points in an office building.

Answer 47

Site Survey

Question 48

A visual representation of data showing the strength and distribution of wireless signal coverage in a specific area, often used to optimize network performance.

Example: A network engineer analyzes signal strength across different zones of a building to identify areas with weak connectivity and improve coverage.

Answer 48

Heat Map

Question 49

A Windows-based framework that provides a unified interface for managing and configuring system components using administrative tools, called snap-ins.

Example: An administrator uses a centralized tool to manage user accounts and group policies across multiple systems.

Answer 49

MMC (Microsoft Management Console)

Question 50

A device that combines multiple functions, such as printing, scanning, copying, and faxing, into a single machine to save space and increase efficiency.

Example: An office uses a single device for all document management tasks instead of separate printers and scanners.

Answer 50

MFD (Multi-Function Device)

Question 51

A mobile device policy where the organization provides devices to employees, allowing both business and limited personal use while maintaining control over security and management.

Example: Employees are issued company phones they can use for personal calls while IT enforces encryption and security policies.

Answer 51

COPE (Corporate-Owned, Personally Enabled)

Question 52

A policy that allows employees to use their personal devices for work purposes, requiring measures to secure and manage corporate data on those devices.

Example: Employees access work emails and applications on their personal smartphones while adhering to security guidelines.

Answer 52

BYOD (Bring Your Own Device)

Question 53

A policy where employees select from a list of company-approved devices for work purposes, providing flexibility while maintaining organizational control over security.

Example: Employees choose from pre-approved smartphones and tablets to ensure compatibility with enterprise systems and security standards.

Answer 53

CYOD (Choose Your Own Device)

Question 54

A comprehensive approach to managing and securing all endpoints, such as smartphones, tablets, laptops, desktops, and IoT devices, from a single platform.

Example: Administrators use a unified platform to enforce security policies, update software, and monitor devices across the organization.

Answer 54

UEM (Unified Endpoint Management)

Question 55

The process of ensuring that input provided to a system (e.g., user input, data from an API) meets defined criteria before being processed, helping to prevent attacks such as SQL injection or buffer overflows.

Answer 55

Input validation

Question 56

The process of evaluating a program’s behavior during execution by monitoring it in real-time, typically used to identify security vulnerabilities and performance issues.

Answer 56

Dynamic code analysis

Question 57

A testing technique where random or unexpected inputs are fed into a program to find vulnerabilities such as crashes or unexpected behavior, often used to identify security flaws.

Answer 57

Fuzzing

Question 58

The examination of source code without executing it, aimed at identifying vulnerabilities, coding errors, and compliance violations by reviewing the code itself.

Answer 58

Static code analysis

Question 59

A type of performance testing that evaluates how a system performs under extreme conditions or heavy load, often used to identify breaking points and ensure system reliability.

Answer 59

Stress Testing

Question 60

The process of creating virtual instances of resources (e.g., servers, storage, networks) from a physical system, enabling more efficient use of hardware and easier management of IT environments.

Answer 60

Virtualization

Question 61

A security feature that blocks the execution of unauthorized code in certain memory areas, protecting systems from malicious code execution, like exploits targeting vulnerabilities.

Answer 61

EPC (Execution Prevention Control)

Question 62

A mechanism in programming languages like C++ that handles runtime errors or exceptions by allowing developers to define custom error-handling routines.

Answer 62

SEH (Structured Exception Handling)

Question 63

A programming concept that provides a way to react to exceptional conditions (like errors) in a program’s execution by using structures like try, catch, and finally.

Answer 63

EH (Exception Handling)

Question 64

A data structure that stores information about exceptions raised during program execution, helping in debugging and identifying the root cause of errors.

Answer 64

EXR (Exception Record)

Question 65

A security technique used to randomize the memory address space of processes to make it harder for attackers to predict the location of specific functions or buffers, thus preventing certain types of exploits.

Answer 65

ASLR (Address Space Layout Randomization)

Question 66

The process of rendering data irrecoverable by securely deleting encryption keys, making the encrypted data unreadable without the decryption key.

Answer 66

Cryptographic Erasure

Question 67

A data sanitization method where existing data is replaced with random or meaningless data, making it impossible to recover the original information.

Answer 67

Data overwriting

Question 68

The process of erasing data from magnetic storage devices by using a strong magnetic field to disrupt the device’s magnetic domains.

Answer 68

Degaussing

Question 69

A security measure designed to differentiate between human users and automated bots by presenting challenges that are difficult for machines to solve, such as identifying distorted text or objects in images.

Answer 69

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart)

Question 70

A system for sharing cyber threat indicators (e.g., IP addresses, URLs) between organizations to improve cybersecurity defense by facilitating faster response to threats.

Answer 70

AIS (Automated Indicator Sharing)

Question 71

A standardized language for describing cyber threat intelligence, including tactics, techniques, and procedures (TTPs), making it easier to exchange and analyze threat data.

Answer 71

STIX (Structured Threat Information Expression)

Question 72

A model for describing the behavior or modus operandi of cyber attackers, including their goals (tactics), specific actions (techniques), and how they perform them (procedures).

Answer 72

TTP (Tactics, Techniques, and Procedures)

Question 73

A standardized system for rating the severity of vulnerabilities in software, ranging from 0 (low) to 10 (critical), to help organizations prioritize security efforts.

Answer 73

CVSS (Common Vulnerability Scoring System)

Question 74

A protocol for exchanging cyber threat intelligence between organizations, enabling automated sharing of threat indicators and reducing the time needed to detect and respond to cyber threats.

Answer 74

TAXII (Trusted Automated eXchange of Indicator Information)

Question 75

A type of access control where the owner of a resource determines who can access it and what actions they can perform, typically through permissions.

Answer 75

DAC (Discretionary Access Control)

Question 76

An access control model where permissions are assigned to roles rather than individuals. Users are assigned roles, and access is granted based on the user’s role within the organization.

Answer 76

RBAC (Role-Based Access Control)

Question 77

A type of access control where access to resources is determined by a central authority based on security labels, and users cannot change the access permissions.

Answer 77

MAC (Mandatory Access Control)

Question 78

An access control model where access decisions are based on attributes (such as user roles, resource types, or environmental factors), rather than predefined roles or permissions.

Answer 78

ABAC (Attribute-Based Access Control)

Question 79

A security solution that protects users from web-based threats by filtering traffic and enforcing security policies when users access websites, preventing malicious content and data breaches.

Answer 79

SWG (Secure Web Gateway)

Question 80

A security policy enforcement solution that sits between users and cloud service providers to monitor and control access to cloud applications, ensuring compliance and protecting data.

Answer 80

CASB (Cloud Access Security Broker)

Question 81

A security solution that integrates multiple security products, such as endpoint detection, network monitoring, and threat intelligence, to provide a more comprehensive and automated approach to threat detection and response across an organization’s environment.

Answer 81

XDR (Extended Detection and Response)

Question 82

A security practice that controls and monitors access to critical systems and sensitive information by users with elevated privileges, helping prevent unauthorized access and minimize the risk of insider threats.

Answer 82

PAM (Privileged Access Management)