Security+ 701 Acronyms Flashcards

1
Q

3DES

A

Triple Digital Encryption Standard
Performs encryption in 3 rounds of the same algorithym.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

802.1x

A

Switch Authentication
Standard for controlling access to intranet infrastructure devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Honeypot

A

Fake target
Used to identify and distract hackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AAA

A

Authentication, Authorization, and Accounting
Principle of verififying identity, capability, and use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

ABAC

A

Attribute-based Access Control
Granting accss based upon the characteristic of the subject, such as clearance level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ACL

A

Access Control List
Restricting entry, based upon a listing of controls or permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

AES256

A

Advanced Encryption Standard 256bit
256 bit version of this algorithm is its highest level and is deemed uncrackable by brute force methods.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

AH

A

Authentication Header
AH header transmits in clear text but authenticates and integrity checks each packet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

AI

A

Artificial Intelligence
Simulation of human intelligence and thinking in a machine, including adaptive learning and problem-solving.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

AIS

A

Automatic Indicator Sharing
Automated sharing of threat information between organizations to enhance detection and response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

ALE

A

Annualized Loss Expectancy
Single loss expectancy times the annualized rate of occurrence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

ALG

A

Application Layer Gateway
Type of firewall able to inspect headers and payload in the upper protocol layers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

AP

A

Access Point
Infrastructure connection point for most wireless networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

API

A

Application Programming Interface
Development tools used by programmers that have prebuilt functions with desired utility.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

APT

A

Advanced Persistent Threat
Applications with advanced targeting, zero days and exfiltration techniques that are aimed at particular organizations or industries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

ARO

A

Annualized Rate of Occurrence
Most risk assessments track threats and attacks on an annualized basis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

ARP

A

Address Resolution Protocol
Given the IP address ARP will locate the MAC address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

ASLR

A

Address Space Layout Randomization
This randomizes the location of an application in memory making it harder for attackers to successfully perform the buffer overflow.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

ASP

A

Application Service Provider
An organization provides access to its custom developed softeare, such as accounting or customer management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Asymmetric key

A

Public key
The use of complementary values to disguise and then reveal information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

ATT&CK

A

Adversarial Tactics, Techniques, and Common Knowledge
A database of adversarial tactics and techniques that might be used to compromise systems organizations to enhance threat management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

AUP

A

Acceptable Use Policy
This policy is legally required, if HR wants to fire someone for misuse.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

AV

A

Antivirus
Designed to identify malware, primarily based upon known patterns.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

AV

A

Asset Value
This can be the replacement cost or income derived from something.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

AZFSR

A

Zone transfer
The synchronization of name resolution information between a primary and secondary DNS server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

BASH

A

Bourne again shell
Bash is a UNIX and LINUX command interface and language.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

BCP

A

Business Continuity Plan
The orderly planning for and management of threats and incidents to an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

BGP

A

Border Gatewar Protocol
BGP is for routing exterior traffic between autonomous systems/organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

BIA

A

Business Impact Analysis
This is the prerequisite for disaste recovery and continuity planning to identify potential losses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

BIOS

A

Basic Input / Output System
The now deprecated firmware based initialization code for booting a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

BO

A

Buffer Overflow
Insertion of malicious computer instructions into the RAM of a host to accomplish denial of service or injecting shellcode.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

BPA

A

Business Partners Agreement
This outlines the goals and responsibilities between entities pursuing a common work product.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

BPDU

A

Bridge Protocol Data Unit
Key element in STP to prevent looping.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Brute Force

A

Brute Force Attack
Discovers a hash or encrypted secret by attempting all combinations and permutations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

BSSID

A

Basic Service Set IDentifier
This is the MAC that a wireless device is attached to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

BYOD

A

Bring Your Own Device
The organization compensates the individual for use of their phone in organizational activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

C2

A

Command and Control
Servers that are centrally placed the hold control instructions for illicitly managed hosts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

CA

A

Certificate Authority
This entity issues certificates. After verifying them, and is the center of trust in PKI.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

CAC

A

Common Access Card
A form of identification with photograph, barcode, RFIC and cryptographic storage of private key information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

CAPTCHA

A

Completely Automated Public Turning Test to Tell Computer and Humans Apart

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

CAR

A

Corrective Action Report
A document generated when the defect or error has been detected that has the goal of eliminating a reoccurrence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

CASB

A

Cloud Access Security Broker
A software resource place between users and cloud applications that monitors and enforces policy-based access to cloud resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

CBC

A

Cipher Block Chaining
Each plaintext block is XORed (see XOR) with the immediately previous ciphertext block.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

CBT

A

Computer-Based Training
Courseware or lessons that are delivered via a computer, commonly used for at home and corporate training.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

CCMP

A

Counter-Mode / CBC-MAC Protocol
Each plaintext block is XORed (see XOR) with the immediately previous ciphertext block that includes a message authentication code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

CCTV

A

Closed-circuit TV
Allows monitoring and recording of activities in an area.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

CER

A

Certificate
A generic term for a document that facilitates authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

CER

A

Cross-over Error Rate
The point at which false acceptances are equal to false rejection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

CERT

A

Computer Emergency Response Team
A multi-discipline group designated to handle IT incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

CFB

A

Cipher Feedback
A mode of operation for a block of cipher.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

CHAP

A

Challenge Handshake Authentication Protocol
Commonly used by routers and has several derivatives in use by Microsoft for authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

CIA

A

Confidentiality Integrity Availability
The security triad.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

CIO

A

Chief Information Officer
The most senior official in an organization responsible for the information technology and systems that support enterprise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

CIRT

A

Computer Incident Response Team
A group that investigates and resolves IT security problems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

CIS

A

Center for Internet Security
Its mission is to identify, develop, promote, and lead the world with regard to best practices for cybersecurity solutions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

CMP

A

Change Management Policy
An organizational process designed to facilitate making changes to organizational resoures in such a way that they are identifiable, auditable, and orderly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

CMS

A

Content Management System
These are applications that facilitate the creation, editing, publishing, and archival or web pages and content.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

CN

A

Common Name
An identifying name that may be applied to a directory resource, such as a uder, server, or other object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

COOP

A

Continuity of Operations Plan
Ensuring that vital and primary mission essential functions continue to run, even in the face of emergencies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

COPE

A

Corporate Owned, Personally Enabled
Smart phones owned by the organization but approved for personal use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

CP

A

Contingency Planning
Procedures to follow in the event of a catastrophic incident, even though it may be unlikely.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

CRC

A

Cyclical Redundancy Check
An error checking code, used in digital technology primarily to identify accidental changes to data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

CRL

A

Certificate Revocation List
This is maintained by a certificate authority to identify certificates associated with compromise or lost private keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

CSA

A

Cloud Security Alliance
a nonprofit organization that promotes best practices in security for cloud-based computing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

CSIRT

A

Computer Security Incident Response Team
Information technology personnel whose purpose is to prevent, manage, and coordinate actions about security incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

CSO

A

Chief Security Officer
An executive position in charge of policy and programs to reduce risk in an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

CSP

A

Cloud Service Provider
An organization that provides cloud-based access to infrastructure, storage, and/or applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

CSR

A

Certificate Signing Request
Created by an applicant seeking to gain a certificate from an authority.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

CSRF

A

Cross-site Request Forgery
An attack wherein a message is spoofed from a user to a trusted site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

CSU

A

Channel Service Unit
A connecting device used to link an organization to telco-based T-services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

CTO

A

Chief Technology Officer
The executive person tasked with identifying useful technology, IT strategies and partnerships.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

CTOS

A

Centralized Terminal Operating System
Legacy Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

CTR

A

Counter
This form of encryption is used by AED to perform streaming encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

CVE

A

Common Vulnerabilities and Exposures
A database of known and published software flaws that may impact security that is managed by MITRE.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

CYOD

A

Choose Your Own Device
In this mode of control and acquisition, an employee chooses a device from a company provided list. Ownership may be personal or organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

DAC

A

Discretionary Access Control
The creator has all control over an asset and access to it. The default form of access for Windows.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

DBA

A

Database Administrator
This role is filled by personnel capable of managing automated and large infromation repositories.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

DDoS

A

Distributed Denial of Service
This attack methodology involves a multitude of remotely controlled devices focusing upon a single target.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

DEP

A

Data Execution Prevention
An operating system memory management technique that prevents user data from overlapping into computer instructions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

DER

A

Distinguished Encoding Rules
A commonly used method of encoding the data that makes up the certificate using ASN.1.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

DES

A

Digital Encryption Standard
The first US government standard for symmetric encryption. It has a 56 bit key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

DHCP

A

Dynamic Host Configuration Protocol
This is an extension of BOOTP and is used to dynamically allocate IPs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

DHE

A

Diffie-Hellman Ephemeral
This is a key exchange algorithm that enhances confidentiality by discarding the session keys after use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

DKIM

A

Domain Keys Identified Mail
A messaging secyruty standard designed to facilitate non-repudiation between sender and receiver.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

DLL

A

Dynamic Link Library
These files are not directly executed but are called up by an application when certain additional functions or libraries are needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

DLP

A

Data Loss Prevention
Strategies and applications that prevent data theft or illicit access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

DMARC

A

Domain Message Authentication Reporting and Conformance
This is an email security standard designed to allow domains to protect themselves from unauthorized use and spoofing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

DMZ

A

Demilitarized Zone
The permiter area where the outside world may access certain services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

DNAT

A

Destination Network Address Translation
The initial destination of a packet as it enters a NET system to be redirected to another destination.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

DNS

A

Domain Name Service (Server)
An application that handles symbolic name to address mappings, as well as the reverse.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

DNSSEC

A

Domain Name System Security Extensions
An array of tools devised by the IETF to secure DNS transactions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

DoS

A

Denial of Service
A one on one attack that causes access or utility to cease.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

DPO

A

Data Protection Officer
A senior officer responsible for an organization’s data protection strategies and compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

DRP

A

Disaster Recovery Plan
The immediate plans for recovery of operations or services in the event of a catastrophic incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

DSA

A

Digital Signature Algorithm
An algorithm created by the NSA to implement non-repudiation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

DSL

A

Digital Subscriber Line
High-speed Internet conductivity based upon existing infrastructure for telephones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

EAP

A

Extensible Authentication Protocol
A derivative of PPP used by wired and wireless networks to validate connections.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

ECB

A

Electronic Code Book
A mode of symmetric encryption that divides the message into each block and encrypts them separately.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

ECC

A

Elliptic Curve Cryptography
An algorithm commonly used for key exchange that relies upon geometric complexities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

ECDSA

A

Elliptic Curve Digital Signature Algorithm
This signing technique employs the complexities of geometry, instead of factoring prime numbers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

ECHDE

A

Elliptic Curve Diffie-Hellman Ephemeral
Used to negotiate a temporary shared secret using a public and private key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

EDR

A

Endpoint Detection Response
An intranet technology designed to protect access to the infrastructure, identify threats and quarantine known offenders.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

EF

A

Exposure Factor
Typically referenced as a percentage of value indicating value lost from one attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

EFS

A

Encrypted File System
A cryptosystem built into Microsoft that allows selective encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

EIP

A

Extended Instruction Pointer
A programming concept that points an application to the bottom or next step in execution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
106
Q

EMI

A

Electromagnetic Interference
Typically associated with accidental radiation of signals that interfere with IT systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
107
Q

EMP

A

Electro Magnetic Pulse
Large and significant discharge of signals that can create a denial of service in transmission and storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
108
Q

EOL

A

End of Life
This term identifies when a product has reached the end of its useful life according to the vendor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

ERP

A

Enterprise Resource Planning
Business process management integrated into multiple aspects of an organization, its services, and human resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
110
Q

ESN

A

Electronic Serial Number
n identifying number created by the Federal Communications Commission to uniquely identify mobile devices and radios.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
111
Q

ESP

A

Encapsulated Security Payload
A header used in IPSEC to create confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
112
Q

EULA

A

End User License Agreement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
113
Q

FACL

A

File System Access Control List
This is creating filters or restrictions on disk storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
114
Q

FAR

A

False Acceptance Rate
When biometrics malfunction, incorrectly granting permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
115
Q

FDE

A

Full Disk Encryption
Enforcing confidentiality across the entire storage device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
116
Q

FIM

A

File Integrity Monitoring
A defensive control designed to assess or validate the integrity of files, such as Tripwire.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
117
Q

FPGA

A

Field Programmable Gate Array
An integrated circuit or chip that may be revised or configured after manufacture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
118
Q

FRR

A

False Rejection Rate
A biometric measurement, indicating the rate at which authorized personnal are forbidden access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
119
Q

FTP

A

File Transfer Protocol
A file management application designed to insecurely upload and download files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
120
Q

FTPS

A

File Transfer Protocol - Secure
A relative of the HTTPS implemented in the same way with certificates and key exchange.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
121
Q

Full BU

A

Full Backup
It moves files to alternative media that regardless of whether the archive bit is set, and then it clears it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
122
Q

GCM

A

Galois Counter Mode
Useful for protecting packet data as it has little latency and minimum operation overhead.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
123
Q

GDPR

A

General Data Protection Regulation
A law from the EU that directs protection and privacy of personal information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
124
Q

GPG

A

Gnu Privacy Guard
The free ancarnation of a popular cryptosystem, commonly used to secure email.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
125
Q

GPO

A

Group Policy Object
A feature of Windows that provides centralized management of configuration and settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
126
Q

GPS

A

Global Positioning System
A satellite-based protocol that can closely identify the location or asset.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
127
Q

GPU

A

Graphic Processing Unit
These processors have an alternate use in discovering keys and cracking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
128
Q

GRE

A

Generic Routing Encapsulation
An old and standard protocol that inserts one packet within another.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
129
Q

HA

A

High Availability
Ensuring that system uptime extends longer than what is normally would.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
130
Q

HIDS

A

Host-based Intrusion Detection System
A defensive application that identifies anomalous or malicious activities with a device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
131
Q

HIPS

A

Host-based Intrusion Prevention System
A defensive application that prevents anomalous or malicious activities within a device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
132
Q

HMAC

A

Hashed Message Authentication Code
Implementing non-repudiation via an exchanged value and hashing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
133
Q

Honeynet

A

Honeypot network
A sophisticated system designed to locate, discover, distract and otherwise observe malicious behavior.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
134
Q

Host Firewall

A

Software firewall
The last line of defense for a system against a malicious intranet host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
135
Q

HOTP

A

HMAC-based One-Time Password
Performs authentication by requiring a user to enter a system generated code into a hashing or calculating algorithm that produces a response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
136
Q

HSM

A

Hardware Security Module
These key management systems are ideally suited for automated private key transactions that require strong security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
137
Q

HDD

A

Hard Disk Drive
A mass storage system, typically implemented with spinning platters and heads that perform reading and writing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
138
Q

HTML

A

Hypertext Markup Language
The scripting used by browsers to interpret and display content.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
139
Q

HTTP

A

Hypertext Transfer Protocol
The means by which HTML and images are viewed and accessed by browsers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
140
Q

HTTPS

A

Hypertext Transfer Protocol over SSL/TLS
Performing HTTP over an encrypted channel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
141
Q

HVAC

A

Heating, Ventilation and Air Conditioning
The heating, cooling, and other environmental aspects of a building.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
142
Q

IaaS

A

Infrastructure as a Service
Implementing cloud-based networks, servers, and other infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
143
Q

IaC

A

Infrastructure as Code
Management and provisioning of infrastructure systems and divides by code and settings versus manual and physical means.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
144
Q

IAM

A

Identity and Access Management
The policies, procedures, and technologies that facilitate ensuring that only the appropriate personnel have access to resources in an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
145
Q

ICMP

A

Internet Control Message Protocol
A multifunctional protocol designed to perform network testing and report errors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
146
Q

ICS

A

Industrial Control Systems
Semi-intelligent devices used to control industrial or scientific equipment from central consoles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
147
Q

IDEA

A

International Data Encryption Algorithm
This is a symmetric cipher that is block-oriented, with the key size of 128 bits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
148
Q

IDF

A

Intermediate Distribution Frame
The wiring panels linked by risers between floors to perform cross-connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
149
Q

IdP

A

Identity Provider
A service that contains subjects and can perform centralized authentication on behalf of service providers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
150
Q

IDS

A

Intrusion Detection System
A generic term referring to generating alerts for malicious activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
151
Q

IEEE

A

Institute of Electrical and Elctronic Engineers
The mission of the IEEE is to promote and develop technological advances for the benefit of humanity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
152
Q

IKE

A

Internet Key Exchange
This is used prior to IPSEC for the nefotiation, exchange, and management of symmetric key information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
153
Q

IM

A

Instant Messaging
A class of online chat that offers real-time transmission of messages over the Internet and local area networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
154
Q

IMAP4

A

Internet Message Access Protocol v4
This applications listens on TCP/143 and it is clear text form.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
155
Q

IoC

A

Indicators of Compromise
Artifacts and other forensic data that may be used to identify illicit activity, malware and data breaches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
156
Q

IoT

A

Internet of Things
A reference to network devices that typically have little defensive capability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
157
Q

IP

A

Internet Protocol
A layer 3 system for addressing, fragmenting, reassembly and delivery of datagrams.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
158
Q

IPSec

A

Internet Protocol Security
Generally considered the most secure remote access protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
159
Q

IR

A

Incident Response
A generic reference to steps to be taken after specific adverse events occur.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
160
Q

IRC

A

Internet Relay Chat
A protocol commonly implemented by helpdesks and Bots.

161
Q

IRP

A

Incident Response Plan
Devised plans to be implemented upon the manifestation of a specific threat.

162
Q

ISA

A

Interconnection security Agreement
The agreed-upon measures, settings, and protocols taken by two organizations to facilitate communication.

163
Q

ISFFW

A

Internal Segmentation Firewall
A network firewall placed on the intranet to separate two different security zones.

164
Q

ISO

A

International Organization for Standardization
An international nonprofic organization that develops and publishes standards.

165
Q

ISP

A

Internet Service Provider
An organization that facilitates access to a worldwide digital network.

166
Q

ISSO

A

Information Systems Security Officer
An organizational role charges with developing, implementing, testing and reviewing IT security.

167
Q

ITCP

A

IT Contingency Plan
Minimizing risk by identifying threats of the vulnerabilities in the appropriate measures to limit or prevent them.

168
Q

IV

A

Initialization Vector
This is a random number that augments a secret key to enhance security for a session.

169
Q

KDC

A

Key Distribution Center
The key server in a Kerberos realm that has access to the keys for all principles.

170
Q

KEK

A

Key Encryption Key
Protects a private or secret key from unauthorized access or disclosure.

171
Q

L2 Device

A

Switch
Filter and forward data at the MAC layer.

172
Q

L2TP

A

Layer 2 Tunneling Protocol
Supports VPN site to site connections but does not encrypt.

173
Q

L3 Device

A

Router
This is an infrastructure device that interconnects networks and can span different technologies.

174
Q

LAN

A

Local Area Network
A network composed of relatively short-range protocols that facilitate swift transfer of information.

175
Q

LDAP

A

Lightweight Directory Access Protocol
This is a protocol designed to work with AD or NDS information from a tree.

176
Q

LEAP

A

Lightweight Extensible Authentication Protocol
Commonly integrated with Cisco systems to facilitate centralized authentication.

177
Q

Logic Bomb

A

Insider alteration
A catefory of malicious activity, wherein an authorized user adds unwanted instructions.

178
Q

MaaS

A

Monitoring as a Service
The staging of general purpose or security management systems on the cloud that manage local agent-based systems.

179
Q

MAC

A

Mandatory Access Control
A strict form of access control that prevents subjects from accessing objects above their security level.

180
Q

MAC

A

Media Access Control
This is typified by a network interface card, along with its unique burned in identifying number.

181
Q

MAM

A

Mobile Application Management
Management software designed to allow an enterprise to maintain control over its mobile devices, smart phones, and tablets.

182
Q

MAN

A

Metropolitan Network
A general description of a technology that allows access across entire minicipal areas.

183
Q

MBR

A

Master Boot Record
A pointer to an area on the disk where initial loading information is stored.

184
Q

MD5

A

Message Digest 5
One of the oldest hashing algorithms.

185
Q

MDF

A

Main Distribution Frame
This is the centralized connection point between intermediate distribution frames and the outside world.

186
Q

MDM

A

Mobile Device Management
Software that centrally controls the security aspects and configuration of smart phones.

187
Q

MFA

A

Multifactor Authentication
Requiring the use of two or more of location, something you know, have, are or do.

188
Q

MFD

A

Multi-function Device
Office equipment, typically a printer, that is able to fac, photocopy and scan documents.

189
Q

MFP

A

Multifunction Printer
A printer that can fax, photocopy, and scan documents.

190
Q

MITM

A

Man-in-the-Middle
An attacker insinuates itself between a client and a server, observing or modifying communication.

191
Q

ML

A

Machine Learning
A component of artificial intelligence that enables a system to learn, adapt, and improve based upon inputs without having to be reprogrammed.

192
Q

MMS

A

Multimedia Message Service
A protocol intended to facilitate multimedia transfer over SMS.

193
Q

MOA

A

Memorandum of Agreement
This is a document that describes the cooperative work to be taken together by two parties toward an objective.

194
Q

MOU

A

Memorandum of Understanding
This provides terms and details necessary for two parties to work together.

195
Q

MPLS

A

Multi-Protocol Label Switching
This is used by WAN providers to quickly forward data using short and discrete labels, rather than complex network addresses.

196
Q

MSA

A

Master Service Agreement
An agreement between parties that establishes what terms and conditions will govern a range of activities.

197
Q

MSCHAP

A

Microsoft Challenge Handshake Authentication Protocol
Uses an initial handshake to create a nonce added to the hashed ID and secret to create varying outputs.

198
Q

MSP

A

Managed Service Provider
A specialty provider of IT services management contracted by a client.

199
Q

MSSP

A

Managed Security Service Provider
A contracted service wherein an outside party manages, monitors, and maintains security services, including firewalls, intrusion detection, virtual private networks, and endpoint security.

200
Q

MTBF

A

Mean Time Between Failures
The estimation as to how often serious errors occur, typically measured in thousands of hours.

201
Q

MTTF

A

Mean Time to Failure
Measures the average amount of time an asset operates before it has a serious failure.

202
Q

MTTR

A

Mean Time to Recover or Mean Time to Repair
A standard recovery statistic indicating swiftness of DRP responses.

203
Q

MTU

A

Maximum Transmission Unit
The maximum number of bytes allowed within a datalink technology.

204
Q

NAC

A

Network Access Control
A technology primarily used for local access control that may involve MAC addresses and 802.1x.

205
Q

NAS

A

Network-attached Storage
File oriented storage of computer information across the network on a central device that may be using multiple storage media.

206
Q

NAT

A

Network Address Translation
This is commonly implemented by firewalls and is used to remap address space on the inside to one or several addresses on the outside edge.

207
Q

NDA

A

Non-disclosure Agreement
A legally binding agreement, compelling parties to not reveal information to others.

208
Q

NFC

A

Near Field Communication
This is a short range wireless technology, commonly used for payment systems and person-to-person data exchanges.

209
Q

NFV

A

Network Function Virtualization
An architectural concept that utilizes virtual machines and virtual infrastructures to connect and manage networks.

210
Q

NG-SWG

A

Next-generation Secure Web Gateway
A cloud-based defensive measure designed to protect users from web-based threats and to provide enforcement of corporate policies.

211
Q

NGFW

A

Next-generation Firewall
Considered a third-generation technology, this type of firewall implements multiple security measures, such as filtering, VPN, social media monitoring and more to provide protection.

212
Q

NIDS

A

Network-based Intrusion Detection System
The technology used to scan packet data for threats and exploits.

213
Q

NIPS

A

Network-based Intrusion Protection System
A technology that identifies and stops attacks by inspecting network information.

214
Q

NIST

A

National Institute of Standards and Technology
A government group that publishes recommendations and standards, many related to IT security.

215
Q

NOC

A

Network Operations Center
IT network management, monitoring and control are performed here.

216
Q

NOP

A

No operation
A common element in memory corruption attacks.

217
Q

NTFS

A

New Technology File System
The file system used by Windows that incorporates multilevel security.

218
Q

NTP

A

Network Time Protocol
This protocol is necessary to support Kerberos and its requirement for close chronograph management.

219
Q

OAUTH

A

Open Authorization
An authentication mechanism that allows secure delegated access.

220
Q

OCSP

A

Online Certificate Status Protocol
This protocol is used by the client to validate the status of a received certificate.

221
Q

OID

A

Object Identifier
This is a value, commonly associated with SNMP that is used to identify aspects of a managed device or system.

222
Q

OS

A

Operating System
The software on a system initially loaded that regulates access to resources and facilitates the execution of applications.

223
Q

OSI

A

Open Systems Interconnection
A seven layer scheme that identifies commonly implemented features involved in networked applications and systems.

224
Q

OSINT

A

Open-source Intelligence
Accessing data stores of information that enable one to collect, analyze and discern useful information from publicly available resources.

225
Q

OSPF

A

Open Shortest Path First
An open standard routing protocol capable of dynamic routing and the secure transfer of routing table information.

226
Q

OT

A

Operational Technology
Associated with industrial controls and processes, this refers to systems that identify changes, perform monitoring and control industrial equipment resources.

227
Q

OTA

A

Over the Air
A general technology category of systems that use wireless and cellular means to obstain new data or updates.

228
Q

OTG

A

On-the-Go
A technical specification for USB devices that allow them to act as hosts and facilitate connections from the other USB devices, such as mice and keyboards.

229
Q

OTP

A

One-time Password
Implement the authentication with a secret that expires upon initial access.

230
Q

OTP

A

One-time pad
Involves a key that is as long as the message but may only be used once.

231
Q

OVAL

A

Open Vulnerability Assessment Language
A derivative of the SCAP program to automate vulnerability detection and management.

232
Q

OWASP

A

Open Web Application Security Project
A nonprofit international organization that facilitates education, secure development, documentation, tools, and other technologies to enhance web applications.

233
Q

P12

A

PKCS #12
This format allows for the storage of both public and private keys in open or encrypted form.

234
Q

P2P

A

Peer to Peer
A headless file sharing system that has no centralized point of control and facilitates wide-open file sharing.

235
Q

PaaS

A

Platform as a Service
A form of access that allows an organization to create and run its own applications on the cloud.

236
Q

PAC

A

Proxy Auto Configuration
A JavaScript based technology that regulates the configuration of browsers and their use of web proxies.

237
Q

PAM

A

Pluggable Authentication Modules
Dynamically, loadable authentication libraries used on Linux.

238
Q

PAP

A

Password Authentication Protocol
This is an insecure authentication protocol, sometimes used between routers.

239
Q

PAT

A

Port Address Translation
Address translation that multiplexes many internal addresses through one or a few external addresses, linking connections based upon the source port.

240
Q

Patch Management

A

Configuration and baseline maintenance
An application designed to identify compliance deviations and variance from a baseline, and then rectify it.

241
Q

PBKDF2

A

Password-based Key Derivation Function 2
This cryptographic function, processes, and otherwise insecure secret through repeated rounds of hashing to create a longer key value.

242
Q

PBX

A

Private Branch Exchange
The point of interface between public switched telephone network and an organization’s internal telephony.

243
Q

PCAP

A

Packet Capture
Sniffing and recording network data into a file for later analysis.

244
Q

PCI DSS

A

Payment Card Industry Data Security Standard
A nongovernmental security standard that regulates the implementation and security of web payment gateways.

245
Q

PDU

A

Power Distribution Unit
This is a multiple output device that regulates the power supply and its quality to multiple devices within a rack of devices in a data center.

246
Q

PE

A

Portable Executable
This is a format for code run by Windows systems and 32 or 64 bit mode.

247
Q

PEAP

A

Protected Extensible Authentication Protocol
An EAP form that send MSCHAP credentials secured within a TLS envelope.

248
Q

PED

A

Portable Electronic Device
Small electronics, such as beepers, calendars, and note applications used prior to smart phones.

249
Q

PEM

A

Privacy-enhanced Electronic Mail
This is one of the oldest formats of certificates and uses of Base64.

250
Q

PFS

A

Perfect Forward Secrecy
This is the property of Key management where in the loss of one key is not in danger data encrypted with earlier session keys.

251
Q

PFX

A

Personal Echange Format
A binary format for storing or sending server certificates and private keys.

252
Q

PGP

A

Pretty Good Privacy
A widely used cryptosystem initially used for securing email by encryption and digital signatures.

253
Q

PHI

A

Personal Health Information
Typically sensitive information regarding the health of an individual.

254
Q

PII

A

Personally Identifiable Information
This is data or pieces of data that uniquely correspond or identify one individual and requires special handling.

255
Q

PIN

A

Personal Identification Number
Knowledge-based authentication using a single value or number.

256
Q

PIV

A

Personal Identity Verification
An identification card that contains a photograph, RFID, barcode, and cryptographically stored PKI information.

257
Q

PKCS

A

Public Key Cryptography Standards
Public-key encryption standards developed by RSA Security.

258
Q

PKI

A

Public Key Infrastructure
The processes and management associated with the identification and validation of certificates and public keys.

259
Q

PoC

A

Proof of Concept
An implementation of an idea or theory that establishes its validity commonly associated with vulnerabilities and exploits.

260
Q

POODLE

A

Padding Oracle on Downgrade Legacy Encryption
An attack technique that could subvert confidentiality in an SSL connection.

261
Q

POP

A

Post Office Protocol
This protocol listens on TCP/110 and downloads messages from the server.

262
Q

Port Scan

A

Network mapping and service enumeration
Performing address and host discovery, along with identifying listening applications.

263
Q

POTS

A

Plain Old Telephone Service
The old form of telephony that implemented and dedicated copper connections vs. packet advised voice transmission.

264
Q

PPP

A

Point-to-Point Protocol
This is a layer 2 technology implemented to facilitate communication between endpoints or routers.

265
Q

PPTP

A

Point-to-Point Tunneling Protocol
A largely deprecated protocol used for establishing tunnels and securing packet ice communication.

266
Q

PSK

A

Pre-shared Key
Managing key establishment and management by using pre-established relationships and non-automatic exchange methods.

267
Q

PTZ

A

Pan-Tilt-Zoom
The property of a camera to be able to swivel in various directions on demand.

268
Q

PUP

A

Potentially Unwanted Program
Defined by policy, this is software that provides functionality in violation of authorized use.

269
Q

QA

A

Quality Assurance
The monitoring and control function an organization that identifies, prevents, or corrects errors in processes, procedures, or products.

270
Q

QoS

A

Quality of Service
A networking function that seeks to reserve bandwidth in order to preserve the timing and availability of communication, especially as it pertains to multimedia.

271
Q

RA

A

Recovery Agent
The party in PKI who is capable of obtaining a private key locked away in escrow.

272
Q

RA

A

Registration Authority
This is the entry point of a subject into PKI. It is here that the party establishes and verifies identity before obtaining keys.

273
Q

RAD

A

Rapid Application Development
A model of application development that very quickly works through the development phases.

274
Q

RADIUS

A

Remote Authentication Dial-in User Server
The most common centralized authentication service.

275
Q

RAID

A

Redundant Array of Inexpensive Disks
A set of standards that specify verying levels of fault tolerance, performance and system requirements for hard drive data storage.

276
Q

RAM

A

Random Access Memory
This is a form of storage that allows specific and independent access to information and does not require a sequential read or write.

277
Q

Ransomware

A

Cryptovirology
Requires payment for return of information.

278
Q

RAS

A

Remote Access Server
A Microsoft specific term that relates to servers that facilitate modem-based access to in intranet.

279
Q

RAT

A

Remote Access Trojan
Software that implements illicit remote control software.

280
Q

RBAC

A

Role-based Access Control
A model of access control, typically implmeneted in an inverted tree, where rights float down.

281
Q

RBAC

A

Rule-based Access Control
A model of access regulation commonly used for firewalls and physical controls.

282
Q

RC4

A

Rivest Cipher version 4
A now deprecated encryption algorithm used by SSL and WEP.

283
Q

RDP

A

Remote Desktop Protocol
Allows access to a system for remote management and help desk operations.

284
Q

RFC

A

Request for Comments
Documents that are largely specifications and definitions for entities on the Internet.

285
Q

RFID

A

Radio Frequency Identifier
This is a common choice for tracking small devices and objects, as well as doorwar access control.

286
Q

RIPEMD

A

RACE Integrity Primitives Evaluation Message Digest
This is a hashing algorithm.

287
Q

RMF

A

Risk Management Framework
This risk management paradigm was promulgated by the US government.

288
Q

ROI

A

Return on Investment
This is the primary metric to be used when evaluating whether something is worth the time, effort, or cost.

289
Q

Rootkit

A

Enables and hides access
Implemented by an attacker to prevent discovery or observation of activities.

290
Q

RPO

A

Recovery Point Objective
A metric that identifies the number of transactions or quantity of data that can be acceptably lost.

291
Q

RSA

A

Rivest, Shamir, and Adleman
This algorithm relies on factoring large prime numbers.

292
Q

RTBH

A

Remotely Triggered Blackhole
Cisco term that refers to a filtering technique that dumps unwanted traffic prior to being received in the target network.

293
Q

RTO

A

Recovery Time Objective
A metric that identifies the maximum amount of time allowed for an outage.

294
Q

RTOS

A

Real-time Operating System
These are operating systems that work in real-time, such as manufacturing and robotics.

295
Q

RTP

A

Real-time Transport Protocol
One of several protocols used for telephony/audio/video.

296
Q

S/MIME

A

Secure / Multipurpose Internet Mail Extensions
Developed by RSA, this is a formatting standard originally created for implementing digital signatures and encryption with public key infrastructure.

297
Q

SaaS

A

Software as a Service
A minimal cloud asset that allows access to one application or port.

298
Q

SAE

A

Simultaneous Authentication of Equals
Based upon Dragonfly, this key management system incorporates elements of Diffie Hellman and is part of WPA3.

299
Q

SAML

A

Security Assertions Markup Language
A method of exchanging credentials via a trusted authentication service.

300
Q

SAN

A

Storage Area Network
A remote file system access via Internet-based protocols.

301
Q

SAN

A

Subject Alternative Name
Embedding multiple names for server within a single certificate.

302
Q

SCADA

A

System Control and Data Acquisition
Industrial controls automation the network-based management systems that control many remote, small, embedded devices.

303
Q

SCAP

A

Security Content Automation Protocol
This is a framework promoted by the US government to create open standards for the automation of information assurance.

304
Q

SCEP

A

Simple Certificate Enrollment Protocol
This is a technology that is highly resistant to dictionary attacks and is designed to replace Pre-shared Keys and WPA2-Personal

305
Q

SCP

A

Secure Copy
A command line application that will securely upload or download files to work from a remote host.

306
Q

SCSI

A

Small Computer System Interface
A host bus interface to connect to multiple hard drives.

307
Q

SDK

A

Software Development Kit
Tools, APIs, and applications created by a vendor to allow development and customization.

308
Q

SDLC

A

Software Development Life Cycle
The sequence of processes involved in the creation and management of software.

309
Q

SDLM

A

Software Development Life Cycle Methodology
The stages or phases of a software-based application as it goes from inception to maintenance.

310
Q

SDN

A

Software Defined Network
Using virtualization to create, manage, and secure networks between various sytems.

311
Q

SDP

A

Service Delivery Platform
The elements that procide service delivery, session management, and other key components to a client.

312
Q

SDV

A

Software-defined Visibility
The capability implemented with software that allows for the organization to closely inspect network traffic from an array of collectors and sensors.

313
Q

SED

A

Self-encrypting Drive
Storage devices that are capable of implementing high-grade encryption without additional software or resources.

314
Q

SFTP

A

Secured File Transfer Protocol
This application runs over TCP/22 and encrypts control and data functions.

315
Q

SHA

A

Secure Hashing Algorithm
A now deprecated hashing algorithm that has been in very common use.

316
Q

SHE

A

Structured Exception Handler
This is the facility within Windows that identifies memory corruption and contingencies.

317
Q

SHTTP

A

Secure Hypertext Transfer Protocol
An obsolete alternative to the HTTPS protocol.

318
Q

SIEM

A

Security Information and Event Management
These servers collect, aggregate, and analyze data from multiple sources to identify threats and dangerous trends.

319
Q

SIM

A

Subscriber Identity Module
An integrated circuit that identigies a phone and subscriber.

320
Q

SIP

A

Session Initiation Protocol
This is used to signal, start up, maintain and terminate real-time communication services between endpoints using Internet protocol.

321
Q

SLA

A

Service Level Agreement
An agreement on the characteristics of quality and performance between two parties.

322
Q

SLE

A

Single Loss Expectancy
The value of an asset multiplied times the exposure factor.

323
Q

SMB

A

Server Message Block
This is a core Microsoft protocol used for general access and authentication.

324
Q

SMS

A

Short Message Service
Protocol used by cell phones to exchange brief text-based messages.

325
Q

SMTP

A

Simple Mail Transfer Protocol
The vulnerable application responsible for forwarding email to a destination server or receiving it from a sender.

326
Q

SMTPS

A

Simple Mail Transfer Protocol Secure
The secured application responsible for forwarding email to a destination server or receiving it from a sender.

327
Q

SNMP

A

Simple Network Management Protocol
A network-based application designed to discover device status, change configuration and receive errors and exceptions.

328
Q

SOAP

A

Simple Object Access Protocol
The structured markup used to identify components of service oriented architecture messages.

329
Q

SoC

A

System on Chip
The minimization of an application and operating system to a state that will fit on an integrated circuit.

330
Q

SOC

A

Security Operations Center
This is a hub of operations and communication that focuses on security incidents and management at a technical level.

331
Q

SOW

A

Statement of Work
It is a narrative description of ap roject’s work requirement.

332
Q

SPF

A

Sender Policy Framework
An email validation architecture designed to detect and eliminate spoofing and spamming through approved mail exchangers.

333
Q

SPIM

A

Spam over Internet Messaging
Chat messages delivered as a hoax were to induce purchase.

334
Q

SPIT

A

Spam over Internet Telephony
The use of SMS to deliver unwanted messages.

335
Q

SPoF

A

Single Point of Failure
A device, business process or persn that is critical to a business and has no redundancy.

336
Q

SQL

A

Structured Query Language
An industry-standard mass information repository retrieval system.

337
Q

SRTP

A

Secure Real-Time Protocol
A secure form of Internet protocol-based telephony.

338
Q

SSD

A

Solid State Drive
Nonvolatile storage using persistent solid-state flash memory to store and retrieve information.

339
Q

SSH

A

Secure Shell
This protocol, runs over TCP/22 and encrypts its exchanges.

340
Q

SSID

A

Service Set Identifier
An identifier for a wireless network.

341
Q

SSL

A

Secure Sockets Layer
A certificate-based authentication and encryption application that would securely process any TCP-based layer 7 protocol.

342
Q

SSO

A

Single Sign-on
An authentication architecture that relies on a central system and its authentication to authorize users for other servies using a single set of credentials.

343
Q

STIX

A

Structured Threat Information eXpression
Developed by OASIS and MITRE, this is an international standard for sharing intelligence and threat information.

344
Q

STP

A

Shielded Twisted Pair
Four pairs of wires wrapped in foil that is grounded to prevent interference and eavesdropping.

345
Q

SWG

A

Secure Web Gateway
A system used by enterprises to protect the intranet from hostile or unsecured traffic, commonly implemented in a cloud-based solution.

346
Q

TACACS+

A

Terminal Access Controller Access Control System Plus
This was initially used by Cisco as centralized authentication for its routers and switches.

347
Q

TAXII

A

Trusted Automated eXchange of Indicator Information
This defines four different services (discovery, collection, inbox, and polling) for the purpose of sharing intelligence and threat information between organizations.

348
Q

TCP

A

Transmission Control Protocol
An upper layer protocol that requires handshakes, acknowledgements, and a graceful close.

349
Q

TCPDump

A

Wireshark alternative
It is a command Linux base dnetwork analysis tool.

350
Q

TGT

A

Ticket Granting Ticket
This is returned after a user successfully authenticates to a KDC.

351
Q

TKIP

A

Temporal Key Integrity Protocol
A protocol for key management and change used by WPA.

352
Q

TLS

A

Transport Layer Security
This is now incorporated into HTTPS and allows for AES and other more recent cryptographic algorithms.

353
Q

TOTP

A

Time-based One-time Password
A physical token-based authentication system with an access code that changes regularly.

354
Q

TOU

A

Time-of-use
The point in time when information is fetched and employed.

355
Q

TPM

A

Trusted Platform Module
A cryptographic chipset that contains key information to allow encryption and ensure device integrity.

356
Q

Trojan

A

Trojan horse
This is a methodology of approaching a target by disguising one thing or activity as something to achieve insertion.

357
Q

TSIG

A

Transaction Signature
The component of the name resolution message that performs authentication in DNSSEC.

358
Q

UAT

A

User Acceptance Testing
This is the phase of development wherein the client decides if it is correct.

359
Q

UAV

A

Unmanned Aerial Vehicle
Remotely piloted aircraft.

360
Q

UDP

A

User Datagram Protocol
A datagram protocol that has no handshake, close, or acknowledgement requirement.

361
Q

UEBA

A

User and Entity Behavior Analytics
The tools and resources used to analyze insider threats and to proactively prevent fraud and exfiltration.

362
Q

UEFI

A

Unified Extensible Firmware Interface
The modern solution for the boot up environment of computer.

363
Q

UEM

A

Unified Endpoint Management
Software that may be implemented to protect devices, servers, and other endpoints from a variety of threats that can be managed from a single interface.

364
Q

UPS

A

Uninterruptable Power Supply
This is typically a battery-powered device that provides temporary electric support.

365
Q

URI

A

Uniform Resource Identifier
This is the file/resource portion of a URL, typically located at the end.

366
Q

USB

A

Universal Serial Bus
Multiplatform specification for integrating peripherals into computer systems.

367
Q

USB OTG

A

USB On The Go
An extension of the USB specification that allows it to integrate with devices such as tablets and smart phones.

368
Q

UTM

A

Unified Threat Management
This is a multifunction firewall system, commonly supporting VPN, NAT, antivirus, spam filtering, intrusion detection, and content filtering.

369
Q

UTP

A

Unshielded Twisted Pair
Commonly known as four-pair, in ubiquitous use for data networking wired connections.

370
Q

VA

A

Vulnerability Assessment
An operational defense designed to proactively discover flaws, incorrect configurations and outdated applications.

371
Q

VBA

A

Visual Basic
An old microsoft programming language

372
Q

VDE

A

Virtual Desktop Environment
Hosting a desktop operating system on centralized server and allowing users to remotely access it.

373
Q

VDI

A

Virtual Desktop Infrastructure
Hosting a desktop operating system on a centralized server and allowing users to remotely access it.

374
Q

VLAN

A

Virtual Local Area Network
A technology for isolating and nodes attached to switches into various groups to enhance performance and create isolation-based security.

375
Q

VLSM

A

Variable Length Subnet Masking
An IP network masking technique that does not require full bytes in each position of the mask.

376
Q

VM

A

Virtual Machine
The implementation of an operating system within an application running on top of another host.

377
Q

VolP

A

Voice Over IP
Converting analog sound into packet eyes data for efficient transport over the Internet.

378
Q

VPC

A

An implementation of cloud computing where in the cloud service provider reserves resources for particular group or customer, providing isolation.

379
Q

VPN

A

Virtual Private Network
the transmission of information in a protected form over potentially hostile mediums.

380
Q

VTC

A

Video Teleconferencing
Video or audio conductively between remote sites.

381
Q

WAF

A

Web Application Firewall
A filtering device designed to perform deep content inspection to identify application threats.

382
Q

WAP

A

Wireless Access Point
The hub of communication in a radio-based data network.

383
Q

WEP

A

Wired Equivalent Privacy
The now deprecated authentication and confidentiality measures used by 802.11 networks.

384
Q

WIDS

A

Wireless Intrusion Detection System
This is an intrusion sensor that looks for 802.11-related threats.

385
Q

WIPS

A

Wireless Intrusion Prevention System
This is an intrusion sensor that stops 802.11-related threats.

386
Q

WO

A

Work Order
An authorization or request for labor or an operation.

387
Q

WORM

A

Write Once Read Many
One-way writing of logs and performance data.

388
Q

Worm

A

Self-propagating malicious software that floods a network, causing a denial of service.

389
Q

WPA

A

WiFi Protected Access
The predecessor to WPA/2 that implemented TKIP.

390
Q

WPA2

A

WiFi Protected Access 2
The successor to WPA that incorporates AES-CCMP.

391
Q

WPS

A

WiFi Protected Setup
New clients may gain access by pushing a button.

392
Q

WTLS

A

Wireless TLS
A security layer for the Wireless Application Protocol.

393
Q

x.509v3

A

Scheme of identification document
Definition and structure for server, host, and personal identification.

394
Q

XaaS

A

Anything as a Service
A broad term that refers to accessing any type of service, large or small, via the internet and it is commonly associated with cloud computing.

395
Q

XML

A

Extensible Markup Language
A text-based language that defines the encoding of documents and data so that it is both human readable and machine readable, commonly associated with web services.

396
Q

XOR

A

Exclusive OR
A mathematical bit-wise operation, commonly employed in encryption.

397
Q

XSRF

A

Cross-site Request Forgery
An attack wherein a message is spoofed from a user to a trusted site.

398
Q

XSS

A

Cross-site Scripting
Web application attack that relies on malicious user, script input to steal information from other users.

399
Q

PAM

A

Privileged Access Management
The processes and technologies used to secure administrative or privileged accounts.