Security+ 701 Acronyms Flashcards
3DES
Triple Digital Encryption Standard
Performs encryption in 3 rounds of the same algorithym.
802.1x
Switch Authentication
Standard for controlling access to intranet infrastructure devices.
Honeypot
Fake target
Used to identify and distract hackers.
AAA
Authentication, Authorization, and Accounting
Principle of verififying identity, capability, and use.
ABAC
Attribute-based Access Control
Granting accss based upon the characteristic of the subject, such as clearance level.
ACL
Access Control List
Restricting entry, based upon a listing of controls or permissions.
AES256
Advanced Encryption Standard 256bit
256 bit version of this algorithm is its highest level and is deemed uncrackable by brute force methods.
AH
Authentication Header
AH header transmits in clear text but authenticates and integrity checks each packet.
AI
Artificial Intelligence
Simulation of human intelligence and thinking in a machine, including adaptive learning and problem-solving.
AIS
Automatic Indicator Sharing
Automated sharing of threat information between organizations to enhance detection and response.
ALE
Annualized Loss Expectancy
Single loss expectancy times the annualized rate of occurrence.
ALG
Application Layer Gateway
Type of firewall able to inspect headers and payload in the upper protocol layers.
AP
Access Point
Infrastructure connection point for most wireless networks.
API
Application Programming Interface
Development tools used by programmers that have prebuilt functions with desired utility.
APT
Advanced Persistent Threat
Applications with advanced targeting, zero days and exfiltration techniques that are aimed at particular organizations or industries.
ARO
Annualized Rate of Occurrence
Most risk assessments track threats and attacks on an annualized basis.
ARP
Address Resolution Protocol
Given the IP address ARP will locate the MAC address.
ASLR
Address Space Layout Randomization
This randomizes the location of an application in memory making it harder for attackers to successfully perform the buffer overflow.
ASP
Application Service Provider
An organization provides access to its custom developed softeare, such as accounting or customer management.
Asymmetric key
Public key
The use of complementary values to disguise and then reveal information.
ATT&CK
Adversarial Tactics, Techniques, and Common Knowledge
A database of adversarial tactics and techniques that might be used to compromise systems organizations to enhance threat management.
AUP
Acceptable Use Policy
This policy is legally required, if HR wants to fire someone for misuse.
AV
Antivirus
Designed to identify malware, primarily based upon known patterns.
AV
Asset Value
This can be the replacement cost or income derived from something.
AZFSR
Zone transfer
The synchronization of name resolution information between a primary and secondary DNS server.
BASH
Bourne again shell
Bash is a UNIX and LINUX command interface and language.
BCP
Business Continuity Plan
The orderly planning for and management of threats and incidents to an organization.
BGP
Border Gatewar Protocol
BGP is for routing exterior traffic between autonomous systems/organizations.
BIA
Business Impact Analysis
This is the prerequisite for disaste recovery and continuity planning to identify potential losses.
BIOS
Basic Input / Output System
The now deprecated firmware based initialization code for booting a system.
BO
Buffer Overflow
Insertion of malicious computer instructions into the RAM of a host to accomplish denial of service or injecting shellcode.
BPA
Business Partners Agreement
This outlines the goals and responsibilities between entities pursuing a common work product.
BPDU
Bridge Protocol Data Unit
Key element in STP to prevent looping.
Brute Force
Brute Force Attack
Discovers a hash or encrypted secret by attempting all combinations and permutations.
BSSID
Basic Service Set IDentifier
This is the MAC that a wireless device is attached to.
BYOD
Bring Your Own Device
The organization compensates the individual for use of their phone in organizational activities.
C2
Command and Control
Servers that are centrally placed the hold control instructions for illicitly managed hosts.
CA
Certificate Authority
This entity issues certificates. After verifying them, and is the center of trust in PKI.
CAC
Common Access Card
A form of identification with photograph, barcode, RFIC and cryptographic storage of private key information.
CAPTCHA
Completely Automated Public Turning Test to Tell Computer and Humans Apart
CAR
Corrective Action Report
A document generated when the defect or error has been detected that has the goal of eliminating a reoccurrence.
CASB
Cloud Access Security Broker
A software resource place between users and cloud applications that monitors and enforces policy-based access to cloud resources.
CBC
Cipher Block Chaining
Each plaintext block is XORed (see XOR) with the immediately previous ciphertext block.
CBT
Computer-Based Training
Courseware or lessons that are delivered via a computer, commonly used for at home and corporate training.
CCMP
Counter-Mode / CBC-MAC Protocol
Each plaintext block is XORed (see XOR) with the immediately previous ciphertext block that includes a message authentication code.
CCTV
Closed-circuit TV
Allows monitoring and recording of activities in an area.
CER
Certificate
A generic term for a document that facilitates authentication.
CER
Cross-over Error Rate
The point at which false acceptances are equal to false rejection.
CERT
Computer Emergency Response Team
A multi-discipline group designated to handle IT incidents.
CFB
Cipher Feedback
A mode of operation for a block of cipher.
CHAP
Challenge Handshake Authentication Protocol
Commonly used by routers and has several derivatives in use by Microsoft for authentication.
CIA
Confidentiality Integrity Availability
The security triad.
CIO
Chief Information Officer
The most senior official in an organization responsible for the information technology and systems that support enterprise.
CIRT
Computer Incident Response Team
A group that investigates and resolves IT security problems.
CIS
Center for Internet Security
Its mission is to identify, develop, promote, and lead the world with regard to best practices for cybersecurity solutions.
CMP
Change Management Policy
An organizational process designed to facilitate making changes to organizational resoures in such a way that they are identifiable, auditable, and orderly.
CMS
Content Management System
These are applications that facilitate the creation, editing, publishing, and archival or web pages and content.
CN
Common Name
An identifying name that may be applied to a directory resource, such as a uder, server, or other object.
COOP
Continuity of Operations Plan
Ensuring that vital and primary mission essential functions continue to run, even in the face of emergencies.
COPE
Corporate Owned, Personally Enabled
Smart phones owned by the organization but approved for personal use.
CP
Contingency Planning
Procedures to follow in the event of a catastrophic incident, even though it may be unlikely.
CRC
Cyclical Redundancy Check
An error checking code, used in digital technology primarily to identify accidental changes to data.
CRL
Certificate Revocation List
This is maintained by a certificate authority to identify certificates associated with compromise or lost private keys.
CSA
Cloud Security Alliance
a nonprofit organization that promotes best practices in security for cloud-based computing.
CSIRT
Computer Security Incident Response Team
Information technology personnel whose purpose is to prevent, manage, and coordinate actions about security incidents.
CSO
Chief Security Officer
An executive position in charge of policy and programs to reduce risk in an organization.
CSP
Cloud Service Provider
An organization that provides cloud-based access to infrastructure, storage, and/or applications.
CSR
Certificate Signing Request
Created by an applicant seeking to gain a certificate from an authority.
CSRF
Cross-site Request Forgery
An attack wherein a message is spoofed from a user to a trusted site.
CSU
Channel Service Unit
A connecting device used to link an organization to telco-based T-services.
CTO
Chief Technology Officer
The executive person tasked with identifying useful technology, IT strategies and partnerships.
CTOS
Centralized Terminal Operating System
Legacy Management
CTR
Counter
This form of encryption is used by AED to perform streaming encryption.
CVE
Common Vulnerabilities and Exposures
A database of known and published software flaws that may impact security that is managed by MITRE.
CYOD
Choose Your Own Device
In this mode of control and acquisition, an employee chooses a device from a company provided list. Ownership may be personal or organization.
DAC
Discretionary Access Control
The creator has all control over an asset and access to it. The default form of access for Windows.
DBA
Database Administrator
This role is filled by personnel capable of managing automated and large infromation repositories.
DDoS
Distributed Denial of Service
This attack methodology involves a multitude of remotely controlled devices focusing upon a single target.
DEP
Data Execution Prevention
An operating system memory management technique that prevents user data from overlapping into computer instructions.
DER
Distinguished Encoding Rules
A commonly used method of encoding the data that makes up the certificate using ASN.1.
DES
Digital Encryption Standard
The first US government standard for symmetric encryption. It has a 56 bit key.
DHCP
Dynamic Host Configuration Protocol
This is an extension of BOOTP and is used to dynamically allocate IPs.
DHE
Diffie-Hellman Ephemeral
This is a key exchange algorithm that enhances confidentiality by discarding the session keys after use.
DKIM
Domain Keys Identified Mail
A messaging secyruty standard designed to facilitate non-repudiation between sender and receiver.
DLL
Dynamic Link Library
These files are not directly executed but are called up by an application when certain additional functions or libraries are needed.
DLP
Data Loss Prevention
Strategies and applications that prevent data theft or illicit access.
DMARC
Domain Message Authentication Reporting and Conformance
This is an email security standard designed to allow domains to protect themselves from unauthorized use and spoofing.
DMZ
Demilitarized Zone
The permiter area where the outside world may access certain services.
DNAT
Destination Network Address Translation
The initial destination of a packet as it enters a NET system to be redirected to another destination.
DNS
Domain Name Service (Server)
An application that handles symbolic name to address mappings, as well as the reverse.
DNSSEC
Domain Name System Security Extensions
An array of tools devised by the IETF to secure DNS transactions.
DoS
Denial of Service
A one on one attack that causes access or utility to cease.
DPO
Data Protection Officer
A senior officer responsible for an organization’s data protection strategies and compliance.
DRP
Disaster Recovery Plan
The immediate plans for recovery of operations or services in the event of a catastrophic incident.
DSA
Digital Signature Algorithm
An algorithm created by the NSA to implement non-repudiation.
DSL
Digital Subscriber Line
High-speed Internet conductivity based upon existing infrastructure for telephones.
EAP
Extensible Authentication Protocol
A derivative of PPP used by wired and wireless networks to validate connections.
ECB
Electronic Code Book
A mode of symmetric encryption that divides the message into each block and encrypts them separately.
ECC
Elliptic Curve Cryptography
An algorithm commonly used for key exchange that relies upon geometric complexities.
ECDSA
Elliptic Curve Digital Signature Algorithm
This signing technique employs the complexities of geometry, instead of factoring prime numbers.
ECHDE
Elliptic Curve Diffie-Hellman Ephemeral
Used to negotiate a temporary shared secret using a public and private key.
EDR
Endpoint Detection Response
An intranet technology designed to protect access to the infrastructure, identify threats and quarantine known offenders.
EF
Exposure Factor
Typically referenced as a percentage of value indicating value lost from one attack.
EFS
Encrypted File System
A cryptosystem built into Microsoft that allows selective encryption.
EIP
Extended Instruction Pointer
A programming concept that points an application to the bottom or next step in execution.
EMI
Electromagnetic Interference
Typically associated with accidental radiation of signals that interfere with IT systems.
EMP
Electro Magnetic Pulse
Large and significant discharge of signals that can create a denial of service in transmission and storage.
EOL
End of Life
This term identifies when a product has reached the end of its useful life according to the vendor.
ERP
Enterprise Resource Planning
Business process management integrated into multiple aspects of an organization, its services, and human resources.
ESN
Electronic Serial Number
n identifying number created by the Federal Communications Commission to uniquely identify mobile devices and radios.
ESP
Encapsulated Security Payload
A header used in IPSEC to create confidentiality.
EULA
End User License Agreement
FACL
File System Access Control List
This is creating filters or restrictions on disk storage.
FAR
False Acceptance Rate
When biometrics malfunction, incorrectly granting permissions.
FDE
Full Disk Encryption
Enforcing confidentiality across the entire storage device.
FIM
File Integrity Monitoring
A defensive control designed to assess or validate the integrity of files, such as Tripwire.
FPGA
Field Programmable Gate Array
An integrated circuit or chip that may be revised or configured after manufacture.
FRR
False Rejection Rate
A biometric measurement, indicating the rate at which authorized personnal are forbidden access.
FTP
File Transfer Protocol
A file management application designed to insecurely upload and download files.
FTPS
File Transfer Protocol - Secure
A relative of the HTTPS implemented in the same way with certificates and key exchange.
Full BU
Full Backup
It moves files to alternative media that regardless of whether the archive bit is set, and then it clears it.
GCM
Galois Counter Mode
Useful for protecting packet data as it has little latency and minimum operation overhead.
GDPR
General Data Protection Regulation
A law from the EU that directs protection and privacy of personal information.
GPG
Gnu Privacy Guard
The free ancarnation of a popular cryptosystem, commonly used to secure email.
GPO
Group Policy Object
A feature of Windows that provides centralized management of configuration and settings.
GPS
Global Positioning System
A satellite-based protocol that can closely identify the location or asset.
GPU
Graphic Processing Unit
These processors have an alternate use in discovering keys and cracking.
GRE
Generic Routing Encapsulation
An old and standard protocol that inserts one packet within another.
HA
High Availability
Ensuring that system uptime extends longer than what is normally would.
HIDS
Host-based Intrusion Detection System
A defensive application that identifies anomalous or malicious activities with a device.
HIPS
Host-based Intrusion Prevention System
A defensive application that prevents anomalous or malicious activities within a device.
HMAC
Hashed Message Authentication Code
Implementing non-repudiation via an exchanged value and hashing.
Honeynet
Honeypot network
A sophisticated system designed to locate, discover, distract and otherwise observe malicious behavior.
Host Firewall
Software firewall
The last line of defense for a system against a malicious intranet host.
HOTP
HMAC-based One-Time Password
Performs authentication by requiring a user to enter a system generated code into a hashing or calculating algorithm that produces a response.
HSM
Hardware Security Module
These key management systems are ideally suited for automated private key transactions that require strong security.
HDD
Hard Disk Drive
A mass storage system, typically implemented with spinning platters and heads that perform reading and writing.
HTML
Hypertext Markup Language
The scripting used by browsers to interpret and display content.
HTTP
Hypertext Transfer Protocol
The means by which HTML and images are viewed and accessed by browsers.
HTTPS
Hypertext Transfer Protocol over SSL/TLS
Performing HTTP over an encrypted channel.
HVAC
Heating, Ventilation and Air Conditioning
The heating, cooling, and other environmental aspects of a building.
IaaS
Infrastructure as a Service
Implementing cloud-based networks, servers, and other infrastructure.
IaC
Infrastructure as Code
Management and provisioning of infrastructure systems and divides by code and settings versus manual and physical means.
IAM
Identity and Access Management
The policies, procedures, and technologies that facilitate ensuring that only the appropriate personnel have access to resources in an organization.
ICMP
Internet Control Message Protocol
A multifunctional protocol designed to perform network testing and report errors.
ICS
Industrial Control Systems
Semi-intelligent devices used to control industrial or scientific equipment from central consoles.
IDEA
International Data Encryption Algorithm
This is a symmetric cipher that is block-oriented, with the key size of 128 bits.
IDF
Intermediate Distribution Frame
The wiring panels linked by risers between floors to perform cross-connection.
IdP
Identity Provider
A service that contains subjects and can perform centralized authentication on behalf of service providers.
IDS
Intrusion Detection System
A generic term referring to generating alerts for malicious activity.
IEEE
Institute of Electrical and Elctronic Engineers
The mission of the IEEE is to promote and develop technological advances for the benefit of humanity.
IKE
Internet Key Exchange
This is used prior to IPSEC for the nefotiation, exchange, and management of symmetric key information.
IM
Instant Messaging
A class of online chat that offers real-time transmission of messages over the Internet and local area networks.
IMAP4
Internet Message Access Protocol v4
This applications listens on TCP/143 and it is clear text form.
IoC
Indicators of Compromise
Artifacts and other forensic data that may be used to identify illicit activity, malware and data breaches.
IoT
Internet of Things
A reference to network devices that typically have little defensive capability.
IP
Internet Protocol
A layer 3 system for addressing, fragmenting, reassembly and delivery of datagrams.
IPSec
Internet Protocol Security
Generally considered the most secure remote access protocol.
IR
Incident Response
A generic reference to steps to be taken after specific adverse events occur.