Security Definitions

Question 1

What is Information Security

Answer 1

Protection of info and resources from unauthorized access, attacks, thefts. or data

Question 2

What is Risk

Answer 2

Concept that indicates exposure to the chance of damage or loss

Question 3

What is a Threat

Answer 3

event or action that could potentially cause damage to asset

Question 4

What is a Vulnerability

Answer 4

Condition that leaves system open to harm

Question 5

What are Intrusions

Answer 5

attacker accesses computer system without the authorization to do so

Question 6

What are Attacks

Answer 6

exploit vulnerability in application or physical computer system without authorization to do so

Question 7

What are Controls

Answer 7

Countermeasures that you need to put in place to avoid, mitigate, or counteract security risks

Question 8

What is Non-Repudiation

Answer 8

party remains associated with data they created or transferred

Question 9

What is Identification

Answer 9

Ensuring the entity requesting access is true

Question 10

What is Authentication

Answer 10

method of validating particular entity credentials

Question 11

What is Authorization

Answer 11

determining rights and privileges of entity

Question 12

What is Access Control

Answer 12

Determining and assigning privileges to various resources, objects or data

Question 13

What is Accounting

Answer 13

Tracking/ recording system activities

Question 14

What is Auditing

Answer 14

examining logs of what was recorded

Question 15

What is Implicit Deny

Answer 15

not explicitly allowed is denied

Question 16

What is Least Privilege

Answer 16

user and software only access what they need

Question 17

What is Privilege Bracketing

Answer 17

given at beginning and taken away at end

Question 18

What is Separation of Duties

Answer 18

no one person has to much power of responsibility

Question 19

What is Job Rotation

Answer 19

no one stays in one job to long

Question 20

What is Mandatory Vacation

Answer 20

opportunity to review employee’s activities

Question 21

What are Time of Day Restrictions

Answer 21

What times users are allowed access

Question 22

What are Orphaned Accounts

Answer 22

user accounts remain active after employee has left

Question 23

What is Privilege Management

Answer 23

administration of user and group access control

Question 24

What is Cryptography

Answer 24

science of hiding info

Question 25

What is Encryption

Answer 25

converts data from plaintext to ciphertext

Question 26

What is Decryption

Answer 26

converts ciphertext to plaintext

Question 27

What is Quantum Cryptography

Answer 27

encryption based on quantum communication

Question 28

What are Ciphers

Answer 28

algorithm used to encrypt or decrypt data

Question 29

What is Steganography

Answer 29

hides info by hiding it in another file

Question 30

What are Keys

Answer 30

specific piece of info used to encrypt and decrypt

Question 31

What is Hashing Encryption

Answer 31

one-way encryption that transforms cleartext to ciphertext, not to be decrypted

Question 32

What is Symmetric Encryption

Answer 32

two-way encryption which both encrypt and decrypt use same key

Question 33

What is asymmetric encryption

Answer 33

using public and private keys

Question 34

What is a Key Exchange

Answer 34

keys transferred among users

Question 35

What is a Digital Signature

Answer 35

message digest that has been encrypted again with user’s private key

Question 36

What are Cipher Suites

Answer 36

Collection of algorithms used to establish secure connection

Question 37

What are Session Keys

Answer 37

Single-use key used for encrypting messages in a single series

Question 38

What is Key Stretching

Answer 38

Technique to strengthen weak cryptographic keys

Question 39

What are Social Engineering Attacks

Answer 39

uses deception and trickery to obtain data

Question 40

What is Spoofing

Answer 40

human or software attack to pretend to be someone else

Question 41

What is Impersonation

Answer 41

Human attack pretends to be someone else

Question 42

What is a Hoax

Answer 42

email attack using trickery to convince user to delete stuff

Question 43

What is Phishing

Answer 43

Email attack pretending to be a respected company

Question 44

What is vishing

Answer 44

Human attack to get info over phone

Question 45

What s Whaling

Answer 45

targets wealthy people and organizations

Question 46

What is URL hijacking

Answer 46

exploits typos in URL address

Question 47

What is Spam/ Spim

Answer 47

email attack floods inbox to deliver virsus. Spim is instant messenger

Question 48

What is shoulder surfing

Answer 48

someone looking over your shoulder to get info

Question 49

What is dumpster diving

Answer 49

looking in trash for info

Question 50

What is Tailgating

Answer 50

walking through portal behind someone

Question 51

What is a Electronic Activist

Answer 51

wants social change

Question 52

What is a data thief

Answer 52

blatantly steal resources

Question 53

What is a Script Kiddie

Answer 53

Novice looking to improve skill

Question 54

What is Electronic Vandal

Answer 54

do as much damage as possible

Question 55

what is a Cyberterrorist

Answer 55

disrupt system spread fear and panic

Question 56

What is a Malicious Code Attack

Answer 56

software attack where undesired software is inserted

Question 57

What is a Viruses

Answer 57

Code that spreads by attaching itself

Question 58

What is a Worm

Answer 58

Replicates itself but doesn’t attach

Question 59

What is Adware

Answer 59

software that downloads unwanted ads

Question 60

What is Spyware

Answer 60

Malicious software intended to track and report usage

Question 61

What is a Trojan Horse

Answer 61

hidden malware to cause damage to system or monitors/ control

Question 62

What are Rootkits

Answer 62

code intended to take full or partial control at lowest level

Question 63

What are Logic Bombs

Answer 63

code sits dormant until right event or time

Question 64

What are Botnets

Answer 64

set of infected computers allows attacker to collectively exploit

Question 65

What is Ransomware

Answer 65

code the restricts user access to computer or data

Question 66

What is Polymorphic Malware

Answer 66

Virus encryption when decrypted changes

Question 67

What are Armored Viruses

Answer 67

trick or shield themselves for antivirus software/ professionals

Question 68

What are Software Attacks

Answer 68

attack against resources

Question 69

What are Password Attacks

Answer 69

attempts to gain or use password illegitimately

Question 70

What is a Backdoor Attack

Answer 70

software created to find a backdoor

Question 71

What are Takeover Attacks

Answer 71

attacker assumes complete control

Question 72

What are Application Attacks

Answer 72

web-based client-server applications

Question 73

What is IP Port Scanning Attacks

Answer 73

scans computers connected to Internet, looking for listening and open ports

Question 74

What are Eavesdropping Attacks

Answer 74

Monitoring software to gain access to gain info

Question 75

What are Man-in-the-Middle

Answer 75

makes independent connection

Question 76

What are Replay Attacks

Answer 76

captured network traffic retransmitted later

Question 77

What are DoS Attacks

Answer 77

attempt to disrupt or disable system

Question 78

What is Session Hijacking

Answer 78

exploits computer in session to obtain info

Question 79

What is Peer-to-Peer Attacks

Answer 79

Malware propagated through P2P networks

Question 80

What is ARP Poisoning

Answer 80

IP address redirected to MAC address of choosing

Question 81

What is Transitive Access Attacks

Answer 81

members using data without authentication

Question 82

What are Rogue Access Points

Answer 82

unauthorized WAP on network

Question 83

What are Evil Twins

Answer 83

AP that fool users into believing the are legit

Question 84

What is Jamming

Answer 84

radio waves disrupt 802.11 signals

Question 85

What is Bluejacking

Answer 85

sending of unwanted Bluetooth signals

Question 86

What is Bluesnarfing

Answer 86

gain access to unauthorized info. Within 30 feet

Question 87

What is War Chalking

Answer 87

Marks indicating WAP

Question 88

What are Sinkhole Attacks

Answer 88

single node in which all traffic goes through

Question 89

What is Layered Security

Answer 89

uses different avenues of defense

Question 90

What is Defense in Depth

Answer 90

plan personnel training, policy adoption, physical protection, security strategies

Question 91

What is Data Security

Answer 91

security controls/ measures to keep data safe, accessible, prevent unauthorized access

Question 92

What are Data Security Vulnerabilities

Answer 92

cloud computing, lock of restricted access, lack of user awareness

Question 93

What are Hardware-Based Encryption Devices

Answer 93

cryptographic module called Hardware Security Module

Question 94

What is a Trusted Platform Module

Answer 94

cryptoprocessers create secure computing environment

Question 95

What is a Hardware Security Module

Answer 95

cryptoprocessor device attached to servers/ computers provide digital key

Question 96

What is Data at Rest

Answer 96

data that is stored, database, disk

Question 97

What is Data in Transit

Answer 97

Data moving across network

Question 98

What is Data in Use

Answer 98

data that is not at rest or in transit

Question 99

What is Big Data

Answer 99

Large complex data collections

Question 100

What is Patch Management

Answer 100

monitoring, obtaining, evaluating, testing, deploying. software patches/updates

Question 101

What is a Configuration baseline

Answer 101

minimum security requirements needed for app to be complete

Question 102

What is Application Hardening

Answer 102

Process used to configure a default app to prevent security threats/ vulnerabilities

Question 103

What is Patch Management

Answer 103

third-party software to ensure every app is running with latest security requirements/updates

Question 104

What is Input Validation

Answer 104

data entered in field or variable in app is within acceptable bounds

Question 105

What is Command Injection

Answer 105

attacker sends additional commands to app through unchecked input fields

Question 106

What is a stored attack

Answer 106

attacker injects malicious code or link into website

Question 107

What is a Reflected Attack

Answer 107

poses as legitimate user sends info to server

Question 108

What is a Cross-site request forgery attack

Answer 108

attacker takes advantage of trust between authorized user and website

Question 109

What is Fuzzing

Answer 109

testing method used to identify weaknesses in app by sending app random data

Question 110

What is Hardening

Answer 110

default configuration is altered to try and close vulnerabilities

Question 111

What is a trusted computing base

Answer 111

hardware, firmware. software responsible for ensuring security policy is implemented

Question 112

What is a Security Baseline

Answer 112

Collection of security/ configuration settings applied to host

Question 113

What is Application Blacklisting

Answer 113

practice of preventing apps you don’t want do to security issues

Question 114

What is Application Whitelisting

Answer 114

list of approved apps and only those can be installed

Question 115

What is Logging

Answer 115

record data about activity on computer

Question 116

What is Auditing

Answer 116

assessment of the security strengths and weaknesses

Question 117

What is Anti-malware Software

Answer 117

Protective software the scans for known viruses, Trojans, worms, and other malicious programs

Question 118

What is a Strong Password

Answer 118

Meets complexity requirements set by system admins

Question 119

What is a Web Security Gateways

Answer 119

utility primarily to intentionally block internal Internet access

Question 120

What is NetBIOS

Answer 120

interface that allows apps to properly communicate over different computers in a network

Question 121

What is a Directory Service

Answer 121

network service that stores identity info

Question 122

What is Lightweight Directory Access Protocol

Answer 122

it is an authentication service

Question 123

What is Tunneling

Answer 123

data transport that provides remote access in which data is encrypted/ encapsulated in another data packet

Question 124

What is HMAC based one-time password

Answer 124

algorithm that generates One-time passwords

Question 125

What is Timed HMAC based one-time password

Answer 125

adds a time based factor to HMAC

Question 126

What is Password Authentication Protocol

Answer 126

sends user ID’s and passwords as plaintext

Question 127

What is Challenge Handshake Authentication Protocol

Answer 127

encrypted protocol used to provide access control for remote servers

Question 128

What is Pretty Good Privacy (PGP)

Answer 128

publicly available email security utility that uses public Key cryptography

Question 129

What is GNU Privacy Guard (GPG)

Answer 129

open-source version of PGP provides equivalent encryption

Question 130

What is Kerberos

Answer 130

authentication service based on time-sensitive ticket granting system

Question 131

What is Security Assertion Markup Language (SAML)

Answer 131

data format used to exchange authentication info from server, service and identity provider

Question 132

What is Account Federation

Answer 132

linking single account across many different account management systems

Question 133

What are Digital Certificates

Answer 133

Electronic document that associates credentials with public key

Question 134

What is a Certificate Authority (CA)

Answer 134

Server that issues certificates

Question 135

What is Public Key Infrastructure (PKI)

Answer 135

System of CA’s, certificates, software, services

Question 136

What is Registration Authority (RA)

Answer 136

Responsible for verifying users’ identities and approving/ denying requests

Question 137

What is Certificate Repository Database (CRD)

Answer 137

Stores digital certificates

Question 138

What is Certificate Management System (CMS)

Answer 138

Provide software tools to perform day to day functions of PKI

Question 139

What is Certificate Signing Request (CSR)

Answer 139

Message sent to CA where resource applies for certificate

Question 140

What is Public Key Cryptography Standards (PKCS)

Answer 140

Common CSR format designed to send info over Internet in secure manner using PKI

Question 141

What is Root CA

Answer 141

Topmost CA in hierarchy and most trusted authority

Question 142

What are Subordinate CA’s

Answer 142

Any CA’s below the Root CA

Question 143

What is Key Escrow

Answer 143

Alternative to key backups, allows one or more third party access

Question 144

What is the M of N scheme

Answer 144

Mathematical Control takes into account number of key recovery agents along with number of agents required to perform key recovery. They must match

Question 145

What is Encrypting File System (EFS)

Answer 145

Uses Microsoft Windows NTFS-based public Key encryption

Question 146

What is Certificate Revocation List (CRL)

Answer 146

List of certificates that were revoked before expiration date

Question 147

What is Online Certificate Status Protocol (OCSP)

Answer 147

HTTP alternative to CRL for checking the status of revoked certificates

Question 148

What is Physical Security Controls

Answer 148

security measures that restrict, detect, and monitor assets

Question 149

What is Compliance

Answer 149

practice of ensuring requirements of legislation, regs, standards are met