Security+ Glossary Flashcards
1
Q
layered security
A
An approach to operational security that incorporates many different avenues of defense
2
Q
security auditing
A
The act of performing an organized technical assessment of the security strengths and weaknesses of a computer system to ensure that the system is in compliance
3
Q
deep web
A
Those portions of the World Wide Web that are not indexed by standard search engines.
4
Q
application whitelisting
A
The practice of allowing approved programs to run on a computer computer network or mobile device
5
Q
stream cipher
A
A relatively fast type of encryption that encrypts data one bit at a time
6
Q
protocol analyzer
A
This type of diagnostic software can examine and display data packets that are being transmitted over a network
7
Q
aggregation switch
A
A network device that combines switches together in a network.
Enhances redundancy and increases bandwidth.
8
Q
VM sprawl
A
One of 3 virtualization risks
Situation where the number of virtual machines exceeds the organization’s ability to control or manage all of those virtual machines
9
Q
X.509
A
A standard for formatting digital certificates that defines the structure of a certificate with the information that was provided in a CSR
10
Q
controls
A
Countermeasures that avoid mitigate or counteract security risks due to threats and attacks
11
Q
packet analyzer
A
A device or program that monitors network communications on the network wire or across a wireless network and captures data
12
Q
endpoint protection
A
Software that incorporates anti-malware scanners into a larger suite of security controls
13
Q
DSU
A
Data Service Unit
Device used to establish connectivity between a LAN and a WAN.
14
Q
static code analysis
A
The process of reviewing source code while it is in a static state i.e. it is not executing
15
Q
incremental backup
A
A backup type in which all selected files that have changed since the last full or incremental backup (whichever was most recent) are backed up
16
Q
access recertification
A
A security control where user access privileges are audited to ensure they are accurate and adhere to relevant standards and regulations.
17
Q
rule-based access control
A
A non-discretionary access control technique that is based on a set of operational rules or restrictions
18
Q
model verification
A
The process of evaluating how well a software project meets the specifications that were defined earlier in development
19
Q
XTACACS
A
An extension to the original TACACS protocol
20
Q
COBIT 5
A
A framework for IT management and governance created by ISACA
21
Q
stress testing
A
A software testing method that evaluates how software performs under e.xtreme load
22
Q
data retention
A
The process of maintaining the existence of and control over certain data in order to comply with business policies and/or applicable laws and regulations
23
Q
whitelisting
A
The practice of allowing approved progran1s to run on a computer computer network or mobile device
24
Q
prevention
A
The security approach of blocking unauthorized access or attacks before they occur
25
data at rest
Information that is primarily stored on specific media rather than moving from one medium to another
26
recovery agent
An individual with the necessary credentials to decrypt files that were encrypted by another user
27
spatial database
A collection of information that is optimized for data that represents objects contained in a geometric space
28
stateful firewall
A firewall that tracks the active state of a connection and can make decisions based on the contents of a network packet as it relates to the state of the connection
29
least privilege
The principle that establishes that users and software should have the minimal level of access that is necessary for them to perform the duties required of them
30
proxy
A device that acts on behalf of one end of a network connection when communicating with the other end of the connection
31
secure IMAP
A version of the Internet Message Access Protocol that uses SSL or TLS to provide secure communications between a mail client and the mail server
32
stateless firewalI
A firewall that does not track the active state of a connection as it reaches the firewall
33
anti-spam
A program that will detect specific words that are commonly used in spam messages
34
versioning
The practice of ensuring that the assets that make up a project are closely managed when it comes time to make changes
35
airgap
A physical security control that provides physical isolation.
Systems separated by an air gap typically don't have physical connections to other systems.
36
networking enumerator
A device or program that can identify the logical topology of a network to reveal its connection pathways
37
VPN concentrator
A single device that incorporates advanced encryption and authentication methods in order to handle a large number of VPN tunnels
38
flood guard
A security control in network switches that protects hosts on the switch against SYN flood and ping flood DoS attacks.
39
OCSP stapling
A method of checking the status of digital certificates where a web server queries the OCSP server at specific .intervals and the OCSP server responds by providing a time stamped digital signature. The web server appends this signed response to the SSL/TLS handshake with the client so that the client can verify the certificate's status
40
anti-malware software
A category of software programs that scan a computer or network for known viruses Trojans worms and other malicious software.
41
shimming
The process of developing and implementing additional code between an application and the operating system to enable functionality that would otherwise be unavailable
42
loss controls
Security measures implemented to prevent key assets from being damaged
43
scheduling
A method used by load balancers to determine which devices should have traffic muted to them
44
hardening
A security technique in which the default configuration of a system is altered to protect the system against attacks
45
data in use
Information that is currently being created deleted read from or written to
46
DevOps
A combination of software development and systems operations and refers to the practice of integrating one discipline with the other
47
intranet
A private network that is only accessible by the organization's own personnel
48
business continuity
A collection of processes that enable an organization to maintain normal business operations in the face of some adverse event.
49
reverse engineering
The practice of deconstructing software into its base components so that its properties are easier to understand
50
router
A device that connects multiple networks that use the same protocol
51
continuous monitoring
The practice of Constantly scanning an environment for threats vulnerabilities and other areas of risk
52
anomaly-based monitoring
A network monitoring system that uses a baseline of acceptable outcomes or event patterns to identify events that fall outside the acceptable range.
53
supply chain
The end-to-end process of supplying manufacturing distributing and finally releasing goods and services to a customer
54
auditing
The portion of accounting that entails security professionals examining logs of what was recorded.
55
sanitization
A data disposal method that completely removes all data from a storage medium at the virtual level
56
data sovereignty
The sociopolitical outlook of a nation concerning computing technology and information
57
technical controls
Hardware or software installations that are implemented to monitor and prevent threats and attacks to computer systems and services
58
fault tolerance
The ability of a computing environment to withstand a foreseeable component failure and continue to provide an acceptable level of service
59
privilege management
The use of authentication and authorization mechanisms to provide an administrator with centralized or decentralized control of user and group role-based privilege management
60
honeynet
An entire dummy network used to lure attackers
61
device
A piece of hardware such as a. computer server printer or smartphone
62
resource exhaustion
A software vulnerability that can occur when software does not properly restrict access to requested or needed resources
63
application blacklisting
The practice of preventing undesirable programs from running on a computer computer network or mobile device
64
security framework
A conceptual structure for security operations within the organization
65
security assessment
The process of testing security controls through a comprehensive set of techniques aimed at exposing any weaknesses or gaps in your tools technologies services and operations
66
standard
A document that defines how to measure the level of adherence to a policy.
67
administrative controls
# Define the human factor(s) of security.
They use methods mandated by organizational policies or other guidelines. This includes:
* Security education training and awareness programs
* **Acceptable use** policies
* Risk and vulnerability assessments
* Penetration testing
* **Bring your own device** (BYOD) policies
* Password management policies
* Incident response plans (which will leverage other types of controls)
* Personnel management controls (recruitment, account generation, etc.).
68
agile
A software development life cycle model that focuses on the collaborative interaction between customers, developers, and testers
Compare with **waterfall**.
69
honeypot
A security tool used to lure attackers away from the actual network components. Also called a decoy or sacrificial lamb
70
directory service
A network service that stores identity information about all the objects in a particular network inchiding users groups servers client computers and printers
71
differential backup
A backup type in which all selected files that have changed since the last full bach-up are backed up
72
malware sandboxing
The practice of isolating malware in a viitual environment where it can be safely analyzed without compromising production systems or the rest of the network
73
data security
The security controls and measures taken to keep an organization's data safe and accessible and to prevent unauthorized access to it
74
first responder
The first experienced person or team to arrive at the scene of an incident
75
embedded system
A computer hardware and software system that has a specific function within a larger system
76
identity federation
The practice of linking a single identity across multiple disparate identity management systems
77
baseline report
A collection of security and configuration settings that are to be applied to a particular system or network in the organization.
78
Personal Identity Verification card
A smart card that meets the standards for FIPS 201 in that it is resistant to tampering and provides quick electronic authentication of the card's owner
79
network segregation
The general practice of keeping networks separate from one another.
80
hotfix
A patch that is often issued on an emergency basis to address a specific security flaw
81
collision
The act of two different plain text inputs producing the same exact cipher-text output
82
affinity
A scheduling approach used with load balancers.
Uses client's IP address to ensure the client is redirected to the same server during a session.
83
fuzzing
A dynamic code analysis technique that involves sending a running application random and unusual input so as to evaluate how the app responds
84
telephony
Technology that provides voice and video communications through devices over a distance
85
warm site
A location that is dormant or performs non critical functions under normal conditions but which can be rapidly converted to a key operations site if needed
86
SSL/TLS accelerator
A hardware interface that helps offload the resource-intensive encryption calculations in SSL/TLS to reduce overhead for a server
87
separation of duties
Security principle that prevents any signle person or entity from controlling all the functions of a critical or sensitive process.
Designed to prevent fraud, theft, and errors
88
keystroke authentication
A type of authentication that relies on detailed information that describes exactly when a keyboard key is pressed and released as someone types information into a computer or other electronic device
89
antispoofing
A technique for identifying and dropping packets that have a false source address.
In a spoofing attack, the source address of an incoming packet is changed to make it appear as if it is coming from a known, trusted source.
90
deciphering
The process of translating ciphertext to plaintext
91
network adapter
Hardware that translates the data between the network and a device
92
VM escape
One of 3 virtualization risks
An attack that allows attacker to access host system from within virtual system.
Attacker can run code on virtual system and interact with hypervisor
Successful attack can give attacker unlimited control over host system and each VM
Important to keep patch levels current on both physical and virtual servers
93
privilege bracketing
The task of granting privileges to a user only when needed and revoking them as soon as the task is done
94
snapshot
The state of a virtual machine at a specific point in time
95
captive portal
A web page that a client is automatically directed to when connecting to a network usually through public WI-FI.
96
network loop
The process of multiple connected switches bouncing traffic back and forth for an indefinite period of time
97
information security triad
The three basic principles of security control and management: confidentiality integrity and availability. Also known as the CIA triad, information security triad or triple triad
98
token
An authentication device or file. A hardware token is a physical device used in something you have a factor of authentication. A software token is a small file used by authentication services to indicate a user has logged on.
99
normalization
A software development technique that tries to repair invalid input to strip any special encoding and automatically convert the input to a specific format that the application can handle
100
immutable system
System that cannot be changed
Once it's created and tested then deplyed into a production environment
Example: creation of a secure image of a server for specific purpose that is deployed as an immutable system to ensure it stays secure
101
message digest
The value that results from hashing encryption. Also known as hash value or message digest
102
anti-spyware
Software that is specifically designed to protect systems against spyware attacks
103
rooting
The process of enabling root privileges on an Android device
104
behavior-based monitoring
A network monitoring system that detects changes in normal operating data sequences and identifies abnormal sequences.
105
account policy
Document that specifies an organization's requirements for managing accounts
106
firewall
A software or hardware device that protects a system or network by blocking unwanted network traffic
107
hot site
A fully configured alternate network that can be online quickly after a disaster
108
private root CA
A root CA that is created by a company for use primarily within the company itself
109
correction controls
A security mechanism that helps mitigate the consequences of a threat or attack from adversely affecting the computer system
110
recovery
The act of recovering vital data present in files or folders from a crashed system or data storage devices when data has been compromised or damaged
111
Wi-Fi Direct
Technology that enables two mobile devices to connect to each other without a wireless access point
112
security through obscurity
The practice of attempting to hide the existence of vulnerabilities from others
113
microcontroller
An embedded systems component that consolidates the functionality of a CPU memory module and peripherals. Also known as system on chip (SoC)
114
asset management
The process of taking inventory of and tracking all of an organization's objects of value.
115
spam
An email-based threat that floods the user's inbox with emails that typically carry unsolicited advertising material for products or other spurious content and which sometimes deliver viruses. It can also be utilized within social networking sites such as Facebook and Twitter
116
signature-based monitoring
A network monitoring system that uses a predefined set of rules provided by a software vendor or security personnel to identify events that are unacceptable
117
bridge
A device similar to a switch that has one port for incoming traffic and one port for outgoing traffic.
118
compliance
The practice of ensuring that the requirements of legislation regulations industry codes and standards and organizational standards are me
119
elasticity
The property by which a computing environment can instantly react to both increasing and decreasing demands in workload
120
persistence
A penetration testing technique where the tester has concluded the initial exploitation and is now interested in maintaining access to the network
121
cellular network
A connection method that enables mobile devices to connect to wireless transceivers in fixed locations all over the world.
122
biometrics
Authentication schemes based on individuals' physical characteristics.
123
load balancer
A network device that distributes the network traffic or computing workload among multiple devices in a network
124
packet sniffing
An attack on wireless networks where an attacker captures data and registers data flows in order to analyze what data is contained in a packet
125
session key
A single-use symmetric key used for encrypting all messages in a series of related communications
126
identification
The process of claiming some information about the nature of a paiticular entity
127
trust model
A single CA or group of CAs that work together to issue digital certificates
128
geotagging
The process of adding geographic location metadata to captured media such as pictures or videos
129
CIA triad
The three basic principles of security control and management: confidentiality integrity and availability. Also known as the information security triad or triple.
130
shibboleth
An identity federation method that provides single sign-on capabilities and enables websites to make informed authorization decisions for access to protected online resources
131
media
A method that connects devices to the network and carries data between devices.
132
mutual authentication
A security mechanism that requires that each party in a communication verifies the identity of every other party in the communication
133
network-based firewalls
A hardware/ software combination that protects all the computers on a network behind the firewall
134
input validation
Limits what data a user can enter into specific fields like not allowing special characters in a user name field
135
grey box test
A penetration test where the tester may have knowledge of internal architectures and systems or other preliminary information about the system being tested
136
plaintext
Un-Encrypted data that is meant to be encrypted before it is transmitted or the result of decryption of encrypted data
137
impersonation
A type of social engineering in which an attacker pretends to be someone they are not typically to pretend to be average user in distress or a help desk representative
138
blacklisting
The practice of preventing undesirable programs from running on a computer computer network or mobile device
139
virtualization
Technology that allows you to host multiple virtual machines on a single physical system
Different types include:
* Type I
* Type II
* Container
140
network isolation
The general practice of keeping networks separate from one another
141
Telnet
A network protocol that enables a client to initiate remote command access to a host over TCP/ IP
142
MD5
A hash algorithm based on RFC 1321 that produces a 128-bit hash value and is used in IPSec policies for data authentication
143
private key
The component of asymmetric encryption that is kept secret by one party during two-way encryption
144
three-way handshake
The process by which a TCP connection is completed between two hosts where a host sends a SYN packet to the host it needs to communicate with that host sends a SYN ACK packet back and the originating host sends an ACK packet to complete the connection
145
degaussing
A data disposal method that applies a strong magnetic force to a disk drive so that it loses its magnetic charge and is rendered inoperable.
146
detection controls
A security mechanism that helps to discover if a threat or vulnerability has entered into the computer system
147
implicit deny
The principle that establishes that everything that is not explicitly allowed is denied
148
protocol
Software that controls network communications using a set of rules
149
security control types
Security controls implementation:
* Technical: use technology
* Administrative: use administrative or management methods
* Physical: controls you can physically touch
Security control goals:
* Preventitive
* Detective
* Corrective
* Deterrent
* Compensating
150
transitive trust
A principle in which one entity implicitly trusts another entity because both of them trust the same third party
151
self-signed certificate
A type of digital certificate that is owned by the entity that signs it
152
defense in depth
A more comprehensive approach to layered security that also includes non-technical defenses like user training and physical protection
153
succession plan
A documented plan that ensures that all key business personnel have one or more designated backups who can perform critical functions when needed
154
cloud computing
A method of computing that involves real-time communication over large distributed networks to provide the resources software data and media needs of a user business or organization
155
sideloading
The practice of directly installing an app package on a mobile device instead of downloading it through an app store
156
disaster recovery
A major component of business continuity that focuses on repairing reconstructing restoring and replacing systems personnel and other
157
rollup
A collection of previously issued patches and hot fixes usually meant to be applied to one component of a system such as the web browser or a particular service
158
non-persistence
The property by which a computing environment is discarded once it has finished its assigned task
159
remote lockout
A security method of restricting access to sensitive data on a device without deleting it from memory
160
order of volatility
The order in which volatile data should be recovered from various storage locations and devices after a security incident occurs
161
detection
The act of determining if a user has tried to access unauthorized data or scanning the data and networks for any traces left by an intruder in any attack against the system.
162
scalability
the property by which a computing environment is able to gracefully fulfill its ever- increasing resource needs
163
grey hat
A hacker who exposes security flaws in applications and operating systems without consent but not ostensibly for malicious purposes
164
accountability
The process of determining who to hold responsible for a particular activity or event.
165
schema
A set of rules in a directory service for how objects are created and what the.r characteristics can be
166
heuristic monitoring
A network monitoring system that uses known best practices and characteristics in order to identify and fix issues within the network
167
secure boot
A UEFI feature that prevents unwanted processes from executing during the boot operation
168
non-repudiation
The security goal of ensuring that the party that sent a transmission or created data remains associated with that data and cannot deny sending or creating that data
169
credential manager
An application that stores passwords in an encrypted database for easy retrieval by the appropriate user
170
access control
The process of determining and assigning privileges to resources objects and data.
171
Faraday cage
A wire mesh container that blocks external electromagnetic fields from entering into the container
172
tunneling
A data-transport technique in which a data packet is encrypted and encapsulated in another data packet in order to conceal the info1mation of the packet inside
173
application container
A virtualization method where applications run in isolated containers on the host operating system instead of in separate VM's
AKA application cell or container virtualization
174
waterfall model
A software development model where the phases of the SDLC cascade so that each phase will start only when all tasks identified in the previous phase are complete
175
guideline
Suggestions recommendations or best practices for how to meet a policy standard
176
tabletop exercise
A discussion-based session where disaster recovery team members discuss their roles in emergency situations as well as their responses to particular situations
177
protected distribution
A method of securing the physical cabling of a communications infrastructure
178
stored procedure
One of a set of pre-compiled database statements that can be used to validate input to a database
179
NIST 800 Series
Publications by the National Institute of Standards and Technology (NIST) that focus on computer security standards
180
accounting
The process of tracking and recording system activities and resource access.
181
change management
The process of approving and executing change in order to assure maximum security stability and availability of IT services.
182
scale up
The process of increasing the power of existing resources to achieve scale ability
183
version control
The practice of ensuring that the assets that make up a project are closely managed when it comes time to make changes
184
root of trust
Technology that enforces a hardware platform's trusted computing architecture through encryption mechanisms designed to keep data confidential and to prevent tampering
185
incident report
A description of the events that occurred during a security incident
186
smart card
A device similar to a credit card that can store authentication information such as a user's private key on an embedded microchip
187
distribution frame
A passive device which terminates cables allowing arbitrary interconnections to be made.
188
MAC filtering
The security technique of allowing or denying specific MAC addresses from connecting to a network device.
189
switch
A device that has multiple network ports and combines multiple physical network segments into a single logical network
190
smart device
An electronic device other than a typical computer that is connected to a network and has some computing properties
191
enciphering
The process of translating plain-text to cipher-text
192
M04
A hash algorithm based on RFC 1320 that produces a 128-bit hash value and is used in message integrity checks for data authentication
193
false positive
Something that is identified by a scanner or other assessment tool as being a vulnerability when in fact it is not
194
pointer dereference
A software vulnerability that can occur when the code attempts to remove the relationship between a pointer and the thing it points to (pointee). If the pointee is not properly established the dereferencing process may crash the application and corrupt memory
195
OpenlD
An identity federation method that enables users to be authenticated on cooperating websites by a third-party authentication service
196
network segmentation
The division of a large network into smaller logical networks
197
active-active
A redundancy mode used by load balancers to router traffic through primary (active) Load balancer is on standby in case of failure of the active device
198
directory traversal
An application attack that allows access to commands files and directories that may or may not be connected to the web document root directory
199
geolocation
The process of identifying the real-world geographic location of an object often by associating a location such as a street address with an IP address hardware address Wi-Fi positioning system GPS coordinates or some other form of information
200
information security
The protection of available information or information resources from unauthorized access attack theft or data damage
201
failover
A technique that ensures a redundant component device or application can quickly and efficiently take over the functionality of an asset that has failed
202
active directory
the standards-based directory service from Microsoft that runs on Microsoft Windows servers.
203
pop-up blocker
Software that prevents pop-ups from sites that are unknown or untrusted and prevents the transfer of unwanted code to the local system
204
gain
The reliable connection range and power of a wireless signal measured in decibels
205
sniffer
A device or program that monitors network communications on the network wire or across a wireless network and captures data
206
active-passive
A redundancy mode used by load balancers to route traffic equally through two load balancers. balancers to route traffic through a primary (active) load balancer while the other (passive) load balancer is on standby in case of failure of the active Device
207
chain of custody
The record of evidence history from collection to presentation in court to disposal.
208
geofencing
The practice of creating a virtual boundary based on real-world geography
209
risk register
The record of risk information as represented in tables or graphs
210
management controls
Procedures implemented to monitor the adllerence to organizational security policies
211
integrity
The fundamental security goal of keeping organizational information accurate free of errors and without unauthorized modifications
212
infrastructure as code (IaC)
The process of managing and provisioning computer data centers through machine-readable definition files rather than physical hardware configuration or interactive configuration tools.
213
port
An endpoint of a logical connection that host computers use to connect to processes or services on other hosts
214
local shared object (LSO)
Commonly called a Flash cookie (due to its similarity with an HTTP cookie) is a piece of data that websites which use Adobe Flash may store on a user's computer.
215
procedure
Step-by-step instructions that detail how to implement components of a policy
216
storage segmentation
The practice of compartmentalizing different types of data on one or more storage media such as isolating a mobile device's OS and base apps from the apps and data added by the user
217
patch
A small unit of supplemental code meant to address either a security problem or a functionality flaw in a software package or operating system
218
IPv6
(IP version 6) An Internet standard that increases the available pool of IP addresses by implementing a 128-bit binary address space.
219
stealth scan
A type of port scan that identifies open ports without completing the three-way handshake
220
black box test
A penetration test where the tester is given no information about the system being tested.
221
data in transit
Information that primarily moves from medium to medium such as over a private network or the Internet
222
cookie
A piece of data-such as an authentication token that is sent by a website to a client and stored on the client's computer
223
subdomain
In DNS a logical division of an organizational domain such as sales.develetech.com
224
IS0/IEC 27001
A standard model for information systems management practices created by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC)
225
ROT13
A simple substitution cipher that replaces a letter with the letter that is 13 letters after it in the alphabet
226
code review
An evaluation used to identify potential weaknesses in an application
227
damage controls
Security Measures implemented to prevent key assets from being damaged
228
ad hoc (wireless)
A decentralized connection mode used by wireless devices without relying on a pre-existing infrastructure, such as routers (wired networks) or access points (wireless networks).
229
live boot
The process of booting into an operating system that runs directly on RAM rather than being installed on a storage device
230
account management
Processes, functions, and policies used to effectively manage user accounts within an organization.
231
mantrap
A physical security control system that has a door at each end of a secure chamber
232
confidentiality
The fundamental security goal of keeping information and communications private and protected from unauthorized access
233
SSID broadcast
A continuous announcement by a WAP that transmits its name so that wireless devices can discover it
234
bitcoin
A decentralized encrypted electronic payment system that is used by legitimate entities and threat actors alike.
235
legal hold
A process designed to preserve all relevant information when litigation is reasonably expected to occur
236
vulnerability
Any condition that leaves an information system open to harm
237
incident response
The practice of using an organized methodology to address and manage security breaches and attacks while limiting danlige and reducing recovery costs
238
backout contingency plan
A documented plan that includes specific procedures and processes that are applied in the event that a change or modification made to a system must be undone
239
OSI model
A method of abstracting how different layers of a network structure interact with one another
240
cold site
A predetermined alternate location where a network can be rebuilt after a disaster
241
prevention controls
A security mechanism that helps to prevent a threat or attack from exposing a vulnerability in the computer system
242
false negative
Something that is identified by a scanner or other assessment tool as not being a vulnerability when in fact it is
243
screen filter
An object attached to a screen that conceals the contents of the screen from certain viewing angles
244
multi-factor authentication
An authentication scheme that requires validation of at least two distinct authentication factors
245
refactoring
The process of restructuring application code to improve its design without affecting the external behavior of the application or to enable it to handle particular situations
246
staging
The process of setting up an environment through which an asset can be quickly and easily deployed for testing purposes
247
hot and cold aisle
A method used within data centers and computer rooms to control the temperature and humidity by directing the flow of hot and cold air
248
scale out
The process of adding more resources in parallel with existing resources to achieve scale ability
249
system of records
A collection of information that uses an individual's name or an identifying number symbol or other identification Scheme
250
context aware authentication
Authentication method using multiple elements to authenticate a user and a mobile device. It can include:
* Identity
* Geolocation
* Device type
251
runtime code
Source code that is interpreted by an intermediary run time environment that runs the code rather than the system executing the code directly
252
tethering
The process of sharing a wireless Internet connection with multiple devices
253
security policy
A formalized statement that defines how security will be implemented within a particular organization
254
risk analysis
The security process used for assessing risk damages that affect an organization
255
code signing
A form of digital signature that guarantees that source code and application binaries are authentic and have not been tampered wit
256
penetration test
A method of evaluating security by simulating an attack on a system
257
interference
In wireless networking the phenomenon by which radio waves from other devices interfere with the 802.11 wireless signals used by computing devices and other network devices
258
hypervisor
Software that creates, runs, and manages VM
2 types of hypervisors:
* Type I - runs directly on the hardware, aka bare bones virtualization
* Type II - runs as s/w within host OS
Several virtualization technologies exist:
* VMware pdts
* Microsoft Hyper-V pdts
* Oracle VM VirtualBox
259
full connect scan
A type of port scan that completes the three way handshake identifies open ports and collects information about network hosts by banner grabbing
260
OpenlD Direct
An authentication layer that sits on top of the OAuth 2.0 authorization protocol
261
risk management
The process of identifying risks analyzing iliem developing a response strategy for them and mitigating their future impact
262
slashdot effect
A sudden temporary surge in traffic to a website that occurs when another website or other source posts a story that refers visitors to the victim website
263
SORN
A federally mandated publication of any system of record in the Federal Register
264
decryption
A cryptographic technique that converts ciphertext back to plaintext
265
operational controls
Security measures implemented to safeguard all aspects of day-to-day operations functions and activities
266
wildcard certificate
A type of digital certificate that enables organizations to configure a certificate's scope to encompass multiple subdomains
267
round robin
A scheduling approach used by load balancers to route traffic to devices one by one according to a list
268
job rotation
A concept that states that personnel -should rotate between job roles to prevent abuses of power reduce boredom and improve professional skills
269
site survey
The collection of information on a location for the purposes of building the most ideal infrastructure
270
secure POP
A version of the Post Office Protocol that uses SSL or TLS to provide secure communications between a mail client and the mail server
271
network mapper
A device or program that can identify the logical topology of a network to reveal its connection pathways
272
order of restoration
A concept that dictates what types of systems to prioritize in disaster recovery efforts
273
security architecture review
An evaluation of an organization's current security infrastructure model and security measures
274
remote wipe
A security method used to remove and permanently delete sensitive data from a mobile device when it is not in the authorized user's physical possession
275
subnetting
The division of a large network into smaller logical networks
276
vulnerability assessment
A security assessment that evaluates a system's security and its ability to meet compliance requirements based on the configuration state of the system
277
IV attack
A wireless attack where the attacker is able to predict or control the IV of an encryption process thus giving the attacker access to view the encrypted data that is supposed to be hidden from everyone else except the user or network
278
extranet
A private network that provides some access to outside parties particularly vendors partners and select customers
279
host-based firewall
Software that is installed on a single system to specifically guard against networking attacks
280
remote attestation
An authentication process that enables a host to verify its hardware and software configuration to a remote host such as a server
281
personnel management
The practice of ensuring that all of an organization's personnel whether internal or external ace complying with policy
282
full backup
A backup type in which all selected filesregardless of prior state are backed up
283
deduplication
A technique for removing duplicate copies of repeated data. In SIEM the removal of redundant information provided by several monitored systems
284
network operating system
Software that controls network traffic and access to network resources
285
computer forensics
The practice of collecting and analyzing data from storage devices computer systems networks and wireless communications and presenting the information as a form of evidence in the court of law
286
infrared transmission
A form of wireless transmission in which signals are sent as pulses of infrared light
287
service pack
A collection of system updates that can include functionality enhancements new features and typically all patches updates and hot fixes issued up to the point of the release of the service pack
288
scanning
The phase of the hacking process in which the attacker uses specific tools to determine organization's infrastructure and discover vulnerabilities
289
data disposal
The practice of thoroughly eliminating data from storage media so that it cannot be recovered.
290
spam filter
A program that will detect specific words that are commonly used in spam messages
291
IPv4
(IP version 4) An Internet standard that uses a 32-bit number assigned to a computer on a TCP /IP network
292
S-box
A relatively complex key algorithm that when given the key provides a substitution key in its place
293
checkpoint
The state of a virtual machine at a specific point in time.
294
standard operating procedure
A collection of procedures that dictate how policy components are implemented
295
redundancy
The property by which a computing environment keeps one or more sets of additional resources in addition to the primary set of resources
296
compiled code
Code that is converted from high-level programming language source code into a lower level code that can then be directly executed by the system.
297
risk
An information security concept that indicates exposure to the chance of damage or loss and signifies the likelihood of a hazard or dangerous threat
298
mandatory vacation
A concept that states that personnel should be required to go on vacation for a period of time so their activities can be reviewed
