Security+ Set B

Question 1

BAS (building automation system)

Answer 1

components and protocols that facilitate the centralized configuration and monitoring of mechanical and electrical systems within offices and data centers.

Question 2

BIA (business impact analysis)

Answer 2

a systematic activity that identifies organizational risks and determines their effect on ongoing, mission critical operations.

Question 3

BPA (business partnership agreement)

Answer 3

agreement by two companies to work together closely, such as the partner agreements that large IT companies set up with resellers and solution providers.

Question 4

BPDU guard (bridge protocol data unit guard)

Answer 4

switch port security feature that disables the port if it receives BPDU notifications related to spanning tree. This is configured on access ports where there any BPDU frames are likely to be malicious.

Question 5

BYOD

Answer 5

security framework and tools to facilitate use of personally-owned devices to access corporate networks and data.

Question 6

baseband radio

Answer 6

the chip and firmware in a smartphone that acts as a cellular modem.

Question 7

baseline configuration

Answer 7

a collection of security and configuration settings that are to be applied to a particular system or network in the organization.

Question 8

bash (bourne again shell)

Answer 8

a command shell and scripting language for Unix-like systems. bastion host A server typically found in a DMZ that is configured to provide a single service to reduce the possibility of compromise.

Question 9

behavioral analysis

Answer 9

a network monitoring system that detects changes in normal operating data sequences and identifies abnormal sequences. Also known as behavior-based detection.

Question 10

birthday attack

Answer 10

a type of password attack that exploits weaknesses in the mathematical algorithms used to encrypt passwords, in order to take advantage of the probability of different password inputs producing the same encrypted output.

Question 11

block cipher

Answer 11

a type of symmetric encryption that encrypts data one block at a time, often in 64-bit blocks. It is usually more secure, but is also slower, than stream ciphers.

Question 12

blockchain

Answer 12

a concept in which an expanding list of transactional records listed in a public ledger is secured using cryptography.

Question 13

blue team

Answer 13

the defensive team in a penetration test or incident response exercise.

Question 14

bluejacking

Answer 14

sending an unsolicited message or picture message using bluetooth connection

Question 15

bluesnarfing

Answer 15

wireless attack where an attacker gains access to unauthorized information on a device using a bluetooth connection.

Question 16

boot attestation

Answer 16

report of a boot state integrity data that is signed by a tamper proof TPM key and reported to a network server.

Question 17

botnet

Answer 17

set of hosts that has been infected by a control program called a bot that enables attackers to exploit the hosts to mount attacks. Also known as zombie.

Question 18

brute force attack

Answer 18

a type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack encrypted passwords.

Question 19

buffer overflow

Answer 19

an attack in which data goes past the boundary of the destination buffer and begins to corrupt adjacent memory. This can allow the attacker to crash the system or execute arbitrary code.

Question 20

bug bounty

Answer 20

reward scheme operated by software and web services vendors for reporting vulnerabilities