Security+ Set C

Question 1

C&C (command and control)

Answer 1

infrastructure of hosts and services with which attackers, direct, distribute, and control malware over botnets. Also known as C2.

Question 2

CA Certificate Authority

Answer 2

a server that guarantees subject identities by issuing signed digital certificate wrappers for their public keys.

Question 3

CAC (common access card)

Answer 3

certificate based authentication and supports two-factor authentication.

Question 4

CAN (controller area network bus)

Answer 4

A serial network designed to allow communications between embedded programmable logic controllers.

Question 5

CAPTCHA (completely automated public turing test to tell computers and humans apart)

Answer 5

difficult for computers to interpret

Question 6

CASB (cloud access security broker)

Answer 6

enterprise management software designed to mediate access to cloud services by users across all types of devices

Question 7

CBC (cipher block chaining)

Answer 7

an encryption mode of operation where an exclusive or (XOR) is applied to the first plaintext blockglossary

Question 8

CCMP (counter mode with cipher block chaining message authentication code protocol)

Answer 8

encryption protocol used for wireless LANs that addresses the vulnerabilities of the WEP protocol.

Question 9

CE (cryptographic erase)

Answer 9

method of sanitizing a self-encrypting drive by erasing the media encryption key.

Question 10

CHAP (challenge handshake authentication protocol)

Answer 10

for dial up networks that uses encrypted 3 way handshake to authenticate client to server. The challenge response is repeated through the connection to guard against replay attacks.

Question 11

CIA Triad

Answer 11

Also known as AIC triad. principles of security control and management

Question 12

CIS (center for internet security)

Answer 12

not for profit organization. It publishes the well known top 20 critical security controls.

Question 13

CN (common name)

Answer 13

An X500 attribute expressing a host or user name, also used as the subject identifier for a digital certificate.

Question 14

COBO (corporate owned, business only)

Answer 14

Enterprise mobile device provisioning model where the device is the property of the organization and personal use is prohibited.

Question 15

COPE (corporate owned, personally enabled)

Answer 15

Enterprise mobile device provisioning model where the device remains the property of the organization, but certain personal use, such as private email, social networking, web browsing is permitted.

Question 16

CRL (certificate revocation list)

Answer 16

a list of certs that were revoked before their expiration date

Question 17

CSP (cloud service provider)

Answer 17

vendor offering cloud models

Question 18

CSR (cert signing request)

Answer 18

base64 ASCII file that subject sends to a CA to get a certificate.

Question 19

CTI (cyber threat intel)

Answer 19

process of ivestigating, collecting, analyzing, and diseminating info about emerging threats and sources. also known as threat intel.

Question 20

CVE (common vulnerabilities and exposures)

Answer 20

scheme for identifying vulnerabilities developed by MITRE and adopted by NIST

Question 21

CVSS (common vulnerability scoring system)

Answer 21

risk mgmt. approach to quantifying vulnerability data and then taking into account the degree of risk to different types of systems or information.

Question 22

CYOD (choose your own device)

Answer 22

enterprise mobile device provisioning model where employees are offered a selection of corporate devices for work and optionally private use.

Question 23

Cloud Security Alliance

Answer 23

industry body providing security guidance to CSPs, including enterprise reference architecture and security controls matrix.

Question 24

Cuckoo

Answer 24

implementation of sandbox for malware analysis

Question 25

cable lock

Answer 25

physical secure against theft.

Question 26

captive portal

Answer 26

a web page or website to which a client is redirected before being granted full network access.

Question 27

capture the flag

Answer 27

training event where learners must identify a token within a live network environment

Question 28

card cloning skimming

Answer 28

duplicating smart card by reading the confidential data stored on it.

Question 29

carving

Answer 29

process of exgtracting data from a computer when that data has no associated file system metadata

Question 30

cat command

Answer 30

linux command to view and combine (concatenate) files.

Question 31

chain of custody

Answer 31

the record of evidence history from collection, to presentation in court, to disposal

Question 32

change control

Answer 32

process by which the need for change is recorded and approved.

Question 33

change mgmt.

Answer 33

process through which changes to configuration of info systems are implemented,.

Question 34

checksum

Answer 34

output of a hash function. chmod Linux command for managing file permissions.

Question 35

circuit-level stateful inspection firewall

Answer 35

a Layer 5 firewall technology that tracks the active state of a connection, and can make decisions based on the contents of network traffic as it relates to the state of the connection.

Question 36

clean desk policy

Answer 36

organizational policy that mandates employee work areas be free from potentially sensitive information; sensitive docs must not be left out hwere unauthorized personnel might see them.

Question 37

cloud deployment model

Answer 37

classifying the ownership and managemtn of a cloud as public, private, community, or hybrid

Question 38

cloud service model

Answer 38

classifying the provision of cloud services and the limit of the provider’s responsibility as a software, platform, infrastructure and so on.

Question 39

code of conduct

Answer 39

professional behavior depend s on basic ethical standards.

Question 40

code reuse

Answer 40

potentially unsecure programming practice of using code originally written for a different context.

Question 41

code signing

Answer 41

method of using a digital signature to ensure the source and integrity of programming code.

Question 42

cold site

Answer 42

predetermined alternate location where a network can be rebuilt after a disaster.

Question 43

collector

Answer 43

network appliance that gathers or receives log and/or state data from other network systems

Question 44

collision

Answer 44

in cryptography, the act of two different plaintext inputs producing the same exact ciphertext output.

Question 45

community cloud

Answer 45

cloud deployed for shared use by cooperating tenants

Question 46

compensating control

Answer 46

security measure that takes on risk mitigation when a primary control fails or cannot completely meet expectations

Question 47

confidentiality

Answer 47

keeping info and comm private and protecting them from unauthorized access.

Question 48

content filter

Answer 48

software app or gateway that filters client requests for various types of internet content.

Question 49

context-aware authentication

Answer 49

access control scheme that verifies an objects identity based on various environmental facgtors, like time, location, and behavior

Question 50

continuous delivery

Answer 50

software development method in which app and platform requirements are frequently tested and validated for immediate availability

Question 51

continuous deployment

Answer 51

software development method in which app and platform updates are committed to production rapidly

Question 52

continuous integration

Answer 52

method in which code updates are tested and committed to a development or build server/code repository rapidly.

Question 53

continuous monitoring

Answer 53

constantly evaluating an environment for changes so that new risks may be more quicky detected and business operations improved upon. Also known as continuous security monitoring.

Question 54

control risk

Answer 54

risk that arises when a control does not provide the level of mitigation that was expecgted

Question 55

corrective control

Answer 55

control that acts after an incident to eliminate or minimize its impact.

Question 56

counter mode (CTM)

Answer 56

encryption mode of operation where a numerical counter value is used to create a constantly changing IV

Question 57

credential stuffing

Answer 57

brute force attack in which stolen user account names and passwords are tested against multiple websites

Question 58

crossover error rate

Answer 58

biometric evaluation factor expressing the point at which FAR and FRR meet, with a low value indicating better performance.

Question 59

curl command

Answer 59

utility for command-line manipulation of URL-based protocol requests.