Terms C

Question 1

Categorize

Answer 1

The second step of the NIST RMF that is used to develop risk management processes and tasks

Question 2

CentOS

Answer 2

An open-source distribution that is closely related to Red Hat

Question 3

Central Processing Unit (CPU)

Answer 3

A computer’s main processor, which is used to perform general computing tasks on a computer

Question 4

Chain of custody

Answer 4

The process of documenting evidence possession and control during an incident lifecycle

Question 5

Chronicle

Answer 5

A cloud-native tool designed to retain, analyze, and search data

Question 6

Cipher

Answer 6

An algorithm that encrypts information

Question 7

Cloud-based firewalls

Answer 7

Software firewalls that are hosted by the cloud service provider

Question 8

Cloud computing

Answer 8

The practice of using remote servers, applications, and network services that are hosted on the internet instead of on local physical devices

Question 9

Cloud network

Answer 9

A collection of servers or computers that stores resources and data in remote data centers that can be accessed via the internet

Question 10

Cloud Security

Answer 10

The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users

Question 11

Command

Answer 11

An instruction telling the computer to do something

Question 12

Command and control (C2)

Answer 12

The techniques used by malicious actors to maintain communications with compromised systems

Question 13

Command-line interface (CLI)

Answer 13

A text-based user interface that uses commands to interact with the computer

Question 14

Comment

Answer 14

A note programmers make about the intention behind their code

Question 15

Common Event Format (CEF)

Answer 15

A log format that uses key-value pairs to structure data and identify fields and their corresponding values

Question 16

Common Vulnerabilities and Exposures (CVE®) list

Answer 16

An openly accessible dictionary
of known vulnerabilities and exposures

Question 17

Common Vulnerability Scoring System (CVSS)

Answer 17

A measurement system that scores
the severity of a vulnerability

Question 18

Compliance

Answer 18

Compliance: The process of adhering to internal standards and external regulations

Question 19

Computer Security Incident Response Teams (CSIRT)

Answer 19

A specialized group of security professionals that are trained in incident management and response

Question 20

Computer virus

Answer 20

Malicious code written to interfere with computer operations and cause damage to data and software

Question 21

Conditional statement

Answer 21

A statement that evaluates code to determine if it meets a specified set of conditions

Question 22

Confidentiality

Answer 22

The idea that only authorized users can access specific assets or data

Question 23

Confidential data

Answer 23

Data that often has limits on the number of people who have
access to it

Question 24

Configuration file

Answer 24

A file used to configure the settings of an application

Question 24

Confidentiality, integrity, availability (CIA) triad

Answer 24

A model that helps inform how
organizations consider risk when setting up systems and security policies

Question 25

Containment

Answer 25

The act of limiting and preventing additional damage caused by an
incident

Question 26

Controlled zone

Answer 26

A subnet that protects the internal network from the uncontrolled
zone

Question 27

Crowdsourcing

Answer 27

The practice of gathering information using public input and collaboration

Question 28

Cross-site scripting (XSS)

Answer 28

An injection attack that inserts code into a vulnerable website or web application

Question 29

Cryptographic attack

Answer 29

An attack that affects secure forms of communication between a sender and intended recipient

Question 30

Cryptographic key

Answer 30

A mechanism that decrypts ciphertext

Question 31

Cryptography

Answer 31

The process of transforming information into a form that unintended readers can’t understand

Question 32

CVE Numbering Authority (CNA)

Answer 32

An organization that volunteers to analyze and distribute information on eligible CVEs

Question 33

Cryptojacking

Answer 33

A form of malware that installs software to illegally mine cryptocurrencies

Question 34

Cybersecurity (or security)

Answer 34

The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation