Terms Deck 3 Flashcards

1
Q

honeypot

A

A decoy system designed to attract hackers. A honeypot usually has all its logging and tracing enabled, and its security level is lowered on purpose. Such systems often include deliberate lures or bait, in the hopes of attracting would-be attackers who think they can obtain valuable items on these systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

honeyfile

A

A file used as bait intended to attract an attacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

honeynet

A

A network used as bait to attract an attacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

infrastructure as a service (IaaS)

A

A cloud computing model in which hardware, storage, and networking components are virtualized and provided by an outsourced service provider.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

platform as a service (PaaS)

A

The delivery of a computing platform, often an operating system with associated services, over the Internet without downloads or installation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

software as a service (SaaS)

A

A cloud computing model in which software applications are virtualized and provided by an outsourced service provider.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

edge computing

A

Computing that happens near the edge of a network, close to where it’s used or needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

container

A

A technology that packages applications and services together with their runtime environment, allowing them to be run anywhere.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

software-defined networking (SDN)

A

A method by which organizations can manage network services through a decoupled underlying infrastructure that allows for quick adjustments based on changing business requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

software-defined visibility (SDV)

A

Visualization combined with the capability to dynamically respond to events across software-defined networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

virtualization

A

A technology developed to allow a guest operating system to run along with a host operating system with one set of hardware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

integrity measurement

A

A method that uses attestation challenges from computed hashes of system or application information to obtain confidence in the trustworthiness and identity of a platform or software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

normalization

A

The conversion of data to its anticipated, simplest known form.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

obfuscation

A

The act of making something difficult to understand.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Open Web Application Security Project (OWASP)

A

A nonprofit organization that provides resources to improve the security of software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

elasticity

A

The capability to expand and reduce cloud resources as needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

scalability

A

The capability to handle the changing needs of a system, process, or application within the confines of the current resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

authentication

A

The process of identifying users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

federation

A

A way to connect identity management systems by allowing identities to cross multiple jurisdictions.

20
Q

time-based one-time password (TOTP)

A

An algorithm that computes a one-time password from a shared secret key and the current time.

21
Q

HMAC-based one-time password (HOTP)

A

An algorithm that relies on a shared secret and a moving factor or counter.

22
Q

multifactor authentication (MFA)

A

A type of authentication that requires more than just a password for account access. Multifactor authentication involves two or more of the types of authentication (something you know, something you have, something you are, something you do, and somewhere you are), not simply multiple credentials or keys of the same type.

23
Q

redundancy

A

Replication of a component in identical copies to compensate for random hardware failures.

24
Q

redundant array of inexpensive disks (RAID)

A

Multiple disks arranged as a large, high-performance logical disk to provide redundancy in case of disk failure.

25
Q

full backup

A

A complete backup of all data. This is the most time- and resource-intensive form of backup, requiring the largest amount of data storage.

26
Q

differential backup

A

A backup that provides only the data that has changed since the last full backup. It is incomplete without the last full backup.

27
Q

incremental backup

A

A backup that includes only the data that has changed since the last incremental backup. It resets the archive bit.

28
Q

snapshot

A

A picture that preserves the entire state and data of a virtual machine at the time it is taken.

29
Q

defense in depth

A

A term rooted in military strategy that requires a balanced emphasis on people, technology, and operations to maintain information assurance (IA).

30
Q

supervisory control and data acquisition (SCADA)

A

A subset of systems considered to be critical infrastructure systems.

31
Q

industrial control system (ICS)

A

A system that is considered to be critical to the infrastructure, such as manufacturing, a logistics and transportation network, energy and utilities, telecommunication services, agriculture, and food production networks.

32
Q

Internet of Things (IoT)

A

A network of connected devices that perform specific functions using embedded systems and sensors.

33
Q

heating, ventilation, air conditioning (HVAC)

A

A form of environmental control that warms, cools, and transports air for the purpose of thermal and humidity regulation.

34
Q

real-time operation system (RTOS)

A

A small operating system used in embedded systems and IoT applications that typically run in a SoC environment.

35
Q

system on chip (SoC)

A

Integration between a microcontroller, an application, or a microprocessor and peripherals.

36
Q

mantrap

A

access control vestibule - A two-door configuration used in high-security facilities that allows only one person to pass at a time.

37
Q

air gap

A

A physical isolation gap between a system or network and the outside world.

38
Q

digital signature

A

A U.S. standard for the generation and verification of digital signatures to ensure authenticity.

39
Q

key stretching

A

A technique that involves running a password through an algorithm to produce an enhanced key, usually of at least 128 bits.

40
Q

salting

A

An additional input of random data to a function that hashes a password.

41
Q

key exchange

A

A technique in which a pair of keys is generated and then exchanged between two systems (typically, a client and server) over a network connection to allow them to establish a secure connection.

42
Q

elliptical curve cryptography (ECC)

A

A method in which elliptic curve equations are used to calculate encryption keys for use in general-purpose encryption.

43
Q

perfect forward secrecy (PFS)

A

A mechanism to prevent the compromise of a private key used to create session keys from compromising past session keys.

44
Q

ephemeral

A

A key that is used for only a single session.

45
Q

blockchain

A

A digital ledger where transactions are grouped into blocks, each linked to the previous block through a cryptographic hash and shared with the network.