Terms Deck 4

Question 1

stream cipher

Answer 1

A cipher in which plaintext bits are encrypted a single bit at a time and combined with a stream of pseudo-random characters.

Question 2

block cipher

Answer 2

An algorithm that transforms a message from plaintext (unencrypted form) to ciphertext (encrypted form), one piece at a time. The block size represents a standard chunk of data that is transformed in a single operation.

Question 3

steganography

Answer 3

A word of Greek origin meaning “hidden writing” that refers to hiding messages so that unintended recipients are not even aware that a message exists.

Question 4

Domain Name System Security Extensions (DNSSEC)

Answer 4

A suite of specifications that provides protection against DNS attacks by authenticating DNS response data.

Question 5

Secure Shell (SSH)

Answer 5

A protocol designed to support secure remote login, along with secure access to other services across an insecure network. SSH includes a secure transport layer protocol that provides server authentication, confidentiality (encryption), and integrity (message digest functions), along with a user authentication protocol and a connection protocol that runs on top of the user authentication protocol.

Question 6

Secure/Multipurpose Internet Mail Extensions (S/MIME)

Answer 6

An Internet protocol specified in RFC 2633 and used to secure email communications through encryption and digital signatures for authentication. It generally works with PKI to validate digital signatures and related digital certificates.

Question 7

Hypertext Transfer Protocol over SSL (HTTPS)

Answer 7

A protocol used in a secured connection that encapsulates data transferred between the client and web server. It occurs on port 443.

Question 8

Internet Protocol Security (IPsec)

Answer 8

A tool used for the encryption of TCP/IP traffic. IPsec provides security extensions to IPv4. It manages special relationships, called security associations, between pairs of machines.

Question 9

Authentication Header (AH)

Answer 9

A component of the IPsec protocol that provides integrity, authentication, and antireplay capabilities.

Question 10

Encapsulated Security Payload (ESP)

Answer 10

A method that provides confidentiality, data origin authentication, connectionless integrity, an antireplay service, and traffic flow confidentiality.

Question 11

antivirus

Answer 11

A software program used to protect the user environment that scans for email and downloadable malicious code.

Question 12

host-based intrusion prevention system (HIPS)

Answer 12

A software intrusion detection system capable of reacting to and preventing or terminating unauthorized access within a single host system.

Question 13

host-based intrusion detection system (HIDS)

Answer 13

Systems that monitor communications on a host-by-host basis and try to filter malicious data. These types of IDSs are good at detecting unauthorized file modifications and user activity.

Question 14

fuzzing

Answer 14

An unknown environment for software testing in which semirandom data is injected into a program or protocol stack to detect bugs.

Question 15

self-encrypting drive (SED)

Answer 15

A hard disk that continually performs full disk encryption.

Question 16

Trusted Platform Module (TPM)

Answer 16

A standard for secure crypto-processor chips that are used to authenticate hardware devices such as PCs or laptops.

Question 17

sandboxing

Answer 17

A method that allows programs and processes to be run in an isolated environment, to limit access to files and the host system.

Question 18

demilitarized zone (DMZ)

Answer 18

An area in a network that allows limited and controlled access from the public Internet. Also called a screened subnet.

Question 19

virtual private network (VPN)

Answer 19

A popular technology that supports reasonably secure logical private network links across some insecure public network infrastructure, such as the Internet. VPNs are more secure than traditional remote access because they can be encrypted and because VPNs support tunneling (hiding numerous types of protocols and sessions within a single host-to-host connection).

Question 20

network-based intrusion detection system (NIDS)

Answer 20

An IDS that monitors packet flow and tries to locate unauthorized packets that might have gotten through the firewall. A NIDS may be used to detect DoS attacks and unauthorized user access.

Question 21

network-based intrusion prevention system (NIPS)

Answer 21

A device or software program designed to sit inline with traffic flows and prevent attacks in real time.

Question 22

web application firewall (WAF)

Answer 22

Software or a hardware appliance used to protect an organization’s web server from attack.

Question 23

next-generation firewalls (NGFW)

Answer 23

A firewall that goes beyond traditional port and IP address examination to include application and user awareness.

Question 24

access control list (ACL)

Answer 24

In the broadest sense, the underlying data associated with a network resource that defines the access permissions. The most common privileges include the ability to read, write to, delete, and execute a file.

Question 25

Wi-Fi Protected Access Version 2 (WPA2)

Answer 25

WPA technology that replaced the original version. It improved the security of Wi-Fi connections by requiring the use of stronger wireless encryption than WPA required.

Question 26

Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP)

Answer 26

A protocol based on the Advanced Encryption Standard (AES) encryption cipher.

Question 27

Protected EAP (PEAP)

Answer 27

An encrypted form of the EAP authentication protocol, which couples EAP with transport encryption to protect credentials during transfer.

Question 28

EAP Flexible Authentication via Secure Tunneling (EAP-FAST)

Answer 28

A proposed replacement to the Lightweight Extensible Authentication Protocol (LEAP) used for wireless authentication connections.

Question 29

EAP-Transport Layer Security (EAP-TLS)

Answer 29

A protocol that uses certificate-based mutual authentication, negotiation of the encryption method, and encrypted key determination between the client and the authenticating server.

Question 30

EAP Tunneled Transport Layer Security (EAP-TTLS)

Answer 30

A protocol that is similar to PEAP but further extends TLS. With an established secure tunnel, the server authenticates the client using authentication attributes in the TLS wrapper.

Question 31

IEEE 802.1X

Answer 31

A standard designed to enhance the security of wireless networks.

Question 32

Remote Authentication Dial-In User Service (RADIUS)

Answer 32

An Internet protocol used for remote-access services. It conveys user authentication and configuration data between a centralized authentication server and a remote-access server (RADIUS client) to permit the remote-access server to authenticate requests to use its network access ports.

Question 33

Wi-Fi Protected Setup (WPS)

Answer 33

An extension of wireless standards that enables end users to easily establish secure wireless home networks. Originally known as Wi-Fi Simple Config.

Question 34

captive portal

Answer 34

A web page that is first launched when a user is connecting through a network and that usually requires some type of interaction before the user is allowed access to other networking or Internet sites.

Question 35

rooting/jailbreaking

Answer 35

A process that enables complete access to a mobile device. Root-level access allows a user to configure the device to run unauthorized apps and set different permissions by circumventing Android’s security architecture.

Question 36

sideloading

Answer 36

A process in which a user goes around the approved vendor app marketplace and device settings to install unapproved apps.

Question 37

bring your own device (BYOD)

Answer 37

A policy that allows employees to use personal mobile devices for access to enterprise data and systems.

Question 38

corporate-owned, personally enabled (COPE)

Answer 38

A policy by which employees are able to use corporate-owned devices for personal use.

Question 39

choose your own device (CYOD)

Answer 39

An option in which an organization controls the devices an employee can use by providing a list of approved devices.

Question 40

virtual desktop infrastructure (VDI)

Answer 40

The server-based virtualization technology that hosts and manages virtual desktops.

Question 41

geofencing

Answer 41

The use of GPS coordinates or radio-frequency identification (RFID) to define a geographic perimeter.

Question 42

Challenge Handshake Authentication Protocol (CHAP)

Answer 42

A widely used authentication method in which a hashed version of a user’s password is transmitted during the authentication process.

Question 43

Password Authentication Protocol (PAP)

Answer 43

A legacy plaintext authentication protocol for remote server access that does not support stronger authentication mechanisms.

Question 44

Security Assertion Markup Language (SAML)

Answer 44

An Extensible Markup Language (XML) standard that allows a user to use single sign-on for affiliated but separate websites.

Question 45

Terminal Access Controller Access Control System Plus (TACACS+)

Answer 45

An authentication, access control, and accounting standard that relies on a central server to provide access over network resources, including services, file storage, and network routing hardware.