Terms Deck 5

Question 1

Open Authorization (OAuth)

Answer 1

A framework used for Internet token-based authorization that provides API authorization between applications.

Question 2

OpenID

Answer 2

An identity layer based on OAuth 2.0 specifications used for consumer single sign-on.

Question 3

kerberos

Answer 3

A set of authentication services, including the authentication service (AS) exchange protocol, the ticket-granting service (TGS) exchange protocol, and the client/server (CS) exchange protocol.

Question 4

attribute-based access control (ABAC)

Answer 4

A logical access control model recommended as the preferred access control model for information sharing among diverse organizations by the Federal Identity, Credential, and Access Management (FICAM) Roadmap.

Question 5

role-based access control (RBAC)

Answer 5

A security method that combines MAC and DAC. RBAC uses profiles, which are defined for specific roles within a company, and then users are assigned to such roles. This facilitates administration in a large group of users because when you modify a role and assign it new permissions, those settings are automatically conveyed to all users assigned to that role.

Question 6

rule-based access control

Answer 6

An extension of access control that includes stateful testing to determine whether a particular request for resource access may be granted. When a rule-based method is in force, access to resources might be granted or restricted, based on conditional testing.

Question 7

mandatory access control (MAC)

Answer 7

A centralized security method in which users are not allowed to change permissions on objects.

Question 8

discretionary access control (DAC)

Answer 8

An access control method in which access rights are configured at the discretion of accounts with authority over each resource, including the capability to extend administrative rights through the same mechanism.

Question 9

digital certificate

Answer 9

An electronic document that includes the user’s public key and the digital signature of the certificate authority (CA) that has authenticated the user. The digital certificate can also contain information about the user, the CA, and attributes that define what users are allowed to do with systems they access using the digital certificate.

Question 10

key management

Answer 10

The process of creating and managing cryptographic keys and digital certificates.

Question 11

certificate authority (CA)

Answer 11

A system that issues, distributes, and maintains current information about digital certificates. Such authorities can be private (operated within a company or an organization for its own use) or public (operated on the Internet for general public access).

Question 12

registration authority (RA)

Answer 12

A network authority that provides a CA with authentication of a client’s certificate request and serves as an aggregator of information.

Question 13

certificate revocation list (CRL)

Answer 13

A list generated by a CA that enumerates digital certificates that are no longer valid and the reasons they are no longer valid.

Question 14

Online Certificate Status Protocol (OCSP)

Answer 14

An Internet protocol defined by the IETF that is used to validate digital certificates issued by a CA. OCSP was created as an alternative to certificate revocation lists (CRLs) and overcomes certain limitations of CRLs.

Question 15

certificate signing request (CSR)

Answer 15

A request to apply for a digital certificate

Question 16

distinguished encoding rules (DER)

Answer 16

The binary form of a PEM certificate.

Question 17

privacy enhanced mail (PEM)

Answer 17

The most common format and extension for certificates.

Question 18

personal information exchange (PFX)

Answer 18

A binary certificate format also known as PKCS#12.

Question 19

pinning

Answer 19

A method that extends beyond normal certificate validation to help thwart on-path attacks.

Question 20

key escrow

Answer 20

A situation in which a CA or another entity maintains a copy of the private key associated with the public key signed by the CA.

Question 21

nslookup/dig

Answer 21

A command-line utility used for troubleshooting DNS.

Question 22

ipconfig/ifconfig

Answer 22

A tool that displays network settings such as IP address, subnet mask, and default gateway.

Question 23

Nmap

Answer 23

A network scanning tool used for locating network hosts, detecting operating systems, and identifying services.

Question 24

ping

Answer 24

A network tool for testing the basic function of a network that is commonly used to test whether a remote host is alive or responding.

Question 25

hping

Answer 25

A packet assembler and analyzer that provides a number of security capabilities.

Question 26

netcat

Answer 26

A network utility for gathering information from TCP and UDP network connections.

Question 27

ARP

Answer 27

Address Resolution Protocol - A protocol that resolves a device’s assigned IP address to its MAC hardware address.

Question 28

cURL

Answer 28

A command-line tool that provides the ability to get and send data using URLs.

Question 29

theharvester

Answer 29

A tool used to gather emails, domains, employee names, ports, and banners from varying sources.

Question 30

sn1per

Answer 30

An automated penetration testing scanner that enumerates and scans for vulnerabilities.

Question 31

scanless

Answer 31

A port scanning utility that uses websites to do scanning and enables the user to remain anonymous.

Question 32

dnsenum

Answer 32

A tool that enumerates DNS by finding DNS servers and DNS records such as mail exchange servers, domain name servers, and the address records for a domain.

Question 33

Cuckoo

Answer 33

A malware analysis tool that provides results of what a file does when executed in an isolated environment.

Question 34

head

Answer 34

A command-line file manipulation command that displays the beginning of a text file or file fed to the command.

Question 35

tail

Answer 35

A command-line file manipulation command that is used to display the tail end of a text file or a file fed to the command.

Question 36

cat

Answer 36

A command-line file-manipulation command for reading files sequentially that is used to concatenate files.

Question 37

grep

Answer 37

A command-line file manipulation command that searches files for patterns.

Question 38

chmod

Answer 38

A command-line tool used to change access permissions for files and directories.

Question 39

logger

Answer 39

A command-line tool that is used to add logs to the local syslog file or a remote syslog server.

Question 40

PowerShell

Answer 40

A command-line shell and scripting interface for Microsoft Windows environments.

Question 41

Python

Answer 41

A popular and widely used general-purpose programming language.

Question 42

tcpreplay

Answer 42

A command-line tool used for replaying network traffic from saved files such as tcpdump.

Question 43

Wireshark

Answer 43

A well-known packet analyzer that is similar to tcpdump.

Question 44

tcpdump

Answer 44

A command-line packet analysis tool that captures packets sent and received on an interface.

Question 45

exploitation framework

Answer 45

A structure that helps in penetrating testing and risk assessments. Each exploitation framework contains a set of exploits for known vulnerabilities.