TryHackMe Terms

Question 1

XXXXX XXX XXXXXXXX (XXX) is a comprehensive cloud computing platform offered by Amazon. It provides a wide range of services such as computing power, storage, databases, networking, analytics, and more, delivered over the internet on a pay-as-you-go basis.

Answer 1

AWS

Amazon Web Services

Question 2

xxxxxxxxx is a Windows feature that allows administrators to control which applications and scripts users are allowed to run on a system.

Answer 2

AppLocker

Question 3

xxxxxx is the most widely used web server software. Developed and maintained by xxxxxx Software Foundation, xxxxxx is an open source software available for free.

Answer 3

Apache

Question 4

—————————————— is responsible for finding the MAC (hardware) address related to a specific IP address. It works by broadcasting an — query, “Who has this IP address? Tell me.” And the response is of the form, “The IP address is at this MAC address.”

Answer 4

Address Resolution Protocol (ARP)

Question 5

——————————- is a list of permissions that determine who can access a specific resource in a computer network. It is used to grant or deny access to files, folders, printers, and other network resources.

Answer 5

An Access Control List (ACL)

Question 6

—————————– is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more.

Answer 6

AV
Antivirus software

Question 7

——————————– is a symmetric block encryption algorithm. It can use cryptographic keys of sizes 128, 192, and 256 bits.

Answer 7

The Advanced Encryption Standard (AES)

Question 8

A low-level programming language that uses symbolic code as a direct representation of machine code. It enables a programmer to write instructions that the computer’s processor can execute directly. Each line corresponds to a specific machine operation, often based on a sequence of numbers, letters, and symbols.

Answer 8

ASM

Question 9

——————————— is a set of rules and protocols for building software and applications. An — allows different software programs to communicate with each other. It defines methods of communication between various components, including the kinds of requests that can be made, how they’re made, the data formats that should be used, and conventions to follow.

Answer 9

API, which stands for Application Programming Interface,

Question 10

—————– serves as a standardized interface enabling Windows applications to seamlessly communicate with any existing anti-malware solutions present on the system.

Answer 10

The Windows Anti-malware Scan Interface (AMSI)

Question 11

——————- is a guideline for classifying and describing cyberattacks and intrusions.

Answer 11

The Adversarial Tactics, Techniques, and Common Knowledge or MITRE ATT&CK

Question 12

—————————- is a directory service developed by Microsoft for Windows domain networks. It stores information about network objects such as computers, users, and groups. It provides authentication and authorisation services, and allows administrators to manage network resources centrally.

Answer 12

AD Active Directory

Question 13

————————— is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period.

Answer 13

An advanced persistent threat (APT)

Question 14

——————— is included in the response from one website to a request originating from another website, and identifies the permitted origin of the request. A web browser compares the Access-Control-Allow-Origin with the requesting website’s origin and permits access to the response if they match.

Answer 14

ACOA The Access-Control-Allow-Origin header

Question 15

———————— is a managed Kubernetes service from the Azure Cloud Service Provider.

Answer 15

Azure Kubernetes Service (AKS)

Question 16

—————- is an authenticated encryption algorithm that combines the AES encryption with the GCM mode of operation. It provides both confidentiality (encryption) and integrity (authentication) by generating an authentication tag to verify the authenticity of the encrypted data

Answer 16

AES-GCM (Advanced Encryption Standard - Galois/Counter Mode)

Question 17

——————– is an authenticated encryption mode that combines AES encryption with the Counter (CTR) mode for confidentiality and the CBC-MAC (Cipher Block Chaining Message Authentication Code) for integrity. It ensures both data encryption and authentication, protecting against tampering and providing data authenticity.

Answer 17

AES-CCM (Advanced Encryption Standard - Counter with CBC-MAC)

Question 18

——————– is a study of real-world software security initiatives and reflects the current state of software security.

Answer 18

Building Security In Maturity Model (BSIMM)

Question 19

——————- is a technology used in certain computer operating systems for programs that need to, among other things, analyze network traffic. BPF supports filtering packets, allowing a userspace process to supply a filter program that specifies which packets it wants to receive.

Answer 19

The Berkeley Packet Filter (BPF)

Question 20

—————- comprises cyber security and technology professionals whose aim is to protect an information system from impending cyber threats by performing and implementing defensive actions.

Answer 20

A blue team

Question 21

————————————- is the term given for devices that are owned by an employee but are usually used for work-related activities. For example, an employee uses their personal device to access emails. A BYOD policy outlines what type of devices are acceptable, what behaviour is acceptable, as well as any necessary steps to secure the device (for example, requiring anti-virus)

Answer 21

Bring Your Own Device BYOD

Question 22

————————— is a boot firmware that provides runtime services for the operating system (OS). The BIOS starts, checks specific hardware components, and loads the OS depending on boot priority.

Answer 22

The Basic Input/Output System (BIOS)

Question 23

——————– is a set of compiled code written in a C-language that interacts with the Windows API to enable additional functionality within a C2 agent.

Answer 23

Beacon Object Files (BOF)

Question 24

————- is an integrated platform for performing security testing of web applications. It includes various tools for scanning, fuzzing, intercepting, and analysing web traffic. It is used by security professionals worldwide to find and exploit vulnerabilities in web applications.

Answer 24

Burp Suite

Question 25

————- , this term is given to a publicly disclosed vulnerability

Answer 25

Common Vulnerabilities and Exposures (CVE)

Question 26

————————–. These web applications are used to manage content on a website. For example, blogs, news sites, e-commerce sites and more!

Answer 26

Content Management System (CMS)

Question 27

——————— is the opposite of Disclosure, Alternation, and Destruction (DAD).

Answer 27

Confidentiality, Integrity, and Availability (CIA)

Question 28

Common Vulnerability Scoring System

Answer 28

CVSS

Question 29

—————- is evidence-based knowledge about adversaries, including their indicators, tactics, motivations, and actionable advice against them.

Answer 29

CTI
Cyber Threat Intelligence

Question 30

————— is a software development practice that involves automatically building, testing and implementing changes to an application’s source code

Answer 30

CI Continuous Integration

Question 31

——————- is a set of guidelines and measures for organisations to manage and improve their cybersecurity posture by identifying, assessing, and managing their cybersecurity risks.

Answer 31

Cyber Security Framework (CSF)

Question 32

——————- are computer programs designed to be used from a text interface; think of it as if you’re using an application without a user interface.

Answer 32

CLI Command-line applications

Question 33

A hairy, bear-like creature that performs Quality Analysis in DevOps

Answer 33

ChewBa-QA

Question 34

——————— is a software development term for deploying code to production environments automatically without any interaction from a human. For example, the automation of tests and then deployment of the code.

Answer 34

CD Continuous Deployment

Question 35

They are a set of practices and principles that enable automated software releases.

Answer 35

CI/CD CI/CD stands for Continuous Integration/Continuous Delivery.

Question 36

——————– are a set of programs used to communicate with a victim machine. This is comparable to a reverse shell, but is generally more advanced and often communicate via common network protocols, like HTTP, HTTPS and DNS.

Answer 36

Command and Control (C2) Infrastructure

Question 37

——————- is a vulnerability that occurs when an attacker manipulates input fields to inject malicious commands into a vulnerable application. This can lead to unauthorised execution of arbitrary commands on the targeted server, potentially resulting in data breaches, system compromise, or unintended operations.

Answer 37

Command Injection

Question 38

———————- is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other.

Answer 38

Cross-site request forgery (also known as CSRF)

Question 39

———————– is the most important processor in a given computer. Its electronic circuitry executes instructions of a computer program, such as arithmetic, logic, controlling, and input/output (I/O) operations. This role contrasts with that of external components, such as main memory and I/O circuitry,[1] and specialized coprocessors such as graphics processing units (GPUs).

Answer 39

A central processing unit (CPU)—also called a central processor or main processor—

Question 40

—————————— is the person that is responsible for an organisations technology. Working together with the CIO, they run a company’s IT infrastructure.

Answer 40

CTO Chief Technology Officer

Question 41

—————-are incredible ML structures that have the ability to extract features that can be used to train a neural network. In essence, —————— are normal neural networks that simply have the feature-extraction process as part of the network itself.

Answer 41

Convolutional Neural Networks (CNNs)

Question 42

CLI

Answer 42

Command Line Interface

Question 43

——————- are packages of software that bundles up code, and all its dependencies so it can be run reliably in any environment.

Answer 43

Containers

Question 44

—————— is a mechanism for integrating applications. CORS defines a way for client web applications that are loaded in one domain to interact with resources in a different domain.

Answer 44

Cross-origin resource sharing (CORS)

Question 45

——————- is a company which offers scalable cloud computing resources on demand. The cloud resources ———— offer include computing power, data storage and applications.

Answer 45

A Cloud Service Provider CSPs

Question 46

———————– is a non-profit organisation that helps collect and define standards that can be implemented as preventative measures against cyber attacks

Answer 46

CIS CIS (Centre for Internet Security)

Question 47

The process of securing a Kubernetes cluster following best security practices.

Answer 47

Cluster Hardening

Question 48

————— is the opposite of Confidentiality, Integrity, and Availability (CIA).

Answer 48

Disclosure, Alternation, and Destruction (DAD)

Question 49

DPI

Answer 49

Deep Packet Inspection

Question 50

————– is the protocol responsible for resolving hostnames, such as tryhackme.com, to their respective IP addresses.

Answer 50

Domain Name System (DNS)

Question 51

—————– is a symmetric encryption block encryption algorithm which uses a cryptographic key size of 56 bits. AES became the new standard in 2001.

Answer 51

The Data Encryption Standard (DES)

Question 52

DAST

Answer 52

Dynamic Application Security Testing scans running applications for vulnerabilities

Question 53

A computer operating system that provides a file system for operations such as reading, writing, and erasing data on a disk. It is a non-graphical line-oriented command-driven computer operating system designed for the IBM PC. Several variations of ———— were developed, such as MS——– (Microsoft) and PC———— (IBM).

Answer 53

DOS

Question 54

DFIR

Answer 54

Digital Forensics and Incident Response

Question 55

Reporting, and Conformance, or DMARC, is a technical standard that helps protect email senders and recipients from spam, spoofing, and phishing.

Answer 55

DMARC Domain-based Message Authentication,

Question 56

for packet I/O. The ——– replaces direct calls to libpcap functions with an abstraction layer that facilitates operation on a variety of hardware and software interfaces without requiring changes to Snort.

Answer 56

DAQ Data Acquisition library,

Question 57

—————– are used by Windows systems to specify who can access a given resource. While they are often referenced when talking about files, they also apply to other components as registry keys, services and scheduled tasks.

Answer 57

DACL Discretionary Access Control Lists

Question 58

——————— is a perimeter network that protects and adds an extra layer of security to an organization’s internal local-area network from untrusted traffic. The end goal of a demilitarized zone network is to allow an organization to access untrusted networks, such as the internet, while ensuring its private network or LAN remains secure

Answer 58

A DMZ or demilitarized zone

Question 59

————— is a set of practices, tools, and a cultural philosophy that automate and integrate the processes to build software.

Answer 59

DevOps

Question 60

—————– is an email security standard designed to make sure messages aren’t altered in transit between the sending and recipient servers.

Answer 60

DKIM (DomainKeys Identified Mail)

Question 61

————————- is a library that contains code and data that can be used by more than one program at the same time. For example, in Windows operating systems, the Comdlg32 DLL performs common dialog box related functions. Each program can use the functionality that is contained in this DLL to implement an Open dialog box. It helps promote code reuse and efficient memory usage.

Answer 61

A DLL file, short for Dynamic Link Library,

Question 62

———————- software detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring,[1] detecting and blocking sensitive data while in use (endpoint actions), in motion (network traffic), and at rest (data storage).

Answer 62

Data Loss Prevention (DLP)

Question 63

The process of analyzing malware by running it in a controlled environment like a sandbox.

Answer 63

Dynamic Analysis

Question 64

————– is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client–server architecture.

Answer 64

The Dynamic Host Configuration Protocol (DHCP)

Question 65

A system used by microsoft to assess risk to computer security threats

Answer 65

DREAD

Question 66

———— is an attack on the target’s availability to make the target service/system unavailable to legitimate users.

Answer 66

Denial of Service (DoS)

Question 67

———— attacks the target’s availability. It is “distributed” because it is launched from many sources, usually a botnet.

Answer 67

Distributed Denial of Service (DDoS)

Question 68

———————- is a server that manages security authentication requests in a Windows Server network. It stores user account information and controls access to resources on the network. It is a critical component for managing and securing a network infrastructure.

Answer 68

DC A domain controller

Question 69

———————- is a free and open-source web application security scanner. It can be used to find hidden directories and files on web servers. It can use various techniques to brute-force directories and files, including dictionary attacks, brute-force attacks, and hybrid attacks.

Answer 69

DirBuster

Question 70

Fosters the same culture and principles as ———- with the addition of security into the development process, ensuring security is integrated from an early stage.

Answer 70

DevSecOps

Question 71

——————- is a framework used to handle the Incident Response process. It is mapped on the NIST Incident Response Lifecycle

Answer 71

DAIR - Dynamic Approach to Incident Response

Question 72

—————– is a series of tools that monitor devices for activity that could indicate a threat.

Answer 72

Endpoint detection and response (EDR)

Question 73

It is a file format used to store event logs generated by the Windows Event Logging system.

Answer 73

An EVTX file is a Windows XML event log file.

Question 74

———– is a solution deployed on endpoint devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.

Answer 74

An endpoint protection platform (EPP)

Question 75

——————– is a service provided by Amazon Web Services (AWS) that allows you to rent virtual PCs on the cloud. The machines can be used just as any regular PC, and their specs can be dimensioned according to your specific needs.

Answer 75

Elastic Compute Cloud (EC2)

Question 76

The measure of randomness of data in a file is known as ————–. ————– is very useful in identifying compressed and packed malware. Packed or compressed files usually have a high ————-.

Answer 76

Entropy

Question 77

—————- is a security information and event management (SIEM) platform that helps organisations collect, analyse, and respond to security threats. It can collect data from various sources, including logs, events, network traffic, and cloud metadata. It can use machine learning to identify and prioritise threats. It can automate response actions, such as blocking malicious traffic or isolating infected hosts.

Answer 77

Elastic SIEM

Question 77

These are three open-source tools that are commonly used together to collect, store, analyse, and visualise data.

Answer 77

ELK stands for Elasticsearch, Logstash, and Kibana.

Question 78

——————- is a distributed, scalable, and highly available search engine. It is used to store and index data so that it can be quickly searched and analysed.

Answer 78

Elasticsearch

Question 79

———————- is a broad concept that includes public or private information stored in an electronic or digital medium, such as data available from computers (including email), CD-ROM discs, DVDs, Internet, cloud storage, personal digital assistants (PDAs), smart phones, tablets, GPS systems, satellites, and drones. ESI includes writings, drawings, graphs, charts, photographs, sound recordings, images, video recordings, data compilations, computer-aided design files such as blueprints or maps, metadata, equipment/process control and data logging system files, and any other data that is stored electronically.

Answer 79

Electronically Stored Information (ESI)

Question 80

———————- is a managed Kubernetes service from the Amazon Web Services Cloud Service Provider.

Answer 80

Elastic Kubernetes Service (AKS)

Question 81

——————- is a way to encrypt data using smaller keys while still providing strong security. It is based on the math of elliptic curves.

Answer 81

ECC

Question 82

Images store metadata (date and time, camera settings, GPS coordinates, etc.) within them. This metadata of image files is stored in a standardized format known as Exchangeable Image File Format

Answer 82

EXIF

Question 83

———- is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. ——— was signed into law part of the Electronic Government Act of 2002.

Answer 83

FISMA is an acronym that stands for the Federal Information Security Modernization Act.

Question 83

A security tool, hardware or software that is used to filter network traffic by stopping unauthorized incoming and outgoing traffic.

Answer 83

Firewall

Question 84

————————- is a protocol designed to help the efficient transfer of files between different and even non-compatible systems. It supports two modes for file transfer: binary and ASCII (text).

Answer 84

File Transfer Protocol (FTP)

Question 85

is a form of user interface that allows users to interact with electronic devices through graphical icons and audio indicators such as primary notation, instead of text-based UIs, typed command labels or text navigation. GUIs were introduced in reaction to the perceived steep learning curve of command-line interfaces (CLIs),which require commands to be typed on a computer keyboard.

Answer 85

The graphical user interface, or GUI,

Question 86

—————- is a free and open-source directory and file enumeration tool. Penetration testers and security professionals use it to find hidden directories and files on web servers.

Answer 86

Gobuster

Question 87

————— is a distributed version control system used for tracking changes in files and coordinating work among multiple contributors. It provides efficient branching, merging, and collaboration capabilities for software development projects.

Answer 87

Git

Question 88

It is a free and open-source encryption software that uses public-key cryptography. —————- can be used to encrypt files and messages, and to sign files and messages. Encryption makes it so that only the intended recipient can decrypt the file or message while signing makes it so that the recipient can verify that the file or message was sent by the person it claims to be from.

Answer 88

GPG stands for GNU Privacy Guard.

Question 89

A software reverse engineering framework developed by the National Security Agency (NSA) in the United States. Comprising of a suite of software analysis tools. ———— disassembles executables into code that humans can understand.

Answer 89

Ghidra

Question 90

—————– is a feature in Windows Server that allows administrators to control user and computer settings across the network. It provides a centralised way to manage and configure operating systems, applications, and user settings.

Answer 90

Group Policy Object (GPO)

Question 91

It is available from the GNU project and is a common bootloader shipped with many Linux distributions.

Answer 91

GRUB stands for Grand Unified Bootloader.

Question 92

———– protects workstations and servers through software that resides on the system. It catches suspect activity on the system and then either allows or disallows the event to happen, depending on the rules. Finally, it can also monitor data requests and read or write attempts and network connection attempts, potentially allowing it to be used as a compensating control for other requirements.

Answer 92

Host Intrusion Prevention System (HIPS)

Question 93

The primary law in the United States that governs the privacy of healthcare information

Answer 93

Health Information Portability and Accountability Act (HIPAA).

Question 94

————– files are files that contain HTML, JScript, and or VBScript code that can be executed on client system. This can to lead to more dynamic applications or remote code execution on a client or victim.

Answer 94

HTML Application (HTA)

Question 95

—————– analyzes system state, system calls, file-system modifications, application logs, and other system activity.

Answer 95

Host Intrusion Detection System (HIDS)

Question 96

——————– is a form of “on the ground” information gathering using human sources to collect information. In the context of Threat Intelligence, this can include infiltrating and engaging with threat actors on underground crime networks, forums and marketplaces, chat platforms, and other target environments, to include the dark web.

Answer 96

Human Intelligence (HUMINT)

Question 97

————— is the protocol that specifies how a web browser and a web server communicate. Your web browser requests content from the TryHackMe web server using the —- ——– as you go through this room.

Answer 97

Hypertext Transfer Protocol (HTTP)

Question 98

———- is a free and open-source password-cracking tool. It can try numerous passwords till the correct password is found. It can be used to crack passwords for various network services, including SSH, Telnet, FTP, and HTTP.

Answer 98

Hydra

Question 99

—————– is a powerful, object-oriented query language similar to SQL but designed specifically for Hibernate ORM framework. — abstracts the database-specific SQL and allows developers to write queries using the entity objects defined in the Hibernate mappings, rather than directly interacting with the database tables.

Answer 99

Hibernate Query Language (HQL)

Question 100

———————– is a structured approach to managing and addressing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident, or security incident. It involves identifying, investigating, handling, and learning from security events or incidents to prevent a similar occurrence.

Answer 100

Incident Response (IR)

Question 101

———————- is a protocol for receiving email. Protocols standardize technical processes so computers and servers can connect with each other regardless of whether or not they use the same hardware or software.

Answer 101

The Internet Message Access Protocol (IMAP)

Question 102

—————————- is a standards organization for the Internet and is responsible for the technical standards that comprise the Internet protocol suite.

Answer 102

The Internet Engineering Task Force (IETF)

Question 103

—————- refers to the network of physical objects, or “things”, that are embedded with sensors and software which allow them to collect and exchange data over the Internet. These objects can include various devices, from everyday household items like thermostats, refrigerators, and lightbulbs, to industrial equipment, vehicles, and more.

Answer 103

IoT (Internet of Things)

Question 104

——– denotes systems responsible for overseeing and conducting functions that support critical infrastructure, such as water, power, transportation, and manufacturing.

Answer 104

ICS

Question 105

It is a security principle that is used to protect systems and data. IAAA ensures that only authorized users can access a system and that their actions can be tracked.

Answer 105

IAAA stands for Identification, Authentication, Authorization, and Accountability.

Question 106

—————- is a device or application that detects and stops intrusions attempts proactively. They are usually deployed in front of the protected asset and block any potential threat from reaching their target.

Answer 106

Intrusion Prevention System (IPS)

Question 107

———– combines SAST and DAST and scans source code as well as running applications

Answer 107

Interactive Application Security Testing

Question 108

————— are a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly. The term IDOR was popularized by its appearance in the OWASP 2007 Top Ten.

Answer 108

Insecure direct object references (IDOR)

Question 109

Indicator of Compromise is a forensic artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion.

Answer 109

IOC

Question 110

The mitigation of violations of security policies and recommended practices.

Answer 110

Incident Handling (IH).

Question 111

IRC

Answer 111

Internet Relay Chat

Question 112

—————— is a standards organization that oversees global IP address allocation, autonomous system number allocation, root zone management in the Domain Name System (DNS), media types, and other Internet Protocol-related symbols and Internet numbers

Answer 112

The Internet Assigned Numbers Authority (IANA)

Question 113

—————- is a system that detects unauthorised network and system intrusions. Examples include detecting unauthorised devices connected to the local network and unauthorised users accessing a system or modifying a file.

Answer 113

Intrusion Detection System (IDS)

Question 114

refers to the use of digital technologies to access, process, and communicate information.

Answer 114

ICT stands for Information and Communication Technology and

Question 115

———– is an IETF protocol, as well as the name of the IETF working group defining the protocol. It was created based on the need for a common, universal standard of export for Internet Protocol flow information from routers, probes and other devices that are used by mediation systems, accounting/billing systems and network management systems to facilitate services such as measurement, accounting and billing. The IPFIX standard defines how IP flow information is to be formatted and transferred from an exporter to a collector.

Answer 115

Internet Protocol Flow Information Export (IPFIX)

Question 116

Inter-process Communication is the definition of the mechanism that allows processes to communicate and share data between each other

Answer 116

IPC

Question 117

———– is a framework/process for controlling and securing digital identities and user access in organisations.

Answer 117

Identity and Access Management (IAM)

Question 118

———— is an open-source automation server widely used in DevOps for building, testing, and deploying software applications.

Answer 118

Jenkins

Question 119

———— is an open standard file and data interchange format that uses human-readable text to store and transmit data objects consisting of attribute–value pairs and arrays.

Answer 119

JavaScript Object Notation

Question 120

————– is a free and open-source password-cracking tool. It can crack passwords stored in various formats, including hashes, passwords, and encrypted private keys. It can be used to test passwords’ security and recover lost passwords.

Answer 120

John the Ripper

Question 121

————— is a tool that is used to record user keystrokes on a physical computer.

Answer 121

A keylogger

Question 122

A tool created by Eric Zimmerman used to parse and extract forensic artifacts from a system.

Answer 122

Kroll Artifact Parser and Extractor. (KAPE)

Question 123

—————– is a computer network authentication protocol that operates based on tickets, allowing nodes to securely prove their identity to one another over a non-secure network. It primarily aims at a client-server model and provides mutual authentication, where the user and the server verify each other’s identity. The Kerberos protocol messages are protected against eavesdropping and replay attacks, and it builds on symmetric-key cryptography, requiring a trusted third party.

Answer 123

Kerberos

Question 124

——— is a web-based visualisation tool for exploring data stored in Elasticsearch. It can be used to create interactive dashboards and charts that help users to understand data.

Answer 124

Kibana

Question 125

————- is a container orchestration system used for automating deployment, scaling and management of applications.

Answer 125

Kubernetes

Question 126

———- is a command line operating system based on unix. There are multiple operating systems that are based on ——–.

Answer 126

Linux

Question 126

Both are query languages used to explore and process data based on search terms and filters.

Answer 126

KQL can refer to Kusto Query Language in the context of Azure, and Kibana Query Language in the context of Elastic.

Question 127

—————— is a protocol based on the Domain Name System (DNS) packet format that allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link.

Answer 127

The Link-Local Multicast Name Resolution (LLMNR)

Question 128

——————- is a security vulnerability that occurs when a web application allows users to include files from the local file system. Attackers exploit —— by manipulating input fields to retrieve sensitive files or execute malicious code. This can lead to unauthorised access to system files, data leakage, and potential remote code execution.

Answer 128

Local File Inclusion (LFI)

Question 129

————— is a cryptographic disk encryption standard for Linux systems. It uses symmetric and asymmetric encryption to protect data on encrypted disks and partitions. —— is a versatile encryption method that can be used to encrypt any block device, including hard drives, USB drives, and even entire operating systems.

Answer 129

Linux Unified Key Setup (LUKS)

Question 130

These files are often used to point to a file or folder from another location, making it convenient to access frequently used files and folders.

Answer 130

LNK Files with a .lnk file extension refers to “link files” or “desktop shortcuts”.

Question 131

——– is a tool for collecting and processing data from a variety of sources. It can be used to collect logs from applications, servers, and other systems. It can also be used to parse and transform data before it is stored in Elasticsearch.

Answer 131

Logstash

Question 132

The ——– usually receives an email from an email client or another —–.

Answer 132

Mail Transport Agent. The MTA

Question 133

————— is an Internet standard that extends the format of email messages to support text in character sets other than ASCII, as well as attachments of audio, video, images, and application programs.

Answer 133

Multipurpose Internet Mail Extensions (MIME)

Question 134

————- refers to the email client that the user relies on to send and receive email. Examples of ——- are Thunderbird and MS Outlook. The —— connects to a Mail Transport Agent (MTA) to send its message, and it connects to a Mail Delivery Agent (MDA) to download its email messages.

Answer 134

Mail User Agent. MUA

Question 135

————– is a cryptographic hash function that takes any input and produces a 128-bit hexadecimal number. The output of an MD5 hash function is called a digest. MD5 digests are often used to verify the integrity of files or data; however, MD5 is no longer considered secure and should not be used for sensitive applications.

Answer 135

Message Digest 5 (MD5)

Question 136

Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK)

Answer 136

MITRE

Question 137

Malware Information Sharing Platform is is an open-source threat information platform used to facilitate the collection and sharing of threat information.

Answer 137

MISP

Question 138

—————- is a catalog of malware objectives and behaviors, created to support malware analysis-oriented use cases, such as labeling, similarity analysis, and standardized reporting.

Answer 138

The Malware Behavior Catalog (MBC)

Question 139

MTU

Answer 139

Maximum Transmission Unit

Question 139

—————– is a security process that requires users to provide two or more forms of identification before accessing an account or system. This enhances security by adding an additional layer of protection against unauthorised access.

Answer 139

MFA stands for Multi-Factor Authentication,

Question 140

——————- involves an individual placing themselves in-between a communication process to intercept traffic

Answer 140

MITM A Man in the Middle attack

Question 141

———– is responsible for delivering the email messages from a Mail Transport Agent (MTA) to the email client.

Answer 141

Mail Delivery Agent. The MDA

Question 142

———— is an open-source penetration testing framework that helps security professionals find and exploit vulnerabilities in computer systems. It includes a database of known vulnerabilities and tools and scripts for exploiting them.

Answer 142

Metasploit

Question 143

—————- is the term used to describe algorithms and functions used to get computers to think and act the way humans and nature do.-

Answer 143

ML Machine Learning

Question 144

—————- refers to the software being broken up into smaller independent services which communicate using APIs.

Answer 144

A microservice architecture

Question 145

——————- is a Metasploit attack payload that provides an interactive shell from which an attacker can explore the target machine and execute code. It is typically deployed using in-memory DLL injection to reside entirely in memory.

Answer 145

Meterpreter

Question 146

This organisation develops frameworks and policies for information security that is used all throughout the industry.

Answer 146

National Institute of Standards and Technology (NIST).

Question 147

—————- is an independent platform that examines network traffic patterns to identify intrusions for an entire network.

Answer 147

Network Intrusion Detection System (NIDS)

Question 148

———————– is based upon the collection of data to perform detection and analysis. With the collection of a large amount of data, it makes sense that a SOC should have the ability to generate statistical data from existing data, and that these statistics can be used for detection and analysis.

Answer 148

NSM

Network Security Monitoring

Question 149

————- is a suite of security protocols offered by Microsoft to authenticate users’ identity and protect the integrity and confidentiality of their activity.

Answer 149

Windows New Technology LAN Manager (NTLM)

Question 150

——————- typically provide the same functionality as packet sniffers, protocol analyzers, and SEM software in a single product. Whereas SEM software concentrates on correlating events among existing data sources (which typically include multiple network traffic related sources), ——– software focuses primarily on collecting, examining, and analyzing network traffic. ——— software also offers additional features that further facilitate network forensics.

Answer 150

Network forensic analysis tools (NFAT)

Question 151

———————– sensors and programs examine network traffic to identify security threats that generate unusual traffic flows, such as distributed denial of service (DDoS) attacks, certain forms of malware and policy violations

Answer 151

Network Behaviours Analysis (NBA)

Question 152

————————- is a method of monitoring network availability and activity to identify anomalies, including security and operational issues

Answer 152

Network traffic analysis (NTA)

Question 153

————————- is a networking protocol designed to synchronize the clocks of computers over a network. It uses a designated reference time source, such as an atomic or GPS clock, to coordinate the system time for all networked devices. It ensures that all computers within the network have the same accurate time, which is crucial for various applications, including logging, security, and data integrity.

Answer 153

NTP (Network Time Protocol)

Question 154

———————— is a network security solution, although HIPS protects hosts. It monitors all network traffic for suspect activity and either allows or disallows the traffic to pass. For a —— to work properly, it needs to be positioned in-line on the network segment so that all traffic traverses through the —–. The implementation of a NIPS is similar to a NIDS with one exception: because a NIPS has two NICS, a network TAP, switch, or hub is not required.

Answer 154

Network Intrusion Prevention System (NIPS)

Question 155

———————- is an assembly language instruction that does nothing during the execution cycle of a program. It is commonly used for timing purposes, debugging, to occupy space that will be replaced with active instructions later, or to prevent certain processor optimizations. Despite doing nothing, ——- instructions still consume CPU cycles while being processed.

Answer 155

NOP, or No Operation,

Question 156

It provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network.

Answer 156

NetBIOS is an acronym for Network Basic Input/Output System.

Question 157

———– is a open-source tool used for network discovery and security auditing. It also assists in the exploration of network hosts and services, providing information about open ports, operating systems, and other details.

Answer 157

Nmap (Network Mapper)

Question 158

————— is an operating-system daemon that sets and maintains a computer system’s system time in synchronization with Internet-standard time servers. It is a complete implementation of the Network Time Protocol (NTP) version 4, but retains compatibility with versions 1, 2, and 3 as defined by RFC 1059, RFC 1119, and RFC 1305, respectively.

Answer 158

The ntpd program

Question 159

————-, a network protocol developed for Cisco routers by Cisco Systems, is widely used to collect metadata about the IP traffic flowing across network devices such as routers, switches and hosts. The traffic flow data informs a company’s IT professionals as to how much traffic there is, where it’s coming from and going to, and the paths being used.

Answer 159

NetFlow

Question 160

—————– refers to containers that hold users, groups and computers to which similar policies should apply. In most cases, OUs will match departments in an enterprise.

Answer 160

In Windows domains, Organizational Unit (OU)

Question 161

OGNL

Answer 161

Object-Graph Navigation Language

Question 162

————– is a set of principals and tactics used to attempt to protect the security of an operator or operation. An example of this may be using code names instead of your real names, or using a proxy to conceal your IP address.

Answer 162

Operational Security (OPSEC)

Question 163

————— is a layer between the hardware and the applications. From the application’s perspective, the OS provides an interface to access the different hardware components, such as CPU, RAM, and disk storage. Examples of OS are Android, FreeBSD, Linux, macOS, and Windows.

Answer 163

Operating System (OS)

Question 164

——————— is a nonprofit foundation focused on understanding web technologies and exploitations and provides resources and tools designed to improve the security of software applications.

Answer 164

The Open Web Application Security Project

Question 165

—————– is the act of gathering and analyzing publicly available data for intelligence purposes.

Answer 165

Open source intelligence (OSINT)

Question 166

————————-is a programming technique that allows developers to interact with a database using an object-oriented paradigm

Answer 166

Object-Relational Mapping (ORM)

Question 167

A scripting language mostly used for web development.

Answer 167

PHP

Question 168

————- is often a piece of code or an application that is used to demonstrate an idea or theory is possible. Proof of Concepts are often used to demonstrate vulnerabilities

Answer 168

A Proof of Concept

PoC

Question 169

PII

Answer 169

Personally Identifiable Information is any representation of data that can be used to identify an individual directly.

Question 170

Malware often tries to keep a footprint in the system such that it keeps running even after a system restart. This is called persistence. For example, If a malware adds itself to the startup registry keys, it will persist even after a system restart.

Answer 170

Persistence

Question 171

In the context of operating systems, —- stands for Process ID. It is a unique identifier assigned to each running process in a system. ——- are usually assigned in sequential order as processes are created, but can be recycled once a process has completed and terminated.

Answer 171

PID

Question 172

When emails are sent to a target(s) purporting to be from a trusted entity to lure individuals into providing sensitive information.

Answer 172

Phishing

Question 173

—————is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language.

Answer 173

PowerShell

Question 174

—————– is a networking practice involving the interception of data packets travelling over a network. Once the packets are captured, they can be stored by IT teams for further analysis. The inspection of these packets allows IT teams to identify issues and solve network problems affecting daily operations.

Answer 174

Packet capture (PCAP)

Question 175

———– is short for Process for Attack Simulation and Threat Analysis; it is a risk-centric threat modelling framework.

Answer 175

PASTA

Question 176

Are a set of automated processes and tools that allows both developers and operations professionals to build and deploy code to a production environment.

Answer 176

Pipelines

Question 177

In the context of operating systems, —————— . It refers to the process ID of the parent process that spawned the particular process. ———— indicate the hierarchy and relationship of all running processes in a system, which also describes how every process is connected to one another.

Answer 177

PPID stands for Parent Process ID

Question 178

——————- makes it possible for different entities to communicate securely over a network. Consequently, we can protect the confidentiality and integrity of the communications, among other aspects.

Answer 178

Public Key Infrastructure (PKI)

Question 179

——————– is an alternative protocol for receiving emails that downloads emails from the server to a local device. Using ———-, a recipient cannot access their emails again from a different device because they are stored locally and then deleted from the email server.

Answer 179

Post Office Protocol Version 3 (POP3)

Question 180

A file format for executables, object code, DLLs, FON Font files, and others used in 32-bit and 64-bit versions of Windows operating systems. The —- format is a data structure that encapsulates the information necessary for the Windows OS to manage the wrapped executable code.

Answer 180

PE

Question 181

————————. An information security standard administered by the Payment Card Industry Security Standards Council that is for organizations that handle branded credit cards from the major card schemes.

Answer 181

Payment Card Industry Digital Security Standard (PCI DSS)

Question 182

Tools that compress and encrypt executable files. It compresses the target executable and embeds it within a new executable file that serves as a wrapper or container. This dramatically reduces the size of the file, making it ideal for easy distribution and installation.

Answer 182

Packers

Question 183

A ——– server is a system or router that provides a gateway between users and the internet. Therefore, it helps prevent cyber attackers from entering a private network. It is a server, referred to as an “intermediary” because it goes between end-users and the web pages they visit online.

Answer 183

proxy

Question 184

a person being monitored, sought, or questioned concerning a criminal investigation or security operation, especially as a potential suspect.

Answer 184

Person of Interest: POI

Question 185

Pod Security Standards (used in Kubernetes) define 3 different policies that broadly cover the security spectrum: privileged, baseline and restricted.

Answer 185

PSS

Question 186

Pod Security Admission (used in Kubernetes) enforces Pod Security Standards (PSS).

Answer 186

PSA

Question 187

———————— is an extension to the OAuth 2.0 authorization framework. It is designed to provide an additional layer of security for public clients, such as mobile and JavaScript-based applications, which are unable to securely store client secrets. PKCE is particularly useful in mitigating authorization code interception attacks.

Answer 187

PKCE (Proof Key for Code Exchange)

Question 188

Also known as a Caesar cipher, is a simple form of substitution cipher used in cryptography. It involves replacing each letter in the text by a letter some fixed number of positions down or up the alphabet.

Answer 188

ROT

Question 189

Runtime Application Self-Protection is a tool / software built at the runtime environment and it can control application execution to detect real time attacks

Answer 189

RASP

Question 190

————– is a document that gives permission to a penetration tester, defining the targets that the engagement applies to and the behaviours/techniques that

Answer 190

ROE

The Rules of Engagement

Question 191

——————– is a protocol used to establish remote graphical sessions over the network.

Answer 191

RDP

Remote Desktop Protocol

Question 192

RCE

Answer 192

Remote Code Execution

Question 193

——————– is a publication in a series from the principal technical development and standards-setting bodies for the Internet, most prominently the Internet Engineering Task Force (IETF).

Answer 193

A Request for Comments (RFC)

Question 194

——————- is a family of cryptographic hash functions developed in 1992 (the original RIPEMD) and 1996 (other variants). There are five functions in the family: RIPEMD, RIPEMD-128, RIPEMD-160, RIPEMD-256, and RIPEMD-320, of which RIPEMD-160 is the most common.

Answer 194

RIPEMD (RIPE Message Digest)

Question 195

——————— is a cyber attack where an attacker exploits a vulnerability in a web application to include malicious files from a remote server. By injecting URLs into input fields, attackers can execute arbitrary code on the target server, leading to potential system compromise or unauthorised access.

Answer 195

Remote File Inclusion (RFI)

Question 196

———————— is a form of electronic computer memory that can be read and changed in any order, typically used to store working data and machine code.

Answer 196

Random-access memory (RAM; /ræm/)

Question 197

———————- is a software architectural style that was created to guide the design and development of the architecture for the World Wide Web. —– defines a set of constraints for how the architecture of a distributed, Internet-scale hypermedia system, such as the Web, should behave. The —– architectural style emphasises uniform interfaces, independent deployment of components, the scalability of interactions between them, and creating a layered architecture to promote caching to reduce user-perceived latency, enforce security, and encapsulate legacy systems.

Answer 197

REST (representational state transfer)

Question 198

————— refers to access to resources being restricted on a role basis in an organisation. Can be used in (but not limited to) Kubernetes to restrict access to cluster resources.

Answer 198

RBAC

Question 199

——is a method for encrypting data using two keys: one to lock (encrypt) and another to unlock (decrypt) it, relying on the difficulty of factoring large number.

Answer 199

RSA

Question 200

——————- is a software engineering concept which is the structured process of developing an application

Answer 200

SDLC

Software Development Life Cycle

Question 201

————————– is a protocol used to send the email to an SMTP server, more specifically to a Mail Submission Agent (MSA) or a Mail Transfer Agent (MTA).

Answer 201

Simple Mail Transfer Protocol (SMTP)

Question 202

A short period of time wherein a development team works to complete specific tasks, milestones, or deliverables.

Answer 202

Sprint

Question 203

————————- is an Excel spreadsheet containing a carefully maintained collection of Indicators of Compromise (IoCs). These IoCs act as warning signs, alerting security experts to suspicious behaviour or potential system breaches. By keeping track of these indicators, the SoD offers a detailed snapshot of possible threats, allowing for quick identification, analysis, and response. Whether it involves tracking IP addresses, URLs, file hashes, or other distinguishing features associated with malicious activities, the SoD is vital in bolstering security protocols and keeping cyber attackers at bay.

Answer 203

The Spreadsheet of Doom (SoD)

Question 204

———————- is an extension of DevOps practices, focused on building secure products.

Answer 204

SSDLC (Secure Software Development lifecycle)

Question 205

Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service (DoS), and Elevation of Privilege

Answer 205

STRIDE

Question 206

————————- system that is used to aggregate security information in the form of logs, alerts, artifacts and events into a centralized platform that would allow security analysts to perform near real-time analysis during security monitoring.

Answer 206

Security Information and Event Management
SIEM

Question 206

——————- refers to a cryptographic network protocol used in secure communication between devices. SSH encrypts data using cryptographic algorithms, such as Advanced Encryption System (AES) and is often used when logging in remotely to a computer or server.

Answer 206

Secure Shell (SSH)

Question 207

It is a solution that helps organisations to streamline and automate their security operations, including incident management, threat intelligence, and vulnerability response.

Answer 207

SOAR stands for Security Orchestration, Automation, and Response.

Question 208

——————– is a web vulnerability where an attacker manipulates a vulnerable application to make requests to internal or external resources on behalf of the server. This can lead to data exposure, unauthorised access to internal systems, or service disruptions.

Answer 208

Server Side Request Forgery (SSRF)

Question 209

The manipulation of individuals to divulge sensitive information, through various forms of communication

Answer 209

Social Engineering

Question 210

The process of analyzing malware without executing it, but in a controlled environment.

Answer 210

Static Analysis

Question 211

———————— which is a Windows system service and device driver developed by Microsoft that is designed to monitor and log various events happening within a Windows system.

Answer 211

Sysmon refers to System Monitor,

Question 212

SPL

Answer 212

Search Processing Language. A processing language used for searching in Splunk

Question 213

——————– is a type of cyber attack where malicious SQL (Structured Query Language) code is injected into a vulnerable application’s input fields. This can manipulate the application’s database queries, potentially granting unauthorised access to the database or allowing attackers to retrieve, modify, or delete data.

Answer 213

SQL Injection (SQLi)

Question 214

——————- is a cryptographic hash function that takes any input and produces a 256-bit hexadecimal number. ———— is often used to verify the integrity of files or data and to create digital signatures. ———— is considered very secure and is widely used in applications such as Bitcoin and blockchain technology.

Answer 214

Secure Hash Algorithm 256 bits (SHA-256)

Question 215

——————- is a session and user authentication service that permits a user to use one set of login credentials – for example, a username and password – to access multiple applications. SSO can be used by enterprises, small and midsize organizations, and individuals to ease the management of multiple credentials.

Answer 215

Single sign-on (SSO)

Question 216

——————— is a service provided by Amazon Web Services (AWS) that allows you to store data in a scalable and reliable way. Data is stored on buckets, which act as a folder in the cloud where you can store files, applications, backup information or anything you need.

Answer 216

Simple Storage Service (S3)

Question 217

SEC3PO

Answer 217

A DevSecOps engineer / part Android

Question 218

Microsoft’s —– is a collection of mandatory security activities grouped by the traditional software development lifecycle phases.

Answer 218

SDL

Question 219

—————– is an open framework to help organisations formulate and implement a software security strategy tailored to the organisation’s specific risks

Answer 219

he Software Assurance Maturity Model (SAMM)

Question 220

——————– is an email authentication method designed to detect forging sender addresses during the delivery of the email.

Answer 220

Sender Policy Framework (SPF)

Question 221

A robot working as a System Administrator

Answer 221

S2D2

Question 222

Static Application Security Testing for scanning code

Answer 222

SAST

Question 223

——————– is a team of IT security professionals tasked with monitoring, preventing , detecting , investigating, and responding to threats within a company’s network and systems.

Answer 223

Security Operations Center (SOC)

Question 224

This involves sending of targeted emails to specific individuals or groups within an organisation, often with a malicious attachment or link.

Answer 224

Spear-Phishing

Question 225

A—- port (sometimes called a mirror port) is a software feature built into a switch or router that creates a copy of selected packets passing through the device and sends them to a designated —– port. Using software, the administrator can easily configure or change what data is to be monitored. Since the primary purpose of a switch or router is to forward production packets, —– data is given a lower priority on the device. The —- also uses a single egress port to aggregate multiple links, so it is easily oversubscribed.

Answer 225

SPAN

Question 226

————————- is an application security methodology in which development teams can quickly track and analyze any open source component

Answer 226

SCA
Software Composition Analysis

Question 227

————————– is a communication protocol[1] originally developed in 1983 by Barry A. Feigenbaum at IBM[2] and intended to provide shared access to files and printers across nodes on a network of systems running IBM’s OS/2. It also provides an authenticated inter-process communication (IPC) mechanism.

Answer 227

Server Message Block (SMB)

Question 228

This Linux signal occurs when a program attempts to access a memory position that is unavailable or lacks the necessary permissions.

Answer 228

SIGSEGV

Question 229

——————– is a programming language for storing and processing information in a relational database. A relational database stores information in tabular form, with rows and columns representing different data attributes and the various relationships between the data values. You can use —– statements to store, update, remove, search, and retrieve information from the database. You can also use —- to maintain and optimize database performance.

Answer 229

Structured query language (SQL)

Question 230

—————— is a free and open-source penetration testing tool that automates finding and exploiting —- injection vulnerabilities on web applications. It can extract data from databases, execute commands on the underlying operating system, and even take control of the target server.

Answer 230

SQLMap

Question 230

————is a platform for collecting, storing, and analysing machine data. It provides various tools for analysing data, including search, correlation, and visualisation. It is a powerful tool that organisations of all sizes can use to improve their IT operations and security posture.

Answer 230

Splunk

Question 231

————is the daemon program for ssh(1). Together these programs replace rlogin(1) and rsh(1), and provide secure encrypted communications between two untrusted hosts over an insecure network.

Answer 231

sshd (OpenSSH Daemon)

Question 232

———————– is a critical security mechanism that restricts how a document or script loaded by one origin can interact with a resource from another origin. It helps isolate potentially malicious documents, reducing possible attack vectors.

Answer 232

Same-origin policy
SOP

Question 233

———————– is a method of providing software to users. This software/application will run in the cloud and users will pay to use it via subscription (as a service) rather than buying it.

Answer 233

Software as a Service (SaaS)

Question 234

———————— is a configuration standard consisting of cybersecurity requirements for a specific product (e.g. Kubernetes) provided by DISA (US Department of Defence Systems Agency).

Answer 234

Security Technical Information Guidelines (STIG)

Question 235

——————————- is a messaging protocol specification for exchanging structured information in the implementation of web services in computer networks. It uses XML Information Set for its message format, and relies on application layer protocols, most often Hypertext Transfer Protocol (HTTP), although some legacy systems communicate over Simple Mail Transfer Protocol (SMTP), for message negotiation and transmission.

Answer 235

SOAP (formerly an acronym for Simple Object Access Protocol)

Question 236

A process or service which runs in parallel (and supports) a primary application.

Answer 236

Sidecar

Question 236

A ———————- is a dedicated infrastructure layer used to control and manage service-to-service communication in a Microservices Architecture.

Answer 236

Service Mesh

Question 237

———— refers to the amount of time or “hops” that a packet is set to exist inside a network before being discarded by a router. ——- is also used in other contexts including CDN caching and DNS caching.

Answer 237

Time to live (TTL)

Question 238

TTP

Answer 238

Tactics, Techniques and Procedures describe the methodologies, tools, behavioural patterns and strategies that adversaries use to plan and execute attacks against target networks and organisations.

Question 239

—————- is a connection-oriented protocol requiring a — three-way-handshake to establish a connection. — provides reliable data transfer, flow control and congestion control. Higher-level protocols such as HTTP, POP3, IMAP and SMTP use —.

Answer 239

Transmission Control Protocol (TCP)

Question 240

————— serves as a user’s proof of authentication and allows a user to request service tickets from the KDC, which can then be used to connect to services across the network.

Answer 240

In Kerberos, a Ticket Granting Ticket (TGT)

Question 241

—————– is a discontinued software application used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file or encrypt a partition or the entire storage device. ————— was originally designed to protect sensitive data on computers and prevent unauthorized access.

Answer 241

TrueCrypt

Question 242

———————-is a simple device that connects directly to the cabling infrastructure. Instead of two switches or routers connecting directly to each other, the network TAP sits between the two devices and all data flows through the TAP. Using an internal splitter, the —– creates a copy of the data for monitoring while the original data continues unimpeded through the network

Answer 242

A network TAP (Test Access Point)

Question 243

————– is an online cyber security training platform to help individuals and teams break into and up skill in cyber security. The site you are on right now.

Answer 243

TryHackMe

Question 244

———————– provides an interface between the operating system (OS) and the platform firmware. The UEFI replaces the BIOS.

Answer 244

The Unified Extensible Firmware Interface (UEFI)

Question 245

———————— or User and Entity Behavior Analytics (UEBA),[1] is the concept of analyzing the behavior of users, subjects, visitors, etc. for a specific purpose.[2] Il allows cybersecurity tools to build a profile of each individual’s normal activity, by looking at patterns of human behavior, and then highlighting deviations from that profile (or anomalies) that may indicate a potential compromise.[3][4][5]

Answer 245

User behavior analytics (UBA)

Question 246

———————– is a connectionless protocol; UDP does not require a connection to be established. UDP is suitable for protocols that rely on fast queries, such as DNS, and for protocols that prioritise real-time communications, such as audio/video conferencing and broadcast.

Answer 246

User Datagram Protocol (UDP)

Question 247

——————– helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop. With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the system. UAC can block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings.

Answer 247

User Account Control (UAC)

Question 248

——————– is a 128-bit value used to uniquely identify an object, entity or information within a particular system or knowledge database.

Answer 248

UUID - Universal Unique Identifier

Question 249

As a connection is processed by Zeek/Bro, a unique identifier is assigned to each session. This unique identifier is generally included in any log file entry associated with that connection and can be used to cross-reference different log files

Answer 249

UID

Question 250

Coordinated Universal Time or— is the primary time standard by which the world regulates clocks and time

Answer 250

UTC

Question 251

UKC

Answer 251

Unified Kill Chain

Question 252

URI

Answer 252

Uniform Resource Identifier

Question 253

VM

Answer 253

Virtual Machine

Question 254

VPR

Answer 254

Vulnerability Priority Rating

Question 255

A —————— is a way to create a secure “tunnel” between two networks. For example, you use a VPN on TryHackMe to access the private network on which the machines operate. VPNs are also commonly used for an employee to log into their workplace when they are not on site (such as working from home or travelling for business matters). ——- are also used where networks (such as coffee shops) do not provide encryption, and are a great way of preventing others from reading your network traffic.

Answer 255

Virtual Private Network (VPN)

Question 256

A —————— is an isolated, private cloud inside of a public cloud environment. ——– are granted to users of cloud providers so that their resources aren’t accessible by other users in the same public cloud.

Answer 256

virtual private cloud (VPC)

Question 257

Scanning of a system or network for known vulnerabilities

Answer 257

Vulnerability Assessment

Question 258

Testing of a system or network for vulnerabilities, and trying to penetrate into a system or network.

Answer 258

Vulnerability Assessment and Penetration Testing (VAPT)

Question 259

A ——————– tracks changes to a file or set of files over time. Examples include GitHub, GitLab etc

Answer 259

Version Control System (VCS)

Question 260

——————- is a Wi-Fi protocol that has better security mechanisms than protocols such as WEP by means of handling user authentication and keys more securely. —- has been further improved by versions such as —-2 and —-3

Answer 260

Wi-Fi Protected Access (WPA)

Question 261

————- refers to the reconnaissance of neighbourhoods for Wi-Fi wireless networks, often by driving around in a vehicle equipped with a Wi-Fi-enabled device and mapping these networks.

Answer 261

War driving

Question 262

An attack where a legitimate website frequently visited by a target is compromised and geared towards infecting visitors with malware.

Answer 262

Watering Hole Attack

Question 263

This is an action of using technology to automatically scan a range of phone numbers in order to reveal connected devices such as computers, modems, and office appliances.

Answer 263

Wardialing

Question 264

——————————- analyze the radio spectrum throughout a wireless network to detect and report intrusion, network policy violations, and unauthorized use

Answer 264

Wireless Intrusion Prevention System (WIPS)

Question 265

————————-is the infrastructure for management data and operations on Windows-based operating systems. It is used to automate administrative tasks on remote computers and supply management data to other parts of the operating system and products.

Answer 265

Windows Management Instrumentation (WMI)

Question 266

————is a free and open-source security platform that provides threat detection, integrity monitoring, incident response, and compliance capabilities. ——— can collect data from various sources, including logs, events, network traffic, and cloud metadata. It can automate response actions, such as blocking malicious traffic or isolating infected hosts.

Answer 266

Wazuh

Question 267

The ———————Integrated Scripting Environment (ISE) is a host application for ————————————. In the ISE, you can run commands and write, test, and debug scripts in a single Windows-based graphic user interface. The ISE provides multiline editing, tab completion, syntax coloring, selective execution, context-sensitive help, and support for right-to-left languages. Menu items and keyboard shortcuts are mapped to many of the same tasks that you would do in the —————————– console. For example, when you debug a script in the ISE, you can right-click on a line of code in the edit pane to set a breakpoint.

Answer 267

Windows PowerShell (ISE)

Question 268

———————- is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access.

Answer 268

XML external entity injection (also known as XXE)

Question 269

——————- is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable

Answer 269

Extensible Markup Language (XML)

Question 270

Is a binary operation that is commonly used for encryption and decryption of data. ———– operates on binary data (bits) and is based on the principles of Boolean algebra. The operation involves two bits. The result of the operation is “1” if the two bits are different, and “0” if they are the same.

Answer 270

XOR

Question 271

Part time space pilot, full time DevOps Engineer

Answer 271

X Fighter Dev

Question 272

A type of security vulnerability typically found in web applications. It allows attackers to inject malicious scripts into web pages viewed by other users. These scripts can then steal sensitive information, like user’s cookies, session tokens, or other sensitive data.

Answer 272

XSS

Question 273

Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other.

Answer 273

XSRF

Question 274

————- is a data serialisation language that is human-readable and useful for managing data.

Answer 274

YAML Ain’t Markup Language

Question 275

A compromised computer or device controlled remotely by an attacker, typically part of a botnet used for malicious activities.

Answer 275

Zombie

Question 276

The process of replicating DNS zone data from one DNS server to another, which needs to be secured to prevent unauthorized access.

Answer 276

Zone Transfer

Question 277

ZTNA

Answer 277

Zero Trust Network Architecture.

Question 278

A security model that treats every entity (user, device, application) as potentially untrusted and requires continuous verification before granting access.

Answer 278

Zero Trust Archititect

Question 279

——– (formerly Bro) is the world’s leading platform for network security monitoring. Flexible, open source, and powered by defenders.

Answer 279

Zeek

Question 280

——————— is a free and open-source web application security scanner. It is a powerful tool that penetration testers and security professionals can use to test the security of web applications.

Answer 280

Zed Attack Proxy (ZAP)