TUWZ

Question 1

Threat agent

Answer 1

Methods and things used to exploit a vulnerability

Question 2

Threat analysis

Answer 2

An evaluation of the type, scope and nature of events or actions that can result in adverse consequences; identification of the threats that exist against enterprise assets

Question 3

Threat event

Answer 3

Any event during which a threat element/actor acts against an asset in a manner that has the potential to directly result in harm

Question 4

Threat vector

Answer 4

The path or route used by the adversary to gain access to the target

Question 5

Threat

Answer 5

Anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can result in harm

Question 6

Token

Answer 6

In security systems, a physical device that is used to authenticate a user, typically in addition to a username and password; in programming languages, a single element of the language

Question 7

Total cost of ownership (TCO)

Answer 7

Includes the original cost of the computer plus the cost of: software, hardware and software upgrades, maintenance, technical support, training, and certain activities performed by users.

Question 8

Transmission Control Protocol (TCP)

Answer 8

A connection-based Internet protocol that supports reliable data transfer connections

Question 9

Trusted system

Answer 9

A system that employs sufficient hardware and software assurance measures to allow their use for processing a range of sensitive or classified information.

Question 10

Tunneling

Answer 10

Commonly used to bridge between incompatible hosts/routers or to provide encryption, a method by which one network protocol encapsulates another protocol within itself.

Question 11

Two-factor authentication

Answer 11

The use of two independent mechanisms for authentication (e.g., requiring a smart card and a password); typically the combination of something you know, are or have

Question 12

Uniform resource locator (URL)

Answer 12

The string of characters that form a web address

Question 13

Virtual private network (VPN)

Answer 13

A secure private network that uses the public telecommunications infrastructure to transmit data

Question 14

Virus signature file

Answer 14

The file of virus patterns that are compared with existing files to determine whether they are infected with a virus or worm.

Question 15

Virus signature

Answer 15

The file of virus patterns that are compared with existing files to determine whether they are infected with a virus or worm

Question 16

Voice-over Internet Protocol (VoIP)

Answer 16

Also called IP Telephony, Internet Telephony and Broadband Phone, a technology that makes it possible to have a voice conversation over the Internet or over any dedicated Internet Protocol (IP) network instead of over dedicated voice transmission lines

Question 17

Vulnerability analysis

Answer 17

A process of identifying and classifying vulnerabilities

Question 18

Vulnerability

Answer 18

A weakness in the design, implementation, operation or internal control of a process that could expose the system to adverse threats from threat events

Question 19

Warm site

Answer 19

Similar to a hot site but not fully equipped with all of the necessary hardware needed for recovery

Question 20

Web hosting

Answer 20

The business of providing the equipment and services required to host and maintain files for one or more web sites and provide fast Internet connections to those sites.

Question 21

Web server

Answer 21

End-point hardware or software that serves web pages to users

Question 22

Wide area network (WAN)

Answer 22

A computer network connecting multiple offices or buildings over a larger area

Question 23

Wi-Fi Protected Access II (WPA2)

Answer 23

Wireless security protocol that supports 802.11i encryption standards to provide greater security. This protocol uses Advanced Encryption Standards (AES) and Temporal Key Integrity Protocol (TKIP) for stronger encryption.

Question 24

Worm

Answer 24

A programmed network attack in which a self-replicating program does not attach itself to programs, but rather spreads independently of users’ action

Question 25

Write blocker

Answer 25

A device that allows the acquisition of information on a drive without creating the possibility of accidentally damaging the drive

Question 26

Zero-day exploit

Answer 26

A vulnerability that is exploited before the software creator/vendor is even aware of its existence. May also refer to known flaws that do not have a patch available.