Vocab

Question 1

Tokenization

Answer 1

Process of turning a meaningful piece of data into a token that has no meaningful value if breached

Question 2

Iaas (Infrastructure as a service)

Answer 2

Cloud computing that provides virtualized resources over the internet

Question 3

PaaS (Platform as a service)

Answer 3

Third party provider delivers hardware and software tools over the internet

Question 4

SaaS (Software as a service)

Answer 4

Cloud provider hosts applications and makes them available over the internet

Question 5

Thin Client

Answer 5

A computer that runs from resources stored on a central server instead of a hard drive

Question 6

Elasticity

Answer 6

Ability of an IT infrastructure to respond without jeopardizing availability, security, and performance.

Question 7

Scalability

Answer 7

Ability of a process, network, or software to grow and manage demand

Question 8

Key Strectching

Answer 8

Converting a password to a longer and more random key for cryptographic purposes

Question 9

Elliptic-Curve Cryptography

Answer 9

Public key encryption technique that creates faster, smaller, and more efficient keys

Question 10

Perfect Forward Secrcey

Answer 10

Encryption system that changes the keys to encrypt and decrypt frequently and automatically

Question 11

DNNSSEC (Domain name system security extension)

Answer 11

Defend against techniques hackers use to direct computers to rogue websites and servers using SSH

Question 12

S/MIME (Secure multipurpose internet mail extension)

Answer 12

Sending digitally signed and encrypted messages

Question 13

SRTP (secure real-time protocol)

Answer 13

Uses encryption and authentication to minimize risk of DOS attacks and breaches

Question 14

LADPS (lightweight directory access protocol over SSL)

Answer 14

Authenticate users from windows server and active directory over SSL

Question 15

FTPS (File transfer protocol secure)

Answer 15

Secure file transfer protocol that allows businesses to connect securely with customers, users etc using TLS

Question 16

SFTP (Secure file transfer protocol over SSH)

Answer 16

Secure file transfer protocol that runs over the SSH protocol

Question 17

SNMPv3 (simple network management protocol v3)

Answer 17

Provides security with authentication and privacy

Question 18

IPSec (internet protocol security)

Answer 18

Suit of protocols developed to ensure integrity, confidentiality, and authentication of data over the IP network

Question 19

SQL (structured query language)

Answer 19

Standard database language which is used to create, maintain and retrieve the relational database

Question 20

Directory Traversal

Answer 20

Web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application

Question 21

Memory Leak

Answer 21

A program you run, fails to release memory that it has used

Question 22

Integer Overflow

Answer 22

An arrhythmic error when the result of an integer operation does not fit within the allocated memory

Question 23

Error Handling

Answer 23

Response and recovery procedures from error conditions present in a software application

Question 24

Improper Input Handling

Answer 24

Term used to describe functions such as validation, sanitization, filter erroring, encoding and decoding of data

Question 25

DLL (dynamic link library)

Answer 25

A library that can be shared by several applications running under windows

Question 26

LDAP (lightweight directory access protocol)

Answer 26

Software protocol for enabling anyone to locate data about organizations, individuals, and other resources

Question 27

XML (Extensive markup language)

Answer 27

Designed to store and transport data and designed to be readable by humans and machines

Question 28

Buffer Overflow

Answer 28

Writing data to a buffer, overruns the buffers boundaries and overwrites adjacent memory locations

Question 29

Replay Attack

Answer 29

Network attack which a valid data transmission is maliciously or fraudulently repeated or delayed

Question 30

Pass the hash

Answer 30

Attacker captures a password hash and the passes it through for authentication and lateral movement

Question 31

Evil Twin

Answer 31

Fake wifi network that steals data

Question 32

Rogue Access point

Answer 32

Wireless access point that has been installed on a network

Question 33

Bluesnarfing

Answer 33

Hacking a device using bluetooth

Question 34

Bluejacking

Answer 34

Sending anonymous messages to Bluetooth devices

Question 35

ARP Poisoning (address resolution protocol poisoning)

Answer 35

Attack carried out over the LAN that sends ARP packets to a default gateway in order to change the IP to MAC address table

Question 36

MAC Flooding

Answer 36

Compromising the security of switches

Question 37

DNS Highjacking

Answer 37

Changing the registration of a domain name without permission

Question 38

DNS Poisoning

Answer 38

Altered DNS records are used to redirect online traffic to a fraudulent website that resembles the intended target

Question 39

False-Positive

Answer 39

Mislabeled security alters, indicating there is a threat when there isn’t

Question 40

False-Negatives

Answer 40

A security system fails to identify a threat. Produces a negative result when there is a problem.

Question 41

OSINT (open-source intelligence)

Answer 41

Framework focused on gathering information from free tools and resources

Question 42

Masking

Answer 42

Method of creating structurally similar but inauthentic version of an organizations data

Question 43

Data at rest

Answer 43

Data that is not actively moving from device to device or network to network such as data stored don a hard drive, laptop, floppy disks etc

Question 44

Data in motion/transit

Answer 44

Digital information that is in the process of being transported between location either within or between computer systems

Question 45

Data in processing

Answer 45

Conversion of raw data to meaningful information through a process