Vocabulary2 Flashcards

1
Q

SPI

A

SPI Security Parameter Index?Used to identify simplex IPsec security associations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

SSL

A

SSL Secure Sockets Layer?Authenticates and provides confidentiality to network traffic such as Web traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

WPA

A

WPA Wi-Fi Protected Access?A partial implementation of 802.11i.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

multitasking

A

Multitasking Allows multiple tasks (heavy weight processes) to run simultaneously on one CPU.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

POTS

A

POTS Plain Old Telephone Service?Analog phone service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

virtual memory

A

Virtual memory Provides virtual address mapping between applications and hardware memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

phishing

A

Phishing Malicious attack that poses as a legitimate site such as a bank, attempting to steal account credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

PVC

A

PVC Permanent Virtual Circuit?A circuit that is always connected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

SLE

A

SLE Single Loss Expectancy?The cost of a single loss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

striping

A

Striping Spreading data writes across multiple disks to achieve performance gains, used by some levels of RAID.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

thin client applications

A

Thin client applications Uses a Web browser as a universal client, providing access to robust applications that are downloaded from the thin client server and run in the client?s browser.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

reference monitor

A

Reference monitor Mediates all access between subjects and objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SOAP

A

SOAP Originally stood for Simple Object Access Protocol, now simply ?SOAP??Used to implement Web services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

T3

A

T3 28 Bundled T1s.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

RFC 1918

A

RFC 1918 addresses Private IPv4 addresses that may be used for internal traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

social engineering

A

Social engineering Uses the human mind to bypass security controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

star

A

Star Physical network topology that connects each node to a central device such as a hub or a switch.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Optimizing

A

Optimizing Phase 5 of CMM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

strong tranquility propery

A

Strong tranquility property Bell?LaPadula property that states that security labels will not change while the system is operating.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

type 2 authentication

A

Type 2 authentication Something you have.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

permutation

A

Permutation Provides confusion by rearranging the characters of the plaintext, anagram-style; also called transposition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

quantitative risk analysis

A

Quantitative risk analysis RA method that uses hard metrics such as dollars.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

remote wipe

A

Remote wipe The ability to remotely erase a mobile device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

polymorphic virus

A

Polymorphic virus Virus that changes its signature upon infection of a new system, attempting to evade signature-based antivirus software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

server-side attack

A

Server-side attack Attack launched directly from an attacker to a listening service; also called service-side attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

slack space

A

Slack space Space on a disk between the end-of-file marker and the end of the cluster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

thread

A

Thread A lightweight process (LWP).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

savepoint

A

Savepoint A clean snapshot of the database tables.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

USA PATRIOT Act

A

USA PATRIOT Act Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

VPN

A

VPN Virtual Private Network?A method to send private data over an insecure network, such as the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

SHA-1

A

SHA-1 Secure Hash Algorithm 1?A hash function that creates a 160-bit message digest.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Ping of Death

A

Ping of death DoS that sends a malformed ICMP echo request (ping) that is larger than the maximum size of an IP packet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

scrum master

A

Scrum master Senior member of the organization who acts as a coach for the Scrum team.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

security domain

A

Security domain The list of objects a subject is allowed to access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

total cost of ownership

A

Total Cost of Ownership The cost of a safeguard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

ticket

A

Ticket Data that authenticates the identity of a Kerberos principal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

throughput

A

Throughput The process of authenticating to a system (such as a biometric authentication system).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

NIC

A

NIC Network Interface Card?A card that connects a system to a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

RSN

A

RSN Robust Security Network?Part of 802.11i that allows changes to cryptographic ciphers as new vulnerabilities are discovered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

smart card

A

Smart card A physical access control device containing an integrated circuit; also known as an integrated circuit card (ICC).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

PEAP

A

PEAP Protected EAP?Similar to EAP-TTLS, including not requiring client-side certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

S/MIME

A

S/MIME Secure/Multipurpose Internet Mail Extensions?Leverages PKI to encrypt and authenticate MIME-encoded email.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

simplex

A

Simplex One-way communication, like a car radio tuned to a music station.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

NAT

A

NAT Network Address Translation?Translates IP addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

passive RFID

A

Passive RFID Unpowered RFID tags.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

object

A

Object A data file.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

VoIP

A

VoIP Voice over Internet Protocol?Carries voice via data networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

open system

A

Open system System using open hardware and standards, using standard components from a variety of vendors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

NDA

A

NDA Non-Disclosure Agreement?A contractual agreement that ensures that an individual or organization appreciates their legal responsibility to maintain the confidentiality of sensitive information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Passphrase

A

Passphrase A long static password, comprised of words in a phrase or sentence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

unallocated space

A

Unallocated space Portions of a disk partition that do not contain active data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Outsourcing

A

Outsourcing Use of a third party to provide information technology support services that were previously performed in-house.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

TAP

A

TAP Test Access Port?Provides a way to tap into network traffic and see all unicast streams on a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

OECD

A

OECD Privacy Guidelines Organization for Economic Cooperation and Development privacy guidelines, containing eight principles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

referential integrity

A

Referential integrity Requires that every foreign key in a secondary table matches a primary key in the parent table.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

SIGABA

A

SIGABA Rotor machine used by the United States through World War II into the 1950s.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Standards

A

Standard Describes the specific use of technology, often applied to hardware and software; an administrative control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

religious law

A

Religious law Legal system that uses religious doctrine or interpretation as a source of legal understanding and statutes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

RST

A

RST Reset (tear down) a connection?TCP flag.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

weak tranquility property

A

Weak tranquility property Bell-LaPadula property that states that security labels will not change in a way that violates security policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

patent

A

Patent Intellectual property protection that grants a monopoly on the right to use, make, or sell an invention for a period of time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

registers

A

Registers Small storage locations used by the CPU to store instructions and data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

semantic integrity

A

Semantic integrity Requires that each value is consistent with the attribute data type.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

SSO

A

SSO Single Sign-On?Allows a subject to authenticate once and then access multiple systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

system unit

A

System unit Computer case, containing all of the internal electronic computer components, including motherboard, internal disk drives, power supply, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

return on investment

A

Return on Investment Money saved by deploying a safeguard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

spoofing

A

Spoofing Masquerading as another endpoint.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

simple security property

A

Simple security property Bell?LaPadula property that states ?no read up? (NRU).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

query language

A

Query language Language that searches and updates a database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

network model (databases)

A

Network model (databases) Type of hierarchical database that allows branches to have two parents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

SVC

A

SVC Switched Virtual Circuit?A circuit that is established on demand.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

wassenaar arrangement

A

Wassenaar Arrangement Munitions law that followed COCOM, beginning in 1996.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

non-repudiation

A

Non-repudiation Assurance that a specific user performed a specific transaction and assurance that the transaction did not change.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

teardrop attack

A

Teardrop attack A malformed packet DoS attack that targets issues with system fragmentation reassembly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

warded lock

A

Warded lock Preventive device that requires a key to be turned through channels (called wards) to unlock.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

SP

A

XP Extreme Programming?An Agile development method that uses pairs of programmers who work off a detailed specification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

RAID 2

A

RAID 2 RAID hamming code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Real evidence

A

Real evidence Evidence consisting of tangible or physical objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

pseudo guard

A

Pseudo guard An unarmed security guard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

security assessments

A

Security assessments A holistic approach to assessing the effectiveness of access control; may use other tests as a subset, including penetration tests and vulnerability scans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

smurf attack

A

Smurf attack Attack that uses an ICMP flood and directed broadcast addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

SaaS

A

SaaS Software as a Service?Completely configured cloud-based application, from the operating system on up.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

promiscuous access

A

Promiscuous access The ability to sniff all traffic on a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

RAID 6

A

RAID 6 RAID striped set with dual distributed parity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

vulnerability scanning

A

Vulnerability scanning A process to discover poor configurations and missing patches in an environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

vulnerability

A

Vulnerability A weakness in a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

SDSL

A

SDSL Symmetric Digital Subscriber Line?DSL with matching upload and download speeds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

SMDS

A

SMDS Switched Multimegabit Data Service?An older WAN technology that is similar to ATM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

OFB

A

OFB Output Feedback?A stream mode of DES that uses portions of the key for feedback.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

product owner

A

Product owner Scrum role that serves as the voice of the business unit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

twofish

A

Twofish Encrypts 128-bit blocks using 128 through 256 bit keys; AES finalist.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

tuple

A

Tuple A row in a relational database table.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

RPO

A

RPO Recovery Point Objective?The amount of data loss or system inaccessibility (measured in time) that an organization can withstand.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

WPA2

A

WPA2 Wi-Fi Protected Access 2?The full implementation of 802.11i.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

SMTP

A

SMTP Simple Mail Transfer Protocol?A store-and-forward protocol used to exchange email between servers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

RIP

A

RIP Routing Information Protocol?A distance vector routing protocol that uses hop count as its metric.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

parity

A

Parity A means to achieve data redundancy without incurring the same degree of cost as that of mirroring in terms of disk usage and write performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

SLA

A

SLA Service Level Agreement?Contractual agreement that helps ensure availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

SYN

A

SYN Synchronize a connection?TCP flag.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

* security property

A

* Security property Bell?LaPadula property that states ?no write down.?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

NIDS

A

NIDS Network-based Intrusion Detection System?A detective technical control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

prudent man rule

A

Prudent man rule Organizations should engage in business practices that a prudent, right-thinking person would consider to be appropriate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

problem domain

A

Problem domain A specific challenge that needs to be addressed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

POP

A

POP Post Office Protocol?An email client protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

wiping

A

Wiping Writes new data over each bit or block of file data; also called shredding.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

PSH

A

PSH Push data to application layer?TCP flag.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

subject

A

Subject An active entity on an information system that accesses or changes data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

multiprocessing

A

Multiprocessing Runs multiple processes on multiple CPUs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

panic bar

A

Panic bar Egress device that opens externally facing doors from the inside.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

non-discretionary access control

A

Non-discretionary access control Access control based on subjects? roles or tasks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

packet

A

Packet Layer 3 PDU.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

plaintext

A

Plaintext An unencrypted message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

RC6

A

RC6 Rivest Cipher 6; symmetric block cipher by RSA Laboratories and an AES finalist.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

use limitation principle

A

Use limitation principle OECD privacy guideline principle that states that personal data should never be disclosed without either the consent of the individual or a legal requirement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

SSID

A

SSID Service Set Identifier?Acts as a wireless network name.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

UDP

A

UDP User Datagram Protocol?A simpler and faster cousin to TCP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

simulation test

A

Simulation test Recovery from a pretend disaster; goes beyond talking about the process and actually has teams carry out the recovery process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

well-formed transactions

A

Well-formed transactions Clark?Wilson control to enforce control over applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

TGS

A

TGS Ticket Granting Service?A Kerberos service that grants access to services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

OEP

A

OEP Occupant Emergency Plan?A facility-based plan focused on safety and evacuation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

spiral model

A

Spiral model Software development model designed to control risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

T1

A

T1 A dedicated 1.544-megabit circuit that carries 24 64-bit DS0 channels.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

rule-based access control

A

Rule-based access control Uses a series of defined rules, restrictions, and filters for accessing objects within a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

TCSEC

A

TCSEC Trusted Computer System Evaluation Criteria (Orange Book)?Evaluation model developed by the U.S. Department of Defense.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

procedural languages

A

Procedural languages Programming languages that use subroutines, procedures, and functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

Salt

A

Salt Allows one password to hash multiple ways.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

typosquatting

A

Typosquatting Registering Internet domain names comprised of likely misspellings or mistyping of legitimate domain trademarks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

regression testing

A

Regression Testing Testing software after updates, modifications, or patches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

Ping

A

Ping Sends an ICMP echo request to a node and listens for an ICMP echo reply.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

relational database

A

Relational database Contains two-dimensional tables of related data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

provide diligent and competent service to principals

A

Provide diligent and competent service to principals. Third canon of the (ISC)2 Code of Ethics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

Plan maintenance

A

Plan maintenance Seventh step of the NIST SP 800?34 contingency planning process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

warm site

A

Warm site A backup site with all necessary hardware, connectivity, and configured computers without live data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

process isolation

A

Process isolation Logical control that attempts to prevent one process from interfering with another.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

static password

A

Static password Reusable passwords that and may or may not expire.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

PDA

A

PDA Personal Digital Assistant?A small networked computer that can fit in the palm of your hand.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

password guessing

A

Password guessing An online technique that involves attempting to authenticate as a particular user to the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

vigenere cipher

A

Vigenre cipher Polyalphabetic cipher that uses a Vigenre square, named after Blaise de Vigenre.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

RC4

A

RC4 Rivest Cipher 4; used to provide confidentiality by WPA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

remanence

A

Remanence Data that might persist after removal attempts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

passive infrared sensor

A

Passive infrared sensor Passive motion detector that detects infrared energy created by body heat.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

southbridge

A

Southbridge Connects input/output (I/O) devices, such as disk, keyboard, mouse, CD drive, USB ports, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

truth table

A

Truth table Table used to map all results of a mathematical operation, such as XOR.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

rootkit

A

Rootkit Malware that replaces portions of the kernel and/or operating system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

packet filter

A

Packet filter A simple and fast firewall that has no concept of state.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

SYN flood

A

SYN flood Resource exhaustion DoS attack that fills a system?s half-open connection table.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

token ring

A

Token ring Legacy LAN technology that uses tokens.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
106
Q

RAM

A

RAM Random Access Memory?Memory that allows any address to be directly accessed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
107
Q

photoelectric motion sensor

A

Photoelectric motion sensor Active motion detector that sends a beam of light across a monitored space to a photoelectric sensor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
108
Q

retina scan

A

Retina scan Biometric laser scan of the capillaries that feed the retina.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

TNI

A

TNI Trusted Network Interpretation (Red Book).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

XSS

A

XSS Cross-Site Scripting?Third-party execution of Web scripting languages such as JavaScript within the security context of a trusted site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
111
Q

RAID 3

A

RAID 3 RAID striped set with dedicated parity (byte level).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
112
Q

responsible disclosure

A

Responsible disclosure The practice of privately sharing vulnerability information with a vendor and withholding public release until a patch is available.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
113
Q

threat agents

A

Threat agents The actors causing the threats that might exploit a vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
114
Q

SNMP

A

SNMP Simple Network Management Protocol?Used to monitor network devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
114
Q

take-Grant protection model

A

Take?Grant Protection Model Determines the safety of a given computer system that follows specific rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
115
Q

storage channel

A

Storage channel Covert channel that uses shared storage, such as a temporary directory, to allow two subjects to signal each other.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
117
Q

PDU

A

PDU Protocol Data Unit?A header and data at one layer of a network stack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
118
Q

TCP/IP

A

TCP/IP model A network model with four layers: network access, Internet, transport, and application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
119
Q

NIPS

A

NIPS Network Intrusion Prevention System?A preventive device designed to prevent malicious network traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
120
Q

primary key

A

Primary key Unique attribute in a relational database table, used to join tables.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
121
Q

steganography

A

Steganography The science of hidden communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
122
Q

TCP

A

TCP Transmission Control Protocol?Uses a three-way handshake to create reliable connections across a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
123
Q

northbridge

A

Northbridge Connects the CPU to RAM and video memory; also called the Memory Controller Hub (MCH).

124
Q

static route

A

Static route Fixed routing entries.

126
Q

normalization

A

Normalization Seeks to make the data in a database table logically concise, organized, and consistent.

126
Q

overt channel

A

Overt channel Authorized communication that complies with security policy.

127
Q

strong authentication

A

Strong authentication Requires that the user present more than one authentication factor; also called dual-factor authentication.

129
Q

operating system

A

Operating system Software that operates a computer.

130
Q

SPAN port

A

SPAN port Switched Port Analyzer?Receives traffic forwarded from other switch ports.

131
Q

public key

A

Public key One half of an asymmetric key pair; may be publicly posted.

132
Q

router

A

Router Layer 3 device that routes traffic from one LAN to another, based on IP addresses.

133
Q

RAID

A

RAID Redundant Array of Inexpensive Disks?A method of using multiple disk drives to achieve greater data reliability, greater speed, or both.

134
Q

RAID 1+

A

RAID 1+0 RAID 0 combined with RAID 1; sometimes called RAID 10.

135
Q

session layer

A

Session layer Layer 5 of the OSI model?Manages sessions that provide maintenance on connections.

135
Q

STP

A

STP Shielded Twisted Pair?Network cabling that contains additional metallic shielding around each twisted pair of wires.

136
Q

socket

A

Socket A combination of an IP address and a TCP or UDP port on one node.

136
Q

telnet

A

Telnet Protocol that provides terminal emulation over a network using TCP port 23.

137
Q

WAN

A

WAN Wide Area Network?Typically covering cities, states, or countries.

138
Q

schema

A

Schema Describes the attributes and values of the database tables.

139
Q

SAML

A

SAML Security Assertion Markup Language?An XML-based framework for exchanging security information, including authentication data.

140
Q

vulnerability management

A

Vulnerability management Management of vulnerability information.

141
Q

rollback

A

Rollback Restores a database after a failed commit.

142
Q

threat vectors

A

Threat vectors Vectors that allow exploits to connect to vulnerabilities.

143
Q

software escrow

A

Software escrow Source code held by a neutral third party.

143
Q

TLS

A

TLS Transport Layer Security?Successor to SSL.

144
Q

TKIP

A

TKIP Temporal Key Integrity Protocol?Used to provide integrity by WPA.

146
Q

RBAC

A

RBAC Role-Based Access Controls?Subjects are grouped into roles and each defined role has access permissions based on the role, not the individual.

148
Q

principal

A

Principal Kerberos client (user) or service.

149
Q

static testing

A

Static testing Tests code passively; the code is not running.

150
Q

split horizon

A

Split horizon Distance vector routing protocol safeguard that will not send a route update via an interface it learned the route from.

151
Q

parallel processing

A

Parallel processing Recovery of critical processing components at an alternative computing facility, without impacting regular production systems.

152
Q

shareware

A

Shareware Fully functional proprietary software that may be initially used free of charge. If the user continues to use the shareware for a specific period of time, the shareware license typically requires payment.

153
Q

PII

A

PII Personally Identifiable Information?Data associated with a specific person, such as credit card data.

154
Q

training

A

Training Security control designed to provide a skill set.

156
Q

packet-switched network

A

Packet-switched network A form of networking where bandwidth is shared and data is carried in units called packets.

158
Q

pairwise testing

A

Pairwise testing Form of combinatorial software testing that tests unique pairs of inputs.

159
Q

type 1 authentication

A

Type 1 authentication Something you know.

160
Q

trademark

A

Trademark Intellectual property protection that allows for the creation of a brand that distinguishes the source of products.

161
Q

technical controls

A

Technical controls Implemented using software, hardware, or firmware that restricts logical access on an information technology system.

162
Q

watchdog timer

A

Watchdog timer Recovers a system by rebooting after critical processes hang or crash.

163
Q

shoulder surfing

A

Shoulder surfing Physical attack where an attacker observes credentials, such as a key combination.

165
Q

network model (telecommuncations)

A

Network model (telecommunications) A description of how a network protocol suite operates.

165
Q

purpose specification principle

A

Purpose specification principle OECD privacy guideline principle that states that the purpose for the data collection should be known, and the subsequent use of the data should be limited to the purposes outlined at the time of collection.

166
Q

object encapsulation

A

Object encapsulation Treats a process as a ?black box.?

168
Q

qualitative risk analysis

A

Qualitative risk analysis RA method that uses approximate values.

169
Q

triple DES

A

Triple DES 56-bit DES applied three times per block.

171
Q

remote meeting technology

A

Remote meeting technology Newer technology that allows users to conduct online meetings via the Internet, including desktop sharing functionality.

172
Q

SRAM

A

SRAM Static Random Access Memory?Expensive and fast memory that uses small latches called ?flip-flops? to store bits.

172
Q

WRT

A

WRT Work recovery time?The time required to configure a recovered system.

173
Q

TGT

A

TGT Ticket Granting Ticket?Kerberos credentials encrypted with the TGS key.

174
Q

WEP

A

WEP Wired Equivalent Privacy?A very weak 802.11 security protocol.

175
Q

NS

A

NS Nonce Sum?The newest TCP flag, used for congestion notification.

176
Q

SONET

A

SONET Synchronous Optical Networking?Carries multiple T-carrier circuits via fiber optic cable.

178
Q

partial knowledge test

A

Partial knowledge test A penetration test where the tester is provided with partial inside information at the start of the test.

179
Q

type 2 authentication

A

Type 3 authentication Something you are.

181
Q

recovery controls

A

Recovery controls Controls that restore a damaged system or process.

182
Q

side-channel attack

A

Side-channel attack Cryptographic attack that uses physical data to break a cryptosystem, such as monitoring CPU cycles or power consumption used while encrypting or decrypting.

182
Q

VLAN

A

VLAN Virtual LAN?Can be thought of as a virtual switch.

184
Q

RC5

A

RC5 Rivest Cipher 5; symmetric block cipher by RSA Laboratories.

185
Q

WLAN

A

WLAN Wireless Local Area Network.

186
Q

thin clients

A

Thin clients Simple computer systems that rely on centralized applications and data.

188
Q

Reciprocal agreement

A

Reciprocal agreement A bidirectional agreement between two organizations in which one organization promises another organization it can move in and share space if it experiences a disaster; also known as a mutual aid agreement.

190
Q

open source

A

Open source Software with publicly published source code, allowing anyone to inspect, modify, or compile the code.

190
Q

transport layer (TCP/IP)

A

Transport layer (TCP/IP) TCP/IP model layer that connects the internet layer to the application layer.

192
Q

openness principle

A

Openness principle OECD privacy guideline principle that states that the collection and use of personal data should be readily available.

193
Q

traceroute

A

Traceroute Command that uses ICMP Time Exceeded messages to trace a network route.

194
Q

trade secret

A

Trade secret Business-proprietary information that is important to an organization?s ability to compete.

195
Q

OCSP

A

OCSP Online Certificate Status Protocol?A client?server method for looking up revoked certificates.

196
Q

voice print

A

Voice print Biometric control that measures the subject?s tone of voice while stating a specific sentence or phrase.

198
Q

PROM

A

PROM Programmable Read-Only Memory?Memory that can be written to once, typically at the factory.

199
Q

RAID 5

A

RAID 5 RAID striped set with distributed parity.

199
Q

white box software testing

A

White box software testing Gives the tester access to program source code, data structures, variables, etc.

200
Q

spring-bolt lock

A

Spring-bolt lock A locking mechanism that ?springs? in and out of the door jamb.

201
Q

purple

A

Purple Allied name for the stepping-switch encryption device used by Japanese Axis powers during World War II.

203
Q

servicemark

A

Servicemark Intellectual property protection that allows for the creation of a brand that distinguishes the source of services.

205
Q

shadow database

A

Shadow database Similar to a replicated database, with one key difference: A shadow database mirrors all changes made to a primary database, but clients do not access the shadow.

207
Q

non-interference

A

Non-interference Model Ensures that data at different security domains remain separate from one another.

208
Q

Thicknet

A

Thicknet Older type of coaxial cable, used for Ethernet bus networking.

209
Q

one-time pad

A

One-time pad Theoretically unbreakable encryption using paired pads of random characters.

211
Q

presentation layer

A

Presentation layer Layer 6 of the OSI model; presents data to the application in a comprehensible way.

212
Q

traceability matrix

A

Traceability matrix Maps customers? requirements to the software testing plan; it traces the requirements and ensures that they are being met.

213
Q

SA

A

SA Security Association?A simplex connection that may be used to negotiate ESP or AH parameters.

214
Q

protect society, the commonwealth, and the infrastructure

A

Protect society, the commonwealth, and the infrastructure. First canon of the (ISC)2 Code of Ethics.

215
Q

PGP

A

PGP Pretty Good Privacy?Software that integrates asymmetric, symmetric, and hash cryptography.

216
Q

offshoring

A

Offshoring Outsourcing to another country.

217
Q

swapping

A

Swapping Uses virtual memory to copy contents in primary memory (RAM) to or from secondary memory.

218
Q

PRI

A

PRI Primary Rate Interface?Provides 23 64-K digital ISDN channels.

219
Q

synchronous dynamic token

A

Synchronous Dynamic Token Use time or counters to synchronize a displayed token code with the code expected by the authentication server.

221
Q

remote journaling

A

Remote journaling Saves database checkpoints and the database journal to a remote site. In the event of failure at the primary site, the database may be recovered.

222
Q

vishing

A

Vishing Phishing via voice.

223
Q

PaaS

A

PaaS Platform as a service?A preconfigured operating system is provided, and the customer configures the applications.

223
Q

simple integrity axiom

A

Simple integrity axiom Biba property that states ?no read down.?

225
Q

proxy firewall

A

Proxy firewall Firewalls that terminate connections and act as intermediary servers.

226
Q

TFTP

A

TFTP Trivial File Transfer Protocol?A simple way to transfer files with no authentication or directory structure.

227
Q

WAP

A

WAP Wireless Application Protocol?Designed to provide secure Web services to handheld wireless devices such as smart phones.

229
Q

recovery phase

A

Recovery phase Incident response phase that restores a previously compromised system to operational status.

229
Q

reporting phase

A

Reporting phase Incident response phase that provides a final report on the incident.

230
Q

patch management

A

Patch management The process of managing software updates.

232
Q

sniffing

A

Sniffing Confidentiality attack on network traffic.

233
Q

secondary evidence

A

Secondary evidence Evidence consisting of copies of original documents and oral descriptions.

234
Q

strike plate

A

Strike plate Plate in the door jamb with a slot for a deadbolt or spring-bolt lock.

236
Q

SOCKS

A

SOCKS Popular circuit-level proxy.

237
Q

REST

A

REST Representational State Transfer?Used to implement Web services.

238
Q

stateful firewall

A

Stateful firewall Firewall with a state table that allows the firewall to compare current packets to previous.

239
Q

ultrasonic motion detector

A

Ultrasonic motion detector Active motion detector that uses ultrasonic energy.

241
Q

SDLC (telecommunications)

A

SDLC (telecommunications) Synchronous Data Link Control?A synchronous Layer 2 WAN protocol that uses polling to transmit data.

242
Q

polyinstantiation

A

Polyinstantiation Allows two different objects to have the same name.

244
Q

separation of duties

A

Separation of duties Dividing sensitive transactions among multiple subjects.

245
Q

OCTAVE

A

OCTAVE? Operationally Critical Threat, Asset, and Vulnerability Evaluation?A risk management framework from Carnegie Mellon University.

246
Q

process

A

Process An executable program and its associated data loaded and running in memory.

247
Q

timing channel

A

Timing channel Covert channel that relies on the system clock to infer sensitive information.

248
Q

RFID

A

RFID Radio Frequency Identification?A type of contactless card technology.

249
Q

trojan

A

Trojan Malware that performs two functions: one benign (such as a game) and one malicious; also called Trojan horses.

250
Q

parent class

A

Parent class OOP concept that allows objects to inherit capabilities from parents.

251
Q

Rainbow table

A

Rainbow table Acts as database that contains the hashed output for most or all possible passwords.

252
Q

running-key cipher

A

Running-key cipher Cryptographic method that uses whole words from a well-known text such as a dictionary, ?adding? letters to plaintext using modular math.

253
Q

WSDL

A

WSDL Web Services Description Language?Provides details about how Web services are to be invoked.

254
Q

tailgating

A

Tailgating Following an authorized person into a building without providing credentials; also known as piggybacking.

255
Q

PAP

A

PAP Password Authentication Protocol?An insecure network authentication protocol that exposes passwords in cleartext.

256
Q

TACACS

A

TACACS Terminal Access Controller Access Control System?A SSO method often used for network equipment.

257
Q

POST

A

POST Power-On Self-Test?Performs basic computer hardware tests, including verifying the integrity of the BIOS, testing the memory, and identifying system devices, among other tasks.

258
Q

thinnet

A

Thinnet Older type of coaxial cable, used for Ethernet bus networking.

260
Q

rotation of duties

A

Rotation of duties Requires that critical functions or responsibilities are not continuously performed by the same person without interruption; also known as job rotation.

261
Q

top-down programming

A

Top-down programming Starts with the broadest and highest level requirements (the concept of the final program) and works down toward the low-level technical implementation details.

262
Q

TOCTOU

A

TOCTOU Time Of Check, Time Of Use?Altering a condition after it has been checked by the operating system but before it is used.

264
Q

RADIUS

A

RADIUS Remote Authentication Dial-In User Service?A UDP-based third-party authentication system.

265
Q

RAT

A

RAT Remote Access Trojans?Trojan horses that may be remotely controlled.

266
Q

XOR

A

XOR Exclusive OR?Binary operation that is true if one of two inputs (but not both) are true.

267
Q

zero-day exploit

A

Zero-day exploit An exploit for a vulnerability with no available vendor patch.

269
Q

OFDM

A

OFDM Orthogonal Frequency-Division Multiplexing?A newer wireless multiplexing method that allows simultaneous transmission using multiple independent wireless frequencies that do not interfere with each other.

270
Q

statutory damages

A

Statutory damages Damages prescribed by law.

272
Q

password cracking

A

Password cracking An offline technique in which the attacker has gained access to the password hashes or database.

273
Q

UTP

A

UTP Unshielded Twisted Pair?Network cabling that uses pairs of wire twisted together.

275
Q

QoS

A

QoS Quality of Service?Gives specific traffic precedence over other traffic on packet-switched networks.

277
Q

PPP

A

PPP Point-to-Point Protocol?Layer 2 protocol that has largely replaced SLIP, adding confidentiality, integrity, and authentication.

278
Q

virus

A

Virus Malware that requires a carrier to propagate.

280
Q

penetration test

A

Penetration test Security test designed to determine if an attacker can penetrate an organization.

281
Q

Ring (physical)

A

Ring (physical) Physical network topology that connects nodes in a physical ring.

282
Q

security audit

A

Security audit A test against a published standard.

284
Q

SHA-2

A

SHA-2 Secure Hash Algorithm 2?A hash function that includes SHA-224, SHA-256, SHA-384, and SHA-512; named after the length of the message digest each creates.

286
Q

network access layer

A

Network access layer TCP/IP model layer that combines Layers 1 and 2 of the OSI model; it describes Layer 1 issues such as energy, bits, and the medium used to carry them.

287
Q

stealth virus

A

Stealth virus Virus that hides itself from the OS and other protective software, such as antivirus software.

288
Q

SQL

A

SQL Structured Query Language?The most popular database query language.

289
Q

network stack

A

Network stack A network protocol suite programmed in software or hardware.

290
Q

privacy act of 1974

A

Privacy Act of 1974 Protects U.S. citizens? data that is being used by the federal government.

292
Q

SSH

A

SSH Secure Shell?A secure replacement for Telnet, FTP and the UNIX ?R? commands.

293
Q

unicast

A

Unicast One-to-one network traffic, such as a client surfing the Web.

294
Q

TEMPEST

A

TEMPEST A standard for shielding electromagnetic emanations from computer equipment.

295
Q

worm

A

Worm Malware that self propagates.

297
Q

RAID 10

A

RAID 10 See RAID 1+0.

299
Q

SIP

A

SIP Session Initiation Protocol?A VoIP signaling protocol.

301
Q

risk

A

Risk A matched threat and vulnerability.

303
Q

object-oriented database

A

Object-oriented database Database that combines data with functions (code) in an object-oriented framework.

304
Q

RTO

A

RTO Recovery Time Objective?The maximum time allowed to recover business or IT systems.

305
Q

OOD

A

OOD Object-Oriented Design?High-level object-oriented approach to designing software.

307
Q

RAID 4

A

RAID 4 RAID striped set with dedicated parity (block level).

308
Q

scrum

A

Scrum Agile development model that uses small teams; roles include scrum master and product owner.

309
Q

virtualization

A

Virtualization Adds a software layer between an operating system and the underlying computer hardware.

311
Q

one-time password

A

One-time password Password that may be used for a single authentication.

312
Q

Rijndael

A

Rijndael Cipher that became AES; named after authors Vincent Rijmen and Joan Daemen.

313
Q

RFI

A

RFI Remote File Inclusion?Altering Web URLs to include remote content.

314
Q

RAD

A

RAD Rapid Application Development?Rapidly develops software via the use of prototypes, ?dummy? GUIs, back-end databases, and more.

315
Q

XML

A

XML Extensible Markup Language?A markup language designed as a standard way to encode documents and data.

316
Q

screened subnet architecture

A

Screened subnet architecture Two firewalls screening a DMZ.

317
Q

URG

A

URG Packet contains urgent data?TCP flag.

319
Q

Plan testing, training and exercises

A

Plan testing, training, and exercises Sixth step of the NIST SP 800?34 contingency planning process.

320
Q

time multiplexing

A

Time multiplexing Shares (multiplexes) system resources between multiple processes, each with a dedicated slice of time.

321
Q

punitive damages

A

Punitive damages Damages designed to punish an individual or organization.

322
Q

mutation

A

Mutation Genetic algorithm concept that introduces random changes to algorithms.

323
Q

zero knowledge test

A

Zero knowledge test A blind penetration test where the tester has no inside information at the start of the test.

324
Q

SRTP

A

SRTP Secure Real-Time Transport Protocol?Used to provide secure VoIP.

325
Q

OOP

A

OOP Object-Oriented Programming?Changes the older procedural programming methodology and treats a program as a series of connected objects that communicate via messages.

327
Q

software piracy

A

Software piracy Unauthorized copying of copyrighted software.

328
Q

PKI

A

PKI Public key infrastructure?Leverages symmetric, asymmetric, and hash-based cryptography to manage digital certificates.

329
Q

vernam cipher

A

Vernam cipher One-time pad using a teletypewriter; invented by Gilbert Vernam.

331
Q

physical layer

A

Physical layer Layer 1 of the OSI model; describes units of data like bits represented by energy and the media used to carry them.

333
Q

ROM

A

ROM Read-Only Memory.

334
Q

system call

A

System call Allow processes to communicate with the kernel and provide a window between CPU rings.

335
Q

PIN

A

PIN Personal Identification Number?A number-based password.

336
Q

NIST SP 800-34

A

NIST SP 800?34 NIST Special Publication 800?34, Contingency Planning Guide for Information Technology Systems.

337
Q

ORBs

A

ORBs Object Request Brokers?Used to locate and communicate with objects.

338
Q

sashimi model

A

Sashimi model Development model with highly overlapping steps; it can be thought of as a real-world successor to the waterfall model.

339
Q

policy

A

Policy High-level management directives; an administrative control.

340
Q

transport layer (OSI)

A

Transport layer (OSI) Layer 4 of the OSI model; handles packet sequencing, flow control, and error detection.

341
Q

sanction

A

Sanction Action taken as a result of policy violation.

342
Q

privacy

A

Privacy Protection of the confidentiality of personal information.

343
Q

structured walkthrough

A

Structured walkthrough Thorough review of a DRP by individuals who are knowledgeable about the systems and services targeted for recovery; also known as tabletop exercise.

344
Q

repeatable

A

Repeatable Phase 2 of CMM.

345
Q

threat

A

Threat A potentially negative occurrence.

346
Q

Need to know

A

Need to know Requirement that subjects need to know information before accessing it.

347
Q

reserved ports

A

Reserved ports TCP/IP ports 1023 and lower.

349
Q

repeater

A

Repeater Layer 1 device that receives bits on one port, and ?repeats? them out the other port.

350
Q

rotation cipher

A

Rotation cipher Substitution cipher that shifts each character of ciphertext a fixed amount past each plaintext character.

351
Q

source code

A

Source code Computer programming language instructions that are written in text that must be translated into machine code before execution by the CPU.

353
Q

procedure

A

Procedure Step-by-step guide for accomplishing a task; an administrative control.

354
Q

session hijacking

A

Session hijacking Compromise of an existing network sessions.

355
Q

turnstile

A

Turnstile Device designed to prevent tailgating by enforcing a ?one person per authentication? rule.

356
Q

PAN

A

PAN Personal Area Network?A very small network with a range of 100m or much less.

357
Q

redundant site

A

Redundant site An exact production duplicate of a system that has the capability to seamlessly operate all necessary IT operations without loss of services to the end user.

358
Q

switch

A

Switch Layer 2 device that carries traffic on one LAN.

359
Q

NRM

A

NRM Normal Response Mode?SDLC/HDLC mode where secondary nodes can transmit when given permission by the primary.

360
Q

Realm

A

Realm A logical Kerberos network.

361
Q

work factor

A

Work factor The amount of time required to break a cryptosystem (decrypt a ciphertext without the key).

362
Q

WORM

A

WORM Write once, read many?Memory that can be written to once and read many times.

363
Q

principle of least privelege

A

Principle of least privilege Granting subjects the minimum amount of authorization required to do their jobs; also known as minimum necessary access.

364
Q

OUI

A

OUI Organizationally Unique Identifier?The first 24 bits of a MAC address.

365
Q

RTP

A

RTP Real-Time Transport Protocol?VoIP protocol designed to carry streaming audio and video.

366
Q

security safeguards principle

A

Security safeguards principle OECD privacy guideline principle that states that personal data should be reasonably protected against unauthorized use, disclosure, or alteration.

367
Q

segment

A

Segment Layer 4 PDU.

368
Q

socket pair

A

Socket pair Describes a unique connection between two nodes: source port and source IP, destination port and destination IP.

369
Q

script kiddies

A

Script kiddies Attackers who target computer systems with tools they have little or no understanding of.

370
Q

spear phishing

A

Spear phishing Targeted phishing attack against a small number of high-value victims.

371
Q

tree

A

Tree Physical network topology with a root node and branch nodes that are at least three levels deep.

372
Q

War dialing

A

War dialing Uses a modem to dial a series of phone numbers, looking for an answering modem carrier tone.

373
Q

white hat

A

White hat Ethical hacker or researcher.

374
Q

ring model

A

Ring model Form of CPU hardware layering that separates and protects domains (such as kernel mode and user mode) from each other.

375
Q

RISC

A

RISC Reduced Instruction Set Computer?CPU instructions that are short and simple.

376
Q

polymorphism

A

Polymorphism OOP concept based on the Greek roots poly (?many?) and morphe (?form?); allows an object to overload an operator, for example.

377
Q

search warrant

A

Search warrant Court order that allows a legal search.

378
Q

object

A

Object A ?black box? that combines code and data and sends and receives messages.

379
Q

RAID 0

A

RAID 0 RAID striped set.

380
Q

pipelining

A

Pipelining CPU feature that combines multiple steps into one combined process, allowing simultaneous fetch, decode, execute, and write steps for different instructions.

381
Q

symmetric encryption

A

Symmetric encryption Encryption that uses one key to encrypt and decrypt.

383
Q

poison reverse

A

Poison reverse Distance vector routing protocol safeguard that sets a bad route to infinity.

384
Q

substitution

A

Substitution Cryptographic method that replaces one character for another.

385
Q

SOX

A

SOX Sarbanes?Oxley Act of 2002?Created regulatory compliance mandates for publicly traded companies.

387
Q

network layer 3

A

Network layer Layer 3 of the OSI model; describes routing data from a system on one LAN to a system on another.

388
Q

OLE

A

OLE Object Linking and Embedding?Part of DCOM that links documents to other documents.

389
Q

preventative controls

A

Preventive controls Prevents actions from occurring.

390
Q

OSI model

A

OSI model A network model with seven layers: physical, data link, network, transport, session, presentation, and application.

391
Q

pysical controls

A

Physical controls Implemented with physical devices, such as locks, fences, or gates.

392
Q

screened host architecture

A

Screened host architecture Older flat network design using one router to filter external traffic to and from a bastion host via an ACL.

393
Q

risk analysis matrix

A

Risk analysis matrix A quadrant used to map the likelihood of a risk occurring against the consequences (or impact) that risk would have.

395
Q

PCI-DSS

A

PCI-DSS Payment Card Industry Data Security Standard?A security standard created by the Payment Card Industry Security Standards Council (PCI SSC).

396
Q

RAID 1

A

RAID 1 RAID mirrored set.

398
Q

SLIP

A

SLIP Serial Line Internet Protocol?A Layer 2 protocol that provides IP connectivity via asynchronous connections such as serial lines and modems.

399
Q

OOA

A

OOA Object-Oriented Analysis?High-level approach to understanding a problem domain that identifies all objects and their interactions.

400
Q

VDSL

A

VDSL Very High Rate Digital Subscriber Line?DSL featuring much faster asymmetric speeds.

401
Q

SDLC (applications)

A

SDLC (applications) Systems Development Life Cycle?A system development model that focuses on security in every phase.

402
Q

x.25

A

X.25 Older packet-switched WAN protocol.

403
Q

private key

A

Private key One half of an asymmetric key pair; it must be kept secure.

404
Q

unit testing

A

Unit testing Low-level tests of software components, such as functions, procedures, or objects.

405
Q

waterfall model

A

Waterfall model An application development model that uses rigid phases; when one phase ends, the next begins.

406
Q

OSPF

A

OSPF Open Shortest Path First?An open link state routing protocol.

407
Q

polyalphabetic cipher

A

Polyalphabetic cipher Substitution cipher using multiple alphabets.

408
Q

PLD

A

PLD Programmable Logic Device?Field-programmable hardware.

409
Q

walkthrough

A

Walkthrough drill See Simulation test.

410
Q

zachman framework

A

Zachman Framework? Provides six frameworks for providing information security that ask what, how, where, who, when, and why; it maps those frameworks across rules that include planner, owner, designer, builder, programmer, and user.

411
Q

table

A

Table A group of related data in a relational database.