100 Flashcards by Landon Todd

Agreed-upon principles set forth by a company to govern how the employees of that company may use resources such as computers and Internet access

acceptable use policies

How well did you know this?

Not at all

Perfectly

The means of giving or restricting user access to network resources

access control

How well did you know this?

Not at all

Perfectly

A table or data file that specifies whether a user or group has access to a specific resource on a computer or network

access control list (ACL)

How well did you know this?

Not at all

Perfectly

The point at which access to a network is accomplished This term is often used in relation to a wireless access point (WAP)

access point (AP)

How well did you know this?

Not at all

Perfectly

A policy that provides information to the reader about who to contact if a problem is discovered

accountability statement

How well did you know this?

Not at all

Perfectly

A response generated in real time

active response

How well did you know this?

Not at all

Perfectly

Any action a user undertakes

activity

How well did you know this?

Not at all

Perfectly

Protocol used to map known IP addresses to unknown physical addresses

Address Resolution Protocol (ARP)

How well did you know this?

Not at all

Perfectly

An attack that convinces the network that the attacker’s MAC address is the one associated with an allowed address so that traffic is wrongly sent to attacker’s machine

Address Resolution Protocol (ARP) poisoning

How well did you know this?

Not at all

Perfectly

A control implemented through administrative policies or procedures

administrative control

How well did you know this?

Not at all

Perfectly

The user who is accountable and responsible for the network

administrator

How well did you know this?

Not at all

Perfectly

A Federal Information Processing Standards (FIPS) publication that specifies a cryptographic algorithm for use by the US government

Advanced Encryption Standard (AES)

How well did you know this?

Not at all

Perfectly

More commonly known as ARP poisoning - this involves the MAC (Media Access Control) address of the data being faked

ARP spoofing

How well did you know this?

Not at all

Perfectly

An algorithm that uses two keys

asymmetric algorithm

How well did you know this?

Not at all

Perfectly

Encryption in which two keys must be used

asymmetric encryption

How well did you know this?

Not at all

Perfectly

Any unauthorized intrusion into the normal operations of a computer or computer network

attack

How well did you know this?

Not at all

Perfectly

The area of an application that is available to users—those who are authenticated and - more importantly - those who are not

attack surface

How well did you know this?

Not at all

Perfectly

Minimizing the possibility of exploitation by reducing the amount of code and limiting potential damage

attack surface reduction (ASR)

How well did you know this?

Not at all

Perfectly

The act of tracking resource usage by users

audit

How well did you know this?

Not at all

Perfectly

The means of verifying that someone is who they say they are

authentication

How well did you know this?

Not at all

Perfectly

A header used to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replays

Authentication Header (AH)

How well did you know this?

Not at all

Perfectly

A type of certificate technology that allows ActiveX components to be validated by a server

Authenticode

How well did you know this?

Not at all

Perfectly

A utility used with Windows 7 and 8 for creating a copy of the configuration settings necessary to reach the present state after a disaster

Automated System Recovery (ASR) disk

How well did you know this?

Not at all

Perfectly

An opening left in a program application (usually by the developer) that allows additional access to data

backdoor

How well did you know this?

Not at all

Perfectly

A reversion - or roll back to a previous state - from a change that had negative consequences

backout

A usable copy of data made to media

backup

A generator that can supply power in the event the primary provider is unable to deliver it

backup generator

A documented plan governing backup situations

backup plan

A written policy detailing the frequency of backups and the location of storage media

backup policy

Looking at the banner - or the header information messages sent with data - to find out about a system(s)

banner grabbing

Comparing performance to a historic metric

baselining

A host with multiple network interface cards so that it can reside on multiple networks

bastion host

A set of rules governing basic operations

best practices

Data that is too large to be dealt with by traditional database management means

Big Data analysis

A probability method of finding collision in hash functions

birthday attack

A Microsoft utility used to encrypt a drive

BitLocker

A method of encryption that processes blocks of data rather than streams

block cipher

A type of symmetric block cipher created by Bruce Schneier

Blowfish

The sending of unsolicited messages over a Bluetooth connection

bluejacking

The gaining of unauthorized access through a Bluetooth connection

bluesnarfing

A router used to translate from LAN framing to WAN framing

border router

An automated software program (network robot) that collects information on the Web

bot

A trust model in which a peer-to-peer relationship exists among the root certificate authorities

bridge trust model

A type of attack that relies purely on trial and error and tries all possible combinations

brute-force attack

A type of denial-of-service (DoS) attack that occurs when more data is put into a buffer than it can hold - thereby overflowing it (as the name implies)

buffer overflow

A contingency plan that allows a business to keep running in the event of a disruption to vital resources

business continuity planning (BCP)

A study of the possible impact if a disruption to to a business's vital resources were to occur

business impact analysis (BIA)

A physical security deterrent used to protect a computer

cable lock

An access point that requires users to agree to some condition before they use the network or Internet

captive portal

A type of symmetric block cipher defined by RFC 2144

CAST

A digital entity that establishes who you are and is often used with e-commerce

certificate

An issuer of digital certificates (which are then used for digital signatures or key pairs)

certificate authority (CA)

A messaging protocol used between PKI entities

Certificate Management Protocol (CMP

The principles and procedures employed in the issuing and managing of certificates

Certificate Practice Statement (CPS)

The act of making a certificate invalid

certificate revocation

A list of digital certificate revocations that must be regularly downloaded to stay current

certificate revocation list (CRL)

A protocol that challenges a system to verify identity

Challenge Handshake Authentication Protocol (CHAP)

Management included in the making of a change in the scope of any particular item

change management

An algorithm - also known as a cryptographic algorithm - used to encrypt and decrypt data

cipher

The part of a client-server network where the computing is usually done

client

A surveillance camera used for physical-access monitoring

closed-circuit television (CCTV)

Moving the execution of an application to the cloud on an as-needed basis

cloud bursting

A model for enabling ubiquitous - convenient - on-demand network access to a shared pool of configurable computing resources"

cloud computing

A method of balancing loads and providing fault tolerance

clustering

The storage and conditions for release of source code provided by a vendor - partner - or other party

code escrow

Looking at all custom written code for holes that may exist

code review

Server room aisles that blow cold air from the floor

cold aisles

A physical site that can be used if the main site is inaccessible (destroyed) but that lacks all the resources necessary to enable an organization to use it immediately

cold site

An agreement between individuals to commit fraud or deceit

collusion

A standard identification card used by the Department of Defense(DoD) and other employers

Common Access Card (CAC)

A document of specifications detailing security evaluation methods for IT products and systems

Common Criteria (CC)

Cloud delivery model in which the infrastructure is shared by organizations with something in common

community cloud

A virus that creates a new program that runs in place of an expected program of the same name

companion virus

Gap controls that fill in the coverage between other types of vulnerability mitigation techniques (where there are holes coverage - we compensate for them

compensating controls

A formalized or an ad hoc team you can call upon to respond to an incident after it arises

Computer Security Incident Response Team (CSIRT)

Type of communications between two hosts that have a previous session established for synchronizing sent data

connection-oriented protocol

A plan that allows a business to keep running in the event of a disruption to vital resources

contingency plan

Processes or actions used to respond to situations or events

control

Technical or administrative measures in place to assist with resource management

control types

A plain-text file stored on your machine that contains information about you (and your preferences) and is used by a server

A wrapper that uses 128-bit AES encryption with a 48-bit initialization vector

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)

Functions on which the livelihood of the company depends

critical business functions (CBF)

A form of web-based attack in which unauthorized commands are sent from a user that a website trusts

Cross-Site Request Forgery (XSRF)

Running a script routine on a user's machine from a website without their permission

cross-site scripting (XSS)

The study and practice of finding weaknesses in ciphers

cryptanalysis

A person who does cryptanalysis

cryptanalyst

A person who participates in the study of cryptographic algorithms

cryptographer

An algorithm - also known as a cipher - used to encrypt and decrypt data

cryptographic algorithm

The field of mathematics focused on encrypting and decrypting data

cryptography

Getting rid of/destroying media no longer needed

data disposal

The primary standard used in government and industry until it was replaced by AES

Data Encryption Standard (DES)

Any systems that identify - monitor - and protect data to prevent it from unauthorized use - modification - or destruction"

data loss prevention (DLP)

A policy dealing with some aspect of data (usage - destruction - retention - etc

data policy

A response that fools the attacker into thinking that the attack is succeeding while the system monitors the activity and potentially redirects the attacker to a system that is designed to be broken

deception active response

An area for placing web and other servers outside the firewall

demilitarized zone (DMZ)

A type of attack that prevents any users—even legitimate ones— from using a system

denial-of-service (DoS)

Reviewing the security design - including examining the ports and protocols used - the rules - segmentation - and access control

design review

Controls that are intended to identify and characterize an incident in progress (for example - sounding the alarm and altering the administrator)

detective control

The act of attempting to crack passwords by testing them against a list of dictionary words

dictionary attack

A type of backup that includes only new files or files that have changed since the last full backup

differential backup