Network Security

Question 1

SIM

Answer 1

Subscriber Identity Module/SIM Card

• Integrated circuit useed to securely store the data used to identify and authenticate mobile subscribers
• SIM also stores personalized data, such as a telephone book and messages

Question 2

SATCOM

Answer 2

Satellite Communications or Communications Satellite

A method for mobile devices to connect to networks

Question 3

DMZ

Answer 3

Demilitarized Zone

A physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted usually larger network such as the Internet. The purpose of a DMZ is to add an additional layer of security to an organization’s local area network (LAN).

Question 4

CAN

Answer 4

Controller Area Network

Vehicle bus standard designed to allow microcontrollers and devices to communicate with each other’s applications without a host computer.

Used in the automotive industry, aircraft, and medical devices

Question 5

GPS

Answer 5

Global Positioning System

A satellite-based radionavigation system created and maintained by the US government.

Provides free geolocation and time information to a GPS receiver anywhere on or near the Earth with is an unobstructed line of sight to four or more GPS satellites.

Question 6

CYOD

Answer 6

Choose Your Own Device

A mobile deployment model that allows employees to select a mobile device from a list of accepted devices to use for work purposes.

Question 7

HDD

Answer 7

Hard Disk Drive

An electro-mechanical data storage device that stores and retrieves digital data using magnetic storage and one or more rigid rapidly rotating platters coated with magnetic material.

Question 8

UPS

Answer 8

Uninterruptible Power Supply

Increase power related fault tolerance

Question 9

CAPTCHA

Answer 9

Completely Automated Public Turing test to tell Computers and Humans Apart

A type of challenge–response test used in computing to determine whether or not the user is human.

Question 10

RAS

Answer 10

Remote Access Server

• Server that provides a suite of services to remotely connected users over a network or the Internet.
• Operates as a remote gateway or central server that connects remote users with an organization’s internal local area network (LAN).

Question 11

ICS

Answer 11

Industrial Control System

A networked system that controls critical infrastructure such as water electrical transportation and telecommunication services

Question 12

DSL

Answer 12

Digital Subscriber Line

Used to transmit digital data over telephone lines.

The term DSL is widely understood to mean asymmetric digital subscriber line (ADSL) the most commonly installed DSL technology for Internet access.

DSL can be delivered simultaneously with wired telephone service on the same telephone line since DSL uses higher frequency bands for data.

Question 13

UTM

Answer 13

Unified Threat Management

A group of security controls combined in a single solution. UTM appliances can inspect data streams for malicious content and block it.

Question 14

WIPS

Answer 14

Wireless Intrusion Prevention System; An active inline security device that monitors suspicious network and/or system traffic on a wireless network and reacts in real time to block it

Question 15

VLSM

Answer 15

Variable Length Subnet Masking

A subnet design that uses more than one mask in the same network which means more than one mask is used for different subnets of a single class A, B, C or a network

It is used to increase the usability of subnets as they can be of variable size.

Question 16

GPG

Answer 16

Gnu Privacy Guard

A free open-source version of Symantec’s PGP crytographic software suite that provides equivalent encryption and authentication services.

Question 17

TOS

Answer 17

Trusted Operating System

Operating system that meets a set of predetermined requirements with heavy empasis on authentication and authorization

Question 18

CASB

Answer 18

Cloud Access Security Broker

A software tool or service that enforces cloud-based security requirements.

It is placed between an organization’s resources and the cloud.

Monitors all network traffic and can enforce security policies.

Question 19

MDM

Answer 19

Mobile Device Management

A group of applications and/or technologies used to manage mobile devices.

MDM tools can monitor mobile devices to ensure security policy compliance.

Question 20

VPN

Answer 20

Virtual Private Network

A method of extending a private network by tunneling though a public network such as the Internet

Question 21

VDI

Answer 21

Virtual Desktop Infrastructure

A virtualization implementation that separates the personal computing environment from a user’s physical computer

Question 22

NIPS

Answer 22

Network-based Intrusion Prevention System

An active inline security device that monitors suspicious network and/or system traffic and reacts in real time to block it

Question 23

ESN

Answer 23

Electronic Serial Number

Unique identifier for mobile devices.

Question 24

COPE

Answer 24

Corporate Owned Personally Enabled

A mobile device deployment model.

The organization purchases and issues devices to employees.

Employees to use them as if they were personally-owned notebook computers, tablets or smartphones.

Compare with BYOD and CYOD.

Question 25

URL

Answer 25

Universal Resource Locator

• Commonly called web address
• Reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it
• Specific type of Uniform Resource Identifier (URI)

Question 26

SCAP

Answer 26

Security Content Automation Protocol

• Standard used by vulnerability scanners
• Utilizes the National Vulnerability Database (NVD), which includes:
  
  • Lists of common misconfigurations
  • Security-related software flaws
  • Impact ratings or risk scores

Question 27

AP

Answer 27

Access Point

A networking hardware device that allows other Wi-Fi devices to connect to a wired network.

AKA Wireless Access Point (WAP).

Question 28

FDE

Answer 28

Full Disk Encryption

• Entire hard drive is encrypted
• Several software applications such as Veracrypt can do this
• Hardware-based full disk encryption also available

Question 29

IPS

Answer 29

Intrusion Protection System

• Device or software application that can detect, react to, and prevent attacks.
• Placed inline with traffic
• Has protocol analyzing capabilities
• Reacts to attacks in progress and prevents them from reaching systems and networks

Question 30

HIDS

Answer 30

Host-based Intrusion Detection System

A type of IDS that monitors all traffic on a single host systems like a server or workstation.

Question 31

EFS

Answer 31

Encrypted File System

A technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

It is used in Microsoft Windows NTFS-based public key encryption.

Question 32

IDS

Answer 32

Intrusion Detection System

• Device or software application that monitors a network or systems for malicious activity or policy violations
• Monitors network traffic but traffic doesn’t go through the IDS (out-of-band)
• Has protocol analyzing capabilities.
• Can identify and respond to an attack but only after it has already started
• 2 types of detection:
  
  • Signature-based, like an AV program, uses database of known vulnerabilities
  • Heuristic/Behavioral-based identifies normal behavior and creates a baseline. Then detects deviations from baseline.

Question 33

VMLM

Answer 33

Virtual Machine Lifecycle Management

A collection of processes designed to help administrators oversee the implementation delivery operation and maintenance of VMs over the course of their existence

Question 34

RTOS

Answer 34

Real-Time Operating System

• OS that reacts to inputs within a specified time
• Processing must be completed within the specified constraints or system doesn’t process the data and typically reports an error

Question 35

CRC

Answer 35

Cyclical Redundancy Check

Function used to produce a checksum in order to detect errors in data storage or transmission.

Question 36

CMS

Answer 36

Content Management System

Computer software used to manage the creation and modification of digital content.

Typically used for enterprise and web content management.

Question 37

BYOD

Answer 37

Bring Your Own Device

A policy of permitting employees to bring personally owned devices (laptops, tablets, smartphones, etc.) to work and to use those devices to access privileged company information and applications.

Question 38

EOL

Answer 38

End of Life

A product that is at the end of its useful life. At this stage a vendor stops the marketing selling or provision of parts services or software updates for the product.

Question 39

WIDS

Answer 39

Wireless Intrusion Detection System;

A type of NIDS that scans the radio frequency spectrum for possible threats to the wireless network primarily rogue access points

Question 40

UAT

Answer 40

User Acceptance Testing

Process of verifying that a solution works for the end user

Question 41

TPM

Answer 41

Trusted Platform Module

• A hardware chip on the motherboard included with many laptops and some mobile devices
• It provides full disk encryption
• Compare with HSM

Question 42

SoC

Answer 42

System on Chip

An embedded systems component that consolidates the functionality of a CPU memory module and peripherals

Question 43

DNAT

Answer 43

Destination Network Address Translation

• Technique for transparently changing the destination IP address of an end route packet and performing the inverse function for any replies.
• Commonly used to publish a service located in a private network on a publicly accessible IP address.
• AKA port forwarding.

Question 44

SDN

Answer 44

Software Defined Network

Approach to networking that uses software-based controllers or application programming interfaces (APIs) to communicate with underlying hardware infrastructure and direct traffic on a network

Question 45

VDE

Answer 45

Virtual Desktop Environment

Users access a server hosting virtual desktops and run the desktop operating system from the server.

Question 46

UEFI

Answer 46

Unified Extensible Firmware Interface

• Method used to boot some systems
• Performs many of same functions as BIOS but includes some enhancements
• Intended to replace BIOS firmware
• Can be upgraded using flashing

Question 47

WAF

Answer 47

Web Application Firewall

A firewall specifically designed to protect a web application like a web server.

It inspects the content of web server traffic and can detect malicious content.

Question 48

VTC

Answer 48

Video Teleconferencing

Provides live, interactive communications for collaborative meetings, instructional courses, and informational presentations.

Feedback between participating groups is live and real-time.

A VTC is like a conference call that includes a visual element.

Question 49

loT

Answer 49

Internet of Things

Network of physical objects (things) that are embedded with sensors software and other technologies for the purpose of connecting and exchanging data with other devices and systems over the Internet.

Question 50

FACL

Answer 50

File System Access Control List

A data structure (usually a table) containing entries that specify individual user or group rights to specific system objects such as programs, processes, or files.

Entries are called access-control entities (ACEs) in Windows NT, OpenVMS, and UNIX-like OSs.

Question 51

CC

Answer 51

Common Criteria (for IT Security Evaluation)

An international standard for computer security certification.

Typically completed for the use of Federal Government agencies and critical infrastructure.

Question 52

VLAN

Answer 52

Virtual Local Area Network

A logical method of segmenting a network at the Data Link layer layer 2) of the OSI model

Question 53

ACL

Answer 53

Access Control List

List of rules used by routers and stateless firewalls. These devices use the ACL to control traffic based on networks, subnets, IP addresses, ports, and some protocols.

Question 54

SCADA

Answer 54

Supervisory Control and Data Acquisition

• System used to control an ICS (industrial control system) such as a power plant or water treatment facility
• Ideally located within an isolated network

Question 55

TCB

Answer 55

Trusted Computing Base

The hardware, firmware, and software components of a computer system that are critical to the security of the system.

Question 56

WORM

Answer 56

Write Once Read Many

A data storage device in which information once written cannot be modified.

This write protection affords the assurance that the data cannot be tampered with once it is written to the device.

Question 57

HVAC

Answer 57

Heating Ventilation and Air Conditioning

A physical security control that increases availability by regulating airflow within data centers and server rooms.

Question 58

AUP

Answer 58

Acceptable Use Policy

• Stipulates the constraints and practices that a user must agree to in order to access a corporate network and/or the Internet.
• Many businesses and educational facilities require that employees or students sign an acceptable use policy before being granted a network ID.

Question 59

SAN

Answer 59

Storage Area Network

• Specialized, high-speed network that provides block-level network access to storage
• Presents storage devices to a host such that the storage appears to be locally attached
• Typically a dedicated network of storage devices not accessible through the LAN

Question 60

SED

Answer 60

Self-Encrypting Drive

Includes all the hardware and software to:

• encrypt all drive data
• securely store the encryption keys

Question 61

LAN

Answer 61

Local Area Network

Computer network that interconnects computers within a limited area such as a residence school laboratory university campus or office building.

Question 62

SCSI

Answer 62

Small Computer System Interface

Set of standards for physically connecting and transferring data between computers and peripheral devices

Question 63

BAC

Answer 63

Business Availability Center

HP software that optimizes the availability, performance and effectiveness of business services and applications.

Helps organizations understand the business impact an outage or degradation may have on business services and applications.

Question 64

NIDS

Answer 64

Network-based Intrusion Detection System

A system that uses passive hardware sensors to monitor traffic on a specific segment of the network

Question 65

URI

Answer 65

Uniform Resource Identifier

• Unique sequence of characters that identifies a logical or physical resource used by web technologies
• May be used to identify anything, including real-world objects, such as people and places, concepts, or information resources such as web pages and books
• A URL is a type of URI

Question 66

DLP

Answer 66

Data Loss Prevention

Software that detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in use, in motion, and at rest.

Question 67

EULA

Answer 67

End User License Agreement

A legal contract entered into between a software developer or vendor and the user of the software.

Question 68

MAN

Answer 68

Metropolitan Area Network

• Computer network that interconnects users with computer resources in a geographic region of the size of a metropolitan area
• Bigger than a LAN but smaller than a WAN

Question 69

MAC

Answer 69

Media Access Control

• 48bit physical address assigned a network interface cards (NICs).
• Also called hardware address or physical address

Question 70

CCTV

Answer 70

Closed-Circuit Television

The use of video cameras to transmit a signal to a specific place, on a limited set of monitors.

AKA Video Surveillance.

Question 71

DBA

Answer 71

Database Administrator

DBSs use specialized software to store and organize data.

The role may include capacity planning, installation, configuration, database design, migration, performance monitoring, security, troubleshooting, as well as backup and data recovery.

Question 72

VM

Answer 72

Virtual Machine

• A virtualized computer that consists of an operating system and applications that run in a virtual environment that simulates dedicated physical hardware
• 3 types:
  
  • Type I - run directly on system hardware (vs. within an OS)
  • Type II - run as software within an OS
  • Application cell/container virtualization - runs services or applications within isolated application cells/containers

Question 73

ERP

Answer 73

Enterprise Resource Planning

A category of business management software that an organization can use to collect store manage and interpret data from many core business activities such as HRM and Accounting.

Question 74

HIPS

Answer 74

Host-based Intrusion Protection System

A type of IPS that monitors all traffic on a host computer system such as a server or workstation.

If malicious activity is detected, it reacts in real time to block it.

Question 75

HTML

Answer 75

Hypertext Markup Language

The standard markup language for documents designed to be displayed in a web browser.

Question 76

AV

Answer 76

Antivirus

Software that protects systems against most malware including:

• viruses
• Trojans
• worms

Question 77

GPO

Answer 77

Group Policy Object

• Technology used with MS Windows to manage users and computers.
• Implemented on a domain controller within a domain.
• Provides centralized management and configuration of operating systems applications and users’ settings in an Active Directory environment.

Question 78

ASP

Answer 78

Application Service Provider

A company that offers individuals or enterprises access to applications and related services over the internet. The term has largely been replaced by software as a service (SaaS) provider, although in some parts of the world, companies use the two labels interchangeably.