3.0

Question 1

LDAP/ LDAPS

Answer 1

Lightweight Directory Access Protocol/LDAP Secure
A standard protocol designed to maintain and access “directory services” within a network
Port 389 and 636

Question 2

UTM

Answer 2

Unified Threat Management
All-in-one security appliance. When multiple security features or services are combined into a single device within your network.

Question 3

PKI

Answer 3

Public Key Infrastructure
Framework managing digital certificates, encryption keys, and authentication processes, facilitating secure communication and data protection.

Question 4

802.1X

Answer 4

A standard used in network security that provides port-based authentication to devices attempting to connect to a network. You don’t get access to the network until you authenticate.

Question 5

PEAP

Answer 5

Protected Extensible Authentication Protocol
A security protocol used for authenticating clients in wireless and wired networks.

Question 6

EAP-FAST

Answer 6

EAP Flexible Authentication via Secure Tunneling
An EAP method that enables secure communication between a client and an authentication server by using Transport Layer Security (TLS) to establish a mutually authenticated tunnel

Question 7

CASB

Answer 7

Cloud access security broker
An on-premises or cloud based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies.

Question 8

FDE

Answer 8

Full disk encryption
A security technology used to encrypt all data stored on a computer’s hard drive or storage device. Encrypt everything on the drive

Question 9

SED

Answer 9

Self-encrypting drive
A type of storage device (such as a hard drive or solid-state drive) that includes built-in hardware-based encryption capabilities.

Question 10

Containerization

Answer 10

A lightweight virtualization technology that allows applications and their dependencies to be packaged and isolated into containers.

Question 11

MAC filtering

Answer 11

Media access control filtering
A network security technique used to control which devices can connect to a network based on their MAC addresses. Limit access through the physical hardware address.

Question 12

MDM

Answer 12

Mobile Device Management
A type of software solution that helps organizations manage and secure mobile devices used by employees within their network. Manage company-owned and user-owned mobile devices

Question 13

COPE

Answer 13

Corporate-Owned, Personally Enabled
A mobile device management strategy used by organizations to manage company-owned devices while allowing employees some level of personal use.

Question 14

VDI/VMI

Answer 14

Virtual Desktop Infrastructure/Virtual Mobile Infrastructure
VDI is a technology that allows users to access a desktop environment virtually, rather than having a physical computer at their desk. VMI is similar to VDI but focuses on virtualizing mobile device environments, such as smartphones or tablets.
– The apps are separated from the mobile device
– The data is separated from the mobile device

Question 15

WPA2

Answer 15

Wi-Fi Protected Access 2
It’s a security protocol used to protect wireless networks from unauthorized access and data interception.

Employs the Advanced Encryption Standard AES with a 128-bit key.

Question 16

WPS

Answer 16

Wi-Fi Protected Setup
Wi-Fi Protected Setup (WPS) is a network security standard that was created to simplify the process of connecting devices to a secure wireless network.

Question 17

RBAC

Answer 17

Role-based access control
A method of restricting network access based on the roles of individual users within an organization.

Question 18

ABAC

Answer 18

Attribute-based access control
A more flexible access control model that uses attributes about users, systems, and the environment to make access control decisions. Ex. location, time, and device, as well as username and password.

Question 19

DAC

Answer 19

Discretionary Access Control
A type of access control where the owner of a resource determines who can access that resource and what permissions they have. DAC, access decisions are based on the discretion of the resource owner, who can grant or revoke access rights to users or groups.

Question 20

MAC

Answer 20

Mandatory Access Control
Access control scheme uses labels to grant access, controlling data access and preventing unauthorized use.

Question 21

VLAN

Answer 21

Virtual local area network
A network segmentation technique used to divide a single physical network into multiple logical networks

Question 22

Measured Boot

Answer 22

Ensures boot process integrity by measuring and comparing cryptographic hashes of key components.

Question 23

Trusted Boot

Answer 23

Establishes a chain of trust during startup, verifying firmware and OS integrity using hardware-based security features like TPM.

Process verifies the digital signature of the OS kernel

Question 24

Secure Boot

Answer 24

Prevents unauthorized software execution during boot by verifying digital signatures of bootloader and OS components.

Question 25

NGFW

Answer 25

Next-generation firewall
An advanced network security solution that combines traditional firewall capabilities with additional features such as intrusion prevention, application awareness, and advanced threat detection and mitigation.

Question 26

IPSec

Answer 26

Internet Protocol Security
A suite of protocols used to secure and encrypt communication over IP networks. Send information in the layer 3 public internet but encrypt the data
Uses Authentication Header (AH) for integrity and Encapsulation Security Payload (ESP) for encryption.

Question 27

SSL

Answer 27

Secure Sockets Layer
It ensures that data exchanged between a web server and a web browser remains confidential, integral, and authenticated. However, it’s worth noting that SSL has been largely replaced by its successor, Transport Layer Security (TLS), which offers enhanced security features and improved protocols.

Question 28

CA

Answer 28

Certificate Authority
Is the trusted authority that certifies individuals’ identities and creates electronic documents indicating that individuals are who they say they are.

Question 29

TACACS+

Answer 29

Terminal Access Controller Access-Control System Plus
A network authentication, authorization, and accounting (AAA) capabilities, a remote authentication protocol, which allows a remote access server to communicate with an authentication server to validate user access onto the network.

Question 30

Kerberos

Answer 30

A network authentication protocol designed to provide secure authentication for client-server applications over a non-secure network, such as the internet.

Question 31

TPM

Answer 31

Trusted Platform Module
A specialized hardware component or microchip designed to provide security-related functions on a computing device.
Ex. enables hard drive encryption

Question 32

HSM

Answer 32

Hardware Security Module
A security device you can add to a system to manage, generate, and securely store cryptographic keys.

Question 33

Proxies

Answer 33

Proxies are servers that act as middlemen between your device (like a computer or phone) and the internet. They help with things like hiding your IP address, filtering content, speeding up web browsing by storing copies of web pages, and balancing internet traffic across multiple servers.

Question 34

SMTP

Answer 34

Simple Mail Transfer Protocol
The standard Internet protocol used to transfer e-mail between hosts.
Protocol number 25

Question 35

S/MIME

Answer 35

Secure/Multipurpose Internet Mail Extensions
A protocol that adds a layer of security to email messages. It provides encryption and digital signatures to ensure the confidentiality, integrity, and authenticity of email communication.

Question 36

DLP

Answer 36

Data Loss Prevention
Solutions serve to prevent sensitive data from leaving the network without notice.

Question 37

Boot Attestation

Answer 37

Boot attestation verifies the integrity of a computer’s boot process using cryptographic signatures to ensure only trusted software components are loaded, preventing unauthorized alterations.

Question 38

Tokenization

Answer 38

Is the process of substituting a surrogate value, called a token, for a sensitive data element.

Question 39

Salting

Answer 39

Is the process of adding a random element to a value before performing a mathematical operation like hashing.

Question 40

Hashing

Answer 40

A process of converting input data (such as text, files, or passwords) into a fixed-size string of characters using a hash function. Hashing is commonly used for data integrity verification, password storage, digital signatures, and indexing data structures.

Question 41

Static code analysis

Answer 41

Is when the code is examined without being executed.

Question 42

Dynamic code analysis

Answer 42

Analyzes the code during execution.

Question 43

Fuzzing

Answer 43

(or fuzz testing) is a brute force method of addressing input validation issues and vulnerabilities.

Question 44

Registry

Answer 44

Configuration options for the OS are located in the Registry.

Question 45

Zero Trust

Answer 45

Zero trust network is a network that doesn’t trust any devices by default, even if it was previously verified.

Question 46

NGSWG

Answer 46

Next-Gen Secure Web Gateway
Provides proxy services for traffic from clients to Internet sites, such as filtering URLs and scanning for malware.

Question 47

MAM

Answer 47

Mobile Application Management
Manages applications on mobile devices. Provision, update, and remove apps.

Question 48

Jump server

Answer 48

A hardened server used to access and manage devices in another network with a different security zone.

Question 49

UEM

Answer 49

Unified Endpoint Management
to ensure systems are kept up to date with current patches, have antivirus software installed with up-to-date definitions, and are secured using standard security practices.

Question 50

MDM

Answer 50

Mobile device management
Includes the technologies to manage mobile devices with the goal to ensure these devices have security controls in place to keep them secure.
Ex. Application management, Full device encryption, Passwords and PINs

Question 51

SAML

Answer 51

Security Assertion Markup Language

A single sign-on capability used for web applications to ensure user identities can be shared and areprotected.

Question 52

Key Escrow

Answer 52

It is the process of placing a copy of a private key in a safe environment. A system by which your private key is kept both by you and by a third party.

Question 53

DNSSEC

Answer 53

Domain Name System Security Extensions

Allows for the verification of DNS data and denial of existence and ensures data integrity for DNS. However, it does not offer confidentiality or availability controls.

Question 54

NAT Gateway

Answer 54

Network Address Translation Gateway
hosts NAT and provides internal clients with private IP addresses a path to the internet.

Question 55

RADIUS

Answer 55

Remote Authentication Dial-In User Service
Used to provide AAA for network services,
a networking protocol that authorizes and authenticates users who access a remote network.

Question 56

PAP

Answer 56

Password Authentication Protocol
is a simple, plain-text password-based authentication protocol used by Point-to-Point Protocol (PPP) to validate users.

Question 57

Resource policies

Answer 57

Identity and access management (IAM)
– Who gets access, what they get access to on the cloud
This allows your organization to set restrictions, manage the resources, and manage cloud costs

Question 58

WPA3

Answer 58

Wi-Fi Protected Access 3

-WPA3 is the latest security protocol for wireless networks, designed to enhance Wi-Fi security.

-Uses Simultaneous Authentication of Equals (SAE) for a more secure handshake process, making it harder for attackers to crack passwords through brute-force attacks.