500 Flashcards Preview

Security > 500 > Flashcards

Flashcards in 500 Deck (100):
1

Filters that try to eliminate unwanted - unsolicited email sent in bulk

spam filters

2

A form of phishing in which the message is made to look as if it came from someone you know and trust as opposed to an informal third party

spear phishing

3

An attempt by someone or something to masquerade as someone/something else

spoofing

4

Software programs that work—often actively—on behalf of a third party

spyware

5

A replacement for FTP that allows secure copying of files from one host to another

SSH File Transfer Protocol (SFTP)

6

An access point's broadcasting of the network name

SSID broadcast

7

Derived from policies - a standard deals with specific issues or aspects of a business

standard

8

Inspections that occur at all levels of the network and provide additional security using a state table that tracks every communication channel

stateful inspection

9

A virus that attempts to avoid detection by masking itself from applications

stealth virus

10

The science of hiding information within other information - such as a picture

steganography

11

A method of encryption that encrypts streams of data rather than blocks

stream cipher

12

A database language that allows queries to be configured in real time and passed to database servers

Structured Query Language (SQL)

13

Using subnet values to divide a network into smaller segments

subnetting

14

A method of encryption in which one letter or item is substituted for another

substitution cipher

15

An outline of those internal to the organization who have the ability to step into positions when they open

succession planning

16

A network device that can replace a router or hub in a local network and get data from a source to a destination

switches

17

The keys used when the same key encrypts and decrypts data

symmetrical keys

18

A snapshot of what exists

system image

19

An exercise that involves individuals sitting around a table with a facilitator discussing situations that could arise and how best to respond to them

tabletop exercise

20

Following someone through an entry point

tailgating

21

Controls that rely on technology

technical controls

22

A protocol that functions at the Application layer of the OSI model - providing terminal emulation capabilities

Telnet

23

A wrapper that works with wireless encryption to strengthen WEP implementations

Temporal Key Integrity Protocol (TKIP)

24

An authentication system that allows credentials to be accepted from multiple methods - including Kerberos

Terminal Access Controller Access-Control System (TACACS)

25

Any perceivable risk's area of attack

threat vector

26

A database model that effectively isolates the end user from the database by introducing a middle server

three-tier model

27

A form of trust relationship often used between domains

transitive access

28

Trust gained because one party (A) trusts another party (B) - which then trusts another party ( C ) Since (B) trusts ( C ) then a relationship can exist where the first party (A) also may trust the third (c )

transitive trusts

29

The protocol found at the Host-to-Host layer of the Department of Defense (DoD) model

Transmission Control Protocol (TCP)

30

A protocol whose purpose is to verify that secure communications between a server and a client remain secure

Transport Layer Security (TLS)

31

An encryption method that involves transposing or scrambling the letters in a certain manner

transposition cipher

32

A symmetric block cipher algorithm used for encryption

Triple-DES (3DES)

33

A UDP-based protocol similar to FTP that doesn't provide the security or error-checking features of FTP

Trivial File Transfer Protocol (TFTP)

34

Any application that masquerades as one thing in order to get past scrutiny and then does something malicious

Trojan horse

35

Any operating system that meets the government's requirement for security

trusted operating system (TOS)

36

A method of using encryption and storing the passwords on a chip

Trusted Platform Module (TPM)

37

The act of sending data across a public network by encapsulating it into other packets

tunneling

38

Using two access methods as a part of the authentication process

two-factor authentication

39

A database model in which the client workstation or system runs an application that communicates with the database that is running on a different server

two-tier model

40

Virtualization method that is independent of the operating system and boots before the OS

Type I hypervisor

41

Virtualization method that is dependent on the operating system

Type II hypervisor

42

Creating domains that are based on the misspelling of another

typo squatting

43

A device that can provide short-term power - usually by using batteries

uninterruptible power supply (UPS)

44

Registering domains that are similar to those for a known entity but based on a misspelling or typographical error

URL hijacking

45

The protocol at the Host-to-Host layer of the TCP/IP Department of Defense (DoD)model - which corresponds to the Transport layer of the OSI model

User Datagram Protocol (UDP)

46

Eavesdropping on CRT and LCD displays by detecting their electromagnetic emissions

Van Eck phreaking

47

A multialphabet substitution cipher

Vigenère cipher

48

A local area network (LAN) that allows users on different switch ports to participate in their own network - separate from but still connected to the other stations on the same or a connected switch

virtual local area network (VLAN)

49

A system that uses the public Internet as a backbone for a private interconnection (network) between locations

virtual private network (VPN)

50

Emulating one or more physical computers on the same host

virtualization

51

A program intended to damage a computer system

virus

52

Combining phishing with Voice over IP (VoIP)

vishing

53

The amount of time that you have to collect certain data before a window of opportunity is gone

volatility

54

Identifying specific vulnerabilities in your network

vulnerability scanning

55

Markings left - often written in chalk - by those who discover a vulnerability that provides a way into the wireless network

war chalking

56

Driving around with a laptop looking for open wireless access points with which to communicate

war driving

57

A site that provides some capabilities in the event of a disaster

warm site

58

Identifying a site that is visited by those that they are targeting -

watering hole attack

59

A firewall that can look at every request between a web client and a web server and identify possible attacks

web application firewall (WAF)

60

Another term for social engineering

wetware

61

Phishing only large accounts

whaling

62

A wireless network operating in the 2.4 GHz or 5 GHz range

Wi-Fi

63

The second version of WPA

Wi-Fi Protected Access 2 (WPA2)

64

An authentication process that requires the user to do something in order to complete the enrollment process

Wi-Fi Protected Setup (WPS)

65

A Microsoft API used to interact with TCP/IP

Windows Sockets (Winsock) API

66

A security protocol for 802.11b (wireless) networks that attempts to establish the same security for them as would be present in a wired network

Wired Equivalent Privacy (WEP)

67

A connection device used for clients in a radio frequency (RF) network

wireless access point

68

Technology designed for use with wireless devices

Wireless Application Protocol (WAP)

69

Language used for Internet displays WAP-enabled devices can also respond to script

Wireless Markup Language (WML)

70

The security layer of the Wireless Applications Protocol (WAP) WTLS provides authentication - encryption - and data integrity for wireless devices

Wireless Transport Layer Security (WTLS)

71

The copy of the data currently in use on a network

working copy backup

72

An association concerned with interoperability - growth - and standardization of the World Wide Web (WWW) This group is the primary sponsor of XM: and other web-enabled technologies

World Wide Web Consortium (W3C)

73

The working group formed by the IETF to develop standards and models for the PKI environment

X.509

74

An advanced attack that tries to get around detection and send a packet with every single option enabled

Xmas attack

75

A specification designed to allow XMLbased programs access to PKI services

XML Key Management Specification (XKMS)

76

An attack that begins the very day an exploit is discovered

zero-day exploit

77

Any system taking directions from a master control computer

zombie

78

Port 23

Telnet

79

Port: 20 - 21

FTP – File Transport Protocol

80

Port: 22

SSH – Secure Shell

81

Port: 23

Telnet

82

Port: 25

SMTP – Simple Mail Transport Protocol

83

Port: 53

DNS – Domain Name System

84

Port: 67 - 68

DHCP – Dynamic Host Configuration Protocol

85

Port: 69

TFTP – Trivial File Transport Protocol

86

Port: 80

HTTP – Hypertext Transfer Protocol

87

Port: 443

HTTPS – Hypertext Transfer Protocol Secure

88

Port: 443

SSL VPN – Secure Sockets Layer virtual private network

89

Port: 110

POP3 – Post Office Protocol version 3

90

Port: 123

NTP – Network Time Protocol

91

Port: 143

IMAP4 – Internet message access protocol version 4

92

Port: 161

SNMP – Simple Network Management Protocol

93

Port: 500

IPsec – Internet Protocol security (through the use of ISAKMP – Internet Security Association and Key Management Protocol)

94

Port: 3389

RDP – Remote Desktop Protocol

95

Secure file transfers via SSL?

FTPS (via 990)

96

Backdoor port

1337

97

Port 88

kerberos

98

Name 3 block cipher algorithms

3des - aes - blowfish

99

Use low bandwidth connections to direct botnets to DDoS users

Smurf

100

Uses the Diffie-Hellman algorithm as its required (and currently - its only defined) key-exchange method.

SSH-2