vocabularyS

Question 1

S/MIME

Answer 1

Secure/Multipurpose Internet Mail Extensions is an application layer secure e-mail protocol that uses an encryption system.

Question 2

SBU

Answer 2

Sensitive but Unclassified is information that has some controls built into it. It is available on a need-to-know basis, but is not classified to the degree that a security clearance is needed to access it.

Question 3

Scalar Processor

Answer 3

A type of processor that handles linear executions one instruction at a time. Pipelining may be invoked in this type of processor.

Question 4

Screened Host

Answer 4

A firewall architecture in which a packet filtering router is placed between the trusted and untrusted networks and a bastion host is placed between the packet filtering router and the trusted network.

Question 5

Screened Subnet

Answer 5

A firewall architecture configuration in which a small subnet is attached to the bastion host creating a DMZ that is perfect for a Web server.

Question 6

Script Kiddie

Answer 6

An amateur cracker with few real skills that uses virus-generation software to create virus code.

Question 7

SDLC

Answer 7

Synchronous Data Link Control is a data transmission protocol developed in the 1970s by IBM to ease connections to mainframe computers.

Question 8

Secondary Memory

Answer 8

Nonvolatile memory such as hard disks, floppy disks, USB drives, memory sticks, and memory drives. Secondary memory is used to copy data when the machine will be turned off.

Question 9

Secret Information

Answer 9

Information that is intended for managers of government organizations. Requires an elevated security clearance and requirement to know of the information in order to perform a task or duties.

Question 10

Security Kernel

Answer 10

A collection of components that work together to provide the reference monitors functions.

Question 11

Security Label

Answer 11

A concept that assigns a classification level to objects.

Question 12

Security Policy

Answer 12

A policy that represents the management and organizations position on security. It dictates the organizations strategy and attitude towards general and specific security issues.

Question 13

Sensor

Answer 13

A type of physical access control that detects movement, then activates an alarm. Some types of sensors may be infrared motion detectors and gas detectors.

Question 14

Separation of Privilege

Answer 14

A security control architecture where a single user is never allowed to complete a sensitive task. This type of architecture requires two or more authorized users to complete a task.

Question 15

Sequential Access

Answer 15

The act of accessing memory in a sequential order.

Question 16

Server

Answer 16

The computer that runs administrative software and controls access to the network and other resources.

Question 17

SESAME

Answer 17

Secure European System for Applications in a Multivendor Environment is an authentication service for use in Europe. SESAME uses public key cryptography to distribute secret keys and a Privilege Attribute Certificate mechanism which contains key information and the necessary authentication packet to pass authentication.

Question 18

Session Hijacking

Answer 18

An attack in which the attacker intercepts the credentials of a valid session. The attacker then acts as though he/she is a valid user.

Question 19

Session Layer

Answer 19

The layer of the ISO/OSI reference model that manages sessions and synchronizes data flow. The session layer logically connects to the other machine, maintaining session information to create a flow of messages back and forth.

Question 20

SET Protocol

Answer 20

Secure Electronics Transactions protocol is an application layer protocol developed by Visa and MasterCard to authenticate the sender and the receiver. It uses digital certificates and signatures to provide data confidentiality and integrity.

Question 21

SHA-1

Answer 21

Secure Hash Algorithm is a hashing algorithm developed by the National Institute of Standards and Technology in which the input can be any size and it generates a 160-bit digest.

Question 22

Shoulder Surfing

Answer 22

An observation technique in which information is obtained by looking over someones shoulder.

Question 23

Simulated Test

Answer 23

A type of test in which the DRP team evaluates specific scenarios and partially tests the plan by simulating as much of a disaster as is feasible.

Question 24

Single State

Answer 24

An operating state in which the system is capable of handling information only one security level at a time.

Question 25

SKIP

Answer 25

Simple Key Management for Internet Protocols is a transport layer security protocol that provides high availability using encryption.

Question 26

Skipjack

Answer 26

A symmetric cryptographic algorithm standard that operates on 64-bit blocks and uses an 80-bit key.

Question 27

SLE

Answer 27

Single Loss Expectancy is the amount that is expected to be lost from a single realized threat in one year.

Question 28

Smart Card

Answer 28

A device that provides identification and/or authentication for the bearer. A smart card is a technical control which contains a magnetic strip or a computer chip that can be read by a card reader.

Question 29

SMTP

Answer 29

Simple Mail Transfer Protocol is a TCP/IP protocol used on the Internet to route e-mail messages from one computer to another computer on a network.

Question 30

Sniffing

Answer 30

The act of monitoring data that travels across a network. Sniffers can be inserted almost anywhere in a network and are difficult to detect.

Question 31

Social Engineering

Answer 31

The process of convincing an authorized user to perform an unauthorized action. The target may or may not realize that they are helping an attacker compromise the system.

Question 32

Software

Answer 32

Anything that can be stored electronically. Software is a set of instructions or source code that accomplish a task when executed.

Question 33

Software Configuration Management

Answer 33

A philosophy of formal management and documentation of each step in software development cycles.

Question 34

Software Escrow Arrangement

Answer 34

An arrangement ensuring a copy of the software licensed by the organization has been put into a secure location. The arrangement is made to protect the organization and to allow them to retain ownership rights of the software if the software provider goes out of business.

Question 35

Software Piracy

Answer 35

Installing and/or using any software that is not legally licensed for that particular machine.

Question 36

Spamming

Answer 36

A type of DoS attack that floods the mail server with useless messages in order to reduce the availability of the mail server.

Question 37

Spoofing

Answer 37

A technique used by hackers to gain entry to a system by modifying packet headers so as to appear as a trusted host.

Question 38

SQL Server

Answer 38

Structured query language server is a client/server relational database management system.

Question 39

SSL

Answer 39

Secure Sockets Layer is a protocol that uses a public key to encrypt data sent during communication over the Internet.

Question 40

SSO

Answer 40

Single Sign-On is a method that allows the users to have a domain of control. SSO simplifies the authentication process by allowing the users to authenticate themselves into an entry point of a domain which signs them into every component of the domain.

Question 41

Star Topology

Answer 41

A LAN topology with a central device, such as a hub or a repeater, that all nodes are connected to and all messages must travel through.

Question 42

State Machine Model

Answer 42

A mathematical model that shows the state of a system, which is a snapshot of all instances of subjects and objects.

Question 43

Stealth

Answer 43

A virus that not only infects files, but covers its tracks to hide its existence from antivirus software.

Question 44

Steganography

Answer 44

A cryptographic practice in which the fact that a message is encrypted is hidden.

Question 45

STP

Answer 45

Shielded twisted pair is a UTP with a layer of foil wrapped around all of the pairs protecting them from emanations.

Question 46

Stream Cipher

Answer 46

A category of cipher in which each character is encrypted.

Question 47

Structured Walk-through

Answer 47

A test in which the DRP team leader uses role-playing to simulate a disaster. This type of test provides an opportunity for immediate feedback and open discussion.

Question 48

Substitution Cipher

Answer 48

A type of cipher that replaces each character of a plaintext message with something else. A table of plaintext characters and their associated substitute characters or a simple algorithm are all that is needed to use this type of cipher.

Question 49

Superscalar

Answer 49

A type of processor that handles multiple instructions executed at one time; the instructions are handled through hardware or software. Many pipeline stages can be executed simultaneously.

Question 50

SWIPE

Answer 50

A network layer security protocol for IP that provides transport layer security, confidentiality, integrity, and availability for IP.

Question 51

Switch

Answer 51

A device in a network that forwards packets and filters to different ports with specific network addresses. Switches operate at the data-link or network layer.

Question 52

Symmetric Algorithm

Answer 52

An algorithm in which the same key is used to encrypt and decrypt messages. A symmetric algorithm may also be called a secret key algorithm.

Question 53

Synchronized Device

Answer 53

A token device that generates time-based passwords to correspond with a central server.

Question 54

System High

Answer 54

A monolithic security level which only allows handling of data that all users are cleared to access.