Acronym Security+ Flashcards

Question

UTP

Answer 1

Unshielded Twisted Pair

Answer 2

Unified Threat Management

Answer 3

USB On-The-Go

Answer 4

Universal Serial Bus

Answer 5

Universal Resource Locator

Answer 6

Uniform Resource Identifier

Answer 7

Uninterruptible Power Supply

Answer 8

Unified Endpoint Management

Answer 9

Unified Extensible Firmware Interface *A type of system firmware providing support for a 64-bit CPU operation at boot, full GUI and mouse operation at boot and better boot security

Answer 10

User and Entity Behavior Analytics

Answer 11

User Datagram Protocol

Answer 12

User Acceptance Testing

Answer 13

Tactics, Techniques, and Procedures

Answer 14

Transaction Signature

Answer 15

Trusted Platform Module *A specification for hardware based storage of digital certificates, keys, hashed passwords, and other user and platform identification information *A TPM can be managed in Windows via the tpm.msc console or group policy

Answer 16

Time-based One Time Password *A password is computed from a shared secret and current time

Answer 17

Transport Layer Security *Cryptographic protocol to encrypt online communications. *Uses certificates and asymmetrical cryptography to authenticate hosts and exchange security keys *Better option than SSL which functions similarly

Answer 18

Temporal Key Integrity Protocol

Answer 19

Ticket Granting Ticket

Answer 20

Transmission Control Protocol/Internet Protocol

Answer 21

Trusted Automated eXchange of Intelligence Information *The trusted transportation to securely exchange STIX information

Answer 22

Terminal Access Controller Access Control System *Cisco's proprietary version of RADIUS *Port 49 (TCP) *Encrypts the entire payload of the access-request packet *Primarily used for device administration *Separates authentication and authorization *part of 802.1x (along with RADIUS)

Answer 23

Secure Web Gateway

Answer 24

Shielded Twisted Pair

Answer 25

Structured Threat Information eXpression *Standardized format for threats *Includes motivations, abilities, capabilities and response information Part of AIS

Answer 26

Single Sign-on *A default user profile for each user is created and linked with all of the resources needed *Compromised SSO credentials are a big security breach

Answer 27

Secure Sockets Layer

Answer 28

Service Set Identifier

Answer 29

Secure Shell

Answer 30

Solid State Drive

Answer 31

Secure Real-time Transport Protocol

Answer 32

SQL Injection

Answer 33

Structured Query Language

Answer 34

Spam over Instant Messaging

Answer 35

Sender Policy Framework

Answer 36

Security Operations Center

Answer 37

System on Chip *A processor that integrates the platform functionality of multiple logical controllers onto a single chip *They are power efficient and used with embedded systems (IoT)

Answer 38

Security Orchestration, Automation, Response

Answer 39

Simple Object Access Protocol

Answer 40

Simple Network Management Protocol

Answer 41

Simple Mail Transfer Protocol Secure

Answer 42

Simple Mail Transfer Protocol

Answer 43

Short Message Service

Answer 44

Secure/Multipurpose Internet Mail Extensions

Answer 45

Server Message Block

Answer 46

Single Loss Expectancy *Describes how much money we will lose if a single event occurs *ARO X SLE = ALE

Answer 47

Service-level Agreement *Agreement between a service provider and users defining the nature, availability, quality and scope of the service to be provided *Specifies performance requirements for a vendor (and penalties)

Answer 48

Session Initiation Protocol *Protocol used for managing real-time sessions that include voice, video, application sharing or IM services

Answer 49

Subscriber Identity Module

Answer 50

Security Information and Event Management

Answer 51

Secure Hashing Algorithm

Answer 52

SSH File Transfer Protocol

Answer 53

Structured Exception Handling *Provides control over what the application should do when faced with a runtime or syntax error

Answer 54

Self-Encrypting Drives *Can provide whole disk encryption *The controller can automatically encrypt data that is written to it on the disk drive

Answer 55

Software-defined Visibility

Answer 56

Service Delivery Platform

Answer 57

Software-defined Networking

Answer 58

Software Development Life-cycle Methodology

Answer 59

Software Development Life Cycle

Answer 60

Software Development Kit

Answer 61

Simple Certificate Enrollment Protocol

Answer 62

Security Content Automation Protocol

Answer 63

Supervisory Control and Data Acquisition *A type of industrial control system that manages large-scale, multiple-site devices and equipment spread over geographical region *Typically run as software on ordinary computers to gather data from and manage plant devices and equipment with embedded PLCs (Programmable Logic Controller - a type of computer designed for deployment in an industrial / outdoor setting that can automate and monitor mechanical systems)

Answer 64

Security Assertions Markup Language

Answer 65

Simultaneous Authentication of Equals

Answer 66

Software as a Service

Answer 67

Secure/Multipurpose Internet Mail Extensions

Answer 68

Real-time Transport Protocol

Answer 69

Real-time Operating System

Answer 70

Recovery Time Objective *Maximum tolerable period of time required for restoring business functions after a failure or disaster

Answer 71

Remotely Triggered Black Hole

Answer 72

Rivest, Shamir, & Adleman

Answer 73

Recovery Point Objective *maximum tolerable point in time to which systems and data must be recovered after an outage

Answer 74

Return on Investment

Answer 75

RACE Integrity Primitives | Evaluation Message Digest

Answer 76

Radio Frequency Identification

Answer 77

Request for Comments

Answer 78

Rich Communication Services *a technology designated as a successor to SMS and MMS

Answer 79

Rivest Cipher version 4 *A legacy symmetric encryption algorithm *Rivest Cipher 4 (Ron Rivest) *Part of the original WEP standard (no longer in use in today's wireless) *Also part of the SSL Standard (But when TLS replaced SSL, RC4 was also replaced) *One problem: Biased output Uncommon today

Answer 80

Remote Access Server

Answer 81

Remote Access Server

Answer 82

Random Access Memory

Answer 83

Redundant Array of Inexpensive Disks

Answer 84

Remote Authentication Dial-in User Service *Provides centralized administration of dial-up, VPN, and wireless authentication services for 802.1x and the Extensible Authentication Protocol (EAP) *Operates at the application layer *Authentication = Port 1812 or 1645 *Authorization = Port 1813 or 1646 Standard ports vs proprietary

Answer 85

Rapid Application Development

Answer 86

Registration Authority

Answer 87

Quality of Service

Answer 88

Quality Assurance

Answer 89

Potentially Unwanted Program

Answer 90

Pan-Tilt-Zoom

Answer 91

Pre-shared Key

Answer 92

Point-to-Point Tunneling Protocol

Answer 93

Point-to-Point Protocol

Answer 94

Plain Old Telephone Service

Answer 95

Post Office Protocol

Answer 96

Proof of Concept

Answer 97

Public Key Infrastructure

Answer 98

Public Key Cryptography Standards

Answer 99

Personal Identity Verification

Answer 100

Personal Identification Number

Answer 101

Personally Identifiable Information

Answer 102

Personal Health Information

Answer 103

Pretty Good Privacy

Answer 104

Perfect Forward Secrecy

Answer 105

Privacy Enhanced Mail

Answer 106

Protected Extensible Authentication Protocol

Answer 107

Protected Extensible Authentication Protocol

Answer 108

Portable Executable

Answer 109

Power Distribution Unit

Answer 110

Payment Card Industry Data Security Standard

Answer 111

Packet Capture

Answer 112

Private Branch Exchange

Answer 113

Password-based Key Derivation Function 2

Answer 114

Port Address Translation *Router keeps track of requests from internal hosts by assigning them random high number ports for each request

Answer 115

Password Authentication Protocol *Used to provide authentication but is not considered secure since it transmits login credentials in the clear

Answer 116

Pluggable Authentication Modules

Answer 117

Privileged Access Management

Answer 118

Proxy Auto Configuration

Answer 119

Platform as a Service

Answer 120

Peer-to-Peer

Answer 121

Open Web Application Security Project

Answer 122

Open Vulnerability and Assessment Language

Answer 123

On-The-Go *technology enables establishing direct communication links between two USB devices (ex: mobile phone to usb port)

Answer 124

Over-The-Air

Answer 125

Operational Technology *A communications network designed to implement an industrial control system rather than data networking *Industrial Systems prioritize availability and integrity over confidentiality *(ICS, SCADA vulnerabilities)

Answer 126

Open-source Intelligence

Answer 127

Open-source Intelligence

Answer 128

Open Systems Interconnection

Answer 129

Operating System

Answer 130

Object Identifier

Answer 131

Online Certificate Status Protocol *allows the browser to check for certificate revocation

Answer 132

Network Time Protocol *Protocol used to synchronize computer clock times in a network. *One of the oldest parts of the TCP/IP protocol suite *ensures the reliability of the Kerberos authentication process

Answer 133

New Technology LAN Manager

Answer 134

New Technology File System

Answer 135

Network Operations Center

Answer 136

National Institute of Standards & Technology *CSF = NIST's voluntary framework outlining best practices for computer security

Answer 137

Network-based Intrusion Prevention System

Answer 138

Network-based Intrusion Detection System

Answer 139

Network Interface Card

Answer 140

Next-generation Secure Web Gateway

Answer 141

Next-generation Firewall

Answer 142

Network Function Virtualization

Answer 143

Near-field Communication

Answer 144

Non-disclosure Agreement

Answer 145

Network Address Translation *Process of changing an IP address while it transits across a router *NAT can help hide network IPs

Answer 146

Network-attached Storage A storage appliance that is placed on the network. *Specially designed to store data more efficiently than standard data methods *(Note a SAN often includes many NAS. A SAN = storage area network, which is a an actual network of devices that have the sole purpose of storing data efficiently)

Answer 147

Network Access Control * Method of controlling who or what gains access to a wired or wireless network * Most cases NAC uses a combination of 802.1x security and some form of posture assessment for a device attempting to log into the network (a posture assessment considers the state of the requesting device (the device must meet a minimum set of standards before it is allowed access to the network. Ex: type of device, OS, patch level, presence of anti malware and is software up to date)

Answer 148

Maximum Transmission Unit

Answer 149

Mean Time to Repair

Answer 150

Mean Time to Failure

Answer 151

Mean Time Between Failures

Answer 152

Managed Security Service Provider *Provides outsourced monitoring and management of security devices and systems. *Common services: managed firewall, IDS, VPN, vulnerability scanning and anti viral services. *use high availability security operation centers to provide 24/7 services designed to reduce the number of operational security personnel an enterprise needs

Answer 153

Managed Service Provider *Delivers services (like network, application, infrastructure and security) via ongoing and regular support and active administration on customers premise.

Answer 154

Microsoft Challenge-Handshake

Answer 155

Measurement Systems Analysis *provides a way for a company to evaluate and assess the quality of the process used in their measurement systems. *ex six sigma *will assess the measurement itself and then be able to calculate any uncertainty that may be in place during the measurement process *Specifies generic terms to simplify negotiation of future contracts

Answer 156

Multiprotocol Label Switching

Answer 157

Memorandum of Understanding

Answer 158

Memorandum of Agreement

Answer 159

Multimedia Message Service

Answer 160

Machine Learning

Answer 161

Multifunction Printer

Answer 162

Multifunction Device

Answer 163

Multifactor Authentication

Answer 164

Mobile Device Management

Answer 165

Main Distribution Frame

Answer 166

Message Digest 5

Answer 167

Master Boot Record

Answer 168

Metropolitan Area Network

Answer 169

Mobile Application Management

Answer 170

Media Access Control *Address of a network card, the physical address (every adaptor has a different MAC address) *46 bits long (6 bytes) *1st section, is the OUI (manufacturer portion) 2nd section is the Serial Number *Switches interpret the MAC addresses *MAC flooding turns switch into a hub *One issue with MAC filtering, easy to circumvent, you just need a packet capturing device to see which MAC addresses are allowed to communicate and then simply spoof that address (MAC filtering attempts security through obscurity but is really not effective at all)

Answer 171

Monitoring as a Service

Answer 172

Lightweight Extensible Authentication Protocol *proprietary to Cisco based networks

Answer 173

Lightweight Directory Access Protocol *A databased used to centralize information about clients and objects on the network *Port 389 Unecrypted *Port 636 encrypted *(Active Directory is Microsoft's version)

Answer 174

Local Area Network

Answer 175

Layer 2 Tunneling Protocol

Answer 176

Key Encryption Key

Answer 177

Key Distribution Center

Answer 178

Initialization Vector

Answer 179

IT Contingency Plan

Answer 180

Information Systems Security Officer

Answer 181

Internet Service Provider

Answer 182

International Standards Organization

Answer 183

Internal Segmentation Firewall

Answer 184

Interconnection Security Agreement *Document that regulates security-relevant aspects of an intended connection between an agency and an external system. *Supports / usually proceeded by a MOU / MOA

Answer 185

Incident Response Plan

Answer 186

Internet Relay Chat

Answer 187

Incident Response

Answer 188

Internet Protocol Security

Answer 189

Intrusion Prevention System

Answer 190

Internet Protocol *IPv4 32-bit addressing scheme that provides over 4B possible unique addresses *commonly represented in dotted decimal format *3 ways of transmitting data through networks: unicast, multicast (1 to few), broadcast (1 to many) *IPv6 128 bit that provides over 340 undecillion possible unique addresses (eventually this will over take IPv4 as IPv4 is currently running out.) *Commonly represented in comma separated hexadecimal *Unicast, multicast and anycast (to replace broadcast)

Answer 191

Internet of Things

Answer 192

Indicators of Compromise *A specific activity that could indicate that someone is now inside your network *Ex: Increase traffic, could be normal or could indicate data exfiltration *Ex: files that should have constant hash values, are now different (hacker is modifying trusted documents)

Answer 193

Internet Message Access Protocol v4

Answer 194

Instant Messaging

Answer 195

Internet Key Exchange

Answer 196

Institute of Electrical and Electronics Engineers

Answer 197

Intrusion Detection System

Answer 198

Identity Provider *a trusted third-party service for validating user identity in a federated identity system

Answer 199

Intermediate Distribution Frame

Answer 200

International Data Encryption Algorithm

Answer 201

Industrial Control Systems *A network that manages embedded devices *Used for electrical power stations, water suppliers, health services, telecommunications, manufacturing and defense needs

Answer 202

Internet Control Message Protocol

Answer 203

Identity and Access Management

Answer 204

Infrastructure as a Service

Answer 205

Heating, Ventilation, Air-conditioning

Answer 206

Hyper Text Transfer Protocol Secure

Answer 207

Hyper Text Transfer Protocol

Answer 208

Hypertext Markup Language

Answer 209

Hardware Security Module as a Service

Answer 210

Hardware Security Module *An appliance for generating and storing cryptographic keys that is less susceptible to tampering and insider threats than software based storage

Answer 211

HMAC based One-time Password *A password is computed from a shared secret and is synchronized between the client and server *This was the original standard *Uses a counter, that increments with each new validation *It's still used but companies like Google use TOTP

Answer 212

Hash-based Message Authentication Code

Answer 213

Host-based Intrusion Prevention System

Answer 214

Host-based Intrusion Detection System

Answer 215

Hard Disk Drive

Answer 216

High Availability

Answer 217

Generic Routing Encapsulation

Answer 218

Graphics Processing Unit

Answer 219

Global Positioning System

Answer 220

Group Policy Object

Answer 221

GNU Privacy Guard

Answer 222

General Data Protection Regulation

Answer 223

Galois/Counter Mode

Answer 224

Electronic Serial Number

Answer 225

File Transport Protocol Secure

Answer 226

File Transfer Protocol

Answer 227

False Rejection Rate

Answer 228

Field Programmable Gate Array *A processor that can be programmed to perform a specific function by a customer rather than at the time of manufacture *End customer can configure the programming logic to run a specific application instead of using ASIC (application-specific integrated circuit) *(IoT) *considered an anti-tamper mechanism

Answer 229

File Integrity Monitoring

Answer 230

Full Disk Encryption

Answer 231

File-system Access Control List

Answer 232

Extended Service Set Identifier

Answer 233

Encapsulation Security Payload *member of IPSec *encrypts and authenticated packed if data between computers using a VPN *one of two layers of protection for IP sec (other is AH) *ESP + Ah can operate in two modes transport (less secure) and tunnel (more secure)

Answer 234

Enterprise Resource Planning

Answer 235

End of Service

Answer 236

End of Life

Answer 237

Extended Instructions Pointer *tracks the address of the current instruction running in an application *holds the address to (points to) the first byte of the next instruction to be executed

Answer 238

Encrypted File System

Answer 239

Endpoint Detection and Response

Answer 240

Elliptic-curve Digital Signature Algorithm

Answer 241

Elliptic-curve Diffie-Hellman Ephemeral

Answer 242

Elliptic-curve Cryptography

Answer 243

Electronic Code Book

Answer 244

Extensible Authentication Protocol *A framework of protocols that allows for numerous methods of authentication including passwords, digital certificates and public key infrastructure *EAP-MD5 uses simple passwords for challenge-authentication *EAP-TLS uses digital certificates for mutual authentication *EAP-TTLS uses server-side digital certificate and a client-side password for mutual authentication *EAP-FAST provides flexible authentication via secure tunneling (FAST) by using a protected access credential instead of a certificate for mutual authentication *Protected EAP - supports mutal authentication by using server certificates and Active Director to authenticate a client's passcode

Answer 245

Digital Subscriber Line

Answer 246

Digital Signature Algorithm

Answer 247

Disaster Recovery Plan

Answer 248

Data Protection Officer

Answer 249

Denial of Service

Answer 250

Domain Name System Security Extension

Answer 251

Domain Name System *Maps the IP addresses into a human-readable name and vice versa *Ex: IP address 1234… = professormesser.com *See also ARP and DHCP

Answer 252

Destination Network Address Translation

Answer 253

Domain Message Authentication Reporting and Conformance

Answer 254

Data Loss Prevention

Answer 255

Dynamic-link Library

Answer 256

Domain Keys Identified Mail

Answer 257

Diffie-Hellman Ephemeral

Answer 258

Dynamic Host Configuration Protocol *Network protocol that dynamically (automatically) assigns IP addresses to the computers or other devices on each LAN network *Can assign an IP address from within a given range *See also ARP and DNS *DHCP snooping = switch configured with a series of trusted interfaces that may have routers, switches and other DHCP servers on it, but it would have other interfaces that are not trusted, the switch is constantly monitoring the conversations

Answer 259

Data Encryption Standard *Created by the NSA and IBM b/n 1972 -1977, used to be the most popular symmetric encryption algorithm in use *Part of FIPs *Used 64-bit block cypher (encrypted 64 bits of data at a time) *Used a 56-bit key, which is small so now it is easy to brute force. *No longer practically used today as a result

Answer 260

Distinguished Encoding Rules *most popular way to store X.509 file certificates *DER encoding certificates are supported by almost all applications *Ex: OpenSSL and keytool

Answer 261

Data Execution Prevention

Answer 262

Distributed Denial of Service

Answer 263

Database Administrator

Answer 264

Discretionary Access Control

Answer 265

Choose Your Own Device

Answer 266

Common Vulnerability Scoring System

Answer 267

Common Vulnerabilities and Exposures

Answer 268

Chief Technology Officer

Answer 269

Counter-Mode

Answer 270

Channel Service Unit *hardware that concerts digital data frames from LAN into frames for WAN and vice versa *received and transmits signals to and from the WAN line and provided a barrier for electrical interference from either side of the unit *can echo loop back signals for testing purposes *connects the network provider side *CSU/DSU (Data service Unit). The DSU connects to your Data Terminal Equipment (often a router)

Answer 271

Cross-Site Request Forgery

Answer 272

Certificate Signing Request

Answer 273

Cloud Service Provider

Answer 274

Cyclic Redundancy Check

Answer 275

Contingency Planning

Answer 276

Corporate-owned Personally Enabled

Answer 277

Continuity of Operations Planning

Answer 278

Common Name

Answer 279

Content Management System

Answer 280

Center for Internet Security *Non profit organization focused on developing globally-recognized best practices for securing IT systems and data against cyber attacks

Answer 281

Computer Incident Response Team

Answer 282

Chief Information Officer

Answer 283

Challenge-Handshake Authentication Protocol *Used to provide authentication by using the user's password to encrypt a challenge string of random numbers *PAP and CHAP are mostly used with dial-up MS-CHAP = Microsoft's versions

Answer 284

Cipher Feedback

Answer 285

Computer Emergency Response Team

Answer 286

Closed Circuit Television

Answer 287

Counter-Mode/CBC-MAC Protocol

Answer 288

Cipher Block Chaining

Answer 289

Cloud Access Security Broker

Answer 290

Corrective Action Report

Answer 291

Completely Automated Public Turning Test to Tell Computers and Humans Apart

Answer 292

Certificate Authority

Answer 293

Bring Your Own Device

Answer 294

Basic Service Set Identifier

Answer 295

Bridge Protocol Data Unit *Primary protocol used by the Spanning tree protocol

Answer 296

Business Partnership Agreement

Answer 297

Basic Input Output Systems

Answer 298

Bourne Again Shell

Answer 299

Business Impact Analysis

Answer 300

Border Gateway Protocol *allows different autonomous systems on the internet to share routing information *more flexible than OSPF and can be used on larger networks *emphasis on determining the best path (OSPF, the fastest)

Answer 301

Business Continuity Plan

Answer 302

Acceptable Use Policy *Many organizations have them *Detailed documentation that covers how all of the different technologies in your environment should be used *Covers internet, telephones, computers, mobile devices *A way for employer to set expectations

Answer 303

Adversarial Tactics, Techniques and Common Knowledge *MITRE framework *Identify broad categories of attacks, find exact intrusions and how they are occurring and how attackers are moving around after the attack and identify security techniques that can help you block future attacks

Answer 304

Active Server Pages

Answer 305

Address Space Layout Randomization *Method used by programmers to randomly arrange the different address spaces used by a program or process to prevent buffer overflow exploits

Answer 306

Address Resolution Protocol *A way to translate IP address to MAC address. *Purpose is to find out the MAC address of a device on the LAN *used when IPV4 is used over ethernet *Helps resolve an address of a specific computer by sending a piece of information from the local computer to a remote computer where the server process is executed. This piece of information allows the server to identify the network system and provide the address *See also DHCP and DNS

Answer 307

Annualized Rate of Occurrence *The number of times / year something happens *ARO X SLE = ALE *can be based on historical data, how often a threat would be successful exploiting a vulnerability

Answer 308

Advanced Persistent Threat

Answer 309

Application Programming Interface

Answer 310

Access Point *Most APs allow you to configure MAC- level filtering to the AP itself

Answer 311

Annualized Loss Expectancy *ARO X SLE = ALE *The total number in dollars if an event occurs based on its frequency

Answer 312

Automated Indicator Sharing *A way to automate the process of gathering and disseminating threat information that’s secure *A way to process and move the information between organizations over the internet

Answer 313

Artificial Intelligence

Answer 314

Authentication Header *Can provide data integrity (Ex: in IPSec)

Answer 315

Advanced Encryption Standard 256bit *largest key size for AES (symmetric)

Answer 316

Advanced Encryption Standard *Most popular SYMMETRIC encryption in use today *Standard of the US Federal Government *Added to FIPS 197 in 2001 (It took five years to standardize and eventually replace DES) *128 cipher block encryption (in a single pass) *Supports 128, 192, and 256 bit key sizes *Ex: A wireless network where all information is encrypted with WPA2 uses AES

Answer 317

Active Directory *Directory servers that runs on Microsoft Windows Server *Main function is to enable administrators to manage permissions and control access to network resources

Answer 318

Access Control List *set of permissions that are then assigned to an object *Used in firewalls, switches, routers, and OS *All of them to some degree allow/restrict access to certain parts of the network or to an OS *They can be very specific (to ports) and / or very complex

Answer 319

Attribute Based Access Control *An access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together. *The policies can use any type of attributes (user attributes, resource attributes, environment attribute etc.). *Ex: Permit managers to **, provided that **, if ** or ** unless **

Answer 320

Authentication, Authorization, Accounting *Proving who you are *Deciding what you have access to *## Keeping track of who authenticated onto network

Answer 321

Triple Data Encryption Standard *Variant of DES that uses 3 different keys to perform the encryption process. (3 separate passes through the data) *Symmetrical *No longer use 3DES either *(AES is the workhorse encryption standard today)

Acronym Security+ Flashcards

(347 cards)