Acronyms Flashcards

Question

CAN

Answer 1

Controller area network. | vehicle specific standard that allows the various components of the vehicle to communicate

Answer 2

Completely Automated Public Turing Test to Tell Computers and Humans Apart

Answer 3

Cloud Access Security Broker | enforces cloud-based security requirements. Placed between cloud and an organization's resources.

Answer 4

Cipher Block Chaining Some symmetric encryption ciphers use this. There is an IV for the first block, and each subsequent block is combined with the previous block.

Answer 5

Cloud Controls Matrix | from Cloud Security Alliance. This is a set of best practices specifically for security controls in the cloud.

Answer 6

Counter mode with Cipher block chaining Message authentication code Protocol Encryption protocol based on AES. Used with WPA2 for wireless security.

Answer 7

Closed Circuit Television | Video surveillance cameras.

Answer 8

Canonical Encoding Rules | Base format for PKI certificates. ASCII encoded.

Answer 9

Computer Emergency Response Team | responds to security incidents

Answer 10

Challenge Handshake Authentication Protocol

Answer 11

Confidentiality, integrity, availability security triad. Confidentiality - look for something involving encryption Integrity - look for a hashing algorithm Availability - look for something with redundancy

Answer 12

Chief Information Officer

Answer 13

Continuity of Operations Planning Setting up a set of sites to provide an alternate location for operations after a critical outage. Hot site, cold site, warm site.

Answer 14

Continuity of Operations ``` Phase I - Readiness and Preparedness Phase II - Activation and Relocation: transfer activities, personnel, records, and equipment to alternate facilities Phase III - Continuity Operations: full execution of essential operations at alternate operating facilities Phase IV – Reconstitution: operations at alternate facility are terminated and normal operations resume ```

Answer 15

Corporate-Owned, Personally Enabled | Mobile device deployment model. Organization purchases and issues devices to employees. Compare to BYOD and CYOD

Answer 16

Certification Revocation List | list of certificates that a Certificate Authority has revoked

Answer 17

Cloud Security Alliance Cloud Controls Matrix | reference doc that maps cloud security controls to various regulatory standards

Answer 18

Cybersecurity Framework | Private sector equivalent of the RMF. Includes framework core, framework implantation tiers, and framework profiles

Answer 19

Certificate Signing Request | how you request a certificate from a CA

Answer 20

Counter Mode | Used for encryption that combines an IV with a counter and uses that combination to encrypt blocks

Answer 21

Chief Technology Officer

Answer 22

Common Vulnerabilities and Exposures | dictionary of publicly known security vulnerabilities and exposures

Answer 23

Choose Your Own Device Policy where employees can connect to the organization's network with their own personal device but only if that device is on an approved list. This limits headaches with IT support to a few models, but still has security headaches.

Answer 24

Discretionary Access Control | Files and folders have owners, and owners can modify the permissions for the objects.

Answer 25

Distributed Denial of Service

Answer 26

Data Execution Prevention Some operating systems have this, which blocks code from executing from memory regions that are marked as nonexecutable. This blocks some types of malware.

Answer 27

Distinguished Encoding Rules | Base format for PKI certificates. BASE64 binary encoded files. Compare to CER.

Answer 28

Digital Encryption Standard

Answer 29

Diffie-Hellman | Asymmetic algorithm for privately sharing symmetric keys. DHE uses ephemeral keys, recreated for each session.

Answer 30

Dynamic Host Configuration Protocol | assigns IP addresses, subnet masks, default gateways, DNS server addresses, etc.

Answer 31

used to prevent unauthorized DHCP servers

Answer 32

Diffie-Hellman Ephemeral | DHE uses ephemeral keys, recreated for each session. Sometimes seen as EDH

Answer 33

Dynamic-link library | we use a LOT of .dll files!

Answer 34

attack that injects a Dynamic Link Library into memory and runs it

Answer 35

Data Loss Prevention End-point DLP systems can prevent users from copying or printing sensitive data, such as how A365 won't let me download attachments. Network-based DLP systems monitor outgoing email and monitor data stored in the cloud.

Answer 36

Demilitarized Zone

Answer 37

Domain Name System. Resolves hostnams to IP addresses. DNS poisoning is an attack that modifies or corrupts DNS results. DNSSEC prevents DNS poisoning.

Answer 38

Domain Name System Security Extensions | protects a DNS server against some forms of attack

Answer 39

Denial of Service

Answer 40

Disaster Recovery Plan

Answer 41

Digital Signature Algorithm | Endorsed by the US federal government for creating digital signatures under Digital Signature Standard.

Answer 42

Extensible Authentication Protocol | this is a framework that provides general guidance for auth methods

Answer 43

EAP Flexible Authentication via Secure Tunneling | Cisco designed protocol used with 802.1X. Optionally supports certificates.

Answer 44

EAP using Transport Layer Security One of the most secure EAP standards. Widely implemented. Requires certificates on both the 802.1X server and each wireless client.

Answer 45

EAP using Tunneled Transport Layer Security Allows systems to use older authentication methods such as PAP, within a TLS tunnel. Requires a certificate on the 802.1X server but not on the clients.

Answer 46

Elliptic Curve Cryptography Asymmetric encryption algorithm. Common on smaller wireless devices. Uses smaller key sizes and requires less processing than most other encryption methods.

Answer 47

Elliptic Curve DHE | Version of DH that uses elliptic curve cryptography to generate encryption keys

Answer 48

Exposure factor (also Entity Framework but that's not relevant) If a database server is compromised and all of the sensitive information is stolen, that would be an exposure factor of 100%. If half the customer data is all that could be stolen, that's an EF of 50%.

Answer 49

Electromagnetic Interference Caused by motors, power lines, etc. EMI shielding can prevent outside interference from corrupting data and prevents data from leaking outside of a cable.

Answer 50

Encapsulating Security Protocol | part of IPsec that provides encryption

Answer 51

Extended Service Set ID When ESSID broadcasting has been disabled, the name of the WLAN will not be listed as those available for connection. Users will need to enter the name of the WLAN manually.

Answer 52

Function as a Service Cloud service model that is a subset of PaaS. The cloud service provider offers a platform that executes the customer's code in response to discrete events. Customer is billed based on resources consumed during each code execution event.

Answer 53

False Acceptance Rate | used for biometric authentication

Answer 54

Full Disk Encryption

Answer 55

Family Educational Rights and Privacy Act

Answer 56

Federal Information Security Management Act | Law that requires government agencies to comply with security standards

Answer 57

False Rejection Rate | used for biometric authentication

Answer 58

Galois/Counter Mode | Used with encryption. Combines CTM mode with hashing

Answer 59

General Data Protection Regulation | regulation in the European Union for protecting personal data of anybody living in the EU

Answer 60

Gramm-Leach-Bliley Act | Law requiring financial institutions to protect the privacy of their customers’ data

Answer 61

Global Positioning System

Answer 62

Host Based Intrusion Detection System

Answer 63

Health Insurance Portability and Accountability Act | Law protecting health related data

Answer 64

Host Based Intrusion Prevention System

Answer 65

Hash Based Message Authentication Code often combined with MD5 and SHA-1 as HMAC-MD5 and HMAC-SHA1. Used to verify integrity and authentication of a message with the use of a shared secret

Answer 66

HMAC-based One Time Password | HOTP passwords do not expire until they are used, unlike TOTP

Answer 67

Hardware Security Module | removable or external device that can generate, store, and manage keys used in asymmetric encryption

Answer 68

Hypertext Markup Language | who doesn't already know this one?

Answer 69

Heating, Ventilation, Air Conditioning

Answer 70

Infrastructure as a Service | allows an organization to rent access to hardware. This was our first cloud migration, the one David did

Answer 71

Infrastructure as Code | think terraform, or SDN (software defined networking)

Answer 72

Internet Control Message Protocol Used for diagnostics such as ping. Because some DoS attacks use ICMP, it is best to block ICMP on firewalls and routers. Does NOT use a port!

Answer 73

Industrial Control System | controls large systems such as power plants.

Answer 74

Intrusion Detection System | detects but does not prevent intrusions. Can be either host-based (HIDS) or network-based (NIDS)

Answer 75

Institute of Electrical and Electronics Engineers | often pronounced "eye triple E". Professional organization that sets a lot of standards we use, such as 802.1X

Answer 76

Internet Group Management Protocol Used for multicasting. A computer that belongs to a multicasting group will have a multicasting IP address in addition to a standard unicast IP address

Answer 77

Internet Information Services | MS Windows web server. We use this for local testing on our dev VMs.

Answer 78

Internet of Things | usually refers to smart devices such as wearable tech and home automation systems.

Answer 79

Intrusion Prevention System | placed inline with traffic. Compare to IDS which just reports possible issues without preventing them.

Answer 80

Internet Protocol Security

Answer 81

Internet Protocol version 4. | This uses a 32 bit IP address such as 192.168.1.1

Answer 82

Internet Protocol version 6 uses a 128-bit address and has IPSec built into it. It does not include NAT. Rules based on static IPv6 addresses may not work since dynamic addresses are heavily used in IPv6 networks. Reputation services are rare and less useful for IPv6 traffic. IPv6 traffic may bypass many existing IPv4 security tools.

Answer 83

Internet Service Provider

Answer 84

Initialization Vector provides randomization of encryption keys so that if an attacker cracks the encryption for one session, he will have to start over to crack it for a different session because the IV will be different.

Answer 85

Key Distribution Center | aka Ticket Granting Ticket server (TGT). Part of the Kerberos protocol for network authentication

Answer 86

Layer 2 Tunneling Protocol

Answer 87

Local Area Network

Answer 88

Local Area Network Manager

Answer 89

Media Access Control & Mandatory Access Control media: 48 bit address used to identify network interface cards. Aka hardware address or physical address. Usually written as six pairs of hex digits. mandatory: This access control scheme restricts access based on sensitivity labels and also need to know. It is the strongest type of access control. Think "Top Secret" as one of the sensitivity labels.

Answer 90

attack that changes the source address to impersonate an authorized system (the MAC address)

Answer 91

attack against a switch that tries to overload the switch, by repeatedly spoofing the MAC address

Answer 92

Message Digest 5 hashing function used to provide integrity. Creates 128-bit hashes also referred to as MD5 checksums. this is NOT secure enough for cryptographic uses however it is still a reasonable choice when used as a checksum

Answer 93

Mobile Device Management

Answer 94

Multi-function printer As long as they support TLS for web access, their encryption is not a concern. Valid concerns include exposure of sensitive data from copies and scans, acting as a reflector or amplifier for network attacks.

Answer 95

Machine Learning System that is taught to classify items by giving it explicit classified examples, then the machine learns from that to recognize and classify items.

Answer 96

Multimedia Messaging Service | extension of SMS, allowing users to include pictures, short videos, etc in their text messages

Answer 97

Microsoft Challenge Handshake Authentication Protocol. | If you use this use the MS-CHAPv2 version which provides mutual authentication

Answer 98

Master Service Agreement provides an umbrella contract for work that a vendor does with an organization over an extended period of time. Typically this includes detailed security and privacy requirements.

Answer 99

Mean Time Between Failures

Answer 100

Mean time to failure used when you expect failure to mean you can't repair the device when it fails. If you can repair it, then use MTBF instead

Answer 101

Mean Time to Recover Mean Time to Repair average time needed to repair a failed component or device

Answer 102

Network Access Control inspects clients to ensure they are healthy before granting access to the network. Unhealthy clients are redirected to a remediation network. MAC filtering is a form of NAC.

Answer 103

Network Address Translation | translates public IP addresses to private IP addresses and vice versa

Answer 104

Non-disclosure Agreement

Answer 105

Near Field Communication allows mobile devices to communicate with nearby mobile devices. Near being a few inches, so it's hard for a hacker to intercept.

Answer 106

Network Interface Card

Answer 107

Network Based Intrusion Detection System | detects attacks and raises alerts but does not prevent attacks

Answer 108

Network Based Intrusion Prevention System | detects and stops attacks in progress. Placed in-band with traffic.

Answer 109

National Institute of Standards and Technology

Answer 110

New Technology LAN Manager | Windows suite of protocols that provide CIA. Uses MD4 and MD5, so is not secure. Don’t use it.

Answer 111

NT LanManager authentication. Both NTLM and NTLMv2 are insecure and should not be used. They use MD4 and MD5 hashing. Mostly found on Windows NT, but there are implementations of it on Linux.

Answer 112

Network Time Protocol

Answer 113

Open source standard for Authorization and Internet based SSO. Focus is on authorization not authentication.

Answer 114

Online Certificate Status Protocol alternative to using CRL. You can query a CA with the serial number of a cert, and it will reply with good, revoked, or unknown

Answer 115

OpenID Connect | open source standard used for identification on the Internet. Builds on OpenID and uses OAuth2. Uses a JSON token.

Answer 116

Authentication standard maintained by the OpenID Foundation. Provider holds the user's credentials and websites that support OpenID prompt users to enter their OpenID

Answer 117

Open Systems Interconnection OSI model divides different networking requirements into seven layers: physical, data link, network, transport, session, presentation, application. Good mnemonic: Please Do Not Throw Sausage Pizza Away.

Answer 118

Open Source Intelligence | method of gathering data using public sources such as social media and news outlets

Answer 119

``` PKCS#12 DER based (binary) format for PKI certificates ```

Answer 120

``` PKCS#7 CER based (ASCII) format for PKI certificates. Used to share public keys ```

Answer 121

Platform as a Service Cloud computing where cloud vendor provides and maintains the hardware and operating system. This is what we have on MADE now.

Answer 122

Privileged Access Management protects access to privileged accounts. implements just-in-time administration, where users get elevated privileges for a short time only when needed

Answer 123

Password Authentication Protocol | Insecure authentication protocol, where passwords are sent across the network in cleartext. Don't use it.

Answer 124

Port Address Translation (aka NAT Overload)

Answer 125

Password-Based Key Derivation Function 2 | Key stretching algorithm which adds a salt to the password.

Answer 126

Portable Document Format | type of file for documents. Think Adobe Acrobat Reader

Answer 127

Protected Extensible Authentication Protocol | Extension of EAP. Requires certificate on the 802.1X server.

Answer 128

Privacy Enhanced Mail | Common format for PKI certificates. Can use either CER or DER.

Answer 129

Personal Information Exchange format for PKI certificates, from before P12 format. This is used in Windows for storing certificates in binary format. P7B is similarly used in Windows for storing certificates in text format.

Answer 130

Pretty Good Privacy

Answer 131

Personal Health Information

Answer 132

Personally Identifiable Information

Answer 133

Personal Identification Number

Answer 134

Personal Identity Verification card | similar to our CAC cards, but CAC are DoD only and PIV is not specifically DoD but is federal govt

Answer 135

Public Key Infrastructure

Answer 136

Post Office Protocol v3 | email on port 110 (unencrypted) and port 995 (encrypted)

Answer 137

Preshared Key

Answer 138

Potentially Unwanted Programs | installed on users' systems without their awareness or consent. Sometimes legit, sometimes Trojans or spyware.

Answer 139

Recovery Agent Designated person who can recover or restore cryptographic keys. In some cases an RA will recover a private key from a key escrow, in others they will recover data without recovering the private key.

Answer 140

Remote Authentication Dail-in User Service central auth for remote access clients only encrypts the password packets, uses UDP

Answer 141

Redundant Array of Inexpensive Disks Multiple disks used together to increase performance and/or prevent single points of failure RAID-0 - disk striping. Improves performance, no fault tolerance RAID-1 - disk mirroring. Provides fault tolerance, no better performance. RAID-5 - disk striping with parity, uses 3+ disks RAID-6 - disk striping with parity, uses 4+ disks RAID-10 - disk mirroring with striping. Needs at least 4 disks, always uses even number of disks.

Answer 142

Random Access Memory

Answer 143

Remote Access Service

Answer 144

Remote Access Trojan

Answer 145

Role Based Access Control & Rule Based Access Control

Answer 146

Rich Communication Services extension of SMS and MMS RCS supports everything MMS does and adds a few additional features

Answer 147

Remote Desktop Protocol | uses port 3389

Answer 148

Radio Frequency Interference

Answer 149

Radio Frequency Identification | often used for inventory control

Answer 150

Risk Management Framework identifies and manages risk. Seven steps: prepare, categorize info sys, select security controls, assess security controls, authorize info sys, monitor security controls

Answer 151

rogue access point

Answer 152

Return on Investment

Answer 153

Substitution cipher that uses a key of 13. Rotate letters through the alphabet 13 spaces, encryption forward, decryption backward, wrapping as needed.

Answer 154

Recovery Point objective amount of data you can afford to lose used to determine where data loss is acceptable, and in the case where new data was lost because you restored from a backup, the timeframe in which your operations must be restored following a disruptive event. See also RTO which is similar.

Answer 155

Rivest, Shamir, Adleman | Asymmetric encryption algorithm, using public and private key pairs.

Answer 156

Rapid Spanning Tree Protocol | often enabled on switches to protect against switching loops

Answer 157

Recovery Time Objective | Max amount of time it should take to restore a system after an outage

Answer 158

Real Time Operating System

Answer 159

Secure/Multipurpose Internet Mail Extensions Used to secure email, both at rest and in transit. uses RSA with public and private keys, so sender and receiver need each other's public key.

Answer 160

Software as a Service Cloud computing model this is something like O365 or webmail

Answer 161

Simultaneous Authentication of Equals Wifi auth protocol introduced with WPA3. Uses DH to avoid sending a preshared key over the network. Does not send a password over the network, even encrypted.

Answer 162

Security Assertions Markup Language XML based standard used to exchange authentication and authorization info between different parties. Provides SSO for web-based applications.

Answer 163

Storage Area Network also Subject Alternate Name, which is an attribute of web certificates that lists additional domains allowed to use the certificate.

Answer 164

Supervisory Control and Data Acquisition typically a SCADA is in an isolated network, no direct access to the internet, and manages multiple industrial controls such as for a power plant

Answer 165

Secure Copy | based on SSH port 22, allows users to copy encrypted files over a network

Answer 166

Software Defined Network | replaces hardware routers

Answer 167

Software Defined Visibility | allows viewing of all cloud based traffic so it can be analyzed

Answer 168

Self Encrypting Drive | drive that includes hardware and software needed to encrypt itself, built into the drive

Answer 169

Security Enhanced Linux

Answer 170

Secure Hash Algorithm | hashing function used to provide integrity. Don't use SHA-1, use SHA-2 (Sha-256, SHA-512, SHA-224, SHA-384) or SHA-3.

Answer 171

Shadow information technology | Unauthorized systems or applications installed on a network. This increases risks because these systems aren't managed.

Answer 172

Security Information and Event Management | centralized solution for collecting, analyzing, and managing log data from multiple sources

Answer 173

Subscriber Identity Module | SIM card in a mobile device. Identifies what countries or networks the device will use.

Answer 174

Session Initiation Protocol | Used to establish and maintain network sessions related to voice and video such as VoIP

Answer 175

Service Level Agreement | stipulates performance expectations, such as maximum downtime levels

Answer 176

Single Loss Expectancy | monetary value of a single loss. Used to measure risk in a quantitative risk assessment.

Answer 177

Short Message Service | text messaging

Answer 178

Secure Orchestration, Automation, and Response Tools used to automatically respond to low-level security events. Runbooks are checklists that create automated responses, and playbooks are the automated actions created from the runbooks.

Answer 179

System on a chip integrated circuit that includes a computing system (often entire OS) in the hardware. Many mobile devices include one. Think Raspberry Pi for other uses.

Answer 180

Spam over Instant Messaging

Answer 181

Single Point of Failure any component whose failure results in the failure of an entire system. We want to avoid this, so we use RAID, failover clustering, UPS, redundancy, etc.

Answer 182

Structured Query Language

Answer 183

Secure Real-time Transport Protocol | secure version of RTP. used for audio/video streaming

Answer 184

Solid state drive

Answer 185

Service Set Identifier the name of a wireless network don't use the default name or a name that identifies you. Disabling SSID broadcast prevents casual users from finding you but an attack can still do find the network. Keeping the default name gives an attacker clues as to what vulnerabilities you might have.

Answer 186

Secure Sockets Layer | predecessor to TLS. Don't use SSL any more - it's too easy to crack.

Answer 187

Single Sign On

Answer 188

Server-side request forgery. This tricks a server into visiting a URL based on user-supplied input. Only possible when a web application accepts URLs from a user as input and then retrieves information from that URL. If the server has access to non-public URLs, this kind of attack can disclose that non-public information to an attacker.

Answer 189

Spanning Tree Protocol

Answer 190

Synchronize first packet in a TCP handshake. In a SYN flood attack, attackers send SYN packet but don't reply to the SYN/ACK packet.

Answer 191

Terminal Access Controller Access-Control System+ | alternative to RADIUS. Encrypts the entire authentication process, using multiple challenges and responses.

Answer 192

Trusted Automated eXchange of Intelligence Information | a major technical specification for automated indicator sharing

Answer 193

Total Cost of Ownership

Answer 194

Transmission Control Protocol | provides guaranteed delivery of IP traffic

Answer 195

Ticket Granting Ticket | used with Kerberos. a KDC or TGT server issues timestamped tickets that expire after a certain time period

Answer 196

Transport Layer Security | encrypts data in transit. Replacement for SSL. Uses certificates issued by CAs.

Answer 197

Time-based One-Time Password | open standard for creating a one time password. TOTP passwords expire in 30 seconds.

Answer 198

Trusted Platform Module hardware chip found on many newer motherboards. Includes a unique RSA asymmetric key. Generates and stores other keys used for encryption. Provides full disk encryption.

Answer 199

Unmanned aerial vehicles

Answer 200

User Datagram Protocol Delivers packets more quickly than TCP but without any guarantee that they will arrive. Useful for sending character position info in a game when that is being sent every 50ms, because even if half the packets are dropped the humans might not even notice.

Answer 201

Unified Extensible Firmware Interface | used to boot some systems instead of a BIOS

Answer 202

Uninterruptible Power Supply | battery backup with line conditioning

Answer 203

Uniform Resource Identifier | similar to a URL, slightly different format

Answer 204

Uniform Resource Locator | a type of URI. Used by browsers to locate webpages

Answer 205

the purchase of a domain name that is very close to a legitimate domain name. AKA typo squatting

Answer 206

redirects web traffic to a different page or different site

Answer 207

Universal Serial Bus serial connection used to connect things like keyboard, mouse, printer, etc. When using a USB drive it is best to encrypt any data stored on them. Don't ever connect a strange USB drive to your computer - that's often a trick with the drive containing malware.

Answer 208

USB On the Go | cable used to connect mobile devices to other devices such as external media.

Answer 209

Unified Threat Management Security appliance that combines multiple security controls into a single solution. Often includes URL filtering, malware inspection, content inspection, and inspection of data streams for malicious content.

Answer 210

Virtualized Desktop Infrastructure reproduces a desktop operating system as a virtual machine on a remote server. Accessed using a desktop PC or a mobile device. AVD would be one example.

Answer 211

Virtual Local Area Network used to logically group several different computers together or logically separate them, no matter their physical location. A single switch can create multiple VLANs. A virtual switch can also create VLANs.

Answer 212

Virtual Machine

Answer 213

At attack that allows an attacker to access the host system from within a virtual machine.

Answer 214

Vulnerability that occurs when there are VMs that aren't being managed. Typically a user creates a VM without getting official permission to do so, so the IT doesn't know it needs to apply patches, etc.

Answer 215

Voice over IP

Answer 216

Virtual Private Network

Answer 217

Web Application Firewall inspects contents of traffic to a web server, can detect and block some types of malicious content such as cross-scripting attacks

Answer 218

Wide Area Network

Answer 219

Wireless Access Point

Answer 220

Wireless Access Point | aka Access Point

Answer 221

Wired Equivalent Privacy

Answer 222

Wireless Local Area Network

Answer 223

Wi-Fi Protected Access

Answer 224

WiFi Protected Access 2 Secure version of WPA. Supports CCMP for encryption, which uses AES. In Enterprise mode it uses an 802.1X server for authentication. In personal mode (WPA2-PSK) it uses a preshared key.

Answer 225

WiFi Protected Access 3 newest wireless cryptographic protocol. uses Simultaneous Authentication of Equals (SAE) instead of PSK. SAE is based on DH key exchange.

Answer 226

WiFi Protected Setup Allows users to easily configure a wireless network but is open to attack. WPS brute force attacks can discover the PIN used with WPA2.

Answer 227

Wifi Protected Setup attack an attack against an access point that discovers the 8 digit WPS PIN and then uses it to discover the AP passphrase. WPA3 is resistant to this type of attack.

Answer 228

Anything As A Service | Cloud computing model that covers those models that don't fit into IaaS, PaaS, or SaaS.

Answer 229

Cross-Site Request Forgery Web application attack to trick users into performing actions on websites without their knowledge (such as making purchases). Sometimes allows the attacker to steal cookies and harvest passwords.

Answer 230

Cross-site Scripting Web application vulnerability that allows attackers to inject scripts into webpages. Often used to capture cookies. Input validation on the server side helps prevent this, or a web app firewall.

Answer 231

Cipher Feedback Mode | each previous block ciphertext is encrypted and fed into the algorithm to encrypt the next block

Answer 232

Electronic Code Book | Given the same plaintext, always gives the same ciphertext. NOT secure.

Answer 233

Output Feedback Mode AES block cipher mode similar to the CFB mode. What mainly differs from CFB is that the OFB mode relies on XOR-ing plaintext and ciphertext blocks with expanded versions of the initialization vector.

Answer 234

Programmable Logic Controller | specialized computer interface that controls industrial devices such as manufacturing robots and centrifuges.

Answer 235

Automatic Private IP Assignment protocol used to assign an IP address from the range of 169.254.0.0/16 when the system can't find a DHCP server or static assignment. So if you see a question showing a computer that has IP address of 169.254.188.19 or something similar, then it was assigned by APIPA.

Answer 236

Managed security service provider | Outsourcing some of your security work

Acronyms Flashcards

(260 cards)