Acronyms

Question 1

3DES

Answer 1

Triple Digital Encryption Standard. Typically used on hardware that doesn’t support AES. Most secure mode of operation of 3DES requires 3 keys. Using a single key is insecure, using 2 keys is somewhat secure.

Question 2

802.1X

Answer 2

Port based authentication protocol used in VPNs for wired and wireless networks.

Question 3

AAA

Answer 3

Authentication, Authorization, and Accounting.

Used in remote access systems.

Question 4

ABAC

Answer 4

Attribute-based access control
Grants access to resources based on attributes assigned to the objects and to the users too. Think Unclassified, CUI, Secret, Top Secret.

Question 5

ACE

Answer 5

Access Control Entry

Identifies a user or group that is granted permission to a resource.

Question 6

ACK

Answer 6

Acknowledge.

Part of the TCP handshake.

Question 7

ACL

Answer 7

Access Control List

List of rules used by routers and stateless firewalls to determine what traffic to allow access.

Question 8

AES

Answer 8

Advanced Encryption Standard

Symmetric key block cipher

Question 9

AH

Answer 9

Authentication Header

Question 10

ALE

Answer 10

Annualized Loss Expectancy

Question 11

AP

Answer 11

Access Point

also called Wireless Access Point (WAP)

Question 12

API

Answer 12

Application programming interface

Question 13

APT

Answer 13

Advanced Persistent Threat

usually sponsored by a nation state, has both capability and intent to launch sophisticated and targeted attacks.

Question 14

ARO

Answer 14

Annual rate of occurrence
Number of times a loss is expected to occur in a year. used to measure risk with ALE and SLE
SLE * ARO = ALE

Question 15

ARP

Answer 15

Address Resolution Protocol
Usually in the context of ARP Poisoning, which sends false MAC address updates so that traffic is redirected through an attacker’s system.

Question 16

ASCII

Answer 16

American Standard Code for Information Interchange

Question 17

AUP

Answer 17

Acceptable Use Policy

Question 18

BCP

Answer 18

Business continuity plan

includes disaster recovery elements used to return critical functions to operation after an outage

Question 19

BIA

Answer 19

Business impact analysis

Helps an organization identify critical systems and components, max downtime limits, potential losses from an incident.

Question 20

BIND

Answer 20

Berkeley Internet Name Domain

DNS software

Question 21

BIOS

Answer 21

Basic Input/Output System
Computer’s firmware for the settings such as boot drive and other things outside the operating system. Designated replacement is UEFI.

Question 22

BPDU guard

Answer 22

Bridge Protocol Data Unit guard
Detects false BPDU messages, because those can indicate a switching loop problem. This guard blocks against BPDU attacks.

Question 23

BYOD

Answer 23

Bring Your Own Device
Employees are allowed to connect to the corporate network using their own mobile devices. This has several problems both with security and with IT support.

Question 24

CA

Answer 24

Certificate Authority

Question 25

CAN

Answer 25

Controller area network.

vehicle specific standard that allows the various components of the vehicle to communicate

Question 26

CAPTCHA

Answer 26

Completely Automated Public Turing Test to Tell Computers and Humans Apart

Question 27

CASB

Answer 27

Cloud Access Security Broker

enforces cloud-based security requirements. Placed between cloud and an organization’s resources.

Question 28

CBC

Answer 28

Cipher Block Chaining
Some symmetric encryption ciphers use this. There is an IV for the first block, and each subsequent block is combined with the previous block.

Question 29

CCM

Answer 29

Cloud Controls Matrix

from Cloud Security Alliance. This is a set of best practices specifically for security controls in the cloud.

Question 30

CCMP

Answer 30

Counter mode with Cipher block chaining Message authentication code Protocol
Encryption protocol based on AES. Used with WPA2 for wireless security.

Question 31

CCTV

Answer 31

Closed Circuit Television

Video surveillance cameras.

Question 32

CER

Answer 32

Canonical Encoding Rules

Base format for PKI certificates. ASCII encoded.

Question 33

CERT

Answer 33

Computer Emergency Response Team

responds to security incidents

Question 34

CHAP

Answer 34

Challenge Handshake Authentication Protocol

Question 35

CIA

Answer 35

Confidentiality, integrity, availability
security triad.
Confidentiality - look for something involving encryption
Integrity - look for a hashing algorithm
Availability - look for something with redundancy

Question 36

CIO

Answer 36

Chief Information Officer

Question 37

COOP

Answer 37

Continuity of Operations Planning
Setting up a set of sites to provide an alternate location for operations after a critical outage. Hot site, cold site, warm site.

Question 38

COOP

Answer 38

Continuity of Operations

Phase I - Readiness and Preparedness
Phase II - Activation and Relocation: transfer activities, personnel, records, and
equipment to alternate facilities
Phase III - Continuity Operations: full
execution of essential operations at
alternate operating facilities
Phase IV – Reconstitution: operations at
alternate facility are terminated and normal
operations resume

Question 39

COPE

Answer 39

Corporate-Owned, Personally Enabled

Mobile device deployment model. Organization purchases and issues devices to employees. Compare to BYOD and CYOD

Question 40

CRL

Answer 40

Certification Revocation List

list of certificates that a Certificate Authority has revoked

Question 41

CSA CCM

Answer 41

Cloud Security Alliance Cloud Controls Matrix

reference doc that maps cloud security controls to various regulatory standards

Question 42

CSF

Answer 42

Cybersecurity Framework

Private sector equivalent of the RMF. Includes framework core, framework implantation tiers, and framework profiles

Question 43

CSR

Answer 43

Certificate Signing Request

how you request a certificate from a CA

Question 44

CTM

Answer 44

Counter Mode

Used for encryption that combines an IV with a counter and uses that combination to encrypt blocks

Question 45

CTO

Answer 45

Chief Technology Officer

Question 46

CVE

Answer 46

Common Vulnerabilities and Exposures

dictionary of publicly known security vulnerabilities and exposures

Question 47

CYOD

Answer 47

Choose Your Own Device
Policy where employees can connect to the organization’s network with their own personal device but only if that device is on an approved list. This limits headaches with IT support to a few models, but still has security headaches.

Question 48

DAC

Answer 48

Discretionary Access Control

Files and folders have owners, and owners can modify the permissions for the objects.

Question 49

DDoS

Answer 49

Distributed Denial of Service

Question 50

DEP

Answer 50

Data Execution Prevention
Some operating systems have this, which blocks code from executing from memory regions that are marked as nonexecutable. This blocks some types of malware.

Question 51

DER

Answer 51

Distinguished Encoding Rules

Base format for PKI certificates. BASE64 binary encoded files. Compare to CER.

Question 52

DES

Answer 52

Digital Encryption Standard

Question 53

DH

Answer 53

Diffie-Hellman

Asymmetic algorithm for privately sharing symmetric keys. DHE uses ephemeral keys, recreated for each session.

Question 54

DHCP

Answer 54

Dynamic Host Configuration Protocol

assigns IP addresses, subnet masks, default gateways, DNS server addresses, etc.

Question 55

DHCP Snooping

Answer 55

used to prevent unauthorized DHCP servers

Question 56

DHE

Answer 56

Diffie-Hellman Ephemeral

DHE uses ephemeral keys, recreated for each session. Sometimes seen as EDH

Question 57

DLL

Answer 57

Dynamic-link library

we use a LOT of .dll files!

Question 58

DLL Injection

Answer 58

attack that injects a Dynamic Link Library into memory and runs it

Question 59

DLP

Answer 59

Data Loss Prevention
End-point DLP systems can prevent users from copying or printing sensitive data, such as how A365 won’t let me download attachments. Network-based DLP systems monitor outgoing email and monitor data stored in the cloud.

Question 60

DMZ

Answer 60

Demilitarized Zone

Question 61

DNS

Answer 61

Domain Name System.
Resolves hostnams to IP addresses. DNS poisoning is an attack that modifies or corrupts DNS results. DNSSEC prevents DNS poisoning.

Question 62

DNSSEC

Answer 62

Domain Name System Security Extensions

protects a DNS server against some forms of attack

Question 63

DoS

Answer 63

Denial of Service

Question 64

DRP

Answer 64

Disaster Recovery Plan

Question 65

DSA

Answer 65

Digital Signature Algorithm

Endorsed by the US federal government for creating digital signatures under Digital Signature Standard.

Question 66

EAP

Answer 66

Extensible Authentication Protocol

this is a framework that provides general guidance for auth methods

Question 67

EAP-FAST

Answer 67

EAP Flexible Authentication via Secure Tunneling

Cisco designed protocol used with 802.1X. Optionally supports certificates.

Question 68

EAP-TLS

Answer 68

EAP using Transport Layer Security
One of the most secure EAP standards. Widely implemented. Requires certificates on both the 802.1X server and each wireless client.

Question 69

EAP-TTLS

Answer 69

EAP using Tunneled Transport Layer Security
Allows systems to use older authentication methods such as PAP, within a TLS tunnel. Requires a certificate on the 802.1X server but not on the clients.

Question 70

ECC

Answer 70

Elliptic Curve Cryptography
Asymmetric encryption algorithm. Common on smaller wireless devices. Uses smaller key sizes and requires less processing than most other encryption methods.

Question 71

ECDHE

Answer 71

Elliptic Curve DHE

Version of DH that uses elliptic curve cryptography to generate encryption keys

Question 72

EF

Answer 72

Exposure factor
(also Entity Framework but that’s not relevant)
If a database server is compromised and all of the sensitive information is stolen, that would be an exposure factor of 100%. If half the customer data is all that could be stolen, that’s an EF of 50%.

Question 73

EMI

Answer 73

Electromagnetic Interference
Caused by motors, power lines, etc. EMI shielding can prevent outside interference from corrupting data and prevents data from leaking outside of a cable.

Question 74

ESP

Answer 74

Encapsulating Security Protocol

part of IPsec that provides encryption

Question 75

ESSID

Answer 75

Extended Service Set ID
When ESSID broadcasting has been disabled, the name of the WLAN will not be listed as those available for connection. Users will need to enter the name of the WLAN manually.

Question 76

FaaS

Answer 76

Function as a Service

Cloud service model that is a subset of PaaS. The cloud service provider offers a platform that executes the customer’s code in response to discrete events. Customer is billed based on resources consumed during each code execution event.

Question 77

FAR

Answer 77

False Acceptance Rate

used for biometric authentication

Question 78

FDE

Answer 78

Full Disk Encryption

Question 79

FERPA

Answer 79

Family Educational Rights and Privacy Act

Question 80

FISMA

Answer 80

Federal Information Security Management Act

Law that requires government agencies to comply with security standards

Question 81

FRR

Answer 81

False Rejection Rate

used for biometric authentication

Question 82

GCM

Answer 82

Galois/Counter Mode

Used with encryption. Combines CTM mode with hashing

Question 83

GDPR

Answer 83

General Data Protection Regulation

regulation in the European Union for protecting personal data of anybody living in the EU

Question 84

GLBA

Answer 84

Gramm-Leach-Bliley Act

Law requiring financial institutions to protect the privacy of their customers’ data

Question 85

GPS

Answer 85

Global Positioning System

Question 86

HIDS

Answer 86

Host Based Intrusion Detection System

Question 87

HIPAA

Answer 87

Health Insurance Portability and Accountability Act

Law protecting health related data

Question 88

HIPS

Answer 88

Host Based Intrusion Prevention System

Question 89

HMAC

Answer 89

Hash Based Message Authentication Code
often combined with MD5 and SHA-1 as HMAC-MD5 and HMAC-SHA1. Used to verify integrity and authentication of a message with the use of a shared secret

Question 90

HOTP

Answer 90

HMAC-based One Time Password

HOTP passwords do not expire until they are used, unlike TOTP

Question 91

HSM

Answer 91

Hardware Security Module

removable or external device that can generate, store, and manage keys used in asymmetric encryption

Question 92

HTML

Answer 92

Hypertext Markup Language

who doesn’t already know this one?

Question 93

HVAC

Answer 93

Heating, Ventilation, Air Conditioning

Question 94

IaaS

Answer 94

Infrastructure as a Service

allows an organization to rent access to hardware. This was our first cloud migration, the one David did

Question 95

IaC

Answer 95

Infrastructure as Code

think terraform, or SDN (software defined networking)

Question 96

ICMP

Answer 96

Internet Control Message Protocol
Used for diagnostics such as ping. Because some DoS attacks use ICMP, it is best to block ICMP on firewalls and routers. Does NOT use a port!

Question 97

ICS

Answer 97

Industrial Control System

controls large systems such as power plants.

Question 98

IDS

Answer 98

Intrusion Detection System

detects but does not prevent intrusions. Can be either host-based (HIDS) or network-based (NIDS)

Question 99

IEEE

Answer 99

Institute of Electrical and Electronics Engineers

often pronounced “eye triple E”. Professional organization that sets a lot of standards we use, such as 802.1X

Question 100

IGMP

Answer 100

Internet Group Management Protocol
Used for multicasting. A computer that belongs to a multicasting group will have a multicasting IP address in addition to a standard unicast IP address

Question 101

IIS

Answer 101

Internet Information Services

MS Windows web server. We use this for local testing on our dev VMs.

Question 102

IoT

Answer 102

Internet of Things

usually refers to smart devices such as wearable tech and home automation systems.

Question 103

IPS

Answer 103

Intrusion Prevention System

placed inline with traffic. Compare to IDS which just reports possible issues without preventing them.

Question 104

IPSec

Answer 104

Internet Protocol Security

Question 105

IPv4

Answer 105

Internet Protocol version 4.

This uses a 32 bit IP address such as 192.168.1.1

Question 106

IPv6

Answer 106

Internet Protocol version 6
uses a 128-bit address and has IPSec built into it. It does not include NAT. Rules based on static IPv6 addresses may not work since dynamic addresses are heavily used in IPv6 networks. Reputation services are rare and less useful for IPv6 traffic. IPv6 traffic may bypass many existing IPv4 security tools.

Question 107

ISP

Answer 107

Internet Service Provider

Question 108

IV

Answer 108

Initialization Vector
provides randomization of encryption keys so that if an attacker cracks the encryption for one session, he will have to start over to crack it for a different session because the IV will be different.

Question 109

KDC

Answer 109

Key Distribution Center

aka Ticket Granting Ticket server (TGT). Part of the Kerberos protocol for network authentication

Question 110

L2TP

Answer 110

Layer 2 Tunneling Protocol

Question 111

LAN

Answer 111

Local Area Network

Question 112

LANMAN

Answer 112

Local Area Network Manager

Question 113

MAC

Answer 113

Media Access Control & Mandatory Access Control

media:
48 bit address used to identify network interface cards. Aka hardware address or physical address. Usually written as six pairs of hex digits.

mandatory:
This access control scheme restricts access based on sensitivity labels and also need to know. It is the strongest type of access control. Think “Top Secret” as one of the sensitivity labels.

Question 114

MAC cloning attack

Answer 114

attack that changes the source address to impersonate an authorized system (the MAC address)

Question 115

MAC flooding

Answer 115

attack against a switch that tries to overload the switch, by repeatedly spoofing the MAC address

Question 116

MD5

Answer 116

Message Digest 5
hashing function used to provide integrity. Creates 128-bit hashes also referred to as MD5 checksums.

this is NOT secure enough for cryptographic uses however it is still a reasonable choice when used as a checksum

Question 117

MDM

Answer 117

Mobile Device Management

Question 118

MFP

Answer 118

Multi-function printer
As long as they support TLS for web access, their encryption is not a concern. Valid concerns include exposure of sensitive data from copies and scans, acting as a reflector or amplifier for network attacks.

Question 119

ML

Answer 119

Machine Learning
System that is taught to classify items by giving it explicit classified examples, then the machine learns from that to recognize and classify items.

Question 120

MMS

Answer 120

Multimedia Messaging Service

extension of SMS, allowing users to include pictures, short videos, etc in their text messages

Question 121

MS-CHAP

Answer 121

Microsoft Challenge Handshake Authentication Protocol.

If you use this use the MS-CHAPv2 version which provides mutual authentication

Question 122

MSA

Answer 122

Master Service Agreement
provides an umbrella contract for work that a vendor does with an organization over an extended period of time. Typically this includes detailed security and privacy requirements.

Question 123

MTBF

Answer 123

Mean Time Between Failures

Question 124

MTTF

Answer 124

Mean time to failure
used when you expect failure to mean you can’t repair the device when it fails. If you can repair it, then use MTBF instead

Question 125

MTTR

Answer 125

Mean Time to Recover
Mean Time to Repair
average time needed to repair a failed component or device

Question 126

NAC

Answer 126

Network Access Control
inspects clients to ensure they are healthy before granting access to the network. Unhealthy clients are redirected to a remediation network. MAC filtering is a form of NAC.

Question 127

NAT

Answer 127

Network Address Translation

translates public IP addresses to private IP addresses and vice versa

Question 128

NDA

Answer 128

Non-disclosure Agreement

Question 129

NFC

Answer 129

Near Field Communication
allows mobile devices to communicate with nearby mobile devices. Near being a few inches, so it’s hard for a hacker to intercept.

Question 130

NIC

Answer 130

Network Interface Card

Question 131

NIDS

Answer 131

Network Based Intrusion Detection System

detects attacks and raises alerts but does not prevent attacks

Question 132

NIPS

Answer 132

Network Based Intrusion Prevention System

detects and stops attacks in progress. Placed in-band with traffic.

Question 133

NIST

Answer 133

National Institute of Standards and Technology

Question 134

NTLM

Answer 134

New Technology LAN Manager

Windows suite of protocols that provide CIA. Uses MD4 and MD5, so is not secure. Don’t use it.

Question 135

NTLM authentication

Answer 135

NT LanManager authentication. Both NTLM and NTLMv2 are insecure and should not be used. They use MD4 and MD5 hashing. Mostly found on Windows NT, but there are implementations of it on Linux.

Question 136

NTP

Answer 136

Network Time Protocol

Question 137

OAuth

Answer 137

Open source standard for Authorization and Internet based SSO. Focus is on authorization not authentication.

Question 138

OCSP

Answer 138

Online Certificate Status Protocol
alternative to using CRL. You can query a CA with the serial number of a cert, and it will reply with good, revoked, or unknown

Question 139

OIDC

Answer 139

OpenID Connect

open source standard used for identification on the Internet. Builds on OpenID and uses OAuth2. Uses a JSON token.

Question 140

OpenID

Answer 140

Authentication standard maintained by the OpenID Foundation. Provider holds the user’s credentials and websites that support OpenID prompt users to enter their OpenID

Question 141

OSI

Answer 141

Open Systems Interconnection
OSI model divides different networking requirements into seven layers: physical, data link, network, transport, session, presentation, application. Good mnemonic: Please Do Not Throw Sausage Pizza Away.

Question 142

OSINT

Answer 142

Open Source Intelligence

method of gathering data using public sources such as social media and news outlets

Question 143

P12

Answer 143

PKCS#12
DER based (binary) format for PKI certificates

Question 144

P7B

Answer 144

PKCS#7
CER based (ASCII) format for PKI certificates.  Used to share public keys

Question 145

PaaS

Answer 145

Platform as a Service
Cloud computing where cloud vendor provides and maintains the hardware and operating system. This is what we have on MADE now.

Question 146

PAM

Answer 146

Privileged Access Management
protects access to privileged accounts. implements just-in-time administration, where users get elevated privileges for a short time only when needed

Question 147

PAP

Answer 147

Password Authentication Protocol

Insecure authentication protocol, where passwords are sent across the network in cleartext. Don’t use it.

Question 148

PAT

Answer 148

Port Address Translation (aka NAT Overload)

Question 149

PBKDF2

Answer 149

Password-Based Key Derivation Function 2

Key stretching algorithm which adds a salt to the password.

Question 150

PDF

Answer 150

Portable Document Format

type of file for documents. Think Adobe Acrobat Reader

Question 151

PEAP

Answer 151

Protected Extensible Authentication Protocol

Extension of EAP. Requires certificate on the 802.1X server.

Question 152

PEM

Answer 152

Privacy Enhanced Mail

Common format for PKI certificates. Can use either CER or DER.

Question 153

PFX

Answer 153

Personal Information Exchange
format for PKI certificates, from before P12 format. This is used in Windows for storing certificates in binary format. P7B is similarly used in Windows for storing certificates in text format.

Question 154

PGP

Answer 154

Pretty Good Privacy

Question 155

PHI

Answer 155

Personal Health Information

Question 156

PII

Answer 156

Personally Identifiable Information

Question 157

PIN

Answer 157

Personal Identification Number

Question 158

PIV

Answer 158

Personal Identity Verification card

similar to our CAC cards, but CAC are DoD only and PIV is not specifically DoD but is federal govt

Question 159

PKI

Answer 159

Public Key Infrastructure

Question 160

POP3

Answer 160

Post Office Protocol v3

email on port 110 (unencrypted) and port 995 (encrypted)

Question 161

PSK

Answer 161

Preshared Key

Question 162

PUPs

Answer 162

Potentially Unwanted Programs

installed on users’ systems without their awareness or consent. Sometimes legit, sometimes Trojans or spyware.

Question 163

RA

Answer 163

Recovery Agent
Designated person who can recover or restore cryptographic keys. In some cases an RA will recover a private key from a key escrow, in others they will recover data without recovering the private key.

Question 164

RADIUS

Answer 164

Remote Authentication Dail-in User Service
central auth for remote access clients
only encrypts the password packets, uses UDP

Question 165

RAID

Answer 165

Redundant Array of Inexpensive Disks
Multiple disks used together to increase performance and/or prevent single points of failure
RAID-0 - disk striping. Improves performance, no fault tolerance
RAID-1 - disk mirroring. Provides fault tolerance, no better performance.
RAID-5 - disk striping with parity, uses 3+ disks
RAID-6 - disk striping with parity, uses 4+ disks
RAID-10 - disk mirroring with striping. Needs at least 4 disks, always uses even number of disks.

Question 166

RAM

Answer 166

Random Access Memory

Question 167

RAS

Answer 167

Remote Access Service

Question 168

RAT

Answer 168

Remote Access Trojan

Question 169

RBAC

Answer 169

Role Based Access Control & Rule Based Access Control

Question 170

RCS

Answer 170

Rich Communication Services
extension of SMS and MMS
RCS supports everything MMS does and adds a few additional features

Question 171

RDP

Answer 171

Remote Desktop Protocol

uses port 3389

Question 172

RFI

Answer 172

Radio Frequency Interference

Question 173

RFID

Answer 173

Radio Frequency Identification

often used for inventory control

Question 174

RMF

Answer 174

Risk Management Framework
identifies and manages risk. Seven steps: prepare, categorize info sys, select security controls, assess security controls, authorize info sys, monitor security controls

Question 175

rogue AP

Answer 175

rogue access point

Question 176

ROI

Answer 176

Return on Investment

Question 177

ROT13

Answer 177

Substitution cipher that uses a key of 13. Rotate letters through the alphabet 13 spaces, encryption forward, decryption backward, wrapping as needed.

Question 178

RPO

Answer 178

Recovery Point objective
amount of data you can afford to lose
used to determine where data loss is acceptable, and in the case where new data was lost because you restored from a backup, the timeframe in which your operations must be restored following a disruptive event. See also RTO which is similar.

Question 179

RSA

Answer 179

Rivest, Shamir, Adleman

Asymmetric encryption algorithm, using public and private key pairs.

Question 180

RSTP

Answer 180

Rapid Spanning Tree Protocol

often enabled on switches to protect against switching loops

Question 181

RTO

Answer 181

Recovery Time Objective

Max amount of time it should take to restore a system after an outage

Question 182

RTOS

Answer 182

Real Time Operating System

Question 183

S/MIME

Answer 183

Secure/Multipurpose Internet Mail Extensions
Used to secure email, both at rest and in transit. uses RSA with public and private keys, so sender and receiver need each other’s public key.

Question 184

SaaS

Answer 184

Software as a Service
Cloud computing model
this is something like O365 or webmail

Question 185

SAE

Answer 185

Simultaneous Authentication of Equals
Wifi auth protocol introduced with WPA3. Uses DH to avoid sending a preshared key over the network. Does not send a password over the network, even encrypted.

Question 186

SAML

Answer 186

Security Assertions Markup Language
XML based standard used to exchange authentication and authorization info between different parties. Provides SSO for web-based applications.

Question 187

SAN

Answer 187

Storage Area Network
also
Subject Alternate Name, which is an attribute of web certificates that lists additional domains allowed to use the certificate.

Question 188

SCADA

Answer 188

Supervisory Control and Data Acquisition
typically a SCADA is in an isolated network, no direct access to the internet, and manages multiple industrial controls such as for a power plant

Question 189

SCP

Answer 189

Secure Copy

based on SSH port 22, allows users to copy encrypted files over a network

Question 190

SDN

Answer 190

Software Defined Network

replaces hardware routers

Question 191

SDV

Answer 191

Software Defined Visibility

allows viewing of all cloud based traffic so it can be analyzed

Question 192

SED

Answer 192

Self Encrypting Drive

drive that includes hardware and software needed to encrypt itself, built into the drive

Question 193

SELinux

Answer 193

Security Enhanced Linux

Question 194

SHA

Answer 194

Secure Hash Algorithm

hashing function used to provide integrity. Don’t use SHA-1, use SHA-2 (Sha-256, SHA-512, SHA-224, SHA-384) or SHA-3.

Question 195

shadow IT

Answer 195

Shadow information technology

Unauthorized systems or applications installed on a network. This increases risks because these systems aren’t managed.

Question 196

SIEM

Answer 196

Security Information and Event Management

centralized solution for collecting, analyzing, and managing log data from multiple sources

Question 197

SIM

Answer 197

Subscriber Identity Module

SIM card in a mobile device. Identifies what countries or networks the device will use.

Question 198

SIP

Answer 198

Session Initiation Protocol

Used to establish and maintain network sessions related to voice and video such as VoIP

Question 199

SLA

Answer 199

Service Level Agreement

stipulates performance expectations, such as maximum downtime levels

Question 200

SLE

Answer 200

Single Loss Expectancy

monetary value of a single loss. Used to measure risk in a quantitative risk assessment.

Question 201

SMS

Answer 201

Short Message Service

text messaging

Question 202

SOAR

Answer 202

Secure Orchestration, Automation, and Response
Tools used to automatically respond to low-level security events. Runbooks are checklists that create automated responses, and playbooks are the automated actions created from the runbooks.

Question 203

SoC

Answer 203

System on a chip
integrated circuit that includes a computing system (often entire OS) in the hardware. Many mobile devices include one. Think Raspberry Pi for other uses.

Question 204

SPIM

Answer 204

Spam over Instant Messaging

Question 205

SPOF

Answer 205

Single Point of Failure
any component whose failure results in the failure of an entire system. We want to avoid this, so we use RAID, failover clustering, UPS, redundancy, etc.

Question 206

SQL

Answer 206

Structured Query Language

Question 207

SRTP

Answer 207

Secure Real-time Transport Protocol

secure version of RTP. used for audio/video streaming

Question 208

SSD

Answer 208

Solid state drive

Question 209

SSID

Answer 209

Service Set Identifier
the name of a wireless network
don’t use the default name or a name that identifies you. Disabling SSID broadcast prevents casual users from finding you but an attack can still do find the network. Keeping the default name gives an attacker clues as to what vulnerabilities you might have.

Question 210

SSL

Answer 210

Secure Sockets Layer

predecessor to TLS. Don’t use SSL any more - it’s too easy to crack.

Question 211

SSO

Answer 211

Single Sign On

Question 212

SSRF

Answer 212

Server-side request forgery. This tricks a server into visiting a URL based on user-supplied input. Only possible when a web application accepts URLs from a user as input and then retrieves information from that URL. If the server has access to non-public URLs, this kind of attack can disclose that non-public information to an attacker.

Question 213

STP

Answer 213

Spanning Tree Protocol

Question 214

SYN

Answer 214

Synchronize
first packet in a TCP handshake. In a SYN flood attack, attackers send SYN packet but don’t reply to the SYN/ACK packet.

Question 215

TACACS+

Answer 215

Terminal Access Controller Access-Control System+

alternative to RADIUS. Encrypts the entire authentication process, using multiple challenges and responses.

Question 216

TAXII

Answer 216

Trusted Automated eXchange of Intelligence Information

a major technical specification for automated indicator sharing

Question 217

TCO

Answer 217

Total Cost of Ownership

Question 218

TCP

Answer 218

Transmission Control Protocol

provides guaranteed delivery of IP traffic

Question 219

TGT

Answer 219

Ticket Granting Ticket

used with Kerberos. a KDC or TGT server issues timestamped tickets that expire after a certain time period

Question 220

TLS

Answer 220

Transport Layer Security

encrypts data in transit. Replacement for SSL. Uses certificates issued by CAs.

Question 221

TOTP

Answer 221

Time-based One-Time Password

open standard for creating a one time password. TOTP passwords expire in 30 seconds.

Question 222

TPM

Answer 222

Trusted Platform Module
hardware chip found on many newer motherboards. Includes a unique RSA asymmetric key. Generates and stores other keys used for encryption. Provides full disk encryption.

Question 223

UAVs

Answer 223

Unmanned aerial vehicles

Question 224

UDP

Answer 224

User Datagram Protocol
Delivers packets more quickly than TCP but without any guarantee that they will arrive. Useful for sending character position info in a game when that is being sent every 50ms, because even if half the packets are dropped the humans might not even notice.

Question 225

UEFI

Answer 225

Unified Extensible Firmware Interface

used to boot some systems instead of a BIOS

Question 226

UPS

Answer 226

Uninterruptible Power Supply

battery backup with line conditioning

Question 227

URI

Answer 227

Uniform Resource Identifier

similar to a URL, slightly different format

Question 228

URL

Answer 228

Uniform Resource Locator

a type of URI. Used by browsers to locate webpages

Question 229

URL hijacking

Answer 229

the purchase of a domain name that is very close to a legitimate domain name. AKA typo squatting

Question 230

URL redirection

Answer 230

redirects web traffic to a different page or different site

Question 231

USB

Answer 231

Universal Serial Bus
serial connection used to connect things like keyboard, mouse, printer, etc. When using a USB drive it is best to encrypt any data stored on them. Don’t ever connect a strange USB drive to your computer - that’s often a trick with the drive containing malware.

Question 232

USB OTG

Answer 232

USB On the Go

cable used to connect mobile devices to other devices such as external media.

Question 233

UTM

Answer 233

Unified Threat Management
Security appliance that combines multiple security controls into a single solution. Often includes URL filtering, malware inspection, content inspection, and inspection of data streams for malicious content.

Question 234

VDI

Answer 234

Virtualized Desktop Infrastructure
reproduces a desktop operating system as a virtual machine on a remote server. Accessed using a desktop PC or a mobile device. AVD would be one example.

Question 235

VLAN

Answer 235

Virtual Local Area Network
used to logically group several different computers together or logically separate them, no matter their physical location. A single switch can create multiple VLANs. A virtual switch can also create VLANs.

Question 236

VM

Answer 236

Virtual Machine

Question 237

VM escape

Answer 237

At attack that allows an attacker to access the host system from within a virtual machine.

Question 238

VM sprawl

Answer 238

Vulnerability that occurs when there are VMs that aren’t being managed. Typically a user creates a VM without getting official permission to do so, so the IT doesn’t know it needs to apply patches, etc.

Question 239

VoIP

Answer 239

Voice over IP

Question 240

VPN

Answer 240

Virtual Private Network

Question 241

WAF

Answer 241

Web Application Firewall
inspects contents of traffic to a web server, can detect and block some types of malicious content such as cross-scripting attacks

Question 242

WAN

Answer 242

Wide Area Network

Question 243

WAP

Answer 243

Wireless Access Point

Question 244

WAP

Answer 244

Wireless Access Point

aka Access Point

Question 245

WEP

Answer 245

Wired Equivalent Privacy

Question 246

WLAN

Answer 246

Wireless Local Area Network

Question 247

WPA

Answer 247

Wi-Fi Protected Access

Question 248

WPA2

Answer 248

WiFi Protected Access 2
Secure version of WPA. Supports CCMP for encryption, which uses AES. In Enterprise mode it uses an 802.1X server for authentication. In personal mode (WPA2-PSK) it uses a preshared key.

Question 249

WPA3

Answer 249

WiFi Protected Access 3
newest wireless cryptographic protocol. uses Simultaneous Authentication of Equals (SAE) instead of PSK. SAE is based on DH key exchange.

Question 250

WPS

Answer 250

WiFi Protected Setup
Allows users to easily configure a wireless network but is open to attack. WPS brute force attacks can discover the PIN used with WPA2.

Question 251

WPS Attack

Answer 251

Wifi Protected Setup attack
an attack against an access point that discovers the 8 digit WPS PIN and then uses it to discover the AP passphrase. WPA3 is resistant to this type of attack.

Question 252

XaaS

Answer 252

Anything As A Service

Cloud computing model that covers those models that don’t fit into IaaS, PaaS, or SaaS.

Question 253

XSRF

Answer 253

Cross-Site Request Forgery
Web application attack to trick users into performing actions on websites without their knowledge (such as making purchases). Sometimes allows the attacker to steal cookies and harvest passwords.

Question 254

XSS

Answer 254

Cross-site Scripting
Web application vulnerability that allows attackers to inject scripts into webpages. Often used to capture cookies. Input validation on the server side helps prevent this, or a web app firewall.

Question 255

CFB

Answer 255

Cipher Feedback Mode

each previous block ciphertext is encrypted and fed into the algorithm to encrypt the next block

Question 256

ECB

Answer 256

Electronic Code Book

Given the same plaintext, always gives the same ciphertext. NOT secure.

Question 257

OFB

Answer 257

Output Feedback Mode
AES block cipher mode similar to the CFB mode. What mainly differs from CFB is that the OFB mode relies on XOR-ing plaintext and ciphertext blocks with expanded versions of the initialization vector.

Question 258

PLC

Answer 258

Programmable Logic Controller

specialized computer interface that controls industrial devices such as manufacturing robots and centrifuges.

Question 259

APIPA

Answer 259

Automatic Private IP Assignment
protocol used to assign an IP address from the range of 169.254.0.0/16 when the system can’t find a DHCP server or static assignment. So if you see a question showing a computer that has IP address of 169.254.188.19 or something similar, then it was assigned by APIPA.

Question 260

MSSP

Answer 260

Managed security service provider

Outsourcing some of your security work