Acronyms

Question 1

3DES

Answer 1

Triple Digital Encryption Standard

Performs encryption in 3 times of the same algorithm

Question 2

802.1x

Answer 2

Switch authentication

Standard for controlling access to intranet infrastructure

Question 3

AAA

Answer 3

Authentication, Authorization, and Accounting

The Principle of verifying identity, capability and use

Question 4

ABAC

Answer 4

Attribute-based Access Control

Granting access based upon the characteristic of the
subject, such as clearance level.

Question 5

ACL

Answer 5

Access Control List

Restricting entry, based upon a listing of controls or permissions.

Question 6

AES

Answer 6

Advanced Encryption Standard

Rijndael was approved by the US government and given this title

Question 7

AES256

Answer 7

Advance Encryption Standard 256bit

The 26 bit version of this algorithm is its highest level and is deemed uncrackable by brute force methods.

Question 8

AH

Answer 8

Authentication Header

The AH header transmit in clear text but authenticates and integrity checks each packet

Question 9

AI

Answer 9

Artificial Intelligence

The simulation of human intelligence and thinking in a machine, including adaptive learning and problem solving

Question 10

AIS

Answer 10

Automatic Indicator Sharing

Automated sharing of threat information between organizations to enhance detection and response.

Question 11

ALE

Answer 11

Annualized Loss Expectancy

The single loss expectancy times the annualized rate of occurrence

Question 12

ALG

Answer 12

Application Layer Gateway

This is a type of firewall able to inspect headers and payload in the upper protocol layers

Question 13

AP

Answer 13

Access Point

Infrastructure connection point for most wireless networks

Question 14

API

Answer 14

Application Programming Interface

These are developed tools used by programmers that have prebuilt functions with desired utility

Question 15

APT

Answer 15

Advanced Persistent Threat

Applications with advanced targeting, zero days and
exfiltration techniques that are aimed at particular
organizations or industries.

Question 16

ARO

Answer 16

Annualized Rate of Occurrence

Most risk assessments track threats and attacks on an
annualized basis.

Question 17

ARP

Answer 17

Address Resolution Protocol

Given the IP address ARP will locate the MAC address.

Question 18

ASLR

Answer 18

Address Space Layout Randomization

This randomizes the location of an application in
memory making it harder for attackers to successfully
perform the buffer overflow.

Question 19

ASP

Answer 19

Application Service Provider

An organization provides access to its custom
developed software, such as accounting or customer
management.

Question 20

ATT&CK

Answer 20

Adversarial Tactics,
Techniques, and Common
Knowledge

A database of adversarial tactics and techniques that
might be used to compromise systems organizations to
enhance threat management.

Question 21

Asymmetric key

Answer 21

Public key/Private key

The use of complementary values to disguise and then
reveal information.

Question 22

AUP

Answer 22

Acceptable Use Policy

This policy is legally required, if HR wants to fire
someone for misuse.

Question 23

AV

Answer 23

Antivirus

Designed to identify malware, primarily based upon
known patterns.

Question 24

AV

Answer 24

Asset Value

This can be the replacement cost or income derived
from something.

Question 25

AXFR

Answer 25

Zone transfer The synchronization of name resolution information between a primary and secondary DNS server.

Question 26

BASH

Answer 26

Bourne again shell Bash is a UNIX and Linux command interface and language.

Question 27

BIA

Answer 27

Business Impact Analysis This is the prerequisite for disaster recovery and continuity planning to identify potential losses.

Question 28

BIOS

Answer 28

Basic Input/Output System The now deprecated initial program sets for computer. Firmware based initialization code for booting a system.

Question 29

Bluetooth

Answer 29

802.15 Technology commonly used to communicate with small devices at modest speeds over a short range with low security requirements.

Question 30

BCP

Answer 30

Business Continuity Plan The orderly planning for and management of threats and incidents to an organization.

Question 31

BGP

Answer 31

Border Gateway Protocol Border Gateway Protocol is for routing exterior traffic between autonomous systems/organizations.

Question 32

BIA

Answer 32

Business Impact Analysis Assessing the criticality of business activities and assets in order to determine the appropriate protection and recovery options.

Question 33

BO

Answer 33

Buffer overflow The insertion of malicious computer instructions into the RAM of a host to accomplish denial of service or injecting shellcode.

Question 34

BPA

Answer 34

Business Partners Agreement This outlines the goals and responsibilities between entities pursuing a common work product.

Question 35

BPDU

Answer 35

Bridge Protocol Data Unit This protocol is used to identify efficient paths and loops in a switched network.

Question 36

BSSID

Answer 36

Basic Service Set IDentifier This is the MAC address that a wireless device is attached to.

Question 37

Brute Force

Answer 37

Brute force attack Discovers a hash or encrypted secret by attempting all combinations and permutations.

Question 38

BYOD

Answer 38

Bring Your Own Device The organization compensates the individual for use of their phone in organizational activities.

Question 39

C2

Answer 39

Command and control Servers that are centrally placed the hold control instructions for illicitly managed hosts.

Question 40

CA

Answer 40

Certificate Authority This entity issues certificates. After verifying them, and is the center of trust in PKI.

Question 41

CAC

Answer 41

Common Access Card A form of identification with photograph, barcode, RFID and cryptographic storage of private key information.

Question 42

CAPTCHA

Answer 42

Completely Automated Public Turing to Tell Computers and Humans Apart This is intended to prevent rogue automated attempts at access.

Question 43

CAR

Answer 43

Corrective Action Report A document generated when the defect or error has been detected that has the goal of eliminating a reoccurrence.

Question 44

CASB

Answer 44

Cloud Access Security Broker A software resource place between users and cloud applications that monitors and enforces policy-based access to cloud resources.

Question 45

CBC

Answer 45

Cipher Block Chaining Each plaintext block is XORed (see XOR) with the immediately previous ciphertext block.

Question 46

CBT

Answer 46

Computer-Based Training Courseware or lessons that are delivered via a computer, commonly used for at home and corporate training.

Question 47

CCMP

Answer 47

Counter-Mode/CBC-Mac Protocol Each plaintext block is XORed (see XOR) with the immediately previous ciphertext block that includes a message authentication code.

Question 48

CCTV

Answer 48

Closed-circuit Television Allows monitoring and recording of activities in an area.

Question 49

CER

Answer 49

Cross-over Error Rate The point at which false acceptances are equal to false rejection.

Question 50

CER

Answer 50

Certificate A generic term for a document that facilitates authentication.

Question 51

CERT

Answer 51

Computer Emergency Response Team A multi-discipline group designated to handle IT incidents.

Question 52

CFB

Answer 52

Cipher Feedback A mode of operation for a block cipher.

Question 53

Chain of custody

Answer 53

Evidence control and management The documentation of handling and protection of evidence.

Question 54

CHAP

Answer 54

Challenge Handshake Authentication Protocol Commonly used by routers and has several derivatives in use by Microsoft for authentication.

Question 55

CIO

Answer 55

Chief Information Officer The most senior official in an organization responsible for the information technology and systems that support enterprise.

Question 56

CIRT

Answer 56

Computer Incident Response Team A group that investigates and resolves IT security problems.

Question 57

CIS

Answer 57

Center for Internet Security Its mission is to identify develop, promote, and lead the world with regard to best practices for cybersecurity solutions.

Question 58

CMP

Answer 58

Change Management Policy An organizational process designed to facilitate making changes to organizational resources in such a way that they are identifiable, auditable, and orderly.

Question 59

CMS

Answer 59

Content Management System These are applications that facilitate the creation, editing, publishing and archival of web pages and content.

Question 60

CN

Answer 60

Common Name An identifying name that may be applied to a directory resource, such as a user, server, or other object.

Question 61

COOP

Answer 61

Continuity of Operations Plan Ensuring that vital and primary mission essential functions continue to run, even in the face of emergencies.

Question 62

COPE

Answer 62

Corporate Owned, Personally Enabled Smart phones owned by the organization, but approved for personal use.

Question 63

CP

Answer 63

Contingency Planning Procedures to follow in the event of a catastrophic incident, even though it may be unlikely.

Question 64

CRC

Answer 64

Cyclical Redundancy Check An error checking code, used in digital technology primarily to identify accidental changes to data.

Question 65

Crimeware

Answer 65

Cyber theft A class of malware that automates malicious activity.

Question 66

CRL

Answer 66

Certificate Revocation List This is maintained by a certificate authority to identify certificates associated with compromised or lost private keys.

Question 67

CSO

Answer 67

Chief Security Officer This official is responsible for development, oversight, mitigation and other risk strategies.

Question 68

CSP

Answer 68

Cloud Service Provider An organization that provides IaaS, PaaS or SaaS to an array of customers. An organization that provides cloud-based access to infrastructure, storage and/or applications.

Question 69

CSA

Answer 69

Cloud Security Alliance A nonprofit organization that promotes best practices in security for cloud-based computing.

Question 70

CSIRT

Answer 70

Computer Security Incident Response Team Information technology personnel whose purpose is to prevent, manage and coordinate actions about security incidents.

Question 71

CSR

Answer 71

Certificate Signing Request Created by an applicant seeking to gain a certificate from an authority.

Question 72

CSRF

Answer 72

Cross-site Request Forgery An attack wherein a message is spoofed from a user to a trusted site.

Question 73

CSU

Answer 73

Channel Service Unit A connecting device used to link an organization to telco-based T-services

Question 74

CTO

Answer 74

Chief Technology Officer The executive person tasked with identifying useful technology, IT strategies and partnerships.

Question 75

CTOS

Answer 75

Centralized terminal operating system. Legacy management.

Question 76

CTR

Answer 76

Counter This form of encryption is used by AES to perform streaming encryption.

Question 77

CVE

Answer 77

Common Vulnerabilities and Exposures A database of known and published software flaws that may impact security that is managed by MITRE.

Question 78

CVSS

Answer 78

Common Vulnerability Scoring System An empirical scheme for rating vulnerability severity based upon specific aspects of the vulnerability, environment, and nature of threats.

Question 79

CYOD

Answer 79

# Choose Your Own Device In this mode of control and acquisition, an employee chooses a device from a company provided list. Ownership may be personal or organization.

Question 80

DAC

Answer 80

Discretionary Access Control The creator has all control over an asset and access to it. The default form of access for Windows.

Question 81

Data | custodian

Answer 81

Facilitates use Exemplified by data center personnel who manage and maintain systems.

Question 82

Data owner

Answer 82

Responsible for use Determines logical controls, authorizes use and defines required security.

Question 83

DBA

Answer 83

Database Administrator This role is filled by personnel capable of managing automated and large information repositories.

Question 84

DDoS

Answer 84

Distributed Denial of Service This attack methodology involves a multitude of remotely controlled devices focusing upon a single target.

Question 85

DEP

Answer 85

Data Execution Prevention And operating system memory management technique that prevents user data from overlapping into computer instructions.

Question 86

DER

Answer 86

Distinguished Encoding Rules A commonly used method of encoding the data that makes up the certificate using ASN.1.

Question 87

DES

Answer 87

Digital Encryption Standard The first US government standard for symmetric encryption. It has a 56 bit key.

Question 88

DHCP

Answer 88

Dynamic Host Configuration Protocol This is an extension of BOOTP and is used to dynamically allocate IPs.

Question 89

DHE

Answer 89

Diffie-Hellman Ephemeral This is a key exchange algorithm that enhances confidentiality by discarding the session keys after use.

Question 90

Dictionary

Answer 90

Dictionary attack Performs hashing or encryption on an array of predetermined candidate phrases, and compares it to the secret.

Question 91

Differential | BU

Answer 91

Differential backup -It backups files to alternative media that have the archive bit set, and then it does not clear it.

Question 92

DKIM

Answer 92

Domain Keys Identified Mail A messaging security standard designed to facilitate non-repudiation between sender and receiver.

Question 93

DLL

Answer 93

Dynamic Link Library These files are not directly executed, but are called up by an application when certain additional functions or libraries are needed.

Question 94

DLP

Answer 94

Data Loss Prevention Strategies and applications that prevent data theft or illicit access.

Question 95

DMARC

Answer 95

Domain Message Authentication Reporting and Conformance This is an email security standard designed to allow domains to protect themselves from unauthorized use and spoofing.

Question 96

DNAT

Answer 96

Destination Network Address Translation The initial destination of a packet as it enters a NAT system to be redirected to another destination.

Question 97

DMZ

Answer 97

Demilitarized Zone The perimeter area where the outside world may access certain services.

Question 98

DNS

Answer 98

Domain Name Service An application that handles symbolic name to address mappings, as well as the reverse.

Question 99

DNSSEC

Answer 99

Domain Name System Security Extensions An array of tools devised by the IETF to secure DNS transactions.

Question 100

DoS

Answer 100

Denial of Service A one on one attack that causes access or utility to cease.

Question 101

DPO

Answer 101

Data Protection Officer A senior officer responsible for an organization’s data protection strategies and compliance.

Question 102

DRP

Answer 102

Disaster Recovery Plan The immediate plans for recovery of operations or services in the event of a catastrophic incident.

Question 103

DSA

Answer 103

Digital Signature Algorithm An algorithm created by the NSA to implement non- repudiation.

Question 104

DSL

Answer 104

Digital Subscriber Line High-speed Internet conductivity based upon existing infrastructure for telephones.