Acronyms Flashcards

Question

NIPS

Answer 1

Network Intrusion Prevention System

Answer 2

Network Intrusion Detection System

Answer 3

New Technology LAN Manager - an older Windows authentication protocol

Answer 4

De-militarized zone - provides limited access to public-facing servers for outside users, but blocks outside users from accessing systems inside the LAN.

Answer 5

Virtual datacenter?

Answer 6

Counter Mode Block Chaining Message Authentication (CBC-MAC) Protocol, is AES-based, used by WPA2 to encapsulate traffic. Is the minimum acceptable encryption used by WPA3

Answer 7

Choose Your Own Device - allows users to choose a device that is corporate-owned and paid for. Choices may be limited to a set of devices, or users may be allowed to choose essentially any device depending on the organization’s deployment decisions

Answer 8

Bring Your Own Device

Answer 9

Corporate-Owned, Personally Enabled - provides devices to users that they can then use for personal use.

Answer 10

Virtual Desktop Infrastructure - used as an access layer for any security model where specialized needs or security requirements may require access to remote desktop or application services

Answer 11

Wi-fi Protected Setup

Answer 12

Single Sign-On

Answer 13

Security Assertion Markup Language - used by many identity providers to exchange authorization and authentication data with service providers

Answer 14

Lightweight Directory Access Protocol

Answer 15

Service Set Identifier

Answer 16

Remote Authentication Dial-In User Service

Answer 17

Virtual local area network - most often used to segment the internal network

Answer 18

Trusted Platform Module - a secure cryptoprocessor used to provide a hardware root of trust for systems. They enable secure boot and boot attestation capabilities and include a random number generator, the ability to generate cryptographic keys for specific uses, and the ability to bind and seal data used for processes the TPM supports.

Answer 19

Network Access Control

Answer 20

Over-the-air updates are used by cellular carriers as well as phone manufacturers to provide firmware updates and updated phone configuration data

Answer 21

Mobile Device Management

Answer 22

Simultaneous Authentication of Equals - used in WPA3 (wi-fi protocol) to improve on previous models - WPA3’s Personal mode replaces the pre-shared key mode found in WPA2 with simultaneous authentication of equals

Answer 23

Address Resolution Protocol

Answer 24

host-based intrusion prevention system - can monitor network traffic to identify attacks, suspicious behavior, and known bad patterns using signatures

Answer 25

Data loss prevention - these tools allow sensitive data to be tagged and monitored so that if a user attempts to send it, they will be notified, administrators will be informed, and if necessary, the data can be protected using encryption or other protection methods before it is sent -designed to protect data from being exposed or leaking from a network using a variety of techniques and technology

Answer 26

File Transfer Protocol

Answer 27

Pre-shared Key

Answer 28

Simple Network Management Protocol - can provide information about the status and configuration of her network devices

Answer 29

Secure version of the Real-Time Transport Protocol, used primarily for voice over IP (VoIP) and multimedia streaming or broadcast

Answer 30

Attribute-based access control

Answer 31

Unified Extensible Firmware Interface

Answer 32

Basic input/output system

Answer 33

Challenge Handshake Authentication Protocol - periodically has the client re-authenticate. This is transparent to the user but is done specifically to prevent session hijacking

Answer 34

Password Authentication Protocol - actually quite old

Answer 35

Hardware Security Module -provide many cryptographic functions, but they are not used for boot attestation (TPM). A physical device that safeguards and manages digital keys

Answer 36

Open Authorization

Answer 37

Time-based one-time passwords

Answer 38

HMAC (hash-based message authentication code)-based one-time passwords

Answer 39

Hash-based message authentication code

Answer 40

Anything as a service

Answer 41

Supervisory Control and Data Acquisition

Answer 42

Transport Layer Security - a reliable method of encrypting web traffic. It supports mutual authentication and is considered secure. Created in 1999 as the successor to SSL (secure sockets layer)

Answer 43

Elliptical-curve cryptography - faster than RSA-based cryptography because it can use a smaller key length to achieve levels of security similar to a longer RSA key (a 228-bit elliptical curve key is roughly equivalent to a 2,380-bit RSA key)

Answer 44

Storage Area Network

Answer 45

Redundant Array of Independent Drives (disks). RAID 0, 1, 3, 5, 10

Answer 46

Infrastructure as a Service - provides the components of an entire network and systems infrastructure

Answer 47

Platform as a Service provides the framework and underlying tools to build applications and services - In the platform-as-a-service (PaaS) model, the consumer has access to the infrastructure to create applications and host them

Answer 48

Software as a Service - the consumer has the ability to use applications provided by the cloud provider over the Internet. SaaS is a subscription service where software is licensed on a subscription basis

Answer 49

Request for Comment - how Internet protocols are defined and documented

Answer 50

Perfect Forward Secrecy - used to change keys used to encrypt and decrypt data, ensuring that even if a compromise occurs, only a very small amount of data will be exposed

Answer 51

Dynamic Linked Library

Answer 52

Database Administrator

Answer 53

Crossover error rate - The crossover error rate (CER) is the point where the FAR (false acceptance rate) and the FRR (false rejection rate) cross over. CER provides a means of comparing biometric systems based on their efficiency, with a lower CER being more desirable

Answer 54

False acceptance rate in a biometric system

Answer 55

False rejection rate in a biometric system

Answer 56

Managed Security Service Provider - an outside company that handles security tasks. Some or even all security tasks can be outsourced, including intrusion detection and prevention (IDS/IPS) management, security information and event management (SIEM) integration, and other security controls

Answer 57

Uninterruptible Power Supply

Answer 58

Maximum Time to Restore

Answer 59

Application Programming Interface

Answer 60

Open Web Application Security Project - the de-facto standard for web application security

Answer 61

Web Application Firewall

Answer 62

Business Impact Analysis

Answer 63

Disaster Recovery Plan

Answer 64

Power distribution Unit

Answer 65

Self-Encrypting Disk - automatic Full Disk Encryption

Answer 66

Software development kit

Answer 67

Time-based One Time Password

Answer 68

Network Interface Card

Answer 69

Realtime Operating System

Answer 70

Infrastructure as Code - the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools

Answer 71

Application programming interface

Answer 72

Counter mode -makes a block cipher into a stream cipher by generating a keystream block using a non-repeating sequence to fill in the blocks. This allows data to be streamed instead of waiting for blocks to be ready to send

Answer 73

Subject Alternate Name - SAN, or Subject Alternate Name, certificate allows multiple hostnames to be protected by the same certificate

Answer 74

Virtual IP Address

Answer 75

Unified Extensible Firmware Interface

Answer 76

Network Address Translation - NAT gateways allow internal IP addresses to be hidden from the outside, preventing direct connections to systems behind them. This effectively firewalls inbound traffic unless the gateway is set to pass traffic to an internal host when a specific IP, port, and protocol is used

Answer 77

Unified Threat Management

Answer 78

Data Loss Prevention

Answer 79

Host-based intrusion prevention system

Answer 80

identity provider

Answer 81

Protected Extensible Authentication Protocol - relies on server-side certificates and relies on tunneling to ensure communications security

Answer 82

Lightweight Extensible Authentication Protocol - uses WEP keys for its encryption and is not recommended due to security issues

Answer 83

EAP Transport Layer Security - requires certificates on both the client and server, consuming more management overhead

Answer 84

Domain Name System Security Extensions - provides the ability to validate DNS data and denial of existence and provides data integrity for DNS

Answer 85

Virtual Desktop Infrastructure

Answer 86

Privileged Access Management (PAM) system

Answer 87

Endpoint detection and response

Answer 88

Privacy Enhanced Mail - the most common format issued by certificate authorities

Answer 89

Distinguished Encoding Rules - a binary form of the ASCII text PEM format

Answer 90

Network Time Protocol

Answer 91

Extended Validation certificates prove that the X.509 certificate has been issued to the correct legal entity. Additionally, only specific certificate authorities (CAs) can issue EV certificates

Answer 92

Next-generation (NG) secure web gateways (SWG) add additional features beyond those found in cloud access security brokers and next generation firewalls. While features can vary, they may include web filtering, TLS decryption to allow traffic analysis and advanced threat protection, cloud access security broker (CASB) features, data loss prevention (DLP), and other advanced capabilities

Answer 93

Online Certificate Status Protocol

Answer 94

Certificate Revocation List

Answer 95

Online Certificate Status Protocol

Answer 96

registration authority - receives requests for new certificates as well as renewal requests for existing certificates

Answer 97

Secure Real-Time Transport Protocol - used primarily for Voice over IP (VoIP) and multimedia streaming or broadcast. does not fully protect packets, leaving RTP headers exposed, potentially exposing information that might provide attackers with information about the data being transferred

Answer 98

Authentication Header, protocol from IPSec - IPSec’s Authentication Header (AH) protocol does not provide data confidentiality because it secures only the header, not the payload. That means that AH can provide integrity and replay protection but leaves the rest of the data at risk

Answer 99

Continuity of Operations Planning

Answer 100

Federal Emergency Management Agency

Answer 101

Session Initiation Protocol

Answer 102

Content-Addressable Memory - The Content-Addressable Memory (CAM) tables on switches contain a list of all the devices they have talked to and will give Naomi the best chance of identifying the devices on the network

Answer 103

Service level agreement - defines the level of service the customer expects from the service provider. The level of service definitions should be specific and measurable in each area

Answer 104

memorandum of understanding - a legal document that describes a mutual agreement between parties

Answer 105

interconnection security agreement - an agreement that specifies the technical and security requirements of the interconnection security requirements of the interconnection between organizations.

Answer 106

business partnership agreement - a legal agreement between partners. It establishes the terms, conditions, and expectations of the relationship between the partners

Answer 107

Data protection officer - required by the GDPR. They oversee the organization’s data protection strategy and implementation, and make sure that the organization complies with the GDPR

Answer 108

General Data Protection Regulation - a standard for data privacy and security in the European Union (EU)

Answer 109

Single Point of Failure

Answer 110

Recovery time objectives

Answer 111

Recovery point objective - specifies the allowable data loss. It is the amount of time that can pass during an interruption before the quantity of data lost during that period surpasses business continuity planning’s maximum acceptable threshold

Answer 112

mean time between failures - the rating on a device or component that predicts the expected time between failures.

Answer 113

Mean time to repair - the average time it takes for a failed device or component to be repaired or replaced

Answer 114

annual rate of occurrence - is the ratio of an estimated possibility that a threat will take place within a one-year time frame.

Answer 115

acceptable use policy - describes the limits and guidelines for users to make use of an organization’s physical and intellectual resources. This includes allowing or limiting the use of personal email during work hours.

Answer 116

Business Impact Analysis - helps to identify critical systems by determining which systems will create the largest impact if they are not available.

Answer 117

The Center for Internet Security - benchmarks provide recommendations for how to secure an operating system, application, or other covered technology

Answer 118

Payment Card Industry Data Security Standard - a security standard that is mandated by credit card vendors. The Payment Card Industry Security Standards Council is responsible for updates and changes to the standard

Answer 119

Children’s Online Privacy Protection Act - a U.S. federal law

Answer 120

Nondisclosure agreements - are signed by an employee at the time of hiring, and they impose a contractual obligation on employees to maintain the confidentiality of information. Disclosure of information can lead to legal ramifications and penalties. NDAs cannot ensure a decrease in security breaches

Answer 121

Standard for Attestation Engagements

Answer 122

master services agreement - establishes a business relationship under which additional work orders or other documentation describe the actual work that is done

Answer 123

Transmission Control Protocol - connection based protocol, slower but more reliable than UDP

Answer 124

User Datagram Protocol - connectionless protocol, faster than TCP, less reliable

Answer 125

Internet Message Access Protocol version 4

Answer 126

Post Office Protocol version 3

Answer 127

Hypertext Transfer Protocol

Answer 128

Hypertext Transfer Protocol over SSL/TLS

Answer 129

Secure Sockets Layer

Answer 130

Transport Layer Security

Answer 131

Domain Name System

Answer 132

Domain Name System Security Extensions

Answer 133

Simple Mail Transfer Protocol

Answer 134

Rivest Cipher version 4

Answer 135

Wired Equivalent Privacy

Answer 136

Wi-fi Protected Access

Answer 137

Wi-Fi Protected Access 2

Answer 138

Advanced Encryption Standard

Answer 139

Counter Mode/CBC-MAC Protocol - uses a 128-bit key, 128-bit block size, 48-bit initialization vectors

Answer 140

Wi-Fi Protected Access Version 3

Answer 141

Wi-Fi Protected Setup

Answer 142

Extensible Authentication Protocol

Answer 143

Extensible Authentication Protocol Transport Layer Security

Answer 144

Extensible Authentication Protocol Tunneled Transport Layer Security

Answer 145

Protected Extensible Authentication Protocol

Answer 146

Lightweight Extensible Authentication Protocol

Answer 147

Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling

Acronyms Flashcards

(172 cards)