Acronyms 2 Flashcards

Question

Business Gap Analysis

Answer 1

plan of action and milestones used in gap analysis Outlines the specific measures to address each vulnerability ● Allocate resources ● Set up timelines for each remediation task that is neede

Answer 2

demands verification for every device, user, and transaction within the network, regardless of its origin

Answer 3

Relies on real-time validation that takes into account the user's behavior, device, location, and more

Answer 4

Limits the users’ access to only what they need for their work tasks because this reduces the network’s potential attack surface

Answer 5

Entails developing, managing, and enforcing user access policies based on their roles and responsibilities

Answer 6

Isolated environments within a network that are designed to house sensitive data

Answer 7

Cross-references the access request with its predefined policies

Answer 8

Used to establish and manage the access policies

Answer 9

Where the decision to grant or deny access is actually execute

Answer 10

Limited technical expertise, use readily available tools

Answer 11

Driven by political, social, or environmental ideologies

Answer 12

Execute cyberattacks for financial gain (e.g., ransomware, identity theft)

Answer 13

Highly skilled attackers sponsored by governments for cyber espionage or warfare

Answer 14

Security threats originating from within the organization

Answer 15

IT systems, devices, software, or services managed without explicit organizational approval

Answer 16

Decoy systems to attract and deceive attackers

Answer 17

Network of decoy systems for observing complex attacks

Answer 18

Decoy files to detect unauthorized access or data breaches

Answer 19

Fake data to alert administrators when accessed or used

Answer 20

Specific objective or goal that a threat actor is aiming to achieve through their attack-

Answer 21

underlying reasons or driving forces that push threat actor to carry out attack

Answer 22

Unauthorized transfer of data from a computer

Answer 23

Spying on individuals, organizations, or nations to gather sensitive or classified information

Answer 24

Individual with limited technical knowledge

Answer 25

Groups or individuals that are sponsored by a government to conduct cyber operations against other nations, organizations, or individuals

Answer 26

Attack that is orchestrated in such a way that it appears to originate from a different source or group than the actual perpetrators, with the intent to mislead investigators and attribute the attack to someone else

Answer 27

Advanced Persistent Threat Term that used to be used synonymously with a nation-state actor because of their long-term persistence and stealth -A prolonged and targeted cyberattack in which an intruder gains unauthorized access to a network and remains undetected for an extended period while trying to steal data or monitor network activities rather than cause immediate damage

Answer 28

Cybersecurity threats that originate from within the organization

Answer 29

Means or pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload or carry out an unwanted action - the "how" of the attack Ex. Message based threat vector

Answer 30

Encompasses all the various points where an unauthorized user can try to enter data to or extract data from an environment -the "where" of the attack

Answer 31

Leaving a malware-infected USB drive in a location where a target may find it

Answer 32

Set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices, spread malware, or even establish an on-path attack to intercept communications without any user interaction

Answer 33

Type of Denial of Service attack that targets Bluetooth-enabled devices by sending a specially crafted Logical Link Control and Adaptation Protocol packet to a target device

Answer 34

Tactics techniques and procedures of how a threat actor operates

Answer 35

honeypots, bogus DNS entries, etc

Answer 36

Effective against automated scraping tools or bots trying to index or steal content from your organization's website

Answer 37

Security mechanism where specific services or ports on a network device remain closed until a specific outbound traffic pattern is detected

Answer 38

When a system detects a network scan is being attempted by an attacker, it can be configured to respond by sending out fake telemetry or network data

Answer 39

Robust, short vertical posts, typically made of steel or concrete, that are designed to manage or redirect vehicular traffic

Answer 40

Type of attack where access to a system is gained by simply trying all of the possibilities until you break through

Answer 41

Organized strategy or setup designed to observe and report activities in a given area. Can be as simple as a security guard.

Answer 42

Pan-Tilt-Zoom (PTZ) System

Answer 43

Detect changes in infrared radiation that is often emitted by warm bodies like humans or animal

Answer 44

Detect movement in an area by emitting microwave pulses and measuring their reflection off moving objects

Answer 45

Measures the reflection of ultrasonic waves off moving objects

Answer 46

Electromagnetic Interference Involves jamming the signals that surveillance system relies on to monitor the environment

Answer 47

Double-door system that is designed with two doors that are electronically controlled to ensure that only one door can be open at a given time

Answer 48

Involves two people working together with one person who has legitimate access intentionally allows another person who doesn't have proper authorization to enter a secure area with them

Answer 49

Occurs whenever an unauthorized person closely follows someone through the access control vestibule who has legitimate access into the secure space without their knowledge or consent

Answer 50

RFID (Radio-Frequency Identification) ● NFC (Near-field Communication)

Answer 51

false acceptance rate

Answer 52

false rejection rate

Answer 53

cross over error rate

Answer 54

■ Mechanical locks with numbered push buttons, requiring a correct combination to open ■ Commonly used in high-security areas like server rooms

Answer 55

Manipulative strategy exploiting human psychology for unauthorized access to systems, data, or physical spaces

Answer 56

Pretending to be someone else

Answer 57

Creating a fabricated scenario to manipulate targets

Answer 58

Psychological phenomenon where individuals look to the behaviors and actions of others to determine their own decisions or actions in similar situations

Answer 59

pretending to be Kohls on twitter

Answer 60

Also known as URL hijacking or cybersquatting Form of cyber attack where an attacker will register a domain name that is similar to a popular website but contain some kind of common typographical errors

Answer 61

Targeted form of cyber attack where attackers compromise a specific website or service that their target is known to use

Answer 62

Sending fraudulent emails that appear to be from reputable sources with the aim of convincing individuals to reveal personal information, such as passwords and credit card numbers

Answer 63

More targeted form of phishing that is used by cybercriminals who are more tightly focused on a specific group of individuals or organizations ● Has a higher success rate

Answer 64

Form of spear phishing that targets high-profile individuals, like CEOs or CFOs

Answer 65

Business email compromise Sophisticated type of phishing attack that usually targets businesses by using one of their internal email accounts to get other employees to perform some kind of malicious actions on behalf of the attacke

Answer 66

voice phishing

Answer 67

SMS phishing

Answer 68

part of security awareness training

Answer 69

Wrongful or criminal deception that is intended to result in financial or personal gain for the attacker

Answer 70

using someone else's cc #

Answer 71

fully impersonating someone else

Answer 72

fraudulent or deceptive act or operation

Answer 73

In which a person is tricked into paying for a fake invoice for a product or service that they did not actually order

Answer 74

Coordinated efforts to affect public perception or behavior towards a particular cause, individual, or group

Answer 75

False or inaccurate information shared without harmful intent

Answer 76

Involves the deliberate creation and sharing of false information with the intent to deceive or mislead

Answer 77

Involves manipulating a situation or creating a distraction to steal valuable items or information

Answer 78

Malicious deception that is often spread through social media, email, or other communication channels ● Often paired with phishing attacks and impersonation attacks

Answer 79

involves searching through trash to find valuable information ● Commonly used to find discarded documents containing personal or corporate information ● Use clean desk and clean desktop policie

Answer 80

Malicious software designed to infiltrate computer systems and potentially damage them without user consent

Answer 81

Viruses ■ Worms ■ Trojans ■ Ransomware ■ Spyware ■ Rootkits ■ Spam

Answer 82

Made up of malicious code that's run on a machine without the user's knowledge and this allows the code to infect the computer whenever it has been run

Answer 83

standalone programs replicating and spreading to other computers without any user interaction

Answer 84

Disguise as legitimate software, grant unauthorized access

Answer 85

Encrypts user data, demands ransom for decryption

Answer 86

One that is stored in the first sector of a hard drive and is then loaded into memory whenever the computer boots up

Answer 87

Form of code that allows a virus to be embedded inside another document so that when that document is opened by the user, the virus is executed

Answer 88

Try to find executables or application files to infect with their malicious code

Answer 89

Combination of a boot sector type virus and a program virus

Answer 90

Designed to hide itself from being detected by encrypting its malicious code or payloads to avoid detection by any antivirus software

Answer 91

Advanced version of an encrypted virus, but instead of just encrypting the contents it will actually change the viruses code each time it is executed by altering the decryption module in order for it to evade detection

Answer 92

Able to rewrite themselves entirely before it attempts to infect a given file

Answer 93

Technique used to prevent the virus from being detected by the anti-virus software

Answer 94

Have a layer of protection to confuse a program or a person who's trying to analyze it

Answer 95

Remote access trojan Widely used by modern attackers because it provides the attacker with remote control of a victim machine

Answer 96

Network of compromised computers or devices controlled remotely by malicious actor

Answer 97

Name of a compromised computer or device that is part of a botnet

Answer 98

Computer responsible for managing and coordinating the activities of other nodes or devices within a network

Answer 99

Occurs when many machines target a single victim and attack them at the exact same time

Answer 100

Designed to gain administrative level control over a given computer system without being detected

Answer 101

outermost ring where user level permissions are used

Answer 102

highest permission levels

Answer 103

located in ring 0 Allows a system to control access to things like device drivers, your sound card, your video display or monitor, and other similar things

Answer 104

dynamic link library Collection of code and data that can be used by multiple programs simultaneously

Answer 105

Technique used to run arbitrary code within the address space of another process by forcing it to load a dynamic-link library

Answer 106

Piece of software code that is placed between two components and that intercepts the calls between those components and can be used redirect them

Answer 107

Originally placed in computer programs to bypass the normal security and authentication functions Remote Access Trojan (RAT) acts just like a backdoor in our modern networks

Answer 108

a hidden feature or novelty within a program that is typically inserted by the software developers as an inside joke

Answer 109

Malicious code that's inserted into a program, and the malicious code will only execute when certain conditions have been met

Answer 110

Piece of software or hardware that records every single keystroke that is made on a computer or mobile device can be software or hardware keylogger

Answer 111

Malicious software that is designed to gather and send information about a user or organization without their knowledge

Answer 112

Any software that comes pre-installed on a new computer or smartphone that you, as the user, did not specifically request, want, or need

Answer 113

Specific method by which malware code penetrates and infects a targeted system

Answer 114

is used to create a process in the system memory without relying on the local file system of the infected hos

Answer 115

Dropper - Specific malware type designed to initiate or run other malware forms within a payload on an infected host Downloader - Retrieve additional tools post the initial infection facilitated by a dropper

Answer 116

Broader term that encompasses lightweight code meant to execute an exploit on a given targe

Answer 117

Threat actors will execute primary objectives to meet core objectives like ■ data exfiltration ■ file encryption

Answer 118

hiding tracks ■ erasing log files ■ hiding any evidence of malicious activity

Answer 119

A strategy adopted by many Advanced Persistent Threats and criminal organizations ■ the threat actors try to exploit the standard tools to perform intrusions

Answer 120

Refers to a scenario where a user's account is accessed from two or more geographically separated locations in an impossibly short period of time

Answer 121

Safeguarding information from corruption, compromise, or loss

Answer 122

Information subject to laws and governance structures within the nation it is collected

Answer 123

data loss prevention

Answer 124

Based on the value to the organization and the sensitivity of the information, determined by the data owner

Answer 125

Information that, if accessed by unauthorized persons, can result in the loss of security or competitive advantage for a company

Answer 126

No impact if released; often publicly accessible data

Answer 127

Minimal impact if released, e.g., financial data

Answer 128

Contains internal personnel or salary information

Answer 129

Holds trade secrets, intellectual property, source code, etc.

Answer 130

Extremely valuable and restricted information

Answer 131

Generally releasable to the public

Answer 132

Includes medical records, personnel files, etc.

Answer 133

Contains information that could affect the government

Answer 134

Holds data like military deployment plans, defensive postures

Answer 135

Highest level, includes highly sensitive national security information

Answer 136

Process of identifying the individual responsible for maintaining the confidentiality, integrity, availability, and privacy of information assets

Answer 137

A senior executive responsible for labeling information assets and ensuring they are protected with appropriate controls

Answer 138

Entity responsible for determining data storage, collection, and usage purposes and methods, as well as ensuring the legality of these processes

Answer 139

A group or individual hired by the data controller to assist with tasks like data collection and processing

Answer 140

Focuses on data quality and metadata, ensuring data is appropriately labeled and classified, often working under the data owner

Answer 141

Responsible for managing the systems on which data assets are stored, including enforcing access controls, encryption, and backup measures

Answer 142

Oversees privacy-related data, such as personally identifiable information (PII), sensitive personal information (SPI), or protected health information (PHI), ensuring compliance with legal and regulatory frameworks

Answer 143

Data stored in databases, file systems, or storage systems, not actively moving

Answer 144

full disk encryption

Answer 145

Data actively moving from one location to another, vulnerable to interception

Answer 146

Secure Sockets layer and Transport layer security. It secures and encrypts communciaion over networks

Answer 147

virtual private network Creates secure connections over less secure networks like the internet

Answer 148

Secures IP communications by authenticating and encrypting IP packets

Answer 149

Data actively being created, retrieved, updated, or deleted

Answer 150

Controlled by laws, regulations, or industry standards GDPR, HIPPA

Answer 151

Personal Identification Information

Answer 152

Protected Health Information

Answer 153

Confidential business information giving a competitive edge (e.g., manufacturing processes, marketing strategies, proprietary software)

Answer 154

intellectual property Creations of the mind (e.g., inventions, literary works, designs)

Answer 155

Understandable directly by humans (e.g., text documents, spreadsheets)

Answer 156

Requires machine or software to interpret (e.g., binary code, machine language) contains sensitive information that

Answer 157

■ Digital information subject to laws of the country where it's located ■ Gained importance with cloud computing's global data storage

Answer 158

Protects EU citizens' data within EU and EEA borders ■ Compliance required regardless of data location ■ Non-compliance leads to significant fines

Answer 159

Virtual boundaries to restrict data access based on location

Answer 160

■ Converts data into fixed-size hash values ■ Irreversible one-way function ■ Commonly used for password storage

Answer 161

Replace sensitive data with non-sensitive tokens. Original data stored securely in a separate database. Often used in payment processing for credit card protection

Answer 162

Make data unclear or unintelligible

Answer 163

Divide network into separate segments with unique security controls

Answer 164

Data loss prevention Aims to monitor data in use, in transit, or at rest to detect and prevent data theft can be hardware or software

Answer 165

endpoint DLP (installed on laptops) Network DLP Storage DLP Cloud based DLP

Answer 166

Proactive process recognizing potential risks

Answer 167

Evaluate likelihood and potential impact Qualitative or quantitative methods

Answer 168

Monitor residual risks, identify new risks, and review risk management effectiveness

Answer 169

Communicate risk information and effectiveness of risk management to stakeholders ● Various forms ○ Dashboards ○ Heat Maps ○ Detailed Reports

Answer 170

Assess and prioritize risks based on likelihood and impact

Answer 171

Numerically estimate probability and potential impact

Answer 172

Conducted as needed, often in response to specific events or situations

Answer 173

Conducted for specific projects or initiatives

Answer 174

Business Impact Analysis Evaluates effects of disruptions on business functions Identifies and prioritizes critical functions Determines required recovery time for functions

Answer 175

recovery time objective Maximum acceptable time before severe impact

Answer 176

Recovery point objective Maximum acceptable data loss measured in time

Answer 177

mean time to repair

Answer 178

mean time between failures

Answer 179

Records identified risks, descriptions, impacts, likelihoods, and mitigation actions

Answer 180

Low medium or high

Answer 181

probability of risk occurrence rated on a scale numerical or descriptive

Answer 182

result if it occurs

Answer 183

Determined by combining the impact and likelihood Prioritizes risks (e.g., high, medium, low)

Answer 184

An organization or individual’s willingness to deal with uncertainty in pursuit of their goals ● Maximum amount of risk they are willing to accept ● Acceptance without countermeasures

Answer 185

Willingness to pursue or retain risk expansionary, conservative etc

Answer 186

key risk indicators

Answer 187

Responsible for managing the risk Monitors, implements mitigation actions, and updates Risk Register

Answer 188

exposure factor Proportion of asset lost in an event (0% to 100%)

Answer 189

single loss expectancy Monetary value expected to be lost in a single event Asset value x EF

Answer 190

annualized rate of occurence

Answer 191

Annualized Loss Expectancy (ALE)) SLE x ARO

Answer 192

Shifts risk to another party Common methods ○ Insurance ○ Contract indemnity clauses

Answer 193

■ A contractual agreement where one party agrees to cover the other’s harm, liability, or loss stemming from the contract

Answer 194

Acknowledge and deal with risk if it occurs

Answer 195

(excludes party from a rule

Answer 196

(allows party to avoid rule under specific conditions)

Answer 197

Change plans or strategies to eliminate a specific risk

Answer 198

Take steps to reduce likelihood or impact of risk ● Common strategy involving various actions

Answer 199

The likelihood and impact of the risk after mitigation, transference, or acceptance measures have been taken on the initial risk

Answer 200

Assessment of how a security measure has lost effectiveness over time

Answer 201

Communicating information about risk management activities to stakeholders

Answer 202

Potential security and operational challenges from external collaborators

Answer 203

managed service provider Manage IT services on behalf of organizations

Answer 204

U.S. federal statute providing funding to boost semiconductor research and manufacturing in the U.S. ■ Aims to reduce reliance on foreign-made semiconductors, strengthen the domestic supply chain, and enhance security

Answer 205

Essential components in a wide range of products, from smartphones and cars to medical devices and defense systems

Answer 206

■ Process to evaluate the security, reliability, and performance of external entities ■ Crucial due to interconnectivity and potential impact on multiple businesses

Answer 207

provide goods or services

Answer 208

Involved in production and delivery of products or parts

Answer 209

Simulated cyberattacks to identify vulnerabilities in supplier systems

Answer 210

Contract provision allowing organizations to evaluate vendor's internal processes for compliance

Answer 211

A rigorous evaluation that goes beyond surface-level credentials ● Includes the following ○ Evaluating financial stability ○ Operational history ○ Client testimonials ○ On-the-ground practices to ensure cultural alignmen

Answer 212

Comprehensive documents filled out by potential vendors

Answer 213

Guidelines for interaction between organization and vendors

Answer 214

Mechanism used to ensure that the chosen vendor still aligns with organizational needs and standards

Answer 215

Involve a two-way communication channel where both the organization and the vendor share feedback

Answer 216

● Versatile tool that formally establishes a relationship between two parties ● Defines roles, responsibilities, and consequences for non-compliance ● Specifies terms like payment structure, delivery timelines, and product specifications

Answer 217

Defines the standard of service a client can expect from a provider ● Includes performance benchmarks and penalties for deviations Service level agreement

Answer 218

Memorandum of Agreement Formal, outlines specific responsibilities and roles

Answer 219

Memorandum of Understanding Less binding, expresses mutual intent without detailed specifics

Answer 220

master serivce agreement ● Covers general terms of engagement across multiple transactions ● Used for recurring client relationships, supplemented by Statements of Work

Answer 221

statement of work Specifies project details, deliverables, timelines, and milestones

Answer 222

Non-Disclosure Agreement

Answer 223

Business Partnership Agreement or joint venture agreement ● Goes beyond basic contracts when two entities collaborate ● Outlines partnership nature, profit-sharing, decision-making, and exit strategies

Answer 224

Overall management of IT infrastructure, policies, procedures, and operations Risk management strategic alingment resource management performance management

Answer 225

Adherence to laws, regulations, standards, and policies

Answer 226

governance risk and compliance

Answer 227

elected by shareholders to oversee an orgs management

Answer 228

subgroups of board with specific focuses

Answer 229

Decision-making authority at top management levels

Answer 230

Decision-making authority distributed throughout the organization

Answer 231

Acceptable use policy Document that outlines the do's and don'ts for users when interacting with an organization's IT systems and resources

Answer 232

Specifies incident notification, containment, investigation, and prevention steps

Answer 233

software development lifecycle Guides software development stages from requirements to maintenance Includes secure coding practices, code reviews, and testing standards

Answer 234

Governs handling of IT system/process changes

Answer 235

Provides a framework for implementing security measures, ensuring that all aspects of an organization's security posture are addressed

Answer 236

■ Define password complexity and management ■ Include length, character types, regular changes, and password reuse rules ■ Emphasize password hashing and salting for security

Answer 237

■ Determine who has access to resources within an organization ■ Include access control models like ● Discretionary Access Control (DAC) ● Mandatory Access Control (MAC) ● Role Based Access Control (RBAC)

Answer 238

■ Ensure data remains secure and unreadable even if accessed without authorization ■ Include encryption algorithms like AES, RSA, and SHA-2 ■ Depends on the use case and balance between security and performanc

Answer 239

■ Systematic sequences of actions or steps taken to achieve a specific outcome in an organization ■ Ensures consistency, efficiency, and compliance with standard

Answer 240

■ Detailed guides for specific tasks or processes ■ They provide step-by-step instructions for consistent and efficient execution ■ Used in various situations, from cybersecurity incidents to customer complaints ■ Include resource requirements, steps to be taken, and expected outcomes

Answer 241

Systematic process of collecting and presenting data to demonstrate adherence external or internal

Answer 242

Regularly reviews and analyzes operations for compIiance includes due diligence and due care, attestation and acknowledgement, and internal and external monitoringliance

Answer 243

Identifying compliance risks through thorough review

Answer 244

Mitigating identified risks

Answer 245

Systematic process of developing, operating, maintaining, and selling assets cost-effectively

Answer 246

Process of obtaining goods and services

Answer 247

Entire process of sourcing and obtaining those goods and services, including all the processes that lead up to the acquisition

Answer 248

Formal document issued by the purchasing department For larger, more expensive purchases Dictates payment terms (NET 15, NET 30, NET 60)

Answer 249

bring your own device Employees use personal devices for work

Answer 250

The company provides devices for employees

Answer 251

Employees select devices from a company-approved list Balance between employee choice and organizational control

Answer 252

Maintaining an inventory with specifications, location, and assigned users

Answer 253

Goes beyond monitoring, involving the location, status, and condition of assets using specialized software and tracking technologie

Answer 254

mobile device management

Answer 255

Necessity to manage the disposal of outdated assets

Answer 256

Provides guidance on asset disposal and decommissioning

Answer 257

Thorough process to make data inaccessible and irretrievable from storage medium using traditional forensic method

Answer 258

Replacing the existing data on a storage device with random bits of information to ensure that the original data is obscured

Answer 259

Utilizes a machine called a degausser to produce a strong magnetic field that can disrupt magnetic domains on storage devices like hard drives or tapes

Answer 260

Deletes data and ensures it can't be recovered

Answer 261

cryptographic erase Utilizes encryption technologies for data sanitization

Answer 262

Goes beyond sanitization, ensures physical device is unusable Used for high-security environments, especially with Secret or Top Secret data ■ Recommended methods ● Shredding ● Pulverizing ● Melting ● Incineratin

Answer 263

Acts as proof that data or hardware has been securely disposed of ■ Important for organizations with regulatory requirements ■ Creates an audit log of sanitization, disposal, or destruction

Answer 264

Strategically deciding what to keep and for how long

Answer 265

change advisory board

Answer 266

Individual or team responsible for initiating change request

Answer 267

Integral part of the Change Management process Assesses potential fallout, immediate effects, long-term impacts

Answer 268

Designated timeframes for implementing changes

Answer 269

Pre-determined strategy to revert systems to their original state in case of issues during change implementation

Answer 270

standard operating procedure Detailed step-by-step instructions for specific tasks ● Ensures consistency, efficiency, and reduces errors in change implementation within the organization has to do with change management

Answer 271

Specifies entities permitted to access a resource

Answer 272

Any change, even minor, carries the risk of causing downtime

Answer 273

Certain tasks labeled as 'restricted' due to their impact on system health or security

Answer 274

Tracks and manages changes in documents, software, and other files Allows multiple users to collaborate and revert to previous versions when needed

Answer 275

Systematic evaluations of an organization's information systems, applications, and security controls

Answer 276

Detailed analysis to identify vulnerabilities and risks Performed before implementing new systems or significant changes risk vulnerability or threat assessments

Answer 277

Gathering information before a pentest can be pasive or active

Answer 278

A group, often comprising members of a company's board of directors, overseeing audit and compliance activities

Answer 279

Identifies potential threats to applications (e.g., SQL injection, XSS, DoS attacks)

Answer 280

is designed to help organizations minimize data and cybersecurity-related exposures ● It assists in identifying areas where data security may need strengthening ● The checklist comprises yes-or-no questions with sections for comments and action items

Answer 281

Detailed inspections of an organization's security infrastructure conducted externally

Answer 282

offensive pen testing

Answer 283

purple teaming

Answer 284

Initial phase where an attacker gathers information about the target system

Answer 285

Engaging with the target system directly, such as scanning for open ports using tools like Nmap

Answer 286

Gathering information without direct engagement, like using open-source intelligence or WHOIS to collect data

Answer 287

Multipurpose computer security and penetration testing framework

Answer 288

Involves formal validation or confirmation provided by an entity to assert the

Answer 289

Ability to deliver outcomes despite adverse cyber events

Answer 290

Having additional systems or processes for continued functionality

Answer 291

The time a system remains online, typically expressed as a percentage

Answer 292

Refers to 99.999% uptime, allowing only about 5 minutes of downtime per year

Answer 293

Distributes workloads across multiple resources

Answer 294

Uses multiple computers, storage devices, and network connections as a single system

Answer 295

Distributes data, applications, and services across multiple cloud providers Mitigates the risk of a single point of failure

Answer 296

helps with data redundancy Combines multiple physical storage devices into a single logical storage device recognized by the operating system

Answer 297

resists hardware malfunctions through redundancy RAID 1

Answer 298

Allows continued operation and quick data rebuild in case of failure (e.g., RAID 1, RAID 5, RAID 6, RAID 10

Answer 299

Safeguards against catastrophic events by maintaining data in independent zones (e.g., RAID 1, RAID 10)

Answer 300

People, technology, infrastructure and processes

Answer 301

Sudden, small increases in voltage beyond the standard level (e.g., 120V in the US)

Answer 302

Short-lived voltage increases, often caused by short circuits, tripped breakers, or lightning

Answer 303

Brief decreases in voltage, usually not severe enough to cause system shutdown

Answer 304

Prolonged reduction in voltage, leading to system shutdown

Answer 305

Complete loss of power for a period, potentially causing data loss and damage

Answer 306

Stabilize voltage supply and filter out fluctuations Stabilize voltage supply and filter out fluctuations

Answer 307

Uninterruptible Power Supplies (

Answer 308

Convert mechanical energy into electrical energy for use in an external circuit through the process of electromagnetic inductio

Answer 309

Power Distribution Centers Central hub for power reception and distribution Integrates with UPS and backup generators for seamless transitions during power events

Answer 310

Storing data copies in the same location as the original data

Answer 311

Storing data copies in a geographically separate location

Answer 312

Point-in-time copies capturing a consistent state

Answer 313

Real-time or near-real-time data copying to maintain data continuity

Answer 314

Maintaining a detailed record of data changes over time

Answer 315

Continuity of Operations Plan

Answer 316

Business Continuity Planning

Answer 317

Disaster Recovery Plan subset of BC plan

Answer 318

Backup location or facility that can take over essential functions and operations in case the primary site experiences a failure or disruption

Answer 319

Up and running continuously, enabling a quick switchover Requires duplicating all infrastructure and data

Answer 320

Not fully equipped, but fundamentals in place

Answer 321

Fewer facilities than warm sites May be just an empty building, ready in 1-2 months

Answer 322

Fully replicated and instantly accessible in the cloud

Answer 323

Involves scaling up resources when needed

Answer 324

Assess system's ability to withstand and adapt to disruptive events -Conducted through tabletop exercises, failover tests, simulations, and parallel processing

Answer 325

Evaluates the system's capacity to restore normal operation after a disruptive event

Answer 326

Table Top Exercise Scenario-based discussion among key stakeholders

Answer 327

Controlled experiment for transitioning from primary to backup components

Answer 328

Computer-generated representation of a real-world scenario Allows for hands-on response actions in a virtual environment

Answer 329

Replicates data and system processes onto a secondary system

Answer 330

Outlines the division of responsibilities between the cloud service provider and the customer

Answer 331

Combined on-premise, private cloud, and public cloud services, allowing workload flexibility

Answer 332

Cloud environments are dynamic and require up-to-date security measures

Answer 333

Cloud services relying on specific resources or processes can lead to system-wide outages if they fail

Answer 334

Residual data left behind after deletion or erasure processes

Answer 335

Emulates servers, each with its own OS within a virtual machine

Answer 336

Lightweight alternative, encapsulating apps with their OS environment

Answer 337

bare metal

Answer 338

Operates within a standard OS (e.g., VirtualBox, VMware)

Answer 339

Attackers break out of isolated VMs to access the hypervisor

Answer 340

Unauthorized elevation to higher-level users

Answer 341

Attacker captures unencrypted data between servers

Answer 342

Improper clearing of resources may expose sensitive data

Answer 343

Relies on cloud service providers to handle server management, databases, and some application logic

Answer 344

Developers write and deploy individual functions triggered by events

Answer 345

Architectural style for breaking down large applications into small, independent services

Answer 346

Comprises hardware, software, services, and facilities for network support and management

Answer 347

physical separation of systems

Answer 348

■ Establishes boundaries within a network to restrict access to certain areas ■ Implemented using firewalls, VLANs, and network devices

Answer 349

softwre defined network Enables dynamic, programmatically efficient network configuration Provides a centralized view of the entire network

Answer 350

Decouples network control and forwarding functions

Answer 351

forwarding plane Responsible for handling data packets Concerned with sending and receiving data

Answer 352

Centralized decision-maker in SDN Dictates traffic flow across the entire network Replaces traditional, distributed router control planes

Answer 353

Hosts all network applications that interact with the SDN controller ○ Applications instruct the controller on network management ○ Controller manipulates the network based on these instructions

Answer 354

Infrastructure as Code Automates provisioning and management through code Used in DevOps and with cloud computing

Answer 355

All computing functions managed from a single location or authority

Answer 356

No single point of control; each node operates independently

Answer 357

internet of things Network of physical devices with sensors, software, and connectivity

Answer 358

Central component connecting IoT devices Collects, processes, analyzes data, and sends commands

Answer 359

Everyday objects enhanced with computing and internet capabilities

Answer 360

Subset of smart devices worn on the body

Answer 361

Detect changes in environment, convert into data

Answer 362

Industrial Control Systems -Systems used to monitor and control industrial processes, found in various industries like electrical, water, oil, gas, and data

Answer 363

Distributed Control Systems Used in control production systems within a single location

Answer 364

Programmable Logic Controllers Used to control specific processes such as assembly lines and factories

Answer 365

Supervisory Control and Data Acquisition Type of ICS designed for monitoring and controlling geographically dispersed industrial processes

Answer 366

Specialized computing components designed for dedicated functions within larger device

Answer 367

real time operating system Designed for real-time applications that process data without significant delays Critical for time-sensitive applications like flight navigation and medical equipment

Answer 368

Protect data during transfer by hiding data interception points

Answer 369

Manage low-level software to maintain system integrity

Answer 370

over the air updates

Answer 371

Logical communication endpoints on a computer or server

Answer 372

1024-49151 vendor specific registered with IANA

Answer 373

49152-65535

Answer 374

A network security device or software that monitors and controls network traffic based on security rules ■ Protects networks from unauthorized access and potential threats

Answer 375

DMZ acts as a security barrier between external untrusted networks and the internal network uses firewalls

Answer 376

limited inspection of packet headers for IP addresses and port numbers operates at layer 4 transport layer

Answer 377

It allows return traffic for outbound requests operates at layer 4

Answer 378

Makes connections on behalf of endpoints two types: circuit layer (layer 5) app layer (layer 7)

Answer 379

minimal impact on network performance full inspection of packets at eveyr layer placed closed to system they protect

Answer 380

next gen firewall application aware and can distinguish between different types of traffic Example: it may allow aql server traffic regardless of the port # used conducts deep packet analysis and use signature based intrusion protection -

Answer 381

unified threat management firewall -combines multiple security functions in a single device single point of failure

Answer 382

web application firewall prevents against cross site scripting and SQL injections can be placed in line (live attack prevention) where the device sits between the network firewall and the web servers or out of line (detectio) device receives a mirroed copy of web server traffic

Answer 383

operates at the transport layer filters traffic based on port numbers and protocol data

Answer 384

operates at app layer inspects filters and controls traffic based on content and data characteristics

Answer 385

access control lists consist of permit and deny statements often based on port numbers rule sets placed on firewalls, routers and network infrastructure devices includes types of traffic source destination and action to be taken against the traffic

Answer 386

a dedicated network security device

Answer 387

A firewall that runs as a software application on individual devices, such as workstations ● Utilizes ACLs and rules to manage incoming and outgoing traffic, providing security at the software level on a per-device basis

Answer 388

intrusion detection system Logs or alerts that it found something suspicious or malicious

Answer 389

Network-based IDS Monitors the traffic coming in and out of a network

Answer 390

Looks at suspicious network traffic going to or from a single or endpoint

Answer 391

wireless IDS Detects attempts to cause a denial of a service on a wireless network

Answer 392

Analyzes traffic based on defined signatures and can only recognize attacks based on previously identified attacks in its database

Answer 393

specific pattern of steps NIDS and WIDS

Answer 394

known system baseline HIDS

Answer 395

Analyzes traffic and compares it to a normal baseline of traffic to determine whether a threat is occurring Five Types of Anomaly-based Detection Systems ■ Statistical ■ Protocol ■ Traffic ■ Rule or Heuristic ■ Application-based

Answer 396

Logs, alerts, and takes action when it finds something suspicious or malicious Scans traffic to look for malicious activity and takes action to stop it

Answer 397

A dedicated hardware device with pre-installed software for specific networking services

Answer 398

Distribute network/application traffic across multiple servers ● Enhance server efficiency and prevent overload ● Ensure redundancy and reliability ● Perform continuous health checks ● Application Delivery Controllers (ADCs) offer advanced functionality

Answer 399

Act as intermediaries between clients and servers Provide content caching, requests filtering, and login management Enhance request speed and reduce bandwidth usage Add a security layer and enforce network utilization policies Protect against DDoS attacks

Answer 400

Secure gateways for system administrators to access devices in different security zones -Control access and reduce the attack surface areaSecure gateways for system administrators to access devices in different secuA jump server is placed between a user's workstation and the target servers or devices, providing a controlled point of access. It helps isolate the internal network from potential threats originating from external networks.

Answer 401

A network switch feature that restricts device access to specific ports based on MAC addresses

Answer 402

Networking devices that operate at Layer 2 of the OSI model Use MAC addresses for traffic switching decisions through transparent bridging

Answer 403

Content Addressable Memory Stores MAC addresses associated with switch ports Vulnerable to MAC flooding attacks, which can cause the switch to fail open

Answer 404

Provides port-based authentication for wired and wireless networks Requires three roles ● Supplicant ● Authenticator ● Authentication server (RADIUS or TACACS+

Answer 405

Remote Authentication Dial-In User Service) is a protocol that manages authentication, authorization, and accounting (AAA) for users who connect to the network. cross platform

Answer 406

TACACS+ is slower but offers additional security and independently handles authentication, authorization, and accounting CISCO

Answer 407

(Extensible Authentication Protocol) you walk up to a building, a guard comes up and asks for a form of identification could be a driver's license, etc this is like the different variants of EAP then your credentials are forwaded to the RADIUS server whcih checks them against a database

Answer 408

Uses simple passwords and the challenge handshake authentication process to provide remote access authentication ○ One-way authentication process ○ Doesn’t provide mutual authentication

Answer 409

REquires a digital certificate on the server, but not on the client ○ The client uses a password for authentication

Answer 410

Uses public key infrastructure with a digital certificate which is installed on both the client and the server ○ Uses mutual authentication

Answer 411

Uses protected access credential, instead of a certificate, to establish mutual authentication

Answer 412

Supports mutual authentication using server certificates andActive Directory databases to authenticate a password from the client

Answer 413

Cisco proprietary and limited to Cisco devices

Answer 414

virtual private network Extend private networks across public networks

Answer 415

Connects two sites cost-effectively Replaces expensive leased lines Utilizes a VPN tunnel over the public internet Encrypts and secures data between sites

Answer 416

Connects a single host (e.g., laptop) to the central office Ideal for remote user access to the central network Options for full tunnel and split tunnel configurations

Answer 417

Uses a web browser to establish secure, remote-access VPN No need for dedicated software or hardware client Utilizes HTTPS and TLS protocols for secure connections to websites

Answer 418

Encrypts and routes all network requests through the VPN ○ Provides high security, clients fully part of central network ○ Limits access to local resources ○ Suitable for remote access to central resources

Answer 419

Divides traffic, routing some through the VPN, some directly to the internet Enhances performance by bypassing VPN for non-central traffic

Answer 420

Provides encryption and security for data in transit Used for secure connections in web browsers (HTTPS) operates at layer 4 Transport layer TLS: Operates at the Transport Layer, securing individual connections between applications. IPSec: Operates at the Network Layer, securing IP packets and often used for creating secure network tunnels

Answer 421

datagram TLS A faster User Datagram Protocol-based (UDP-based) alternative Ensures end-user security and protects against eavesdropping in clientless VPN connections

Answer 422

A secure protocol suite for IP communication IPSec: Operates at the Network Layer, securing IP packets and often used for creating secure network tunnels

Answer 423

securing the payload of the IP packet

Answer 424

Provides confidentiality for both payload and header Adds a new header to encapsulate the entire packet

Answer 425

AH adds an extra header to the original IP packet. This header contains a cryptographic hash of the packet’s content, which allows the recipient to verify that the packet has not been altered. : Think of AH as sending a sealed and stamped letter (packet) where the recipient can verify that the letter has not been tampered with and is indeed from the sender, but anyone can still see the content of the letter.

Answer 426

Provides confidentiality, integrity, and encryption ● Provides replay protection ● Encrypts the packet’s payload Think of ESP as sending a sealed and locked box (packet) that not only ensures the recipient can verify the sender and check for tampering but also keeps the contents of the box hidden from anyone who doesn't have the key.

Answer 427

Software defined wide area network is a technology that simplifies the management and operation of a WAN (Wide Area Network) by separating the networking hardware from its control mechanism using software. Here’s a simple explanation: Without SD-WAN: It’s like driving without a GPS, relying on static maps and hoping for the best route, even if traffic conditions change. With SD-WAN: It’s like using a GPS that constantly updates your route based on real-time traffic information, ensuring you always take the fastest and most efficient path to your destination.

Answer 428

Secure Access Service Edge) A network architecture combining network security and WAN capabilities in a single cloud-based service SD-WAN is a foundational component of SASE. It provides the network optimization and dynamic routing capabilities. SASE builds on SD-WAN by adding comprehensive security services

Answer 429

Isolate devices with similar security requirements

Answer 430

allows traffic to pass during a failure

Answer 431

Blocks all traffic during a failure, prioritizing security over connectivity

Answer 432

Users and systems should have only necessary access rights to reduce the attack surface

Answer 433

Utilize multiple layers of security to ensure robust protection even if one control fails

Answer 434

Prioritize controls based on potential risks and vulnerabilities specific to the infrastructure

Answer 435

Regularly review, update, and retire controls to adapt to the evolving threat landscape

Answer 436

Ensure transparency and accountability through rigorous testing andscrutiny of controls

Answer 437

Ensures right individuals have right access to right resources for right reasons ● Password Management ● Network Access Control ● Digital Identity Management

Answer 438

identification, authentication, authorization, and accounting

Answer 439

User claims an identity using a unique identifier (e.g., username or email address

Answer 440

Verifies the identity of a user, device, or system ● Typically involves validating user credentials against an authorized user database

Answer 441

Determines the permissions or access levels for authenticated users

Answer 442

tracks and records user activities

Answer 443

Creating new user accounts, assigning permissions, and providing system access

Answer 444

Removing access rights when no longer needed (e.g., when an employee leaves

Answer 445

Process of verifying a user's identity before creating their accoun

Answer 446

Ability of different systems, devices, and applications to work together and share information ● In IAM, it can involve using standards like SAML or OpenID Connect for secure authentication and authorization

Answer 447

A security system requiring multiple methods of authentication from independent categories of credentials

Answer 448

An alternative to traditional passwords for authentication Involves creating a passkey secured by device authentication methods like fingerprint or facial recognition

Answer 449

password generation auto fill secure sharing cross platform access

Answer 450

one time passwords

Answer 451

one time links sent to email for auto login

Answer 452

Tries every possible character combination until the correct password is found

Answer 453

Uses a list of commonly used passwords (a dictionary) to crack passwords

Answer 454

A form of brute force attack that tries a few common passwords against many usernames or account

Answer 455

Combines elements of brute force and dictionary attacks May include variations, such as adding numbers or special characters to passwords

Answer 456

single sign on Authentication process allowing users to access multiple applications with one set of credentials

Answer 457

Lightweight Directory Access Protocol) -protocol for SSO -Lightweight Directory Access Protocol) -Can share user information across network resources

Answer 458

Allows third-party services to access user account information without exposing passwords

Answer 459

Redirects users to an identity provider for authentication

Answer 460

Links electronic identities and attributes across multiple identity management systems -Enables users to use the same credentials for login across systems managed by different organizations

Answer 461

priviledged access managment Solution that restricts and monitors privileged access within an IT environment

Answer 462

Security model that grants administrative access only when needed for a specific task

Answer 463

Technique that stores and manages passwords securely, often in a digital vault.

Answer 464

Temporary accounts used for time-limited access to resources

Answer 465

Uses security labels to authorize resource access Requires assigning security labels to both users and resources

Answer 466

discretionary access control Resource owners specify which users can access their resources

Answer 467

Role-Based Access Control

Answer 468

Uses security rules or access control lists ● Policies can be changed quickly and frequently ● Applied across multiple users on a network segment

Answer 469

attribute base access control user attributes, environment attributes etc

Answer 470

Define the levels of access that users have

Answer 471

A mechanism designed to ensure that actions requiring administrative rights are explicitly authorized by the use

Answer 472

Specialized software stored on hardware devices ● Can grant attackers full control, leading to unauthorized access or takeover

Answer 473

No updates or support from the manufacturer

Answer 474

Outdated and superseded by newer alternatives

Answer 475

no official support ever

Answer 476

Tighten security by closing unnecessary ports, disabling services, and setting permission

Answer 477

Regular updates to fix known vulnerabilities in software, firmware, and applications

Answer 478

Wireless technology for short-distance data exchange

Answer 479

Occurs when Bluetooth devices establish a connection without proper authentication

Answer 480

Occurs when an attacker impersonates a device to trick a user into connecting

Answer 481

Exploits Bluetooth protocol vulnerabilities to intercept and alter communications between devices without either party being aware

Answer 482

Sending unsolicited messages to a Bluetooth device ● Often used for pranks or testing vulnerabilities

Answer 483

Unauthorized access to a device to steal information like contacts, call logs, and text messages

Answer 484

Allows attackers to take control of a device's Bluetooth functions

Answer 485

Installing apps from unofficial sources bypassing the device's default app store

Answer 486

Gives users escalated privileges but exposes devices to potential security breaches

Answer 487

Discovered or exploited before vendors issue patches

Answer 488

Appear as legitimate security updates but contain malware or exploits

Answer 489

Involves sending malicious data to a system for unintended consequences

Answer 490

used to interact with databases

Answer 491

Involves inserting malicious SQL code into input fields

Answer 492

Used for data exchange in web applications

Answer 493

billions laigh attack Consumes memory exponentially, acting like a denial-of-service attack

Answer 494

xml external entity attack Attempts to read local resources, like password hashes in the shadow file

Answer 495

cross site scripting Injects a malicious script into a trusted site to compromise the site’s visitors

Answer 496

A XSS attack that only occurs when it is launched and only happens once ○ Server executes the attack (Server-side scripting attack)

Answer 497

Allows an attacker to insert code into a backend database used by that trusted website

Answer 498

document object model Exploits the client’s web browser using client-side scripts to modify the content and layout of the web page

Answer 499

Enables web applications to uniquely identify a user across several different actions and requests

Answer 500

Text file used to store information about a user when they visit a website

Answer 501

■ Also known as a session cookie ■ Resides in memory and are used for a very short time period ■ Deleted at the end of the session

Answer 502

Stored in the browser cache until either deleted by a user or expire

Answer 503

Type of spoofing attack where the attacker disconnects a host and then replaces it with his or her own machine by spoofing the original host IP

Answer 504

Type of spoofing attack where the attacker attempts to predict the session token in order to hijack the session

Answer 505

cross site request forgery Malicious script is used to exploit a session started on another site within the same web browser

Answer 506

Occurs when a process stores data outside the memory range allocated by the developer

Answer 507

Temporary storage areas used by programs to hold data

Answer 508

Programs have a reserved memory area called a stack to store data during processing

Answer 509

Attackers aim to overwrite the return address with a pointer to their malicious code

Answer 510

Attackers fill the buffer with NOP (No-Operation) instructions

Answer 511

Address Space Layout Randomization mitigation against buffer attack

Answer 512

Software vulnerabilities related to the order and timing of events in concurrent processes

Answer 513

Software vulnerability that occurs when the code attempts to remove the relationship between a pointer and the thing that the pointer was pointing to in the memory which allows changes to be made

Answer 514

A real-world example of race condition exploitation

Answer 515

time of check Attackers manipulate a resource's state after it is checked but before it is used

Answer 516

Attackers alter a resource's state after it is checked but before it is used

Answer 517

time of evaulation Attackers manipulate data or resources during the system's decision-making or evaluation process ● Can lead to incorrect results or unexpected behavior

Answer 518

Mutually exclusive flag that acts as a gatekeeper to a section of code so that only one thread can be processed at a time ○ Mutexes ensure only one thread or process can access a specific section of code at a time mitigation against race condition

Answer 519

Occurs when a lock remains in place because the process it’s waiting for is terminated, crashes, or doesn’t finish properly, despite the processing being complete

Answer 520

denial of service Used to describe an attack that attempts to make a computer or server’s resources unavailable

Answer 521

Overloading a server with ICMP echo requests (pings)

Answer 522

Initiating multiple TCP sessions but not completing the 3-way handshake

Answer 523

permanent DoS exploits security flaws to break a networking device permanently by re-flashing its firmware

Answer 524

Attack creates a large number of processes, consuming processing power

Answer 525

Malicious attempt to disrupt the normal functioning of a network, service, or website by overwhelming it with a flood of internet traffic

Answer 526

Specialized DDoS that allows an attacker to initiate DNS requests from a spoof IP address to flood a website

Answer 527

Routes attacking IP traffic to a non-existent server through a null interface ● Effective but temporary solution

Answer 528

domain name system Fundamental component of the internet that is responsible for translating human-friendly domain names into IP addresses that computers can understand

Answer 529

(Domain Name System Security Extensions) to add digital signatures to DNS data

Answer 530

aka DNS spoofing ● Corrupts a DNS resolver's cache with false information ● Redirects users to malicious websites

Answer 531

Overwhelms a target system with DNS response traffic by exploiting the DNS resolution process

Answer 532

Encapsulates non-DNS traffic (e.g., HTTP, SSH) over port 53 Attempts to bypass firewall rules for command and control or data exfiltration

Answer 533

Unauthorized change of domain registration

Answer 534

Exposes sensitive information about a domain's network infrastructure

Answer 535

An injection attack occurs when the attacker inserts malicious code through an application interface

Answer 536

Web application vulnerability that allows an attacker either to download a file from an arbitrary location on the host file system or to upload an executable or script file to open a backdoor

Answer 537

An attacker adds a file to the web app or website that already exists on the hosting server

Answer 538

Vulnerability allows an attacker to run their code without restrictions

Answer 539

Type of arbitrary code execution that occurs remotely, often over the internet

Answer 540

Gaining higher-level permissions than originally assigned

Answer 541

Accessing or modifying resources at the same level as the attacker

Answer 542

Class of malware that conceals its presence by modifying system files, often at the kernel level

Answer 543

the kernel

Answer 544

rings 1-3 has admin privileges

Answer 545

Type of network-based attack where valid data transmissions are maliciously or fraudulently re-broadcast, repeated, or delayed ■ Involves intercepting data, analyzing it, and deciding whether to retransmit it later

Answer 546

Specific type of replay attack that Involves capturing a user's login credentials during a session and reusing them for unauthorized access

Answer 547

Enables web applications to uniquely identify a user across a number of different actions and requests, while keeping the state of the data generated by the user and ensuring it is assigned to that user

Answer 548

A type of spoofing attack where the attacker disconnects a host then replaces it with his or her own machine, spoofing the original host's IP address

Answer 549

A type of spoofing attack where the attacker attempts to predict the session token to hijack a sessioC

Answer 550

Modifies the contents of a cookie after it has been generated and sent by the web service to the client's browser so that the newly modified cookie can be used to exploit vulnerabilities in the web application

Answer 551

An attack where the attacker positions their workstation logically between two hosts during communication

Answer 552

Manipulating Address Resolution Protocol (ARP) tables to redirect network traffic

Answer 553

Altering DNS responses to reroute traffic

Answer 554

Creating a fake wireless access point to intercept traffic

Answer 555

Introducing a malicious hub or switch to capture data on a wired network

Answer 556

Occurs when an attacker captures valid data and then replays it immediately or with a delay

Answer 557

The attacker becomes part of the conversation between two hosts

Answer 558

An attack that tricks the encryption application into presenting an HTTP connection instead of HTTPS

Answer 559

An attacker forces a client or server to abandon a higher security mode in favor of a lower security mode

Answer 560

An application attack that targets web-based applications by fabricating LDAP statements that are typically created by user inpu

Answer 561

Occurs when a threat actor is able to execute arbitrary shell commands on a host via a vulnerable web application

Answer 562

method of executing arbitrary code in the address space of a separate live process

Answer 563

indicators of compromise Pieces of forensic data that identify potentially malicious activity on a network or system

Answer 564

Involves configuring systems with only essential applications and services

Answer 565

Only applications on the approved list are allowed to run

Answer 566

Applications placed on the blocklist are prevented from running ■ All other applications are permitted to run

Answer 567

trusted OS An operating system that is designed to provide a secure computing environment by enforcing stringent security policies that usually rely on mandatory access control

Answer 568

evaluation assurance level EAL 1 lowest EAL 7 highest

Answer 569

A software patch that solves a security issue and should be applied immediately after being tested in a lab environment

Answer 570

Provides a system with additional functionality, but it doesn’t usually provide any patching of security related issues ■ Often introduce new vulnerabilities

Answer 571

Includes all the hotfixes and updates since the release of the operating system

Answer 572

Planning, testing, implementing, and auditing of software patches

Acronyms 2 Flashcards

(602 cards)