Acronyms 3 Flashcards

Question

Heat maps

Answer 1

Graphical representations of ○ Wireless coverage ○ Signal strength ○ Frequency utilization ● Useful for troubleshooting ○ Coverage issues ○ Dead zones ○ Signal leakage

Answer 2

(Wired Equivalent Privacy) Utilizes a static encryption key system

Answer 3

Wi-Fi Protected Access

Answer 4

■ The latest and most secure wireless security protocol. ■ Uses AES for encryption and introduces new features. ■ Features ● Simultaneous Authentication of Equals (SAE) ○ Replaces the 4-way handshake with a Diffie-Hellman key agreement ○ Protects against offline dictionary attacks ● Enhanced Open (Opportunistic Wireless Encryption) ○ Provides individualized data encryption even in open networks ○ Improves privacy and security in open Wi-Fi scenarios ● Updated Cryptographic Protocols ○ AES GCMP replaces AES CCMP used in WPA2 ○ Supports both 128-bit and 192-bit AES for enhanced security ● Management Frame Protection ○ Ensures the integrity of network management traffic ○ Prevents eavesdropping, forging, and tampering with management frames

Answer 5

Simultaneous Authentication of Equals Replaces the 4-way handshake with a Diffie-Hellman key agreement ○ Protects against offline dictionary attack

Answer 6

Opportunistic Wireless Encryption provides encryption even in open networks

Answer 7

Ensures the integrity of network management traffic Prevents eavesdropping, forging, and tampering with management frame

Answer 8

Important for centralized user authentication and access control

Answer 9

static code analysis A method of debugging an application by reviewing and examining its source code before running the program

Answer 10

dynamic code analysis

Answer 11

inputs random data to provoke crashes

Answer 12

Evaluates system stability and reliability under extreme conditions

Answer 13

Confirms the software author's identity and integritySan

Answer 14

Isolates running programs, limiting their access to resources

Answer 15

network access control Used to protect networks from both known and unknown devices by scanning devices to assess their security status before granting network access

Answer 16

installed on devices in a corporate environment where the org controls and owns the device software

Answer 17

Common in environments with personal devices (e.g., college campuses); users connect, access a web-based captive portal, download an agent for scanning and delete itself after insepction

Answer 18

Web filtering or content filtering is used to control or restrict the content users can access on the internet

Answer 19

nvolves installing an agent on each device ● Monitors and enforces web usage policies ● Effective for remote and mobile worker

Answer 20

Uses a proxy server as an intermediary between an organization’s end users and the Internet

Answer 21

Analyzes website URLs to check for matches in a database of known malicious websites

Answer 22

Classifies websites into categories (e.g., social media, adult content) and blocks or allows categories based on policies

Answer 23

Specific guidelines set by organizations to prevent access to certain websites or categories, often used to address security threats

Answer 24

Blocks or allows websites based on a reputation score determined by third-party services, considering factors like hosting malware or phishing

Answer 25

DNS filtering (Domain Name System filtering) blocks access to specific websites by preventing the translation of domain names to their IP addresse

Answer 26

Encompasses techniques and protocols to protect email content, accounts, and infrastructure from unauthorized access, loss, or compromise

Answer 27

domainkeys identified mail Allows the receiver to verify the source and integrity of an email by adding a digital signature to the email headers

Answer 28

sender policy framework Prevents sender address forgery by verifying the sender's IP against authorized IPs listed in the sender's domain DNS records

Answer 29

Domain-based Message Authentication, Reporting and Conformance) ● DMARC detects and prevents email spoofing by setting policies for email sending and handling failures

Answer 30

Email gateways serve as entry and exit points for emails, facilitating secure and efficient email transmission ● They use SMTP (Simple Mail Transfer Protocol) to send and receive emails ● Email gateways handle email routing, email security, policy enforcement, and email encryption

Answer 31

Spam filtering detects and prevents unwanted and unsolicited emails from reaching users' inboxes

Answer 32

endpoint detection and response Category of security tools that monitor endpoint and network events and record the information in a central database

Answer 33

file integrity monitoring validates the integrity of operating system and application software files by comparing their current state with a known, good baseline

Answer 34

extended detection and response Security strategy that integrates multiple protection technologies into a single platform ■ EDR is focused on the endpoints to detect and respond to potential threats ■ XDR is more comprehensive solution because it focuses on endpoints, but also on networks, cloud, and email to detect and respond to potential threats

Answer 35

user behavior analytics Advanced cybersecurity strategy that uses big data and machine learning to analyze user behaviors for detecting security threats

Answer 36

user behavior and entity behavior analytics Technology similar to UBA but extends the monitoring of entities like routers, servers, and endpoints in addition to user accounts

Answer 37

■ Choose secure protocols to protect data in transit from unauthorized access ● Examples include HTTP vs. HTTPS, FTP vs. SFTP, Telnet vs. SSH

Answer 38

app layer protocol that allows a user to log in from one computer to another on the same network, uses plaintext, use ssh instead

Answer 39

1024-49151

Answer 40

transmission control protocol Connection-oriented, ensuring data delivery without errors

Answer 41

user datagram protocol Connectionless and faster, but doesn't guarantee data delivery Suitable for applications prioritizing speed over accuracy, like streaming video or gaming

Answer 42

Automated probing of systems, networks, and applications to discover potential vulnerabilities

Answer 43

■ Provide valuable information about potential or current threats to an organization's security ■ Continuous streams of data related to potential or current threats ■ Collected, analyzed, and disseminated by security researchers, organizations, or automated tools

Answer 44

Continuous process to comprehend the specific threats an organization faces

Answer 45

open source intelligence Collected from publicly available sources like reports, forums, news articles, blogs, and social media

Answer 46

A hidden part of the internet inaccessible through standard browsers

Answer 47

Ethical practice for disclosing vulnerabilities in software, hardware, or onlines ervices

Answer 48

Robust responsible disclosure programs incentivizing security researchers

Answer 49

very serious

Answer 50

common vulnerabilities and exposures System that provides a standardized way to uniquely identify and reference known vulnerabilities in software and hardware

Answer 51

exposure factor A quantifiable metric to estimate the percentage of asset damage

Answer 52

The level of risk an organization is willing to accept

Answer 53

Temporarily relaxing or bypassing security controls or policies for operational business needs, with an understanding of associated risks

Answer 54

A permanent waiver of security controls or policies due to specific reasons, often for legacy systems

Answer 55

Involve installing patches, reconfiguring devices, or other actions

Answer 56

Involves systematic review of logs, configurations, and patches

Answer 57

Checks for misconfigurations or deviations

Answer 58

Final step in validating remediation

Answer 59

Ensures applications and services are functioning correctly

Answer 60

Process of documenting and communicating security weaknesses in software or systems to individuals and organizations responsible for addressing the issues

Answer 61

Ethical and judicious disclosure to affected stakeholders before public announcement

Answer 62

Collects and consolidates log data from various sources into a central location

Answer 63

Involves setting up notifications for specific events or conditions

Answer 64

Regularly examines systems, networks, or applications to identify vulnerabilities, misconfigurations, and issues

Answer 65

Involves long-term storage of data, including ○ Log data ○ Performance data ○ Incident data

Answer 66

Isolates a system, network, or application suspected of being compromised

Answer 67

Adjusts alert parameters to reduce errors, false positives, and improve alert relevance

Answer 68

Simple Network Management Protocol An Internet protocol used for collecting information from managed devices on IP networks and modifying device behavior ■ Managed devices include the following ● Routers ● Switches ● Firewalls ● Printers ● Servers ● Client devices

Answer 69

A central system that collects and processes information from managed devices Often set up as a server, especially in large enterprise environments

Answer 70

Networked devices that send information about themselves to the manager

Answer 71

Manager-to-agent request to change variable values

Answer 72

Manager-to-agent request to retrieve variable values

Answer 73

Asynchronous notifications from agents to the manager to notify significant events

Answer 74

object identifier for SNMP messages

Answer 75

The manual or database that details what each sensor or control unit can report or control (like temperature readings, light levels, camera status).

Answer 76

Security Information and Event Management) A solution for real-time or near-real-time analysis of security alerts generated by network hardware and application

Answer 77

Software agents are installed on each system to collect and send log data

Answer 78

Log data is collected directly from systems using standard protocol Reduces maintenance but may not collect real-time or detailed data

Answer 79

elastic stack A collection of free and open-source SIEM tools, including the following ○ Elasticsearch ○ Logstash ○ Kibana

Answer 80

Protects systems against malware, including the following ● Viruses ● Worms ● Trojans ● Ransomware ● Spyware Generates data like malware detection logs, system scans, and updates ■ Data sent to SIEM for aggregation and correlation ■ Helps identify security threats and system health

Answer 81

data loss prevention system sends info to SIEM

Answer 82

send info to SIEM

Answer 83

security content automation protocol Suite of open standards that enhances the automation of vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization helps with automating scanning for example

Answer 84

open vulnerability and assessment language XML schema for describing system security states and querying vulnerability reports has to do with SCAP

Answer 85

Extensible Configuration Checklist Description Format) ● XML schema for developing and auditing best-practice configuration checklists and rules ● Allows improved automation has to do with SCAP

Answer 86

asset reporting format XML schema for expressing information about assets and their relationships ● Vendor and technology neutral ● Flexible ● Suited for a wide variety of reporting application has to do with SCAP

Answer 87

common configuration enumeration Scheme for provisioning secure configuration checks across multiple sources ● Provides unique identifiers for different system configuration issue Books (Configuration Elements): Each book represents a specific configuration setting or issue in an IT environment. Library Catalog (CCE): The library catalog provides a standardized format (CCE) for identifying and categorizing books (configuration elements) based on their subject, author, or genre. Unique Identifier (CCE-ID): Each book is assigned a unique catalog number (CCE-ID) for easy reference and retrieva

Answer 88

common platform enumeration Identifies hardware devices, operating systems, and applications

Answer 89

common vulnerability scoring system Used to provide a numerical score reflecting the severity of a vulnerability (0 to 10

Answer 90

Sets of security configuration rules for specific products to establish security baselines ● Provide a detailed checklist that can be used to secure systems to a specific baseline

Answer 91

full packet capture for network analysis

Answer 92

Focuses on recording metadata and statistics about network traffic, saving storage space ■ Doesn’t include the actual content, just the metadata ■ Rapidly generates visualizations to map network connections, traffic types and session volumes

Answer 93

Records metadata and statistics about network traffic Collects information about the following ● Type of traffic ● Protocol used ● Data volume

Answer 94

Cisco-developed protocol for reporting network flow information also known as IPFIX

Answer 95

Hybrid tool for network monitoring Monitors traffic like NetFlow but logs full packet captures based on interest

Answer 96

multi router traffic grapher Creates graphs displaying network traffic flows through routers and switches

Answer 97

dingle pane of glass

Answer 98

Creating a bit-by-bit copy (image) of a storage device, examining content

Answer 99

An act violating a security policy

Answer 100

7 phases prep detect analyze contain eradicate recover post incident activity

Answer 101

The core team includes cybersecurity professionals with incident response experience

Answer 102

root cause analyiss

Answer 103

tabletop exervise discussion abased lacks hands on activity

Answer 104

Goes beyond tabletop discussions, involving realistic, hands-on scenarios

Answer 105

Systematic process of investigating and analyzing digital devices and data to uncover evidence for legal purposes

Answer 106

Documented and verifiable record that tracks the handling, transfer, and preservation of digital evidence from the moment it is collected until it is presented in a court of law

Answer 107

Focuses on extracting files and data fragments from storage media without relying on the file system

Answer 108

Issued when litigation is expected and preserves potentially relevant electronic data ● Ensures evidence is not tampered with, deleted, or lost

Answer 109

Process of identifying, collecting, and presenting electronically stored information for potential legal proceedings

Answer 110

Guides the sequence of collecting data, from most volatile (CPU registers and cache) to least volatile (archival media)

Answer 111

Records events and messages in operating systems, software, and network devices

Answer 112

Linux command-line utility for querying and displaying logs from the Journal Daemon (SystemD's logging service

Answer 113

Multi-platform, open-source log management tool Identifies security risks and analyzes logs from server, OS, and applications

Answer 114

Network protocol for collecting active IP network traffic data ■ Provides information on source, destination, volume, and paths

Answer 115

Open-source alternative to NetFlow

Answer 116

data that describes other data

Answer 117

Graphical displays of information across multiple systems

Answer 118

A big data platform for ingesting various types of data, including security and incident response data ■ Collects data from firewalls, applications, endpoints, operating systems, intrusion detection systems, intrusion prevention systems, antivirus software, and networks

Answer 119

Generated by computer systems to provide information about various aspects of a network's security

Answer 120

Serves as unique digital fingerprint for file identification, including potential malware

Answer 121

Security Orchestration, Automation, and Response Class of security tools for incident response, threat hunting, and security configurations ■ Purpose ● Orchestrate and automate runbooks, deliver data enrichment Integrating SIEM and SOAR for advanced security capabilities

Answer 122

Automated version of a playbook with defined interaction points for human analysis

Answer 123

continuous integration developers merge code changes into a central repository

Answer 124

Process of finalizing and preparing new software or updates Enabling software installation and usage

Answer 125

Involves automated process of software releases to users

Answer 126

continuous integration and elivery stops short of deploying to production

Answer 127

Takes CI/CD further by automatically deploying code changes to testing and production environments

Answer 128

Set of rules and protocols used for building and integrating application software

Answer 129

(Representational State Transfer) ○ REST uses standard HTTP methods, status codes, URIs, and MIME types for interactions ○ Primarily uses JSON for data transfer

Answer 130

(Simple Object Access Protocol) ○ SOAP has a structured message format in XML ○ Known for robustness, additional security features, and transaction compliance ○ Suitable for enterprise-level web services with complex transactions and regulatory compliance requirements

Answer 131

API testing tool A tool for transferring data to or from a server using various supported protocols

Acronyms 3 Flashcards

(159 cards)