Acronyms + Description Flashcards

Question

ASP

Answer 1

Active Server Page Provides an application as a service over a network

Answer 2

Adversarial Tactics, Techniques, and Common Knowledge A knowledge base maintained by MITRE

Answer 3

Acceptable Use Policy

Answer 4

Anti-Virus

Answer 5

Asset Value: Asset Value is half of the formula for a one-time loss or SLE (Single Loss Expectancy). AV x EF (Exposure Factor) = SLE

Answer 6

Advanced Volatile Threat

Answer 7

Bourne Again Shell Linux command line

Answer 8

Business Continuity Planning Need to identify critical business systems, which systems need to be protected the most, and have resources available to help recover them

Answer 9

Border Gateway Protocol

Answer 10

Browser Exploitation Frameworks

Answer 11

Business Impact Analysis Identify resources that are critical to an organization's ability to sustain operations against threats to those resources. It also assesses the possibility that each threat will occur and the impact those occurrences will have on the organization.

Answer 12

Basic Input/Output System The firmware sends instructions to the hardware so the system can boot.

Answer 13

Business Partnership Agreement The agreement between two entities, what is expected with respect to finances, services, and security.

Answer 14

Bridge Protocol Data Unit

Answer 15

Basic Service Set Identifier

Answer 16

Bring Your Own Device The model where the organization allows a user to use their personal device for business needs also covers allowing the end-user to use the company's Internet with their personal electronic devices.

Answer 17

Command & Control

Answer 18

Certificate Authority: Sometimes referred to as PKI (Public Key Infrastructure). Issues and signs certificates, and maintains the public / private key pair.

Answer 19

Common Access Card Considered a smart card or digital certificate. Typically issued to military personnel and contractors that need access to DoD (Department of Defense) systems and facilities. This falls under the "Something you have" authentication factor.

Answer 20

Completely Automated Public Turing Test to Tell Computers and Humans Apart An image of text characters or audio of some speech that is difficult for a computer to interpret

Answer 21

Corrective Action Report A report to document actions taken to correct an event, incident, or outage.

Answer 22

Cloud Access Security Broker Enterprise management software designed to mediate access to cloud services by users across all types of devices

Answer 23

Cipher Block Chaining A mode of operation for DES, which uses an IV (Initialization Vector) for the first plaintext block and then combines with the next plaintext block using XOR (Exclusive OR). There is a delay using this process. With this method, no plain-text block produces the same ciphertext.

Answer 24

Computer-based Training

Answer 25

Co-Channel Interference

Answer 26

Cipher Block Chaining Message Authentication Code Protocol Strongest wireless encryption, replaces TKIP, used with AES

Answer 27

Closed-circuit Television Detective Control, Deterrent Control

Answer 28

Cryptographic Erase A method of sanitizing a self-encrypting drive by erasing the media encryption key

Answer 29

Cross-over Error Rate A metric for biometric technologies are rated. The CER is the point where the FRR (False Rejection Rate) and FAR (False Acceptance Rate) meet. The lowest possible CER is most desirable.

Answer 30

Computer Emergency Response Team

Answer 31

Cipher Feedback This AES mode of operation is the streaming cipher version of CBC. It uses an IV and chaining. The IV is first encrypted and then the result is XORed with the previous plain-text block.

Answer 32

Challenge Handshake Authentication Protocol An encrypted authentication protocol normally used for remote access.

Answer 33

Continuous Integration

Answer 34

Confidentiality, Integrity, Availability

Answer 35

Chief Information Officer

Answer 36

Computer Incident Response Team

Answer 37

Chief Information Security Officer

Answer 38

Content Management System SaaS (Software as a Service)

Answer 39

Common Name An X500 (LDAP) attribute expressing a host or user name, also used as the subject identifier for a digital certificate

Answer 40

Corporate Owned, Business Only Enterprise mobile device provisioning model where the device is the property of the organization and personal use is prohibited.

Answer 41

Continuity of Operations Plan Designing operations and systems to be as little affected by an incident and to have resources to recover from them.

Answer 42

Corporate Owned, Personally Enabled Company owns and supplies the device. The employee may use the device for web browsing, personal email, and personal social media sites.

Answer 43

Contingency Planning

Answer 44

Cyclical Redundancy Check Error-detecting code used to detect errors in the packet during transmission.

Answer 45

Certificate Revocation List A list of certificates that were revoked before they were configured to expire

Answer 46

Cloud Security Alliance

Answer 47

Cybersecurity Framework

Answer 48

Computer Security Incident Response Team

Answer 49

Chief Security Officer

Answer 50

Cloud Service Provider

Answer 51

Content Security Policy

Answer 52

Cryptographic Service Provider

Answer 53

Certificate Signing Request When a subject wants a certificate, it completes a CSR and submits it to a CA (Certificate Authority)

Answer 54

Cross-Site Request Forgery The attacker passes an HTTP request to the victim's browser in an attempt to gain the user's password and username. The output of the attack could include keywords such as "Buy" or "Purchase" or "Pay To"

Answer 55

Channel Service Unit

Answer 56

Capture The Flag

Answer 57

Cyber Threat Intelligence

Answer 58

Counter-Mode The fastest of the modes. An encryption mode that uses a constantly changing IV also functions similarly to a stream cipher.

Answer 59

Chief Technology Officer

Answer 60

Common Vulnerabilities and Exposures This is a place to find out what platforms have vulnerabilities

Answer 61

Common Vulnerability Scoring System This scoring system lets you know the criticality / impact to the system

Answer 62

Card Verification Value

Answer 63

Choose Your Own Device A mobile deployment model where the company gives the employees a list of approved mobile devices they can use on the corporate network. This helps keep the devices with more current models.

Answer 64

Discretionary Access Control Access control is set by the data owner, or possibly the administrator. The permissions can be applied to a group or an individual.

Answer 65

Database Administrator

Answer 66

Database Management Systems

Answer 67

Data Duplicator Linux command that makes a bit-by-bit copy of an input file, typically used for disk imaging

Answer 68

Distributed Denial of Service Many devices attacking a single device. The devices can be PCs' laptops, DVRs, Webcams, etc. This type of attack is carried out via a botnet, and the devices are known as drones or zombies.

Answer 69

Data Execution Prevention A feature that prevents malicious code from executing in memory. This feature is programmed into Windows, AMD CPU's, & Intel CPU's. If you were looking at a log output, you might see one of the columns as "DEP". In the column, if it says "Yes", good chance the malware did not execute from that area. If it says no, that might be where the attack originated.

Answer 70

Distinguished Encoding Rules Is used to create a binary representation of the information on the certificate. The DER-encoded binary file can be represented as ASCII characters using Base64 Privacy-enhanced Electronic Mail (PEM) encoding. File extensions .cer and .crt contain either binary DER or ASCII PEM data.

Answer 71

Digital Encryption Standard Symmetric block cipher that encrypts in blocks of 64 bits and uses a 56-bit key. This method is deprecated and the easiest upgrade is 3DES (Triple DES). Considered weak encryption and has been deprecated

Answer 72

Development and Operations

Answer 73

Development, Security, and Operations

Answer 74

Domain Generation Algorithm

Answer 75

Diffie-Hellman

Answer 76

Dynamic Host Configuration Protocol A protocol that provides an automated process of assigning IP addresses. Can also issue optional parameters such as DNS address, DNS suffix, Default Gateway, and subnet mask. Uses Ports 67 & 68 UDP

Answer 77

Diffie-Hellman Ephemeral A protocol for the secure exchange of encryption keys. The Ephemeral provides PFS (Perfect Forward Secrecy)

Answer 78

Domain Keys Identified Mail

Answer 79

Dynamic Link Library Is a binary package used to implement functionality, such as cryptography or establishing a network connection

Answer 80

Data Loss Prevention A hardware or software solution that prevents a certain type of information from being exfiltrated from a device or network. Data like PII (Personally Identifiable Information), credit card numbers, Social Security numbers, data that is sensitive using keywords. USB blocking is a form of DLP. Preventing this type of information from being printed is another protection.

Answer 81

Domain Message Authentication Reporting and Conformance Prevents phishing and spear phishing attacks against an organization's email server

Answer 82

Demilitarized Zone This is where you place your public-facing web servers. DMZ's are configured as one of the connections or legs on a firewall. Now referred to as a screened subnet

Answer 83

Distinguished Name

Answer 84

Destination Network Address Translation Also called "Port Forwarding", the router accepts requests from the Internet for an application, and then sends the request to a designated host and port within the DMZ.

Answer 85

Domain Name Service (Server) A service that maps / resolves host names to an IP address. Use Port 53 UDP for DNS queries, uses Port 53 TCP for Zone Transfers

Answer 86

Domain Name System Security Extensions A security protocol that provides authentication of DNS data and upholds DNS data integrity

Answer 87

Document Object Model

Answer 88

Denial of Service Is an attack that is one to one. Anything that can keep a device or user from accessing a service or information is a denial of service. One user flooding other user's accounts with email attachments until the email box is full, cut the network cable or power are just a few examples.

Answer 89

Data Privacy Officer

Answer 90

Device Provisioning Protocol

Answer 91

Distributed Reflection Denial of Service

Answer 92

Disaster Recovery Plan A step by step procedure to restore the organization to full functionality. This can be a failed web server, firewall, or some other critical component. The cause can be weather-related, man-made either intentional or accidental. Some items needed: 1. Inventory list of hardware and software 2. Contact info for DRP team members 3. Contact info for employees, suppliers, vendors, customers 4. Alternate site 5. Backups

Answer 93

Digital Signature Algorithm Public key encryption used for digital signatures. This is an asymmetric encryption method

Answer 94

Digital Subscriber Line

Answer 95

Domain Validation

Answer 96

Extensible Authentication Protocol EAP allows different authentication methods, most of using a digital certificate on the server and/or the client

Answer 97

EAP with Flexible Authentication via Secure Tunneling Does not require certificates

Answer 98

Extensible Authentication Protocol-Transport Layer Security Requires certificates on the clients and server

Answer 99

EAP-Tunneled TLS Requires certificates on the server only

Answer 100

EAP over LAN

Answer 101

Electronic Code Book Not recommended for use, uses the same key for every packet, break one key, you have the entire message

Answer 102

Elliptic Curve Cryptography Asymmetric encryption, used with wireless and mobile devices due to both have less processing power. ECC 128 is stronger than RSA 1024.

Answer 103

Elliptic Curve Diffie-Hellman Ephemeral A secure method of exchanging shared keys using PFS (Perfect Forward Secrecy)

Answer 104

Elliptic Curve Digital Signature Algorithm Uses ElGamal with an elliptical curve to implement a digital signature.

Answer 105

Endpoint Detection and Response A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats

Answer 106

Exposure Factor

Answer 107

Encrypted File System An NTFS public key encryption. On a Windows system, you have the ability to encrypt a single file or folder based on the user's credentials.

Answer 108

Enhanced Interior Gateway Routing Protocol

Answer 109

Extended Key Usage

Answer 110

Electromagnetic Interference

Answer 111

Enterprise Mobility Management

Answer 112

End of Life When systems or applications are no longer supported by the manufacturer or developer.

Answer 113

End of Service

Answer 114

End of Service Life

Answer 115

Endpoint Protection Platform

Answer 116

Enterprise Risk Management

Answer 117

Enterprise Resource Planning

Answer 118

Electronically Stored Information

Answer 119

Electronic Serial Number

Answer 120

Encapsulated Security Payload An IPSec protocol that does the same as for AH (Authentication Header), but also encrypts/encapsulates the entire payload/packet. Uses protocol # 50.

Answer 121

Extended Validation Certificate to prevent phishing attacks

Answer 122

File System Access Control List The file access control lists (FACLs) or simply ACLs are the list of additional user/groups and their permission to the file, on a Unix or Linux system.

Answer 123

False Acceptance Rate A Type II error. The ratio of when a biometric system authenticates an unauthorized user as an authorized user.

Answer 124

Fiber Channel High speed network communications protocol used to implement SANs

Answer 125

Full Disk Encryption This means that the entire contents of the drive (or volume), including system files and folders, are encrypted. Two methods are BitLocker and PGP Whole Disk Encryption. This is a software-based or an operating system encryption method. These methods are more CPU intensive processes.

Answer 126

Failure to Enroll Rate

Answer 127

Fast Identity Online

Answer 128

File Integrity Monitoring

Answer 129

Field Programmable Gate Array

Answer 130

Federal Information Processing Standards

Answer 131

False Rejection Rate Type I error. The ratio in which a biometric system rejects an authorized user.

Answer 132

Forensic Toolkit

Answer 133

File Transfer Protocol Uploads and downloads large files to and from an FTP server. FTP transmits data in plaintext. FTP active mode uses TCP port 21 for control and TCP port 20 for data transfer. FTP passive mode (PASV) also uses TCP port 21 for control signals, but it uses a random TCP port for data. If the user can connect to the FTP but not upload or download, disable PASV (passive mode)

Answer 134

Explicit FTP over TLS The client has the choice of using encryption or not for the file transfer

Answer 135

Secure File Transfer Protocol / FTP over SSL Ports 989 & 990 TCP, transfer in plain text or encrypted via "Explicit" mode, forced to use encryption is "Implicit" mode

Answer 136

Galois Counter Mode Provides confidentiality and authenticity of the data. This mode is used for authenticated encryption. GCM mode uses an IV (Initialization Vector) and that the IV is a nonce (number used once).

Answer 137

AES Galois Counter Mode Protocol

Answer 138

General Data Protection Regulation Provisions and requirements protecting the personal data of European Union (EU) citizens

Answer 139

Gnu Privacy Guard GPG is a free implementation of PGP (Pretty Good Privacy). GPG allows the user to encrypt and digitally sign your emails or data.

Answer 140

Group Policy Object Group Policy Object is a component of Group Policy (in Microsoft Active Directory) that can be used in Microsoft operating systems to control user accounts and user activity.

Answer 141

Global Positioning System GPS is a way of determining a device's position (its latitude and longitude) based on information received from GPS satellites. The device must have line-of-sight to the GPS satellites. GPS provides another means of locating the device.

Answer 142

Graphics Processing Unit

Answer 143

Generic Routing Encapsulation GRE is a tunneling protocol that encapsulates over an IP network. GRE uses protocol number 47. Used with PPTP and IPSec.

Answer 144

High Availability The key premise is that systems are resilient and redundant. HA is the percentage of uptime a system is able to maintain over a period of a year. For example, 99% would equal being down 3.65 per year of 14 minutes per day. The five 9's, 99.999%, would equal being down 5.25 minutes per year or .86 seconds per day.

Answer 145

Hard Disk Drive

Answer 146

Host-Based Intrusion Detection System

Answer 147

Host-Based Intrusion Prevention System

Answer 148

Hashed Message Authentication Code Hashing method provides integrity and authenticity of the message. Most often used with IPSec.

Answer 149

HMAC based One Time Password Provides PFS (Perfect Forward Secrecy), the password uses an incrementing counter, the password is valid until used.

Answer 150

Hardware Security Module Provides root of trust, stores cryptographic keys, can also work as an SSL accelerator

Answer 151

Hardware Security Module as a Service

Answer 152

Hypertext Markup Language

Answer 153

Hypertext Transfer Protocol Port 80 TCP, plaintext

Answer 154

Hypertext Transfer Protocol Secure Port 443 TCP, requires certificates and TLS

Answer 155

Heating, Ventilation, Air Conditioning Provides availability, important in data centers

Answer 156

Infrastructure as a Service This type of service you have the most control.

Answer 157

Infrastructure as Code A provisioning architecture in which deployment of resources is performed by scripted automation and orchestration

Answer 158

Identity and Access Management

Answer 159

Internet Control Message Protocol Suite containing ping, tracert, and pathping

Answer 160

Industrial Control Systems

Answer 161

International Data Encryption Algorithm Symmetric block cipher, uses XOR

Answer 162

Intermediate Distribution Frame

Answer 163

Identity Provider SAML uses an Identity Provider for the authentication assertion.

Answer 164

Intrusion Detection System Out-of-band. If anomaly, heuristic, or behavioral-based, need to establish a baseline first. Detects attacks and sends an alert.

Answer 165

Internet Key Exchange

Answer 166

Instant Messaging

Answer 167

Internet Message Access Protocol v4 Uses Port 143 TCP, retrieves email

Answer 168

Secure IMAP Port 993

Answer 169

Indicators of Compromise

Answer 170

Internet of Things IoT includes any connecting to the Internet that is not a PC, tablet, or laptop.

Answer 171

Intellectual Property

Answer 172

Internet Protocol

Answer 173

IP Address Management Software consolidating management of multiple DHCP and DNS services to provide oversight into IP address allocation across an enterprise network

Answer 174

IP Flow Information Export

Answer 175

Intrusion Prevention System IPS are in-band, either Signature-based or Anomaly-based.

Answer 176

Internet Protocol Security IPSec is used to secure data-in-transit. Works at Layer 3 of the OSI, and has two modes: transport and tunneling. In Transport mode, only the data is encrypted, not the header. in Tunnel mode, the packet and header are encrypted.

Answer 177

Incident Response

Answer 178

Internet Relay Chat

Answer 179

Incident Response Plan Specific procedures that must be performed if a certain type of event is detected or reported

Answer 180

Interconnection Security Agreement

Answer 181

Information Sharing and Analysis Center Not-for-profit group set up to share sector-specific threat intelligence and security best practices amongst its members

Answer 182

Instant Secure Erase

Answer 183

Internal Segmentation Firewall

Answer 184

Incident Service Provider

Answer 185

Information Systems Security Officer

Answer 186

IT Contingency Plan

Answer 187

Information Technology Infrastructure Library

Answer 188

Initialization Vector

Answer 189

Key Distribution Center

Answer 190

Key Encryption Key Encrypts the MEK (Media Encryption Key), which is generated from the user's password.

Answer 191

Layer 2 Tunneling Protocol Port 1701 UDP, uses IPSec

Answer 192

Linux, Apache, MySQL, PHP / Perl / Python

Answer 193

Local Area Network

Answer 194

Lightweight Directory Access Protocol Port 389 TCP, plaintext

Answer 195

Secure Lightweight Directory Access Protocol Port 636 TCP, requires PKI/CA, uses TLS

Answer 196

Lightweight Extensible Authentication Protocol Does not require certificates, deprecated & replaced with EAP-FAST

Answer 197

Monitoring as a Service

Answer 198

Mandatory Access Control Resources (objects) and users (subjects) are allocated a clearance level (or label), or a "need to know" basis

Answer 199

Media Access Control

Answer 200

Message Authentication Code Proving the integrity and authenticity of a message by combining its hash with a shared secret

Answer 201

Metropolitan Area Network

Answer 202

Master Boot Record

Answer 203

Message Digest 5 Hashing algorithm, 128 bit, fastest, provides an integrity check. Not recommended, prone to collisions.

Answer 204

Main Distribution Frame

Answer 205

Mobile Device Management The process and supporting technologies for tracking, controlling, and securing the organization's mobile infrastructure

Answer 206

Mission Essential Function

Answer 207

Multifactor Authentication Two or more factors from the following: 1. Something you know 2. Something you have 3. Something you are 4. Something you do 5. Somewhere you are or are not

Answer 208

Multifunction Device

Answer 209

Multifunction Printer

Answer 210

Man-in-the-Browser

Answer 211

Man in the Middle

Answer 212

Machine Learning

Answer 213

Multimedia Message Service

Answer 214

Memorandum of Agreement

Answer 215

Memorandum of Understanding

Answer 216

Multiprotocol Label Switching

Answer 217

Measurement Systems Analysis

Answer 218

Microsoft Challenge-Handshake Authentication Protocol

Answer 219

Managed Service Provider

Answer 220

Managed Security Service Provider

Answer 221

Mean Time Between Failures The system can be repaired, the reliability of the system, need a redundant/fail-over system while the system is being repaired

Answer 222

Maximum Tolerable Downtime

Answer 223

Mean Time to Failure Life expectancy of a system, cannot be repaired

Answer 224

Mean Time to Repair The actual time it took to bring a system back online

Answer 225

Maximum Transmission Unit

Answer 226

Network Access Control

Answer 227

Network-attached Storage

Answer 228

Network Address Translation Many internal IP addresses mapped to one external IP address.

Answer 229

Non-disclosure Agreement

Answer 230

Network Function Virtualization

Answer 231

Next-generation Firewall

Answer 232

Next-generation Secure Web Gateway

Answer 233

Network Interface Card

Answer 234

Network-based Intrusion Detection System NIDS can also perform rogue system detection.

Answer 235

Network-based Intrusion Prevention System

Answer 236

National Institute of Standards and Technology

Answer 237

Network Operations Center

Answer 238

Network Operating System

Answer 239

New Technology LAN Manager

Answer 240

Network Time Protocol

Answer 241

Open Authorization

Answer 242

Online Certificate Status Protocol

Answer 243

Object Identifier

Answer 244

Open ID Connect

Answer 245

Operating System

Answer 246

Open Systems Interconnection

Answer 247

Open Source Intelligence

Answer 248

Open Shortest Path First

Answer 249

Operational Technology

Answer 250

Open Vulnerability Assessment Language

Answer 251

Open Web Application Security Project

Answer 252

Peer to Peer

Answer 253

Platform as a Service

Answer 254

Proxy Auto Configuration

Answer 255

Privileged Access Management

Answer 256

Pluggable Authentication Module

Answer 257

Password Authentication Protocol

Answer 258

Port Address Translation

Answer 259

Password Based Key Derivation Function 2

Answer 260

Private Branch Exchange

Answer 261

Packet Capture

Answer 262

Payment Card Industry Data Security Standard

Answer 263

Power Distribution Unit

Answer 264

Protected Extensible Authentication Protocol

Answer 265

Personal Electronic Device

Answer 266

Privacy-enhanced Electronic Mail

Answer 267

Perfect Forward Secrecy

Answer 268

Personal Information Exchange

Answer 269

Pretty Good Privacy Asymmetric encryption for email

Answer 270

Personal Health Information

Answer 271

Personally Identifiable Information

Answer 272

Personal Identification Number

Answer 273

Personal Identity Verification

Answer 274

Public Key Cryptography Standards

Answer 275

Public Key Infrastructure

Answer 276

Programmable Logic Controller

Answer 277

Port-based Network Access Control

Answer 278

Post Office Protocol

Answer 279

Secure POP Port 995

Answer 280

Point-of-Sale

Answer 281

Plain Old Telephone Service

Answer 282

Point-to-Point Protocol

Answer 283

Point-to-Point Tunneling Protocol

Answer 284

Pre-Shared Key Password or passphrase

Answer 285

Pass the Hash

Answer 286

Pan-Tilt-Zoom

Answer 287

Potentially Unwanted Program

Answer 288

Quality Assurance

Answer 289

Quality of Servce

Answer 290

Recovery Agent

Answer 291

Registration Authority

Answer 292

Research and Development in Advanced Communications Technologies in Europe

Answer 293

Rapid Application Development

Acronyms + Description Flashcards

(323 cards)