All Acronyms Flashcards

Question

BYOD

Answer 1

bring your own device

Answer 2

certificate authority

Answer 3

common access card

Answer 4

completely automated public turing test to tell computers and humans apart

Answer 5

corrective action report

Answer 6

cloud access security broker

Answer 7

cipher block chaining

Answer 8

computer based training

Answer 9

counter-mode/CBC-Mac Protocol

Answer 10

closed-circuit television

Answer 11

computer emergency response team

Answer 12

cipher feedback

Answer 13

challenge handshake authentication protocol

Answer 14

chief information officer

Answer 15

computer incident response team

Answer 16

center for internet security

Answer 17

content management system

Answer 18

continuity of operation planning

Answer 19

corporate owned personal enabled

Answer 20

contingency planning

Answer 21

cyclical redundancy check

Answer 22

certificate revocation list

Answer 23

chief security officer

Answer 24

cloud service provider

Answer 25

certificate signing request

Answer 26

cross-site request forgery

Answer 27

channel service unit

Answer 28

counter-mode

Answer 29

chief technology officer

Answer 30

common vulnerabilities and exposures

Answer 31

common vulnerability scoring system

Answer 32

choose your own device

Answer 33

discretionary access control

Answer 34

database administrator

Answer 35

distributed denial of service

Answer 36

data execution prevention

Answer 37

distinguished encoding rules

Answer 38

digital encryption standard

Answer 39

dynamic host configuration protocol

Answer 40

domain keys identified mail

Answer 41

dynamic link library

Answer 42

data loss prevention

Answer 43

domain message authentication reporting and conformance

Answer 44

demilitarized zone

Answer 45

destination network address transaction

Answer 46

domain name system security extensions

Answer 47

denial of service

Answer 48

data privacy officer

Answer 49

disaster recovery plan

Answer 50

digital signature algorithm

Answer 51

digital subscriber line

Answer 52

extensible authentication protocol

Answer 53

electronic code book

Answer 54

elliptic curve cryptography

Answer 55

elliptic curve diffie-hellman ephemeral

Answer 56

elliptic curve digital signature algorithm

Answer 57

endpoint detection and response

Answer 58

encrypted file system

Answer 59

end of life

Answer 60

end of service

Answer 61

enterprise resource planning

Answer 62

electronic serial number

Answer 63

encapsulated security payload

Answer 64

file system access control list

Answer 65

full disk encryption

Answer 66

field programmable gate array

Answer 67

false rejection rate

Answer 68

file transfer protocol

Answer 69

secured file transfer protocol (uses SSL/TLS)

Answer 70

galois counter mode

Answer 71

general data protection regulation

Answer 72

gnu privacy guard

Answer 73

group policy object

Answer 74

global positioning system

Answer 75

graphics processing unit

Answer 76

generic routing encapsulation

Answer 77

high availability

Answer 78

hard disk drive

Answer 79

host-based intrusion detection system

Answer 80

host-based intrusion prevention system

Answer 81

hashed message authentication code

Answer 82

HMAC based one time password

Answer 83

hardware security module

Answer 84

hypertext markup language

Answer 85

hypertext transfer protocol

Answer 86

hypertext transfer protocol secure (over SSL/TLS) (secures entire communication session)

Answer 87

heating, ventilation, air conditioning

Answer 88

infrastructure as a Service

Answer 89

internet control message protocol

Answer 90

industrial control systems

Answer 91

international data encryption algorithm

Answer 92

intermediate distribution frame

Answer 93

identity provider

Answer 94

intrusion detection system

Answer 95

institute of electrical and electronics engineers

Answer 96

internet key exchange

Answer 97

instant messaging

Answer 98

internet message access protocol v4

Answer 99

indicators of compromise

Answer 100

internet of things

Answer 101

internet protocol

Answer 102

internet protocol security (secure tunneling layer 4 transport)

Answer 103

incident response

Answer 104

internet relay chat

Answer 105

incident response plan

Answer 106

international organization for standardization

Answer 107

internet service provider

Answer 108

information systems security officer

Answer 109

IT contingency plan

Answer 110

initialization vector

Answer 111

key distribution center

Answer 112

key encryption key

Answer 113

layer 2 tunneling protocol

Answer 114

local area network

Answer 115

lightweight directory access protocol

Answer 116

lightweight extensible authentication protocol

Answer 117

Monitoring as a Service

Answer 118

mandatory access control

Answer 119

media access control

Answer 120

message authentication code

Answer 121

mobile application management

Answer 122

metropolitan area network

Answer 123

master boot record

Answer 124

message digest 5

Answer 125

main distribution frame

Answer 126

mobile device management

Answer 127

multi-factor authentication

Answer 128

multi-function device

Answer 129

multi-function printer

Answer 130

man in the middle

Answer 131

machine learning

Answer 132

multimedia message service

Answer 133

memorandum of agreement

Answer 134

memorandum of understanding

Answer 135

multi-protocol label switching

Answer 136

measurement systems analysis

Answer 137

Microsoft challenge handshake authentication protocol

Answer 138

managed service provider

Answer 139

managed security service provider

Answer 140

mean time between failures

Answer 141

mean time to failure

Answer 142

mean time to recover

Answer 143

maximum transmission unit

Answer 144

network access control

Answer 145

network attached storage

Answer 146

network address translation

Answer 147

non-disclosure agreement

Answer 148

near field communication

Answer 149

network functions virtualization

Answer 150

network interface card

Answer 151

network based intrusion detection system

Answer 152

network based intrusion prevention system

Answer 153

national institute of standards and technology

Answer 154

new technology file system

Answer 155

new technology LAN manager

Answer 156

network time protocol

Answer 157

open authorization

Answer 158

online certificate status protocol

Answer 159

object identifier

Answer 160

operating system

Answer 161

open systems interconnection

Answer 162

open source intelligence

Answer 163

open shortest path first

Answer 164

operational technology

Answer 165

over the air

Answer 166

open vulnerability assessment language

Answer 167

open web application security project

Answer 168

peer to peer

Answer 169

platform as a service

Answer 170

proxy auto configuration

Answer 171

privileged access management

Answer 172

tester possesses complete knowledge of the target environment, its architecture, design, and source code

Answer 173

gives the tester partial knowledge - some information about the system's inner workings, but don't have access to all data and documents. test strikes a balance (view between an insider and an external attacker)

Answer 174

executed without any prior knowledge of the target knowledge. tester approaches the system from the outside (like an external attacker) with no insight to the system's inner workings.

Answer 175

involves observing and analyzing system operations without active engagement or intrusion. it's more about understanding the system behaviors rather than identifying specific vulnerabilities.

Answer 176

pluggable authentication modules

Answer 177

password authentication protocol

Answer 178

port address translation

Answer 179

password based key derivation function 2

Answer 180

private branch exchange

Answer 181

packet capture

Answer 182

payment card industry data security standard

Answer 183

power distribution unit

Answer 184

protected extensible authentication protocol

Answer 185

personal electronic device

Answer 186

privacy enhanced mail

Answer 187

perfect forward secrecy

Answer 188

personal information exchange

Answer 189

pretty good privacy

Answer 190

personal health information

Answer 191

personally identifiable information

Answer 192

personal identity verification

Answer 193

public key cryptography standards

Answer 194

public key infrastructure

Answer 195

post office protocol

Answer 196

plain old telephone service

Answer 197

point-to-point protocol

Answer 198

point-to-point tunneling protocol

Answer 199

pre-shared key

Answer 200

pan-tilt-zoom

Answer 201

quality assurance

Answer 202

quality of service

Answer 203

potentially unwanted program

Answer 204

recovery agent

Answer 205

registration authority

Answer 206

research and development in advanced communications technologies in europe

Answer 207

rapid application development

Answer 208

remote authentication dial-in user server

Answer 209

redundant array of inexpensive disks

Answer 210

random access memory

Answer 211

remote access server

Answer 212

remote access trojan

Answer 213

Rivest cipher v4

Answer 214

rich communication services

Answer 215

request for comments

Answer 216

radio frequency identifier

Answer 217

RACE integrity primitives evaluation message digest

Answer 218

return on investment

Answer 219

recovery point objective

Answer 220

rivest, shamir, & adleman

Answer 221

remote triggered black hole

Answer 222

recovery time objective

Answer 223

real-time operating system

Answer 224

real-time transport protocol

Answer 225

secure/multipurpose internet mail extensions

Answer 226

software as a service

Answer 227

simultaneous authentication of equals

Answer 228

security assertions markup language

Answer 229

storage area network

Answer 230

subject alternative name

Answer 231

system control and data acquisition

Answer 232

security content automation protocol

Answer 233

simple certificate enrollment protocol

Answer 234

software development kit

Answer 235

software development life cycle

Answer 236

software development life cycle methodology

Answer 237

software defined networking

Answer 238

software defined visibility

Answer 239

self-encrypting drives

Answer 240

structured exception handler

Answer 241

secured file transfer protocol (uses SSH)

Answer 242

secure hashing algorithm

Answer 243

secure hypertext transfer protocol (secures individual messages) (largely obsolete)

Answer 244

security information and event management

Answer 245

subscriber identity module

Answer 246

session initiation protocol

Answer 247

service level agreement

Answer 248

single loss expectancy

Answer 249

secure/multipurpose internet mail exchanger

Answer 250

short message service

Answer 251

simple mail transfer protocol

Answer 252

simple mail transfer protocol secure

Answer 253

simple network management protocol

Answer 254

simple object access protocol

Answer 255

security orchestration, automation, response

Answer 256

system on chip

Answer 257

security operations center

Answer 258

sender policy framework

Answer 259

spam over internet messaging

Answer 260

structured query language

Answer 261

SQL injection

Answer 262

secure real-time protocol

Answer 263

solid state drive

Answer 264

secure shell

Answer 265

secure sockets layer

Answer 266

single sign on

Answer 267

structured threat information exchange

Answer 268

shielded twisted pair

Answer 269

secure web gateway

Answer 270

terminal access controller access control system +

Answer 271

trusted automated eXchange of indicator information

Answer 272

transmission control protocol/internet procotol

Answer 273

ticket granting ticket

Answer 274

temporal key integrity protocol

Answer 275

transport layer security

Answer 276

time-based one time password

Answer 277

trusted platform module

Answer 278

transaction signature

Answer 279

tactics, techniques, and procedures

Answer 280

user acceptance testing

Answer 281

unmanned aerial vehicle

Answer 282

user datagram protocol

Answer 283

unified extensible firmware interface

Answer 284

unified endpoint management

Answer 285

uninterruptible power supply

Answer 286

uniform resource identifier

Answer 287

universal resource locator

Answer 288

universal serial bus

Answer 289

unified threat management

Answer 290

unshielded twisted pair

Answer 291

visual basic

Answer 292

virtual desktop environment

Answer 293

virtual desktop infrastructure

Answer 294

virtual local area network

Answer 295

variable length subnet masking

Answer 296

virtual machine

Answer 297

voice over IP

Answer 298

virtual private cloud

Answer 299

virtual private network

Answer 300

video teleconferencing

Answer 301

web application firewall

Answer 302

wireless access point

Answer 303

wired equivalent privacy

Answer 304

wireless intrusion detection system

Answer 305

wireless intrusion prevention system

Answer 306

write once read many

Answer 307

WiFi protected access

Answer 308

WiFi protected setup

Answer 309

wireless TLS

Answer 310

anything as a service

Answer 311

extensible markup language

Answer 312

exclusive or

Answer 313

cross-site request forgery

Answer 314

cross-site scripting

Answer 315

presentation

Answer 316

application

Answer 317

connectionless (no handshake) unreliable (does not guarantee delivery or order) faster (due to lack of reliability overhead) video and audio streaming (online gaming)

Answer 318

connection-oriented (requires handshake) reliable (guarantees delivery and order) slower (due to reliability mechanisms) web browsing, email, file transfer

Answer 319

network authentication standard that uses Extensible Authentication Protocol (EAP) to verify and grant access to network ports

Answer 320

FTP file transfer protocol 20 used to transfer files (data port) 21 is control port TCP

Answer 321

SSH secure shell designed to transmit data through a remote connection TCP

Answer 322

telnet for unencrypted text communications TCP

Answer 323

SMTP simple mail transfer protocol internet mail protocol used to send outgoing mail from email clients to mail servers TCP

Answer 324

WHOIS provides domain level information TCP/UDP

Answer 325

43 TCP/UDP

Answer 326

TACACS+ CISCO proprietary protocol used for AAA services TCP

Answer 327

DNS Domain Name System used to associate IP addresses with domain names UDP

Answer 328

DHCP dynamic host configuration protocol network management protocol is used to assign multiple local private IP addresses from one public IP address UDP

Answer 329

TFTP trivial file transfer protocol UDP

Answer 330

HTTP hypertext transfer protocol protocol used for websites and most internet traffic TCP

Answer 331

Kerberos network authentication protocol that allows for communication over a non-secure network. primarily uses UDP but can use TCP TCP/UDP

Answer 332

88 TCP/UDP

Answer 333

POP post office protocol email protocol that allows email clients to communicate with email servers. POP provides only one-way communication. TCP

Answer 334

NTP network time protocol low latency protocol used to synchronize timekeeping across a network UDP

Answer 335

SMB server message block windows proprietary protocol built on NetBIOS. allows users to remotely access servers. UDP

Answer 336

IMAP internet message access protocol email protocol used by email clients to communicate with email servers. provides two-way communication unlike POP TCP

Answer 337

143/993 TCP

Answer 338

SNMP simple network management protocol protocol used to monitor and manage network devices on IP networks UDP

Answer 339

161/162 UDP

Answer 340

BGP border gateway protocol TCP

Answer 341

LDAP lightweight directory access protocol used to manage and communicate with directories UDP

Answer 342

HTTPS hypertext transfer protocol secure secure version of HTTP that uses TLS for encryption. Most websites use HTTPS instead of HTTP TCP

Answer 343

IPSec using ISAKMP (internet security association and key management protocol) UDP

Answer 344

syslog syslog protocol, for collecting and organizing all of the log files sent from the various devices on a network UDP

Answer 345

SMTPS simple mail transfer protocol secure secure version of SMTP. uses TLS TCP

Answer 346

LDAPS LDAP secure that uses TLS TCP

Answer 347

FTPS FTP secure uses TLS. It can run on 20/21 but sometimes allocated to 989/990 TCP

Answer 348

989/990 TCP

Answer 349

IMAPS IMAP secure that uses TLS TCP

Answer 350

POP3S POP3 secure that uses TLS TCP

Answer 351

SQL Server

Answer 352

RADIUS remote authentication dial-in user service used to provide AAA for network services UDP

Answer 353

1812/1813 UDP

Answer 354

MySQL DB system TCP

Answer 355

RDP Remote Desktop Protocol Windows proprietary protocol that enables remote connections to other computers. TCP

Answer 356

Diameter developed as an upgrade to RADIUS TCP

Answer 357

SRTP secure real time protocol replaced RTP and is a protocol used to stream audio/video communication using UDP

Answer 358

PostgreSQL

Answer 359

AES DES 3DES RC4 Blowfish/Twofish

Answer 360

RSA DSA Diffie-Hellman ECC PGP

Answer 361

MD5 SHA HMAC RIPEMD

Answer 362

corporate owned personally enabled deployment model, the company provides devices to employees and allows them to use for corporate and personal uses

Answer 363

corporate owned business only (dont ask me why) deployment model, the company provides devices to employees and allows them to use for corporate use only

Answer 364

bring your own device employee can use their own personal device for work and personal use

Answer 365

choose your own device employee choose from a list of approved devices provided by the company

Answer 366

hardware security module a physical computing device that safeguards and manages digital keys for strong authentication

Answer 367

trusted platform module hardware-based storage system that contains keys, digital certs, hashed passwords, and many other types of info used for authentication

Answer 368

total cost of ownership

Answer 369

capital expenditure

Answer 370

return on investment

Answer 371

web content filtering

Answer 372

encrypts the entire physical drive

Answer 373

encrypts entire databases

Answer 374

encrypts specific files or folders

Answer 375

encrypts a specific volume or virtual drive

Answer 376

a form of backup that involves recording all transactions in a system

Answer 377

involves making a complete copy of all data in the system

Answer 378

saves only the changes made since the last backup, whether that was a full or another incremental backup

Answer 379

capture all changes made since the last full backup

Answer 380

allow users to decide when to change their password block common passwords like dictionary words disallow the use of the username within the password

Answer 381

helps in reducing false positives, enhancing the accuracy of the alerting systems

Answer 382

is a method that assesses URLs in real-time, helping organizations prevent access to malicious or inappropriate websites

Answer 383

is a period when a system is unavailable or its performance is degraded, often due to planned maintenance or unforeseen incidents

Answer 384

the act of stopping and then starting a service, often to apply changes or updates

Answer 385

is a formalized procedure to ensure changes are reviewed and approved before implementation. This is a process but does not specifically define the time a system is unavailable

Answer 386

is a predefined time frame during which system changes or updates are applied to minimize disruption to business operations. This indicates when changes may occur but does not specifically define the period of system unavailability

Answer 387

file integrity monitoring

Answer 388

simulations, on the other hand, are team-based, with one team acting as intruders and the other responding to the threat. Moderators enforce the rules, and these exercises are more extensive than tabletop exercises.

Answer 389

tabletop exercises begin with a scenario, where participants discuss how they would respond. These are discussion-based and don’t require technology. In this case, the team is discussing solutions to a scenario, making it a tabletop exercise

Answer 390

functional exercise involves real-time simulations where teams actively use tools, processes, and communication, making it more hands-on compared to tabletop exercises.

Answer 391

live drill involves real systems and environments in real-time to simulate events like a cyberattack, requiring immediate, hands-on responses. Since the Data Core team is only discussing the scenario, this is not a live drill, simulation, or functional exercise, but a tabletop exercise

Answer 392

tokenization is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token. The token and the data it substitutes are stored in a secure database. If the original data is needed, it can be accessed using the token and querying the database. The token will be a different size and have a different structure than the original data so the token can’t be used to decipher the original data

Answer 393

steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video.

Answer 394

data masking is a method to de-identify some or all characters in a sequence, but not changing the total number of characters that a field should contain. The masked version will be structurally the same, but the data will be hidden. Changing the letters or numbers entered into a password field with dots is an example of data masking. Data that is masked will have the same number of characters as the original data, not a smaller set

Answer 395

risk acceptance means that an organization understands the level of risk that in involved in an activity and is willing to accept the outcomes of taking the risk. The risk is either accepted or not, there aren't levels of risk acceptance. In this case they are not making a decision about a level of risk for a specific activity

Answer 396

risk appetite refers to an organization's willingness to take on risk in pursuit of its business objectives. It reflects the organization's strategic approach to risk and how much risk it is willing to undertake to achieve specific goals

Answer 397

risk tolerance is the extent to which an organization is comfortable with the level of risk it is willing to take. It represents the organization's ability to withstand potential losses or disruptions

Answer 398

strategies designed to discourage potential attackers from carrying out cyberattacks by making them perceive the risks and costs outweigh the potential benefits

Answer 399

Physical security controls are measures that involve protecting an organization’s physical assets. These controls can include security cameras, locks, and security badges

Answer 400

Operational security controls are measures that involve the day-to-day operations of an organization’s security. These controls can include backup and recovery procedures, configuration management, media protection, and log monitoring

Answer 401

Managerial security controls are measures that involve directing and overseeing the overall security of an organization. These controls can include risk assessments, security awareness training, incident response planning, and service acquisition

Answer 402

Technical security controls are measures that are put in place to protect the confidentiality, integrity, and availability of a system or network. These controls can include firewalls, intrusion detection/prevention systems, encryption, and access controls.

Answer 403

Secure boot with signature verification ensures that a device only runs software or firmware signed by a trusted entity, preventing unauthorized or malicious firmware images from being loaded

Answer 404

is a security vulnerability typically found in web applications, enabling attackers to inject malicious scripts into websites viewed by other users, potentially leading to a variety of malicious activities

Answer 405

Buffer overflows occur when a program writes more data to a block of memory, or buffer, than it was allocated for, which can lead to various issues, including the potential execution of arbitrary code

Answer 406

Side loading refers to the practice of installing applications on a device without using the official app store, which can lead to various security concerns, including the installation of malicious software

Answer 407

are a type of vulnerability that arises when the interaction between users and cloud services through interfaces and APIs is not secure, exposing systems to potential unauthorized access and manipulation of data

Answer 408

KRIs are metrics that provide early warnings of increasing risk exposures, enabling organizations' leadership to manage these risks proactively

Answer 409

is the defined level of risk an organization is willing to accept, not a predictive indicator

Answer 410

are quantitative measures of risk but do not specifically refer to the predictive indicators used for monitoring potential risks

Answer 411

are specific variables used within risk assessment processes, not predictive indicators

Answer 412

statement of work specifies the detailed scope of work, tasks, deliverables, timelines, and costs for a specific project or engagement with the vendor

Answer 413

Memorandum of agreement (MOA) typically outlines a broader understanding or collaboration between parties, but it may not necessarily include specific services, timelines, and costs as in this context

Answer 414

Service-level agreement (SLA) is a specific type of agreement that defines the level of service expected from the vendor, including performance metrics, response times, and other service-related terms

Answer 415

Master Service Agreement is a comprehensive contract that sets forth the general terms and conditions that will govern multiple future engagements between the parties. It may reference specific work orders or statements of work for individual projects

Answer 416

involves creating a fabricated scenario, such as the described urgent meeting, to deceive the target into providing desired information or performing an action

Answer 417

is a type of phishing attack that specifically targets high-profile employees, like executives or CEOs, to steal sensitive information

Answer 418

involves attempting all possible combinations of passwords or encryption keys until the correct one is found. This scenario doesn't involve this kind of attack method at all

Answer 419

refers to the duplication of items such as badges, access cards, or even digital identities. It's about copying something authentic to gain unauthorized access, rather than fabricating a scenario

Answer 420

is used in qualitative risk analysis to subjectively describe how probable a risk event is, often expressed in terms such as "low," "medium," or "high."

Answer 421

is a quantitative measure, usually expressed as a number between 0 and 1, or as a percentage, indicating the statistical likelihood of a risk event

Answer 422

exposure factor (EF) is the fraction of the asset value that is at risk in the event of a security incident.

Answer 423

may determine how serious an impact might be but does not directly relate to the probability of an event occurring

Answer 424

systematically classifies websites based on their overall theme, making it easier to block access to unsuitable or irrelevant categories of web content

Answer 425

primarily focus on blocking or allowing traffic based on IP addresses and ports, not necessarily the thematic content of websites

Answer 426

involves redirecting users from legitimate websites to fraudulent ones designed to steal sensitive information. It's a technique used in cyberattacks that manipulate the DNS system or exploit vulnerabilities in browsers

Answer 427

(voice phishing) is a form of social engineering where the attacker uses telephone services to trick individuals into providing personal information, such as passwords or credit card numbers.

Answer 428

refers to phishing attacks conducted through SMS text messages rather than voice calls. Attackers send deceitful text messages to trick individuals into disclosing personal information

Answer 429

type of online fraud where criminals attempt to trick individuals into revealing sensitive information like passwords, credit card details, or personal information

Answer 430

a type of phishing attack that targets a specific individual, group or organization

Answer 431

operates in memory, often leveraging legitimate system tools to evade detection. It might adjust registry values for persistence and can run within its own process or use tools like PowerShell to achieve its objectives.

Answer 432

A worm self-replicates to spread across networks

Answer 433

refers to unnecessary or unwanted software that comes pre-installed on a device

Answer 434

developing strategies and procedures to ensure an organization can continue operations, especially after a cyberattack or other disruptive incident

Answer 435

Classification ensures that assets are labeled with appropriate access levels, limiting unauthorized access to sensitive information. This process allows organizations to implement access controls, reducing the risk of data breaches and ensuring data security. Although classification documentation can support financial tracking and budget allocation, its main purpose is access control and data protection. Assigning classifications to individuals or departments may enhance accountability, but accountability alone is not the focus of classification

Answer 436

is a comprehensive record that lists all identified risks, their potential impacts, assigned risk owners, and current risk status. It serves as a central repository for tracking and monitoring risks over time.

Answer 437

assesses the potential consequences of specific risks on critical business functions, helping prioritize risk response efforts

Answer 438

is the initial step in the risk management process, involving the identification, analysis, and evaluation of potential risks

Answer 439

involves the regular communication and documentation of identified risks, their potential impact, and risk management strategies to relevant stakeholdersl

Answer 440

is the first step in the risk management process. It involves identifying potential threats and vulnerabilities that could pose a risk to an organization's assets or operations

Answer 441

Log aggregation collects and normalizes log data from various sources to make it easier to analyze is essential for collecting, normalizing, and centralizing log data from various sources, such as network devices, servers, and applications. This centralized approach enables comprehensive analysis and detection of security incidents, providing valuable insights into potential security threats and breaches. While log aggregation makes it easier for analysts to view the data, aggregation doesn't involve analysis, only collection and centralization.

Answer 442

is a fake file or set of files designed to appear valuable or sensitive in order to attract attackers

Answer 443

network of honeypots designed to simulate a real network and attract attackers

Answer 444

is a fake piece of data, such as a username or password, designed to appear valuable or sensitive in order to attract attackers

Answer 445

a cybersecurity mechanism that uses a manufactured attack target to lure cybercriminals away from legitimate targets and gather intelligence about their identity, methods, and motivations

Answer 446

BPA is a contractual agreement between two business entities that outlines their collaborative efforts, roles, and responsibilities in a specific business venture or partnership

Answer 447

NetFlow can identify the source and destination of traffic, making it easier to spot potential threats NetFlow can help with capacity planning and understanding network performance issues NetFlow helps provide an understanding of network traffic flow, enhancing security by identifying unusual patterns NetFlow allows for the visualization of flow patterns. It is up to the security analyst to interpret the data and identify a type of network attack. The ability to identify the source and destination of traffic is a core aspect of NetFlow. This information can be critical in identifying potential threats and sources of security breaches

Answer 448

involves confirming the authenticity of an individual's claimed identity through various verification methods

Answer 449

is a symmetric encryption standard used to protect data at rest and in transit, ensuring confidentiality and security

Answer 450

is a specific construction for creating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret key, rather than for encryption purposes

Answer 451

is a set of cryptographic hash functions designed to ensure data integrity, not to encrypt data

Answer 452

is an asymmetric encryption standard typically used for secure data transmission, not specifically for data at rest

Answer 453

involves precomputed hash values to decrypt passwords, rather than directly attempting logins across accounts

Answer 454

pertains to a threat actor's proficiency in devising new exploit techniques and tools. It can range from using commonly found attack tools to creating zero-day exploits in various systems. Those with the highest capabilities can even deploy non-cyber tools, such as political or military assets.

Answer 455

relates to the level of intricacy and advancement of a threat actor's methods and tools, but does not directly address their skill in crafting novel exploits. While resources can aid in bolstering a threat actor's capabilities, this term primarily refers to the tools and personnel that a threat actor can access or utilize.

Answer 456

It specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS).[

Answer 457

provides best practice recommendations on information security controls for use by those responsible for initiating, implementing or maintaining information security management systems (ISMS).

Answer 458

is a security standard developed for cloud service providers and users to make a safer cloud-based environment and reduce the risk of security problems

Answer 459

Digital Identity Guidelines

Answer 460

emulates realworld adversarial techniques/entities

Answer 461

acts as real world defense against adversarial techniques/entities

Answer 462

Black hat hackers are criminals who break into computer networks with malicious intent. They may also release malware that destroys files, holds computers hostage, or steals passwords, credit card numbers, and other personal information. Black hats are motivated by self-serving reasons, such as financial gain, revenge, or simply to spread havoc. Sometimes their motivation might be ideological, by targeting people they strongly disagree with.

Answer 463

White hat hackers use their capabilities to uncover security failings to help safeguard organizations from dangerous hackers. They can sometimes be paid employees or contractors working for companies as security specialists who attempt to find gaps in security. White hat hackers are one reason large organizations typically have less downtime and experience fewer issues with their websites. Most hackers know it will be harder to get into systems managed by large companies than those operated by small businesses that probably don't have the resources to examine every possible security leak. A subset of ethical hackers includes penetration testers or "pentesters,” who focus specifically on finding vulnerabilities and assessing risk within systems.

Answer 464

Gray hat hackers may sometimes violate laws or usual ethical standards, but they do not have the malicious intent typical of a black hat hacker. When a white hat hacker discovers a vulnerability, they will exploit it only with permission and not tell others about it until it has been fixed. In contrast, the black hat will illegally exploit it or tell others how to do so. The gray hat will neither illegally exploit it nor tell others how to do so.

Answer 465

The Sarbanes-Oxley Act is a US legislation that mandates various practices to protect investors by improving the accuracy and reliability of corporate financial statements and disclosures

Answer 466

GDPR (General Data Protection Regulation) is a European Union regulation that pertains to the protection of personal data and its processing, ensuring that entities collect and use such data fairly and transparently

Answer 467

FISMA (Federal Information Security Management Act) aims to govern the security of data processed by federal government agencies, but it doesn't specifically focus on financial transparency and accountability

Answer 468

also known as domain theft, refers to the act of changing the registration of a domain name without the permission of its original registrant. It results in the domain pointing to a different location, often with malicious intent

Answer 469

ARP spoofing is a type of attack where an attacker sends fake Address Resolution Protocol (ARP) messages onto a local network. This is unrelated to domain registration or DNS

Answer 470

DNS poisoning involves altering or adding records to a DNS server, redirecting domain's traffic to a different IP address. While it can result in redirection, it doesn't involve changing the domain's registration details

Answer 471

Switches enhance network security by creating separate collision domains for devices on different switch ports, isolating network traffic and preventing unauthorized access to data. By forwarding data based on MAC addresses, switches ensure efficient, secure transmission within each department's network segment

Answer 472

Unified Extensible Firmware Interface UEFI provides the code that allows a host system to boot an OS and can enforce various boot integrity checksUEFI provides the code that allows a host system to boot an OS and can enforce various boot integrity checks

Answer 473

Hardware Root of Trust RoT can provide attestation and verify the signatures of boot metrics and OS files, it doesn't provide the code to boot the OS

Answer 474

where permissions are dynamically evaluated based on attributes like job role, department, location, and time, enabling fine-grained, context-aware access

Answer 475

relies solely on predefined roles

Answer 476

is broader, encompassing various mechanisms but lacking the dynamic attribute combination of ABAC

Answer 477

is a type of malware that allows a cybercriminal to remotely control and monitor an infected computer or device

Answer 478

Spyware can perform various covert activities like tracking, taking screenshots, activating recording devices, and even redirecting DNS to farming sites. The employees' experiences align with the characteristics of spyware

Answer 479

A committee governance structure involves forming a group with representatives from different departments or units within the organization. This approach allows for a collective decision-making process, leveraging expertise and perspectives from various parts of the company. By pooling insights from diverse sectors, the committee can ensure that decisions are holistic, considerate of multiple facets of the business, and are thus more likely to contribute to effective and efficient operations. It promotes collaboration, shared responsibility, and balanced power distribution in organizational governance.

Answer 480

relies on a strict top-down approach, where decisions are made at the higher levels and passed down to the lower levels for execution. This can sometimes lead to a disconnect between the decision-makers and those affected by the decisions on the ground

Answer 481

Board governance is typically associated with the oversight and decision-making of an organization's board of directors, which is responsible for high-level strategic decisions and governance oversight but may not involve decision-making power distribution across different departments or units

Answer 482

concentrates decision-making power in a single authority or department, where all major decisions are made by a central entity, often top-level management

Answer 483

Systems monitoring evaluates the hardware, operating systems, and essential services that applications run on but not the broader foundational structures of IT.

Answer 484

Infrastructure monitoring is focused on ensuring the foundational IT components, like servers, data centers, and networking equipment, are both functional and secure

Answer 485

Application monitoring pertains to overseeing individual software solutions and ensuring their security and performance

Answer 486

SDN Software-defined networking (SDN) is a network technology that separates the control plane from the data plane, allowing for more flexibility and automation in network management. The control plane provides the intelligence and logic for the network, while the data plane handles the actual traffic forwarding

Answer 487

The antivirus signature database version

Answer 488

means that a significant amount of information has been given to the tester. This can include passwords, usernames, and other information

Answer 489

occurs in an environment where some information about the target systems is available to the tester, but not all details are known. It is likely that a tester in this environment would still need to complete the reconnaissance phase.

Answer 490

means that the tester is not given any information, so they must begin with reconnaissance. Reconnaissance is the initial phase of a penetration test, where information gathering and data collection occur without directly engaging the target. It is not a type of penetration testing, but rather a preparatory phase

Answer 491

is a chip that is used only to secure encryption keys, hashes, and other important data. It is embedded in Apple and Android devices

Answer 492

Key Management System is a process used to ensure that keys are kept secure by establishing standards of security. It is a set of policy decisions, not a chip or device such as TPM, HSM, and Secure Enclave.

Answer 493

Trusted Platform Module is a hardware-based storage system that contains keys, digital certificates, hashed passwords, and many other types of information used for authentication. It is embedded on device motherboards that use Windows operating systems

Answer 494

Hardware Security Module is a physical computing device that safeguards and manages digital keys for strong authentication. It can be a external device or on an expansion card, but it is not embedded on the motherboard.

Answer 495

An injection attack is a type of application attack that involves inserting malicious code or commands into an application or database to execute unauthorized actions or access sensitive data

Answer 496

A privilege escalation attack is a type of application attack that involves exploiting a vulnerability or misconfiguration to gain higher privileges or access than intended on a system or application

Answer 497

A replay attack is a type of application attack that involves capturing and retransmitting data, such as authentication tokens or credentials, to impersonate a legitimate user or session.

Answer 498

A buffer overflow attack is a type of application attack that involves sending more data than expected to a function, causing it to overwrite adjacent memory locations and execute arbitrary code

Answer 499

Low <4 Medium 4<=x<7 High 7<=x<9 Critical 9<=x

Answer 500

refers to the consequences a risk event has on an organization, affecting various areas such as operations, finance, and reputation

Answer 501

exposure factor (EF) is the fraction of the asset value that is at risk in the event of a security incident

Answer 502

Open ports on the destination device

Answer 503

Due diligence/care refers to the diligent and proactive efforts made by an organization to meet and maintain compliance requirements. This includes implementing necessary policies, procedures, and controls to align with regulatory mandates

Answer 504

CCPA (California Consumer Privacy Act) is a state legislation that provides comprehensive data protection rights to consumers, much like the GDPR. It's considered "horizontal" as it applies across sectors.

Answer 505

(Gramm–Leach–Bliley Act) is more of a "vertical" regulation as it targets a specific sector, the financial services industry, rather than applying broadly across various industries.

Answer 506

(California Consumer Privacy Act) is a state legislation that provides comprehensive data protection rights to consumers, much like the GDPR. It's considered "horizontal" as it applies across sectors.

Answer 507

E-discovery involves examining drives to find data that is electronically stored to use them for evidence

Answer 508

Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control policies, ensuring processes have only the permissions they require and no more.

Answer 509

restricts a process's view of the file system but doesn't offer the same comprehensive policy-based control as SELinux

Answer 510

enhances secure remote access, it doesn't provide granular control over processes and their behaviors

Answer 511

Enumeration aids inventory by tracking equipment and access controls to hardware, software, and data assets

Answer 512

Policy Enforcement Point

Answer 513

is responsible for ensuring that security policies are enforced when a user or device tries to access resources on the network. It acts as a gatekeeper, verifying the identity and context of the access request against the policies set by the organization before allowing or denying access

Answer 514

responsible for making decisions based on the security policies defined. It evaluates the information it receives from the Policy Enforcement Point but does not directly interact with users or devices attempting to access the network.

Answer 515

involves managing and updating the security policies, it does not perform real-time verification of users or devices attempting to access the network

Answer 516

Insurance can provide financial support in mitigating the aftermath of a security breach

Answer 517

is a type of race condition that occurs when a process checks the state or value of a resource before using it, but another process changes it in between. It can lead to incorrect or unauthorized actions based on outdated information

Answer 518

type of race condition that occurs when a process uses a resource based on the assumption that it has not changed since the last check, but another process has changed it in between. It can lead to incorrect or unauthorized actions based on invalid assumptions

Answer 519

keeps track of all transactions and changes that occur within a system. In the event of a crash or failure, this record allows for precise recovery to the moment before the disruption

Answer 520

provide a way to capture the system's state at a specific moment in time. They can be used for quick recoveries but don't track continuous transactional changes like journaling

Answer 521

During the establish phase of secure baselines, a set of initial configurations which include security controls such as encryption, firewalls, and access controls are designed and implemented. This baseline scenario ensures a specific standard of security is adhered to when the system is set up

Answer 522

SWGs are tailored to handle user traffic and can filter URLs based on content blacklists. They also provide threat analysis and integrate features like DLP and CASB to guard against various unauthorized egress threats.

Answer 523

Physical security controls are measures that involve protecting an organization’s physical assets. These controls can include security cameras, locks, and security badges

Answer 524

Operational security controls are measures that involve the day-to-day operations of an organization’s security. These controls can include backup and recovery procedures, configuration management, media protection, and log monitoring

Answer 525

Managerial security controls are measures that involve directing and overseeing the overall security of an organization. These controls can include risk assessments, security awareness training, incident response planning, and service acquisition

Answer 526

Technical security controls are measures that are put in place to protect the confidentiality, integrity, and availability of a system or network. These controls can include firewalls, intrusion detection/prevention systems, encryption, and access controls

Answer 527

Attestation is a process where data owners periodically review, validate and confirm the access rights of all users

Answer 528

intermediary server through which administrators can connect to other servers

Answer 529

intermediary for requests from clients seeking resources from other servers

Answer 530

Security Content Automation Protocol) is a cybersecurity framework that combines various security standards, enabling automated vulnerability assessment, and compliance checking. It provides a structured approach for evaluating and managing security vulnerabilities and configurations. While intrusion detection systems are valuable for monitoring network traffic for security breaches, SCAP is not an intrusion detection system itself but rather a cybersecurity framework focused on security automation. SCAP is not a network protocol for data transmission; rather, it serves a different purpose related to security automation. While firewalls are essential for network security, SCAP is not a firewall technology but a cybersecurity framework.

Answer 531

involves a set of techniques and tools designed to detect and prevent the unauthorized transmission of sensitive data outside an organization's network, helping to protect valuable data from being leaked or exposed to unauthorized entities

Answer 532

or Joint Venture Agreement (JV) primarily focuses on essential aspects of the business relationship between two entities, including profit-sharing arrangements, ownership of intellectual property, and strategies for ending the partnership if necessary. Responsibilities for software updates

Answer 533

Pulverizing with industrial machinery Industrial machinery is designed to destroy drives thoroughly, leaving no data intact. Degaussing methods expose hard disks to powerful electromagnetics, disrupting data storage patterns. However, not all types of drives, like SSDs and optical media, can be degaussed, limiting its applicability. While shredding can be an effective method, reducing drives or paper to 12mm strips (Level 1) might still leave data recoverable. More thorough shredding or additional measures would be required for complete data destruction. Incineration can be effective, but using municipal incinerators might leave some remnants of the drives, making this method less secure

Answer 534

To report compliance status to the public and stakeholders.

Answer 535

is the proactive process of recognizing and recording potential threats that could adversely affect an organization.

Answer 536

involves the collection and analysis of information about current and potential attacks that threaten the security of an organization but does not directly refer to the broader process of risk identification

Answer 537

is a specific method used within risk identification to determine the weaknesses within an organization's IT infrastructure

Answer 538

is an activity that may be part of risk identification but does not encompass the entire scope of identifying a range of potential risks

Answer 539

theft of user session data

All Acronyms Flashcards

(604 cards)