Brainscape Glossarry Flashcards

Question

# BYOD bring your own device

Answer 1

Security framework and tools to facilitate use of personally-owned devices to access corporate networks and data.

Answer 2

A type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack encrypted passwords.

Answer 3

An attack in which data goes past the boundary of the destination buffer and begins to corrupt adjacent memory. This can allow the attacker to crash the system or execute arbitrary code.

Answer 4

Reward scheme operated by software and web services vendors for reporting vulnerabilities.

Answer 5

Components and protocols that facilitate the centralized configuration and monitoring of mechanical and electrical systems within offices and data centers.

Answer 6

A systematic activity that identifies organizational risks and determines their effect on ongoing, mission-critical operations.

Answer 7

Agreement by two companies to work together closely, such as the partner agreements that large IT companies set up with resellers and solution providers.

Answer 8

Devices can be physically secured against theft using cable ties and padlocks. Some systems also feature lockable faceplates, preventing access to the power switch and removable drives.

Answer 9

A web page or website to which a client is redirected before being granted full network access.

Answer 10

Training event where learners must identify a token within a live network environment.

Answer 11

Duplicating a smart card by reading (skimming) the confidential data stored on it. Also known as skimming.

Answer 12

The process of extracting data from a computer when that data has no associated file system metadata.

Answer 13

Linux command to view and combine (concatenate) files.

Answer 14

A not-for-profit organization (founded partly by SANS). It publishes the well-known "Top 20 Critical Security Controls" (or system design recommendations).

Answer 15

A server that guarantees subject identities by issuing signed digital certificate wrappers for their public keys.

Answer 16

A list of certificates that were revoked before their expiration date.

Answer 17

A Base64 ASCII file that a subject sends to a CA to get a certificate.

Answer 18

The record of evidence history from collection, to presentation in court, to disposal.

Answer 19

Authentication scheme developed for dial-up networks that uses an encrypted three-way handshake to authenticate the client to the server. The challenge-response is repeated throughout the connection (though transparently to the user) to guard against replay attacks.

Answer 20

The process by which the need for change is recorded and approved.

Answer 21

The process through which changes to the configuration of information systems are implemented, as part of the organization's overall configuration management efforts.

Answer 22

The output of a hash function.

Answer 23

Linux command for managing file permissions.

Answer 24

Enterprise mobile device provisioning model where employees are offered a selection of corporate devices for work and, optionally, private use.

Answer 25

An encryption mode of operation where an exclusive or (XOR) is applied to the first plaintext block

Answer 26

A Layer 5 firewall technology that tracks the active state of a connection, and can make decisions based on the contents of network traffic as it relates to the state of the connection.

Answer 27

An organizational policy that mandates employee work areas be free from potentially sensitive information; sensitive documents must not be left out where unauthorized personnel might see them.

Answer 28

Enterprise management software designed to mediate access to cloud services by users across all types of devices.

Answer 29

Classifying the ownership and management of a cloud as public, private, community, or hybrid.

Answer 30

Industry body providing security guidance to CSPs, including enterprise reference architecture and security controls matrix.

Answer 31

Classifying the provision of cloud services and the limit of the cloud service provider's responsibility as software, platform, infrastructure,

Answer 32

A vendor offering public cloud service models, such as PaaS, IaaS, or SaaS.

Answer 33

Professional behavior depends on basic ethical standards, such as honesty and fairness. Some professions may have developed codes of ethics to cover difficult situations; some businesses may also have a code of ethics to communicate the values it expects its employees to practice. Also known as ethics.

Answer 34

Potentially unsecure programming practice of using code originally written for a different context.

Answer 35

The method of using a digital signature to ensure the source and integrity of programming code.

Answer 36

A predetermined alternate location where a network can be rebuilt after a disaster.

Answer 37

A network appliance that gathers or receives log and/or state data from other network systems.

Answer 38

In cryptography, the act of two different plaintext inputs producing the same exact ciphertext output.

Answer 39

An infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets. Also known as C2.

Answer 40

A smart card that provides certificate-based authentication and supports two-factor authentication. A CAC is produced for Department of Defense employees and contractors in response to a Homeland Security Directive.

Answer 41

An X500 attribute expressing a host or user name, also used as the subject identifier for a digital certificate.

Answer 42

Scheme for identifying vulnerabilities developed by MITRE and adopted by NIST.

Answer 43

A risk management approach to quantifying vulnerability data and then taking into account the degree of risk to different types of systems or information.

Answer 44

A cloud that is deployed for shared use by cooperating tenants.

Answer 45

A security measure that takes on risk mitigation when a primary control fails or cannot completely meet expectations.

Answer 46

An image of text characters or audio of some speech that is difficult for a computer to interpret. CAPTCHAs are used for purposes such as preventing bots from creating accounts or submitting forms.

Answer 47

The fundamental security goal of keeping information and communications private and protecting them from unauthorized access.

Answer 48

The three principles of security control and management. Also known as the information security triad. or AIC triad.

Answer 49

A type of virtualization applied by a host operating system to provision an isolated execution environment for an application.

Answer 50

A software application or gateway that filters client requests for various types of internet content (web, FTP, IM, and so on).

Answer 51

An access control scheme that verifies an object's identity based on various environmental factors, like time, location, and behavior.

Answer 52

Software development method in which app and platform requirements are frequently tested and validated for immediate availability.

Answer 53

Software development method in which app and platform updates are committed to production rapidly.

Answer 54

Software development method in which code updates are tested and committed to a development or build server/code repository rapidly.

Answer 55

The technique of constantly evaluating an environment for changes so that new risks may be more quickly detected and business operations improved upon. Also known as continuous security monitoring or CSM.

Answer 56

Risk that arises when a control does not provide the level of mitigation that was expected.

Answer 57

A serial network designed to allow communications between embedded programmable logic controllers.

Answer 58

Enterprise mobile device provisioning model where the device is the property of the organization and personal use is prohibited.

Answer 59

Enterprise mobile device provisioning model where the device remains the property of the organization, but certain personal use, such as private email, social networking, and web browsing, is permitted.

Answer 60

A type of security control that acts after an incident to eliminate or minimize its impact.

Answer 61

Function of log analysis that links log and state data to identify a pattern that should be logged or alerted as an event.

Answer 62

An encryption mode of operation where a numerical counter value is used to create a constantly changing IV. Also referred to as CTM (counter mode) and CM (counter mode).

Answer 63

An encryption protocol used for wireless LANs that addresses the vulnerabilities of the WEP protocol.

Answer 64

Brute force attack in which stolen user account names and passwords are tested against multiple websites.

Answer 65

Biometric evaluation factor expressing the point at which FAR and FRR meet, with a low value indicating better performance.

Answer 66

A malicious script hosted on the attacker's site that can exploit a session started on another site in the same browser. Also known as client-side request forgery or CSRF.

Answer 67

A malicious script hosted on the attacker's site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site, circumventing the browser's security model of trusted zones.

Answer 68

A method of sanitizing a self-encrypting drive by erasing the media encryption key.

Answer 69

Implementation of a sandbox for malware analysis.

Answer 70

Utility for command-line manipulation of URL-based protocol requests.

Answer 71

The process of investigating, collecting, analyzing, and disseminating information about emerging threats and threat sources. Also known as threat intelligence.

Answer 72

Information that is primarily stored on specific media, rather than moving from one medium to another.

Answer 73

When confidential or private data is read, copied, or changed without authorization. Data breach events may have notification and reporting requirements.

Answer 74

In privacy regulations, the entity that determines why and how personal data is collected, stored, and used.

Answer 75

An individual who is responsible for managing the system on which data assets are stored, including being responsible for enforcing access control, encryption, and backup/recovery measures.

Answer 76

The process by which an attacker takes data that is stored inside of a private network and moves it to an external network.

Answer 77

A software vulnerability where an attacker is able to circumvent access controls and retrieve confidential or sensitive data from the file system or database.

Answer 78

The overall management of the availability, usability, and security of the information used in an organization.

Answer 79

Information that is present in the volatile memory of a host, such as system memory or cache.

Answer 80

Information that is being transmitted between two hosts, such as over a private network or the Internet. Also known as data in motion.

Answer 81

A software solution that detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks.

Answer 82

A deidentification method where generic or placeholder labels are substituted for real data while preserving the structure or format of the original data.

Answer 83

In data protection, the principle that only necessary and sufficient personal information can be collected and processed for the stated purpose.

Answer 84

A senior (executive) role with ultimate responsibility for maintaining the confidentiality, integrity, and availability of an information asset.

Answer 85

Institutional data governance role with responsibility

Answer 86

In privacy regulations, an entity trusted with a copy of personal data to perform storage and/or analysis on behalf of the data collector.

Answer 87

Leftover information on a storage medium even after basic attempts have been made to remove that data. Also known as remnant.

Answer 88

In data protection, the principle that countries and states may impose individual requirements on data collected or stored within their jurisdiction.

Answer 89

An individual who is primarily responsible for data quality, ensuring data is labeled and identified with appropriate metadata and that data is collected and stored in a format and with values that comply with applicable laws and regulations.

Answer 90

A configuration option that enables a switch to inspect DHCP traffic to prevent MAC spoofing.

Answer 91

Linux command that makes a bit-by-bit copy of an input file, typically used for disk imaging.

Answer 92

An attack that uses multiple compromised hosts (a botnet) to overwhelm a service with request or response traffic.

Answer 93

Code in an application that is redundant because it will never be called within the logic of the program flow.

Answer 94

Spoofing frames to disconnect a wireless station to try to obtain authentication data to crack.

Answer 95

Cybersecurity resilience tools and techniques to increase the cost of attack planning for the threat actor.

Answer 96

Default administrative and guest accounts configured on servers and network devices are possible points of unauthorized access.

Answer 97

A security strategy that positions the layers of network security as network traffic roadblocks; each layer is intended to slow an attack's progress, rather than eliminating it outright.

Answer 98

The process of rendering a storage drive inoperable and its data unrecoverable by eliminating the drive's magnetic charge.

Answer 99

In data protection, methods and technologies that remove identifying information from data before it is distributed.

Answer 100

A segment isolated from the rest of a private network by one or more firewalls that accepts connections from the Internet over designated ports.

Answer 101

Any type of physical, application, or network attack that affects the availability of a managed resource.

Answer 102

The process of removing an application from packages or instances.

Answer 103

NAT service where private internal addresses are mapped to one or more public addresses to facilitate Internet connectivity for hosts on a local network via a router.

Answer 104

A type of security control that acts during an incident to identify or record that it is happening.

Answer 105

A type of security

Answer 106

A framework for analyzing cybersecurity incidents.

Answer 107

A type of password attack that compares encrypted passwords against a predetermined list of possible password values.

Answer 108

A backup type in which all selected files that have changed since the last full backup are backed up.

Answer 109

A cryptographic technique that provides secure key exchange.

Answer 110

A message digest encrypted using the sender's private key that is appended to a message to authenticate the sender and prove message integrity.

Answer 111

public key encryption standard used for digital signatures that provides authentication and integrity verification for messages.

Answer 112

A network service that stores identity information about all the objects in a particular network, including users, groups, servers, client computers, and printers.

Answer 113

An application attack that allows access to commands, files, and directories that may or may not be connected to the web document root directory.

Answer 114

A documented and resourced plan showing actions and responsibilities to be used in response to critical incidents.

Answer 115

Access control model where each resource is protected by an Access Control List (ACL) managed by the resource's owner (or owners).

Answer 116

The binary format used to structure the information in a digital certificate.

Answer 117

Cybersecurity resilience strategy that increases attack costs by provisioning multiple types of controls, technologies, vendors, and crypto implementations.

Answer 118

A type of hijacking attack where the attacker steals a domain name by altering its registration information and then transferring the domain name to another entity. Sometimes referred to as brandjacking.

Answer 119

An attack in which an attacker modifies a computer's DNS configurations to point to a malicious DNS server.

Answer 120

A network-based attack where an attacker exploits the traditionally open nature of the DNS system to redirect a domain name to an IP address of the attacker's choosing.

Answer 121

A security protocol that provides authentication of DNS data and upholds DNS data integrity.

Answer 122

A cryptographic attack where the attacker exploits the need for backward compatibility to force a computer system to abandon the use of encrypted messages in favor of plaintext messages.

Answer 123

File containing data captured from system memory.

Answer 124

The social engineering technique of discovering things about an organization (or person) based on what it throws away.

Answer 125

An attack in which an attacker responds to a client requesting address assignment from a DHCP server.

Answer 126

An EAP method that is expected to address the shortcomings of LEAP.

Answer 127

An EAP method that requires server-side and client-side certificates for authentication using SSL/ TLS.

Answer 128

An EAP method that enables a client and server to establish a secure connection without mandating a client-side certificate.

Answer 129

Design paradigm accounting for the fact that data center traffic between servers is greater than that passing in and out (north-south).

Answer 130

Provisioning processing resource close to the network edge of IoT devices to reduce latency.

Answer 131

Procedures and tools to collect, preserve, and analyze digital evidence.

Answer 132

The property by which a computing environment can instantly react to both increasing and decreasing demands in workload.

Answer 133

An asymmetric encryption algorithm that leverages the algebraic structures of elliptic curves over finite fields to derive public/private key pairs.

Answer 134

IPSec sub-protocol that enables encryption and authentication of the header and payload of a data packet.

Answer 135

Product life cycle phase where sales are discontinued and support options reduced over time.

Answer 136

Product life cycle phase where support is no longer available from the vendor.

Answer 137

A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.

Answer 138

A software agent and monitoring system that performs multiple security tasks.

Answer 139

The comprehensive process of evaluating, measuring, and mitigating the many risks that pervade an organization.

Answer 140

A measure of disorder. Cryptographic systems should exhibit high entropy to better resist brute force attacks.

Answer 141

Coding methods to anticipate and deal with exceptions thrown during execution of a process.

Answer 142

In key management, the storage of a backup key with a third party.

Answer 143

A wireless access point that deceives users into believing that it is a legitimate network access point.

Answer 144

An operation that outputs to true only if one input is true and the other input is false.

Answer 145

The process of determining what additional software may be installed on a client or server beyond its baseline to prevent the use of unauthorized software.

Answer 146

Suite of tools designed to automate delivery of exploits against common software and firmware vulnerabilities.

Answer 147

In risk calculation, the percentage of an asset's value that would be lost during a security incident or disaster scenario.

Answer 148

Framework for negotiating authentication methods that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication.

Answer 149

A port-based network access control (PNAC) mechanism that allows the use of EAP authentication when a host connects to an Ethernet switch.

Answer 150

A private network that provides some access to outside parties, particularly vendors, partners, and select customers.

Answer 151

A technique that ensures a redundant component, device, or application can quickly and efficiently take over the functionality of an asset that has failed.

Answer 152

Deception strategy that returns spoofed data in response to network probes.

Answer 153

Biometric assessment metric that measures the number of unauthorized users who are mistakenly allowed access.

Answer 154

In security scanning, a case that is not reported when it should be.

Answer 155

In security scanning, a case that is reported when it should not be.

Answer 156

Biometric assessment metric that measures the number of valid subjects who are denied access.

Answer 157

A wire mesh container that blocks external electromagnetic fields from entering into the container.

Answer 158

A process that provides a shared login capability across multiple systems and enterprises. It essentially connects the identity management services of multiple systems.

Answer 159

High speed network communications protocol used to implement SANs.

Answer 160

A processor that can be programmed to perform a specific function by a customer rather than at the time of manufacture.

Answer 161

A type of software that reviews system files to ensure that they have not been tampered with.

Answer 162

A type of FTP using TLS for confidentiality.

Answer 163

Biometric authentication device that can produce a template signature of a user's fingerprint then subsequently compare the template to the digit submitted for authentication.

Answer 164

The first experienced person or team to arrive at the scene of an incident.

Answer 165

Provisioning processing resource close to the network edge of IoT devices to reduce latency.

Answer 166

A commercial digital forensics investigation management and utilities suite, published by AccessData.

Answer 167

A backup type in which all selected files, regardless of prior state, are backed up. full tunnel VPN configuration where all traffic is routed via the VPN gateway.

Answer 168

Encryption of all data on a disk (including system files, temporary files, and the pagefile) can be accomplished via a supported OS, third-party software, or at the controller level by the disk device itself.

Answer 169

A dynamic code analysis technique that involves sending a running application random and unusual input so as to evaluate how the app responds.

Answer 170

Biometric mechanism that identifies a subject based on movement pattern.

Answer 171

A mode of block chained encryption that provides message authenticity for each block.

Answer 172

Provisions and requirements protecting the personal data of European Union (EU) citizens. Transfers of personal data outside the EU Single Market are restricted unless protected by like-for-like regulations, such as the US's Privacy Shield requirements.

Answer 173

The practice of creating a virtual boundary based on real-world geography.

Answer 174

The identification or estimation of the physical location of an object, such as a radar source, mobile phone, or Internet-connected computing device.

Answer 175

Linux command for searching and filtering input. This can be used as a file search tool when combined with ls.

Answer 176

A group account is a collection of user accounts that are useful when establishing file permissions and user rights because when many individuals need the same level of access, a group could be established containing all the relevant users.

Answer 177

On a Windows domain, a way to deploy per-user and per-computer settings such as password policy, account restrictions, firewall status, and so on.

Answer 178

The process of making a host or app configuration secure by reducing its attack surface, through running only necessary services, installing monitoring software to protect against malware and intrusions, and establishing a maintenance schedule to ensure the system is patched to be secure against software exploits.

Answer 179

An appliance for generating and storing cryptographic keys. This sort of solution may be less susceptible to tampering and insider threats than software-based storage.

Answer 180

A method used to verify both the integrity and authenticity of a message by combining a cryptographic hash of the message with a secret key.

Answer 181

Command-line tool used to perform brute force and dictionary attacks against password hashes.

Answer 182

A function that converts an arbitrary length string input to a fixed length string output. A cryptographic hash function does this in a way that reduces the chance of collisions, where two different inputs produce the same output. Also known as message digest.

Answer 183

Linux utility for showing the first lines in a file.

Answer 184

In a Wi-Fi site survey, a diagram showing signal strength at different locations.

Answer 185

A method that uses feature comparisons and likenesses rather than specific signature matching to identify whether the target of observation is malicious.

Answer 186

The property that defines how closely systems approach the goal of providing data availability 100 percent of the time while maintaining a high level of system performance.

Answer 187

An algorithm that generates a one-time password using a hash-based authentication code to verify the authenticity of the message.

Answer 188

Method that allows computation of certain fields in a dataset without decrypting it.

Answer 189

A host, network, or file set up with the purpose of luring attackers away from assets of actual value and/or discovering attack strategies and weaknesses in the security configuration. Also known as honeyfile.

Answer 190

When a user accesses or modifies specific resources that they are not entitled to.

Answer 191

A software application running on a single host and designed to protect only that host. Also known as personal firewall.

Answer 192

A fully configured alternate network that can be online quickly after a disaster.

Answer 193

Arrangement of server racks to maximize the efficiency of cooling systems. Also known as cold/hot aisle.

Answer 194

Using features of HTML5 to implement remote desktop/VPN connections via browser software (clientless).

Answer 195

A cloud deployment that uses both private and public elements.

Answer 196

A security process that provides identification, authentication, and authorization mechanisms for users, computers, and other entities to work with organizational assets like networks, operating systems, and applications.

Answer 197

The invention of fake personal information or the theft and misuse of an individual's personal information.

Answer 198

In a federated network, the service that holds the user account and performs authentication.

Answer 199

A standard for encapsulating EAP communications over a LAN (EAPoL) to implement port-based authentication.

Answer 200

A basic principle of security stating that unless something has explicitly been granted access, it should be denied access.

Answer 201

Specific procedures that must be performed if a certain type of event is detected or reported.

Answer 202

A backup type in which all selected files that have changed since the last full or incremental backup (whichever was most recent) are backed up.

Answer 203

A sign that an asset or network has been attacked or is currently under attack.

Answer 204

Methods of disguising the nature and purpose of buildings or parts of buildings.

Answer 205

A network managing embedded devices (computer systems that are designed to perform a specific, dedicated function).

Answer 206

Not-for-profit group set up to share sector-specific threat intelligence and security best practices amongst its members.

Answer 207

A computing method that uses the cloud to provide any or all infrastructure needs.

Answer 208

A provisioning architecture in which deployment of resources is performed by scripted automation and orchestration.

Answer 209

Risk that an event will pose if no controls are put in place to mitigate it.

Answer 210

A wireless attack where the attacker is able to predict or control the IV of an encryption process, thus giving the attacker access to view the encrypted data that is supposed to be hidden from everyone else except the user or network.

Answer 211

An industry body comprising the main PKI providers, such as Verisign and Entrust, that was established with the aim of developing an open, strong authentication framework.

Answer 212

Any technique used to ensure that the data entered into a field or variable in an application is handled appropriately by that application.

Answer 213

Coding vulnerability where unvalidated input is used to select a resource object, such as a file or database. 1

Answer 214

A type of threat actor who is assigned privileges on the system that cause an intentional or unintentional incident.

Answer 215

An attack in which a computed result is too large to fit in its assigned storage space, which may lead to crashing or data corruption, and may trigger a buffer overflow.

Answer 216

The fundamental security goal of keeping organizational information accurate, free of errors, and without unauthorized modifications.

Answer 217

In threat hunting, using sources of threat intelligence data to automate detection of adversary IoCs and TTPs.

Answer 218

Any federal agency interconnecting its IT system to a third-party must create an ISA to govern the relationship. An ISA sets out a security risk awareness process and commit the agency and supplier to implementing security controls.

Answer 219

A comprehensive set of standards for information security, including best practices for security and risk management, compliance, and technical implementation.

Answer 220

A comprehensive set of standards for enterprise risk management.

Answer 221

Framework for creating a Security Association (SA) used with IPSec. An SA establishes that two hosts trust one another (authenticate) and agree secure protocols and cipher suites to use to exchange data.

Answer 222

A set of open, non-proprietary standards that are used to secure data through authentication and encryption as the data travels across the network or the Internet.

Answer 223

A private network that is only accessible by the organization's own personnel.

Answer 224

A software and/or hardware system that scans, audits, and monitors the security infrastructure for signs of attacks in progress.

Answer 225

An IDS that can actively block attacks.

Answer 226

Software consolidating management of multiple DHCP and DNS services to provide oversight into IP address allocation across an enterprise network.

Answer 227

Standards-based version of the Netflow framework.

Answer 228

An attack in which radio waves disrupt 802.11 wireless signals.

Answer 229

The policy of preventing any one individual performing the same role or tasks for too long. This deters fraud and provides better oversight of the person's duties.

Answer 230

A hardened server that provides access to other hosts. Also known as jumpbox.

Answer 231

A single sign-on authentication and authorization service that is based on a time-sensitive ticket-granting system.

Answer 232

Malicious software or hardware that can record user keystrokes.

Answer 233

A model developed by Lockheed Martin that describes the stages by which a threat actor progresses a network intrusion.

Answer 234

The process by which an attacker is able to move from one part of a computing environment to another.

Answer 235

VPN protocol for tunneling PPP sessions across a variety of network protocols such as IP, Frame Relay, or ATM.

Answer 236

An application attack that targets web-based applications by fabricating LDAP statements that are typically created by user input.

Answer 237

A basic principle of security stating that something should be allocated the minimum necessary rights, privileges, or information to perform its role.

Answer 238

An analysis of events that can provide insight into how to improve response processes in the future. Also known as after action report or AAR.

Answer 239

Cryptographic algorithms with reduced compute requirements that are suitable for use in resource-constrained environments, such as battery-powered devices.

Answer 240

A network protocol used to access network directory databases, which store information about authorized users and their privileges, as well as other organizational information.

Answer 241

A method of implementing LDAP using SSL/TLS encryption.

Answer 242

Cisco Systems' proprietary EAP implementation.

Answer 243

A type of switch or router that distributes client requests between different resources, such as communications links or similarly-configured servers. This provides fault tolerance and improves throughput.

Answer 244

Linux utility that writes data to the system log.

Answer 245

A malicious program or script that is set to run under particular circumstances or in response to a defined event.

Answer 246

If broadcast traffic is allowed to continually loop around a network, the number of broadcast packets increases exponentially, crashing the network. Loop protection in switches (such as Spanning Tree Protocol), and in routers (Time To Live for instance) is designed to prevent this.

Answer 247

Proving the integrity and authenticity of a message by combining its hash with a shared secret.

Answer 248

A variation of an ARP poisoning attack where a switch's cache table is inundated with frames from random source MAC addresses.

Answer 249

Third-party provision of security configuration and monitoring as an outsourced service.

Answer 250

A category of security control that gives oversight of the information system.

Answer 251

Access control model where resources are protected by inflexible, system defined rules. Resources (objects) and users (subjects) are allocated a clearance level (or label).

Answer 252

The principle that states when and how long an employee must take time off from work so that their activities may be subjected to a security review.

Answer 253

In threat hunting, the concept that threat actor and defender may use deception or counterattacking strategies to gain positional advantage.

Answer 254

An attack when the web browser is compromised by installing malicious plug-ins or scripts, or intercepting API calls between the browser process and DLLs.

Answer 255

A form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently.

Answer 256

A secure entry system with two gateways, only one of which is open at any one time.

Answer 257

The longest period of time a business can be inoperable without causing irrevocable business failure.

Answer 258

The rating on a device or component that predicts the expected time between failures.

Answer 259

The average time a device or component is expected to be in operation.

Answer 260

The average time taken for a device or component to be repaired, replaced, or otherwise recover from a failure.

Answer 261

A UEFI feature that gathers secure metrics to validate the boot process in an attestation report.

Answer 262

Evaluates the data collection and statistical methods used by a quality management process to ensure they are robust.

Answer 263

An attack in which an attacker falsifies the factory-assigned MAC address of a device's network interface. Also known as MAC spoofing.

Answer 264

Applying an access control list to a switch or access point so that only clients with approved MAC addresses can connect to it.

Answer 265

Linux utility developed as part of the Coroner's Toolkit to dump system memory data to a file.

Answer 266

Usually a preliminary or exploratory agreement to express an intent to work together that is not legally binding and does not involve the exchange of money.

Answer 267

A software vulnerability that can occur when software does not release allocated memory when it is done using it, potentially leading to system instability.

Answer 268

A cryptographic hash function producing a 128-bit output.

Answer 269

Information stored or recorded as a property of an object, state of a system, or transaction.

Answer 270

A software architecture where components of the solution are conceived as highly decoupled services not dependent on a single platform type or technology.

Answer 271

A type of RAID that using two hard disks, providing the simplest way of protecting a single disk against failure. Data is written to both disks and can be read from either disk.

Answer 272

A business or organizational activity that is too critical to be deferred for anything more than a few hours, if at all.

Answer 273

Enterprise management function that enables control over apps and storage for mobile devices and other endpoints.

Answer 274

The process and supporting technologies for tracking, controlling, and securing the organization's mobile infrastructure.

Answer 275

Implementation of a block symmetric cipher, with some modes allowing secure encryption of a stream of data, with or without authentication for each block.

Answer 276

Cloud service providing ongoing security and availability monitoring of on-premises and/or cloud-based hosts and services.

Answer 277

A cloud deployment model where the cloud consumer uses multiple public cloud services.

Answer 278

An authentication scheme that requires the user to present at least two different factors as credentials, from something you know, something you have, something you are, something you do, and somewhere you are. Specifying two factors is known as 2FA.

Answer 279

Extension to SMS allowing digital data (picture, video, or audio) to be sent over a cellular data connection.

Answer 280

Overprovisioning controllers and cabling so that a host has failover connections to storage media.

Answer 281

Developed by Cisco from ATM as a means of providing traffic engineering (congestion control), Class of Service,

Answer 282

Developed by Cisco from ATM as a means of providing traffic engineering (congestion control), Class of Service, and Quality of Service within a packet switched, rather than circuit switched, network.

Answer 283

Low-power cellular networks designed to provide data connectivity to IoT devices.

Answer 284

Utility for reading and writing raw data over a network connection. Also known as netcat.

Answer 285

A standard for peer-to-peer (2-way) radio communications over very short (around 4") distances, facilitating contactless payment and similar technologies. NFC is based on RFID.

Answer 286

One of the best-known commercial vulnerability scanners, produced by Tenable Network Security. Also known as Tenable.

Answer 287

A Cisco-developed means of reporting network flow information to a structured database. NetFlow allows better understanding of IP traffic flows as used by different network applications and hosts.

Answer 288

A general term for the collected protocols, policies, and hardware that authenticate and authorize access to a network at the device level.

Answer 289

A routing mechanism that conceals internal addressing schemes from the public Internet by translating between a single public address on the external side of a router and private, non-routable addresses internally.

Answer 290

Provisioning virtual network appliances, such as switches, routers, and firewalls, via VMs and containers.

Answer 291

Advances in firewall technology, from app awareness, user-based filtering, and intrusion prevention to cloud inspection. Also known as layer 7 firewall.

Answer 292

Versatile port scanner used for topology, host, service, and OS discovery and enumeration.

Answer 293

An arbitrary number used only once in a cryptographic communication, often to prevent replay attacks.

Answer 294

An agreement that stipulates that entities will not share confidential information, knowledge, or materials with unauthorized third parties.

Answer 295

The security goal of ensuring that the party that sent a transmission or created data remains associated with that data and cannot deny sending or creating that data.

Answer 296

A routine that applies a common consistent format to incoming data so that it can be processed safely. Normalization is referred to in the context of log collection and software coding.

Answer 297

A challenge-response authentication protocol created by Microsoft for use in its products.

Answer 298

Software optimized for multiplatform log collection and aggregation.

Answer 299

A technique that essentially "hides" or "camouflages" code or other information so that it is harder to read by unauthorized users.

Answer 300

Numeric schema used for attributes of digital certificates.

Answer 301

The process of ensuring that all HR and other requirements are covered when an employee leaves an organization. Also known as exit interview.

Answer 302

In PKI, a CA (typically the root CA) that has been disconnected from the network to protect it from compromise.

Answer 303

The process of bringing in a new employee, contractor, or supplier.

Answer 304

Allows clients to request the status of a digital certificate, to check whether it is revoked.

Answer 305

Standards for implementing device encryption on storage devices.

Answer 306

Standard for federated identity management, allowing resource servers or consumer sites to work with user accounts created and managed on a separate identity provider.

Answer 307

A charity and community publishing a number of secure application development resources.

Answer 308

An authentication layer that sits on top of the OAuth 2.0 authorization protocol.

Answer 309

Publicly available information plus the tools used to aggregate and search it.

Answer 310

A category of security control that is implemented by people.

Answer 311

A communications network designed to implement an industrial control system rather than data networking.

Answer 312

The automation of multiple steps in a deployment process.

Answer 313

The order in which volatile data should be recovered from various storage locations and devices after a security incident occurs.

Answer 314

Accessing the administrative interface of a network appliance using a separate network from the usual data network. This could use a separate VLAN or a different kind of link, such as a dial-up modem.

Answer 315

A firmware update delivered on a cellular data connection.

Answer 316

A network-based attack where the attacker steals hashed user credentials and uses them as-is to try to authenticate to the same network the hashed credentials originated on.

Answer 317

A test that uses active tools and security utilities to evaluate security by simulating an attack on a system. A pen test will verify that a threat exists, then will actively test and bypass security controls, and will finally exploit vulnerabilities on the system. Also known as pentest.

Answer 318

Mechanism for encoding characters as hexadecimal values delimited by the percent sign.

Answer 319

A characteristic of transport encryption that ensures if a key is compromised the compromise will only affect a single session and not facilitate recovery of plaintext data from other sessions.

Answer 320

The ability of a threat actor to maintain covert access to a target host or network.

Answer 321

In load balancing, the configuration option that enables a client to maintain a connection with a load-balanced server over the duration of the session. Also referred to as sticky sessions.

Answer 322

A smart card that meets the standards for FIPS 201, in that it is resistant to tampering and provides quick electronic authentication of the card's owner.

Answer 323

Windows file format for storing a private key and certificate data. The file can be password-protected.

Answer 324

Data that can be used to identify or contact an individual (or in the case of identity theft, to impersonate them).

Answer 325

An impersonation attack in which a request for a website, typically an e-commerce site, is redirected to a similar-looking, but fake, website.

Answer 326

A type of email-based social engineering attack, in which the attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim.

Answer 327

A type of security control that acts against in-person intrusion attempts.

Answer 328

A deprecated method of trusting digital certificates that bypasses the CA hierarchy and chain of trust to minimize man-in-the-middle attacks.

Answer 329

A computing method that uses the cloud to provide any platform-type services.

Answer 330

A checklist of actions to perform to detect and respond to a specific type of incident

Answer 331

Dial-up protocol working at layer 2 (Data Link) used to connect devices remotely to networks.

Answer 332

A software vulnerability that can occur when code attempts to read a memory location specified by a pointer, but the memory location is null. Also known as dereferencing.

Answer 333

A point-to-point topology is one where two nodes have a dedicated connection to one another. In a point-to-multipoint topology, a central node mediates links between remote nodes. Also known as Point-to-point.

Answer 334

A process in which a router takes requests from the Internet for a particular application (such as HTTP) and sends them to a designated host on the LAN. Also known as destination network address translation or DNAT.

Answer 335

Copying ingress and/or egress communications from one or more switch ports to another port. This is used to monitor communications passing over the switch. Also known as switched port analyzer or SPAN.

Answer 336

Preventing a device attached to a switch port from communicating on the network unless it matches a given MAC address or other protection profile.

Answer 337

A switch (or router) that performs some sort of authentication of the attached device before activating the port.

Answer 338

Anticipating challenges to current cryptographic implementations and general security issues in a world where threat actors have access to significant quantum processing capability.

Answer 339

Software that cannot definitively be classed as malicious, but may not have been chosen by or wanted by the user.

Answer 340

Advanced strip socket that provides filtered output voltage. A managed unit supports remote administration.

Answer 341

A command shell and scripting language built on the .NET Framework.

Answer 342

Passphrase-based mechanism to allow group authentication to a wireless network. The passphrase is used to derive an encryption key.

Answer 343

Base64 encoding scheme used to store certificate and key data as ASCII text.

Answer 344

A cloud that is deployed for use by a single entity.

Answer 345

In asymmetric encryption, the private key is known only to the holder and is linked to, but not derivable from, a public key distributed to those with which the holder wants to communicate securely. A private key can be used to encrypt data that can be decrypted by the linked public key or vice versa.

Answer 346

The use of authentication and authorization mechanisms to provide an administrator with centralized or decentralized control of user and group role-based privilege management.

Answer 347

The practice of exploiting flaws in an operating system or other application to gain a greater level of access than was intended for the user or application.

Answer 348

A type of computer designed for deployment in an industrial or outdoor setting that can automate and monitor mechanical systems.

Answer 349

EAP implementation that uses a server-side certificate to create a secure tunnel for user authentication, referred to as the inner method.

Answer 350

Information that identifies someone as the subject of medical and insurance records, plus associated hospital and laboratory test results.

Answer 351

In digital forensics, being able to trace the source of evidence to a crime scene and show that it has not been tampered with.

Answer 352

A server that mediates the communications between a client and another server. It can filter and often modify communications, as well as provide caching services to improve performance. Also known as forward proxy.

Answer 353

Removing personal information from a data set to make identification of individuals difficult, even if the data set is combined with other sources.

Answer 354

A cloud that is deployed for shared use by multiple independent tenants.

Answer 355

During asymmetric encryption, this key is freely distributed and can be used to perform the reverse encryption or decryption operation of the linked private key in the pair.

Answer 356

Format that allows a private key to be exported along with its digital certificate.

Answer 357

Series of standards defining the use of certificate authorities and digital certificates.

Answer 358

Framework of certificate authorities, digital certificates, software, services, and other cryptographic components deployed for the purpose of validating subject identities.

Answer 359

A mode of penetration testing where red and blue teams share information and collaborate throughout the engagement.

Answer 360

In data protection, the principle that personal information can be collected and processed only for a stated purpose to which the subject has consented.

Answer 361

High-level programming language that is widely used for automation.

Answer 362

Policies, procedures, and tools designed to ensure defect-free development and delivery.

Answer 363

A risk analysis method that uses opinions and reasoning to measure the likelihood and impact of risk.

Answer 364

Systems that differentiate data passing over the network that can reserve bandwidth for particular applications. A system that cannot guarantee a level of available bandwidth is often described as Class of Service (CoS). Also known as CoS.

Answer 365

A risk analysis method that is based on assigning concrete values to factors.

Answer 366

Using quantum computing for cryptographic tasks, such as distributing keys or cracking (traditional) cryptographic systems. Quantum computing works on the principle that its units (qubits) have more properties than the bits used in "classical" computers, notably (and very crudely) that a qubit can have a probability of being 1 or 0 and that inspecting the value of one qubit can instantly determine that of others (entanglement).

Answer 367

A software vulnerability when the resulting outcome from execution processes is directly dependent on the order and timing of certain events, and those events fail to execute in the order and timing intended by the developer.

Answer 368

Tool for speeding up attacks against Windows passwords by precomputing possible hashes.

Answer 369

A type of password attack where an attacker uses a set of related plaintext passwords and their hashes to crack passwords.

Answer 370

Open-source platform producing programmable circuit boards for education and industrial prototyping.

Answer 371

A type of OS that prioritizes deterministic execution of operations to ensure consistent response for time-critical tasks.

Answer 372

Opens a data stream for video and voice applications over UDP. The data is packetized and tagged with control information (sequence numbering and time-stamping).

Answer 373

In PKI, an account or combination of accounts that can copy a cryptographic key from backup or escrow and restore it to a subject host or user.

Answer 374

The longest period of time that an organization can tolerate lost data being unrecoverable.

Answer 375

The length of time it takes after an event to resume normal business operations and activities.

Answer 376

The "hostile" or attacking team in a penetration test or incident response exercise.

Answer 377

Specifications that support redundancy and fault tolerance for different configurations of multiple-device storage systems.

Answer 378

A group of characters that describe how to execute a specific search pattern on a given text.

Answer 379

In PKI, an authority that accepts requests for digital certificates and authenticates the entities making those requests.

Answer 380

Malware that creates a backdoor remote administration channel to allow a threat actor to access and control the infected host.

Answer 381

A standard protocol used to manage remote and wireless authentication infrastructures.

Answer 382

Using a trigger device to send a BGP route update that instructs routers to drop traffic that is suspected of attempting DDoS.

Answer 383

An attack where the attacker intercepts some authentication data and reuses it to try to re-establish a session.

Answer 384

Automatically copying data between two processing systems either simultaneously on both systems (synchronous) or from a primary to a secondary location (asynchronous).

Answer 385

Risk that remains even after controls are put into place.

Answer 386

Dictates for how long information needs to be kept available on backup and archive systems. This may be subject to legislative requirements.

Answer 387

A type of proxy server that protects servers from direct contact with client requests.

Answer 388

A maliciously spawned remote command shell where the victim host opens the connection to the attacking host.

Answer 389

Platform-independent advanced messaging functionality designed to replace SMS and MMS.

Answer 390

The response of determining that a risk is within the organization's appetite and no countermeasures other than ongoing monitoring is needed.

Answer 391

In risk mitigation, the practice of ceasing activity that presents risk.

Answer 392

In risk mitigation, the response of deploying security controls to reduce the likelihood and/or impact of a threat scenario. Also known as risk reduction.

Answer 393

A graphical table indicating the likelihood and impact of risk factors identified for a workflow, project, or department 1 for reference by stakeholders. 2

Answer 394

The response of reducing risk to fit within an organization's risk appetite.

Answer 395

A document highlighting the results of risk assessments in an easily comprehensible format (such as a "traffic light" grid). Its purpose is for department managers and technicians to understand risks associated with the workflows that they manage.

Answer 396

In risk mitigation, the response of moving or sharing the responsibility of risk to another entity, such as by purchasing cybersecurity insurance.

Answer 397

In ESA, a framework that uses risk assessment to prioritize security control selection and investment.

Answer 398

Named for its designers, Ronald Rivest, Adi Shamir, and Len Adelman, the first successful algorithm for public key encryption with a variable key length and block size.

Answer 399

A remote-controlled or autonomous robot capable of patrolling site premises or monitoring gateways.

Answer 400

An access control model where resources are protected by ACLs that are managed by administrators and that provide user permissions based on job functions.

Answer 401

In PKI, a CA that issues certificates to intermediate CAs in a hierarchical structure.

Answer 402

A class of malware that modifies system files, often at the kernel level, to conceal its presence.

Answer 403

A hardware device that has the primary function of a router, but also has firewall functionality embedded into the router firmware.

Answer 404

Rules that govern how routers communicate and forward traffic between networks.

Answer 405

A nondiscretionary access control technique that is based on a set of operational rules or restrictions to enforce a least privileges permissions policy.

Answer 406

An automated version of a playbook that leaves clearly defined interaction points for human analysis.

Answer 407

A security countermeasure that mitigates the impact of a rainbow table attack by adding a random value to ("salting") each plaintext input.

Answer 408

A computing environment that is isolated from a host system to guarantee that the environment runs in a controlled, secure fashion. Communication links between the sandbox and the host are usually completely prohibited.

Answer 409

The process of thorough and completely removing data from a storage medium so that file remnants cannot be recovered.

Answer 410

The property by which a computing environment is able to gracefully fulfill its ever-increasing resource needs.

Answer 411

Utility that runs port scans through third-party websites to evade detection.

Answer 412

A dual-homed proxy/gateway server used to provide Internet access to other network nodes, while protecting them from external attack.

Answer 413

An inexperienced, unskilled attacker that typically uses tools or scripts created by others.

Answer 414

A UEFI feature that prevents unwanted processes from executing during the boot operation.

Answer 415

A method of sanitizing a drive using the ATA command set.

Answer 416

A secure version of the File Transfer Protocol that uses a Secure Shell (SSH) tunnel as an encryption method to transfer, access, and manage files.

Answer 417

A cryptographic hashing algorithm created to address possible weaknesses in MDA. The current version is SHA-2.

Answer 418

A remote administration and file-copy program that supports VPNs by using port forwarding, and that runs on TCP port 22.

Answer 419

A protocol that uses the HTTP over SSL protocol and encapsulates an IP packet with a PPP header and then with an SSTP header.

Answer 420

An appliance or proxy server that mediates client connections with the Internet by filtering spam and malware and enforcing access restrictions on types of sites visited, time spent, and bandwidth consumed.

Answer 421

An email encryption standard that adds digital signatures and public key cryptography to traditional MIME communications.

Answer 422

A computing method that enables clients to take advantage of information, software, infrastructure, and processes provided by a cloud vendor in the specific area of computer security.

Answer 423

An XML-based data format used to exchange authentication information between a client and a service.

Answer 424

A NIST framework that outlines various accepted practices for automating vulnerability scanning.

Answer 425

A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the confidentiality, integrity, and availability (CIA) of information.

Answer 426

The value assigned to an account by Windows and that is used by the operating system to identify that account.

Answer 427

A solution that provides real-time or near-real-time analysis of security alerts generated by network hardware and applications.

Answer 428

A class of security tools that facilitates incident response, threat hunting, and security configuration by orchestrating automated runbooks and delivering data enrichment.

Answer 429

Since version 4.3, Android has been based on Security-Enhanced Linux, enabling granular permissions for apps, container isolation, and storage segmentation.

Answer 430

A portion of a network where all attached hosts can communicate freely with one another.

Answer 431

A disk drive where the controller can automatically encrypt data that is written to it.

Answer 432

A digital certificate that has been signed by the entity that issued it, rather than by a CA.

Answer 433

Devising an AI/ML algorithm that can describe or classify the intention expressed in natural language statements.

Answer 434

A concept that states that duties and responsibilities should be divided among individuals to prevent ethical conflicts or abuse of powers.

Answer 435

Developed from parallel SCSI, SAS represents the highest performing hard disk interface available.

Answer 436

A digital certificate that guarantees the identity of e-commerce sites and other websites that gather and store confidential information.

Answer 437

A software architecture that runs functions within virtualized runtime containers in a cloud rather than on dedicated server instances.

Answer 438

In a web application, input data that is executed or validated as part of a script or process running on the server.

Answer 439

A host or network account that is designed to run a background service, rather than to log on interactively.

Answer 440

Operating procedures and standards for a service contract.

Answer 441

A character string that identifies a particular wireless LAN (WLAN).

Answer 442

A software architecture where components of the solution are conceived as loosely coupled services not dependent on a single platform type or technology.

Answer 443

A scheduling approach used by load balancers to route traffic to devices that have already established connections with the client in question. Also known as source IP affinity.

Answer 444

A type of spoofing attack where the attacker disconnects a host then replaces it with his or her own machine, spoofing the original host's IP address.

Answer 445

Used to establish, disestablish, and manage VoIP and conferencing communications sessions. It handles user discovery (locating a user on the network), availability advertising (whether a user is prepared to receive calls), negotiating session parameters (such as use of audio/video), and session management and termination.

Answer 446

Web standard for using sampling to record network traffic statistics.

Answer 447

Computer hardware, software, or services used on a private network without authorization from the system owner.

Answer 448

An account with no credential (guest) or one where the credential is known to multiple persons.

Answer 449

Lightweight block of malicious code that exploits a software vulnerability to gain initial access to a victim system.

Answer 450

The process of developing and implementing additional code between an application and the operating system to enable functionality that would otherwise be unavailable.

Answer 451

A social engineering tactic to obtain someone's password or PIN by observing him or her as he or she types it in.

Answer 452

A network monitoring system that uses a predefined set of rules provided by a software vendor or security personnel to identify events that are unacceptable.

Answer 453

Protocol for monitoring and managing network devices. SNMP works over UDP ports 161 and 162 by default.

Answer 454

An XML-based web services protocol that is used to exchange messages.

Answer 455

Personal authentication mechanism for Wi-Fi networks introduced with WPA3 to address vulnerabilities in the WPA-PSK method.

Answer 456

The amount that would be lost in a single occurrence of a particular risk factor.

Answer 457

A component or system that would cause a complete interruption of a service if it failed.

Answer 458

An authentication

Answer 459

A DoS attack mitigation strategy that directs the traffic that is flooding a target IP address to a different network for analysis.

Answer 460

A device similar to a credit card that can store authentication information, such as a user's private key, on an embedded microchip.

Answer 461

A utility meter that can submit readings to the supplier without user intervention.

Answer 462

A form of phishing that uses SMS text messages to trick a victim into revealing information.

Answer 463

Software utility designed for penetration testing reporting and evidence gathering that can also run automated test suites.

Answer 464

A computing method that uses the cloud to provide application services to users.

Answer 465

APIs and compatible hardware/virtual appliances allowing for programmable network appliances and systems.

Answer 466

APIs for reporting configuration and state data for automated monitoring and alerting.

Answer 467

Coding resources provided by a vendor to assist with development projects that use their platform or API.

Answer 468

A spam attack that is propagated through instant messaging rather than email.

Answer 469

A switching protocol that prevents network loops by dynamically disabling links as needed.

Answer 470

An email-based or web-based form of phishing which targets specific individuals.

Answer 471

VPN configuration where only traffic for the private network is routed via the VPN gateway.

Answer 472

Applying consistent names and labels to assets and digital resources/identities within a configuration management system.

Answer 473

Mechanism used to mitigate performance and privacy issues when requesting certificate status from an OCSP responder.

Answer 474

A type of threat actor that is supported by the resources of its host country's military and security services. Also known as nation state actor.

Answer 475

Field in a digital certificate allowing a host to be identified by multiple host names/subdomains.

Answer 476

A small chip card that identifies the user and phone number of a mobile device, via an International Mobile Subscriber Identity (ISMI).

Answer 477

A type of industrial control system that manages large-scale, multiple-site devices and equipment spread over geographically large areas.

Answer 478

In EAP architecture, the device requesting access to the network.

Answer 479

A two-way encryption scheme in which encryption and decryption are both performed by the same key. Also known as shared-key encryption.

Answer 480

A protocol enabling different appliances and software applications to transmit logs or event records to a central server.

Answer 481

A processor that integrates the platform functionality of multiple logical controllers onto a single chip.

Answer 482

Analysis of historical cyberattacks and adversary actions.

Answer 483

Linux utility for showing the last lines in a file.

Answer 484

Social engineering technique to gain access to a building by following someone who is unaware of their presence.

Answer 485

Tape media provides robust, high-speed, high-capacity backup storage. Tape drives and autoloader libraries can be connected to the SATA and SAS buses or accessed via a SAN.

Answer 486

A command-line packet sniffing utility.

Answer 487

A command-line utility that replays packets saved to a file back through a network adapter.

Answer 488

A category of security control that is implemented as a system (hardware, software, or firmware). Technical controls may also be described as logical controls.

Answer 489

A mechanism used in the first version of WPA to improve the security of wireless encryption mechanisms, compared to the flawed WEP standard.

Answer 490

An AAA protocol developed by Cisco that is often used to authenticate to administrator accounts for network appliance management.

Answer 491

A hardware device inserted into a cable to copy frames for analysis.

Answer 492

Using the cellular data plan of a mobile device to provide Internet access to a laptop or PC. The PC can be tethered to the mobile by USB, Bluetooth, or Wi-Fi (a mobile hotspot). Also known as hotspot.

Answer 493

a field is used to indicate a priority value for a layer 3 (IP) packet to facilitate Quality of Service (QoS) or Class of Service (CoS) scheduling.

Answer 494

Utility for gathering results from open source intelligence queries.

Answer 495

An access point that requires a wireless controller in order to function.

Answer 496

Vulnerabilities that arise from dependencies in business relationships with suppliers and customers.

Answer 497

The person or entity responsible for an event that has been identified as a security incident or as a risk.

Answer 498

Cybersecurity technique designed to detect presence of threats that have not been discovered by normal security monitoring.

Answer 499

Animated map showing threat sources in near real-time.

Answer 500

The potential vulnerability that occurs when there is a change between when an app checked a resource and when the app used the resource.

Answer 501

The potential vulnerability that occurs when there is a change between when an app checked a resource and when the app used the resource.

Answer 502

In forensics, identifying whether a time zone offset has been applied to a file's time stamp.

Answer 503

An improvement on HOTP that forces one-time passwords to expire after a short period of time.

Answer 504

In digital forensics, a tool that shows the sequence of file system events within a source image in a graphical format.

Answer 505

A physical or virtual item that contains authentication and/or authorization data, commonly used in multifactor authentication.

Answer 506

A deidentification method where a unique token is substituted for real data.

Answer 507

In cloud computing, a virtual router deployed to facilitate connections between VPC subnets and VPN gateways.

Answer 508

A security protocol that uses certificates for authentication and encryption to protect web communication.

Answer 509

The process of detecting patterns within a dataset over time, and using those patterns to make predictions about future events or better understand past events.

Answer 510

A malicious software program hidden within an innocuous-seeming piece of software. Usually, the Trojan is used to try to compromise the security of the target computer. Also known as Trojan.

Answer 511

A protocol for exchanging cyber threat intelligence between organizations.

Answer 512

A protocol for exchanging cyber threat intelligence between organizations.

Answer 513

A specification for hardware-based storage of digital certificates, keys, hashed passwords, and other user and platform identification information.

Answer 514

An attack—also called typosquatting—in which an attacker registers a domain name with a common misspelling of an existing domain, so that a user who misspells a URL they enter into a browser is taken to the attacker's website. Also known as URL hijacking.

Answer 515

Enterprise software for controlling device settings, apps, and corporate data storage on all types of fixed, mobile, and IoT computing devices.

Answer 516

All-in-one security appliances and agents that combine the functions of a firewall, malware scanner, intrusion detection, vulnerability scanner, data loss prevention, content filtering, and so on.

Answer 517

Hardware plug to prevent malicious data transfer when a device is plugged into a USB charging point.

Answer 518

A system that can provide automated identification of suspicious activity by user accounts and computer hosts.

Answer 519

Policies and procedures to identify vulnerabilities and ensure security of the supply chain.

Answer 520

The user desktop and software applications provisioned as an instance under VDI.

Answer 521

A virtualization implementation that separates the personal computing environment from a user's physical computer.

Answer 522

A logically separate network, created by using switching technology. Even though hosts on two VLANs may be physically connected to the same cabling, local traffic is isolated to each VLAN so they must use a router to communicate.

Answer 523

An attack where malware running in a VM is able to interact directly with the hypervisor or host kernel.

Answer 524

Configuration vulnerability where provisioning and deprovisioning of virtual assets is not properly authorized and monitored.

Answer 525

A private network segment made available to a single cloud consumer on a public cloud.

Answer 526

A secure tunnel created between two endpoints connected via an unsecure network (typically the Internet).

Answer 527

Code designed to infect computer files (or disks) when it is activated.

Answer 528

A human-based attack where the attacker extracts information while speaking over the phone or leveraging IPbased voice messaging services (VoIP).

Answer 529

Programming languages used to implement macros and scripting in Office document automation.

Answer 530

A weakness that could be triggered accidentally or exploited intentionally to cause a security breach.

Answer 531

An evaluation of a system's security and ability to meet compliance requirements based on the configuration state of the system, as represented by information collected from the system.

Answer 532

The practice of using a Wi-Fi sniffer to detect WLANs and then either making use of them (if they are open/unsecured) or trying to break into them (using WEP and WPA cracking tools).

Answer 533

A location that is dormant or performs noncritical functions under normal conditions, but which can be rapidly converted to a key operations site if needed.

Answer 534

An attack in which an attacker targets specific groups or organizations, discovers which websites they frequent, and injects malicious code into those sites.

Answer 535

"A firewall designed specifically to protect software running on web servers and their backend databases from code injection and DoS attacks"

Answer 536

An email-based or web-based form of phishing which targets senior executives or wealthy individuals.

Answer 537

Staff administering, evaluating, and supervising a penetration test or incident response exercise.

Answer 538

Standards for authenticating and encrypting access to Wi-Fi networks. Also known as WPA2, WPA3.

Answer 539

A feature of WPA and WPA2 that allows enrollment in a wireless network based on an 8-digit PIN.

Answer 540

Forensics tool for Windows that allows collection and inspection of binary code in disk and memory images.

Answer 541

A legacy mechanism for encrypting data sent over a wireless connection.

Answer 542

A vulnerability in software that is unpatched by the developer or an attack that exploits such a vulnerability.

Answer 543

A method of sanitizing a drive by setting all bits to zero.

Answer 544

Low-power wireless communications open source protocol used primarily for home automation. ZigBee uses radio frequencies in the 2.4 GHz band and a mesh topology.

Answer 545

Low-power wireless communications protocol used primarily for home automation. Z-Wave uses radio frequencies in the high 800 to low 900 MHz and a mesh topology

Answer 546

Information about sessions between hosts that is gathered by a stateful firewall.

Answer 547

A technique used in firewalls to analyze packets down to the application layer rather than filtering packets only by header information, enabling the firewall to enforce tighter and more security.

Answer 548

Audit specifications designed to ensure that cloud/hosting providers meet professional standards. A SOC2 Type II report is created for a restricted audience, while SOC3 reports are provided for general consumption.

Answer 549

A technique for obscuring the presence of a message, often by embedding information within a file or other entity.

Answer 550

One of a set of precompiled database statements that can be used to validate input to a database.

Answer 551

A type of symmetric encryption that combines a stream of plaintext bits or bytes with a pseudorandom stream initialized by a secret key.

Answer 552

A software testing method that evaluates how software performs under extreme load.

Answer 553

A mechanism to account for unexpected error conditions that might arise during code execution. Effective error handling reduces the chances that a program could be exploited. 1

Answer 554

An attack that injects a database query into the input data directed at a server by accessing the client side of the application.

Answer 555

A framework for analyzing cybersecurity incidents.

Brainscape Glossarry Flashcards

(579 cards)