Chapter 7 Security Key Terms

Question 1

mantrap

Answer 1

An area with two locking doors.

Question 2

Radio-frequency identification (RFID) technology

Answer 2

a technology that consists of an RFID tag that can broadcast information about an item, as well as an RFID reader to accept the broadcast information and deliver it to a computer system for use

Question 3

smart card

Answer 3

A credit card–sized card that contains stored information and might also contain a simple microprocessor or an RFID chip

Question 4

biometric security

Answer 4

The use of a person’s biological information, such as fingerprints, retina scans, or facial recognition, to authenticate a potential user of a secure area.

Question 5

token

Answer 5

A device, also known as a security token, that owners carry to authorize access.

Question 6

cable lock

Answer 6

A lock that uses a multistranded security cable to help prevent the theft
of a computer or another technology device. Sometimes called a Kensington lock. A lock that uses a multistranded security cable to help prevent the theft of a computer or another technology device. Sometimes called a Kensington lock.

Question 7

USB lock

Answer 7

A lock used to secure USB cables into a computer and to securely plug empty USB ports.

Question 8

privacy screen

Answer 8

A screen placed over a monitor to limit visibility for people standing nearby

Question 9

key fob

Answer 9

A type of security token that generates access codes for authentication

Question 10

entry control roster

Answer 10

A list of individuals or representatives who are authorized to enter a secured area that can be used with a variety of security systems.

Question 11

Active Directory Service

Answer 11

A Microsoft solution for managing users, computers,

and information access in a network.

Question 12

login script

Answer 12

A script that Active Directory runs to make assigned resources available to a user who logs on to a network.

Question 13

domain

Answer 13

A computer network or group of computer networks under the same
administration

Question 14

Group Policy

Answer 14

A set of rules and instructions defining what a user or group of users
can or cannot do when logged into a domain.

Question 15

Organizational Unit (OU)

Answer 15

A logical group that can be used to organize users and

computers so that Group Policy Objects (GPOs) can be assigned to them

Question 16

home folder

Answer 16

A file in which a user’s data and files are kept locally but are accessible to the network administrator.

Question 17

folder redirection

Answer 17

A process that allows for the work done by an Organizational Unit (OU) to be saved on a common folder in the domain, as directed by the administrator instead of the user.

Question 18

software token

Answer 18

Software security information used for authentication; generally
stored on a device. Can be generated by an app such as Google Authenticator.

Question 19

mobile device management (MDM)

Answer 19

A way to manage the mobile devices within
an enterprise. For example, can ensure that all mobile users on the network have
updated security files

Question 20

MAC address

Answer 20

Sometimes known as a physical address, a unique identification address for any device that has a network adapter and that consists of six two-digit hexadecimal numbers. For example, a typical PC MAC address is
FA-15-B7-89-6C-24.

Question 21

whitelisting

Answer 21

The practice of providing network access to only certain devices.

Question 22

MAC address filtering

Answer 22

A method of securing networks by allowing only devices with known MAC addresses into the network.

Question 23

MAC address cloning

Answer 23

The process of using software to change the MAC address of a network device.

Question 24

certificate

Answer 24

A means of identifying a software publisher to ensure that it is
legitimate

Question 25

antivirus/anti-malware software

Answer 25

Software designed to thwart virus and malware | attacks

Question 26

firewall

Answer 26

A hardware appliance or software application that protects a computer from unwanted intrusion

Question 27

two-way firewall

Answer 27

A firewall that can be used to protect against both inbound and outbound unauthorized traffic and threats.

Question 28

authentication

Answer 28

The process of verifying user identity

Question 29

multifactor authentication

Answer 29

A security system that uses two or more authentication methods and is far more secure than single-factor authentication. An example of this would be a person using a digital code from a fob and typing a username and password to gain access to a system.

Question 30

directory permissions

Answer 30

A term used in macOS and Linux for the access levels a user has to a directory (folder) and individual files

Question 31

file and folder permissions

Answer 31

A term used in Windows systems for configuring a | user’s access levels to a directory (folder) and individual files

Question 32

virtual private network (VPN)

Answer 32

A private and secure network connection that is | carried by an insecure public network, such as the Internet.

Question 33

data loss/leakage prevention (DLP)

Answer 33

The process of preventing confidential information from being viewed or stolen by unauthorized parties.

Question 34

access control list

Answer 34

A list of permissions or restriction rules for access to an object such as a file or folder

Question 35

email filtering

Answer 35

A method used to organize email into folders automatically. From a security standpoint, the most important function is the blocking of spam and potentially dangerous messages.

Question 36

principle of least privilege

Answer 36

A security method whereby a user should have access | only to what is required to do his or her job and no more.

Question 37

Wired Equivalent Privacy (WEP)

Answer 37

the oldest and weakest WiFi encryption standard. With WEP, all network devices must use the same WEP key and encryption strength.

Question 38

WiFi Protected Access (WPA)

Answer 38

A security standard for WiFi networks that replaced WEP.

Question 39

Temporal Key Integrity Protocol (TKIP)

Answer 39

A security protocol used in the WPA wireless networking standard.

Question 40

Advanced Encryption Standard (AES)

Answer 40

A protocol that is similar to TKIP but more secure and that is used with the WPA2 wireless encryption standard.

Question 41

single-factor authentication

Answer 41

Basic username and password access to a computer or network.

Question 42

multifactor authentication

Answer 42

A security system that uses two or more authentication methods and is far more secure than single-factor authentication. An example of this would be a person using a digital code from a fob and typing a username and password to gain access to a system.

Question 43

Remote Authentication Dial-In User Service (RADIUS)

Answer 43

Software and a protocol that allows remote authentication via a central server.

Question 44

Terminal Access Controller Access Control System (TACACS)

Answer 44

An authentication protocol that allows a remote access server to verify a user by communicating with an authentication server.

Question 45

ransomware

Answer 45

A virus that takes over a computer or network until a ransom is paid

Question 46

Trojan

Answer 46

A malware program disguised as a “gift” (such as a popular video or website link) in order to trick the user into downloading the virus

Question 47

keylogger

Answer 47

A hardware device or a software program (often a virus) that can track keystrokes and can capture usernames and passwords of unwitting users

Question 48

rootkit

Answer 48

A set of hacking tools that finds its way deep into a computer’s operating system or applications and sets up shop to take over the computer

Question 49

virus

Answer 49

A generic term for any malicious software that can spread to other computers and cause trouble

Question 50

botnet

Answer 50

A network of computers infected by a hacker virus that uses the infected machines to work together to cause trouble, such as sending denial of service attacks or spreading spam

Question 51

worm

Answer 51

A type of virus that is able to self-replicate on computers and push itself out to other computers.

Question 52

spyware

Answer 52

Software that spies on system activities and transmits details of web searches or other activities to remote computers.

Question 53

Recovery Console

Answer 53

A Windows tool that allows a user to reset a PC or boot from a recovery disk

Question 54

acceptable use policy (AUP)

Answer 54

A company’s policy for employees pertaining to user safety, security procedures, and computer best practices within a company. The policy is designed to keep the network safe.

Question 55

Domain Name Service (DNS)

Answer 55

a service that translates domain names into IP | addresses. DNS uses port 53

Question 56

social engineering

Answer 56

A type of attack in which hackers trick users into providing passwords or other sensitive information.

Question 57

phishing

Answer 57

The process of creating bogus websites or sending fraudulent emails in an attempt to trick users into providing personal, bank, or credit card information

Question 58

spear phishing

Answer 58

The process of sending spoof messages that appear to come from an internal source requesting confidential information, such as payroll or tax information

Question 59

impersonation

Answer 59

A type of social engineering similar to phishing in which a hacker sends an email pretending to be someone the victim trusts.

Question 60

shoulder surfing

Answer 60

Attempting to view physical documents on a user’s desk or electronic documents displayed on a monitor by looking over the user’s shoulder

Question 61

tailgating

Answer 61

A process in which an unauthorized person attempts to accompany an authorized person into a secure area by following closely and grabbing the door before it shuts

Question 62

dumpster diving

Answer 62

The process of going through the trash, seeking information about a network or a person with access to the network.

Question 63

denial of service (DoS)

Answer 63

the perpetrator uses one or computer to disrupt the target computer’s access to the Internet

Question 64

distributed denial of service (DDoS)

Answer 64

the perpetrator uses multiple computers to disrupt the target computer’s access to the Internet

Question 65

zero day

Answer 65

A cyber threat described as the time between when a software vulnerability is discovered and when a patch is issued by the developers. Hackers may exploit this window

Question 66

man-in-the-middle (MiTM)

Answer 66

An attack in which the attacker intercepts a connection while fooling the endpoints into thinking they are communicating directly with each other.

Question 67

brute force attack

Answer 67

A method of cracking passwords by calculating and using every possible combination of characters until the correct password is discovered

Question 68

dictionary attack

Answer 68

An attempt to crack passwords by trying all the words in a list, such as a dictionary. A simple list might include commonly used passwords such as 12345678 and password

Question 69

rainbow table

Answer 69

A table that is used in an attack in much the same manner as a brute-force attack but that is more mathematically sophisticated and takes less time

Question 70

spoofing

Answer 70

A general term for malware attacks that purport to come from a trustworthy source.

Question 71

noncompliant systems

Answer 71

Systems that are tagged by a configuration manager application (for example, Microsoft’s System Center Configuration Manager) for not having the most up-to-date security patches installed.

Question 72

zombie

Answer 72

A computer on the Internet that has been taken over by a hostile program so it can be used for malware distribution or distributed denial of service (DDoS) or other attacks without notification to the normal users of the computer.

Question 73

access control

Answer 73

The process of restricting the level of access to files or folders on an individual user basis.

Question 74

New Technology File System (NTFS)

Answer 74

the native secure file | system of Windows 7/8/8.1/10

Question 75

file attributes

Answer 75

Data used in Windows to indicate how files can be treated. Can be used to specify which files should be backed up, which should be hidden from the normal GUI or command line file listings, whether a file is compressed or encrypted, and for other functions, depending upon the operating system.

Question 76

local shares

Answer 76

Files or folders shared locally in Windows.

Question 77

administrative shares

Answer 77

Files or folders shared across networks in Windows

Question 78

system files and folders

Answer 78

Files and folders with the system(s) attribute that are | normally not displayed in File Explorer to help protect them from deletion.

Question 79

Single Sign-on (SSO)

Answer 79

The use of a single password to authenticate to multiple apps in an organization requiring authentication

Question 80

BitLocker

Answer 80

Full disk encryption software by Microsoft that can encrypt the entire disk, which, after completed, is transparent to the user

Question 81

Trusted Platform Module (TPM)

Answer 81

A chip used by Windows editions that support the BitLocker full-disk encryption feature to protect the contents of any specified drive (Windows 7/8/8.1/10).

Question 82

BitLocker To Go

Answer 82

BitLocker functionality extended to removable drives.

Question 83

Encrypting File System (EFS)

Answer 83

A feature used to protect sensitive data files and | temporary files through encryption that can be applied to individual files or folders.

Question 84

passcode locking

Answer 84

The process of setting a passcode that opens a locked screen.

Question 85

remote wipe

Answer 85

A program that can be initiated from a desktop computer to delete all the contents of a remote mobile device that has been lost or stolen

Question 86

locator application

Answer 86

An application/service such as Android Device Manager, Lookout for iOS or Android, or Find My iPhone, that a user can use track down a lost device.

Question 87

remote backup application

Answer 87

An application, often provided as a service, that backs up data to a remote site (often the cloud) to provide duplication away from the network servers.

Question 88

patching/OS updates

Answer 88

Updates that protect mobile devices from the latest vulnerabilities and threats. By default, the user is notified automatically about available updates on Android and iOS-based devices.

Question 89

biometric authentication

Answer 89

The use of physical biological identification, usually fingerprints, retina, or facial recognition, as part of the authentication process.

Question 90

full device encryption

Answer 90

The process of encrypting an entire device, as opposed to encrypting a file on a device

Question 91

authenticator application

Answer 91

An application used to receive or generate authentication codes for one or more apps or services.

Question 92

bring your own device (BYOD)

Answer 92

A policy that allows users to join the local network using their personal devices.

Question 93

overwrite

Answer 93

A disk maintenance program that includes options to overwrite a hard disk’s or solid-state drives (SSD’s) data area with zeros.

Question 94

drive wipe

Answer 94

The process of ensuring the complete destruction of retrievable data on a storage device, which is overwritten with a program that meets or exceeds recognized data-destruction standards

Question 95

service set identifier (SSID)

Answer 95

The advertised name of a local network that is broadcast to potential users in range and enables users to find and join the local (usually wireless) network.

Question 96

Default service set identifier (SSID)

Answer 96

the SSID on the router when shipped to customers. Best security practices include changing the default SSID and password

Question 97

Network Address Translation (NAT)

Answer 97

the process of modifying IP addresses as information crosses a router.

Question 98

port forwarding

Answer 98

A method of allowing inbound traffic on a particular TCP or UDP port or range to go to a particular IP address rather than to all devices on a network. Used to forward external visitors through the router to a specific computer. Instead of opening up the entire LAN, port forwarding directs particular traffic where you want it to go