Domain 7.1: Security Operations Flashcards

Question

# Define: Mobile Code

Answer 1

Software capable of transferring between systems and executing tasks, requiring security measures against misuse. ## Footnote Programs, scripts, or part of software that can be transferred across networks and executed on a remote system to perform tasks or functions. While this offers flexibility and facilitates data sharing and task automation, it can also pose risks as it could potentially be used maliciously, transferring harmful code or unauthorized data between systems. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Mobile_code).*

Answer 2

A deployable facility ensuring business continuity by restoring operations after a disaster. ## Footnote A mobile site in disaster recovery refers to a fully equipped and readily transportable facility that organizations can deploy swiftly to resume critical operations after a primary site has been compromised by a disaster. These mobile units generally include essential IT infrastructure, communication systems, and even office amenities. The use of mobile sites is an integral part of a comprehensive disaster recovery strategy, ensuring business continuity and minimal operational downtime. *For more information, view this lecture on [Disaster Recovery sites.](https://courses.thorteaches.com/courses/take/cissp/lessons/19180523-disaster-recovery-sites). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/IT_disaster_recovery).*

Answer 3

The change between different operating states or security levels, vital for managing system security. ## Footnote In cybersecurity, mode transition refers to the change from one operating state or security level to another within a system or application. It is a critical event that should be securely managed to prevent exploitation by attackers or the introduction of vulnerabilities. For example, a database system might transition from a normal operation mode to a maintenance mode, which may require different access controls or security protocols.

Answer 4

A dedicated storage device providing file-level storage accessible over a network, enhancing data sharing and backup. ## Footnote A type of dedicated file storage technology that provides local area network nodes with file-based shared storage through a standard Ethernet connection. It allows more hard disk storage space to be added to a network that already exists. Because the stored data is not located on any of the network's client devices but, instead, on the NAS system, it can be accessed and shared in a flexible and efficient way. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Network-attached_storage).*

Answer 5

Security systems monitoring network traffic for threats, with NIPS capable of preventing detected attacks. ## Footnote Network-Based Intrusion Detection Systems (NIDS) are security solutions that monitor network traffic to detect suspicious activity and potential security breaches. Upon detection, NIDS generates alerts for further investigation. Network-based intrusion Prevention Systems (NIPS) go a step further by actively blocking or mitigating the detected threats in real time, often integrating with the network's firewall to prevent the spread of attacks. *For more information, view this lecture on [Intrusion detection and prevention systems](https://courses.thorteaches.com/courses/take/cissp/lessons/19180266-intrusion-detection-and-prevention-systems). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Intrusion_detection_system#Network-based_intrusion_detection_system).*

Answer 6

NGAV goes beyond traditional signature-based detection, using AI, behavioral analysis, and cloud intelligence to identify and block unknown or sophisticated threats in real time. ## Footnote Traditional antivirus tools rely heavily on signature databases that may fail against polymorphic or emerging malware strains. NGAV correlates multiple data points—like file hashes, processes, and system calls—to spot malicious patterns faster. Some NGAV solutions integrate with EDR or XDR for deeper forensics and automated remediation. This proactive approach helps reduce false negatives, increases agility against zero-day exploits, and improves overall endpoint protection efficacy.

Answer 7

Evaluating the impact and details of security incidents to inform response strategies and decision-making. ## Footnote Analysis is a crucial stage in the National Institute of Standards and Technology (NIST) Forensic Process. This phase involves the in-depth evaluation and interpretation of the data that has been examined to arrive at useful insights. It seeks to answer the who, what, where, when, why, and how of an incident by identifying patterns, connections, and contradictions in the evidence. *For more information, visit this [Wikipedia page](https://csrc.nist.gov/pubs/sp/800/86/final).*

Answer 8

Systematically gathering digital evidence while maintaining its integrity for use in legal proceedings. ## Footnote Collection is a key stage in the NIST Forensic Process, which involves gathering relevant digital evidence from various sources, like hard drives, network logs, system memory, etc. This stage must be done in a systematic, careful, and legally acceptable manner to ensure the integrity and admissibility of the evidence in potential legal proceedings. This may include creating exact copies of hard drives or other storage media (imaging), logging network traffic, or systematically documenting the physical scene of an incident. *For more information, visit this [Wikipedia page](https://csrc.nist.gov/pubs/sp/800/86/final).*

Answer 9

Reviewing collected digital evidence to extract relevant information without altering it. ## Footnote Examination in the NIST Forensic Process is the systematic review of digital evidence using both automated and manual methods. The goal of this phase is to extract and identify relevant information from the collected data without altering the evidence. This process can involve the use of specialized software and may include activities like searching for specific keywords, recovering deleted files, examining file metadata, and looking for patterns or anomalies in the data. *For more information, visit this [Wikipedia page](https://csrc.nist.gov/pubs/sp/800/86/final).*

Answer 10

Documenting the findings from the analysis phase in a detailed and accessible report. ## Footnote Reporting is the final phase in the NIST Forensic Process, where the findings from the analysis stage are documented in a clear, comprehensive, and accessible manner. This report is expected to present the evidence, methodology, and conclusions in a way that can be understood by both technical and non-technical audiences, such as legal professionals or organizational stakeholders. The report's purpose is to provide an overview of the incident, the investigative actions taken, and the outcomes of those actions, typically leading to an understanding of what occurred and any possible remediation or follow-up actions. *For more information, visit this [Wikipedia page](https://csrc.nist.gov/pubs/sp/800/86/final).*

Answer 11

Best practices for computer security incident handling, including preparation and user response. ## Footnote NIST Special Publication 800-61 offers best practices for computer security incident handling, including preparation, detection, analysis, containment, recovery, and user response. It is designed to assist organizations in establishing effective incident response capabilities to promptly handle various types of cybersecurity incidents. *For more information, visit this [Wikipedia page](https://csrc.nist.gov/pubs/sp/800/61/r3/final).*

Answer 12

Guidelines for intrusion detection and prevention systems, detailing their implementation and management. ## Footnote A guideline on intrusion detection and prevention systems (IDPS), providing a detailed explanation of these technologies along with recommendations for their planning, implementation, configuration, securing, monitoring, and maintenance. It aids organizations in comprehending the characteristics of IDPS technologies and offers a comprehensive approach to integrating them effectively into an overall security architecture to enhance the protection of information systems. *For more information, visit this [Wikipedia page](https://csrc.nist.gov/pubs/sp/800/94/final).*

Answer 13

A Network Operations Center (NOC) is a centralized facility where IT professionals monitor and manage an organization’s network performance, availability, and security in real time. ## Footnote NOC staff track system health, troubleshoot connectivity issues, and coordinate incident responses, often relying on dashboards, alerts, and analytics tools. They ensure high uptime by proactively addressing outages or bottlenecks. Collaboration with security teams is crucial to mitigate threats promptly. With 24/7 coverage, a well-managed NOC fosters reliable, efficient network operations, critical to modern business continuity. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Network_operations_center).*

Answer 14

A contract preventing individuals from competing with an entity after employment ends. ## Footnote A legal contract between an individual and an entity (usually between an employee and their employer) that restricts the individual from entering into competition against the entity during and after the employment period. This often includes limitations on working for competitors, starting a similar business, or sharing proprietary and sensitive information that could compromise the competitive advantage of the initial entity. *For more information, view this lecture on [Administrative personnel controls](https://courses.thorteaches.com/courses/take/cissp/lessons/19180180-administrative-personnel-controls). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Non-compete_clause).*

Answer 15

An agreement that binds parties to keep sensitive information secret. ## Footnote An agreement that legally binds parties to secrecy, ensuring that sensitive information is not disclosed to unauthorized individuals. Non-disclosure agreements (NDAs) safeguard proprietary information, trade secrets, and other confidential data, critical in business negotiations and partnerships. *For more information, view this lecture on [Administrative personnel controls](https://courses.thorteaches.com/courses/take/cissp/lessons/19180180-administrative-personnel-controls). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Non-disclosure_agreement).*

Answer 16

A contract that outlines confidential material to be shared between parties but restricted from third parties. ## Footnote A legal contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share with one another for certain purposes but wish to restrict access from third parties. It's a legal way to protect sensitive information, preventing the revelation of insider information. *For more information, view this lecture on [Administrative personnel controls](https://courses.thorteaches.com/courses/take/cissp/lessons/19180180-administrative-personnel-controls). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Non-disclosure_agreement).*

Answer 17

A contract where both parties agree to keep shared confidential information secret. ## Footnote A legally binding contract in which both parties (the disclosing party and the receiving party) agree to keep certain confidential information shared between them secret. It is typically used when two parties are considering entering into a business relationship and want to protect their proprietary information. For example, if Company A and Company B are considering entering into a joint venture, they may both sign a bilateral NDA to protect the confidential information they share during the negotiations. *For more information, view this lecture on [Administrative personnel controls](https://courses.thorteaches.com/courses/take/cissp/lessons/19180180-administrative-personnel-controls). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Non-disclosure_agreement).*

Answer 18

A contract where multiple parties agree to share confidential information with another for evaluating potential business. ## Footnote A legally binding contract in which multiple parties (the disclosing parties) agree to share certain confidential information with another party (the receiving party), but only for the purpose of evaluating a potential business relationship. It is similar to a unilateral NDA but involves multiple disclosing parties. For example, if Company A, Company B, and Company C are all considering entering into a joint venture, they may all sign a multilateral NDA to protect the confidential information they share during the negotiations. *For more information, view this lecture on [Administrative personnel controls](https://courses.thorteaches.com/courses/take/cissp/lessons/19180180-administrative-personnel-controls). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Non-disclosure_agreement).*

Answer 19

A contract where one party shares confidential information with another for evaluating potential business. ## Footnote A legally binding contract in which one party (the disclosing party) agrees to share certain confidential information with another party (the receiving party), but only for the purpose of evaluating a potential business relationship. It is typically used in the context of business negotiations, such as when a company is considering purchasing another company or entering into a joint venture. For example, if Company A is considering purchasing Company B, it may require Company B to sign a unilateral NDA before Company A shares any of its proprietary information with Company B. *For more information, view this lecture on [Administrative personnel controls](https://courses.thorteaches.com/courses/take/cissp/lessons/19180180-administrative-personnel-controls). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Non-disclosure_agreement).*

Answer 20

Data stored on a local device for use without an internet connection. ## Footnote Data that is stored on a local device rather than on a network or cloud-based system. It is used to access and edit files without an internet connection and to improve performance and reliability. Examples include storing documents on a laptop or desktop computer or using an offline database for a mobile application.

Answer 21

Storing assets at a location separate from the main facility for added security. ## Footnote The practice of storing data or physical assets at a location that is separate from the main facility or office. It is used to protect against disasters, such as fires or floods, and to provide additional security for sensitive information. Examples include using a remote server for data backup or storing physical documents in a secure storage facility. *For more information, view this lecture on [Backups](https://courses.thorteaches.com/courses/take/cissp/lessons/19180401-backups).*

Answer 22

The practice of collecting and analyzing publicly available information for intelligence purposes. ## Footnote The practice of gathering, analyzing, and disseminating information from publicly available sources. It is used by law enforcement, intelligence agencies, and businesses to gather information about potential threats or targets. Examples include social media monitoring, web scraping, and public records research. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Open-source_intelligence).*

Answer 23

Activities ensuring the functionality and sustainability of an organization's IT systems. ## Footnote The ongoing processes and activities required to manage and sustain the functionality of an organization's IT systems. O&M includes routine updates, technical support, system repairs, and the continuous improvement of operational workflows and IT infrastructure.

Answer 24

A process identifying and protecting sensitive information to prevent unauthorized disclosure. ## Footnote A systematic process for identifying, controlling, and protecting sensitive information in an organization's operations. It is used to prevent unauthorized disclosure of information that could be exploited by adversaries. Examples of OPSEC measures include encrypting communications and restricting access to sensitive data. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Operations_security).*

Answer 25

A user interface for system monitoring and management, providing real-time operational oversight. ## Footnote A terminal or interface from which operators can monitor and manage the state of a system, network, or process. The console provides a comprehensive view of the operation, typically in real-time, and often includes tools for troubleshooting, management, and configuration of components within the system. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Computer_console).*

Answer 26

Technology converting physical documents into digital, editable text, streamlining data management. ## Footnote A technology that enables the conversion of different types of documents, such as scanned paper documents, PDF files, or images captured by a digital camera, into editable and searchable data. This is commonly used in digital archiving, where physical documents are converted into digital formats for easier data retrieval and management. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Optical_character_recognition).*

Answer 27

A device digitizing images or text into electronic format, enabling electronic editing and storage. ## Footnote A device that converts images, printed text, handwriting, or an object into a digital image. It's widely used to digitize physical photographs and documents so they can be edited, stored, and shared electronically. Its usage plays a crucial role in maintaining digital records and reducing paper clutter. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Image_scanner).*

Answer 28

An intrusion response strategy that diverts attackers to a monitored, isolated environment to prevent harm to the real system. ## Footnote A containment strategy used in intrusion detection where a suspected intruder is redirected into a decoy system known as a "honeypot." This separate environment is carefully monitored and designed to seem like a real system to keep the intruder engaged while protecting the actual system from harm. It helps in studying the actions and methods of the intruder, providing valuable insights for enhancing system security.

Answer 29

A method used to detect errors in data transmission or storage by adding a parity bit to each byte. ## Footnote The technique used in error detection when data is transmitted over computer networks or stored within it. Parity involves adding an extra bit (parity bit) to each byte of data, which is set to either 0 or 1 depending on the type of parity used (even or odd). This allows the detection of single-bit errors, contributing to the integrity of data. *For more information, view this lecture on [RAID (Redundant Array of Independent Disks)](https://courses.thorteaches.com/courses/take/cissp/lessons/19180405-raid-redundant-array-of-independent-disks). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Parity_bit).*

Answer 30

A data verification process using a parity bit to check the accuracy of digital data transmissions. ## Footnote The process of verifying the accuracy of data based on the parity bit. When data is received or retrieved, the number of set bits is counted and compared with the expected value based on the parity bit. If the counts match, it's assumed that the data is error-free; if not, it indicates that a data error has occurred during transmission or storage. *For more information, view this lecture on [RAID (Redundant Array of Independent Disks)](https://courses.thorteaches.com/courses/take/cissp/lessons/19180405-raid-redundant-array-of-independent-disks). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Parity_bit).*

Answer 31

A file that is divided and stored in multiple locations, allowing for optimized storage and performance. ## Footnote The concept of a partitioned file is more accurately described as a file that is stored in segments across different locations or storage media, which may be done for reasons such as optimizing storage use or improving data retrieval performance. In practice, file systems manage data storage at the disk level rather than partitioning individual files. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Partition_(computing)).*

Answer 32

A cybersecurity threat where an attacker monitors and potentially captures data without altering or affecting the system's operation. ## Footnote A type of network attack where the attacker intercepts and reads information transmitted over a network without altering the data or affecting the system's operation. The intent is usually to gather information, often confidential, without detection. Examples include eavesdropping, traffic analysis, and sniffing, where the attacker's main goal is to obtain unauthorized access to the data. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Passive_attack).*

Answer 33

Monitoring a system for suspicious activities without active interaction, used for threat detection. ## Footnote A method of identifying security threats and vulnerabilities by monitoring the system for suspicious activity without actively interacting with it or altering its data. It is used to detect potential attacks and prevent them from causing damage. Examples include intrusion detection systems and network security monitoring.

Answer 34

A security strategy that involves recording threats and possibly alerting but not taking active measures to stop them. ## Footnote A method of dealing with potential threats by logging them and possibly issuing alerts but not taking direct action to interrupt or mitigate the threat. These responses are often employed when the cost or potential disruption of active response exceeds the perceived risk of the threat. The goal is to gather information about the threat for later analysis and possible action.

Answer 35

Software updates addressing security vulnerabilities or adding functionality to systems and applications. ## Footnote A small piece of software designed to fix a specific problem or vulnerability in a system or application. Used to improve security and stability of computer systems. Examples -a security patch for a web browser to fix a known vulnerability, a patch for an operating system to fix a bug causing crashes, and a patch for a software program to add new features or improve performance. *For more information, view this lecture on [Patch Management](https://courses.thorteaches.com/courses/take/cissp/lessons/19180338-patch-management). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Patch_(computing)).*

Answer 36

The process of tracking, testing, and applying software updates to address vulnerabilities and improve security. ## Footnote The process of identifying, testing, and deploying patches in a controlled and timely manner. Used to maintain the security and reliability of computer systems. Examples -creating a patch schedule and plan for a network of servers, testing patches in a sandbox environment before deployment, and using automated tools to distribute and apply patches to multiple systems. *For more information, view this lecture on [Patch Management](https://courses.thorteaches.com/courses/take/cissp/lessons/19180338-patch-management). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Patch_(computing)).*

Answer 37

Ensuring the safety and well-being of individuals during business continuity and disaster recovery events. ## Footnote The measures and strategies put in place to ensure the safety and well-being of individuals during and after a disaster or disruption. This concept is used in various industries, including healthcare, government, and critical infrastructure, to prevent loss of life and minimize damage to property and the environment. Examples include emergency evacuation plans, emergency response protocols, and crisis management plans. *For more information, view this lecture on [Personnel Safety](https://courses.thorteaches.com/courses/take/cissp/lessons/19149922-personnel-safety). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/People_safety_in_BC/DR).*

Answer 38

The boundary of a network or system that serves as a line of defense against external threats. ## Footnote The outer boundary of a network or system, defining the area of protection and control. It is used in cyber security to refer to the edge of a network, where security measures are in place to prevent unauthorized access. Examples include firewalls and intrusion detection systems. *For more information, view this lecture on [Physical Security- Part 5](https://courses.thorteaches.com/courses/take/cissp/lessons/19149815-physical-security-part-5). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Perimeter_security).*

Answer 39

Having multiple individuals with the ability to perform the same role or task to ensure business continuity. ## Footnote The practice of having multiple employees with overlapping skills and responsibilities in order to ensure that essential functions can be carried out in the event of an employee absence, injury, or other disruption. This concept is used in various industries, including healthcare, transportation, and public safety, to maintain continuity of operations and avoid critical failures. Examples include cross-training, shift coverage, and job sharing. *For more information, view this lecture on [Personnel](https://courses.thorteaches.com/courses/take/cissp/lessons/19180447-personnel). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Personnel_redundancy).*

Answer 40

A cyber-attack that directs users to fraudulent websites to collect their personal information or credentials. ## Footnote A type of cyber-attack where a user is redirected to a fake or malicious website without their knowledge, often through the use of malware or DNS poisoning. It is used in cyber security to refer to the act of redirecting internet traffic to a fraudulent website. Examples include fake banking websites and malicious download links. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Pharming).*

Answer 41

The structured steps in business continuity planning, from impact analysis to maintenance. ## Footnote Business Continuity Planning (BCP) involves several structured phases to ensure an organization can continue operations during and after a significant disruption. The key phases include Business Impact Analysis (BIA), which evaluates the potential effects of disruptions; Risk Assessment to identify threats and vulnerabilities; Strategy Development for maintaining critical functions; Plan Development, which documents the BCP; Training and Testing to prepare personnel and validate the plan; and maintenance to keep the BCP up to date. *For more information, view this lecture on [Developing Our BCP and DRP](https://courses.thorteaches.com/courses/take/cissp/lessons/19180471-developing-our-bcp-and-drp). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Business_continuity_planning).*

Answer 42

A function preventing unwanted pop-up windows, protecting users from intrusive or malicious content. ## Footnote A function or program that prevents pop-up windows from appearing on a website or application without user permission. Pop-up windows can be intrusive, distracting, and potentially harmful if they contain malicious content or lead to unsafe websites. By using a pop-up blocker, users can browse with less interruption, enhance their online experience, and potentially increase their protection against certain web-based threats. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Pop-up_ad#Pop-up_blockers).*

Answer 43

An analysis after a project or incident completion to evaluate performance and derive lessons learned. ## Footnote A postmortem review is a detailed analysis conducted after a project or incident's completion to assess what went well, what didn't, and why. In cybersecurity, a postmortem could follow a security breach to understand the event's chronology and the effectiveness of the response and to derive lessons that can improve future security posture. *For more information, view this lecture on [After a Disruption](https://courses.thorteaches.com/courses/take/cissp/lessons/19182004-after-a-disruption). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Postmortem_documentation).*

Answer 44

Multiple power sources ensuring continuous operations for critical systems during outages. ## Footnote The use of multiple power sources, backup generators, and other measures to ensure that critical systems and equipment can continue to operate in the event of a power outage or other disruption. This concept is used in various industries, including data centers, hospitals, and telecommunications, to prevent downtime and maintain service availability. Examples include uninterruptible power supply (UPS) systems, dual-power feeds, and on-site generation. *For more information, view this lecture on [Redundancy](https://courses.thorteaches.com/courses/take/cissp/lessons/19180421-redundancy). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Redundancy_(engineering)#Power_redundancy).*

Answer 45

The primary operational location of an organization, crucial in disaster recovery for continuity of services. ## Footnote The main location where an organization's data and operations are based. It is typically used in disaster recovery plans to provide backup and continuity of services in case of a disaster at the primary location. Examples of primary sites include a company's headquarters or a government agency's main office. *For more information, view this lecture on [Disaster Recovery Sites](https://courses.thorteaches.com/courses/take/cissp/lessons/19180523-disaster-recovery-sites). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Backup_site).*

Answer 46

A feature allowing users to exchange messages privately on digital platforms. ## Footnote Private messaging, often abbreviated as PM, is a feature that allows users to send messages to one another in a non-public manner on various digital platforms. It is used to ensure the privacy and confidentiality of the conversation between the participants. Examples include direct messages on social media platforms like Instagram, private chats in messaging applications like WhatsApp, and secure messaging services like Signal. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Private_message).*

Answer 47

A production environment is the live, operational setting where end-users interact with final software or services, requiring stability, performance, and stringent security measures. ## Footnote This environment hosts real user data and critical systems, making downtime or breaches potentially devastating. Strict change-control processes, continuous monitoring, and well-defined rollback plans reduce deployment risks. Pre-release testing in staging or QA environments helps identify bugs before going live. Maintaining robust infrastructure, access controls, and incident response in production is essential to minimize outages and protect organizational reputation. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Deployment_environment#Production).*

Answer 48

The isolation of infected or suspicious files and systems to prevent spread. ## Footnote Quarantine is the process of segregating potentially compromised or infected files, devices, or network segments to prevent the propagation of malware and contain security breaches. By isolating the threat, security teams have the opportunity to analyze and remediate the issue without further endangering the broader environment. This practice is critical in halting incidents and preserving overall system integrity during cybersecurity events. *For more information, view this lecture on [Risk- Attackers and Types of Attacks Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/18588146-risk-attackers-and-types-of-attacks-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Quarantine_(computing)).*

Answer 49

A storage method that improves performance by spreading data across multiple disks without redundancy. ## Footnote A RAID (Redundant Array of Independent Disks) configuration that improves system performance by spreading data across multiple disks (striping). It offers no redundancy and does not protect against data loss; if one disk fails, all data on the array is lost. RAID 0 is best suited for situations where speed is more critical than data reliability. *For more information, view this lecture on [RAID (Redundant Array of Independent Disks)](https://courses.thorteaches.com/courses/take/cissp/lessons/19180405-raid-redundant-array-of-independent-disks). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Standard_RAID_levels#RAID_0).*

Answer 50

A storage strategy that writes data to multiple drives simultaneously, providing redundancy and fault tolerance. ## Footnote A RAID setup that copies identical data onto two or more disks (mirroring) to ensure data redundancy. If one disk fails, the data can be retrieved from the other mirror disk, providing fault tolerance. RAID 1 is ideal for applications requiring high availability. *For more information, view this lecture on [RAID (Redundant Array of Independent Disks)](https://courses.thorteaches.com/courses/take/cissp/lessons/19180405-raid-redundant-array-of-independent-disks). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Standard_RAID_levels#RAID_1).*

Answer 51

A combination of disk mirroring and striping that provides redundancy and enhanced performance. ## Footnote Combines the benefits of RAID 0 and RAID 1 by striping data across mirrored pairs of disks. It requires at least four disks and offers high performance, redundancy, and faster recovery from disk failures. RAID 10 is suitable for high-load, mission-critical systems. *For more information, view this lecture on [RAID (Redundant Array of Independent Disks)](https://courses.thorteaches.com/courses/take/cissp/lessons/19180405-raid-redundant-array-of-independent-disks). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/RAID).*

Answer 52

A method of storing data across multiple disks with parity information for error checking and recovery. ## Footnote A popular RAID configuration that offers a balance between performance and redundancy. It stripes data across three or more disks and uses parity information to recover data in case of a single disk failure. RAID 5 is often used in servers and performance-oriented storage environments. *For more information, view this lecture on [RAID (Redundant Array of Independent Disks)](https://courses.thorteaches.com/courses/take/cissp/lessons/19180405-raid-redundant-array-of-independent-disks). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Standard_RAID_levels#RAID_5).*

Answer 53

A storage setup that combines RAID 5's parity redundancy with RAID 1's mirroring for additional data protection. ## Footnote A RAID configuration that combines the features of RAID 5 (parity-based redundancy) with RAID 1 (mirroring). It requires at least six drives and provides a high level of data protection by creating mirrored pairs of RAID 5 arrays. *For more information, view this lecture on [RAID (Redundant Array of Independent Disks)](https://courses.thorteaches.com/courses/take/cissp/lessons/19180405-raid-redundant-array-of-independent-disks). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/RAID).*

Answer 54

A system that stores data and two sets of parity information across multiple disks for high fault tolerance. ## Footnote Similar to RAID 5 but with additional fault tolerance, RAID 6 uses two sets of parity data, allowing it to withstand the failure of two disks. This setup requires a minimum of four disks and is used in environments where data availability and integrity are critical, despite the slight decrease in write performance due to the extra parity calculations. *For more information, view this lecture on [RAID (Redundant Array of Independent Disks)](https://courses.thorteaches.com/courses/take/cissp/lessons/19180405-raid-redundant-array-of-independent-disks). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Standard_RAID_levels#RAID_6).*

Answer 55

Malicious software that encrypts files and demands payment for their decryption, significantly threatening data availability. ## Footnote A type of malicious software that encrypts a victim's files, making them inaccessible until a ransom is paid. It is commonly used to target individuals and businesses, often through email phishing scams or infected website downloads. Examples include the WannaCry attack that affected the NHS in 2017, the CryptoLocker attack that targeted Microsoft Windows users in 2013, and the recent Ryuk ransomware attack on the printing company RR Donnelley in 2019. *For more information, view this lecture on [Warfare, Terrorism, Sabotage, and Ransomware](https://courses.thorteaches.com/courses/take/cissp/lessons/19180437-warfare-terrorism-sabotage-and-ransomware). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Ransomware).*

Answer 56

RaaS is a business model where ransomware developers lease their malicious software and infrastructure to affiliates, who execute attacks and split the profits from ransom payments. ## Footnote By lowering the barrier to entry, RaaS brings more criminals into the ransomware ecosystem. Operators provide ready-made malware strains, payment portals, and negotiation support. Affiliates choose targets, often using phishing or vulnerable systems. The actual developer then takes a percentage of each successful extortion. This sophistication accelerates attack methods and global spread. Defense relies on robust backups, network segmentation, patch management, and user training to mitigate infiltration. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Ransomware_as_a_service).*

Answer 57

Direct storage access by bypassing the file system, used for high-performance applications or custom data management. ## Footnote Storage access mode where the operating system and applications interact directly with the disk sectors, bypassing typical file system structures. This provides finer control over the data storage and retrieval process, utilized in scenarios requiring tailored data management, such as certain database systems or specialized data processing applications. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Raw_device_mapping).*

Answer 58

Analytics that track and measure the user experience of a website or application in real time, improving performance. ## Footnote A performance measurement technique that tracks the user experience of a website or application in real-time from the user's perspective. It is used in web development and user experience design to identify and diagnose performance issues, such as slow page loads, errors, or crashes. Examples include using RUM tools to monitor the end-to-end user journey, including the network, server, and browser components, and using RUM data to identify and optimize performance bottlenecks or user pain points. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Real_user_monitoring).*

Answer 59

The process of restoring a system or data to its state prior to a disruption or backup, crucial for disaster recovery. ## Footnote The process of restoring data or systems to a previous state. It is used in disaster recovery and backup to ensure that critical information can be recovered in the event of a failure. Examples of reconstitution include restoring a database from a backup or rebuilding a server from a system image. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/System_recovery).*

Answer 60

The process of restoring systems or data to their operational state following a disruption, such as after a system failure or data loss incident. ## Footnote The act of restoring data or systems to a previous state. It is used in disaster recovery and backup to ensure that critical information can be restored after a failure. Examples of recovery include restoring a database from a backup or rebuilding a server from a system image. *For more information, view this lecture on [DRP basics.](https://courses.thorteaches.com/courses/take/cissp/lessons/19180459-drp-basics). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/IT_disaster_recovery).*

Answer 61

Specific measures taken to restore system functionality and data access after an incident or disruption. ## Footnote A specific step or task that is performed as part of the recovery procedures in the event of a disaster or other catastrophic event. Recovery actions are used in disaster recovery planning and business continuity planning to ensure the successful implementation of recovery procedures. Examples of recovery actions include restoring data from backups, activating a disaster recovery site, and communicating with employees and customers. *For more information, view this lecture on [DRP basics.](https://courses.thorteaches.com/courses/take/cissp/lessons/19180459-drp-basics).*

Answer 62

An individual or team designated to oversee and carry out data and system recovery operations, a key role in disaster recovery plans. ## Footnote An individual or team responsible for coordinating and executing recovery processes. It is used in disaster recovery to ensure that critical information and systems can be restored in the event of a failure. Examples of recovery agents include a disaster recovery team or a system administrator responsible for restoring backups.

Answer 63

The maximum acceptable amount of data loss measured in time, used to inform backup strategies in disaster recovery. ## Footnote The maximum tolerable amount of data loss measured in time. It is used in disaster recovery planning to determine how often data backups should be made and how much data can be lost in the event of a disaster. Examples of RPOs include a daily backup for a financial system to ensure no more than one day's worth of transactions are lost or a weekly backup for a non-critical system that can tolerate losing up to a week's worth of data. *For more information, view this lecture on [BIA (Business Impact Analysis)](https://courses.thorteaches.com/courses/take/cissp/lessons/18588174-bia-business-impact-analysis). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/IT_disaster_recovery#Recovery_Point_Objective).*

Answer 64

Steps followed to restore normal operations and recover from system disruptions, part of a broader recovery strategy. ## Footnote A set of actions that are taken in the event of a disaster or other catastrophic event to ensure the continuation of critical business functions. Recovery procedures are used in disaster recovery planning and business continuity planning. Examples include having backup power generators, implementing data backups, and having a communication plan in place. *For more information, view this lecture on [DRP basics.](https://courses.thorteaches.com/courses/take/cissp/lessons/19180459-drp-basics).*

Answer 65

Planned actions and locations prepared to restore operations following a disaster, ensuring continuity and resilience. ## Footnote Actions and plans designed to restore business operations after a disaster, incorporating both on-site preparations like backup generators and off-site solutions such as redundant infrastructure. Effective disaster recovery involves data backups, clear communication protocols, and reliable recovery sites equipped with failover capabilities. Regular testing ensures these strategies can promptly reactivate critical functions, minimizing downtime and data loss. *For more information, view this lecture on [Disaster Recovery sites.](https://courses.thorteaches.com/courses/take/cissp/lessons/19180523-disaster-recovery-sites). Or view this lecture on [Incident Management - part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/34120646-incident-management-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/IT_disaster_recovery).*

Answer 66

Simulated exercises to validate the effectiveness of recovery procedures and strategies, ensuring preparedness for actual incidents. ## Footnote The process of simulating a disaster or other catastrophic event in order to validate the effectiveness of the recovery procedures and strategies. Recovery testing is used in disaster recovery planning and business continuity planning to ensure that the recovery procedures and strategies are effective and can be implemented successfully. Examples of recovery testing include disaster recovery drills, tabletop exercises, and full-scale tests. *For more information, view this lecture on [Testing the Plans - Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19180552-testing-the-plans-part-1). Or view this lecture on [Testing the Plans - Part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/36454606-testing-the-plans-part-2).*

Answer 67

The maximum duration an organization can tolerate downtime after a disaster before restoring essential services or systems. ## Footnote The maximum amount of time a business or organization can afford to be without a specific IT service or system after a disaster or outage. It is used in business continuity and disaster recovery planning. Examples include a company's RTO for their email system being 12 hours, their database system being 24 hours, and their web server being 36 hours. *For more information, view this lecture on [BIA (Business Impact Analysis)](https://courses.thorteaches.com/courses/take/cissp/lessons/18588174-bia-business-impact-analysis). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/IT_disaster_recovery#Recovery_Time_Objective).*

Answer 68

A group that simulates adversarial attacks on an organization's security infrastructure to test and improve defenses. ## Footnote A team of individuals who simulate an adversary or attacker in order to test the security defenses of an organization. Red Teams are used in cybersecurity to identify weaknesses and vulnerabilities in an organization's security posture. Examples of Red Team activities include penetration testing, social engineering attacks, and simulated cyber-attacks. *For more information, view this lecture on [Risk- Attackers and Types of Attacks Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/18588139-risk-attackers-and-types-of-attacks-part-1). Or view this lecture on [Incident Management definitions.](https://courses.thorteaches.com/courses/take/cissp/lessons/19180234-incident-management-definitions). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Red_team).*

Answer 69

Implementing duplicate systems or components to ensure continued operation in case of failure, enhancing fault tolerance. ## Footnote The duplication of critical components or systems in order to provide backup in the event of a failure or outage. Redundancy is used in disaster recovery planning and business continuity planning to ensure that critical systems and functions can continue to operate in the event of a disaster. Examples of redundancy include having multiple servers, having backup power generators, and implementing data backups. *For more information, view this lecture on [Redundancy.](https://courses.thorteaches.com/courses/take/cissp/lessons/19180421-redundancy). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Redundancy_(engineering)).*

Answer 70

A storage technology that combines multiple hard drives into a single logical unit for improved performance and data redundancy. ## Footnote A method of storing the same data in different places on multiple hard disks or solid-state drives to protect data in the case of a drive failure. Depending on the RAID level used, the benefits can include increased data reliability, improved system performance, or a combination of both. The RAID level chosen depends on the specific needs and resources of the organization. *For more information, view this lecture on [RAID (Redundant Array of Independent Disks).](https://courses.thorteaches.com/courses/take/cissp/lessons/19180405-raid-redundant-array-of-independent-disks). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/RAID).*

Answer 71

An additional server that duplicates the operations of a primary server, providing continuity of service during primary server failures. ## Footnote A backup server that duplicates the functions and data of a primary server. It is typically kept in standby mode and is designed to take over immediately in the event of a failure or downtime of the primary server, ensuring minimal or no disruption to the services. This level of redundancy is a vital part of maintaining high availability and disaster recovery capabilities in a network environment. It provides an additional layer of protection against data loss and service interruptions. *For more information, view this lecture on [Redundancy.](https://courses.thorteaches.com/courses/take/cissp/lessons/19180421-redundancy). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Redundancy_(engineering)).*

Answer 72

A backup location equipped to take over operations from the primary site in case of a disaster or outage, ensuring business continuity. ## Footnote A mirror or duplicate of the primary site, housing the same data and capabilities. It serves as a backup or disaster recovery solution, enabling continued operations even when the main site experiences downtime, disruptions, or catastrophic events. Its role can be passive, waiting in the wings to take over when needed, or active, participating in load balancing to improve performance and reliability. *For more information, view this lecture on [Disaster Recovery sites.](https://courses.thorteaches.com/courses/take/cissp/lessons/19180523-disaster-recovery-sites). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Backup_site).*

Answer 73

The process of fixing vulnerabilities or resolving issues to restore system security and functionality. ## Footnote The process of rectifying or mitigating a problem or vulnerability within a system or network. In this context, it involves taking necessary actions such as applying patches, making configuration changes, or implementing new controls to address identified issues or weaknesses. Remediation is a critical component of maintaining system integrity, performance, and stability. *For more information, view this lecture on [Risk Response and Mitigation & Risk and Control Monitoring and Reporting](https://courses.thorteaches.com/courses/take/cissp/lessons/18588121-risk-response-and-mitigation-risk-and-control-monitoring-and-reporting).*

Answer 74

Malicious software that allows an attacker to remotely take control of an infected computer, often without the user's knowledge. ## Footnote Malicious software programs that provide a backdoor for administrative control over a target computer. Once installed on a victim's machine, these can enable an attacker to perform a range of actions, such as stealing information, installing more malicious software, or even taking control of the entire system, often without the victim's knowledge. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Remote_access_trojan).*

Answer 75

An attack where an adversary exploits vulnerabilities to execute arbitrary commands or code on a target system. ## Footnote A type of cyber-attack where an attacker exploits vulnerabilities in a system or application to execute arbitrary commands or code on a target machine or in a target process. An RCE attack can lead to a complete compromise of the targeted system, giving the attacker the ability to steal, alter, or delete data or use the system as a launchpad for further attacks. Preventing RCE attacks often involves regular patching, code sanitization, and effective use of firewalls and other security tools. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Arbitrary_code_execution).*

Answer 76

Copying journal or transaction logs from one system to another to ensure consistency and recoverability for databases. ## Footnote A method used in data replication to continuously copy journal or transaction logs from one system to another, often to a geographically separate location. This ensures data integrity and immediate availability for disaster recovery, allowing quick failover with minimal data loss. *For more information, view this lecture on [Backups.](https://courses.thorteaches.com/courses/take/cissp/lessons/19180401-backups). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Backup#Near-CDP).*

Answer 77

Replicating data to a separate and often distant location in real-time to ensure redundancy and aid in disaster recovery. ## Footnote A technique used to replicate data across geographically dispersed sites for data protection and disaster recovery purposes. It involves creating an exact copy of a database, file system, or storage volume at a different location, typically in real-time. This process provides a high level of data redundancy, ensuring that if one site experiences a failure, the data can be quickly retrieved from the mirrored site. *For more information, view this lecture on [Backups.](https://courses.thorteaches.com/courses/take/cissp/lessons/19180401-backups). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Replication_(computing)).*

Answer 78

A feature allowing the deletion of data from a lost or stolen device to protect sensitive information. ## Footnote A security feature that allows an administrator or device owner to send a command to a device (such as a mobile phone or laptop) to delete data in case the device is lost or stolen. This ensures that sensitive data on the device does not fall into the wrong hands. Depending on the implementation, a remote wipe may delete data selectively (only data managed by the organization) or do a factory reset that wipes all data from the device.

Answer 79

Corrective measures taken to fix faults, errors, or vulnerabilities within systems or applications. ## Footnote A corrective measure is taken to fix identified faults, errors, or vulnerabilities within a system or application. This could involve applying patches, adjusting configurations, replacing faulty hardware, or modifying software code. Repair actions are critical for maintaining system performance, stability, and security and are often prioritized based on the severity and potential impact of the identified issue.

Answer 80

A network attack where a valid transmission is maliciously repeated to deceive a system or user. ## Footnote A form of network attack where a valid data transmission is maliciously or fraudulently repeated or delayed. In this type of attack, an adversary intercepts a data transmission and retransmits it, possibly at a different time, in an attempt to gain unauthorized access or create a false trail of events. Countermeasures against replay attacks typically involve the use of unique session identifiers or time-stamps. *For more information, view this lecture on [Type 1 authentication - "Something you know" or "Knowledge factors"](https://courses.thorteaches.com/courses/take/cissp/lessons/19178829-type-1-authentication-something-you-know-or-knowledge-factors). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Replay_attack).*

Answer 81

Copying data from one location to another to ensure availability and consistency across systems. ## Footnote The process of copying data from one location to another, usually in real-time, to increase data availability and reliability. It is often used in distributed systems to maintain data consistency across multiple locations or nodes. In the context of databases, replication is used to create multiple copies of a database for backup, fault-tolerance, or load-balancing purposes. *For more information, view this lecture on [Backups.](https://courses.thorteaches.com/courses/take/cissp/lessons/19180401-backups). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Replication_(computing)).*

Answer 82

Documenting the details and response to a security incident for analysis, decision-making, and compliance. ## Footnote The process of documenting and communicating all relevant information about a security incident. This can include the nature of the incident, the systems or data affected, the actions taken in response, and the outcomes or impacts of the incident. Reporting plays a critical role in incident response and recovery, helping organizations understand the incident, make informed decisions, comply with regulatory requirements, and identify areas for improvement. *For more information, view this lecture on [Incident Management - part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/34120646-incident-management-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Replication_(computing)).*

Answer 83

Documenting findings and outcomes from security incident investigations, aiding in accountability and future prevention measures. ## Footnote The systematic documentation and communication of the findings and outcomes of an investigative process, typically involving a security incident or breach. This can include information about the nature and cause of the incident, the systems or data affected, the methods used in the investigation, and the proposed remedial actions. It is a crucial part of an effective incident response strategy, as it aids in accountability, regulatory compliance, and the development of preventive measures for future incidents.

Answer 84

A formal proposal to alter a system or process, reviewed and approved in change management procedures. ## Footnote A formal proposal for a change to be implemented in a system or process. This might include alterations to system features, configurations, or procedures. RFCs are often used in change management processes to ensure that changes are properly reviewed, approved, and tracked, thereby minimizing potential disruption and unintended consequences.

Answer 85

Publications inviting open review and discussion on proposed internet standards and innovations. ## Footnote A type of publication from the technical and academic communities, most notably from those involved in computer networking, and often describes methods, behaviors, research, or innovations applicable to the working of the Internet and Internet-connected systems. It provides a way for individuals or groups to propose new standards or protocols and invite comments and suggestions from the community. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Request_for_Comments).*

Answer 86

A document seeking vendor proposals for an IT solution, outlining contract terms and proposal guidance. ## Footnote A document that organizations use to solicit proposals from potential vendors for a desired IT solution. The RFP outlines the bidding process and contract terms and provides guidance on how the proposal should be formatted and presented. It is commonly part of a formal procurement process where the requesting organization invites vendors to submit proposals demonstrating their ability to meet the requirements and provide the best solution. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Request_for_proposal).*

Answer 87

Security mechanisms enabling individuals to exit secured areas automatically without manual unlocking. ## Footnote Security mechanisms that allow individuals to exit a secured area without manual unlocking. These systems detect when a person approaches an exit point and automatically unlock the door. Commonly used devices include motion sensors, push bars, and wave-to-open switches.

Answer 88

The ability of systems to endure and quickly recover from disruptions, preserving essential services. ## Footnote The ability of an IT system or network to withstand and rapidly recover from incidents such as hardware failures, cyber-attacks, or natural disasters. It involves implementing strategies that enable the continuation of essential services and quick restoration to normal operations. *For more information, view this lecture on [Redundancy](https://courses.thorteaches.com/courses/take/cissp/lessons/19180421-redundancy). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cyber_resilience).*

Answer 89

Actions to restore systems after a disaster, essential for business continuity. ## Footnote The actions taken to restore critical systems and services in the event of a disaster or major disruption. This is used in organizations to minimize the impact of disruptions on business operations and to ensure continuity of services. For example, a DR plan may include procedures for activating backup systems, communicating with stakeholders, and relocating to a recovery site. *For more information, view this lecture on [DRP basics](https://courses.thorteaches.com/courses/take/cissp/lessons/19180459-drp-basics). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/IT_disaster_recovery).*

Answer 90

Managing security incidents, from identification to recovery, to restore normal operations. ## Footnote The actions taken to identify, assess, and manage security incidents. This is used in organizations to prevent or mitigate the impact of incidents and to restore normal operations as quickly as possible. For example, an incident response team may use tools and processes to contain an attack, collect evidence, and communicate with stakeholders. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Incident_management).*

Answer 91

Ethically reporting security vulnerabilities to affected entities before public release. ## Footnote A principle that promotes the ethical reporting of security vulnerabilities. Under this principle, when someone discovers a security vulnerability, they should privately notify the relevant entity, providing them adequate time to rectify the issue before disclosing the vulnerability to the public. This practice helps to prevent potential exploitation of the vulnerability by malicious actors, ensuring that corrective measures are put in place to protect users and systems. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Responsible_disclosure).*

Answer 92

The act of analyzing and deconstructing software or systems to understand their operation and identify potential improvements or vulnerabilities. ## Footnote The process of analyzing and deconstructing a product or system to understand its design and functionality. It is often used in the software industry to understand how a program or application works and to identify vulnerabilities or potential improvements. Examples include analyzing a competitor's product to understand its features and capabilities or studying a computer virus to create a solution to remove it. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Reverse_engineering).*

Answer 93

The process of reverting a system to a previous state, used for recovery from problems or unwanted changes. ## Footnote The reversal of changes to a system, often used to restore the system to a previous state in the event of a problem. It is used to undo changes that have caused issues or to return to a well-known state. Examples include rolling back a software update that caused system instability or rolling back a configuration change that resulted in a loss of network connectivity. *For more information, view this lecture on [Patch Management](https://courses.thorteaches.com/courses/take/cissp/lessons/19180338-patch-management). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Rollback_(data_management)).*

Answer 94

An in-depth investigation to uncover the fundamental reason behind a problem, essential in cybersecurity for preventing repeat incidents. ## Footnote A thorough investigation method aimed at discovering the fundamental reason behind a problem or incident. It involves analyzing the sequence of events or conditions that led to the undesired outcome, with the goal of addressing these underlying issues to prevent recurrence. Root cause analysis is pivotal in cybersecurity to prevent future breaches by addressing the source, not just the symptoms, of security failures. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Root_cause_analysis).*

Answer 95

A strategy of periodically moving employees between roles to prevent fraud and unauthorized activity. ## Footnote A strategy employed to reduce the risk of fraud, errors, and misuse within an organization. It involves periodically rotating employees through different positions and responsibilities to disrupt any actions that might lead to unauthorized or malicious activity. This process helps identify irregularities, provides cross-training opportunities, and ensures no single individual holds a specific responsibility or power for an extended period. *For more information, view this lecture on [Administrative personnel controls](https://courses.thorteaches.com/courses/take/cissp/lessons/19180180-administrative-personnel-controls). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Separation_of_duties).*

Answer 96

A measure or control implemented to protect against risks, such as firewalls or access restrictions. ## Footnote A measure or procedure designed to protect against loss, damage, or unauthorized access to information or assets. It is used in security to prevent or mitigate risks to an organization's assets or information. Examples of safeguards include implementing firewalls to protect against cyber-attacks or installing security cameras to deter theft. *For more information, view this lecture on [Incident Management - part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/34120646-incident-management-part-2).*

Answer 97

A fraud method that involves stealing small amounts of money from numerous transactions. ## Footnote A type of fraud that involves the slicing off of small amounts of money from multiple transactions to create a larger sum. It is often used in financial crimes to steal money from a large number of victims. Examples of salami techniques include a bank employee taking small amounts of money from multiple customer accounts or a retailer charging small amounts to customers' credit cards without their knowledge. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Salami_slicing).*

Answer 98

SCAP is a suite of standards created by NIST for automating vulnerability management, policy compliance, and security measurement to enhance interoperability among security tools. ## Footnote It includes specifications like XCCDF, OVAL, and CPE, enabling systems to share and interpret configuration details, check for known weaknesses, and produce standardized assessment reports. Organizations adopting SCAP can streamline patch management, detect misconfigurations, and benchmark security baselines. By unifying data formats and methodologies, SCAP promotes consistent, scalable, and repeatable cybersecurity processes across multiple platforms. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Security_Content_Automation_Protocol).*

Answer 99

Searching for usable data in discarded or overlooked resources, highlighting the need for comprehensive data disposal practices. ## Footnote The practice of searching for and reusing discarded or abandoned data. In a security context, this often involves combing through discarded hardware devices, network traffic, or even public domains for residual data that can be exploited. Unprotected data or insufficiently sanitized storage media can serve as a goldmine for information scavengers, highlighting the importance of robust data disposal practices and the securing of transmitted data to prevent unauthorized access.

Answer 100

A security feature that requires authentication to access a device after it has been idle for some time. ## Footnote A security feature that requires a user to provide authentication, such as a password, pattern, or biometric verification, to access a device after the screen has been idle for a certain period of time. The purpose of a screen lock is to protect the device and its contents from unauthorized access. In scenarios where devices hold sensitive data or can access protected networks, a screen lock serves as a fundamental line of defense against potential breaches. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Lock_screen).*

Answer 101

An event that indicates a possible breach of security policies or exposure to risk. ## Footnote An event or occurrence that poses a potential security threat or compromise to an organization or system. It is used to identify and respond to security breaches and prevent further damage. Examples of security incidents include a data breach, unauthorized access to a system, or a malware attack. *For more information, view this lecture on [Incident Management definitions](https://courses.thorteaches.com/courses/take/cissp/lessons/19180234-incident-management-definitions). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Computer_security_incident_management).*

Answer 102

Security Observability provides in-depth insights into system behaviors, application logs, and network traces, enabling fast detection, root-cause analysis, and proactive threat hunting. ## Footnote Observability extends beyond monitoring—rather than only collecting metrics, it emphasizes correlation, contextualization, and analytics across distributed environments. By integrating logs, events, and telemetry data, teams can map out attack paths or performance anomalies in near-real-time. This supports more precise investigations, rapid incident response, and continuous improvement of security controls. Enhanced visibility helps organizations anticipate threats and adapt strategies, improving resilience from both an operational and security standpoint.

Answer 103

The practice of incorporating security into all IT operational processes to detect and respond effectively to threats. ## Footnote The practice of integrating security into all IT operational processes. SecOps aims to bridge the gap between security and operations teams, enhancing collaboration to effectively detect and respond to security threats in a coordinated manner.

Answer 104

A centralized unit managing an organization's security activities, monitoring for and responding to cyber threats. ## Footnote A centralized unit where an organization's security activities are coordinated and managed. Staffed by security analysts and equipped with advanced tools and technologies, a SOC provides continuous surveillance and analysis of data from networks, servers, endpoints, applications, and databases to detect, analyze, and respond to cybersecurity incidents. The aim of a SOC is to identify and mitigate threats in real-time, ensuring the ongoing security of an organization's information assets. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Security_operations_center).*

Answer 105

A framework integrating and automating security tools and processes for more efficient security operations. ## Footnote A framework for integrating and automating security tools and processes to improve the efficiency and effectiveness of security operations. Used in the management of security operations and incident response. Examples include SOAR platforms and security automation scripts. *For more information, view this lecture on [SIEM and SOAR systems](https://courses.thorteaches.com/courses/take/cissp/lessons/19180282-siem-and-soar-systems). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Security_orchestration).*

Answer 106

A computer that provides services and resources to other devices across a network. ## Footnote A computer or device that provides services, resources, or data to other computers or devices on a network. It is used in networking to host applications, websites, databases, and other services. Examples include web servers, database servers, and file servers. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Server_(computing)).*

Answer 107

Grouping servers to provide increased reliability and scalability for networked services and applications. ## Footnote The practice of grouping multiple servers together to provide increased reliability, performance, and scalability of services. It is used in networking to improve the availability and resilience of applications and services. Examples include using load balancers, failover systems, and replication in server clusters. *For more information, view this lecture on [Redundancy](https://courses.thorteaches.com/courses/take/cissp/lessons/19180421-redundancy). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Computer_cluster).*

Answer 108

An update package containing a collection of improvements, fixes, and enhancements for software. ## Footnote A comprehensive update released by a software vendor to provide bug fixes, patches, or enhancements for an existing software program. Service packs are often used to roll out updates that enhance the stability, compatibility, or security of the software. These packs can be crucial for maintaining the performance and security of a system, as they often include fixes for known vulnerabilities that could be exploited by malicious actors. *For more information, view this lecture on [Patch Management](https://courses.thorteaches.com/courses/take/cissp/lessons/19180338-patch-management). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Service_pack).*

Answer 109

Session attacks involve hijacking or manipulating legitimate user sessions—often via stolen session cookies or tokens—to gain unauthorized access and impersonate users. ## Footnote Attackers may exploit unsecured connections, cross-site scripting (XSS), or session fixation vulnerabilities. Once they acquire valid session identifiers, they can act with the victim’s privileges. Best practices include encrypting session data, invalidating tokens after logout, and implementing secure cookie attributes (HttpOnly, Secure). Monitoring unusual session activity or switching tokens frequently further deters unauthorized usage. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Session_hijacking).*

Answer 110

Software that analyzes security-related data from multiple sources to identify potential threats. ## Footnote A type of software that collects and analyzes security-related data from multiple sources, such as network devices and security appliances. This concept is used in IT security to provide a centralized view of an organization's security posture and identify potential threats. For example, a SIEM system might monitor network traffic for suspicious activity or alert administrators to a potential security breach. *For more information, view this lecture on [SIEM and SOAR systems](https://courses.thorteaches.com/courses/take/cissp/lessons/19180282-siem-and-soar-systems). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Security_information_and_event_management).*

Answer 111

A service model offering the management and analysis of security data typically handled by SIEM software. ## Footnote A subscription-based service model that outsources the complex tasks of managing and analyzing the vast amount of security data typically handled by SIEM software. By using SIEM as a Service, organizations can take advantage of SIEM capabilities without the need to own, maintain, or manage the required infrastructure and resources. This service provides scalability, flexibility, and access to expert resources, enabling businesses to bolster their security posture while minimizing resource expenditure. *For more information, view this lecture on [SIEM and SOAR systems](https://courses.thorteaches.com/courses/take/cissp/lessons/19180282-siem-and-soar-systems).*

Answer 112

Predefined actions taken by a SIEM system in response to certain detected events or conditions. ## Footnote The actions automatically triggered by a Security Information and Event Management (SIEM) system in response to detected events or conditions that meet predefined criteria. These responses could include notifications, system alterations, or other actions intended to mitigate a potential threat. For example, if the SIEM system detects a sudden surge in network traffic that could indicate a denial-of-service attack, it could automatically limit traffic from the suspicious source or alert the security team. *For more information, view this lecture on [SIEM and SOAR systems](https://courses.thorteaches.com/courses/take/cissp/lessons/19180282-siem-and-soar-systems).*

Answer 113

A disaster recovery strategy where a backup system takes over the functionality of a primary system in case of failure. ## Footnote A type of disaster recovery strategy where a backup system is used to take over the functionality of a primary system in the event of a failure or outage. It is commonly used in systems with a single point of failure, such as a web server or database server, to ensure availability and reduce downtime. Examples include a simple failover system for a web server, a simple failover system for a database server, and a simple failover system for a network router.

Answer 114

An analysis method using models to predict how a system behaves under various scenarios, crucial for security planning. ## Footnote A process where a model of a system is created to analyze the potential behavior and performance of that system under different conditions. It allows for the testing of various scenarios, including stress scenarios and those that are challenging or costly to reproduce in real environments. In a security context, simulation tests can be used to identify potential vulnerabilities, analyze the impact of various threats, and evaluate the effectiveness of security measures without impacting the actual system. *For more information, view this lecture on [Testing the Plans - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19180552-testing-the-plans-part-1). Or view this lecture on [Testing the Plans - Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/36454606-testing-the-plans-part-2).*

Answer 115

A critical component whose failure can cause an entire system to stop functioning, necessitating risk mitigation strategies. ## Footnote A component or part of a system that, if it fails, would cause the entire system to stop working. This could be a piece of hardware, a software application, or even a network connection. Eliminating SPOFs is a key part of system design and disaster recovery planning, as their existence significantly increases the risk of system downtime. Techniques to mitigate SPOFs include redundancy, fault tolerance, and load balancing. *For more information, view this lecture on [Redundancy](https://courses.thorteaches.com/courses/take/cissp/lessons/19180421-redundancy). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Single_point_of_failure).*

Answer 116

An assessment process to identify security vulnerabilities in a physical location, aiding in the development of a security strategy. ## Footnote A process of gathering information about a physical location in order to assess its security vulnerabilities. This is commonly used in the field of IT security to evaluate the strength of an organization's network and identify potential weaknesses. Examples of a site survey include evaluating the layout of a building to identify potential blind spots for security cameras, conducting a wireless network assessment to identify potential interference, and analyzing the strength of physical security measures such as locks and gates. *For more information, view this lecture on [Site selection- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149825-site-selection-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Site_survey).*

Answer 117

Point-in-time copies capturing system or data states for recovery. ## Footnote Snapshots are complete, instantaneous copies of a system's state or data at a specific moment. They are used for backup, system recovery, or testing purposes, allowing administrators to quickly restore or analyze a previous state. Widely employed in virtualization and storage management, snapshots minimize downtime and data loss by providing a reliable fallback option during system updates, failures, or security incidents. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Snapshot_(computer_storage)).*

Answer 118

Logs collected from Snort capturing network intrusion detection and prevention events. ## Footnote Snort IDS/IPS Logs are records generated by Snort, an open-source intrusion detection and prevention system, detailing network traffic anomalies and potential security threats. These logs are crucial for identifying unauthorized activities, enabling prompt incident response, and refining security policies by analyzing attack patterns and system vulnerabilities. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Snort).*

Answer 119

Platforms combining security orchestration, automation, and response to enhance the effectiveness of security operations. ## Footnote A security orchestration, automation, and response system that integrates different security tools and processes to automate and manage security operations. It is commonly used in cybersecurity to help organizations respond to and mitigate cyber threats. Examples include IBM Resilient, Demisto, and Swimlane. *For more information, view this lecture on [SIEM and SOAR systems](https://courses.thorteaches.com/courses/take/cissp/lessons/19180282-siem-and-soar-systems). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Security_orchestration).*

Answer 120

A data structure that combines actual data with metadata for organizational, management, and retrieval purposes. ## Footnote An entity that contains both data (like a file) and metadata (information about the data). This combined entity is stored in an object-oriented storage device or system. The metadata could include details like the date of last access, data protection requirements, and more. This type of storage model is often used in cloud environments due to its scalability and ease of use. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Object_storage).*

Answer 121

Dividing storage resources into discrete segments to increase efficiency and security within computing systems. ## Footnote The practice of dividing storage resources into separate segments to improve efficiency, enhance performance, and increase security. By separating data, systems can reduce the risk of unauthorized access or data corruption since each segment is isolated from the others. This practice can also help with load balancing and improve overall system performance.

Answer 122

A code injection method exploiting SQL query vulnerabilities. ## Footnote A type of cyber-attack that exploits vulnerabilities in a website's database by injecting malicious SQL code. It is used to gain unauthorized access to sensitive data, modify or delete it, or create new user accounts with elevated privileges. Examples of SQL injection attacks include inserting a malicious query into a login form to bypass authentication or inserting a malicious query into a database query to extract sensitive information. *For more information, view this lecture on [OWASP 2021 - part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/19182128-owasp-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/SQL_injection).*

Answer 123

A review process where a project or solution is analyzed by peers to identify and address potential issues. ## Footnote A comprehensive review process where the creators of a product or solution present it to their peers for critique and validation. In the context of security, it might involve walking through a new security protocol, a system design, or a piece of code to identify potential flaws or vulnerabilities. This practice promotes quality and consistency, reduces errors, and encourages knowledge sharing. *For more information, view this lecture on [Testing the Plans - Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19180552-testing-the-plans-part-1).*

Answer 124

Stuxnet was a sophisticated worm discovered around 2010, targeting Iranian nuclear centrifuges by exploiting multiple zero-day vulnerabilities, marking a milestone in cyber-physical warfare. ## Footnote Believed to be developed by nation-states, Stuxnet infiltrated industrial control systems (ICS), specifically Siemens PLCs, subtly altering centrifuge speeds to cause mechanical failures. Its advanced code evaded detection through rootkit components. The incident showcased how malware could sabotage critical infrastructure, elevating discussions around ICS security, supply chain infiltration, and global cyber espionage. Stuxnet remains a prime example of cyberweapon potential. *For more information, view this lecture on [0-day attacks.](https://courses.thorteaches.com/courses/take/cissp/lessons/19180381-0-day-attacks). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Stuxnet).*

Answer 125

A foundational layer beneath finished flooring that provides support and insulation. ## Footnote Sub flooring is the underlayment installed beneath the finished floor surface, offering structural support, sound insulation, and a base for flooring materials. It plays a critical role in distributing weight evenly, reducing moisture penetration, and enhancing the durability of the final floor finish. Properly installed sub flooring contributes to a stable, comfortable, and long-lasting interior environment. *For more information, view this lecture on [Fire suppression and hot and cold aisles.](https://courses.thorteaches.com/courses/take/cissp/lessons/19149912-fire-suppression-and-hot-and-cold-aisles). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Raised_floor).*

Answer 126

The strategic process of identifying and developing future leaders to ensure continuity in key roles. ## Footnote The process of identifying and developing new leaders who can replace old leaders when they leave, retire, or die. In a security context, it ensures continuity of leadership roles critical to managing and protecting an organization's assets. By preparing for changes in key personnel, organizations can prevent gaps in their security operations and management, ensuring a seamless transition and sustained protection of critical assets. *For more information, view this lecture on [Employee redundancy.](https://courses.thorteaches.com/courses/take/cissp/lessons/19180545-employee-redundancy). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Succession_planning).*

Answer 127

Actions or techniques to prevent or mitigate unwanted behavior or occurrences, enhancing security. ## Footnote Actions or techniques designed to prevent, reduce, or eliminate unwanted behavior or occurrences. In a security context, it can include methods used to counteract potential threats or to minimize the impact of a security incident. These measures could range from firewalls and antivirus software that suppress malicious activity to disaster recovery plans that suppress the impact of a major incident. *For more information, view this lecture on [Fire suppression- Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19149928-fire-suppression-part-1).*

Answer 128

A signal, such as an LED light or system message, that communicates the status or health of a computer system. ## Footnote A visual or auditory signal that indicates the status of a computer system. This can include LED lights, beep codes, or system messages. Examples of system indicators include a red light on a server indicating a failure, a beep code indicating a memory error, or a system message saying, "System Overheated."

Answer 129

A simulation involving hypothetical emergency scenarios to practice and evaluate response strategies. ## Footnote A simulation of a hypothetical emergency situation, typically involving a group of individuals who play different roles and must respond to the scenario. It is used in disaster preparedness and response planning, as well as in training and development for emergency management personnel. Examples include simulating a natural disaster, a cyber-attack, or a terrorist attack and evaluating the response and preparedness of the individuals involved. *For more information, view this lecture on [Testing the Plans - Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19180552-testing-the-plans-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Business_continuity_and_disaster_recovery_auditing#Testing).*

Answer 130

An entity or system that is the focus of a security measure or attack. ## Footnote A specific entity or system that is the focus of an attack or a security measure. It is a common term in the field of cybersecurity, where targets can include individuals, organizations, networks, or devices. Examples include targeting a specific individual's email account for a phishing attack or targeting a company's network for a ransomware attack. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Security_Target).*

Answer 131

TAXII is a protocol that enables secure sharing of cyber threat intelligence (CTI) among organizations and communities, standardized for interoperability and automation. ## Footnote Working alongside the STIX format, TAXII transports data like indicators of compromise or adversary tactics, facilitating rapid dissemination of relevant threat details. By establishing trust relationships, participants can exchange sensitive intelligence at scale. Automated threat feeds empower security teams to update detection rules promptly. TAXII fosters collaboration, fighting cybercriminals collectively and shortening attacker advantage windows. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Mitre_Corporation#Cybersecurity_and_election_integrity).*

Answer 132

Any potential actor or factor that could exploit vulnerabilities to disrupt or damage a system. ## Footnote An entity or actor that poses a potential risk to an organization's security by exploiting vulnerabilities to cause harm or disruption. Threat agents can be individuals, groups, external entities, or environmental factors that could initiate or conduct an attack. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Threat_(computer_security)#Threat_agents_or_actors).*

Answer 133

Proactively searching for undetected malicious activities within a system or network. ## Footnote The proactive search for signs of malicious activity within a system or network that haven't been detected by traditional security solutions. It involves using analytics and threat intelligence to identify abnormalities or indicators of compromise, helping to uncover stealthy, advanced threats that may have bypassed initial security defenses. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Threat_(computer_security)#Threat_hunting).*

Answer 134

Knowledge used to understand and mitigate the risks of cyber threats. ## Footnote Knowledge that allows organizations to understand the risks of cyber threats, such as adversaries, campaigns, incidents, tactics, techniques, and procedures (TTP). This intelligence can be used to prepare, prevent, and identify potential cyber threats looking to take advantage of valuable resources. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Threat_intelligence).*

Answer 135

Information gathered from outside sources about current or emerging threats. ## Footnote Data collected from outside the organization's network about current or emerging threats. This could include information from industry forums, security news feeds, threat databases, or intelligence-sharing groups, offering insights into the broader threat landscape to enhance the organization's defense strategy. *For more information, view this lecture on [Secure design principles.](https://courses.thorteaches.com/courses/take/cissp/lessons/25340659-secure-design-principles).*

Answer 136

Data derived from within an organization about potential internal risks and suspicious activities. ## Footnote Information about potential risks that come from within an organization. This can include suspicious activities or behavior patterns of employees, contractors, or other individuals with access to the organization's resources. Gathering and analyzing internal threat intelligence can help an organization to proactively detect and respond to insider threats, thereby reducing potential damage. *For more information, view this lecture on [Secure design principles.](https://courses.thorteaches.com/courses/take/cissp/lessons/25340659-secure-design-principles).*

Answer 137

A TIP collects, correlates, and manages threat data from diverse sources, helping security teams prioritize responses and identify emerging risks. ## Footnote Security analysts use TIPs to ingest threat feeds, open-source intelligence, and internal logs, then transform them into actionable alerts. Automated rules compare network indicators—like IP addresses or malware hashes—to known threat patterns. Collaboration features support sharing threat data across stakeholders. TIPs streamline incident triage and root-cause analysis, enabling organizations to remain proactive. By centralizing intelligence, TIPs ensure risk-based decisions and speed up detection workflows. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Threat_Intelligence_Platform).*

Answer 138

Constantly observing activities within a system to identify potential security incidents. ## Footnote The continual process of observing and tracking activities within a system or network to detect signs of cyber threats or breaches. This often involves the use of automated systems, such as intrusion detection systems (IDS) or security information and event management (SIEM) systems, which can detect anomalies or suspicious behavior and send alerts for further investigation. *For more information, view this lecture on [Secure design principles.](https://courses.thorteaches.com/courses/take/cissp/lessons/25340659-secure-design-principles).*

Answer 139

The method or pathway used by an attacker to initiate a cyberattack. ## Footnote A pathway or means by which a cyberattack is carried out. Threat vectors are the methods or routes taken by attackers to infiltrate systems, exploit vulnerabilities, and potentially cause damage. Common vectors include phishing emails, malicious websites, or compromised networks. *For more information, view this lecture on [Risk Management- Assessment Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/18588095-risk-management-assessment-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Threat_(computer_security)#Phenomenology).*

Answer 140

Classifications that define data center infrastructure in terms of redundancy, fault tolerance, and availability. ## Footnote A globally recognized benchmark for the design, construction, and operation of data centers. They classify data centers into four tiers based on factors such as redundancy, fault tolerance, and availability. Tier I represents basic capacity with non-redundant components, while Tier IV denotes fault-tolerant infrastructure. This classification helps organizations determine the level of service they require from a data center, balancing operational capabilities against cost and business needs. *For more information, view this lecture on [Redundancy.](https://courses.thorteaches.com/courses/take/cissp/lessons/19180421-redundancy). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Uptime_Institute).*

Answer 141

A unit of work within a database or other system that is treated as a single, indivisible operation to maintain data consistency. ## Footnote A single logical operation on data that is considered as one unit of work. It's typically composed of multiple related tasks that must all succeed or fail as one, ensuring data consistency. Transactions are vital in many fields, including finance, where they represent a change in status between parties. In the context of security, maintaining the integrity, confidentiality, and availability of transaction data is crucial to prevent unauthorized access, alteration, or disruption of these operations. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Database_transaction).*

Answer 142

The release of sensitive information without proper authorization, leading to potential data breaches. ## Footnote The release or exposure of sensitive or protected information without obtaining proper permission. This can involve the sharing of personal data, intellectual property, trade secrets, or classified information and often results in breaches of privacy, legal consequences, or potential damages to an individual's or organization's reputation. *For more information, view this lecture on [Secure design principles.](https://courses.thorteaches.com/courses/take/cissp/lessons/25340659-secure-design-principles). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/List_of_U.S._security_clearance_terms#Security_levels).*

Answer 143

Transferring data from a local device to a remote server or cloud service for sharing, storage, or collaboration. ## Footnote The process of transferring data from a local device to a remote server or cloud storage. It is used to share files or backups or to access them from multiple locations. Examples include uploading a file to Dropbox, uploading a photo to Instagram, or uploading a video to YouTube. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Upload).*

Answer 144

UEBA profiles normal user, system, or entity behaviors to detect anomalies indicative of malicious insiders or external breaches that traditional security controls might miss. ## Footnote UEBA platforms apply machine learning to logins, file accesses, and network paths, establishing a baseline of typical activity patterns. Sudden changes—like large data downloads or unusual access times—trigger high-risk alerts. UEBA also monitors machine accounts, APIs, and service interactions. By focusing on behavioral deviations, it catches stealthy attacks, policy violations, or compromised credentials sooner. Coupled with SOC processes, UEBA strengthens advanced threat detection and response. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/User_behavior_analytics).*

Answer 145

UTM appliances combine multiple security features—like firewall, intrusion detection, antivirus, and content filtering—on a single platform, simplifying network defense. ## Footnote They offer centralized administration and consistent policy enforcement, reducing complexity compared to separate tools. Typical features can include VPN support, spam blocking, and web application firewalls. However, performance constraints may occur when multiple modules scan large traffic volumes simultaneously. UTMs suit smaller or mid-sized organizations seeking consolidated security solutions, though larger enterprises might prefer specialized, scalable products. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Next-generation_firewall#History).*

Answer 146

A sensitive smoke detection system providing early warnings of potential fires. ## Footnote A system that actively draws air through a network of pipes to a central detector, enabling it to provide a very early warning of potential fire situations. It detects minute smoke particles in the air, thus allowing organizations to initiate response procedures before any visible signs of fire appear, minimizing potential damage and enhancing safety. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Aspirating_smoke_detector).*

Answer 147

A thorough review of a DR or BCP to identify gaps and ensure understanding and readiness for real events. ## Footnote A methodical review process where a team assesses the effectiveness and completeness of a Disaster Recovery (DR) or Business Continuity Plan (BCP). Participants step through the plan in detail to identify any gaps or issues and to ensure that all necessary steps are understood and actionable in the event of a real disaster or business interruption. *For more information, view this lecture on [Testing the Plans - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19180552-testing-the-plans-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/BCP_testing).*

Answer 148

A disaster recovery solution equipped with necessary infrastructure but not active hardware, enabling rapid operational resumption after a disruption. ## Footnote A disaster recovery option between a hot site and a cold site, a warm site provides a location equipped with the necessary infrastructure and connectivity but not the active hardware or data required for immediate operation. Organizations use warm sites to expedite recovery time following a disruption, as they can quickly be equipped with backups and necessary systems to resume critical operations. *For more information, view this lecture on [Disaster Recovery sites](https://courses.thorteaches.com/courses/take/cissp/lessons/19180523-disaster-recovery-sites). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/IT_disaster_recovery).*

Answer 149

A service that allows individuals and organizations to post websites or web pages on the internet. ## Footnote A service that enables organizations and individuals to post a website or web page onto the internet. A web host, or web hosting service provider, provides the technologies and services necessary for the website or webpage to be viewed on the internet. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Web_hosting_service).*

Answer 150

A computer system that hosts websites and delivers web content to users over the internet. ## Footnote A computer that stores, processes, and delivers web content, such as HTML pages, images, and files, to clients on the internet. It is used to host and serve websites and web applications. Examples include Apache, IIS, and Nginx. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Web_server).*

Answer 151

An integrated security suite in Windows for real-time threat detection and system protection. ## Footnote Windows Defender/Security Center provides built-in antivirus, anti-malware, and system monitoring capabilities within Windows. It offers continuous protection against security threats, real-time scanning, and performance reports, ensuring that systems remain secure and compliant with best practices without requiring additional third-party software. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Windows_Defender).*

Answer 152

A built-in utility to view, filter, and analyze Windows system logs and events. ## Footnote Windows Event Viewer is a management tool that collects and displays logs related to system events, errors, and security activities. It assists administrators in troubleshooting issues, monitoring system performance, and ensuring compliance with security policies by providing detailed insights into the operating system’s operations and potential anomalies. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Event_Viewer).*

Answer 153

Microsoft's update management tool enabling the distribution of patches within corporate environments. ## Footnote A Microsoft tool that allows administrators to manage and distribute updates released through Microsoft Update to computers in a corporate environment. It provides a centralized and automated method of deploying critical updates, ensuring that all systems within an organization are consistently protected against known issues and vulnerabilities and their software environment remains secure and up-to-date. *For more information, view this lecture on [Patch Management](https://courses.thorteaches.com/courses/take/cissp/lessons/19180338-patch-management). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Windows_Server_Update_Services).*

Answer 154

A compatibility layer allowing Windows applications to run on Unix-like operating systems. ## Footnote A compatibility layer capable of running Windows applications on several POSIX-compliant operating systems, such as Linux, macOS, & BSD. It duplicates functions of Windows by providing alternative implementations of the DLLs that Windows programs call and a process to substitute for the Windows NT kernel. This provides a way for users of non-Windows systems to utilize software that is traditionally Windows-only, increasing interoperability and software availability. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Wine_(software)).*

Answer 155

A tool that prevents data modification during forensic investigation, ensuring evidence integrity. ## Footnote A device used to prevent the alteration of data on a storage medium during an investigation. It is commonly used in forensic analysis to preserve the integrity of evidence. Examples include hardware write blockers, software write blockers, and bootable write blockers. *For more information, view this lecture on [Spinning disk forensics](https://courses.thorteaches.com/courses/take/cissp/lessons/19180201-spinning-disk-forensics). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Forensic_disk_controller).*

Answer 156

A feature that prevents data from being modified, ensuring the integrity of the stored information. ## Footnote A hardware or software mechanism that prevents modification or deletion of data on a storage device. Write protection ensures the integrity of data by making it read-only, safeguarding it against accidental or malicious alterations. *For more information, view this lecture on [Spinning disk forensics](https://courses.thorteaches.com/courses/take/cissp/lessons/19180201-spinning-disk-forensics). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Write_protection).*

Answer 157

XCCDF is an XML-based language for defining security checklists, benchmarks, and configuration policies, facilitating machine-readable best practice standards. ## Footnote Part of the SCAP ecosystem, XCCDF files specify configuration rules, references, and scoring methods. Security automation tools parse XCCDF to verify system compliance with industry standards like CIS or DISA STIGs. This standardized approach aids consistent assessments, letting administrators track adherence across multiple environments. XCCDF fosters repeatable, automated compliance checks that adapt as benchmarks evolve. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Extensible_Configuration_Checklist_Description_Format).*

Answer 158

An attack exploiting a vulnerability on the day it is discovered, when no fix or defense is yet available. ## Footnote A cyber-attack that occurs on the same day a vulnerability is discovered in software. On that day, the software developers have "zero days" to fix the problem before the exploit can be used. Attackers exploiting a zero-day vulnerability can cause significant harm because there's often no defense against the attack, as the vulnerability is not yet known to the software developer or the wider community. *For more information, view this lecture on [0-day attacks](https://courses.thorteaches.com/courses/take/cissp/lessons/19180381-0-day-attacks). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Zero-day_(computing)).*

Answer 159

A segment within a network with specific security policies, managing access and activity based on trust levels. ## Footnote A logical grouping of network resources that share a common security policy or trust level. It is used to segment a network into smaller, more manageable units and to enforce security policies on specific groups of resources. Examples of zones include DMZ, trusted zone, and untrusted zone.

Domain 7.1: Security Operations Flashcards

Review operational security terms covering monitoring, response, and recovery processes.