Full List

Question 1

CIA

Answer 1

• Confidentiality: prevent unauthorized information disclosure.
• Integrity: data remains unaltered
• Availability: information is accessible to authorized users

Question 2

AAA

Answer 2

• Authentication: prove your identity, e.g. password
• Authorization: what resources you have access to.
• Accounting: record of the resources used, e.g. login time, logout time

Question 3

PKI

Answer 3

Public Key Infrastructure: A system of policies, procedures, and technology for managing digital certificates to securely link public keys to people or devices, enabling trusted communication.

Question 4

TPM

Answer 4

Trusted Platform Module: a microprocessor that provides cryptographic functions for a single device, e.g. storing BitLocker keys.

Question 5

HSM

Answer 5

Hardware Security Module: a dedicated device for storing and managing encryption keys for many devices, typically used in large environments.

Question 6

CA

Answer 6

Certificate Authority: A trusted organization that issues and manages digital certificates to verify the identity of entities.

Question 7

CRL

Answer 7

Certificate Revocation List: list of invalidated certificates that’s maintained by the Certificate Authority.

Question 8

OCSP

Answer 8

Online Certificate Status Protocol: real-time certificate validity checks through browser.

Question 9

CSR

Answer 9

Certificate Signing Request: request the Certificate Authority to issue a digital certificate.

Question 10

SMS

Answer 10

Short Message Service: a text messaging service that allows the exchange of short text messages between mobile devices.

Question 11

IM

Answer 11

Instant Messaging: the exchange of near-real-time messages through online software.

Question 12

MSP

Answer 12

Managed Service Providers: A company that manages IT infrastructure and services for organizations remotely.

Question 13

TOC/TOU

Answer 13

Time-of-check to Time-of-use: exploiting the gap between verification and execution in race conditions. A race condition is exploiting processes running simultaneously.

Question 14

SQLi

Answer 14

Structured Query Language injection: injecting malicious SQL commands into a database query.

Question 15

XSS

Answer 15

Cross Site Scripting: injecting scripts into web pages viewed by users.

Question 16

VM escape

Answer 16

Virtual Machine escape: gaining access to a host from a virtual machine.

Question 17

RFID cloning

Answer 17

Radio Frequency Identification cloning: duplicating RFID cards or tags.

Question 18

DDoS

Answer 18

Distributed Denial of Service: flooding a service with requests from several computers to cause downtime.

Question 19

DNS attack

Answer 19

Domain Name System: exploiting vulnerabilities in DNS to redirect traffic from a website.

Question 20

IoT

Answer 20

Internet of Things: A network of interconnected devices that communicate and exchange data over the internet.

Question 21

VLAN

Answer 21

Virtual Local Area Network: a network segmentation technique that groups devices logically to improve performance and security

Question 22

ACL

Answer 22

Access Control List: a list of rules that lists access permissions based on an allow/deny list.

Question 23

HIPS

Answer 23

Host-based Intrusion Prevention System: a security software that detects and prevents unauthorized access to a system on a host.

Question 24

IaC

Answer 24

Infrastructure as Code: Managing and provisioning infrastructure through code, useful in software development to build, test, and deploy applications.

Question 25

SDN

Answer 25

**Software-defined Networking**: network infrastructure that enables the network to be centrally controlled using software applications.

Question 26

ICS/SCADA

Answer 26

**Industrial Control Systems & Supervisory Control and Data Acquisition System**: systems used to monitor and control industrial processes, e.g. power generation, energy, manufacturing.

Question 27

RTOS

Answer 27

**Real-time Operating System**: low-latency systems with high security demands, an OS with deterministic processing schedule, e.g. military environments.

Question 28

IPS/IDS

Answer 28

**Intrusion Prevention/Detection System**: designed to monitor and alert (IDS) or actively block (IPS) malicious activities in a network.

Question 29

PSK

Answer 29

**Pre-shared Key**: A shared password used for authentication in wireless networks like WPA2/WPA3.

Question 30

EAP

Answer 30

**Extensible Authentication Protocol**: authentication framework for secure communication, can be used withan authentication database like RADIUS, LDAP, or TACACS+.

Question 31

802.1X

Answer 31

**IEEE 802.1X**: port-based network access control that authenticates users using EAP

Question 32

WAF

Answer 32

**Web Application Firewall**: a firewall that protects against web threats like SQL injection, it applies rules to HTTP/HTTPS conversations.

Question 33

UTM

Answer 33

**Unified Threat Management**: all-in-one security appliance in one device, can contain IDS/IPS, URL filter, spam filter, etc.

Question 34

NGFW

Answer 34

**Next-generation Firewall**: advanced firewall with application-layer filtering, has deep packet inspection.

Question 35

VPN

Answer 35

**Virtual Private Network**: encrypting data going through a public network for secure remote access.

Question 36

TLS

Answer 36

**Transport Layer Security**: encrypting data communication over a network through port 443 (HTTPS) at the application layer.

Question 37

IPSec

Answer 37

**Internet Protocol Security**: secures internet communications by encrypting and authenticating data packets at the network layer.

Question 38

SD-WAN

Answer 38

**Software-defined Wide Area Network**: a WAN built for the cloud giving efficient access to public cloud applications.

Question 39

SASE

Answer 39

**Secure Access Service Edge**: a next-generation VPN that allows you to connect securely from different locations, or anywhere.

Question 40

UPS

Answer 40

**Uninterruptible Power Supply**: battery backup to keep systems running temporarily during power loss.

Question 41

MDM

Answer 41

**Mobile Device Management**: software for managing and securing mobile devices within an organization.

Question 42

BYOD

Answer 42

**Bring Your Own Device**: employees using personal devices at work.

Question 43

COPE

Answer 43

**Corporate-owned, personally enabled**: company provides the device with limited personal use.

Question 44

CYOD

Answer 44

**Choose Your Own Device**: employees choose from pre-approved devices.

Question 45

WPA3

Answer 45

**Wi-Fi Protected Access 3**: advanced encryption for web networks.

Question 46

RADIUS

Answer 46

**Remote Authentication Dial-in User Service**: protocol that provides centralized authentication, authorization, and accounting (AAA) for users accessing a network.

Question 47

OSINT

Answer 47

**Open-Source Intelligence**: the process of gathering publicly available information to assess threats.

Question 48

CVSS

Answer 48

**Common Vulnerability Scoring System**: evaluate and rank reported vulnerabilities in a standardized way.

Question 49

CVE

Answer 49

**Common Vulnerability Enumeration**: identifying and cataloging known vulnerabilities, maintained by MITRE.

Question 50

SCAP

Answer 50

**Security Content Automation Protocol**: framework for managing security policies and compliance.

Question 51

SIEM

Answer 51

**Security Information and Event Management**: centralised logging and analysis tool used to detect, analyze, and respond to security threats.

Question 52

DLP

Answer 52

**Data Loss Protection**: protecting sensitive data from unauthorized sharing or data exflitration.

Question 53

SNMP traps

Answer 53

**Simple Network Management Protocol traps**: alerts sent by devices to monitor systems.

Question 54

URL scanning

Answer 54

**Uniform Resource Locator scanning**: analysis of URLs for malicious content.

Question 55

DMARC

Answer 55

**Domain-based Message Authentication Reporting and Conformance**: builds on SPF and DKIM, letting domain owners set policies for handling unauthenticated emails and receive compliance reports.

Question 56

DKIM

Answer 56

**DomainKeys Identified Mail**: digitally signs outgoing emails, validated by receivers using a public key in DNS.

Question 57

SPF

Answer 57

**Sender Policy Framework**: list of all servers authorized to send emails for a domain.

Question 58

NAC

Answer 58

**Network Access Controls**: controls and restricts device access to a network based on policies.

Question 59

EDR/XDR

Answer 59

**Endpoint Detection and Response/Extended Detection and Response**: advanced tools for detecting and responding to endpoint or network based threats.

Question 60

SSO

Answer 60

**Single Sign On**: enables users to authenticate on several sites with one set of credentials.

Question 61

LDAP

Answer 61

**Lightweight Directory Access Protocol**: protocol for reading and writing directories over an internet network.

Question 62

OAuth

Answer 62

**Open Authorization**: an authorization framework that determines what resource a user will be able to access.

Question 63

SAML

Answer 63

**Security Assertions Markup Language**: open standard for authentication and authorization, not originally designed for mobile.

Question 64

RBAC

Answer 64

**Role-based Access Control**: a security model where access permissions are assigned based on user roles within an organization.

Question 65

PDACERL (Incident Response Phases)

Answer 65

* **Preparation** * **Detection** * **Analysis** * **Containment** * **Eradication** * **Recovery** * **Lessons Learned**

Question 66

AUP

Answer 66

**Acceptable Use Policy**: defines acceptable usage of company resources.

Question 67

SDLC

Answer 67

**Software Development Life Cycle**: the development process involved to build a software application, security must be applied at every stage.

Question 68

SLE

Answer 68

**Single Loss Expectancy**: cost of a single incident

Question 69

ALE

Answer 69

**Annualized Loss Expectancy**: yearly cost of a risk, ARO x SLE

Question 70

ARO

Answer 70

**Annualized Rate of Occurrence**: frequency of incidents per year.

Question 71

RTO

Answer 71

**Recovery Time Objective**: time to restore services after an incident.

Question 72

RPO

Answer 72

**Recovery Point Objective**: maximum tolerable data loss measured in time.

Question 73

MTTR

Answer 73

**Mean Time to Repair**: average time requested to fix issue.

Question 74

MTBF

Answer 74

**Mean Time Between Failures**: time between outages, e.g. total uptime, number of breakdowns

Question 75

SLA

Answer 75

**Service Level Agreement**: minumum terms for services provided, e.g. uptime, response time agreement.

Question 76

MOA

Answer 76

**Memorandum of Agreement**: documenting mutual obligations, usually a formal or legal document.

Question 77

MOU

Answer 77

**Memorandum of Understanding**: outlining informal agreements, states common goals.

Question 78

MSA

Answer 78

**Master Service Agreement**: legal contract and agreement of terms, governs long term relationships.

Question 79

WO/SOW

Answer 79

**Work Order/Statement of Work**: specific list of items to be completed, specific project terms.

Question 80

NDA

Answer 80

**Non-disclosure Agreement**: protecting shared sensitive information, confidentiality agreement.

Question 81

BPA

Answer 81

**Business Partners Agreement**: guidelines for business partnerships, lists specific individuals and scope.

Question 82

MFA

Answer 82

**Multifactor Authentication**: A security method requiring multiple forms of verification, such as something you know (password), have (token), or are (biometric).