Glossary Flashcards

Question

Application Whitelist is:

Answer 1

A list of applications that a system allows. Users are only able to install or run applications on the list.

Answer 2

Advanced Persistent Threat. A group that has both capability and intent to launch sophisticated and targeted attacks.

Answer 3

Annual Rate of Occurence. The number of times a loss is expected to occur in a year. It is used to measure risk with ALE and SLE in a quantitative risk assessment. SLE x ARO = ALE

Answer 4

A command-lline tool used to show and manipulate the address resolution protocol.

Answer 5

An attack that misleads systems about the actual MAC address of a system.

Answer 6

An _element of a risk assessment_. It identifies the _value of an asset_ and can include any _product, system, resource, or process_. The value can be a _specific monetary value_ or a _subjective value_.

Answer 7

A type of encryption using two keys to encrypt and decrypt data. It uses a public key and a private key.

Answer 8

A _record of events_ recorded in one or more logs. When security professionals have access to all the logs, they can recreate the events that occured leading up to a security incident.

Answer 9

The process that occurs when a _user proves an identity_, such as _with a password_.

Answer 10

_One_ of the three _main goals of information security_ known as the CIA security triad. Availaibility _ensures that systems and data are up and operational when needed_.

Answer 11

An _alternate method of accessing a system_. Malware often adds a backdoor into a system it infects it.

Answer 12

A _check into a person's history_, typically to determine eligibility for a job.

Answer 13

A _method_ used t_o gain information about a remote system_. If identifies the operating system and other details on the remote system.

Answer 14

_A key stretching algorithm_. It is _used to protect passwords_. _Bycrypt salts passwords with additional bits before encrypting them with Blowfish_. This thwarts rainbow tables attacks.

Answer 15

Basic Input/Output System. _A computer's firmware used to manupulate different settings_ such as the date and time, boot drive and access passwords. UEFI is the designated replacement for BIOS.

Answer 16

A password attack named after the birthday paradox, in probability theory. The paradox states that for any random group of 23 people, there is a 50% chance that 2 of them have the same birthday.

Answer 17

A _type of penetration test_. Testers have _zero knowledge of the environment prior_ to starting the test.

Answer 18

An _encryption method_ that encrypts data in _fixed size blocks_.

Answer 19

A _strong symmetric Encryption_ method. It encrypts data _in 64-bit blocks_ and supports _key sizes between 32 bits and 448 bits_.

Answer 20

An attack agains Bluetooth devices. It is a practice of sending unsolicited messages to nearby Bluetooth devices.

Answer 21

An _attack against Bluetooth devices. Attackers gain unauthorized access_ to Bluetooth devices and can access all the data on the device.

Answer 22

Short _vertical posts that act as a barricade_. Bollards block vehicles, _not people_.

Answer 23

Software robots that function automatically. A botnet is a gorup of computers that are joined together. Attackers often use malware to join computers to a botnet, and then use the botnet to launch attacks.

Answer 24

Business Partner Agreement, A written agreement that details the relationship between business partners, including their obligations toward the partnership.

Answer 25

A network device used to connect multiple networks together. It can be used instead of a router.

Answer 26

_A password attack that attempts to guess a password_. Online brute force attacks guess passwords of online systems. Offline attacks guess passwors contained in a file or database.

Answer 27

An error that occurs _when an application receives more input, or different than it expects_. It exposes system memory that is normally inaccessible.

Answer 28

Business Impact Analysis is a process by which an organization identfies critical systems and components that are esential to the ornganization's success.

Answer 29

Bring Your Own Device, _A mobile device deployment model_. Employees can connect their personally owned device to the network.

Answer 30

Certificate Authority an organization that _manages, issues and signs certificates_. A _CA is a main element of PKI._

Answer 31

Common Access Card. A specialized type of smart card used by the US dept. of Defense. It includes photo identification and provides confidentiality, integrity, authentication and non-repudiation.

Answer 32

A _technical solution that forces wireless clients using web browsers to complete a process before accessing a network_. It is often used to ensure users afree to an acccestable use policy or pay for accessn.

Answer 33

A process of unlicking a mobile phone from specific cellular provider.

Answer 34

Cipher Block Chaining. A _mode of operation_ used for encryption that effectively converts a block cipher into a stream cipher. It _uses a IV for the first block_ and each subsequent block is combined with the previous block.

Answer 35

Counter Mode w/ Cipher Block Chaining Message Protocol. An encryption protocol based on AES and used with WPA-2 for wire;ess security.It is more secure than TKIP was used with the original release of WPA.

Answer 36

Canonical Encoding Rules, a base format for PKI. They are binary encoded files.

Answer 37

A digital file used for encryption, authetntication, digital signatures and more. Public certificates include a public key use dfor asymmetric encryption.

Answer 38

A process that combines ll certificates within a trust model. It includes all the certificates in the tust chain from the root ca down to the certificate issued to the end user.

Answer 39

A process that provides assurance that evidence has been controlles and handled properly after collection. Forensic experts establish a chain of custody when they first collecte evidence.

Answer 40

The process used to prevent unauthorized changes. Unauthorized chanes often result in unintended outages.

Answer 41

Challenge Handshake Authentication Protocol. An Authentication mechanism where server challenges a client.

Answer 42

A linux command used to change the root directory. It is often used for sandboxing.

Answer 43

The result of encryptiing plaintext. Ciphertext is no in an easily readable format unitl decrypted.

Answer 44

A security policy requiring employees to keep thheir areas orazined and free of papers. The goal is to reduce threats of security incidents by prtecting sesitive data.

Answer 45

An attack that tricks users into clicking something other than what they think they're clicking.

Answer 46

A software toool or service that enforces cloud-based security requirements. It is placed between the organization's resources and the cloud, monitors all network traffic and can enforce security policies.

Answer 47

Cloud model types that identify who has access to cloud resources.

Answer 48

The process of assigning a certificate to code. The certificate includes a digital signature and validetes the code.

Answer 49

An alternate location for operations. A cold site will have power and connectivity needed for activation and validates the code.

Answer 50

A hash vulnerability, that can be used to discover passwords. A hash collision occurs when two different passwords create the same hash.

Answer 51

Security controls that are alternative controls used when a primary security control is no feasible.

Answer 52

Code that has been optimized by an application and converted into an executed file. Compare with runtime code.

Answer 53

Data meant to be kept secret among a certain group of people. As an example, salary data is meant to be kept secret and not shared with everyone within a company.

Answer 54

One of the three main goals of information security known as the CIA security triad. Confidentiality ensures that unauthorized entities cannot aces data. Ecryption and access controls help protect against the loss of confidentiality.

Answer 55

A type of vulnerability scanner that verifies systems are configured correctly. It will often use a file that identifies the proper configuration for systems.

Answer 56

A cryptography concept that indicates ciphertext is significantly different than plaintext.

Answer 57

A method used to isolate applications in mobile devices. It isolates and protects the application, onclding any data used by the application.

Answer 58

An authentication method using multiple elements to authenticate a user and a mobile device. It can include an identity, geolocation, the device type and more.

Answer 59

The planning process that identifies an alternate location for operations after a critical outage. It can include a hot site, cold site, or a warm site.

Answer 60

The use of different security control types, such as technical controls administrative controls, and pshysical controls.

Answer 61

An AP that is managed by a controller. Also called a thin AP.

Answer 62

Corporate Owned, Personally Enabled. A mobile device deployment model. The organization purchases and issues devices to employees.

Answer 63

Security controls that attempt to reverse the impact of a security incident.

Answer 64

The point where the false acceptance rate crosses over with the false rejection rate. A lower CER indicates to an employee more a more accurate biometric system.

Answer 65

Certificate Revocation List. A list of certificates that a CA has revoked Certificates are commonly revoked if they are compromised, or issued to an employee who has left the organization.

Answer 66

Cross-site Request Forgery is a web application attack. XSRF attack tick users into peforming actions on websites, such as making purchases.

Answer 67

A web application vulnerability. Attackers embed malicious HTML or AjavaScript code into a web site's code which executes when the user vists the site.

Answer 68

A type of ransomware that encypts the user's data.

Answer 69

A set of hardware, software, and/or firmware that implements cryptographic functions.

Answer 70

A software library of cryptographic standards and algorithms. These libraries are typically distributed within crypto modules.

Answer 71

Certificate Signining Request. A method of requesting a certificate from a CA. It starts by creating an RSA-Based private/public key pair and then including the public key in the CSR.

Answer 72

Counter Mode. A mode of operation used for encryption that combines an IV with a counter. The combined result is used to encrypt blocks.

Answer 73

Mobile device firmware other than the firmware provided wiht the device. People sometimes use custom firmware to root Android devices.

Answer 74

A group of experts who respond to seucrity incidents. also known as CIRT.

Answer 75

Choose Your Own Device. A mobile device deployment model. Employees can connect personally owned device to the network as long as the device is on a prepaproved list.

Answer 76

Discretionary Access Control. An access control model where all objects have owners and owners can modify permissions for the objects (file and folres). Microsoft NTFS uses teh DAC model.

Answer 77

Any data stores on media. Its common to encrypt sinsitve data at rest.

Answer 78

A security feature that prevents code from executing in memory reguins marked as nonexecutable. It helps block malware.

Answer 79

The unauthorized transfer of data outside an organization.

Answer 80

A security policy specifying how long data should be kept retained.

Answer 81

A term that referes to the legal implications of data sotred in different countries. It is primarily a concern related to backups sotred in alternate locations via the cloud.

Answer 82

Distributed Denial of Service Attack. An attack on a system launched from multiple sources intended to make computers resources or services unavailable to users. DDos attacks typically include sustained, abnormally high netork traffic. Compare with DoS.

Answer 83

Code that is never executred or used. It is often caused by logic errors.

Answer 84

The use of multiple layers of security to protect resources. Control diversity and vendor diverisyt are two methods organizations implement to provide defense in depth.

Answer 85

The process of removing data from magnetic media using a very powerful electronic magnet. Degaussing is somtimes used to remove data from backup tapes or to destroy hard disks.

Answer 86

Distinguished Encoding Rules. A base format for PKI certificates. They are BASE 64 ASCII econded files. Compare with CER.

Answer 87

Data Encryption Standard. A legacy symmetric encryption standards used to provide confidentiality. IT hgas been compromised and AES or DES should be used instead.

Answer 88

Security controls that attempt to detect secuiry incidents after they have occured.

Answer 89

A password attack that uses a file of words and character comninations. The attack tries every entry within the file when trying to guess a password.

Answer 90

A type of back up that backs up all the data that has changed or is different since the last full backup.

Answer 91

Deffie-Hellmann, An asymmetric algorithm used to privetly share symmetric keys. DH Ephemeral (DHE) uses ephemeral keys, which are re-created for each session. Elliptic Curve - DHE (ECDHDE) uses elliptic curve cyprtography to generate ecryption keys.

Answer 92

A cyrptography concept that ensures that small changes in plaintext result in significant changes in ciphertext.

Answer 93

A command-line tool used to dest DNS on Linux Systems.

Answer 94

An encrypted hash of a message, encrypted with the sender's private key. It provides authentication, non-repudiation and integrity.

Answer 95

A policy that identifies when administratods shoulddisable user accounts.

Answer 96

An attack that removes wireleess clients from wirtelss network.

Answer 97

A nac Agent that runs on a client, but deletees itslef later. It checks the clien for health. Compare with permanent agent.

Answer 98

An attack that injects a Dynamic link library into memory and runs it. Attackers rewrite the DLL, inserting malicious code.

Answer 99

Data Loss Prevention. A gorup of techonologies used to prevent data loss. They can block the use of USB devices, monitor outgoing email to detech and block unauthorized data transfers, and monitor data stores in the cloud.

Answer 100

Demilitrized Zone, A buffer zone between the internet and the internal network. Internet clients can access the services hosted on servers in the DMZ, but the DMZ provides a layer protection for the internal network.

Answer 101

Domain Name System, a Aservice used to resolve host names to IP addresses. DNS zones inlcude records such as A records for IPv4 addresses and AAAA records for IPv6 addresses.

Answer 102

Domain Name System Security Extensions, A suite of extension to DNS used to protect the integrity of DNS records and prevent some DNS attacks.

Answer 103

An attack that modifies or corrupts DNS results. DNSSEC helps prevent DNS from the owner.

Answer 104

An attack that changes the registration of a domain name withough permission from the owner.

Answer 105

Denial of service. An attack from a single source that attempts to disrupt the services provided by the attacked system. Compare with DDoS.

Answer 106

Atype of attack that forces a system to downgrade its security. The attacker then exploits the lesser security control.

Answer 107

Digital Signature Algorithm. An encrypted hash of a message used for authentication, non-repudiation and integrity. The sender's private key encrypts the hash of the message.

Answer 108

The practice of searching through trash looking to gain information from discarded documents. Shredding or burning papers helpsprevent the successe of dumspter diving.

Answer 109

Extensible Authentication Protocol. An authentication framework that provides general guidance for authentication methods. Variation include PEAP, EAP-TLS, EAP-TTLS, and EAP-FAST.

Answer 110

EAP-Flexible. Authentication via Secure Tunneling EAP-FAST. A cisco designed reaplcement for Lightweight EAP (LEAP). It supports certifiates, but they are optional.

Answer 111

Extensible Authentication Protocol-Transport Layer Security. An extension of EAP sometimes used witrh 802.1x. This is one of the most secure EAP standars and is widely implemented. It requires certificates on the 802/1x server and on the clients.

Answer 112

Extensible Autheitcation Protocol-Tunneled Transport Layer Security. An extension of EAP, sometimes used with 802.1x. It allows systems to use some older autheitcation methods such as PAP whthin TLS Tunnel. It requires a certificate on the 802.1x server but not on the clients.

Answer 113

Electronic CodeBook is a legacy mode ofoperation used for encryption. It is weak and should be depretacted.

Answer 114

Any device that has dedicated function and uses a computer system to perform that function. It includes a CPU, an operating system and one or more applications.

Answer 115

Electromagnetic Interference, which is caused by motors, powerlines and fluorescnt lights. EMI shielding prevents outside interference sources from corrupting data and prevents data from emanating outside the cable.

Answer 116

Electromagnetic pulse. A short burst of energy that can potentially damage electronic equipment. It can result from electrostatic discharge (ESD), lightning and military weapons.

Answer 117

A process that scrambles or ciphers data to make it unreadable. Encryption normally includes a public algorithm and a privete key. Compare with asymetcis and symmetric encyrption.

Answer 118

A wireless mode that uses an 802.1x server for seuciryt. It forces users to authenticate with a Username and password. Compare with open and PSK modles.

Answer 119

Encapsulating Security Payload, an operation within IPSec, to provide confidentiality, integrity, and autentication.

Answer 120

A type of rogue AP, an evil twin has the same SSID as a legitimate AP.

Answer 121

An interview conducted with departing employees, just before they leave an organization.

Answer 122

Tools used to store information about the security vulnerabiliteis. They are often used by penetraion testers (and attackers), to detecht and exploit software.

Answer 123

The part of an internal network shared with outside entities. Extranets are often used to provide access to authorized business partners cutomers, vendors or others.

Answer 124

A biometric method that identifies poeple based on facial features.

Answer 125

A security inicident that isn't detected or reported. As an example, a NIDS false negativs occurs if an attack is active on the network but the NIDS does not raise the alert.

Answer 126

An alert on the event that isnt a secyruty indicent. An example, a NIDS false positive occurs if the NIDS raises an alert but activity on the network is normal.

Answer 127

False Acceptance Rate, also called the false match rate. A rate that identifies the percentage of ties a biometics authentication system incorrectly indicates a match.

Answer 128

A room or enclosure that prevents signals from emanting beyond the room or enclosure.

Answer 129

An AP that includes everything needed to connect wireless clients to a wireless network. Fat APs, must be configured independently. Sometimes called a stand-alone AP. Comapre with thin AP.

Answer 130

The capability of a system to suffer a fault, but continue to operate. Said another way, the system that can tolerate a the fault as if it never occured.

Answer 131

Full Disk Encyption, A method to encypt an entire disk. Compare SED

Answer 132

Two or more members of a federeated identity management system. Used for single sign-on.

Answer 133

Biometric system that can fingerprint for authentication

Answer 134

A software or network device used to filter traffic. Firewall can be application-based (running on a host), or a network-based device. Stateful firewalls filter traffic using rules within an ACL. Stateless firewalls filter traffic based on its state within a session.

Answer 135

Over-the-air updates for mobile device firmware that keep them up to date. These are typically downlodaded to the device from the internet and applied to update the device.

Answer 136

A methid of thwarting flood attacks. On swithces a flood guard thwarts MAC Flood attacks. On routers a flood guard preventes SYN flood attacks.

Answer 137

A structure used to provide a foundation. Cybersecyrity frameowrks typucalle yse a structure of basic comncepts and provide guidance to professionals on how to implement security.

Answer 138

False Rejection Rate, also called the false nonmatch rate. A rate that identifies the percentage of times a biometric authentication system incorrectly rejects a valid match.

Answer 139

File Transfer Protocol Secure. An extension of FTP that uses TLS to encrypt FTP traffic. Some implementations of FTPS use TCP ports 989, 990.

Answer 140

A type of backup that backs up all the selected data. A fill backup could be considered a Normal Backup.

Answer 141

An encrypted connection used with VPNs. When a user is connected to a VPN all traffic from the user us encrypted. Compate with Split tunnel.

Answer 142

Galois/Counter Mode A mode of operation used for encryption. It combines the Counter Mode (CTM), with hashing techniques for data authenticity and condifentiality.

Answer 143

A virtual fence or geographic boundary. It uses GPS to create the boundary. Apps can then respond when a mobile device is within a virutal fence.

Answer 144

The location of adevice identified by GPS. It can help locate a lost or stolen movile device.

Answer 145

Group Policy Object. A technology used withhin Microsoft Windows to amange users and computers. It is implemented on a domain controller wihin a domain.

Answer 146

Global Positioning System. A satellite-based navigation system that identifies the location oa device or vehicle. Mobile devices often incorporate GPS capabilities.

Answer 147

A process of adding geopgraphical data to files such as pictures. It typically includes latitude and longitude coordinates of the location where the picture was taken or the file was created.

Answer 148

A type of penetration test. Testers have some knowldge of the environment prior to starting the test.

Answer 149

A role-based access control method that uses groups as roles.

Answer 150

A pre-created account in Windows Systems. It is disabled by default.

Answer 151

An attacker who launches attacks as part of an activist movement or to further a cause.

Answer 152

A known secure starting point. TPMs have a private key bruned into the hardware that provides a hardware root of trust.

Answer 153

A number created by executing a hashing algorithm against data, such as a file or message Hashing is commmonly used for intefrity. Common hashing algorithms are MD5, SHA1, HMAC.

Answer 154

Also known as behavioral, A type of monitoring on intrusion detection and intrusion prevention systems. It detects attacks by comparing traffic against a baseline. It is also known as anomally detection.

Answer 155

Host-Based instrusion detection system. Software installed on a system to detech attacks. It protects local resources on the host. A host-based intrusion prevention system (HIPS) is an extension of a HIDS. It is software installed on a sustem to detech and block attacks.

Answer 156

A term that indicates a system or component remains available close to 100 of the time.

Answer 157

Hash-based Message Authentication Code, A hashing algorithm used to verify integrity, and authenticity of a message with the use of a shared secret. It is typically comabines with another hashing algorithm such as SHA.

Answer 158

A message often circulated through email, that tells of impending doom from a virus or other security threat that simply doesnt exist.

Answer 159

Smart devices used within the home that have IP Addresses. These are typically accessible via the internet and are part of the internet of things.

Answer 160

A server designed to attackt an attacker. It typically has weakened security encouraging attackers to investigate it.

Answer 161

A group of honeypots in a network. Honeynets are often configured in virtual networks.

Answer 162

A method commonly used in data centers to keep equipment cool. Cool air flows from the front of the cainets to the back, making the fron aisle cooler and the back aisle warmer.

Answer 163

HMAC Based OTP. An open standard used for creating OTP it combines a secret-key and a counter. and then uses HMAC to create a hash of the result.

Answer 164

An alternate location for operations. A hot site typically includes eveything needed to be operational within 60 minutes. Compare with cold site and warm site.

Answer 165

Hardware Security Module: A removable or external device that can generate, store and manage RSA keys used in asymmetric encryption. Compare with TPM.

Answer 166

Hypertext transfer Procotol Secure. A protocol use dto encrypt HTTP traffic. HTTPS encrypts traffic with TLS using port 443.

Answer 167

Heating ventilation and air conditioning. A physical security control that increases availibility by regulating airflow within data centers and server rooms.

Answer 168

Infrastructure as a Service: A cloud computing model that allows an organization to rent access to hardware in a self-managed platform. Compare with PaaS and SaaS.

Answer 169

Industrial Control System:. A system that controls large systems such as power plants or water treatment facilities. _A SCADA system controls the ICS._

Answer 170

The processs that ocuurs when a user claims an identity, such as with a username.

Answer 171

Authentication protocol used in VPNs, wired and wireless networks. VPNs often implement it as a RADIUS server. Wired networks use it for port based authentication. Wirelesss netowrks use it in Enterprise Mode. It can be used with certificate-based authentication.

Answer 172

A command-line tool used on Linux systems to show and manipulate settings on a netowork interface card (NIC). Similiar to IPCONFIG used on Windows Systems.

Answer 173

Internet Message Access Protocol version 4. A protocol used to share and manage email on servers. IMAP4 uses TCP port 143. Secure IMAP4 uses TLS to encrypt traffic.

Answer 174

The magnitude of harm related to a risk. It is the negative result of an event such as the loss of condidentiality, integrity, or availaiblity of a system or data. Compare, with the likelyhod of occurance.

Answer 175

A rule in an ACL tha blocks all traffic that hasnt been explicitly allowed. The implicit deny rules is the last rule in an ACL.

Answer 176

The process of responding to a security incident. Organizations often create an incident response plan that outlines the procedures to be used when responding to an incident.

Answer 177

The proceudres documented in an incident response policy.

Answer 178

The phases of incident repsonse, incluiding preparation identification containment, eradication, recovert and lessons learned.

Answer 179

A type of backup that backs up all the data that has changed since the last full incremental backup.

Answer 180

An attack that injects code or commands. Common injection attacks are DLL injection commant injection, and SQL Injection attacks.

Answer 181

A configuration that forces traffic to pass through a device. A NIPS is placed inline, allowing it to prevent malicious traffic from entering a network. Sometimes called in band. Compare with out-of-band.

Answer 182

A programing process that verifies data is valid before using it.

Answer 183

An attacker who launches attacks from within an organization, typically as an employee

Answer 184

An application attack that attempts to use or create a numeric value that is so big for an application to handle. Input handling and error handling thwart the attack.

Answer 185

One of the three main foals of information security known as the CIA security triad. Integrity provides assurance that data or system configurations have not been modified. Audit logs and hashing are two mthods used to snsure intefiryt. Compare with availability and confidentiality.

Answer 186

An internal network. Poeple use an intranet to communicate and share content with each other.

Answer 187

Internet of Things. The network of physical devices connected to the internet. It typically refers to smart devices with an IP adress, such as a wearable technology and home automation systems.

Answer 188

A command-line tool used on Linux based systems to show and manupulate settings on network interface card (NIC). Developers replaced created this to replace ifconfig.

Answer 189

A command-line tool used on Windows Systems to show the configuration settings on a NIC.

Answer 190

Internet Protocol Security, A suite of protocols used to encrypt data-in-transit that can operate in both tunnel mode and transport mode. It uses tunnel mode and Transport mode in private networks.

Answer 191

An attack that changes the source IP Address.

Answer 192

Biometric Systems that scan the iris of an eye for authentication.

Answer 193

interconnection security agreement. An agreement that specifies thecnical and security requirements for connections between two or more entities. Compare with MOU/MOA.

Answer 194

A wireless attack that attempts to discover the Initialization Vector Legacy security protocols are susceptible to IV Attacks.

Answer 195

The process of modifying an Apple movile device to remove software restrictions. It allows a user to install software from any third party source. Comparable to "rooting".

Answer 196

A DoS attack agains wireless networks. It transmits noise onthe same frequency used by a wireless network.

Answer 197

A process that ensures employees rotate through different jobs to learn the process and procedures in each job. It can sometimes detect fraudulent activity.

Answer 198

Key-Distribution Center. Also known as a TFT Server. Part of the Kerberos protocol used for network authentication. The KDC issues a timestamped tickets that expire.

Answer 199

A network authentication mechanism used with WindowsActiv Directory domains and some Unix enviromentmts known as "realms". It uses a KDC to issue tickets.

Answer 200

The central par of the operating system. In container virtualization, guests share the kernel

Answer 201

Software of ardware used to capture a user's keystrokes. Keystrokes are stored in a file and can be manually retrieved or automatically sent to an attacker.

Answer 202

A technique used to incerase the strength of stored passwords. It adds additional bits (called salts) and can help thwart brute force and rainbow table attacks.

Answer 203

A cryptographic attack that decrypts encrypted data. In this attack, the attacker knows the plaintext used to create ciphertext.

Answer 204

The process of ensuring data tagged clearly so that users know its classification. Lables can be physical labels, such as on backup tapes, or digital labels embedded in files.

Answer 205

Lightweight Directory Access Protocol, a protocol used to communicate with directoroes as Microsoft Active Directory. It identifies objects with query strings using codes such as CN=Users and DC=TestDomain.

Answer 206

Lightweight Directory Access Protocol Secure. A protocol used to encrypt LDAP traffic with TLS.

Answer 207

A core principle of secure systems design. Systems should be deplyed with only the applications, services and protocols needed to meet their purpose.

Answer 208

A security principle that specifies that individuals and process are granted only the rights and permissions needed to perfom assigned the tasks or functions, but not more.

Answer 209

A cour order to maintain data for evidence.

Answer 210

The probability that something will occur. It is used with imacpt in a qualitative risk assessment. Compare with Impact.

Answer 211

A hardware or software that balances the load between two or more servers. Scheduling methods include soruce address IP affinity and round-robin.

Answer 212

Policies that prvent users from logging on from certain locations, or require that they log on only from specific locations.

Answer 213

A type of malware that executes in response to an event. The event might be a specific date or time, or user action such as when

Answer 214

A method of preventing switching loop or bridge lopp problems. Both stp and rstp prevent switching loops.

Answer 215

Mandatory Access Control. An access control model that uses sensitivty lables assigned to objects. and subjects MAC restrics access based on a need to know.

Answer 216

A 48-bit address used to identify network interface cards. It is also called a hardware address or a physical address.

Answer 217

A form of network access control to allow or block acces based on the MAC address. It is configured on siwtches for port security or on APs for wireless security

Answer 218

An attack that changes soruce MAC Address.

Answer 219

A server that examines and processes all incoming and outgoing email. It typically incldes a spam filter and DLP capabilities. Some gateways also provide encryption services.

Answer 220

Malicious software. It includes a wide range of software that has malicious intent, such as viruses worms, ransomware, rootkits logic bombs and more.

Answer 221

A policy that forces emplyees to take vacation The goal is to deter malicious activity, such as a fraud and embezzelment and detect malicious activity whrn it occurs.

Answer 222

An attack that ionfects vulnerable web brosers. Ir can allow the to capture session data including keystrokes.

Answer 223

An attack using active interception or eavesdropping. It uses a third computer to capture browser session data, incldugin keystrokes.

Answer 224

A physical secyrity mechanism designed to control access to a secure area, a Mantrap prevents tailgating.

Answer 225

Message Digest version 5, A haching function used to provide integrity. MD5 creates a 128-bit hashes, which are also referred to as MD5 checksums. Experts consider MD5 cracked.

Answer 226

A group of application and/or technologies used to manage devices. MDM tools can monitor mobile devices and ensure they are in complience with security policies.

Answer 227

An application flaw that consumes memory without releasing it.

Answer 228

Multufuntion devices. Any device that performs multiple funtions. As an example, many printers are MFds because they can print, scan and copy documents. Many also include faxing capabilities.

Answer 229

Multimedia Messaging Service. A method used to send text messages. It is an extension of SMS and supports sending multimedia content.

Answer 230

Memorandum of understanding of memorandum of agreement. A type of adreement that defines responsabilities of each party. Compare with ISA.

Answer 231

Microsoft Challenge Handshake Authentication Protocol version 2. Microsoft implementation of CHAP. MS-CHAPv2 provides mutual authentication. Compare with CHAP and PAP.

Answer 232

Mean Time between failures. A metric that provides a measrue of a system's reliability an is usually represented in hours. The MTBF identifies the average time between failures.

Answer 233

Mean Time to Recover. A metric that identifies the average time it takes to restore a failed system. Organizations that have maintenance contracts often specify the MTTR as part of the contract.

Answer 234

A type of authentication that uses methods from more that one factor of authentication.

Answer 235

Network Access Control A system that inspects clients to ensure they are healthy. Agents inspect clients and agents cna be permanent or dissolvable (also known as agentless).

Answer 236

Network Address Translation, A service that translates public IP addresses to private IP addresses and private IP addresses to public IP Addresses.

Answer 237

Non-Disclosure Agreement, an agreement that is designed to prohibit personnel from sharing propietary data. It can be used with eomplyees within the organization and with other organizations.

Answer 238

A command-line tool used to connect to remote systems.

Answer 239

A command-line tool used to show network statistics on a system.

Answer 240

A process used to discover devices on a network, including how they are connected.

Answer 241

A tool used to discover on a network, including their IP Addresses, their operating system, along with services and protocols running on the devices.

Answer 242

An attack against mobile devices that use near field communication (NFC). NFC is a gorup of standards that allow mobile devices to communicate with nearby mobile devices.

Answer 243

A network based instursion detection system. A device that detects attacks and raises alerts. A NIDS is installed on network devices, such as routers or firewalls, and monitors network traffic.

Answer 244

A network based intrusion prevention system. A device that detects and stops attacks in progress. A NIPS is placed inline (also called in-nad) with traffic that it can actively monitor data streams.

Answer 245

National Institute of Standards and Technology. NIST is a part of the US. Department of Commenrce, and it includes an information Technology Laboratory. The ITL publishes special publicaitions related to security that are freely availaible to anyone.

Answer 246

A command-line tool used to scan networks. It is a type of network scanner.

Answer 247

A number used once. Cyrptography elements frequently use a nonce to add randomness.

Answer 248

A method used in virtual desktops where changes made by a user are not saved. Most (or all) users have the same desktop. Whe users log-off the destop revers to its original state.

Answer 249

The ability to prevent a party from denying an action. Digital Signatures and access logs provide non repudiation.

Answer 250

The process of organizing and columns in a database. Normalization reduces redundant data and improves overall database performance.

Answer 251

A command-line tool used to test DNS on Microsoft Systems. Compare with dig.

Answer 252

New Technology LAN Manager. A suite of protocols that provide confidentiality, integrity and authentication within Windows Systems. Versions include NTLM, NTLMv2, and NTLM2 Session.

Answer 253

An open source standard used for authorization with internet-based single sign-on solutions.

Answer 254

An attempt to make something unclear or difficult to understand. Steganography methods use obfuscation to hide data within data.

Answer 255

Online Certificate Status Protocol, an alternative to using a CRL, it allows entities to query a CA with the serial number of certificate. The CA answers with good, revoked, or unknown.

Answer 256

The process of granting individuals access to an organizations computing resources after being hired. It typically includes giving the employee a user account with appropriate permissions.

Answer 257

A wireless mode that doesnt use security. Compare with enterprise and PSK modes.

Answer 258

An open source standard used for identification on the internet. It is typically used with OAth and it allows clients to verify the identity of end users without managing their credentials.

Answer 259

A method of gathering data using public sources such as social media sites and news outlets.

Answer 260

A term that refers to the order in which you should collect evidence. For example data in memory is more volatile than data on a disk drive. So it should be collected first.

Answer 261

A configuration that allows a device to cllect traffic without the traffic passing through it. Sometimes called passive, compare with inline.

Answer 262

PKCS#7. A common format for PKI certificates. They are DER-Based (ASCII) and commonly used to share public keys.

Answer 263

PKCS #12 A common format for PKI certificates. They are CER-Based (binary) and often hold certificates with the private key. They are commonly encrypted.

Answer 264

Platform as a Service. A cloud computing model that provides cloud customers with a preconfigured computing platform they can use as needed. Compare with IaaS and SaaS.

Answer 265

Password Authentication Protocol. An older authentication protocol where passwords or PINs are sent accreoss the network in cleartext. Compare with CHAP and MS-CHAPv2

Answer 266

A penetration testing method used to collect information. It typically uses open source intelligence. Compare with active recoinnassance.

Answer 267

A password attack that captures and uses the hash of a password. It attempts to log on as the user with the hash and is commonly associated with the Microsoft NTLM protocol.

Answer 268

A tool used to discover passwords.

Answer 269

The process used to keep systems up to date with current patches. It typically includes evaluating and testing patches before deploying them.

Answer 270

A password based Key Derivation Function 2. A key stretching techinque that adds addionationl bits to a password as a salt. It helps prevent brue force and rainbow tables attack.

Answer 271

Protected Enhanced Mail. A common format for PKI certificates. It can use either CER (ASCII) or DER(Binary) formats and can be used for almost any type of certificates.

Answer 272

A charactieristic of encryption keys ensuring that keys are random. Perfect forward secrecy methods do not use determinist algorythms.

Answer 273

A NAC agent that is installed on a client. It checks the client with dissolvable agent.

Answer 274

An audit that analyzes user privileges. It identifies privileges rights and permissions granted to users, and compares them agains what the user needs.

Answer 275

Personal Information Exchange. A common format for PKI certificates. It is the predecessor to P12 certificates.

Answer 276

Personal Health information. PII that includes health information.

Answer 277

The practice of sending email to users with the purpose of tricking them into revealing personal infromation or clicking on a link.

Answer 278

Security controls that you can physically touch.

Answer 279

Personal Identifiable Information. Information about individuals that can be used to trace a persons identity, such as a full name, birth date biometric data and more.

Answer 280

A command-line tool used to test connectivity with remote systems.

Answer 281

A security mechanism used by some web sites to prvent web site imperonation. Web sites procide clients with a list of public key hashes. Clients store the list and use it to validate the web site.

Answer 282

Personal identity verification card. A apecialized type of smart card used by US federal agencies. It includes photo identification and provides confidentiality integrity, authentication and non repudiation.

Answer 283

Pivot is one of the steps in penetration testing. After escaliting privileges, the tester uses additional tools to gain additional information on the exploited computer or on the network.

Answer 284

Text displayed in a readable format. Encryption converts plaintext to ciphertext.

Answer 285

A programming practice that uses a pointer to refrence a memory area. A failed derefenrece operation can corrupt memory and sometimes even cause an application to crash.

Answer 286

Post Office Porotocoll version 3. A protocol used to transfer email from mail servers to clients.

Answer 287

A monitoring port on a switch. All traffic going through the switch it also sent to the port mirror.

Answer 288

Security controls that attempt to prevent a security incident from occuring.

Answer 289

An assessment used to identify and reduce risks related to potential loss of PII. Compare with privacy threshold assessment.

Answer 290

An assessment used to help identify is a system is processing PII. Compare with Privacy Impact Assessment.

Answer 291

Information about an individual that shoyld remain private. Personally Identifiable Information and Personal Health Information are two examples.

Answer 292

A part of a matched key pair used in assysmetric encryption. The priavte key always stays private.

Answer 293

The process of gianing elevated rights and permissions. Malware typically uses a variety of techniques to gain elevated privileges.

Answer 294

An account with elevated privileges. Such as an administrator account.

Answer 295

Data that is related to ownershop. Common examples are information realted to parents of trade secrets.

Glossary Flashcards

Be able to define all terms associated with CompTIA Sec+