Glossary A-B

Question 1

AAA (authentication, authorization, and accounting)

Answer 1

A security concept where a centralized platform verifies subject identification, ensures the subject is assigned relevant permissions, and then logs these actions to create an audit trail.

Question 2

ABAC (attribute-based access control)

Answer 2

An access control technique that evaluates a set of attributes that each subject possesses to determine if access should be granted.

Question 3

account policies

Answer 3

A set of rules governing user security information, such as password expiration and uniqueness, which can be set globally.

Question 4

ACL (Access Control List)

Answer 4

A collection of access control entries (ACEs) that determines which subjects (user accounts, host IP addresses, and so on) are allowed or denied access to the object and the privileges given (read only, read/write, and so on).

Question 5

active defense

Answer 5

The practice of responding to a threat by destroying or deceiving a threat actor’s capabilities.

Question 6

adversarial AI (adversarial artificial intelligence)

Answer 6

Using AI to identify vulnerabilities and attack vectors to circumvent security systems.

Question 7

AES (Advanced Encryption Standard)

Answer 7

A symmetric 128-, 192-, or 256-bit block cipher based on the Rijndael algorithm developed by Belgian cryptographers Joan Daemen and Vincent Rijmen and adopted by the U.S. government as its encryption standard to replace DES.

Question 8

Agile model (Agile)

Answer 8

A software development model that focuses on iterative and incremental development to account for evolving requirements and expectations.

Question 9

AH (authentication header)

Answer 9

An IPSec protocol that provides authentication for the origin of transmitted data as well as integrity and protection against replay attacks.

Question 10

air gap

Answer 10

A type of network isolation that physically separates a network from all other networks.

Question 11

AIS (Automated Indicator Sharing)

Answer 11

Threat intelligence data feed operated by the DHS.

Question 12

ALE (annual loss expectancy)

Answer 12

The total cost of a risk to an organization on an annual basis. This is determined by multiplying the SLE by the annual rate of occurrence (ARO).

Question 13

AP (access point)

Answer 13

A device that provides a connection between wireless devices and can connect to wired networks. Also known as wireless access point or WAP.

Question 14

API (application programming interface)

Answer 14

A library of programming utilities used, for example, to enable software developers to access functions of the TCP/IP network stack under a particular operating system.

Question 15

application aware firewall

Answer 15

A Layer 7 firewall technology that inspects packets at the Application layer of the OSI model.

Question 16

application firewall

Answer 16

Software designed to run on a server to protect a particular application such as a web server or SQL server.

Question 17

APT (advanced persistent threat)

Answer 17

An attacker’s ability to obtain, maintain, and diversify access to network systems using exploits and malware.

Question 18

Arduino

Answer 18

Open-source platform producing programmable circuit boards for education and industrial prototyping.

Question 19

ARO (annual rate of occurrence)

Answer 19

In risk calculation, an expression of the probability/likelihood of a risk as the number of times per year a particular loss is expected to occur.

Question 20

ARP inspection

Answer 20

An optional security feature of a switch that prevents excessive ARP replies from flooding a network segment.

Question 21

ARP poisoning (ARP spoofing)

Answer 21

A network-based attack where an attacker with access to the target local network segment redirects an IP address to the MAC address of a computer that is not the intended recipient. This can be used to perform a variety of attacks, including DoS, spoofing, and Man-in-the-Middle.

Question 22

asymmetric algorithm (Public Key)

Answer 22

A cipher that uses public and private keys. The keys are mathematically linked, using either Rivel, Shamir, Adleman (RSA) or elliptic curve cryptography (ECC) algorithms, but the private key is not derivable from the public one. An asymmetric key cannot reverse the operation it performs, so the public key cannot decrypt what it has encrypted, for example. Also known as Elliptic Curve Cryptography or ECC.

Question 23

ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge)

Answer 23

A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and procedures.

Question 24

attack surface

Answer 24

The points at which a network or application receives external connections or inputs/outputs that are potential vectors to be exploited by a threat actor.

Question 25

attack vector

Answer 25

A specific path by which a threat actor gains unauthorized access to a system. Also known as vector.

Question 26

authenticator

Answer 26

A PNAC switch or router that activates EAPoL and passes a supplicant’s authentication data to an authenticating server, such as a RADIUS server.

Question 27

automation

Answer 27

Using scripts and APIs to provision and deprovision systems without manual intervention.

Question 28

Autopsy

Answer 28

The Sleuth Kit is an open source collection of command line and programming libraries for disk imaging and file analysis. Autopsy is a graphical frontend for these tools and also provides a case management/workflow tool. Also known as Sleuth Kit.

Question 29

availability

Answer 29

The fundamental security goal of ensuring that computer systems operate continuously and that authorized persons can access data that they need.

Question 30

BAS (building automation system)

Answer 30

Components and protocols that facilitate the centralized configuration and monitoring of mechanical and electrical systems within offices and data centers.

Question 31

baseband radio

Answer 31

The chip and firmware in a smartphone that acts as a cellular modem

Question 32

baseline configuration

Answer 32

A collection of security and configuration settings that are to be applied to a particular system or network in the organization.

Question 33

bash (Bourne again shell)

Answer 33

A command shell and scripting language for Unix-like systems.

Question 34

bastion host

Answer 34

A server typically found in a DMZ that is configured to provide a single service to reduce the possibility of compromise.

Question 35

behavioral analysis

Answer 35

A network monitoring system that detects changes in normal operating data sequences and identifies abnormal sequences. Also known as behavior-based detection.

Question 36

BIA (business impact analysis)

Answer 36

A systematic activity that identifies organizational risks and determines their effect on ongoing, mission critical operations.

Question 37

birthday attack

Answer 37

A type of password attack that exploits weaknesses in the mathematical algorithms used to encrypt passwords, in order to take advantage of the probability of different password inputs producing the same encrypted output.

Question 38

block cipher

Answer 38

A type of symmetric encryption that encrypts data one block at a time, often in 64-bit blocks. It is usually more secure, but is also slower, than stream ciphers.

Question 39

blockchain

Answer 39

A concept in which an expanding list of transactional records listed in a public ledger is secured using cryptography.

Question 40

blue team

Answer 40

The defensive team in a penetration test or incident response exercise.

Question 41

bluejacking

Answer 41

Sending an unsolicited message or picture message using a Bluetooth connection.

Question 42

bluesnarfing

Answer 42

A wireless attack where an attacker gains access to unauthorized information on a device using a Bluetooth connection.

Question 43

boot attestation

Answer 43

Report of boot state integrity data that is signed by a tamper-proof TPM key and reported to a network server.

Question 44

botnet

Answer 44

A set of hosts that has been infected by a control program called a bot that enables attackers to exploit the hosts to mount attacks. Also known as zombie.

Question 45

BPA (business partnership agreement)

Answer 45

Agreement by two companies to work together closely, such as the partner agreements that large IT companies set up with resellers and solution providers.

Question 46

BPDU guard (Bridge Protocol Data Unit guard)

Answer 46

Switch port security feature that disables the port if it receives BPDU notifications related to spanning tree. This is configured on access ports where there any BPDU frames are likely to be malicious.

Question 47

brute force attack

Answer 47

A type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack encrypted passwords.

Question 48

buffer overflow

Answer 48

An attack in which data goes past the boundary of the destination buffer and begins to corrupt adjacent memory. This can allow the attacker to crash the system or execute arbitrary code.

Question 49

bug bounty

Answer 49

Reward scheme operated by software and web services vendors for reporting vulnerabilities.

Question 50

BYOD (bring your own device)

Answer 50

Security framework and tools to facilitate use of personally-owned devices to access corporate networks and data.