Glossary D

Question 1

DAC (discretionary access control)

Answer 1

Access control model where each resource is protected by an Access Control List (ACL) managed by the resource’s owner (or owners).

Question 2

data at rest

Answer 2

Information that is primarily stored on specific media, rather than moving from one medium to another.

Question 3

data breach

Answer 3

When confidential or private data is read, copied, or changed without authorization. Data breach events may have notification and reporting requirements.

Question 4

data controller

Answer 4

In privacy regulations, the entity that determines why and how personal data is collected, stored, and used.

Question 5

data custodian

Answer 5

An individual who is responsible for managing the system on which data assets are stored, including being responsible for enforcing access control, encryption, and backup/recovery measures.

Question 6

data exfiltration

Answer 6

The process by which an attacker takes data that is stored inside of a private network and moves it to an external network.

Question 7

data exposure

Answer 7

A software vulnerability where an attacker is able to circumvent access controls and retrieve confidential or sensitive data from the file system or database.

Question 8

data governance

Answer 8

The overall management of the availability, usability, and security of the information used in an organization.

Question 9

data in processing

Answer 9

Information that is present in the volatile memory of a host, such as system memory or cache.

Question 10

data in transit

Answer 10

Information that is being transmitted between two hosts, such as over a private network or the Internet. Also known as data in motion.

Question 11

data masking

Answer 11

A deidentification method where generic or placeholder labels are substituted for real data while preserving the structure or format of the original data.

Question 12

data minimization

Answer 12

In data protection, the principle that only necessary and sufficient personal information can be collected and processed for the stated purpose.

Question 13

data owner

Answer 13

A senior (executive) role with ultimate responsibility for maintaining the confidentiality, integrity, and availability of an information asset.

Question 14

data processor

Answer 14

In privacy regulations, an entity trusted with a copy of personal data to perform storage and/or analysis on behalf of the data collector.

Question 15

data remnant

Answer 15

Leftover information on a storage medium even after basic attempts have been made to remove that data. Also known as remnant.

Question 16

data sovereignty

Answer 16

In data protection, the principle that countries and states may impose individual requirements on data collected or stored within their jurisdiction.

Question 17

data steward

Answer 17

An individual who is primarily responsible for data quality, ensuring data is labeled and identified with appropriate metadata and that data is collected and stored in a format and with values that comply with applicable laws and regulations.

Question 18

DCHP snooping

Answer 18

A configuration option that enables a switch to inspect DHCP traffic to prevent MAC spoofing.

Question 19

dd command

Answer 19

Linux command that makes a bit-by-bit copy of an input file, typically used for disk imaging.

Question 20

DDoS attack (distributed denial of service attack)

Answer 20

An attack that uses multiple compromised hosts (a botnet) to overwhelm a service with request or response traffic.

Question 21

dead code

Answer 21

Code in an application that is redundant because it will never be called within the logic of the program flow.

Question 22

deauthentication/disassociation

Answer 22

Spoofing frames to disconnect a wireless station to try to obtain authentication data to crack.

Question 23

deception and disruption

Answer 23

Cybersecurity resilience tools and techniques to increase the cost of attack planning for the threat actor.

Question 24

default account

Answer 24

Default administrative and guest accounts configured on servers and network devices are possible points of unauthorized access.

Question 25

defense in depth

Answer 25

A security strategy that positions the layers of network security as network traffic roadblocks; each layer is intended to slow an attack's progress, rather than eliminating it outright

Question 26

degaussing

Answer 26

The process of rendering a storage drive inoperable and its data unrecoverable by eliminating the drive's magnetic charge.

Question 27

deidentification

Answer 27

In data protection, methods and technologies that remove identifying information from data before it is distributed.

Question 28

deprovisioning

Answer 28

The process of removing an application from packages or instances.

Question 29

DER (distinguished encoding rules)

Answer 29

The binary format used to structure the information in a digital certificate.

Question 30

DER (distinguished encoding rules)

Answer 30

The binary format used to structure the information in a digital certificate.

Question 31

DER (distinguished encoding rules)

Answer 31

The binary format used to structure the information in a digital certificate.

Question 31

DER (distinguished encoding rules)

Answer 31

The binary format used to structure the information in a digital certificate.

Question 32

detective control

Answer 32

A type of security control that acts during an incident to identify or record that it is happening.

Question 33

deterrent control

Answer 33

A type of security control that discourages intrusion attempts.

Question 34

DH (Diffie-Hellman)

Answer 34

A cryptographic technique that provides secure key exchange

Question 35

DHCP spoofing (Dynamic Host Configuration Protocol spoofing)

Answer 35

An attack in which an attacker responds to a client requesting address assignment from a DHCP server.

Question 36

Diamond Model

Answer 36

A framework for analyzing cybersecurity incidents.

Question 37

dictionary attack

Answer 37

A type of password attack that compares encrypted passwords against a predetermined list of possible password values.

Question 38

differential backup

Answer 38

A backup type in which all selected files that have changed since the last full backup are backed up.

Question 39

DiffServ

Answer 39

The Differentiated Services Code Point (DSCP) field is used to indicate a priority value for a layer 3 (IP) packet to facilitate Quality of Service (QoS) or Class of Service (CoS) scheduling.

Question 40

digital signature

Answer 40

A message digest encrypted using the sender's private key that is appended to a message to authenticate the sender and prove message integrity.

Question 41

directory service

Answer 41

A network service that stores identity information about all the objects in a particular network, including users, groups, servers, client computers, and printers.

Question 42

directory traversal

Answer 42

An application attack that allows access to commands, files, and directories that may or may not be connected to the web document root directory.

Question 43

diversity

Answer 43

Cybersecurity resilience strategy that increases attack costs by provisioning multiple types of controls, technologies, vendors, and crypto implementations.

Question 44

DLP (data loss/leak prevention)

Answer 44

A software solution that detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks.

Question 45

DMZ (demilitarized zone)

Answer 45

A segment isolated from the rest of a private network by one or more firewalls that accepts connections from the Internet over designated ports.

Question 46

DNAT (destination network address translation)

Answer 46

NAT service where private internal addresses are mapped to one or more public addresses to facilitate Internet connectivity for hosts on a local network via a router.

Question 47

DNS hijacking (Domain Name System hijacking)

Answer 47

An attack in which an attacker modifies a computer's DNS configurations to point to a malicious DNS server.

Question 48

DNS poisoning (Domain Name System poisoning)

Answer 48

A network-based attack where an attacker exploits the traditionally open nature of the DNS system to redirect a domain name to an IP address of the attacker's choosing.

Question 49

DNSSEC (Domain Name System Security Extensions)

Answer 49

A security protocol that provides authentication of DNS data and upholds DNS data integrity.

Question 50

domain hijacking

Answer 50

A type of hijacking attack where the attacker steals a domain name by altering its registration information and then transferring the domain name to another entity. Sometimes referred to as brandjacking.

Question 51

DoS attack (denial of service attack)

Answer 51

Any type of physical, application, or network attack that affects the availability of a managed resource.

Question 52

downgrade attack

Answer 52

A cryptographic attack where the attacker exploits the need for backward compatibility to force a computer system to abandon the use of encrypted messages in favor of plaintext messages.

Question 53

DPO (data privacy officer)

Answer 53

Institutional data governance role with responsibility for compliant collection and processing of personal and sensitive data.

Question 54

DRP (disaster recovery plan)

Answer 54

A documented and resourced plan showing actions and responsibilities to be used in response to critical incidents. 

Question 55

DSA (Digital Signature Algorithm)

Answer 55

public key encryption standard used for digital signatures that provides authentication and integrity verification for messages.

Question 56

dump file

Answer 56

File containing data captured from system memory.

Question 57

dumpster diving (Dumpster)

Answer 57

The social engineering technique of discovering things about an organization (or person) based on what it throws away.