sec_20250514002345

Question 1

AAA

Answer 1

AAA – Authentication, Authorization, Accounting

Question 2

ACL

Answer 2

Access Control List. Permissions attached to a file when using DAC, or a list of filtering rules in a firewall.

Question 3

AH

Answer 3

Authentication Header
Provides:
Integrity
Encryption
Authentication
Anti-replay

Question 4

APT

Answer 4

An APT (advanced persistent threat) is the worst type of threat actor.
They can compromise a system, and by definition, maintain long term remote access without being detected.

Question 5

CA

Answer 5

Certificate Authority (provides certificates to computers)

Question 6

CASB

Answer 6

CASB = Cloud Access Security Broker. A proxy server that filters everything that goes in and out of the cloud. Typically includes all the functions a NGFW would have, plus many others.

Question 7

CIRT

Answer 7

Computer Incident Response Team, a team that handles cybersecurity incidents.

Question 8

CIA

Answer 8

CIA – Confidentiality, Integrity, Availability

Question 9

CRC

Answer 9

Cyclic Redundancy Check (used to detect errors with Ethernet messages)

Question 10

CRL

Answer 10

Certificate Revocation List: A list (by serial number) of all revoked certificates that a CA has previously issued. These lists can become very large, which is why OCSP was created. A decent option if the computer is airgapped.

Question 11

CSR

Answer 11

Certificate Signing Request: This is sent to a CA to begin the process of certificate creation. The CSR should include the public key, domain/device validation (proof of ownership), common name, location, etc.

Question 12

CVE

Answer 12

Common Vulnerabilities and Exposures

Question 13

CVSS

Answer 13

Common Vulnerability Scoring System. It is a public framework for quantifying the severity of vulnerabilities in information systems, helping security teams prioritize patching and mitigation efforts.

Question 14

DBA

Answer 14

Database Administrator

Question 15

DHCP

Answer 15

DHCP (Dynamic Host Configuration Protocol) refers to a network service that automatically assigns IP addresses and other network configuration information to devices on a network

Question 16

DLP

Answer 16

Data Loss Prevention

Question 17

DLP

Answer 17

Data Loss Preventer. A software that stops users from leaking sensitive data.

Question 18

DNSSEC

Answer 18

Domain Name System Security Extensions

Question 19

DRP

Answer 19

Disaster Recovery Plan

Question 20

EAP

Answer 20

Extensible Authentication Protocol, which is a framework used for authenticating users on networks, particularly wireless networks

Question 21

EDR

Answer 21

EDR stands for Endpoint Detection and Response and its essentially
an advanced anti-malware software you would install on a computer.

Question 22

Embedded systems

Answer 22

Embedded systems. Computer systems that are extremely specialized, often with limited resources/hardware. Not built for constantly changing environments.

Question 23

ESP

Answer 23

ESP: Encapsulating Security Payload
provides:
Integrity
Encryption
Authentication
Anti-replay

Question 24

FDE

Answer 24

FDE (Full Disk Encryption) you will need a TPM and should back up the keys to escrow.

Question 25

FIM

Answer 25

File integrity monitoring

Question 26

GPO

Answer 26

GPO = Group Policy Object. A set of security settings in Windows.

Question 27

HIDS

Answer 27

Host Intrusion Detection Systems

Question 28

HIPS

Answer 28

Host Intrusion Prevention System

Question 29

HSM

Answer 29

hardware security module (HSM) is a physical computing device that safeguards and manages secrets (most importantly digital keys), and performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions.

Question 30

IDS

Answer 30

Intrusion Detection System. A server/software that can detect well-known attacks, but unlike IPS doesn’t block them. Alerting only!

Question 31

IPS

Answer 31

Intrusion Prevention System. A server/software that can block well-known attacks based off of signatures (pattern recognition).

Question 32

IPSec

Answer 32

IPSec (Internet Protocol Security) is a suite of protocols that provide security for network communications over an IP network

Question 33

IRP

Answer 33

Incident Response Plan

Question 34

Key Escrow

Answer 34

it is advisable to back up the encryption keys to a safe place. This is called key escrow

Question 35

LEAP

Answer 35

Lightweight Extensible Authentication Protocol (LEAP) is a proprietary wireless LAN authentication method developed by Cisco Systems

Question 36

MAC

Answer 36

In the MAC (mandatory access control) model: Subjects (users/applications) are granted clearance tags/labels. Objects (files/folders/etc) are given classification tags/labels. If you have, for example, secret clearance, you are permitted within the MAC model to see secret, confidential, and any other classifications considered to be beneath secret. You cannot see any files with classifications above your clearance level, such as top secret.

Question 37

NAC

Answer 37

NAC = Network Access Control. Typically provided through 802.1x or MAC filtering.

Question 38

NAT

Answer 38

NAT (Network Address Translation) refers to the process of translating private IP addresses within an internal network to a public IP address before they are sent to an external network

Question 39

NGFW

Answer 39

Next Generation Firewall. A firewall that can also act as a DLP (Data Loss Preventer) and a VPN endpoint

Question 40

NIDS

Answer 40

Network-Based Intrusion Detection System

Question 41

NIPS

Answer 41

Network-based Intrusion Prevention System

Question 42

OAUTH

Answer 42

Oauth is typically used for sending authorizations from one web service / cloud server to another, but doesn’t typically handle authentication.

Question 43

OCSP

Answer 43

Online Certificate Status Protocol: Used to quickly check that a certificate hasn’t been revoked, without needing to download a complete CRL from the CA. OCSP messages are signed to provide authenticity, integrity, and non-repud. This requires an internet connection.

Question 44

OpenID Connect

Answer 44

OpenID Connect combines the functionality of Oauth with the functionality of a SSO (authentication) solution.

Question 45

PAM

Answer 45

Privileged Account Management. This category of software can offer all of the requirements shown above, and much more.

Question 46

PAP

Answer 46

PAP, typically used with point to point serial connections, sends your password as plaintext.

Question 47

PEAP

Answer 47

PEAP (Protected Extensible Authentication Protocol) enhances wireless network security by encasing the EAP authentication process within a TLS tunnel

Question 48

PFX File

Answer 48

A binary format for storing the server certificate, any intermediate certificates, and the private key into a single encryptable file. This file is typically what is sent to key escrow.

Question 49

RA

Answer 49

Registration Authority. Company that owns the CAs (Certificate Authorities)

Question 50

RADIUS

Answer 50

Remote Authentication Dial-In User Service. It's a protocol used to authenticate and authorize users accessing a network, commonly used for VPNs, Wi-Fi networks, and other network access points

Question 51

RBAC

Answer 51

Role Based Access Control. An access structure where permissions are granted to roles based off of job functions/responsibilities. Those roles are assigned to users so that they only get the permissions they need for their job.

Question 52

RDP

Answer 52

Remote Desktop Protocol (RDP) is a secure network communication protocol developed by Microsoft

Question 53

RPO

Answer 53

Recovery point objective

Question 54

RTOS

Answer 54

RTOS = Real Time Operating System. Optimized for time-sensitive applications. They are not designed for flexibility or frequent changes.

Question 55

SAML

Answer 55

SAML is an XML-based format used to exchange authentication information and thereby achieve identity federations (SSO). It doesn’t actually send your password from one system to another in the process. Instead it tokenizes credentials across multiple parties. Security Assertion Markup Language. Used for ID federation (web based SSO)

Question 56

SAN

Answer 56

Storage Area Network

Question 57

SASE

Answer 57

SASE = Secure Access Service Edge. A cloud software as a service (SaaS) that enables an organization to support remote users by automatically opening a VPN tunnels from them to nearby and redundant cloud gateways/access brokers. This is apposed to filtering all the traffic through a corporate data center which can become a choke point and single point of failure.

Question 58

SCADA

Answer 58

SCADA = Supervisory Control and Data Acquisition. Used to control industrial systems that are typically not designed for dynamic or rapidly changing environments

Question 59

SD-WAN

Answer 59

Software Defined Wide Area Networks. Using software to control how the internet functions.

Question 60

SDLC

Answer 60

Software Development Life Cycle

Question 61

SDN

Answer 61

Software-defined networking combines traditional network design with automated and flexible deployment

Question 62

Secure Enclave

Answer 62

Secure Enclave is a security subsystem within Apple SOC (systems on a chip).

Question 63

Serverless framework

Answer 63

Serverless frameworks offer: Cost Efficiency: Serverless frameworks operate on a pay-per-use model. (examples include AWS Lambda, Azure Functions, or Google Cloud Functions) Scalability: Serverless architectures automatically scale up or down based on demand. Reduced Complexity: The cloud provider manages the underlying infrastructure, so that the developer can focus on making their app.

Question 64

SPF

Answer 64

SPF = Sender Policy Framework. Used to stop email spoofing/forgery.

Question 65

SSO

Answer 65

Single Sign-On. It's a security authentication method that allows users to access multiple applications and systems using a single set of credentials. This centralized authentication approach simplifies the user experience and can improve security by reducing password management burdens and potential vulnerabilities.

Question 66

TLS

Answer 66

Transport Layer Security. An encryption system used to encrypt HTTP and turn it into HTTPS. This primarily provides confidentiality and authenticity to HTTP traffic. TLS typically requires certificates to operate.

Question 67

TPM

Answer 67

TPM (Trusted Platform Module) BitLocker will store the encryption keys on the TPM (Trusted Platform Module)

Question 68

WAF

Answer 68

Web Application Firewall. A firewall that filters HTTP messages to protect a web server/site from attacks such as buffer overflows, cross-site scripts (XSS), SQL injections, and malware.

Question 69

Zero Trust

Answer 69

Zero Trust – is a security strategy or architecture that focuses on the following: Never trust, always verify. Assume all traffic is from the internet and every message is a possible attack. Everyone and everything must authenticate. MFA is preferred. Least privilege for everyone. Company wide access controls should be in place. The network should be heavily segmented and filtered.

Question 70

SCAP

Answer 70

SCAP = Secure Content Automation Protocol. Usually used as a vulnerability scanner or a compliance scanner. Use it to determine if a device is following a known baseline.

Question 71

S/MIME

Answer 71

S/MIME is a protocol for singing and encrypting emails.

Question 72

IMAP

Answer 72

IMAP is a protocol used for accessing and managing emails stored on an email server.

Question 73

SNMP

Answer 73

SNMP (Simple Network Management Protocol) is used for monitoring and configuring network equipment. The only version of SNMP that is secure (encryption & integrity) is version 3.

Question 74

SOAR

Answer 74

SOAR stands for Security Orchestration Automation and Response.

Question 75

SIEM

Answer 75

Security Information and Event Management (SIEM) systems

Question 76

OWASP

Answer 76

Open Web Application Security Project. OWASP is a non-profit foundation dedicated to improving the security of software and web applications.

Question 77

SLA

Answer 77

service level agreement

Question 78

MOU

Answer 78

memorandum of understanding

Question 79

MSA

Answer 79

Master Service Agreement

Question 80

BPA

Answer 80

Business partnership agreements (BPA) are legal agreements between partners

Question 81

ARO

Answer 81

Annual Rate of Occurrence – how often an attack or event happens per year.

Question 82

RTO

Answer 82

Recovery Time Objective – how long it should take to perform recovery when following a IRP/DRP.

Question 83

RPO

Answer 83

Recovery Point Objective – how much data we are willing to lose / how often to make backups.

Question 84

SLE

Answer 84

Single Loss Expectancy – how much is lost when the asset is attacked once.

Question 85

MTBF

Answer 85

MTBF = Mean Time Between Failures

Question 86

MTTR

Answer 86

MTTR = Mean Time To Recovery (real world average time for recovery)

Question 87

MOA

Answer 87

memorandum of agreement