Security+ Acronym Flashcards
(149 cards)
1
Q
A port based authentication protocol. It provides authentication when a user connects to a specific access point, or , in this context, a logical port.
It’s primary purpose is to secure the authentication process prior to a client actually gaining access to a network. While this protocol can be used in wired and wireless networks, it is often closely associated with wireless networks.
A
802.1x
2
Q
Symmetric block cipher designed as an improvement over the weaknesses of DES. It encrypts data using the DES algorithm in 3 separate passes and uses multple keys.
It uses multiple keys and multiple passes, not as efficient as AES but still used in some applications when hardware does not support AES. It has key sizes of 56 bits, 112bits, or 168 bits.
A
3DES
3
Q
Provides authentication, authorization and accounting. Authentication verifies a user’s identification. Authorization determines if a user should have access. Accounting tracks user access with logs.
RADIUS and TACACS+ are both considered this protocol because they provide all three services. They authenticate users who attempt remote access, determine if the user is authorized for remote access by checking a database, and then record the user’s activity. TACACS+ uses multiple challenges and responses during a session.
A
AAA
4
Q
Identifies a user or group that is granted permission to a resource. They are contained within a DACL in NTFS.
A
ACE (Access Control Entry)
5
Q
A strong symmetric block cipher it can use key sizes of 128bits, 192bits, or 256 bits. Because of its strengths, it has been adopted for a wide assortment of applications such as encrypting data on a USB drive. It is fast, and requires one pass to encrypt and decypt data.
A
AES (Advanced Encryption Standard)
6
Q
A list of rules used to grant access to a resource. It can define what is allowed based on permissions or based on traffic.
A
ACL (Access Control List)
7
Q
Identified with protocol ID number 51, being a part of IPSEC it provides authentication and integrity.
A
AH (Authentication Header)
8
Q
Used to measure risk with annualized rate of occurrence (ARO) and single loss expectancy (SLE). This identifies the total amount of loss expected for a given risk. The calculation is SLE x ARO = this.
A
ALE (Annualized Loss Expectancy)
9
Q
This provides access to a wired network to wireless clients. Many of these support isolation mode to segment wireless users from other wireless users.
A
AP (Access point or short for Wireless Access Point)
10
Q
Used to measure risk with annualized loss expectancy (ALE) and single loss expectancy (SLE). This identifies how many times a loss is expected to occur in a year. The calculation is SLE x this = ALE
A
ARO (Annualized rate of occurrence)
11
Q
Resolves IP addresses to MAC addresses.
A
ARP (Address Resolution Protocol)
12
Q
These type of attacks can redirect traffic through an attacker’s system by sending false MAC address updates. VLAN segregation helps prevent the scope of these type of attacks within a network.
A
ARP (Address Resolution Protocol) Poisoning
13
Q
Defines proper system usage. It will often describe the purpose of computer systems and networks, how users can access them, and the responsibilities of users when accessing the systems.
A
AUP (Acceptable Use Policy)
14
Q
A plan that helps an organization predict and plan for potential outages of critical services or functions.
A
BCP (Business Continuity Plan)
15
Q
Disaster recovery elements that provide the steps used to return critical functions to operation after an outage. The BIA is part of a this and the BIA drives decisions to create redundancies such as failover clusters or alternate sites.
A
BCP (Business Continuity Plan)
16
Q
This identifies critical business or mission requirements and includes elements such as Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) but it does not identify solutions.
A
BIA (Business Impact Analysis)
17
Q
An automated program or system used to perform one or more tasks. A malicious this is a group of computers called zombies and controlled through a command and control server.
A
BOTS (or Network Robots)
18
Q
Attackers use malware to join computers to these. Zombies regularly check in with the command and control server and can launch DDoS attacks against other victims.
A
BOTS (or Network Robots)
19
Q
This kind of activity often includes hundreds of outbound connections, and some of these use IRC channels.
A
BOTS (or Network Robots)
20
Q
An organization that manages, issues, and signs certificates and is a part of PKI.
A
CA (Certificate Authority)
21
Q
A specialized type of smart card used by the US DOD. It includes photo identification and and provides confidentiality, integrity, authentication, and non-repudiation for the users. It is similar to a PIV.
A
CAC (Common Access Card)
22
Q
A standard that allows microcontrollers and devices to communicate with each other without a host computer.
A
CAN (Controller Area Network)
23
Q
An encryption protocol based on AES used with WPA2 for wireless security. It is more secure than TKIP, used with the original release of WPA.
A
CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)
24
Q
This is a detective control that provides video surveillance. Video survelliance provides reliable proof of a person’s location and activity. It can be used by an organization to verify if any equipment or data is being removed.
A
CCTV (Close Circuit Television)
25
A group of experts that respond to security incidents.
CERT (Computer Emergency Response Team)
AKA CIRT, SIRT, or IRT
26
Authentication mechanism where a server challenges a client.
CHAP (Challenge Handshake Authenticatation Protocol)
27
These three form the security Triad. The first part helps prevent the unauthorized disclosure of data. The second part provides assurances that data has not been modified, tampered with, or corrupted. The third part indicates the data and services are there when needed.
CIA (Confidentiality, Integrity, Availability)
28
Provides an alternate location for operations after a critical outage. A hot site includes personnel, equipment, software, and communications capabilities of the primary site with all the data up to date. A hot site can take over for a failed primary site within an hour. A cold site will have power and connectivity needed for this activation, but little else. A warm site is a compromise between a hot site and a cold site.
COOP (Continuity of Operations Plan)
29
An error detection code used to detect accidental changes than can affect the integrity of data.
CRC (Cyclical Redundancy Check)
30
An access control model where all objects have owners and owners can modify permissions for the objects (files and folders). NTFS uses this model.
DAC (Discretionary Access Control)
31
A list of certificates that have been revoked. The CA that issued the certificate publishes this and this is public.
CRL (Certificate Revocation List)
32
List of Access Control Entries (ACE) in Microsoft's NTFS. Each ACE includes a SID and a permission.
DACL (Discretionary Access Control List)
33
An attack on a system launched from multiple sources intended to make a computer's resources or services unavailable to users. These attacks are often launched from Zombies in BotNets. These attacks are typically sustained, abnormally high network traffic. A performance baseline helps administrators detect these.
DDoS (Distributed Denial of Service)
34
A security feature in some operating systems. It helps prevent an application or service from executing code from a nonexecutable memory region.
DEP (Data Execution Prevention)
35
An older symmetric encryption standard used to provide confidentiality. This uses 56 bits and is considered cracked.
DES (Digital Encryption Standard)
36
A compiled set of code that can be called from other programs.
DLL (Dynamic Link Library)
37
A network based of this type of system can examine and analyze network traffic. It can detect if confidential company data or any PII data is included in e-mail and reduce the risk of internal users e-mailing sensitive data outside the organization.
DLP (Data Loss Protection)
38
Area between two firewalls separating the internet and the internal network. This provides a layer of protection for internet facing servers. It allways access to a server or service for internet users while segmenting and protecting access to the internal network.
DMZ (Demilitarized Zone)
39
Used to resolve host names to IP addresses. It is the primary name resolution service used on the internet and also internal networks
DNS (Domain Name System)
40
Port 53
DNS (Domain Name System)
41
Attemps to modify or corrupt cached DNS results.
DNS Poisoning
42
DNS poisoning attack that redirects a website's traffic to another website.
DNS Pharming attack
43
An attack from a single source that attempts to disrupt the services provided by another system. Examples include SYN flood, smurf, and some buffer overflow attacks.
Denial of Service (DoS)
44
A document designed to help a company respond to disasters, such as hurricanes, floods, and fires. It includes a hierarchical list of critical systems and often prioritizes services to restore after an outage. Testing validates the plan. Recovered systems are tested before returning them to operation, and this can include a comparison to baselines. The final phase of this includes a review to identify any lessons learned and may include an update of the plan.
Disaster Recovery Plan (DRP)
45
This is an encrypted hash of a message. The sender's private key encrypts the hash of the message to create this. The recipient decrypts the hash with the sender's public key, and if successful, it provides authentication, non-repudiation, and integrity. Authentication identifies the sender. Integrity verifies the message has not been modified. Non-repudiation is used with online transactions and prevents the sender from later denying they sent the email.
DSA (Digital Signature Algorithm)
46
An authentication framework that provides general guidance for authentication methods. There is a lightweight and protected version of this.
EAP (Extensible Authentication Protocol)
47
An asymmetric encryption algorithm commonly used with smaller wireless devices such as PDAs and cell phones.
ECC (Elliptic Curve Cryptography)
48
A feature within NTFS on Windows Systems that supports encrypting individual files or folders for confidentiality.
EFS (Encrypting File System)
49
Interference caused by motors, power lines, and fluorescent lights. This type of shielding prevents signal emanation so it can prevent someone from capturing network traffic.
EMI (Electromagnetic Interference)
50
IPSec includes both AH (authentication header) and this to encrypt the data and provide confidentiality, authentication, and integrity. IPSec uses this in tunnel mode when used with VPNs. This is often identified with protocol ID 50.
ESP (Encapsulating Security Payload)
51
Protocol used to upload and download files. It utliizes port 20 and 21. It can use SSH for encryption over port 22.
FTP (File Transfer Protocol)
52
Free software that is based on the OpenPGP standard. It is similar to PGP but avoids and conflict with existing licensing by using open standards.
GPG (GNU Privacy Guard)
53
Used to upload and download files that uses SSL or TLS to encrypt traffic. Some implentations of this use ports 989 and 990.
FTPS (File Transfer Protocol Secure)
54
Used within Microsoft Windows to manage users and computers. It is implemented on a domain controller and administrator's use it to create password policies, lock down the GUI, configure host-based firewalls etc.
GPO (Group Policy Object)
55
A tunneling protocol developed by Cisco Systems.
GRE (Generic Routing Encapsulation)
56
An IDS used to monitor an individual server or workstation. It protects local resources on the host such as the operating system files.
HIDS (Host Based Intrusion Detection System)
57
An extension of a host based IDS it is designed to react in real time to catch an attach in action.
HIPS (Host Based Intrusion Prevention System)
58
This is a fixed length string of bits similar to other hashing algorithms such as MD5 and SHA-1, but it also uses a secret key to add some randomness to the result.
HMAC (Hash-based Message Authentication Code)
59
A removable or external device that can generate, store, and manage RSA keys used in asymmetric encryption. High volume ecommerce sites use these to increase the performance of SSL sessions.
HSM (Hardware Security Module)
60
This system increases availability by regulating airflow within datacenters and server rooms. They use hot and cold to regulate the cooling, thermostats to ensure a constant temperature, and humidity controls to reduce the potential for static discharges and damage from condensation.
HVAC (Heating Ventilation and Air Conditioning.)
61
A cloud computing technology useful for heavily utilized systems and networks. Organizations can limit their hardware footprint and personnel costs by renting access to hardware such as servers.
IaaS (Infrastructure as a Service)
62
Used for diagnostics such as ping. Many DoS attacks use this. It is common to block this at firewalls and routers. If this fails, but other connectivity to a server succeeds, it indicates that this is blocked.
ICMP (Internet Control Message Protocol)
63
A detective control used to detect attacks after they occur. A signature based this uses a database of predefined traffic patterns. An anomaly based this starts with a performance baseline of normal behavior and compares network traffic against this baseline. This can be host-based or network-based.
IDS (Intrusion Detection System)
64
International organization with a focus on electrical, electronics, and information technology topics.
IEEE (Institute of Electrical and Electronic Engineers)
65
Used for multicasting. Computers belonging to a multicasting group have a multicasting IP address in addition to a standard unicast IP address.
IGMP (Internet Group Management Protocol)
66
Used with IPsec to create a secure channel over port 500 in a VPN tunnel.
IKE (Internet Key Exchange)
67
Used to store e-mail on servers and allow clients to manage on their email on the server. This uses port 143.
IMAP4 (Internet Message Access Protocol V4)
68
A preventative control that will stop an attack in progress. It is placed in line with traffic. This can actively monitor data streams, detect malicious content, and stop attacks in progress.
IPS (Intrusion Prevention System)
69
Used to encrypt traffic on the wire and can operate in both tunnel mode and transport mode. It uses tunnel mode for VPN traffic. This thing is built into IPv6, but can also work with IPv4 and it includes both AH and ESP. AH provides authentication and integrity, and ESP provides confidentiality, integrity, and authentication. This uses port 500 for IKE and VPN connections.
IPsec (Internet Protocol Security)
70
Identifies hosts using a 32-bit IP address. IPs are expressed in dotted decimal format with decimal numbers separated by dots like this 192.168.1.1.
IPv4 (Internet Protocol version 4)
71
Identifies hosts using a 128-bit address. IPs are expressed as eight groups of four hexadecimal characters (numbers and letters), such as this: FE80:0000:0000:0000:20D4:3FF7:003F:DE62
IPv6 (Internet Protocol version 6)
72
A form of real-time internet text messaging often used with chat sessions. Some botnets have used these channels to control zombie computers through a command and control server.
IRC (Internet Relay Chat)
73
Provides randomization of encryption keys to help ensure that keys are not reused. WEP was susceptible to these type of attacks because it used relatively small types of these. In this type of attack the attacker uses packet injection, increasing the number of packets to analyze, and discovers the encryption key.
IV (Initialization Vector)
74
Part of the Kerberos protocol used for network authentication. This issues time-stamped tickets that expire.
KDC (Key Distribution Center)
75
Tunneling protocol used with VPNs. Commonly used with IPsec it uses port 1701.
L2TP (Layer 2 Tunneling Protocol)
76
Older authentication protocol used to provide backward compatibility to Windows 9x clients. These type of passwords are easily cracked due to how they are stored.
LANMAN (Local Area Network Manager)
77
Language used to communicate with directories such as Active Directory. It provides a central location to manage user accounts and other directory objects. Uses port 389 when unencrypted and port 636 when encrypted.
LDAP (Lightweight Directory Access Protocol)
78
A modified version of the Challenge Handshake Authentication Protocol created by Cisco. No longer secure.
LEAP (Lightweight Extensible Authentication Protocol)
79
Access control model that uses sensitivity labels assigned to objects (files and folders) and subjects (users). SELinux (deployed in both Linux and Unix platforms) is a trusted operating system platform using this model. Other access control models are DAC and RBAC.
MAC (Mandatory Access Control)
80
A 48-bit address used to uniquely identify NICs. It is also called a hardware address or a physical address.
MAC (Media Access Control)
81
Method used to provide integrity for messages. This uses a secret key to encrypt the hash.
MAC (Message Authentication Code)
82
A hashing function used to provide integrity. Uses 128 bits. A hash is simply a number created by applying the algorithm to a file or message at different times. The hashes are compared to each other to verify that integrity has been maintained.
MD5 (Message Digest 5)
83
An attack that is a form of active interception allowing an attacker to intercept traffic and insert malicious code sent to other clients. Kerberos provides mutual authentication and helps prevent these type of attacks.
MITM (Man in the middle)
84
This identifies the size of the data that can be transferred.
MTU (Maximum Transmission Unit)
85
Inspects clients for health and can restrict network access to unhealthy clients to a remediation network. Clients run agents and these agents report status to this kind of server. This is used for VPN and internal clients. MAC filtering is a form of this\_\_\_.
NAC (Network Access Control)
86
A service that translates public IP addresses to private IP addresses and vice versa. It hides the addresses on an internal network.
NAT (Network Address Translation)
87
Used to monitor a network, it can detect network-based attacks, such as smurf attacks. This ___ cannot monitor encrypted traffic, and cannot monitor traffic on individual hosts.
NIDS (Network-based intrusion detection system)
88
This ____ monitors the network. It can actively monitor data streams, detect malicious content, and stop attacks in progress.
NIPS (Network based intrusion prevention system)
89
This ____ is a part of the U.S. Department of Commerce, and it includes and Information Technology Laboratory (ITL). They have special publications related to security that are freely available for download.
NIST (National Institute of Standards and Technology)
90
These _____ instructions are often used in a buffer overflow attack. An attacker often writes a large number of _____ instructions into memory followed with malicious code.
NOOP (No Operation)
91
Software that runs on a server and enables the server to manage resources on a network.
NOS (Network Operating System)
92
Authentication protocol intended to improve LANMAN. The LANMAN protocol stores passwords using a hash of the password by first dividing the password into two seven-character blocks, and then converting all lower-case letters to uppercase.
This makes LANMAN easy to creack. NTLM stores passwords in LANMAN format for backward compatibility unless the passwords are over 15 characters.
NTLM (New Technolgoy LANMAN)
93
Protocol used to synchronize computer times.
NTP (Network time protocol)
94
International standard proposed for vulnerability assessment scanners to follow.
OVAL (Open Vulnerability Assessment Language)
95
Provides cloud customers with an easy-to-configure operating system and on-demand computing capabilities.
PaaS (Platform as a Service)
96
An older authentication protocol where passwords are sent across the network in clear text. Rarely used today.
PAP (Password Authentication Protocol)
97
A telephone switch used for telephone calls.
PBX (Private Brance Exchange)
98
This _____ provides an extra layer of protection for EAP. It does by encrypting the authentication process by encapsulating and encrypting the EAP conversation in a transport layer security tunnel. Since TLS requires a certificate, this ______ requires a CA to issue certificate.
PEAP (Protected Extensible Authentication Protocol)
99
Commonly used to secure e-mail communications between two individual but also used in companies. It provides confidentiality, integrity, authentication, and non-repudiation. It can digitally sign and encrypt email. It uses both asymmetric and symmetric encryption.
PGP (Pretty good Privacy)
100
A specialized type of smart card used by U.S. Federal agencies. It includes a photo verification and provides confidentiality, integrity, authentication, and non-repudiation for the users. It is similar to a CAC.
PIV (Personal Identity Verification card)
101
Group of technologies used to request, create, manage, store, distribute, and revoke digital certificates.
Certificates are an important part of asymmetric encryption. Certificates include public keys along with the details on the owner of the certificate and on the CA that issued the certificate.
Certificate owners share their public key by sharing a copy of their certificate.
PKI (Public Key Infrastructure)
102
Used to transfer email from mail servers to clients. Uses port 110.
POP3 (Post Office Protocol v3)
103
Tunneling protocol used with VPNs. Uses TCP port 1723.
PPTP (Point-to-Point Tunneling Protocol)
104
A secret shared among different systems. Wireless networks support Personal Mode, where each device uses the same \_\_\_\_. In contrast Enterprise Mode uses an 802.1x or RADIUS server for authentication.
PSK (Pre-shared Key)
105
A designated individual who can recover or restore cryptographic keys. In the context of a PKI, _______ can recover private keys to access encrypted data.
RA (Recovery Agent)
106
Provides central authentication for remote access clients. It encrypts the password packets and uses UDP.
RADIUS (Remote Authentication Dial-In User Service)
107
A server used to provide access to an internal network from an outside location.
RAS (Remote Access Service)
108
An access control model that uses rules to define access. This _______ access control is based on a set of approved instructions, such as an access control list.
RBAC (Rule-based Access Control)
109
Symmetric encryption algorithm that includes versions \_\_2, \_\_4,\_\_5,\_\_6. \_\_4 is a secure stream cipher, and \_\_5 and \_\_6 are block ciphers.
RC (Ron's Code)
110
A hash function used for integrity. It creates fixed length hashes of 128, 160, 256, or 320 bits.
RIPEMD (RACE Integrity Primitives Evaluation Message Digest)
111
This ______ identifies a point in time where data loss is acceptable.
RPO (Recovery Point Objective)
112
An asymmetric algorithm used to encrypt data and digitally sign transmissions. This ____ relies on the mathematical properties of prime numbers when creating public and private keys.
RSA (Rivest, Shamir, Adleman)
113
This protocol are enabled on most switches and protect against switching loops, such as those caused when two ports of a switch are connected together.
RSTP (Rapid Spanning Tree Protocol)
114
This _____ identifies the maximum amount of time it can take to restore a system after an outage.
RTO (Recovery Time Objective)
115
A standard used for delivering audio and video over an IP network.
RTP (Real-time Transport Protocol)
116
Used to secure e-mail, this provides confidentiality, integrity, authentication, and non-repudiation. It can digitally sign and encrypt email, including the encryption of email at rest (stored on a drive) and in transit. It uses RSA, with public and private keys for encryption and decryption, and depends on PKI for certificates.
S/MIME (Secure/Multipurpose Internet Mail Extensions)
117
Applications provided over the internet. Webmail is example of a cloud-based technology.
SaaS (Software as a service)
118
A method with automated vulnerability management, measurement, and policy compliance evaluation tools.
SCAP (Security Content Automation Protocol)
119
Based on SSH. This allows users to copy encrypted files over a network port 22.
SCP (Secure Copy)
120
A trusted operating system platform that prevents malicious or suspicious code from executing on both Linux and UNIX systems. It is one of the few systems that use the MAC model.
SELinux
121
A hashing function to provide integrity. It uses 160bit and 256 bits.
SHA (Secure Hash Algorithm)
122
Used to measure risk with annualized loss expectancy (ALE) and annualized rate of occurrence (ARO). The identifies the expected dollar amount for a single event resulting in a loss. The calculation is ____ x ARO=ALE.
SLE (Single Loss Expectancy)
123
Used to transfer email between clients and servers and other servers. Uses port 25.
SMTP (Simple mail transfer protocol)
124
Used to manage network devices such as routers and switches.
SNMP (Simple Network Management Protocol)
125
A multiplexing protocol used to transfer data over optical fiber.
SONET (Synch
126
A form of spam using instant messaging that targets instant messaging users.
SPIM (Spam over Instant Messaging)
127
Port 1433
SQL (Structered Query Language)
128
Port 443
SSL (Secure Sockets Layer)
129
A tunneling protocol that encrypts VPN traffic using SSL over Port 443
SSTP (Secure Socket Tunneling Protocol)
130
Protocol enabled on most switches that protects against switching loops.
STP (Spaning Tree Protocol)
131
The first packet in a TCP handshake. In this type of flood attack, attackers send this packet, but do not complete the handshake.
SYN (Synchronize)
132
An older remote authentication protocol that was commonly used in Unix networks. Uses UDP Port 49.
TACACS (Terminal Access Controller Access - Control System)
133
Provides central authentication for remote access clients and used as an alternative to RADIUS. Uses TCP port 49. It encrypts the entire authentication process, compared with RADIUS, which only encrypts the password. IT uses multiple challenges and responses.
TACACS+
134
A factor considered when purchasing new products and services. TCO attempts to identify the cost of a product or service over its lifetime.
TCO (Total Cost of ownership)
135
Provides guaranteed delivery of IP traffic using a 3-way handshake.
TCP (Transmission Control Protocol)
136
Used to transfer small amounts of data with UDP port 69. In contrast, FTP is used to transfer larger files using TCP ports 20 and 21.
TFTP (Trivial File Transfer Protocol)
137
Wireless security protocol introduced to address the problems with WEP. This ___ was used with WPA but many implementations now support CCMP.
TKIP (Temporal Key Integrity Protocol)
138
Used the encrypt traffic on the wire. ____ is the replacement for SSL and like SSL, it uses certificates issued by CAs. PEAP-\_\_\_\_ uses ___ to encrypt the authentication process and PEAP-\_\_\_ requires a CA to issue certificates.
TLS (Transport Layer Security)
139
This is a hardware chip on the motherboard included on many newer laptops. A ___ includes a unique RSA asymmetric key, and it can generate and store other keys used for encryption, decryption, and authentication. ____ provides full disk encryption.
140
One of the last phases of testing an application before its release.
UAT (User Acceptance Testing)
141
Used instead of TCP when guaranteed delivery of each packet is not necessary. ___ uses a best effort delivery mechanism.
UDP (User Datagram Protocol)
142
A firewall specifically designed to protect a web application, such as a web server. A ___ inspects the contents of traffic to a web server, can detect malicious content, and block it.
WAF (Web Application Firewall)
143
Original wireless security protocol. Had significant security flaws and was replaced with WPA, and ultimately WPA2. ___ used RC4 incorrectly making it susceptible to IV attacks.
WEP (Wired Equivalency Privacy)
144
An IDS used for wireless networks.
WIDS (Wireless Intrusion Detection System)
145
An IPS used for wireless networks.
WIPS (Wireless Intrusion Prevention System)
146
Used to encrypt traffic for smaller wireless devices.
WTLS (Wireless Transport Layer Security)
147
Used by many databases for inputting or exporting data.
XML (Extensible Markup Language)
148
An attack that causes users to perform actions on websites without their knowledge. In some cases, attackers use header manipulation to steal cookies and harvest passwords.
XSRF (Cross-site request forgery)
149
Scripting allows an attacker to redirect useres to malicious websites and steal cookies.
XSS (Cross-Site scripting)
