Terms

Question 1

What is ARO

Answer 1

Annualized Rate of Occurrence, estimate how often a threat or risk is likely to occur

Question 2

What is ALE

Answer 2

Annual Lose Expectancy, average and estimated loss rate of devices to things like stolen property

Question 3

What is COPE

Answer 3

Company Owned Personally Enabled, When the company provides a Mobile device to an employee and can be used also as a personal device as well.

Question 4

What is CRL

Answer 4

Certificate Revocation List, a list of public key certificates that have been revoked

Question 5

what is CYOD

Answer 5

Choose Your Own Device, Hardware management model in cybersecurity that allows employees to select a pre-approved device from a company-provided list

Question 6

who is the Data Owner

Answer 6

The Person who owns the data in question

Question 7

who is the Data Controller

Answer 7

determines the purposes and means of processing personal data

Question 8

who is the data steward

Answer 8

define, implement, and enforce data management policies and procedures within their specific Data Domain

Question 9

who is the Data Processor

Answer 9

holds personal data on behalf of the data controller

Question 10

what is DLP

Answer 10

Data Loss Prevention, the practice of preventing data breaches, exfiltration or unwanted destruction of sensitive Data

Question 11

What is EAP

Answer 11

Extensible Authentication Protocol, used to authenticate information between Workstation and Authentication Server.

Question 12

What is a Federation based sign on

Answer 12

Variant of Single Sign On (SSO) that allows sign in without password. Uses trust between two well know servers/systems to authenticate the user who has already signed it.

Question 13

what is HIPS

Answer 13

Host Intrusion Prevention system, this party software on the Host Machine to identify and prevent Malicious activities

Question 14

What is an HSM

Answer 14

Hardware Security Modules, Hardened tamper resistant hardware devices, by managing keys used for encryption.

Question 15

What is a Logic Bomb

Answer 15

Type of malicious code embedded in software that remains dormant until specific conditions are met

Question 16

what is MTTR

Answer 16

Mean Time to Repair, Time it would take to be able to repair equipment that breaks

Question 17

what is OCSP

Answer 17

Online Certificate Status Protocol, Alt to Certificate Revocation List (CRL) used to check whether Cert is valid or revoked.

Question 18

What is OCSP Stalping

Answer 18

an internet standard that allows us to check the validity status of X. 509 digital certificates.

Question 19

what is a On-Path Attack

Answer 19

place themselves between two devices (often a web browser and a web server) and intercept or modify communications between the two

Question 20

what is a Policy Engine

Answer 20

A software component that evaluates and enforces rules or policies within an organization or application

Question 21

what is a Policy Enforcment Point

Answer 21

protects objects, such as files, services, and applications, and enforces authorization decisions

Question 22

what is a PSK

Answer 22

Pre-Shared Key, security mechanism used in Wi-Fi Protected Access (WPA) to establish a secure connection between a wireless device and a Wi-Fi access point

Question 23

what is a Race Condition

Answer 23

software bug that can occur in a computing system when multiple operations need to be executed in a specific order, but the system doesn’t enforce that order

Question 24

what is a Responsibility Matrix

Answer 24

define and manage roles and responsibilities for tasks, milestones, and decisions

Question 25

what is a Replay Attack

Answer 25

type of network attack where a cybercriminal intercepts and retransmits network communication between two parties

Question 26

What is a SASE

Answer 26

Secure access service edge, framework for network architecture that brings cloud native security technologies

Question 27

what is a supply chain attack

Answer 27

targets an organization's suppliers or third-party vendors to gain unauthorized access to their systems or data

Question 28

what is a Secure Enclave

Answer 28

hardware-based component of a computing device that provides an extra layer of security to protect data

Question 29

what is a SCAP

Answer 29

Security Content Automation Protocol, set of standards and protocols that help organizations improve their cybersecurity

Question 30

what is a WAF

Answer 30

Web Application Firewall, Firewall that is web based for web servers and applications

Question 31

what is a UTM

Answer 31

Unified Threat Management, when multiple security features or services are combined into a single device within your network

Question 32

what is a Zeon Configuration

Answer 32

logical design approaches that control and limit access and data communication to certain users and components

Question 33

what is 802.1X

Answer 33

LDAP Protocol method to use Local AD user credentials to authenticate to the WPA2-3 Wi-Fi connections within a Wi-Fi Network.