Vocab

Question 1

Zero day attack

Answer 1

An attack that is executed on a vulnerability in software before the vulnerability is known to the creator of the software.

Question 2

X.509

Answer 2

A common PKI standard developed by the ITU-T that incorporates the single sign on authentication method.

Question 3

Worm

Answer 3

Code that runs on a computer without the user’s knowledge; a worm self replicates, whereas a virus does not.

Question 4

Wiretapping

Answer 4

Tapping into a network cable in an attempt to eavesdrop on a conversation or steal data.

Question 5

Wired Equivalent Privacy (WEP)

Answer 5

A deprecated wireless network security standard, less secure than WPA.

Question 6

Wi-Fi Protected Setup (WPS)

Answer 6

A simplified way of connecting to wireless networks using an eight-digit code. it is now deprecated due to its insecure nature and should be disabled if currently used.

Question 7

Wi-Fi Protected Access (WPA)

Answer 7

A security protocol created by the Wi-Fi alliance to secure wireless computer networks; more secure than WEP.

Question 8

White hat

Answer 8

A type of hacker that is contracted to break into a system.

Question 9

White-box testing

Answer 9

A method of testing applications or systems where the tester is given access to the internal workings of the system.

Question 10

Whaling

Answer 10

A phishing attack that targets senior executives.

Question 11

Web security gateway

Answer 11

An intermediary that can scan for viruses and filter Internet content.

Question 12

Web of trust

Answer 12

A decentralized model used for sharing certificates without the need for a centralized CA.

Question 13

Watering hole attack

Answer 13

An attacker profiles which websites a user accesses and later infects those sites to redirect the user to other websites.

Question 14

Warm site

Answer 14

A site that has computers, phones, and servers, but they may require configuration before users can start working on them.

Question 15

War-driving

Answer 15

The act of searching for wireless networks by a person in a vehicle through the use of a device with a wireless antenna, often a particularly strong antenna.

Question 16

War-dialing

Answer 16

The act of scanning telephone numbers by dialing them one at a time and adding them to a list, in an attempt to gain access to computer networks.

Question 17

War-chalking

Answer 17

The act of physically drawing symbols in public places that denote open, closed, or protected wireless networks.

Question 18

Vulnerability scanning

Answer 18

The act of scanning for weaknesses and susceptibilities in the network and on individual systems.

Question 19

Vulnerability management

Answer 19

The process of finding and mitigating software vulnerabilities in computers and networks.

Question 20

Vulnerability assessment

Answer 20

Base lining of the network to assess the current security state of computers and networks.

Question 21

Vulnerability

Answer 21

Weakness in your computer network to assess the current security state of comprises, servers, network devices, and the entire network in general.

Question 22

VPN Concentrator

Answer 22

A hardware appliance that allows hundreds of users to connect to the network from remote locations via a VPN.

Question 23

VLAN hopping

Answer 23

The act of gaining access to traffic on other VLANs that would not normally be accessible by jumping from one VLAN to another.

Question 24

Vishing

Answer 24

A type of phishing attack that makes use of telephones and VoIP

Question 25

Virus

Answer 25

Code that runs on a computer without the user's knowledge; it infects the computer when the code is accessed and executed.

Question 26

Virtualization

Answer 26

The creation of a virtual entity, as opposed to a true or actual entity.

Question 27

Virtual Private Network (VPN)

Answer 27

A connection between two or more computers or devices that are not on the same private network.

Question 28

Virtual Machine

Answer 28

Created by virtual software; VMs are images of operating systems or individual applications.

Question 29

Vampire tap

Answer 29

A device used to add computers to a 20BASE5 network. It pierces the cooper conductor of a coaxial cable and can also be used for malicious purposes.

Question 30

Zombie

Answer 30

Individual compromised computer in a botnet

Question 31

User Account Control (UAC)

Answer 31

A security component of windows that keeps every user (besides the actual Administrator account) in standard user mode instead of as an administrator with full administrative rights--even if they are a member of the Administrators group

Question 32

Uninterruptible Power Supply

Answer 32

Takes the functionality of a surge suppressor and combines that with a battery backup, protecting computers not only from surges and spikes, but also from sags, brown outs, and black outs.

Question 33

UDP Flood Attack

Answer 33

A similar attack to Fraggle. It uses the connection less User Datagram Protocol. It is enticing to attackers because it does not require a synchronization process.

Question 34

Typo squatting (URL hijacking)

Answer 34

A method used by attackers that takes advantages of typos when accessing websites. Instead of the expected website, a user ends up at a website with a similar name but often malicious content.

Question 35

Trusted Operating System

Answer 35

A system that adheres to criteria for multilevel security and meets government regulations.

Question 36

Trusted Computer System Evaluation Criteria (TCSEC)

Answer 36

A DoD standard that sees basic requirements for assessing the effectiveness of computer security access policies. Also known as the Orange Book.

Question 37

Trojan Horse

Answer 37

An application that appears to perform desired functions but is actually running malicious functions behind the scenes

Question 38

Triple DES (3DES)

Answer 38

Similar to DES but applies the cipher algorithm three times to each cipher block

Question 39

Transport Layer Security

Answer 39

The successor to SSL. provides secure internet communications. This is shown in browser as https

Question 40

Towers of Hanoi

Answer 40

A backup rotation scheme based on the mathematics of the towers of Hanoi puzzle. Uses three backup sets. For example, the first tape is used every second day, the second tape is used for every fourth day, and the third tape is used for every 8th day

Question 41

Time of day restrictions

Answer 41

When users logon hours are configured to restrict access to the network during certain times of the day and week

Question 42

Time bomb

Answer 42

A Trojan set off on a certain date

Question 43

Tickets

Answer 43

Part of the authentication process used by Kerberos

Question 44

Threat vector

Answer 44

The method a threat uses to gain access to a target computer.

Question 45

Threat modeling

Answer 45

A way of prioritizing threats to an application.

Question 46

Terminal Access Controller Access-Control System (TACACS)

Answer 46

A remote authentication protocol similar to RADIUS used more often in Unix networks

Question 47

Temporal Key Integrity Protocol

Answer 47

An algorithm used to secure wireless computer networks; meant as a replacement for WEP

Question 48

TEMPEST

Answer 48

Refers to the investigations of conducted emissions from electrical devices, which could be compromising to an organization.

Question 49

Teardrop attack

Answer 49

A type of DoS that sends mangled IP fragments with overlapping sized payloads to the target machine

Question 50

TCP/IP Hijacking

Answer 50

When a hacker takes over a TCP session between two computers without the need of a cookie or any other type of host access

Question 51

TCP reset attack

Answer 51

Sets the reset flag in a TCP header to 1, telling the respective computer to kill the TCP session immediately

Question 52

Tailgating

Answer 52

A type of piggybacking where an unauthorized person follows an authorized person into a secure area, without the authorized persons consent

Question 53

Systems Development Life Cycle

Answer 53

The process of creating systems and applications, and the methodologies used to do so

Question 54

SYN flood

Answer 54

A type of DoS where an attacker sends a large amount of SYN request packets to a server in an attempt to deny service

Question 55

Symmetric key algorithm

Answer 55

A class of cipher that uses identical or closely related keys for encryption and decryption

Question 56

Surge

Answer 56

Means there is an unexpected increase in the amount of voltage provided

Question 57

Supervisory control and data acquisition (SCADA)

Answer 57

System of hardware and software controls and monitors industrial systems such as HVAC