Download CompTIA Security+ (SY0-601) Exam Questions and Answers Graded A 100% Verified and more Quizzes Business Administration in PDF only on Docsity! 1 CIA Triad - Confidentially, Integrity and Availability. Least privilege /Need-to-know basis - Giving someone the most limited access required to so they can perform their job. Defence in Depth - Protecting a company's data with a series of protective layers. Annual Risk Assessment - A risk register where the financial director will look at all of the risks associated with money and the IT manager will look at all of the risks posed. Annual Security Awareness Training - Where you are reminded about what you should be doing on a daily basis to keep the company safe. Change Advisory Board (CAB) - Assists with the prioritisation of changes. Business Continuity Plan (BCP) - Contingency planning to keep the business up and running when a disaster occurs, by identifying single points of failure. Firewall Rule - A rule in the firewall specifying if a connection is allowed or denied. Antivirus/Antimalware - Software or hardware that protects against or removes malicious software. Screen Saver - A feature that logs computers off when they are idle. Screen Filter - A device which prevents people from viewing your screen, while they are walking past. Closed Circuit Television (CCTV) - Equipment used to record events through cameras and or sensors. Log Files - Text files that record events and times that occur. Write-Once Read-Many Drive (WORM) - A hard drive that can only be written to once, but read many times. Fire Suppression System - An oxygen suppressant system that starves a fire to prevent damage to equipment. CompTIA Security+ (SY0-601) Exam Questions and Answers Graded A 100% Verified 2 Disable User Accounts - When someones leaves a company, their account is disabled and password changed immediately. Operating System Hardening - The operating system is fully patched, all unused features and services are disabled. Identification (Access Controls) - An identifying piece of information such as a number or list of characters. Security Identifier (SID) - An identifier, that is tied to an account. Authentication (Access Controls) - The person making the request, is who they say they are. Authorisation (Access Controls) - The amount of access given to a user. New Technology File System (NTFS) - A proprietary file system created by Microsoft. Discretionary Access Control (DAC) - A control system, that the user is only given access, that they need to perform their job. Full Control (DAC) - The user has full control. Modify (DAC) - The user can change, read and execute data. Read and Execute (DAC) - The user can read the data or run the program. List Folder Contents (DAC) - The user can see the directory and its subdirectories. Read (DAC) - The user can read the data. Write (DAC) - The user can write to the file. Special Permissions (DAC) - The user has granular access. Data Creator/Owner (DAC) - The user has permission to get permissions for other users. Mandatory Access Control (MAC) - A classification of data based on how much damage it could cause. Top Secret (MAC) - The highest level of damage. Secret (MAC) - Causes serious damage. 5 Forensic Process 19 - A digital forensic process made up of: Collection, Examination, Analysis and Reporting. National Institute of Standards and Technology (NIST) - A physical sciences laboratory and a non-regulatory agency of the United States Department of Commerce Admissibility - A measure of whether a piece of evidence is relevant or legally acquired. Order of Volatility - Collecting information based on how perishable it is. E-Discovery - Collecting, reviewing, and interpreting documents on storage devices. Chain of Custody - The process of documenting the custody of data, ensuring no tampering. Provenance - When the chain of custody has been carried out properly. Legal Hold - The process of protecting evidence from being altered or destroyed. Artifacts - Items that not easily seen or found. Time Offset - The regional time offset used in multinational investigations. Time Normalisation - Convert regional time zone in to single shared time zone. Time Stamp - A date and time used to specify when data was created, modified or accessed. Forensic Copy - A copy of data made for forensics to keep the original intact. Capturing a System Image - Creating a file that is an exact copy of a storage device. Firmware - Is the software used by the hardware to operate. Snapshot - The state of a system at a particular point in time. Screenshot - A picture of a system's user interface. Hash - A function that converts one value to another. Security Information and Event Management (SIEM) - A system that helps collate information related to security. Strategic Intelligence/Counterintelligence Gathering - When Governments exchange data about cyber criminals, so they can work together. 6 Active Logging - Continuously monitoring and logging changes. Cloud Service Provider (CSP) - The company that hosts the cloud servers. Right-to-Audit Clause - A clause where the auditor can audit without notice. CLOUD Act - An act to provide trans-border access to communications data in criminal law enforcement investigations. Overseas Production Act (COPOA) - An international co-operation arrangement. General Data Protection Regulation (GDPR) - A regulation in EU law on data protection and privacy in the European Union and the European Economic Area. Asymmetric Encryption - A type of cryptographic based on algorithms that use a private and public key. Certificate Authority (CA) - A server that manages digital certificates. Public Key Infrastructure (PKI) - A system for managing digital certificates and public key encryption. Online Certificate Authority - An internal online certificate authority. Offline Certificate Authority - An internal offline certificate authority. Public Certificate Authority - Third-party that manages digital certificates. Certificate Revocation List (CRL) - A list that keeps of track of whether a digital certificate is valid. Private Certificate Authority - An internal digital certificate management system. Registration Authority (RA) - Validates and accepts requests for certificates. X.509 Certificate - A standard defining the format of public key certificates. Root Certificate Authority/Trust Anchor - The root certificate from which the whole chain of trust is derived. Subordinate Certificate Authority/Intermediary - Defines and authorises the types of certificates that can be requested from the Root Certificate Authority. Certificate Pinning - Prevents the compromise of Certificate Authorities and fraudulent certificate issuing. 7 Trust Model - Provides authenticity of a certificate. Hierarchical Trust Model - A trust model that has a single hierarchy with one master certificate authority. Bridge Trust Model - A trust model with one certificate authority that acts as a facilitator to interconnect all other certificate authorities. Certificate Chaining - Linking several certificates together to establish trust between all the certificates involved. Online Certificate Status Protocol (OCSP) - A protocol that performs a real-time lookup of a certificate's status. OSCP Stapling/Certificate Stapling - When a web server bypasses the certificate revocation list to use OSCP. Certificate Signing Request (CSR) - The process of requesting a new certificate. Hard Security Module (HSM) - A physical computing device that safeguards and manages digital keys Key Escrow - A store for holding private keys for their parties that are stored a Hardware Security Module. Data Recovery Agent (DRA) - A user account that an administrator has authorized to recover BitLocker drives for an entire organization with a digital certificate on a smart card. Public Key - An asymmetric encryption key that encrypts data, uses a P7B format with a .cer file extension. Private Key - An asymmetric encryption key that decrypts data and uses the P12 format with a .pfx file extension. Object Identifier (OID) - A designator made up of a series of numbers separated with a dot which names an object or entity. Privacy Enhanced Mail Certificate (PEM) - A digital certificate that uses a Bas64 format, with a .pem file extension. Distinguished Encoding Rules Certificate (DER) - A digital certificate that uses a Base64 format with the .der file extension. 10 Stream Cipher - An algorithm that takes one character and replaces it with one character. Block Cipher - A cipher that manipulates an entire block of plaintext at one time. Initialization Vector (IV) - A 24-bit value that changes each time a packet is encrypted. Cipher Block Chaining (CBC) - A process in which each block of unencrypted text is XORed with the block of cipher text immediately preceding it before it is encrypted using the DES algorithm. Electronic Code Book (ECB) - A mode of operation for a block cipher, with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value, and vice versa Galios/Counter Mode - A block cipher mode that uses universal hashing over a binary Galios field to provide authentication encryption. Counter Mode (CTR) - A DES mode similar to OFB mode that uses an incrementing IV counter to ensure that each block is encrypted with a unique keystream. Message Digest (MD) - A short code, such as one 256 bits long, resulting from hashing a plaintext message using an algorithm. Secure Hash Algorithm (SHA) - A secure hash algorithm that creates more secure hash values than Message Digest (MD) algorithms. One-Way Function - A function like multiplying two large prime numbers that takes a small amount of time to compute an output from an input but a large amount of time to recover an input from the output. Digital Signature - A means of electronically signing a document with data that cannot be forged. RACE Integrity Primitives Evaluation Message Digest (RIPEMD) - A 128 bit hash algorithm that uses two different and independent parallel chains of computation and then combines the result at the end of the process. Man-in-the-Middle Attack (MITM) - A hacker placing himself between a client and a host to intercept network traffic; also called session hijacking. Padding Oracle On Downgraded Legacy Encryption Attack (POODLE) - Man-in-the- middle exploit which takes advantage of Internet and security software clients' fallback to SSL 3.0 11 Crypto Service Provider (CSP) - A software library that provides crypto services. Data-at-Rest - Data that is stored on electronic media. Full Disk Encryption (FDE) - The process of encrypting all the data on the hard disk drive used to boot a computer, including the computer's operating system, and permitting access to the data only after successful authentication with the full disk encryption product. Data Loss Prevention (DLP) - A system that can identify critical data, monitor how it is being accessed, and protect it from unauthorized users. Data-in-Transit - Data that is in transit across a network. Data-in-Use - A state of data in which actions upon it are being performed. Obfuscation - The action of making something obscure, unclear, or unintelligible. Pseudo-Random Number Generator (PRNG) - An algorithm that generates a sequence of numbers that seems random but is actually completely predictable. Nonce - An arbitrary number that can only be used once. Perfect Forward Secrecy - A property of public key cryptographic systems that ensures that any session key derived from a set of long-term keys cannot be compromised if one of the keys is compromised at a future date. Security through Obscurity - Relying upon the secrecy or complexity of an item as its security, instead of practicing solid security practices. Hash Collision - Occurs when the hashing algorithm creates the same hash from different text Steganography - A technology that makes it possible to embed hidden information in documents, pictures, and music files Homomorphic Encryption - Enables processing of encrypted data without the need to decrypt the data. Diffusion - A technique where you change one character of the input, which will change multiple bits of the output. Non-Repudiation - The security principle of providing proof that a transaction occurred between identified parties. Repudiation occurs when one party in a transaction denies that the transaction took place. 12 Identify and Access Management - The core principles made up of identify, authentication, authorisation and accounting. Identify Provider (IdP) - An entity that can validate that credentials are presented are valid. Security Assertion Markup Language (SAML) - An XML-based standard used to exchange authentication and authorization information. Secure Shell (SSH) - A UNIX-based command interface and protocol for securely accessing a remote computer. Open Authorization (OAuth) - A standard for authorization that allows users to share private resources on one site to another site without using credentials. User Account - Identifies resources a user can access on a computer. Guest Account - Account used for users who need temporary access to the computer. Sponsored Account - An account for temporary external use. Privileged Account - An account which powerful rights, privileges, and permissions are granted so that a user could perform nearly any action. Administrator Account - User account, created when the OS is first installed, that is allowed complete, unfettered access to the system without restriction. Service Account - Is an account that a service on your computer uses to run under and access resources. Shared Account - An account used by more than one user. Generic Account - A default account that comes with the system. Time-Based One-Time Password (TOTP) - A one-time password that changes after a set period of time. HMAC-Based One-Time Password (HOTP) - A one-time password that changes when a specific event occurs. Common Access Card (CAC) - A Department of Defense (DoD) smart card used for identification for active-duty and reserve military personnel along with civilian employees and special contractors. Personal Identity Verification (PIV) - A government standard for smart cards that covers all government employees. 15 Pass the Ticket Attack - A category of post-exploitation attacks involving the theft and re-use of a Kerberos ticket to authenticate to systems in a compromised environment. Privilege Escalation - Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining. Multi-Factor Authentication (MFA) - An authentication method that includes multiple factors of authentication, including user, group, device, location, and authentication data. Just Enough Administration (JEA) - When you give just enough privileges to carry out a task. Lightweight Directory Access Protocol (LDAP) - A protocol for a client application to access an X.500 directory. International Telecommunication Union (ITU) - An international organization dedicated to creating telecommunications standards. Updated Sequence Numbers (USN) - A 64-bit number in Active Directory that increases as changes occur. Network Time Protocol (NTP) - Protocol that gives the current time. Single Sign-on/Mutual Authentication (SSO) - Using one authentication credential to access multiple accounts or applications. NT LAN Manager (NTLM) - A suite of Microsoft security challenge-response authentication protocols that provides authentication, integrity, and confidentiality. Transitive Trust - A two-way relationship that is automatically created between parent and child domains in a Microsoft Active Directory Forest. Federation Server - The server that issues, manages, and validates requests involving identity claims. A federation server is needed in each participating forest. Open ID Connect - A federation technology that provides user authentication information. False Acceptance Rate (FAR) - A measurement of the percentage of invalid users that will be falsely accepted by the system. False Rejection Rate (FRR) - A measurement of valid users that will be falsely rejected by the system. 16 Crossover Error Rate (CER) - the level at which the number of false rejections equals the false acceptances, and is also known as the equal error rate. Something You Know - Authentication factor that relies on a piece of knowledge (password, PIN). Something You Have - Authentication factor that relies on possession (FOB, Card, Cell Phone, Key) Something You Are - Authentication factor that relies on a physical characteristic (fingerprint, face, eye, palm) Something You Do - An authentication factor indicating action, such as gestures on a touch screen. Somewhere You Are - An authentication factor indicating location, often using geolocation technologies. Account Rectification - Auditing account privileges and reporting to management. Account Lockout - Refers to the number of incorrect logon attempts permitted before a system locks an account. Scalability - Refers to how well a system can adapt to increased demands and maintain resilience. Capital Expenditure (CAPEX) - Funds used by a company to acquire or upgrade physical assets such as property, industrial buildings or equipment Public Cloud - Promotes massive, global, and industrywide applications offered to the general public. Private Cloud - Server only one customer or organization and can be located on the customer's premises or off the customer's premises. Community Cloud - Serves a specific community with common business models, security requirements, and compliance considerations Hybrid Cloud - Includes two or more private, public, or community clouds, but each cloud remains separate and is only linked by technology that enables data and application portability. Cloud Access Security Broker (CASB) - A set of software tools or services that resides between the enterprises' on-premises infrastructure and the cloud provider's infrastructure to ensure that the security policies of the enterprise extend to their data in the cloud. 17 Infrastructure as a Service (IaaS) - Delivers hardware networking capabilities, including the use of servers, networking, and storage, over the cloud using a pay-per-use revenue model. Software as a Service (SaaS) - Delivers applications over the cloud using a pay-per-use revenue model. Customer Relationship Management System (CRM) - A suite of applications, a database, and a set of inherent processes for managing all the interactions with the customer, from lead generation to customer service. Distributive Allocation - Spreading of resources, processing, storage among multiple servers. Platform as a Service (PaaS) - Supports the deployment of entire systems including hardware, networking, and applications using a pay-per-use revenue model Security as a Service (SECaaS) - The next generation of managed security services dedicated to the delivery, over the Internet, of specialized information-security services. Anything as a Service (XaaS) - The growing diversity of services available over the Internet via cloud computing as opposed to being provided locally, or on-premises. Managed Security Service Provider (MSSP) - A company that monitors, manages, and maintains computer and network security for other organizations. Managed Cloud Service Provider (MCSP) - A company that manages cloud services for other companies. Fog Computing - Cloud computing that processes data from IoT devices. Edge Computing - Moving processing and data storage away from a centralised location to the "edges" of a network. Thin Client - A terminal that looks like a desktop but has limited capabilities and components. Container - An isolated system used for software. Microservices/API - A software architecture that is composed of smaller modules that interact through APIs and can be updated without affecting the entire system. Desired State Configuration (DSC) - A Powershell extension for automation. 20 Personally Identifiable Information (PII) - Any data that can be used to identify, locate, or contact an individual. Bug Bounty - The process where companies reward testers who find vulnerabilities. Active Reconnaissance - A penetration testing method used to collect information. It sends data to systems and analyzes responses to gain information. Passive Reconnaissance - A penetration testing method used to collect information without alerting the target. War Flying - Using a drone to map out local wireless networks. War Driving - Deliberately searching for Wi-Fi signals while driving by in a vehicle Footprinting - The process of systematically identifying the network and its security posture. Open-Source Intelligence (OSINT) - Information gathered from publicly available ("open") sources. Red Team - A group of people authorized and organized to emulate a potential adversary's attack or exploitation capabilities against an enterprise's security posture. Blue Team - A group of people authorized and organized to emulate protecting a network from exploitation against an enterprise's security posture. Microsoft Baseline Security Analyzer (MBSA) - A software tool released by Microsoft to determine the security state of a system. Common Vulnerabilities and Exposures (CVE) - The Common Vulnerabilities and Exposures or CVE system provides a reference method for publicly known information- security vulnerabilities and exposures. Common Vulnerabilities Scoring System (CVSS) - Indicates the severity of vulnerabilities. Security Orchestration, Automation and Response. (SOAR) - An automation tool for detecting security incidents. Mean Time to Detect (MTTD) - The mean time it takes to detect a security incident. Mean Time Between Failures (MTBF) - A statistical value that is the average time until a component fails, cannot be repaired, and must be replaced. 21 Transmission Control Protocol (TCP) - Provides reliable, ordered, and error-checked delivery of a stream of packets on the internet. User Datagram Protocol (UDP) - Provides a lightweight service for connectionless data transfer without error detection and correction. 21 - File Transfer Protocol Port (FTP) 22 - Secure Shell, Secure Copy Protocol, SSH File Transfer Protocol Port (SSH/SCP/SFTP) 88 - Kerberos Port 162 - Simple Network Management Protocol Port (SNMP) 443 - Hypertext Transfer Protocol Secure and Transport Layer Security Port (HTTPS/TLS/SSL) 500 - Internet Protocol Security Port (IPSec) 587 - Secure Simple Mail Transfer Protocol Port 23 - Telnet Port 993 - Secure IMAP and S/MIME Port 995 - Secure POP 3 Port 25 - Simple Mail Transfer Protocol Port (SMTP) 989/990 - FTP over TLS/SSL Port 3389 - Remote Desktop Protocol Port (RDP) 61/5060 - Session Initiated Protocol Port (SIP) 5061 - Secure Real Time Protocol Port (SRTP) 53 - Domain Name System Port (DNS) 67/68 - Dynamic Host Configuration Protocol Port (DHCP) 69 - Trivial File Transfer Protocol Port (TFTP) 80 - Hypertext Transfer Protocol Port (HTTP) 22 110 - Post Office Protocol version 3 Port (POP3) 123 - Network Time Protocol Port (NTP) 137 - 139 - NetBIOS Port 143 - Internet Message Access Protocol Port (IMAP) 161 - Simple Network Management Protocol Port (SNMP) 389 - Lightweight Directory Access Protocol Port (LDAP) Pre-boot Execution Environment (PXE) - A stub operating system that can be used to boot other things, such as an installation routine. AAAA Record - A domain name system record for IPv6. A Record - A domain name system record for IPv4. CNAME Record - A domain name system record that is an alias. MX Record - A domain name system record for mail servers. SRV Record - A domain name system record for services. Real Time Protocol (RTP) - An application layer protocol that servers and the Internet use to deliver streaming audio and video data. Authentication Header (AH) - This provides connectionless integrity and the authentication of data. Encapsulated Security Payload (ESP) - No modification of data in-transit, all data encrypted, identifies origin. Port Security - A Cisco switch feature in which the switch watches Ethernet frames that come in an interface (a port), tracks the source MAC addresses to control access. Flood Guard - A feature that controls a device's tolerance for unanswered service requests and helps to prevent a DoS or DDoS attack. Spanning Tree Protocol (STP) - Defined by the IEEE 802.1D standard, it allows a network to have redundant Layer 2 connections, while logical preventing a loop. Stateful Firewall - A flrewall that monitors communication paths and data flow on the network. 25 Bankers' Automated Clearing Service (BACS) - A system that allows the transfer of payments directly from one bank account to another. Clearing House Automated Payment System (CHAPS) - A system that facilitates large money transfers denominated East-West Traffic - Traffic that moves laterally between servers. Intrusion Prevention System (IPS) - Software or hardware that monitors patterns in the traffic flow to identify and automatically block attacks. Intrusion Detection System (IDS) - Software or hardware that monitors patterns to detect intrusions. Signature-Based Detection - The process of detecting attacks based on known digital signatures. Anomaly-Based Detection - The process of detecting attacks based on baseline attributes that have changed. Heuristic/Behavioural-Based Detection - The process of detecting attacks based on behavioural patterns. Network Access Control (NAC) - A technique that examines the current state of a system or network device before it is allowed to connect to the network. Health Authority (HAuth) - A system that checks the health of incoming an incoming device, to ensure it is fully patched. Health Agent - A system installed on the connecting device to report health to an NAC. Remediation Server - A set of resources that a non-compliant computer can access on the limited-access network. DNS Poisoning - An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device. Fingerprinting - The systematic survey of a targeted organization's Internet addresses collected during the footprinting phase to identify the network services offered by the hosts in that range. Internet Control Message Protocol (ICMP) - A TCP/IP protocol that is used by devices to communicate updates or error information to other devices. Ping - A utility that sends an ICMP echo request message to a host. 26 Hping - An enhanced Ping utility for crafting TCP and UDP packets to be used in port- scanning activities Traceroute - A program that shows the route a packet takes across a network. Netstat - A TCP/IP utility that shows the status of each active connection. Nslookup - A utility that is used to test and troubleshoot domain name servers. Address Resolution Protocol (ARP) - A protocol in the TCP/IP suite used with the command-line utility of the same name to determine the MAC address that corresponds to a particular IP address. Ipconfig - The utility used to display TCP/IP addressing and domain name information in the Windows client operating systems. Nmap - A network utility designed to scan a network and create a map. Frequently used as a vulnerability scanner. Scanless - A port scanner that cannot be traced back. Curl - A command-line tool used to transfer data. Harvester - Software that harvests email addresses from an organisation. Sn1per - A penetration testing tool that looks for vulnerabilities. Dnsenum - A tool that maps DNS records. Nessus - A remote scanning tool for finding vulnerabilities. Cuckoo - A malware analysing tool that creates a sandbox environment. File Integrity Checker - An application that can verify that files have not been modified. File Checksum Integrity Verifier (FCIV) - A Microsoft system, that checks system files have not been modified. Protocol Analyzer (Sniffer) - Hardware or software that captures packets to decode and analyze the contents. Tcpreplay - Tool to replay saved tcpdump or snoop files. Dump File - A file that is created after a system has crashed, that stores everything that was in memory. 27 Password Cracker - A program that attempts to solve passwords from ciphers or hashes. Class A IP Address - An IP address that starts with 1 - 126 Class B IP Address - An IP address that starts with 128 - 191 Class C IP Address - An IP address that starts with 192 - 223 Subnet Mask - In IPv4 addressing, a 32-bit number that, when combined with a device's IP address, indicates what kind of subnet the device belongs to. Classless Inter-Domain Routing (CIDR) - Allows network administrators to expand the number of network nodes assigned to an IP address. Media Access Control (MAC) - An address for communications on the physical network segment. Automated Private IP Address (APIPA) - A feature of Windows-based operating systems that enables a computer to automatically assign itself an IP address when there is no Dynamic Host Configuration Protocol (DHCP) server available. Bootstrap Protocol (BOOTP) - A component of TCP/IP that allows computers to discover and receive an IP address from a DHCP server prior to booting the OS. DHCP Relay Agent - A service that captures a BOOTP broadcast and forwards it through the router as a unicast transmission to a DHCP server on a remote subnet. DHCP Snooping - A security feature on switches whereby DHCP messages on the network are checked and filtered. Link Local Address - An IPv6 address that is automatically assigned by an operating system to allow a node to communicate over its local subnet if a routable IP address is not available. Unique Local Address - In TCP/IP version 6, an address used to identify a specific site within a large organization. Ad Hoc Network - A network created when two wireless devices connect to each other directly. Fat Controller - A standalone wireless access point. Thin Controller - A wireless access point controlled by a main controller. 30 Geofencing - The use of GPS or RFID technology to create a virtual geographic boundary, enabling software to trigger a response when a mobile device enters or leaves a particular area. Firmware Over-The-Air (OTA) - A firmware update that is transmitted over a wireless network. Carrier Unlocking - The process of unlocking a mobile phone from a specific cellular provider. Jailbreaking - Process of making unauthorized modifications to operating systems and bypassing the DRM restrictions on Apple iPhones and iPads in order to run unapproved software. Rooting - Process of making unauthorized modifications to operating systems and bypassing the DRM restrictions on Android in order to run unapproved software. Side-Loading - Installing a mobile app by some means other than downloading it from an official app store. USB On-the-Go (OTG) - A specification that allows a mobile device with a USB connection to act as either a host or a peripheral used for external media access. GPS Tagging - Adding geographical identification data to media such as digital photos taken on a mobile device. Tethering - Transforms a smartphone or Internet-capable tablet into a portable communications device that shares its Internet access with other computers and devices wirelessly Virus - A piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data. Polymorphic Virus - A virus that can change its own code or periodically rewrites itself to avoid detection. Potentially Unwanted Program (PUP) - Program that installs itself on a computer, typically without the user's informed consent Fileless Virus - A virus that operates in main memory. Command and Control Malware - Malware that controls the victim's machine from a command and control server. 31 Ransomware - Software that encrypts programs and data until a ransom is paid to remove it. Crypto Malware - Malware that encrypts all the files on the device so that they cannot be opened and hides itself. Worm - A destructive computer program that bores its way through a computer's files or through a computer's network. Trojan - A program disguised as a harmless application that actually produces harmful results. Remote Access Trojan (RAT) - A Trojan that also gives the threat agent unauthorized remote access to the victim's computer by using specially configured communication protocols. Rootkit - A program that hides in a computer and allows someone from a remote location to take full control of the computer. Backdoor - Software code that gives access to a program or a service that circumvents normal security protections. Logic Bomb - A computer program or part of a program that lies dormant until it is triggered by a specific logical event. Keylogger - A small hardware device or a program that monitors keystrokes a user types on the computer's keyboard. Adware - A software program that delivers advertising content in a manner that is unexpected and unwanted by the user. Botnet - A logical computer network of zombies under the control of an attacker. Social Engineering - Techniques that trick a person into disclosing confidential information. Phishing - An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information. Spear Phising - A phishing expedition in which the emails are carefully designed to target a particular person or organisation. Credential Harvesting - A phishing attack that targets user credentials. Whaling - A phishing attack that targets only wealthy individuals. 32 Vishing - Phishing attacks committed using telephone calls or VoIP systems. Smishing - Phishing attacks committed using text messages (SMS). Pretexting - Occurs when someone deceives by pretending to be someone else. Elicit Information - When an attacker will trick you into providing information. Identity Theft - A crime that involves someone pretending to be another person in order to steal money or obtain benefits. Invoice Scams - Using fraudulent invoices to steal from a company. Spam over Instant Messaging (SPIM) - Unsolicited messages sent over an instant messaging service. Tailgating - When an unauthorized individual enters a restricted-access building by following an authorized user. Piggybacking - When an unauthorised person enters a restricted area by using an authorised person's permission. Reconnaissance - Exploration to gain knowledge or information. Dumpster Diving - Involves digging through trash receptacles to find sensitive information. Shoulder Surfing - Gaining sensitive information by watching someone input information. Watering Hole Attack - A malicious attack that is directed toward a small group of specific individuals who visit the same website. Pharming - Reroutes requests for legitimate websites to false websites Black Hat Hacker - A hacker who uses his knowledge to destroy information or for illegal gain. Grey Hat Hacker - One who tries to hack a computer system to find a defect, but charges a fee to fix it. White Hat Hacker - Someone who uncovers computer weaknesses without exploiting them. 35 Bluejacking - An attack where the attacker send unsolicited messages to the device. Bluesnarfing - The unauthorized access of information from a Bluetooth device. Bluebugging - An attack where the attacker takes control of a Bluetooth device. Session Hijacking - An attack in which an attacker attempts to impersonate the user by using their session token. Domain Hijacking - An attack that changes the registration of a domain name without permission from the owner. Typosquatting - The unethical practice of registering domain names very similar to those of high-volume sites in hopes of receiving traffic from users seeking the high- volume site who mistakenly enter an incorrect URL in their browsers. Shimming - A driver manipulation method. It uses additional code to modify the behavior of a driver. Birthday Attack - An attack that searches for any two digests that are the same. Rainbow Tables - Large pre-generated data sets of encrypted passwords used in password attacks. Collision Attack - An attack on a hash function in which a specific input is generated to produce a hash function output that matches another input. Password Salting - Adding a random string of characters to a password before hashing it. Intellectual Property Theft - Using copyrighted material without permission or authorization Risk Acceptance - A risk response strategy whereby the project team decides to acknowledge the risk and not take any action unless the risk occurs. Risk Transference - A risk response strategy whereby the project team shifts the impact of a threat to a third party, together with ownership of the response. Risk Avoidance - A risk response strategy whereby the project team acts to eliminate the threat or protect the project from its impact. Risk Mitigation - A risk response strategy whereby the project team acts to reduce the probability of occurrence or impact of a risk. 36 Risk Register - A document in which the results of risk analysis and risk response planning are recorded. Risk Matrix - A matrix that lists an organization's vulnerabilities, with ratings that assess each one in terms of likelihood and impact on business operations, reputation, and other areas. Risk Control Self-Assessment (RCSA) - A risk profile analysis process that identifies the risks, classifies each risk into clearly defined categories, and quantifies the risks with respect to the probability of occurrence and the impact on value and/or cash flows. Risk Awareness - Organizations communicate with each other to share information regarding risks. Risk Appetite - The degree of uncertainty an entity is willing to take on, in anticipation of a reward. Single Loss Expectancy (SLE) - The expected monetary loss every time an item is lost. Annualized Rate of Occurrence (ARO) - The probability that a risk will occur in a particular year. Annualized Loss Expectancy (ALE) - The expected monetary loss that can be expected for an asset due to a risk over a one-year period. Business Impact Analysis (BIA) - An exercise that determines the impact of losing the support of any resource to an organization, establishes the escalation of that loss over time, identifies the minimum resources needed to recover, and prioritizes the recovery of processes and supporting systems. Single Point of Failure (SPOF) - A single weakness that is capable of bringing an entire system down. Recovery Point Objective (RPO) - The maximum length of time that an organization can tolerate between backups. Recovery Time Objective (RTO) - The length of time it will take to recover the data that has been backed up. Disaster Recovery Plan (DRP) - A plan set out incase a disaster occurs and recovery is required. Functional Recovery Plan - A plan that uses simulations and exercises to prepare for disaster recovery. Mission Essential Functions - Operations that are core to the success of the business. 37 Site Risk Assessment - An assessment of all risks and hazards that could happen on a construction site. Dark Web - Internet content that can't be indexed by Google and other search engines. The Onion Router (TOR) - Software that enables connections to the hidden network. Indicators of Compromise (IOCs) - An artifact in computer systems that indicates a security breach. Structured Threat Information Exchange/Trusted Automated Exchange of Indicator Information (STIX/TAXII) - Standards that prevent cyber attacks. Automated Indicator Sharing (AIS) - A system that provides the exchange of data about cyber-attacks. Threat Maps - A real-time cyber-attack map that shows attacks. Separation of Duties - The practice of requiring that processes should be divided between two or more individuals. Non-Disclosure Agreement (NDA) - A legal contract between parties detailing the restrictions and requirements borne by each party with respect to confidentiality issues pertaining to information to be shared. Clean-Desk Policy - A security policy requiring employees to keep their areas organized and free of papers. The goal is to reduce threats of security incidents by protecting sensitive data. Rule of Behavior - Rules for how employees should behave. Capture the Flag (CTF) - An exploit-based exercise simulating an attack. Business Partnership Agreement (BPA) - A written agreement defining the terms and conditions of a business partnership. Memorandum of Understanding (MOU) - An agreement between two or more parties to enable them to work together that is not legally enforceable but is more formal than an unwritten agreement. Memorandum of Agreement (MOA) - General areas of conditional agreement between two or more parties. Service Level Agreement (SLA) - Part of a service contract where the service expectations are formally defined. 40 Secure Erase (SE) - A wiping technique that writes a binary one or zero over each piece of data in the drive. Cryptographic Erase (CE) - A wiping technique that encrypts the data on a media device and destroys the encryption key. Telnet - A command protocol that transmits data in clear text. Secure Boot - A UEFI feature that prevents a system from booting up with drivers or an OS that are not digitally signed and trusted by the motherboard or computer manufacturer. Spear Phishing - a phishing expedition in which the emails are carefully designed to target a particular person or organisation. Password Spraying - An attack method that takes many usernames and loops them with a single password. Credential Stuffing - The automated injection of breached username/password pairs to gain user accounts access fraudulently. Network Sniffing - Intercepting packages on a wireless or wired network and viewing the contents of these packages. Jumpbox - A hardened server that provides access to other hosts. Honeynet - A network or decoy servers or systems to gather information on intruders or attackers. Containerisation - A type of virtualization applied by a host operating system to provide an isolated execution environment for an application. Spoofing - The act of disguising a communication from an unknown source as being from a known, trusted source. Zero Day - An exploit that is unknown and undocumented. Data Minization - Limiting data collection to only what is required to fulfill a specific purpose. Data Masking - All or part of a field's contents is redacted, by substituting all character strings with x, for example. Spimming - Sending unsolicited messages through Instant messaging systems. 41 Password Complexity - An account enforcement policy that determines passwords must meet complexity requirements. Password Expiration - An account enforcement policy that determines how many days a password can be used before the user is required to change it. Password History - A history of past passwords that prevents reuse. Patching - Updating a system's software to remove vulnerabilities. Threat Intelligence - The process of investigating and collecting information about emerging threats and threat sources. Threat Hunting - The process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions. Credentialed Scan - Scan in which the scanning computer has an account on the computer being scanned that allows the scanner to do a more thorough check looking for problems that can not be seen from the network. True Negative (TN) - A result that is correctly identified as negative. True Positive (TP) - A result that is correctly identified as positive. False Negative (FN) - A result that is incorrectly identified as negative. False Positive (FP) - A result that is incorrectly identified as positive. 802.1x - The IEEE standard that defines port-based security for wireless network access control Directory Traversal - An attack that takes advantage of a vulnerability so that a user can move from the root directory to restricted directories. Data Owner - Responsible for labeling the asset and ensuring that it is protected with appropriate controls. Data Steward - Responsible for ensuring the quality and fitness for purpose of the organization's data assets, including the metadata for those data assets. Data Custodian - Responsible for the safe custody, transport, storage of the data and implementation of business rules. Privacy Officer - Responsible for the organization's Privacy Program including but not limited to daily operations of the program, development, implementation, and maintenance of policies 42 Dual Control - Required the present of two individuals to perform a task. Background Checks - A vetting process to ensure that an individual meets security requirements. Information Assurance (IA) - The practice of assuring information and managing risks related to the use, processing, storage, and transmission of information. Penetration Testing - A simulated cyber attack against your computer system to check for exploitable vulnerabilities. Relaying Party (RP) - A server providing access to a secure software application. Identity Provider (IdP) - A system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. Metasploit - A penetration-testing tool that combines known scanning techniques and exploits to explore potentially new types of exploits. FTK Imager - A data preview and imaging tool that lets you quickly assess electronic evidence to determine if further analysis is required. dd - A command-line utility for Unix and Unix-like operating systems, the primary purpose of which is to convert and copy files. System Center Configuration Manager (SCCM) - A software management suite provided by Microsoft that allows users to manage a large number of Windows based computers. Terminal Access Controller Access Control System (TACACS) - A proprietary Cisco protocol for Remote Authentication Dial-in User Service (RADIUS). Protect Health Information (PHI) - Any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity (or a Business Associate of a Covered Entity), and can be linked to a specific individual. Risk Deterrence - A strategy of dealing with risk in which it is decided that the best approach is to discourage potential attackers from engaging in the behavior that leads to the risk. Incident Response Plan - The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attacks against an organization's information system(s). 45 Full Packet Capture - Records the complete payload of every packet crossing the network. Rainbow Table Attack - The attacker uses a list of hashed data to match the cleartext version. Cognitive Password Attack - A password attack that uses public knowledge-based authentication, like secret questions. Iris Scan - A biometric authentication method that uses the colored part of the eye to authenticate. Facial Recognition - A biometric technology that looks for unique measurements in an individual's face. Retinal Scan - A biometric authentication that uses unique patterns on a person's retina blood vessels. Continuous Deployment (CD) - A software development approach where an organization's developers release products, features, and updates in shorter cycles, when ready, rather than wait for centrally-managed delivery schedules. Continuous Delivery - A methodology that focuses on making sure software is always in a releasable state throughout its lifecycle. Continuous Integration (CI) - A software development method in which code updates are tested and committed to development or build server/code repositories rapidly. Virtual Machine Escape (VM Escape) - An exploit in which the attacker runs code on a virtual machine that allows an operating system running within it to break out and interact directly with the hypervisor. Virtual Machine Sprawl (VM Sprawl) - A large amount of virtual machines on your network without the proper IT management or control. Processor Cache - A space in the CPU next to the processor itself that stores frequently used data and instructions. Random Access Memory (RAM) - Computer location where instructions and data are stored on a temporary basis. This memory is volatile. Swap/Page File - Space on a hard drive used as a temporary location to store information when random access memory (RAM) is fully utilized. 46 Glass-Steagall Act (GLBA) - A United States federal law that requires financial institutions to explain how they share and protect their customers' private information. Family Educational Rights and Privacy Act (FERPA) - A United States federal law that governs student confidentiality in schools. Cain and Abel - A password recovery tool for Microsoft Windows. Netcat - A network utility program that reads from and writes to network connections. Beacon - Malware infects a vulnerable host, it quickly scans the host environment and initiates a command and control (C2) channel with its creator. Smurf Attack - An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim. Ping Flood Attack - An attack that uses the Internet Control Message Protocol (ICMP) to flood a network with traffic. SYN Flood Attack - An attack that uses connection establishment packets to open multiple connections and disrupt a server. Sudo - A program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user, which by default is super user. Chown - A program for Unix-like operating systems that changes file ownership. Chmod - A program for Unix-like operating systems that changes file permissions. Print Working Directory (PWD) - A program for Unix-like operating systems that outputs the current directory in use. Integer Overflow Attack - An attack where the an arithmetic operation is used to overflow the maximum number stored in memory. OAuth - An open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. OpenID Connect - A simple identity layer on top of the OAuth 2.0 protocol, which allows computing clients to verify the identity of an end-user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end-user in an interoperable and REST-like manner. Statement of Work (SOW) - A narrative description of products, services, or results to be delivered by the project. 47 Intellectual Property Theft (IP Theft) - Stealing an organization's or individual's intellectual property. Data Breach - When sensitive or confidential information is copied, transmitted, or viewed by an individual who is not authorized to handle the data. Measured Boot - A UEFI firmware feature that logs the startup process. Service Set Identifier (SSID) - A network name that wireless routers use to identify themselves. Wireshark - Application that captures and analyzes network packets. Command Injection Attack - When input is used in the construction of a command that is subsequently executed by the system with the privileges of the server Pluggable Authentication Module (PAM) - A device that looks like a USB thumb drive and is used as a software key in cryptography. Data Sharing and Use Agreement (DSUA) - A document that states, that personal data can only be collected for a specific purpose. Interconnection Security Agreement (ISA) - An agreement between parties intended to minimize security risks for data transmitted across a network. Rogue Anti-Virus (Rogue AV) - A form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and to pay money for a fake malware removal tool. Address Resolution Protocol Cache (ARP Cache) - A cache that stores a mapping of IP addresses to MAC Addresses. Journalctl - A command for Unix-like operating systems that view logs collected by systemd. Right to Audit - A legal agreement allowing a party to audit a system without explicit permission. Remote Administration Tool (RAT) - A software program that gives you the ability to control another device remotely. Ping of Death (POD) - A type of DoS that sends an oversized and/or malformed packet to another computer. 50 Browser Exploitation Framework (BeEF) - A penetration testing tool that focuses on the web browser. Master Service Agreement (MSA) - A contract that defines terms of future contracts. Exact Data Match (EDM) - A pattern matching technique that uses a structured database of string values to detect matches. Bollard - A stone guard to prevent damage to a wall; also a freestanding stone post to divert vehicular traffic. Document Matching - Matching a whole document or a partial document against a signature in the DLP. Decompiler - A program that reverts an executable back in to source code. Airgap - A physical security control that provides physical isolation. Bastion Host - A heavily secured server located on a special perimeter network between the company's secure internal network and its firewall. Disk Striping - Process by which data is spread among multiple drives. Disk Mirroring - Process by which data is written simultaneously to two or more disk drives. Call/Escalation List - A list should detail who should be called, what order, and how high up the organizational leadership chart a particular issue would reach. Cryptomalware - Ransomware that encrypts user's files, and demands ransom. Spyware - Software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive. Malicious Universal Serial Bus Cable (Malicious USB Cable) - A USB cable designed to infect connected devices with malware. Tainted Training Data for Machine Learning - AI programs can be sabotaged by even subtle tweaks to the data used to train them. Downgrade Attack - An attack in which the system is forced to abandon the current higher security mode of operation and fall back to implementing an older and less secure mode. 51 Dynamic Link Library Injection (DLL Injection) - A technique used for running code within the address space of another process by forcing it to load a dynamic-link library. Memory Leak - A type of resource leak that occurs when a computer program incorrectly manages memory allocations in a way that memory which is no longer needed is not released. Secure Socket Layer Stripping (SSL Stripping) - A technique that downgrades your connection from secure HTTPS to insecure HTTP and exposes you to eavesdropping and data manipulation. Driver Shimming - When an application attempts to call an older driver, the operating system intercepts the call and redirects it to run the shim code instead. Disassociation Attack - A wireless attack in which false de-authentication or disassociation frames are sent to an AP that appear to come from another client device, causing the client to disconnect. Jamming Attack - Use a jammer that will transmit signals that can overwhelm and deny the user of the AP by legit clients Domain Reputation - The overall "health" of your branded domain as interpreted by mailbox providers. Macroinstruction (Macro) - A programmable pattern which translates a certain sequence of input into a preset sequence of output. Structured Threat Information eXpression (STIX) - An XML structured language for expressing and sharing threat intelligence. Trusted Automated eXchange of Indicator Information (TAXII) - An application protocol for exchanging CTI over HTTPS. Request for Comments (RFC) - A document published by the IETF that details information about standardized Internet protocols and those in various development stages. Data Exfiltration - Unauthorized transfer of data from an organization to a location controlled by an attacker. Data Sovereignty - A term that refers to the legal implications of data stored in different countries. It is primarily a concern related to backups stored in alternate locations via the cloud. Hot Site - A backup, fully equipped facility where the company can move immediately after a disaster and resume business 52 Warm Site - A backup facility with computer equipment that requires installation and configuration. Cold Site - A backup facility that does not have any computer equipment, but is a place where employees can move after a disaster Honeyfiles - A file pretending to be legitimate, in order to detect malicious activity. Data Normalization - The process of decomposing relations with anomalies to produce smaller, well-structured relations. Stored Procedures - SQL statements written and stored on the database that can be called by applications. Compiler - A computer program created to read an entire program and convert it into a lower-level language and ultimately to assembly language used by the processor.