Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Cybersecurity Terminology and Concepts, Exams of Advanced Education

A comprehensive overview of cybersecurity terms and concepts, including certificate authority, exploit, firewall, forensic examination, gateway, governance, IP security, IT governance, mobile device, multifactor authentication, NIST, network traffic analysis, nonrepudiation, OSI model, OWASP, password, penetration testing, phishing, policy, port scanning, and public key infrastructure. Useful for students, professionals, and lifelong learners interested in cybersecurity fundamentals.

Typology: Exams

2023/2024

Available from 09/17/2024

examguide
examguide šŸ‡ŗšŸ‡ø

4.7

(22)

7.6K documents

Partial preview of the text

Download Cybersecurity Terminology and Concepts and more Exams Advanced Education in PDF only on Docsity!

CSX Study Guide

Acceptable Interruption Window - Answer - The maximum period of time that a system can be unavailable before compromising the achievement of the enterprise's business objectives. Acceptable Use Policy - Answer - A policy that establishes an agreement between users and the enterprise and defines for all parties the ranges of use that are approved before gaining access to a network or the Internet. Access Control list - Answer - An internal computerized table of access rules regarding the levels of computer access permitted to logon ID's and computer terminals. Access Path - Answer - The logical route that an end user takes to access computerized information. Typically includes a route through the OS, telecomm software, selected application software and the access control system. Access Rights - Answer - The permission or privileges granted to users, programs, or workstations to create, change, delete, or view data and files within a system , as defined by rules established by data owners and the information security policy. Accountability - Answer - The ability to map a given activity or event back to the responsible party. Advanced Encryption Standard - Answer - A public algorithm that supports keys from 128 bits to 256 bits in size. Advanced persistent threat - Answer - An adversary that possess sophisticated level of expertise and significant resources which allow it to create opportunities to achieve its objectives using multiple attack vectors. It pursues its objectives repeatedly over an extended period of time, it adapts to defenders efforts to resist it and is determined to maintain the level of interaction needed to execute its objectives Adversary - Answer - A threat agent Adware - Answer - A software package that automatically play displays or downloads advertising material to a computer after the software is installed on it or while the application is being used. Alert situation - Answer - The point in an emergency procedure when the elapsed time passes a threshold and the interuption is not resolved.

Alternate facilities - Answer - Locations and infrastructures from which emergency or backup processes are executed when the main premises are unavailable or destroyed; includes buildings offices or data processing centers. Alternate processes - Answer - Automatic or maual process designed and established to continure critical business processes from point of failute to return to normal. Analog - Answer - A transmission signal that varies continuously in amplitude and time and is generated in wave formation. Used in telecommunications. Anti-malware - Answer - A technology widely used to prevent, detect, and remoce many categories of malware including computer viruses, worms, trojans, keyloggere, malicious browser plug in, adware and spyware. Anti-virus software - Answer - An application software deployed at multiple points in an IT architecture to detect and potentially eliminate virus code before damage is done and repair or quarentine files that have already been infected. Application Layer - Answer - This provides services for an applicaiton program to ensure that effective communication with another application program in a network is possible. Architecture - Answer - Decription of the fundamental underlying design of the components of the business system or of one element of the business system, the relationships amoung them and the manner in which they support an enterprise. Asset - Answer - Something of either tangible or intangible value that is worth protecting Asymmetric key - Answer - A cipher technique used in which different cryptographic keys are tied to encrypt and decrypt a message. Attack - Answer - An actual occurance of an adverse effect Attack mechanism - Answer - A method used to deliver the payload and may involve an exploit delivering a payload to the target. Attack vector - Answer - A path or route used by the adversary to gain access to the target (asset) Two types: ingress and egress Attenuation - Answer - Reduction of signal strength during transmission Audit Trail - Answer - A visable trail of evidence enabling one to trace information contained in statements or reports back to the original input source. Authentication - Answer - The act of verifying the identity of a user and the users eligiability to access computerized information.

Authenticity - Answer - Undisputed authorship. Availability - Answer - Ensuring timely and reliable access to and use of info Back Door - Answer - A means of regaining access to a compromised system by installing software of configuring exiting software to enable remote access under attacker defined conditions Bandwidth - Answer - The range between the highest and lowest transmitable frequencies. It equates to the transmission capactiy of an electronic line and is expressd in bytes per second or Hertz(cycles per second) Bastion - Answer - System heaviliy fortified against attacks Biometrics - Answer - A security technique that verifies an indiviuals identity by analyzing a unique physical attriubte such as a handprint Block cipher - Answer - A public algorithm that operates on plaintext in blocks, strings or groups of bits Botnet - Answer - A term dervived from the robot network is a large automated and distributed network of previously compromised computers that can be simultaneously controlled to launch a large scale attacks such as a DOS attack on selected victims. Boundary - Answer - Logical and physical controls to define a perimeter between the org and the outside world Bridges - Answer - Data link layer devices developed in the 80's to connect LAN's or to create two seperate LANs or WAN network segments from a single segment to reduce colision domains. Acts as a store and forward devices in moving frames toward their destination achieved by analyzing the MAC header of a data packet which represents the hardware address of an NIC. BYOD - Answer - An enterprise policy used to permit partial or full integration of user owned mobile devices for busines purposes. Broadcast - Answer - A method to distribute info to multiple recipents simultaneoulsy Brute Force - Answer - A class of algorithms that repeatedy try al possible combinations until a solution is found Brute force attack - Answer - Repeatedly tryng all possible combinations of passwords or encryptions keys until the correct one is found. Buffer overflow - Answer - Occurs when a program or process tries to store more date in a bufffer than it was intended to hold.

Business Continuity Plan - Answer - A plan used by an enterprise to respond to disruption of critical business processes. Business Impact analysis/assessment (BIA) - Answer - Evaulating the criticality and sensitivity of information assets. Certificate authority - Answer - A trusted third party that serves authentication infrastructurese or enterprises and registers entities and issues them certificates Ceritificate revocation list - Answer - An instrument for checking the continuted validity of the certificated for which the certification authority has responsiblity. Chain of custody - Answer - A legal prnciple regarding the validity and integrity of evidence Checksum - Answer - A mathmatical value that is assigned to a file and used to test the file at a later date to erify that the data contrained in the file has not been changed. CISO - Answer - The person in charge of information security within the enterprise CSO - Answer - The person responsible for all security matters both physical and digital in an enterprise Cipher - Answer - An algorithm to perform encryption Ciphertext - Answer - Info generated by an encrpytion algorithm t protect the plaintext and that is unintelligble to the unauthorized reader Cleartext - Answer - Data that is not encrypted Cloud computing - Answer - Convenient on demand network access to a shared pool of reousrces that can be rapidly provisioned and released with minimal management effort or service provider interaction Collision - Answer - The situation occurs when two or more demands are made simultaneously on equipmwnt that can handle only one at any given instant Common attack pattern enumeration and classification(CAPEC) - Answer - A catalog of attack patterns as an abstraction mechanism for helping describe how an attack against vulnerable systems or networks is executed Compartmentalization - Answer - A process for protecting very high value assets or in evironments where trust is an issue. Access to an asset requires two or more processes controls or individuals

Compliance - Answer - Adherence to and the ability to demonstrate adherence to, mandated reuqirements defined by laws and regualtions as well as voluntary requirements from contractual obligations and internal policies. Compliance documents - Answer - Policies, standards and procedures that document the actions that are required or prohibited Computer emergency response team - Answer - A group of people integrate at the enterprise with clear lines of reporting and responsibilities for standby support in case of an information systems emergency. Computer forensics - Answer - The application of the scientfic method to digital media to establish factual inforamtion for judicial review. Often involves investigating computer systems to determine whether they are used for illegsl activities. Confidentiality - Answer - Preserving authorized restrictions on access and disclosure including means for protecting privacy and proprietary information Configuration management - Answer - The control of changes to a set of configuration items over a system life cycle Consumerization - Answer - A new model on which emerging tech are first embraced by the consumer market and later spread to the business Containment - Answer - Actions taken to limit exposure after an incident has been indentified and confirmed Content Filtering - Answer - Controlling access to a network by analyzing the contenct of the incoming and outgoing packets and either letting them pass or denying them based on alist of rules. Control - Answer - The means of managing a risk Countermeasure - Answer - Any process that directly reduces a threat or vulnerability Critical Infrasturcture - Answer - Systems who incapacity or destruction would hve a debilitatin effect on he economic security of an entetrprise, community or nation Criticality - Answer - The importance of a particular asset of function to the enterprise and the impact i that asset or fucntion is not available Criticality analysis - Answer - An analysis to evaluate resources or business functions to identify their importance to the enterprise and if the impact if a function cannot be completed or a resource is not available

Cross-site scripting - Answer - A type of injection in which malicious scripts are injected into otherwise benign and trusted websites. XXS Attack - Answer - Occur when an attacker uses a web app to send malicious code in the form of a browser side script to a different end user Cryptography - Answer - The art of desiging analyzing and attacking cryptographic schemes Cryptosystem - Answer - A pair of algorithms that take a key and convert plaintext to ciphertext and back Cybercop - Answer - An investigator of activity related to cyber crime Cyberespionage - Answer - Activities conducted in the name of security, business, politics or tech to find info that ought to remain secret. Cybersecurity - Answer - The protection of information assets by addressing threats to information processed, stored and transported by internetworked info systems. Cybersecurity Architecture - Answer - Describes the structure, components and topology(connections and layout) of security controls within an enterprise's IT infrastructure. Cyberwarfare - Answer - Activities supported by military organizations with the purpose to threat the survival and well being of society/foreign entitiy Data classification - Answer - The assignment of a level of sensitivity to date that results in the specification of controls for each level of classification. Data custodian - Answer - The individuals and department responsible for the storage and safegaurding of computerized data. Data encryption standard - Answer - An algorithm for encoding binary data Data leakage - Answer - Siphoning out or leaking info by dumping computer files or stealing computer reports and tapes Data owner - Answer - The individual who has responsiblity for the intergrity, accurate reporting and use of computerized data Data retention - Answer - Refers to the policies that govern data and records management for meeting internal and legal and reg data archival requirements Database - Answer - A stored collection of related data needed by enterprises and individuals to meet their information processing and retrval requirements

Decentralization - Answer - The process of distributing computer processing to different locations within an enterprise Decrpyption - Answer - A technique used to recover the original plaintext from the ciphertext so that it is intelligable to the reader. Decryption key - Answer - A digital piece of info used to recover plaintext from the corresponding ciphertext by decryption Defense in Depth - Answer - The practice of layering defenses to provide added protection, DMZ Demilitarized Zone - Answer - A screened fire walled network segment that acts as a buffer line between trusted and untrusted network. Specifically used to house systems such as web servers that must be accessible from both internal networks and the internet DOS Attack - Answer - An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significalty lower rate Digital certificate - Answer - A piece of info digitalized form of signiture, that provides sender authenticity, message integrity and rerepudiation. A digital signiture is generated using the senders private key or applying a one way hash funaction Digital Forensics - Answer - The process of identifying preserving analyzing and presenting digital evidence in a manner that is legally acceptable in any legal proceedings Digital Signature - Answer - A piece of information a digitized form of signature that provides sender authenticity message integrity and non repudiation, generated using the sender's private key or appying one way hash function Disaster - Answer - A sudden unplanned event causing great damage or loss DRP-Disaster Recovery PLAN - Answer - A set of human physical technical and proceudrak resources to reover within a defined time and cost an activity interupted by an emergency or disaster DAC discretionary access control - Answer - A means of restricting access to objects based on the identity of subjects and or groups to which they belong DNS Domain Name System - Answer - A hierarchical database that is distributed across the internet that allows names to be resolved into IP addresses to locate services such as web and email servers

DNS Domain Name System Exfiltration - Answer - Tunneling over DNS to gain network access. Lower level attack vector for simple to complex data transmission, slow but difficult to detect Due Care - Answer - The level of care expected from a reasonable person of similar compentany under similar conditions Due dilligence - Answer - The performance of those action that are generally regarded as prudent responsible and necessary to conduct a thorough and objective investigation, review or analysis Dynamic ports - Answer - Dynamic and or private ports Eavesdropping - Answer - Listening to private communcations without permission Ecommerce - Answer - The process by which enterprises conduct busniess electronically with their customers suppliers and other external business partners using the Internet as an enabling tech Egress - Answer - Network Communications going out Elliptical Curve Cryptography ECC - Answer - An algorithm that combines plane geometry with algebra to achieve stronger authentication with smaller keys compared to traditional methods, such as RSA which is primarily use algebraic factoring. Encapsulation Security Payload - Answer - Protocol which is designed to provide a mix of security services in IPv4 and IPv6. Can be used to provide confidentiality data orgin authentication, connectinless integrity, an anti-replay service and limited traffice flow confidentiallity Encryption - Answer - The process of taking an unencrypted message(plaintext) and applying a mathmatical function to it (encryption algorithym key) and prodcuing an encrypted message (ciphertext) Encryption Algorithym - Answer - A mathmaticaly based function or cal that encrypts/decrypts data Encryption key - Answer - A piece of information in a digitized form , used by an encryption algorithm to convert the plaintext into the ciphertext Eradication - Answer - When containement measures have been deployed after an incident occures, the root cause of the incident must be indentified and removed from the network: methods include restoring backups to achieve a clean state of the system, removing the root cause, improving defenses and performing vulnerability analysis to find further potential damage from the same root cause

Ethernet - Answer - A popular network protocol and cabling scheme that uses a bus topology and carrier sense mulitple access/collision detection to prevent notwork failures or collisions when two devices try to access the network at the same time Event - Answer - Something that happens at a specific time and or place Evidence - Answer - Info the proves or disproves a stated issue Exploit - Answer - Full use of a vulnerabiility for the benefit of an attacker File Transfer Protocol (FTP) - Answer - A protocol used to transfer files over a transmission control protocol internet protocal network internet Firewall - Answer - A system or combination of systems that enforces a boundary between two or more networks, typically forming a barrier between a secure and an open environment such as the internet Forensic examination - Answer - The process of collecting assessing classifying and documenting digital evidence to assist in the identification of an offender and the method of compromise Freeware - Answer - Software avaible free of charge Gateway - Answer - A device (router, firewall) on a network that serves as an entrance to another network Governace - Answer - Ensures that stakeholder needs are evaluated to determine balanced agreed upon enterprise objectives to be achieved, setting direction athrough prioritization and decision making and monitoring performance and compliance against agreed on direction and objectives. Governace Risk Management and Compliance - Answer - A business tem used to group the three close realted disciplines responsible for the protection of assets and operations Guideline - Answer - A description of a particular way of accomplishing something that is less prescirptive than a procedure Hacker - Answer - An individual who attempts to gain unauthorized access to a computer system Hash function - Answer - An algorithm that maps or translates one set of bits into another so that a message yields the same result every time the algorithym is executed using the same message as input. It's not possible for a messge to be derived from the

result produced from an algorithm or to find two differen messages that produce the same hash result using the same algorithm Hash total - Answer - The total of any numeric data in a document or computer file, this total is checked against a control total of the same field to facilitate accuracy of processing. Hashing - Answer - Using a hash function to create valued or checksums that validate messgae integrity Honeypot - Answer - A specifically configure server also known as a decoy server designed to attract and montior intruders in a manner such that their action do not affect production system. Horizontal Defense in Depth - Answer - Controls are place in various place in the path to access an asset Hubs - Answer - A common connection point for devices in a network, these are used to connect segments of a local area network, and contains multiple ports. When a packet arrives at one port it is copied to the other port so that all segments of the LAN can see all packets Human Firewall - Answer - A person prepared to act as a network layer of defense through education and awareness Hypertest Transfer Protocol - Answer - A communication protal used to connect to servers on the WWW, primary function is to establish a connection with a web server and transmit hypertext markup language HTML, extensible markup language, or other pages to client browsers IEEE Institute of Electrical and Electronics - Answer - An org composed of engineers sienctists and students, best known for developing standards for the computer and electronics industry IEEE 802.11 - Answer - A family of specifications developed by the IEEE for WLAN tech, and is speciifed an over the air interface between a wireless client and a base station between two wireless clients Imaging - Answer - A process that allows one to obtain a bit fo bit copy of data to aviod damage of original data or inforamtion when multiple analyses may be formed. Impact - Answer - Magnitude of oss resulting from a threat exploiting a vulnerabililty Impact Analysis - Answer - A study to prioritize the criticality of info resources for the enterprise based on costs of adverse effects

Incident - Answer - Any event that is not part of the standard operation of a service and that causes or may cause an interuption to or a reduction in the quality of that service Incident response - Answer - The response of an enterprise to a disaster or other significant event that may significantly affect the enterprise its people or its ability to function productively: May include evacuation of a facility, initiation a DRP performing damage assestment and any other measures necessary to bring an enterprise to a more stable status Incident response plan - Answer - The operational component of incident management, and includes documented procedures and guidelines for defining the criticality of incidents, reporting and escalation process and recovery procedures Information security - Answer - Ensures that within the enterprise information is protected against dicolsure to unauthorized users(confidentiality), improper modication (integrity) and nonaccess when required (availablity) Information security program - Answer - The overall combination of technical, operational and procedural mesaures and management structures implemented to provide for the confidentiality, intergirty and availblity of info based on business requirements and risk analysis Information systems - Answer - The combination of strategic managerial and operational activities involved in gathering processing soring distrbuting and using info and its realted tech IAAS Infrastructure as a serice - Answer - offeres the capability to provision processing storage networks and other fundamental computing resources, enabling the customer to deploy and run arbitray software which can include the OS and applications Ingestion - Answer - A process to convert info extracted to a format that can be understood by investigaors Ingress - Answer - Network communications coming in Inherent Risk - Answer - The risk level or exposure without taking into account the actions that management has take or might take Injection - Answer - A general term for attack types which consist of injecting code which is ten interpreted and executed by the application (OWASP) Intagible Asset - Answer - An asset that is not physical Intergrity - Answer - The gaurding against improper info modification or destruction and includes ensuring info nonrepudiation and authenticity

Intellectual property - Answer - Intangible assets that belong to an enterprise for its exclusive uses, includes patnets, copyrights, etc International Standards Ord (ISO) - Answer - The world's largest dveloper of voluntary International Standards Internet Assigned Numbers Authority IANA - Answer - Responsible for the global coordination of the DNS root, IP addressing and other interet protocols Internet control message protocol ICMP - Answer - A set of protocols that allow systems to communicate info about the state of services on other systems. Internet Protocol IP - Answer - Speicifies the format of packets and the addressing scheme Internet Protocol Packet Spoofing - Answer - An attack using packets with the spoofed source Internet packets addresses. This techique exploits applications that use authentication based on IP addresses Internet Service Provider(ISP) - Answer - A third party that provides individuals and enterprises with access to the Internet and a variety of other Internet-related services Internetworked packet of Exchange - Answer - This is the Layer 3 of the open systems interconnect OSI model network protocol: Sequenced packet Exchange - Answer - This is the Layer 4 transport protocol that sits on top of the Internetworked packet of exchange (IOX) layer and provides connection oriented services between two nodes on the network Interrogation - Answer - Used to obtain prior indicators or relationships including phone numbers, IP addresses and names of individuals from extracted data Intruder - Answer - Individual or group gaining access to the network and its resources without permission Intrusion detection system (IDS) - Answer - Inspects network and host security acitivty to idnetify suspicious patterns that may indicate a network or system attack Instrustion Prevention - Answer - A preemptive approach to network security activity to identify potential threats and respond to them to stop or at leasr limit damage or disruption Intrustion Prevention System - Answer - A system designed to not only detect attacks but to prevent the intended victim host from being affected by the attacks

Investigation - Answer - The collection and analysis of evidene with the goal to identifying the perpertratos of an attack or unauthorized use of access IP Address - Answer - A unique binary number used to identify devices on a TCP/IP network IP Authentication header(Ah) - Answer - Protocol used to provide connectionless intergrity and data orgin authentication for IP datagrams, and to provide protection against replays IP Security - Answer - A set of protocols developed by the internet engineering task forece to support the secure exchange of packets IT governance - Answer - The responsibility of executives and the board of directoers; consists of the leadership org structures and processes that ensure the the enterprise'sIT sustains and extends the enterprises strategies and objectives Kernal Mode - Answer - Used for execution of privledged instructions for the internal operation system, there are no protections from errors or malicious activity and all parts of the system and memory are accessible. Key length - Answer - The size of the encryption key measured in bits Key risk indicator KRI - Answer - A subset of risk indicators that are highly relevant and possess a high probablilty of prediciting or indicating important risk Keylogger - Answer - Software used to record all keystrokes on a computer Latency - Answer - The time it takes a system and network delay to rspond, and trieve data Network latency - Answer - Time it takes for a acket to travel from source to the final destination Layer 2 switches - Answer - Data link level devices that canivide and interconnect network segments and help to reduce collision domains in Ethernet based networks Layer 3 and 4 switches - Answer - Switches with operating capabilities at layer 3 and 4 of the OSI model, that look at the incoming packets networking protocol, ie IP and then compare the destination IP addresses to the list of addresses in their tables to actively calc the best way to send a packet its destination Layer 4-7 switches - Answer - Used for load balancing amoung groups of servers, also known as content switches content services switches web switches or application switches

Legacy System - Answer - Outdated computer systems Likelihood - Answer - The probability of something happening LAN - Answer - Communication network that serves serveral users within a specified geographic area. Log - Answer - To record details of information or events in an org record keeping system, usually sequenced in the order in which they occured Logical Access - Answer - Ability to interact with computer resources granted using identification, authentication and authorization Logica Access Controls - Answer - The policies procedures org structure and electronic access controls designed to restrict access to computer software and data files Media Access Control Address - Answer - A unique identifier assigned to network interfaces for communications on the phyical network segment MAC header - Answer - Represents the hardware address of an network interface (NIC) inside a data packet Mail relay server - Answer - An electronic mail (email0 server that relays messages so that sender nor the reciepient is a local user Mainframe - Answer - A large high speed computer especially one supporting numerous workstations or peripherals Malware - Answer - Designed to infiltrate damage damage or obtain info from a computer system without the owner's consent. Commonly taken to include virus's worms, trojan horse, spyware and adware. MAC Mandatory Access Control - Answer - A means of restriciting access to data based on varying degrees of security requirements for info contained in the objects and the corresponding security clearance of users or programs acting on their behalf Man in the middle attack - Answer - An attack strategy in which the attacker intercepts the communcation stram between two parts of the victim system and then replaces the traffic between the two components with the intruder;s own, eventually assuming control of the communication Masking - Answer - A computerized technique of blocking out the display of sensitive info such as passwords in a computer terminal or report Message authentication code - Answer - An American National Standards Institute standard checksum that is computed using data encryption standard (DES)

Message Digest - Answer - A smaller extrapolated version of the original message created using a message digest algorithm Message Digest Algorithm - Answer - SHA1,MD2, MD4, and MD5. These algorithms are one way funtions unlike private and public key encryption algorithms, and they take a message of arbitary length and product a 128 bit message digest Metropolitan Area Network - Answer - A data network intended to serve an area the size of a large city Miniature fragent attack - Answer - Using this method an attacker fragments the IP packet into smaller ones and pushes it through the firewall in the hope that only the first of the sequence of fragemented packets would be examined and the others would pass without review Mirrored site - Answer - An alternate site that contains the same info as the orignial, and these are set up for backup and DR and to balance the traffic load for numerous download requests. Mobile Deivce - Answer - A small handheld devices typically having a display screen with touch input and or a mini keyboard weighing less than 2 lbs Mobile site - Answer - The use of a mobile/temo facility to server as a business resumption location, The facility can usually be delivered to any site and can house info tech and staff Monitoring policy - Answer - Rules outlining or delinating the wat in which info about the use of computers networks appliations and info is captured and interpreteed Multifactor authentication - Answer - A combo of more than one authentication methid such as a token and password(or personal identification number PIN) or token and biometric device National Institute for Standards and Tech (NIST) - Answer - Develops and test, test methods, ref data, proof od concept implementations, and tech anaylses to advance the development and productive used of info tech. Network basic input out put system - Answer - A program that allows applications on different computers to commnication Network Address Translation (NAT) - Answer - A method of modifying network address info in datagram packet headers while they are in transit across a traffic routing device for the purpose of remapping on of the IP address space into another

Network Interface Card - Answer - A communication card that when inserted into a computer, allows it to communicate with other computers on a network Network News Transfer Protocol - Answer - Used for the distribution inquiry retrieval and posting of Netnews articles using a reliable stream based mechansim Network Segmentation - Answer - A common technique that segments an orgs network into seperate zones that can be separelty controlled , montiored and protected Network Traffic Analysis - Answer - Identifies patterns in network communications Nonintrusive monitoring - Answer - The use of transported probes or traces to assemble info track traffic and identify vulnerabilities Nonrepudiation - Answer - The assurance that a party cannot later deny originating data; provision of proof of the integrity and the orgin of the data and that can be verified by a third party, an example is a digital signiture Normalization - Answer - The elimination of redundant data Obfuscation - Answer - The deliberate act of creating source of machine code that is difficult for humans to understand Open Systems Interconnect Model OSI - Answer - a 7 layer model for the design of a network that interconnect and define the groups of functionality required to network computers into layers, each layer implements a standard protcol to implement its functionality Operating Systems - Answer - A master control program that runs the computer and acts as a scheduler and traffic controller Open Web Application Security Project (OWASP) - Answer - An open community dedicated to enabling orgs to concieve develop acquire and maintain apps that can be controlled Outcome Measure - Answer - Reps the consequences of actions previousy taken; often referred to as a lag indicato. This focus in results at the end of a time period and characterizes historic performance, also referred to as a key goal indicatoy used to indicate whether goals have been met, can only be measured after the fact Outsourcing - Answer - A formal agreement with a third party to perform IS or other usiness functions for an enterprise Packet - Answer - Data unit that is routed from source to destination in a packet switched network, this contains both routing info and data.

Packet filtering - Answer - Controlling access to a network by analyzing the attributes of the incoming an outgoing packets and either letting them pass or deny based on a list of rules Packet switching - Answer - The process of transmitting messages in convientnet pieces that can be reassembled at the destintation Passive response - Answer - A response option in intrusion detection in which the ststem simply reports and records the porblem etected relying on the user to take subserquent action Password - Answer - A protected generally computer encrypted string of characters that authenticate a computer user to the computer system Password cracker - Answer - A tool that tests the strength of the user passwords by seraching for passwords that are easy to guess. It repeatedly tries words from specially crated dictionaries and often also generate thousands/millions of permuations of characters numbers and symbols Patch - Answer - Fixes to software programming errors and vulnerabilites Patch Managment - Answer - An area of systems management that involces acquiring testin instaling multiple patches(code changes) to and administereed computer system in order to maintain up to date software and often to address security risk Payload - Answer - The sectionof fundamental data in atransmission. In mal software this referes to the section containing the harmful data/code Pen testing - Answer - A live test of the effectiveness of security defenses through mimiking the actions of real life attackers PIN personal Identification Number - Answer - A type of password secret number assignedot an individual that in conjusnction with smw means of identygin the individual serves to verify the authencity of the individual Phishing - Answer - This is a type of email attack that attempts to convince a user that originator is genuine but twith the intention of obtaining info for use in social engineering Plain old telephone services (POTS) - Answer - A wired telecommunications system Platform as a service - Answer - Offers the capability to deploy onto the cloud infrastructure customer-create or aquired applications that are created using progreamming languages nd tols supported by the provider Policy - Answer - Generally a document that records a high leve principle or course of action that has been decided on. The intended purpose is to influence and guide both

present and future decision making to be in with the objectives established by the enterprises' s managemetn teams Port - Answer - A process or application-specific software element serving as a commnication end point for the transport layer IP protocols Port scanning - Answer - The act of probing a system to identify open ports Prime number - Answer - A natural number greater than 1 that can only be divided by 1 and itself Principle of least privledge/access - Answer - Controls used to allow the least privledge access needed to complete a task Privacy - Answer - Freedom from unauthorized intrusion or disclousre of info about an individual probe Probe - Answer - Inspect a network of system to find weak spots Procedure - Answer - A document containing a detailed description of the steps necessary to perform specific operations in cinformace with applicable standards, part of processes Protocol - Answer - The rules by which a network operate and controls the golw and prioirty of transmsisions Proxy Server - Answer - A server that acts on behalf of a user, typically access a connection from a user makes a decision as to whether the user or client IP address is permitted to use the proxy perhaps perform additional authentication and complete a connection to a remote destination n half of the user Public ket encryption - Answer - A cryptographic system that uses two keys:one is a public key an one is a private or secret ey, which is only known to the recipent of the message Public key infrastructure(PKI) - Answer - A series of processes and tech for the association of cryptographic keys with the entity to whom those keys were issued Pblic switched telephone network (PSTN) - Answer - A communications system that set up a dedicated channel between two points for the duration of the transmission Ransomware - Answer - Malware that restricts access to the compromised systems until a ransom demnad is satidfied Reciprocal Agreement - Answer - Emergency processing agreement beteen two or more enterprises with similar equipmenet or applications.

Recovery - Answer - The phase in the incident response plan that ensures that affected systems or servuces are restored to a condition specified in the service delivry objectives (SDO's) or business continuity plan(BCP) Recovery Action - Answer - Execution of a response or task according to a written procedure Recovery pint objective (RPO) - Answer - Determined baed on the acceptable data loss in case of a disruption of operations Recovery time objective (RTO) - Answer - The amount of time allowed for the recovery of a busienss function or resource after a disaster Redundant site - Answer - A recovery strategy involving the duplication of key IT components including data or other key business processes or programs executed by ordinary uers Registered ports - Answer - 1024 - 49151 listed by the IANA and on most sytems can be used by ordinary user pricesses or prgrams executed by ordinary users Registration authority - Answer - The indivaudal institution that validates an entity's proof of indentify and ownership of a key pair Regulation - Answer - Rules or laws that regulate onduct and that the enterpprise must obey to become compliant