Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
A comprehensive overview of various cybersecurity terms and concepts, including definitions and explanations of key terms such as chain of custody, checksum, ciso, cso, cipher, ciphertext, cleartext, cloud computing, and more. A valuable resource for understanding the fundamental aspects of cybersecurity.
Typology: Exams
1 / 25
Acceptable Interruption Window - correct answer ✔✔The maximum period of time that a system can be unavailable before compromising the achievement of the enterprise's business objectives. Acceptable Use Policy - correct answer ✔✔A policy that establishes an agreement between users and the enterprise and defines for all parties the ranges of use that are approved before gaining access to a network or the Internet. Access Control list - correct answer ✔✔An internal computerized table of access rules regarding the levels of computer access permitted to logon ID's and computer terminals. Access Path - correct answer ✔✔The logical route that an end user takes to access computerized information. Typically includes a route through the OS, telecomm software, selected application software and the access control system. Access Rights - correct answer ✔✔The permission or privileges granted to users, programs, or workstations to create, change, delete, or view data and files within a system , as defined by rules established by data owners and the information security policy. Accountability - correct answer ✔✔The ability to map a given activity or event back to the responsible party. Advanced Encryption Standard - correct answer ✔✔A public algorithm that supports keys from 128 bits to 256 bits in size. Advanced persistent threat - correct answer ✔✔An adversary that possess sophisticated level of expertise and significant resources which allow it to create opportunities to achieve its objectives using multiple attack vectors. It pursues its objectives repeatedly over an extended period of time, it adapts to defenders efforts to resist it and is determined to maintain the level of interaction needed to execute its objectives
Adversary - correct answer ✔✔A threat agent Adware - correct answer ✔✔A software package that automatically play displays or downloads advertising material to a computer after the software is installed on it or while the application is being used. Alert situation - correct answer ✔✔The point in an emergency procedure when the elapsed time passes a threshold and the interuption is not resolved. Alternate facilities - correct answer ✔✔Locations and infrastructures from which emergency or backup processes are executed when the main premises are unavailable or destroyed; includes buildings offices or data processing centers. Alternate processes - correct answer ✔✔Automatic or maual process designed and established to continure critical business processes from point of failute to return to normal. Analog - correct answer ✔✔A transmission signal that varies continuously in amplitude and time and is generated in wave formation. Used in telecommunications. Anti-malware - correct answer ✔✔A technology widely used to prevent, detect, and remoce many categories of malware including computer viruses, worms, trojans, keyloggere, malicious browser plug in, adware and spyware. Anti-virus software - correct answer ✔✔An application software deployed at multiple points in an IT architecture to detect and potentially eliminate virus code before damage is done and repair or quarentine files that have already been infected. Application Layer - correct answer ✔✔This provides services for an applicaiton program to ensure that effective communication with another application program in a network is possible. Architecture - correct answer ✔✔Decription of the fundamental underlying design of the components of the business system or of one element of the business system, the relationships amoung them and the manner in which they support an enterprise.
Asset - correct answer ✔✔Something of either tangible or intangible value that is worth protecting Asymmetric key - correct answer ✔✔A cipher technique used in which different cryptographic keys are tied to encrypt and decrypt a message. Attack - correct answer ✔✔An actual occurance of an adverse effect Attack mechanism - correct answer ✔✔A method used to deliver the payload and may involve an exploit delivering a payload to the target. Attack vector - correct answer ✔✔A path or route used by the adversary to gain access to the target (asset) Two types: ingress and egress Attenuation - correct answer ✔✔Reduction of signal strength during transmission Audit Trail - correct answer ✔✔A visable trail of evidence enabling one to trace information contained in statements or reports back to the original input source. Authentication - correct answer ✔✔The act of verifying the identity of a user and the users eligiability to access computerized information. Authenticity - correct answer ✔✔Undisputed authorship. Availability - correct answer ✔✔Ensuring timely and reliable access to and use of info Back Door - correct answer ✔✔A means of regaining access to a compromised system by installing software of configuring exiting software to enable remote access under attacker defined conditions Bandwidth - correct answer ✔✔The range between the highest and lowest transmitable frequencies. It equates to the transmission capactiy of an electronic line and is expressd in bytes per second or Hertz(cycles per second)
Bastion - correct answer ✔✔System heaviliy fortified against attacks Biometrics - correct answer ✔✔A security technique that verifies an indiviuals identity by analyzing a unique physical attriubte such as a handprint Block cipher - correct answer ✔✔A public algorithm that operates on plaintext in blocks, strings or groups of bits Botnet - correct answer ✔✔A term dervived from the robot network is a large automated and distributed network of previously compromised computers that can be simultaneously controlled to launch a large scale attacks such as a DOS attack on selected victims. Boundary - correct answer ✔✔Logical and physical controls to define a perimeter between the org and the outside world Bridges - correct answer ✔✔Data link layer devices developed in the 80's to connect LAN's or to create two seperate LANs or WAN network segments from a single segment to reduce colision domains. Acts as a store and forward devices in moving frames toward their destination achieved by analyzing the MAC header of a data packet which represents the hardware address of an NIC. BYOD - correct answer ✔✔An enterprise policy used to permit partial or full integration of user owned mobile devices for busines purposes. Broadcast - correct answer ✔✔A method to distribute info to multiple recipents simultaneoulsy Brute Force - correct answer ✔✔A class of algorithms that repeatedy try al possible combinations until a solution is found Brute force attack - correct answer ✔✔Repeatedly tryng all possible combinations of passwords or encryptions keys until the correct one is found. Buffer overflow - correct answer ✔✔Occurs when a program or process tries to store more date in a bufffer than it was intended to hold.
Business Continuity Plan - correct answer ✔✔A plan used by an enterprise to respond to disruption of critical business processes. Business Impact analysis/assessment (BIA) - correct answer ✔✔Evaulating the criticality and sensitivity of information assets. Certificate authority - correct answer ✔✔A trusted third party that serves authentication infrastructurese or enterprises and registers entities and issues them certificates Ceritificate revocation list - correct answer ✔✔An instrument for checking the continuted validity of the certificated for which the certification authority has responsiblity. Chain of custody - correct answer ✔✔A legal prnciple regarding the validity and integrity of evidence Checksum - correct answer ✔✔A mathmatical value that is assigned to a file and used to test the file at a later date to erify that the data contrained in the file has not been changed. CISO - correct answer ✔✔The person in charge of information security within the enterprise CSO - correct answer ✔✔The person responsible for all security matters both physical and digital in an enterprise Cipher - correct answer ✔✔An algorithm to perform encryption Ciphertext - correct answer ✔✔Info generated by an encrpytion algorithm t protect the plaintext and that is unintelligble to the unauthorized reader Cleartext - correct answer ✔✔Data that is not encrypted
Cloud computing - correct answer ✔✔Convenient on demand network access to a shared pool of reousrces that can be rapidly provisioned and released with minimal management effort or service provider interaction Collision - correct answer ✔✔The situation occurs when two or more demands are made simultaneously on equipmwnt that can handle only one at any given instant Common attack pattern enumeration and classification(CAPEC) - correct answer ✔✔A catalog of attack patterns as an abstraction mechanism for helping describe how an attack against vulnerable systems or networks is executed Compartmentalization - correct answer ✔✔A process for protecting very high value assets or in evironments where trust is an issue. Access to an asset requires two or more processes controls or individuals Compliance - correct answer ✔✔Adherence to and the ability to demonstrate adherence to, mandated reuqirements defined by laws and regualtions as well as voluntary requirements from contractual obligations and internal policies. Compliance documents - correct answer ✔✔Policies, standards and procedures that document the actions that are required or prohibited Computer emergency response team - correct answer ✔✔A group of people integrate at the enterprise with clear lines of reporting and responsibilities for standby support in case of an information systems emergency. Computer forensics - correct answer ✔✔The application of the scientfic method to digital media to establish factual inforamtion for judicial review. Often involves investigating computer systems to determine whether they are used for illegsl activities. Confidentiality - correct answer ✔✔Preserving authorized restrictions on access and disclosure including means for protecting privacy and proprietary information
Configuration management - correct answer ✔✔The control of changes to a set of configuration items over a system life cycle Consumerization - correct answer ✔✔A new model on which emerging tech are first embraced by the consumer market and later spread to the business Containment - correct answer ✔✔Actions taken to limit exposure after an incident has been indentified and confirmed Content Filtering - correct answer ✔✔Controlling access to a network by analyzing the contenct of the incoming and outgoing packets and either letting them pass or denying them based on alist of rules. Control - correct answer ✔✔The means of managing a risk Countermeasure - correct answer ✔✔Any process that directly reduces a threat or vulnerability Critical Infrasturcture - correct answer ✔✔Systems who incapacity or destruction would hve a debilitatin effect on he economic security of an entetrprise, community or nation Criticality - correct answer ✔✔The importance of a particular asset of function to the enterprise and the impact i that asset or fucntion is not available Criticality analysis - correct answer ✔✔An analysis to evaluate resources or business functions to identify their importance to the enterprise and if the impact if a function cannot be completed or a resource is not available Cross-site scripting - correct answer ✔✔A type of injection in which malicious scripts are injected into otherwise benign and trusted websites. XXS Attack - correct answer ✔✔Occur when an attacker uses a web app to send malicious code in the form of a browser side script to a different end user
Cryptography - correct answer ✔✔The art of desiging analyzing and attacking cryptographic schemes Cryptosystem - correct answer ✔✔A pair of algorithms that take a key and convert plaintext to ciphertext and back Cybercop - correct answer ✔✔An investigator of activity related to cyber crime Cyberespionage - correct answer ✔✔Activities conducted in the name of security, business, politics or tech to find info that ought to remain secret. Cybersecurity - correct answer ✔✔The protection of information assets by addressing threats to information processed, stored and transported by internetworked info systems. Cybersecurity Architecture - correct answer ✔✔Describes the structure, components and topology(connections and layout) of security controls within an enterprise's IT infrastructure. Cyberwarfare - correct answer ✔✔Activities supported by military organizations with the purpose to threat the survival and well being of society/foreign entitiy Data classification - correct answer ✔✔The assignment of a level of sensitivity to date that results in the specification of controls for each level of classification. Data custodian - correct answer ✔✔The individuals and department responsible for the storage and safegaurding of computerized data. Data encryption standard - correct answer ✔✔An algorithm for encoding binary data Data leakage - correct answer ✔✔Siphoning out or leaking info by dumping computer files or stealing computer reports and tapes Data owner - correct answer ✔✔The individual who has responsiblity for the intergrity, accurate reporting and use of computerized data
Data retention - correct answer ✔✔Refers to the policies that govern data and records management for meeting internal and legal and reg data archival requirements Database - correct answer ✔✔A stored collection of related data needed by enterprises and individuals to meet their information processing and retrval requirements Decentralization - correct answer ✔✔The process of distributing computer processing to different locations within an enterprise Decrpyption - correct answer ✔✔A technique used to recover the original plaintext from the ciphertext so that it is intelligable to the reader. Decryption key - correct answer ✔✔A digital piece of info used to recover plaintext from the corresponding ciphertext by decryption Defense in Depth - correct answer ✔✔The practice of layering defenses to provide added protection, DMZ Demilitarized Zone - correct answer ✔✔A screened fire walled network segment that acts as a buffer line between trusted and untrusted network. Specifically used to house systems such as web servers that must be accessible from both internal networks and the internet DOS Attack - correct answer ✔✔An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significalty lower rate Digital certificate - correct answer ✔✔A piece of info digitalized form of signiture, that provides sender authenticity, message integrity and rerepudiation. A digital signiture is generated using the senders private key or applying a one way hash funaction Digital Forensics - correct answer ✔✔The process of identifying preserving analyzing and presenting digital evidence in a manner that is legally acceptable in any legal proceedings
Digital Signature - correct answer ✔✔A piece of information a digitized form of signature that provides sender authenticity message integrity and non repudiation, generated using the sender's private key or appying one way hash function Disaster - correct answer ✔✔A sudden unplanned event causing great damage or loss DRP-Disaster Recovery PLAN - correct answer ✔✔A set of human physical technical and proceudrak resources to reover within a defined time and cost an activity interupted by an emergency or disaster DAC discretionary access control - correct answer ✔✔A means of restricting access to objects based on the identity of subjects and or groups to which they belong DNS Domain Name System - correct answer ✔✔A hierarchical database that is distributed across the internet that allows names to be resolved into IP addresses to locate services such as web and email servers DNS Domain Name System Exfiltration - correct answer ✔✔Tunneling over DNS to gain network access. Lower level attack vector for simple to complex data transmission, slow but difficult to detect Due Care - correct answer ✔✔The level of care expected from a reasonable person of similar compentany under similar conditions Due dilligence - correct answer ✔✔The performance of those action that are generally regarded as prudent responsible and necessary to conduct a thorough and objective investigation, review or analysis Dynamic ports - correct answer ✔✔Dynamic and or private ports Eavesdropping - correct answer ✔✔Listening to private communcations without permission Ecommerce - correct answer ✔✔The process by which enterprises conduct busniess electronically with their customers suppliers and other external business partners using the Internet as an enabling tech
Egress - correct answer ✔✔Network Communications going out Elliptical Curve Cryptography ECC - correct answer ✔✔An algorithm that combines plane geometry with algebra to achieve stronger authentication with smaller keys compared to traditional methods, such as RSA which is primarily use algebraic factoring. Encapsulation Security Payload - correct answer ✔✔Protocol which is designed to provide a mix of security services in IPv4 and IPv6. Can be used to provide confidentiality data orgin authentication, connectinless integrity, an anti-replay service and limited traffice flow confidentiallity Encryption - correct answer ✔✔The process of taking an unencrypted message(plaintext) and applying a mathmatical function to it (encryption algorithym key) and prodcuing an encrypted message (ciphertext) Encryption Algorithym - correct answer ✔✔A mathmaticaly based function or cal that encrypts/decrypts data Encryption key - correct answer ✔✔A piece of information in a digitized form , used by an encryption algorithm to convert the plaintext into the ciphertext Eradication - correct answer ✔✔When containement measures have been deployed after an incident occures, the root cause of the incident must be indentified and removed from the network: methods include restoring backups to achieve a clean state of the system, removing the root cause, improving defenses and performing vulnerability analysis to find further potential damage from the same root cause Ethernet - correct answer ✔✔A popular network protocol and cabling scheme that uses a bus topology and carrier sense mulitple access/collision detection to prevent notwork failures or collisions when two devices try to access the network at the same time Event - correct answer ✔✔Something that happens at a specific time and or place Evidence - correct answer ✔✔Info the proves or disproves a stated issue
Exploit - correct answer ✔✔Full use of a vulnerabiility for the benefit of an attacker File Transfer Protocol (FTP) - correct answer ✔✔A protocol used to transfer files over a transmission control protocol internet protocal network internet Firewall - correct answer ✔✔A system or combination of systems that enforces a boundary between two or more networks, typically forming a barrier between a secure and an open environment such as the internet Forensic examination - correct answer ✔✔The process of collecting assessing classifying and documenting digital evidence to assist in the identification of an offender and the method of compromise Freeware - correct answer ✔✔Software avaible free of charge Gateway - correct answer ✔✔A device (router, firewall) on a network that serves as an entrance to another network Governace - correct answer ✔✔Ensures that stakeholder needs are evaluated to determine balanced agreed upon enterprise objectives to be achieved, setting direction athrough prioritization and decision making and monitoring performance and compliance against agreed on direction and objectives. Governace Risk Management and Compliance - correct answer ✔✔A business tem used to group the three close realted disciplines responsible for the protection of assets and operations Guideline - correct answer ✔✔A description of a particular way of accomplishing something that is less prescirptive than a procedure Hacker - correct answer ✔✔An individual who attempts to gain unauthorized access to a computer system Hash function - correct answer ✔✔An algorithm that maps or translates one set of bits into another so that a message yields the same result every time the algorithym is executed using the same message as
input. It's not possible for a messge to be derived from the result produced from an algorithm or to find two differen messages that produce the same hash result using the same algorithm Hash total - correct answer ✔✔The total of any numeric data in a document or computer file, this total is checked against a control total of the same field to facilitate accuracy of processing. Hashing - correct answer ✔✔Using a hash function to create valued or checksums that validate messgae integrity Honeypot - correct answer ✔✔A specifically configure server also known as a decoy server designed to attract and montior intruders in a manner such that their action do not affect production system. Horizontal Defense in Depth - correct answer ✔✔Controls are place in various place in the path to access an asset Hubs - correct answer ✔✔A common connection point for devices in a network, these are used to connect segments of a local area network, and contains multiple ports. When a packet arrives at one port it is copied to the other port so that all segments of the LAN can see all packets Human Firewall - correct answer ✔✔A person prepared to act as a network layer of defense through education and awareness Hypertest Transfer Protocol - correct answer ✔✔A communication protal used to connect to servers on the WWW, primary function is to establish a connection with a web server and transmit hypertext markup language HTML, extensible markup language, or other pages to client browsers IEEE Institute of Electrical and Electronics - correct answer ✔✔An org composed of engineers sienctists and students, best known for developing standards for the computer and electronics industry IEEE 802.11 - correct answer ✔✔A family of specifications developed by the IEEE for WLAN tech, and is speciifed an over the air interface between a wireless client and a base station between two wireless clients
Imaging - correct answer ✔✔A process that allows one to obtain a bit fo bit copy of data to aviod damage of original data or inforamtion when multiple analyses may be formed. Impact - correct answer ✔✔Magnitude of oss resulting from a threat exploiting a vulnerabililty Impact Analysis - correct answer ✔✔A study to prioritize the criticality of info resources for the enterprise based on costs of adverse effects Incident - correct answer ✔✔Any event that is not part of the standard operation of a service and that causes or may cause an interuption to or a reduction in the quality of that service Incident response - correct answer ✔✔The response of an enterprise to a disaster or other significant event that may significantly affect the enterprise its people or its ability to function productively: May include evacuation of a facility, initiation a DRP performing damage assestment and any other measures necessary to bring an enterprise to a more stable status Incident response plan - correct answer ✔✔The operational component of incident management, and includes documented procedures and guidelines for defining the criticality of incidents, reporting and escalation process and recovery procedures Information security - correct answer ✔✔Ensures that within the enterprise information is protected against dicolsure to unauthorized users(confidentiality), improper modication (integrity) and nonaccess when required (availablity) Information security program - correct answer ✔✔The overall combination of technical, operational and procedural mesaures and management structures implemented to provide for the confidentiality, intergirty and availblity of info based on business requirements and risk analysis Information systems - correct answer ✔✔The combination of strategic managerial and operational activities involved in gathering processing soring distrbuting and using info and its realted tech IAAS Infrastructure as a serice - correct answer ✔✔offeres the capability to provision processing storage networks and other fundamental computing resources, enabling the customer to deploy and run arbitray software which can include the OS and applications
Ingestion - correct answer ✔✔A process to convert info extracted to a format that can be understood by investigaors Ingress - correct answer ✔✔Network communications coming in Inherent Risk - correct answer ✔✔The risk level or exposure without taking into account the actions that management has take or might take Injection - correct answer ✔✔A general term for attack types which consist of injecting code which is ten interpreted and executed by the application (OWASP) Intagible Asset - correct answer ✔✔An asset that is not physical Intergrity - correct answer ✔✔The gaurding against improper info modification or destruction and includes ensuring info nonrepudiation and authenticity Intellectual property - correct answer ✔✔Intangible assets that belong to an enterprise for its exclusive uses, includes patnets, copyrights, etc International Standards Ord (ISO) - correct answer ✔✔The world's largest dveloper of voluntary International Standards Internet Assigned Numbers Authority IANA - correct answer ✔✔Responsible for the global coordination of the DNS root, IP addressing and other interet protocols Internet control message protocol ICMP - correct answer ✔✔A set of protocols that allow systems to communicate info about the state of services on other systems. Internet Protocol IP - correct answer ✔✔Speicifies the format of packets and the addressing scheme
Internet Protocol Packet Spoofing - correct answer ✔✔An attack using packets with the spoofed source Internet packets addresses. This techique exploits applications that use authentication based on IP addresses Internet Service Provider(ISP) - correct answer ✔✔A third party that provides individuals and enterprises with access to the Internet and a variety of other Internet-related services Internetworked packet of Exchange - correct answer ✔✔This is the Layer 3 of the open systems interconnect OSI model network protocol: Sequenced packet Exchange - correct answer ✔✔This is the Layer 4 transport protocol that sits on top of the Internetworked packet of exchange (IOX) layer and provides connection oriented services between two nodes on the network Interrogation - correct answer ✔✔Used to obtain prior indicators or relationships including phone numbers, IP addresses and names of individuals from extracted data Intruder - correct answer ✔✔Individual or group gaining access to the network and its resources without permission Intrusion detection system (IDS) - correct answer ✔✔Inspects network and host security acitivty to idnetify suspicious patterns that may indicate a network or system attack Instrustion Prevention - correct answer ✔✔A preemptive approach to network security activity to identify potential threats and respond to them to stop or at leasr limit damage or disruption Intrustion Prevention System - correct answer ✔✔A system designed to not only detect attacks but to prevent the intended victim host from being affected by the attacks Investigation - correct answer ✔✔The collection and analysis of evidene with the goal to identifying the perpertratos of an attack or unauthorized use of access IP Address - correct answer ✔✔A unique binary number used to identify devices on a TCP/IP network
IP Authentication header(Ah) - correct answer ✔✔Protocol used to provide connectionless intergrity and data orgin authentication for IP datagrams, and to provide protection against replays IP Security - correct answer ✔✔A set of protocols developed by the internet engineering task forece to support the secure exchange of packets IT governance - correct answer ✔✔The responsibility of executives and the board of directoers; consists of the leadership org structures and processes that ensure the the enterprise'sIT sustains and extends the enterprises strategies and objectives Kernal Mode - correct answer ✔✔Used for execution of privledged instructions for the internal operation system, there are no protections from errors or malicious activity and all parts of the system and memory are accessible. Key length - correct answer ✔✔The size of the encryption key measured in bits Key risk indicator KRI - correct answer ✔✔A subset of risk indicators that are highly relevant and possess a high probablilty of prediciting or indicating important risk Keylogger - correct answer ✔✔Software used to record all keystrokes on a computer Latency - correct answer ✔✔The time it takes a system and network delay to rspond, and trieve data Network latency - correct answer ✔✔Time it takes for a acket to travel from source to the final destination Layer 2 switches - correct answer ✔✔Data link level devices that canivide and interconnect network segments and help to reduce collision domains in Ethernet based networks Layer 3 and 4 switches - correct answer ✔✔Switches with operating capabilities at layer 3 and 4 of the OSI model, that look at the incoming packets networking protocol, ie IP and then compare the
destination IP addresses to the list of addresses in their tables to actively calc the best way to send a packet its destination Layer 4-7 switches - correct answer ✔✔Used for load balancing amoung groups of servers, also known as content switches content services switches web switches or application switches Legacy System - correct answer ✔✔Outdated computer systems Likelihood - correct answer ✔✔The probability of something happening LAN - correct answer ✔✔Communication network that serves serveral users within a specified geographic area. Log - correct answer ✔✔To record details of information or events in an org record keeping system, usually sequenced in the order in which they occured Logical Access - correct answer ✔✔Ability to interact with computer resources granted using identification, authentication and authorization Logica Access Controls - correct answer ✔✔The policies procedures org structure and electronic access controls designed to restrict access to computer software and data files Media Access Control Address - correct answer ✔✔A unique identifier assigned to network interfaces for communications on the phyical network segment MAC header - correct answer ✔✔Represents the hardware address of an network interface (NIC) inside a data packet Mail relay server - correct answer ✔✔An electronic mail (email0 server that relays messages so that sender nor the reciepient is a local user
Mainframe - correct answer ✔✔A large high speed computer especially one supporting numerous workstations or peripherals Malware - correct answer ✔✔Designed to infiltrate damage damage or obtain info from a computer system without the owner's consent. Commonly taken to include virus's worms, trojan horse, spyware and adware. MAC Mandatory Access Control - correct answer ✔✔A means of restriciting access to data based on varying degrees of security requirements for info contained in the objects and the corresponding security clearance of users or programs acting on their behalf Man in the middle attack - correct answer ✔✔An attack strategy in which the attacker intercepts the communcation stram between two parts of the victim system and then replaces the traffic between the two components with the intruder;s own, eventually assuming control of the communication Masking - correct answer ✔✔A computerized technique of blocking out the display of sensitive info such as passwords in a computer terminal or report Message authentication code - correct answer ✔✔An American National Standards Institute standard checksum that is computed using data encryption standard (DES) Message Digest - correct answer ✔✔A smaller extrapolated version of the original message created using a message digest algorithm Message Digest Algorithm - correct answer ✔✔SHA1,MD2, MD4, and MD5. These algorithms are one way funtions unlike private and public key encryption algorithms, and they take a message of arbitary length and product a 128 bit message digest Metropolitan Area Network - correct answer ✔✔A data network intended to serve an area the size of a large city Miniature fragent attack - correct answer ✔✔Using this method an attacker fragments the IP packet into smaller ones and pushes it through the firewall in the hope that only the first of the sequence of fragemented packets would be examined and the others would pass without review
Mirrored site - correct answer ✔✔An alternate site that contains the same info as the orignial, and these are set up for backup and DR and to balance the traffic load for numerous download requests. Mobile Deivce - correct answer ✔✔A small handheld devices typically having a display screen with touch input and or a mini keyboard weighing less than 2 lbs Mobile site - correct answer ✔✔The use of a mobile/temo facility to server as a business resumption location, The facility can usually be delivered to any site and can house info tech and staff Monitoring policy - correct answer ✔✔Rules outlining or delinating the wat in which info about the use of computers networks appliations and info is captured and interpreteed Multifactor authentication - correct answer ✔✔A combo of more than one authentication methid such as a token and password(or personal identification number PIN) or token and biometric device National Institute for Standards and Tech (NIST) - correct answer ✔✔Develops and test, test methods, ref data, proof od concept implementations, and tech anaylses to advance the development and productive used of info tech. Network basic input out put system - correct answer ✔✔A program that allows applications on different computers to commnication Network Address Translation (NAT) - correct answer ✔✔A method of modifying network address info in datagram packet headers while they are in transit across a traffic routing device for the purpose of remapping on of the IP address space into another Network Interface Card - correct answer ✔✔A communication card that when inserted into a computer, allows it to communicate with other computers on a network Network News Transfer Protocol - correct answer ✔✔Used for the distribution inquiry retrieval and posting of Netnews articles using a reliable stream based mechansim
Network Segmentation - correct answer ✔✔A common technique that segments an orgs network into seperate zones that can be separelty controlled , montiored and protected Network Traffic Analysis - correct answer ✔✔Identifies patterns in network communications Nonintrusive monitoring - correct answer ✔✔The use of transported probes or traces to assemble info track traffic and identify vulnerabilities Nonrepudiation - correct answer ✔✔The assurance that a party cannot later deny originating data; provision of proof of the integrity and the orgin of the data and that can be verified by a third party, an example is a digital signiture Normalization - correct answer ✔✔The elimination of redundant data Obfuscation - correct answer ✔✔The deliberate act of creating source of machine code that is difficult for humans to understand Open Systems Interconnect Model OSI - correct answer ✔✔a 7 layer model for the design of a network that interconnect and define the groups of functionality required to network computers into layers, each layer implements a standard protcol to implement its functionality Operating Systems - correct answer ✔✔A master control program that runs the computer and acts as a scheduler and traffic controller Open Web Application Security Project (OWASP) - correct answer ✔✔An open community dedicated to enabling orgs to concieve develop acquire and maintain apps that can be controlled Outcome Measure - correct answer ✔✔Reps the consequences of actions previousy taken; often referred to as a lag indicato. This focus in results at the end of a time period and characterizes historic performance, also referred to as a key goal indicatoy used to indicate whether goals have been met, can only be measured after the fact
Outsourcing - correct answer ✔✔A formal agreement with a third party to perform IS or other usiness functions for an enterprise Packet - correct answer ✔✔Data unit that is routed from source to destination in a packet switched network, this contains both routing info and data. Packet filtering - correct answer ✔✔Controlling access to a network by analyzing the attributes of the incoming an outgoing packets and either letting them pass or deny based on a list of rules Packet switching - correct answer ✔✔The process of transmitting messages in convientnet pieces that can be reassembled at the destintation Passive response - correct answer ✔✔A response option in intrusion detection in which the ststem simply reports and records the porblem etected relying on the user to take subserquent action Password - correct answer ✔✔A protected generally computer encrypted string of characters that authenticate a computer user to the computer system Password cracker - correct answer ✔✔A tool that tests the strength of the user passwords by seraching for passwords that are easy to guess. It repeatedly tries words from specially crated dictionaries and often also generate thousands/millions of permuations of characters numbers and symbols Patch - correct answer ✔✔Fixes to software programming errors and vulnerabilites Patch Managment - correct answer ✔✔An area of systems management that involces acquiring testin instaling multiple patches(code changes) to and administereed computer system in order to maintain up to date software and often to address security risk Payload - correct answer ✔✔The sectionof fundamental data in atransmission. In mal software this referes to the section containing the harmful data/code Pen testing - correct answer ✔✔A live test of the effectiveness of security defenses through mimiking the actions of real life attackers
PIN personal Identification Number - correct answer ✔✔A type of password secret number assignedot an individual that in conjusnction with smw means of identygin the individual serves to verify the authencity of the individual Phishing - correct answer ✔✔This is a type of email attack that attempts to convince a user that originator is genuine but twith the intention of obtaining info for use in social engineering Plain old telephone services (POTS) - correct answer ✔✔A wired telecommunications system Platform as a service - correct answer ✔✔Offers the capability to deploy onto the cloud infrastructure customer-create or aquired applications that are created using progreamming languages nd tols supported by the provider Policy - correct answer ✔✔Generally a document that records a high leve principle or course of action that has been decided on. The intended purpose is to influence and guide both present and future decision making to be in with the objectives established by the enterprises' s managemetn teams Port - correct answer ✔✔A process or application-specific software element serving as a commnication end point for the transport layer IP protocols Port scanning - correct answer ✔✔The act of probing a system to identify open ports Prime number - correct answer ✔✔A natural number greater than 1 that can only be divided by 1 and itself Principle of least privledge/access - correct answer ✔✔Controls used to allow the least privledge access needed to complete a task Privacy - correct answer ✔✔Freedom from unauthorized intrusion or disclousre of info about an individual probe Probe - correct answer ✔✔Inspect a network of system to find weak spots
Procedure - correct answer ✔✔A document containing a detailed description of the steps necessary to perform specific operations in cinformace with applicable standards, part of processes Protocol - correct answer ✔✔The rules by which a network operate and controls the golw and prioirty of transmsisions Proxy Server - correct answer ✔✔A server that acts on behalf of a user, typically access a connection from a user makes a decision as to whether the user or client IP address is permitted to use the proxy perhaps perform additional authentication and complete a connection to a remote destination n half of the user Public ket encryption - correct answer ✔✔A cryptographic system that uses two keys:one is a public key an one is a private or secret ey, which is only known to the recipent of the message Public key infrastructure(PKI) - correct answer ✔✔A series of processes and tech for the association of cryptographic keys with the entity to whom those keys were issued Pblic switched telephone network (PSTN) - correct answer ✔✔A communications system that set up a dedicated channel between two points for the duration of the transmission Ransomware - correct answer ✔✔Malware that restricts access to the compromised systems until a ransom demnad is satidfied Reciprocal Agreement - correct answer ✔✔Emergency processing agreement beteen two or more enterprises with similar equipmenet or applications. Recovery - correct answer ✔✔The phase in the incident response plan that ensures that affected systems or servuces are restored to a condition specified in the service delivry objectives (SDO's) or business continuity plan(BCP) Recovery Action - correct answer ✔✔Execution of a response or task according to a written procedure
Recovery pint objective (RPO) - correct answer ✔✔Determined baed on the acceptable data loss in case of a disruption of operations Recovery time objective (RTO) - correct answer ✔✔The amount of time allowed for the recovery of a busienss function or resource after a disaster Redundant site - correct answer ✔✔A recovery strategy involving the duplication of key IT components including data or other key business processes or programs executed by ordinary uers Registered ports - correct answer ✔✔1024 - 49151 listed by the IANA and on most sytems can be used by ordinary user pricesses or prgrams executed by ordinary users Registration authority - correct answer ✔✔The indivaudal institution that validates an entity's proof of indentify and ownership of a key pair Regulation - correct answer ✔✔Rules or laws that regulate onduct and that the enterpprise must obey to become compliant