Busy. Please wait.

show password
Forgot Password?

Don't have an account?  Sign up 

Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove Ads
Don't know
remaining cards
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
restart all cards

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Security+ 401


802.1x 802.1x—A port-based authentication protocol. For example, WPA2 Enterprise mode uses A ___ server (implemented as a RADIUS server). Enterprise mode requires an ___server.
3DES Triple Data Encryption Standard. A symmetric algorithm used to encrypt data and provide confidentiality. It is a block cipher that encrypts data in 64-bit blocks.Is still used in some applications, such as when hardware doesn’t support AES.
AAA ___ protocols are used in remote access systems. Authentication verifies a user’s identification. Authorization determines if a user should have access. Accounting tracks a user’s access with logs.
ACE Access Control Entry. Identifies a user or group that is granted permission to a resource. ACEs are contained within a DACL in NTFS.
ACK Acknowledge. A packet in a TCP handshake. In a SYN flood attack, attackers send the SYN packet, but don’t complete the handshake after receiving the SYN/ACK packet.
ACL Access control list. Routers and packet-filtering firewalls perform basic filtering using an ACL to control traffic based on networks, subnets, IP addresses, ports, and some protocols. In NTFS, a list of ACEs makes up the ACL for a resource
AES Advanced Encryption Standard. A symmetric algorithm used to encrypt data and provide confidentiality. It is a block cipher. It is highly secure, and used in a wide assortment of cryptography schemes. It can be 128 bits, 192 bits, or 256 bits.
AES-256 Advanced Encryption Standard 256 bit. AES sometimes includes the number of bits used in the encryption keys and AES-256 uses 256-bit encryption keys. Interestingly, Blowfish is quicker than AES-256.
AH Authentication Header. IPsec includes both AH and ESP. AH provides authentication and integrity using HMAC. ESP provides confidentiality, integrity, and authentication using HMAC, and AES or 3DES. AH is identified with protocol ID number 51.
ALE Annual (or annualized) loss expectancy. The ALE identifies the expected annual loss and is used to measure risk with ARO and SLE in a quantitative risk assessment. The calculation is SLE × ARO = ALE.
AP Access point, short for wireless access point (WAP). APs provide access to a wired network to wireless clients. Many APs support Isolation mode to segment wireless users from other wireless users.
API Application Programming Interface. A software module or component that identifies inputs and outputs for an application.
APT Advanced persistent threat. A group that has both the capability and intent to launch sophisticated and targeted attacks.
ARO Annual (or annualized) rate of occurrence. The ARO identifies how many times a loss is expected to occur in a year and it is used to measure risk with ALE and SLE in a quantitative risk assessment. The calculation is SLE × ARO = ALE.
ARP Address Resolution Protocol. Resolves IPv4 addresses to MAC addresses. ARP poisoning attacks can redirect traffic through an attacker’s system by sending false MAC address updates. NDP is used with IPv6 instead of ARP.
ASCII American Standard Code for Information Interchange. Code used to display characters.
ASP Application Service Provider. Provides an application as a service over a network.
AUP Acceptable use policy. An AUP defines proper system usage. It will often describe the purpose of computer systems and networks, how users can access them, and the responsibilities of users when accessing the systems.
BAC Business Availability Center. An application that shows availability and performance of applications used or provided by a business.
BCP Business continuity plan. A plan that helps an organization predict and plan for potential outages of critical services or functions. It includes disaster recovery elements that provide the steps used to return from critical failures.
BIA Business impact analysis identifies systems and components that are essential to the organization’s success. It identifies various scenarios that can impact these systems and components, maximum downtime limits, and potential losses from an incident.
BIND Berkeley Internet Name Domain. BIND is DNS software that runs on Linux and Unix servers. Most Internet-based DNS servers use BIND.
BIOS Basic Input/Output System. A computer’s firmware used to manipulate different settings such as the date and time, boot drive, and access password. UEFI is the designated replacement for BIOS.
BPA Business partners agreement. A written agreement that details the relationship between business partners, including their obligations toward the partnership.
BYOD Bring your own device. A policy allowing employees to connect personally owned devices, such as tablets and smartphones, to a company network. Data security is often a concern with BYOD policies and organizations often use VLANs to isolate mobile devices.
CA Certificate Authority. An organization that manages, issues, and signs certificates and is part of a PKI. Certificates are an important part of asymmetric encryption. Certificate owners share their public key by sharing a copy of their certificate.
CAC Common Access Card. A specialized type of smart card used by the U.S. Department of Defense. It includes photo identification and provides confidentiality, integrity, authentication, and non-repudiation for the users. It is similar to a PIV.
CAN Controller Area Network. A standard that allows microcontrollers and devices to communicate with each other without a host computer.
CAPTCHA Completely Automated Public Turing Test to Tell Computers and Humans Apart. Technique used to prevent automated tools from interacting with a web site. Users must type in text, often from a slightly distorted image.
CAR Corrective Action Report. A report used to document actions taken to correct an event, incident, or outage.
CCMP Counter Mode with Cipher Block Chaining Message Authentication Code Protocol. An encryption protocol based on AES and used with WPA2 for wireless security. It is more secure then TKIP, which was used with the original release of WPA.
CCTV Closed-circuit television. This is a detective control. Video surveillance provides reliable proof of a person’s location and activity. It is also a physical security control and it can increase the safety of an organization’s assets.
CERT Computer Emergency Response Team. A group of experts who respond to security incidents. Also known as CIRT, SIRT, or IRT.
CHAP Challenge Handshake Authentication Protocol. Authentication mechanism where a server challenges a client. More secure than PAP and uses PPP. MS-CHAPv2 is an improvement over CHAP and uses mutual authentication.
CIA Confidentiality, integrity, and availability, the security triad. Confidentiality helps prevent the unauthorized disclosure of data. Integrity provides assurances that data has not been modified. Availability indicates that data and services are available
CIO Chief Information Officer. A “C” level executive position in some organizations. A CIO focuses on using methods within the organization to answer relevant questions and solve problems.
CIRT Computer Incident Response Team. A group of experts who respond to security incidents. Also known as CERT, SIRT, or IRT.
COOP Continuity of operations planning sites provide an alternate location for operations after a critical outage. A hot site includes everything the primary site has with all the data up to date. A cold site will have power and connectivity but little else.
CP Contingency planning. Plans for contingencies in the event of a disaster to keep an organization operational. BCPs include contingency planning.
CRC Cyclical Redundancy Check. An error detection code used to detect accidental changes that can affect theintegrity of data.
CRL Certification revocation list. A list of certificates that a CA has revoked. Certificates are commonly revoked if they are compromised, or issued to an employee who has left the organization.
CSR Certificate signing request. A method of requesting a certificate from a CA. It starts by creating an RSA-based private/public key pair and then including the public key in the CSR.
CSR Control Status Register. A register in a processor used for temporary storage of data.
CSU Channel Service Unit. A line bridging device used with T1 and similar lines. It typically connects with a DSU as a CSU/DSU.
CTO Chief Technology Officer. A “C” level executive position in some organizations. CTOs focus on technology and evaluate new technologies.
CVE Common Vulnerabilities and Exposures (CVE). A dictionary of publicly known security vulnerabilities and exposures.
DAC Discretionary access control. An access control model where all objects have owners and owners can modify permissions for the objects (files and folders). Microsoft NTFS uses the DAC model. Other access control models are MAC and RBAC.
DACL Discretionary access control list. List of Access Control Entries (ACEs) in Microsoft NTFS. Each ACE includes a security identifier (SID) and a permission.
DBA Database administrator. A DBA administers databases on database servers.
dBd Decibels-dipole. Identifies the gain of an antenna compared with a type of dipole antenna. Higher dBd numbers indicate the antenna can transmit and receive over greater distances.
dBi Decibels-isotropic. Identifies the gain of an antenna and is commonly used with omnidirectional antennas. Higher numbers indicate the antenna can transmit and receive over greater distances.
dBm Decibels-milliwatt. Identifies the power level of the WAP and refers to the power ratio in decibels referenced to one milliwatt. Higher numbers indicate the WAP transmits the signal over a greater distance.
DDoS Distributed denial-of-service. An attack on asystem launched from multiple sources intended to make a computer’s resources or services unavailable to users. DDoS attacks typically include sustained, abnormally high network traffic. Compare to DoS.
DEP Data Execution Prevention. A security feature in some operating systems. It helps prevent an application or service from executing code from a nonexecutable memory region.
DES Digital Encryption Standard. An older symmetric encryption standard used to provide confidentiality. DES is a block cipher and it encrypts data in 64-bit blocks. DES uses 56 bits and is considered cracked. Use AES instead, or 3DES if the hardware doesn’t
DHCP Dynamic Host Configuration Protocol. A service used to dynamically assign TCP/IP configuration information to clients. DHCP is often used to assign IP addresses, subnet masks, default gateways, DNS server addresses, and much more.
DHE Data-Handling Electronics. Term used at NASA indicating electronic systems that handle data.
DHE Diffie-Hellman Ephemeral. An alternative to traditional Diffie-Hellman. Instead of using static keys that stay the same over a long period, DHE uses ephemeral keys, which change for each new session. Sometimes listed as EDH.
DLL Dynamic Link Library. A compiled set of code that can be called from other programs.
DLP Data loss prevention. A network-based DLP system can examine and analyze network traffic. It reduce the risk of internal users emailing sensitive data outside the company. End-point DLP systems can prevent users from copying or printing sensitive data.
DMZ Demilitarized zone. A buffer zone between the Internet and an internal network. It allows access to services while segmenting access to the internal network. The DMZ provides a layer of protection for the internal network.
DNAT Dynamic Network Address Translation. A form of NAT that uses multiple public IP addresses. In contrast, PAT uses a single public IP address. It hides addresses on an internal network.
DNAT Destination Network Address Translation. A form of NAT that changes the destination IP address for incoming traffic. It is used for port forwarding.
DNS Domain Name System. Used to resolve host names to IP addresses. DNS zones include records such as A records for IPv4 addresses and AAAA records for IPv6 addresses. DNS poisoning attacks attempt to modify or corrupt DNS data.
DNSSEC Domain Name System Security Extensions. A suite of specifications used to protect the integrity of DNS records and prevent DNS poisoning attacks.
DoS Denial-of-service. An attack from a single source that attempts to disrupt the services provided by the attacked system. Compare to DDoS.
DRP Disaster recovery plan. A document designed to help a company respond to disasters, such as hurricanes, floods, and fires. It includes a hierarchical list of critical systems and often prioritizes services to restore after an outage.
DSA Digital Signature Algorithm is an encrypted hash of a message. The sender’s private key encrypts the hash of the message to create the digital signature. The recipient decrypts the hash with the sender’s public key.
DSL Digital subscriber line. Improvement over traditional dial-up to access the Internet.
DSU Data Service Unit. An interface used to connect equipment to a T1 and similar lines. It typically connects with a CSU as a CSU/DSU.
Created by: Rumisglass