Save
Upgrade to remove ads
Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account. Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Security+

Security+ Acronyms

TermDefinition
APT Active Persistent Threat -carry out cyberattacks for governments and nation states
OSINT open-source intelligence
RATs Remote access Trojan - most common type of Trojan, examples of which include Back Orifice, NetBus, and SubSeven; their capability to allow an attacker higher administration privileges than those of the owner
PHP script a server side scripting language - especially designed to enable the development of dynamic and interactive web pages.
RoT Root of Trust - A set of code and functions, usually embedded into a trusted platform module, that allows or denies tasks such as booting and drive encryption. Public key.
SED self encrypting drive - Hard drives that encrypt all of the contents held within using encryption keys that are maintained independently from the CPU of the housing computer.
FDE full disk encryption software (BitLocker with AES). Requires TPM, external USB key, hard drive with 2 volumes.
HSM hardware security modules - physical devices that act as secure cryptoprocessors. independent from computer system. used with PKIs, SSL. used solely to calculate the data required for encryption keys
WiDi WiFi Direct - wireless display technology compatible with WiFi. connect using WPA2 and AES-256.
NCAS National Cyber Awareness System
US-CERT U.S. Computer Emergency Readiness Team
OTA over the air
IMSI International Mobile Subscriber Identity
IMEI International Mobile Equipment Identity
MEID Mobile Equipment Identifier
CYOD choose your own device
COPE corporate owned, personally enabled
CM-7 when an organization configures computers and other information systems to provide only the essential functions - a security administrator will restrict applications, services, ports, and protocols.
SCCM Microsoft's System Center Configuration Manager
TOS trusted operating system
MBSA Microsoft Baseline Security Analyzer
GPO Group Policy objects
RTOS real-time operating system - require near 100% uptime and lightning-fast response with zero latency
VDE virtual desktop environment - runs inside real OS
VDI virtual desktop infrastructure
VMM virtual machine manager - hypervisor
CVE common vulnerabilities and exposures
VLVM virtual machine lifecycle management
XSS cross-site scripting - session hijacking, when the attacker manipulates a client computer into executing code considered trusted as if it came from the server the client was connected to
LSO locally shared objects - also called Flash cookies, data that Adobe Flash-based websites store on users' computers, especially for Flash games
ActiveX small program building blocks used to allow a web browser to execute a program
UAC user account control - security component of Windows that keeps every user (except the Administrator) in regular user mode instead of as an administrator with full administrative rights—even if they are a member of the administrators group.
SDLC software development lifecycle
RAD rapid application development
ASLR address space layout randomization - technique used to prevent the exploitation of memory vulnerabilities.
RCE Remote Code Execution - When an attacker acquires control of a remote computer through a code vulnerability. Also known as arbitrary code execution.
XSS cross site scripting - XSS holes are vulnerabilities that can be exploited with a type of code injection
XSRF cross site request forgery - known as session riding, exploits the trust that a website has in a user's browser. In this attack (also known as a one-click attack), the user's browser is compromised and transmits unauthorized commands to the website.
JSON JavaScript Object Notation -An example of a NoSQL) injection attack
SPA secure password authentication
CASB cloud access security broker
IIS Microsoft's Internet Information Services
CCI co-channel interference - cell phone crosstalk
TEMPEST a group of standards - investigation of conducted emissions from electrical and mechanical devices, which could be compromising to an organization.
PDS protected distribution system - approved circuits encompassing cables, terminals, and other equipment, including safeguards for electrical, electromagnetic, and acoustical concerns
PRNG pseudorandom number generator
CRA challenge response authentication
SPI stateful packet inspection
CER The collective analysis and comparison of the false acceptance rate (FAR) and false rejection rate (FRR). It is also known as equal error rate. aka equal error rate (ERR).
SAML XML-based Security Assertion Markup Language
ADUC active directory users and computers
ACE access control entry in an ACL
DACL discretionary access control list to identify trustees who are allowed or denied access
SACL system access control list refers to an ACL that enables admins to log attempts to access a secured object.
TCSEC Trusted Computer System Evaluation Criteria - A DoD standard that sets basic requirements for assessing the effectiveness of computer security access policies. Also known as The Orange Book.
CWE common weakness enumeration - vulnerability scoring
RIPEMD RACE Integrity Primitives Evaluation Message Digest (128 cracked, 160*, 256, 320,) hash.
HMAC Hash-based Message Authentication Code, use with SHA (e.g. HMAC-SHA256)
LANMAN LAN Manager hash for Windows. LANMAN based on DES - weak.
NTLM NT LAN Manager hash. The NTLM algorithm was first supplied with Windows NT 3.1; it provides Unicode support and uses the RC4 cipher with CRC.
NTLMv2 NTLMv2 hash uses an HMAC-MD5 hash, making it difficult to crack; it is a 128-bit system. NTLMv2 has been available since Windows NT 4.0 SP4 and is used by default on newer Windows operating systems.
PBKDF2 and bcrypt Password stretching using "salting."
HOTP HMAC-based one time password
TOTP time-based one time password
WORM write once read many, media for backups (e.g., ROM disks)
SIEM security information and event management (HPE's ArcSight and IBM's QRadar offer real-time monitoring)
Created by: CountChocula7623
 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards