Studying for exam
Help!
|
|
||||
|---|---|---|---|---|---|
| show | The language that computers most commonly use to communicate across the internet
🗑
|
||||
| Protocol | show 🗑
|
||||
| show | Data that's easily readable
🗑
|
||||
| Unified communications | show 🗑
|
||||
| show | Likelihood that something bad will happen
🗑
|
||||
| VoIP | show 🗑
|
||||
| Threat | show 🗑
|
||||
| BCP (Business Continuity Plan) | show 🗑
|
||||
| show | How a business gets back on it's feet after a major disaster like a fire
🗑
|
||||
| vulnerability | show 🗑
|
||||
| Information Systems Security | show 🗑
|
||||
| show | only authorized users can view information
🗑
|
||||
| show | only authorized users can change information. Data is accurate and Valid
🗑
|
||||
| show | information is accessible by authorized users whenever they request the information
🗑
|
||||
| security control | show 🗑
|
||||
| IT security Police Framework | show 🗑
|
||||
| Data Classification Standard | show 🗑
|
||||
| show | practice of hiding data and keeping it away from unauthorized users
🗑
|
||||
| show | The process of transforming data from cleartext into ciphertext
🗑
|
||||
| show | scrambled data that are the result of encrypting cleartext
🗑
|
||||
| Uptime | show 🗑
|
||||
| Downtime | show 🗑
|
||||
| show | A= Total Uptime/(Total Uptime + Total Downtime)
🗑
|
||||
| Mean Time to Failure (MTTF) | show 🗑
|
||||
| show | Average amount of time it takes to repair a system, application, or component.
🗑
|
||||
| show | Predicted amount of time between failures of an IT system during operation
🗑
|
||||
| Recovery Time Objective (RTO) | show 🗑
|
||||
| show | contract that guarantees a minimum monthly availability of service. There may be other items included
🗑
|
||||
| User Domain | show 🗑
|
||||
| show | software or an actual computer with no hard drive that runs on a network and relies on a server to provide applications, data, and all processing. (Chromebook)
🗑
|
||||
| thick client | show 🗑
|
||||
| show | process of ensuring that controls are in place to handle any known threats
🗑
|
||||
| LAN (Local Area Network) | show 🗑
|
||||
| Network Interface Card (NIC) | show 🗑
|
||||
| Lan switch | show 🗑
|
||||
| show | examines the MAC layer and address and makes forwarding decisions basked on MAC layer address tables
🗑
|
||||
| show | Examines the network layer address and routes packets based on routing protocol path determination decisions. AKA a router.
🗑
|
||||
| show | configuring workstations to be on the same Ethernet or broadcast domain even if connected elsewhere physically
🗑
|
||||
| show | communications protocol between web browsers and websites with data in cleartext
🗑
|
||||
| show | Protocol for performing File Transfers. Individual Packets are numbered and acknowledged as being received to increase integrity of the file transfer
🗑
|
||||
| Port 69: Trivial File Transfer Protocol (TFTP) | show 🗑
|
||||
| show | Network Protocol for performing remote terminal access to another device. Encrypts the data transmission for maintaining confidentiality of communications.
🗑
|
||||
| IP Router | show 🗑
|
||||
| show | Access Control Lists
🗑
|
||||
| show | network protocol for performing remote terminal access to another device
🗑
|
||||
| show | security appliance used to filter inbound IP Packets based on various ACL Definitions
🗑
|
||||
| show | LAN segment in the LAN to WAN Domain that acts as a buffer zone for inbound and outbound IP Traffic
🗑
|
||||
| show | Examines IP Data streams for common attack and malicious intent patterns. Will give alarms but not block traffic.
🗑
|
||||
| show | can block malicious IPs
🗑
|
||||
| show | Middleman between workstation and external target.
🗑
|
||||
| show | Dedicated Encrypted Tunnel from one endpoint to another.
🗑
|
||||
| remote access domain | show 🗑
|
||||
| token | show 🗑
|
||||
| Biometric | show 🗑
|
||||
| User | show 🗑
|
||||
| show | A short written statement that the people in charge have set as a course of action or direction. Comes from Upper Management and applies to the entire organization
🗑
|
||||
| Standard | show 🗑
|
||||
| Procedures | show 🗑
|
||||
| show | suggested course of action for using the policy standards or procedures
🗑
|
||||
| Acceptable Use Policy | show 🗑
|
||||
| show | how to ensure that all personnel are aware of the importance of security and behavioral expectations under the organizations security policy.
🗑
|
||||
| show | hiding some of the characters of sensitive data
🗑
|
||||
| show | software companies that build applications hosted in teh could and on the internet
🗑
|
||||
| show | instead of installing something on their computer, it is an app run in a browser
🗑
|
||||
| show | create an online storefront for customers to purchase goods and services directly from their website
🗑
|
||||
| show | build online systems with links for conducting sales with other businesses, usually for integrated supply-chain purchases and deliveries.
🗑
|
||||
| show | Confidentiality, integrity, and availability
🗑
|
||||
| show | Payment card industry Data Security Standard
🗑
|
||||
| Mobile Node (MN) | show 🗑
|
||||
| Home Agent (HA) | show 🗑
|
||||
| Foreign Agent (FA) | show 🗑
|
||||
| show | the local address for the MN when it connects to another network.
🗑
|
||||
| show | It wants to communicate with the MN
🗑
|
||||
| show | data that can not be linked back to you
🗑
|
||||
| show | the desired target system or service is indirectly attacked by first compromising a system trusted by the target
🗑
|
||||
| show | many internet connected computers under the control of a remote hacker
🗑
|
||||
| asset | show 🗑
|
||||
| show | hardened code that makes it difficult to reverse engineer and build anti virus
🗑
|
||||
| ransomware | show 🗑
|
||||
| cryptolocker | show 🗑
|
||||
| Opportunity Cost | show 🗑
|
||||
| show | has hostile intent, possesses sophisticated skills, and may be interested in financial gain
🗑
|
||||
| Protocol Analyzer (Port Sniffer) | show 🗑
|
||||
| promiscuous mode | show 🗑
|
||||
| port scanner | show 🗑
|
||||
| OS Fingerprint Scanner | show 🗑
|
||||
| show | software program used to identify and, when possible, verify vulnerabilities on an IP host device
🗑
|
||||
| wardialer | show 🗑
|
||||
| cryptographic hash | show 🗑
|
||||
| show | use software flaws to crash or seriously hinder the performance of remote servers
🗑
|
||||
| flooding attacks | show 🗑
|
||||
| SYN flood | show 🗑
|
||||
| smurfing | show 🗑
|
||||
| show | does not alter the messages sent by a legitimate user but inserts additional messages into the communication line when the legitimate user pauses
🗑
|
||||
| show | intercepts and modifies the original message by breaking the communications line and routing the message to another computer that acts as a host
🗑
|
||||
| show | malicious software programs designed to be hidden from normal methods of detection.
🗑
|
||||
| business drivers | show 🗑
|
||||
| show | the process of identifying, assessing, prioritizing, and addressing risks.
🗑
|
||||
| show | Risk - Threats X Vulnerabilities (can be positive or negative)
🗑
|
||||
| show | how you will manage risk
🗑
|
||||
| show | list of identified risk
🗑
|
||||
| Risk Information minimum | show 🗑
|
||||
| show | a way of evaluating risk by using repeated rounds of anonymous surveys
🗑
|
||||
| show | formal analysis of an organisation's functions and activities that classifies them as critical or non critical
🗑
|
||||
| Recovery Point Objective (RPO) | show 🗑
|
||||
| Recovery Time Objective (RTO) | show 🗑
|
||||
| Business Recovery Requirements | show 🗑
|
||||
| technical recovery requirements | show 🗑
|
||||
| show | a written plan for a structured response to any event that result in an interruption to critical business activities or functions
🗑
|
||||
| Elements of a BCP | show 🗑
|
||||
| Disaster Recovery Plan (DRP) | show 🗑
|
||||
| Checklist test | show 🗑
|
||||
| show | Use roleplaying to simulate a disaster and then follows through with as many of the effects of the simulated disaster as possible without affecting live operations
🗑
|
||||
| Simulation test | show 🗑
|
||||
| Parallel test | show 🗑
|
||||
| Full-interruption test | show 🗑
|
||||
| show | the difference between the security controls you have in place and the controls you need to address all vulnerabilities
🗑
|
||||
| security policy | show 🗑
|
||||
| gap analysis | show 🗑
|
||||
| CIA | show 🗑
|
||||
| Mobility | show 🗑
|
||||
| Data Ownership | show 🗑
|
||||
| Support ownership | show 🗑
|
||||
| Patch Management | show 🗑
|
||||
| show | device must have X installed
🗑
|
||||
| Onboarding/offboarding | show 🗑
|
||||
| show | employees must abide by all organizational policies and procedures
🗑
|
||||
| 3 leg perimeter | show 🗑
|
||||
| show | a back up rotation scheme in which ten back up tapes are used over the course of two weeks
🗑
|
||||
| show | An Authentification technology used to connect devices to a LAN or WLAN. It is an example of port based network access controls (NAC)
🗑
|
||||
| show | Policy that defines the rules that restrict how a computer, network, or other system may be used.
🗑
|
||||
| Access Control List (ACL) | show 🗑
|
||||
| show | Specifies methodologies by which admission to physical areas and, more importantly, computer systems is managed and organized.
🗑
|
||||
| show | the date when a user's account he uses to log onto the network expires.
🗑
|
||||
| show | the tracking of data, computer usage, and network resources. Often it means logging, auditing, and monitoring of the data and resources.
🗑
|
||||
| show | normally refers to placin a computer between the sender and the receiver in an effort to capture and possibly modify information.
🗑
|
||||
| active reconnaissance | show 🗑
|
||||
| show | ways of blocking and filtering out unwanted advertisments, pop up blockers, and content filters are considered to be ad filtering methods
🗑
|
||||
| show | A technique used to prevent the exploition of memory vulnerabilities.
🗑
|
||||
| show | A symmetric key encryption standard, used with WPA and WPA 2, that is the successor to DES/3DES and is composed of three different block ciphers: AES-123, AES-192, and AES-256
🗑
|
||||
| Advanced Persistent Threat (APT) | show 🗑
|
||||
| Adware | show 🗑
|
||||
| agile model | show 🗑
|
||||
| show | a method of securing a control unit, system, or netowkr through isolation and possibly shielding
🗑
|
||||
| show | Well-defined instructions that describe computations from their initial state to their final state
🗑
|
||||
| always-on VPN | show 🗑
|
||||
| anomaly-based monitoring | show 🗑
|
||||
| show | Each Client connected to the AP will not be able to communicate with each other, but they can each still access the internet
🗑
|
||||
| application blacklisting | show 🗑
|
||||
| show | a virtualization method that allows an organization to run blank without launching an entire virtual machine. Also known simply as containerization
🗑
|
||||
| show | a blank that can control the traffic associate with specific blank. Works all the way up to the blank layer of the OSI model
🗑
|
||||
| show | Applies security mechanisms to specific applications, such as FTP and/orBitTorrent. It supporsts address and port translation and checks whether the type of application traffic is allowed.
🗑
|
||||
| application whitelisting | show 🗑
|
||||
| ARP Poisoning | show 🗑
|
||||
| show | a type of cipher that uses a pair of different keys to encrypt and decrypt data
🗑
|
||||
| show | the path or means by which an attacker gaines access to a computer
🗑
|
||||
| attestation | show 🗑
|
||||
| show | An access model that is dynamic and context aware and uses IF-THEN statements and a combination of policies to control access to resources
🗑
|
||||
| audit trail | show 🗑
|
||||
| show | when a person's identity is confirmed. Blank is the verification of someone's identity
🗑
|
||||
| show | When a user is granted access to specific resources after authentication is complete
🗑
|
||||
| availability | show 🗑
|
||||
| show | used in computer programs to bypass normal authentication and other security mechanisms in place
🗑
|
||||
| back-to-back perimeter | show 🗑
|
||||
| show | When a malicious individual leaves malware infected removable media, such as a USB drive or optical drive, lying around in plain view
🗑
|
||||
| banner grabbing | show 🗑
|
||||
| baseline reporting | show 🗑
|
||||
| show | the process of measuring changes in networking, hardware, software, and so on
🗑
|
||||
| show | a monitoring system that looks at th4e previous behavior of applications, executable, and/or the operating system and compares that to current activity on the systems
🗑
|
||||
| biometrics | show 🗑
|
||||
| show | an attack on a hashing system that attempts that attempts to send two different messages with the same has function, causing a collision
🗑
|
||||
| show | when people test a system but have no specific knowledge of the system code involved with the system
🗑
|
||||
| black hat | show 🗑
|
||||
| blackout | show 🗑
|
||||
| block cipher | show 🗑
|
||||
| Blowfish | show 🗑
|
||||
| show | The sending of unsolicited messages to Bluetooth-enabled devices such as mobile phones and tablets
🗑
|
||||
| show | The unauthorized access of information from a wireless device through a Bluetooth connection
🗑
|
||||
| botnet | show 🗑
|
||||
| broadcast storm | show 🗑
|
||||
| Brownout | show 🗑
|
||||
| show | A password attack where every possible password is attempted
🗑
|
||||
| show | When a process stores data outside the memory that the developer intended to be used for storage. This could cause erratic behavior in the application, especially if the memory already had other data in it.
🗑
|
||||
| Business Impact Analysis (BIA) | show 🗑
|
||||
| Butt set | show 🗑
|
||||
| CAM Table | show 🗑
|
||||
| CAPTCHA | show 🗑
|
||||
| show | Digitally signed electronic document that binds a public key with a user identity
🗑
|
||||
| show | The entity (usually a server) that issues digital certificates to users
🗑
|
||||
| show | A list of certificates no longer valid or that have been revoked by the issuer.
🗑
|
||||
| Chain of custody | show 🗑
|
||||
| show | An Authentication scheme used by the point to point protocol (PPP) that is the standard for dial up connections
🗑
|
||||
| show | A structured way of changing the state of a computer system, network, or IT Procedure
🗑
|
||||
| show | The refraction of light as in a rainbow. If light is refracted in such a manner on fiber-optic cables, the signal cannot be read by the receiver.
🗑
|
||||
| show | An Algorithm that can perform encryption or decryption
🗑
|
||||
| show | Works at the session layer of the OSI model and applies security mechanisms when a TCP or UDP connection is established; acts as a go-between for the transport and application layers in TCP/IP
🗑
|
||||
| show | A video system (often used for surveillance) that makes use of traditional coaxial-based video components, but is used privately, within a building or campus
🗑
|
||||
| show | A way of offering on-demand services that extend the capabilities
🗑
|
||||
| Cluster | show 🗑
|
||||
| show | A site that has tables, chairs, bathrooms, and possibly some technical set up but will require days if not weeks to set up properly
🗑
|
||||
| show | When two different files end up using the same hash, which is possible with less secure hashing alghorithms
🗑
|
||||
| Common Vulnerabilities and Exposures (CVE) | show 🗑
|
||||
| Computer security audits | show 🗑
|
||||
| show | preventing the disclosure of information to unauthorized persons
🗑
|
||||
| show | individual computer programs that block external files that use Javascript or images from loading into the browser
🗑
|
||||
| show | An adaptive way of authenticating users based on their usage of resources, and the confidence that the system has in the user
🗑
|
||||
| Controller Area Network (CAN) | show 🗑
|
||||
| show | text files placed on the client computer that store information about it, which could include your computers browsing habits and credentials. Tracing cookies are used by spyware to collect info and can be used to hijack a session
🗑
|
||||
| show | The collective analysis and comparison of the false acceptance rate (FAR) and false rejection rate (FRR) AKA Equal Error Rate
🗑
|
||||
| Cross-site request forgery (XSRF) | show 🗑
|
||||
| Cross Site Scripting (XSS) | show 🗑
|
||||
| cross talk | show 🗑
|
||||
| crypto analysis attack | show 🗑
|
||||
| show | Hash functions based on block ciphers
🗑
|
||||
| show | The practice and study of hiding info
🗑
|
||||
| show | AKA Signal Emanation the electromagnetic field generated by a network cable/device which can be manipulated to eavesdrop on convos or steal data
🗑
|
||||
| show | An older type of block cipher selected by the US federal govt in the 70's as an encryption standard. Now obsolete.
🗑
|
||||
| Data Loss Prevention (DLP) | show 🗑
|
||||
| show | Inactive data that is archived
🗑
|
||||
| data in transit | show 🗑
|
||||
| data in use | show 🗑
|
||||
| show | an account installed by default on a device or within an operating system with a default set of user credentials. Usually insecure
🗑
|
||||
| show | The building up and layeirng of security measures that protect data from inception, on through storage and network transfer, and lastly to final disposla
🗑
|
||||
| DMZ (Demilitarized zone) | show 🗑
|
||||
| show | Covers many different network attacks that cause it to be unavailable
🗑
|
||||
| show | A password attack that uses a prearranged list of likely words, trying them out one at a time
🗑
|
||||
| diferential backup | show 🗑
|
||||
| show | invented in the 70's, the first practical method for establishing a shared secret key over an unprotected communications channel
🗑
|
||||
| digital signature | show 🗑
|
||||
| show | aka the ../ attack. A method of accessing unauthorized parent directories
🗑
|
||||
| show | A plan that details the policies and procedures concerning the recovery and/or continuation of an organization's technology infrastructure
🗑
|
||||
| discretionary access control (DAC) | show 🗑
|
||||
| show | when each disk ins connected to a separate controller
🗑
|
||||
| show | an attack in which a group of compromised systems attack a single target. Usually uses a botnet
🗑
|
||||
| diversion theft | show 🗑
|
||||
| show | an attack that initiates a DNS Request with a spoofed source address. Responses (larger than the request) are sent to the victim server in an attempt to flood it.
🗑
|
||||
| DNS Poisoning | show 🗑
|
||||
| domain name kiting | show 🗑
|
||||
| show | when a protocol is downgraded from the current version to a previous version, exploiting backward compatibility
🗑
|
||||
| show | the mitigation action that an organization takes to defend against the risks that have been uncovered during due diligence
🗑
|
||||
| due diligence | show 🗑
|
||||
| due process | show 🗑
|
||||
| dumpster diving | show 🗑
|
||||
| eavesdropping | show 🗑
|
||||
| electromagnetic interference (EMI) | show 🗑
|
||||
| show | a type of public key cryptography based on teh structure of an elliptic curve
🗑
|
||||
| elliptic curve Diffie-Hellman Ephemeral | show 🗑
|
||||
| show | the process of changing information using an algorithm (or cipher) into another form that is unreadable by others - unless they possess the key to that data
🗑
|
||||
| show | An expert at breaking into systems and can attack systems on behalf of the system's owner and with the owner's concent
🗑
|
||||
| evil twin | show 🗑
|
||||
| show | When an administrator sets a rule taht allows a specific type of traffic through a firewall, often with an ACL
🗑
|
||||
| show | when an administrator sets a rule that denises a specific type of traffic accces through a firewall, often within an ACL.
🗑
|
||||
| Extensile authentification protocol (EAP) | show 🗑
|
||||
| fail-open mode | show 🗑
|
||||
| show | AKA High-availability clusters, these are designedc so that a secondary server can take over in the case that the primary one fails, with limited or no downtime
🗑
|
||||
| false acceptance | show 🗑
|
||||
| false negative | show 🗑
|
||||
| show | when legitimate traffic is blocked when it shouldn't be
🗑
|
||||
| false rejection | show 🗑
|
||||
| show | enclose formed by conducting material or by a mesh of such material. It blocks out external static electric fields and can stop emanations from devices in the cage from being sent.
🗑
|
||||
| federated identity managemetn | show 🗑
|
||||
| FAR | show 🗑
|
||||
| show | the process of controlling and/or extinguishing fires to protect peopel and an organization's data and equipment
🗑
|
||||
| firewall | show 🗑
|
||||
| show | People who perform preliminary analysis of the incident data and determine whether the incident is an incident or just an event, and the criticality of the incident
🗑
|
||||
| show | security feature implemented on some firewalls to protect against SYN floods and other flooding attacks. Also known as an attack guard
🗑
|
||||
| show | an attack that works by creating a large number of processes quickly to staurate the available processing space in teh computer's operating system. It is a type of wabbit
🗑
|
||||
| Fraggle | show 🗑
|
||||
| full backup | show 🗑
|
||||
| fuzz testing | show 🗑
|
||||
| GNU Privacy Guard (GPG) | show 🗑
|
||||
| Grandfather-father-son | show 🗑
|
||||
| grayware | show 🗑
|
||||
| Group Policy | show 🗑
|
||||
| show | An attacker who has an agenda that may or may not be benign
🗑
|
||||
| show | The act of configuring an OS securely, updating it, creating rules, and policies to help govern the system in a secure manner, and removing unnecessary applications and services
🗑
|
||||
| hardware security module (HSM) | show 🗑
|
||||
| show | A summary of a file or message. It is generate to verify the integrity of the file or message
🗑
|
||||
| show | a mathematical procedure that converts a variable sized amount of data into a smaller block of data
🗑
|
||||
| show | when a system or component is continually operational for an extended period of time
🗑
|
||||
| show | one or more computers or servers used to attract and trap potential attackers to counteract any attempts at unauthorized access
🗑
|
||||
| host based intrusion detection system (HIDS) | show 🗑
|
||||
| show | the aisles in a server room or data center that circulate cold air into the systems and hot air out of them
🗑
|
||||
| show | originally defined as a patch to an individual OS or application to fix a single problem, installed live, and without a reboot. But meaning has changed
🗑
|
||||
| HTTP Proxy | show 🗑
|
||||
| show | THe portion of virtual machine software that allows multiple virtual operating systems to run at the same time on a single computer
🗑
|
||||
| identification | show 🗑
|
||||
| show | An initial validation of identity
🗑
|
||||
| show | Denies all traffic to a resource unless the users generating that traffic are specifically okayed
🗑
|
||||
| show | The monitoring and detection of security events on a computer network and the execution of proper responses to those security events
🗑
|
||||
| incident response | show 🗑
|
||||
| show | type of backup that backs up only the contents of a folder that have changed since the last full or incremental back up.
🗑
|
||||
| Information assurance (IA) | show 🗑
|
||||
| show | the act of protecting information from unauthorized access.
🗑
|
||||
| show | A cloud computing service that offers computer networking, storage, load balancing, routing, and VM Hosting
🗑
|
||||
| Input Validation | show 🗑
|
||||
| integer overflow | show 🗑
|
||||
| integrity | show 🗑
|
||||
| show | An agreement that is established between two or more organizations that own and operate connected IT systems and data
🗑
|
||||
| Internet Content Filter | show 🗑
|
||||
| show | A TCP/P protocol that authenticates and encrypts IP Packets, effectively securing communications between computers and devices using the protocol.
🗑
|
||||
| show | Secure a network by keeping machines behind it anonymous. It does this through the use of NAT
🗑
|
||||
| IV Attack | show 🗑
|
||||
| show | when users are cycled through various assignments
🗑
|
||||
| show | An authentication protocol that enables computers to prove their identity to each other in a secure manner
🗑
|
||||
| key | show 🗑
|
||||
| show | When certificates keys are held in case third parties need access to encrypted communications
🗑
|
||||
| show | software that can be used to archive and restore keys if necessary
🗑
|
||||
| key stretching | show 🗑
|
||||
| show | the original hash used to store Windows passwords, known as LM hash, based off of DES
🗑
|
||||
| show | A tunneling protocol used to connect virtual private networks. It does not include confidentiality and encryption on it's own.
🗑
|
||||
| Least functionality | show 🗑
|
||||
| show | when a user is given only the amount of privileges needed to do their job
🗑
|
||||
| show | An application laher protocol used for accessing and modifying directory services data
🗑
|
||||
| Load-balancing clusters | show 🗑
|
||||
| locally shared objects (LSO's) | show 🗑
|
||||
| show | Code that has, in some way, been inserted into software. Meant to initiate some malicious funciton when specific criteria are met.
🗑
|
||||
| MAC filtering | show 🗑
|
||||
| show | An attack that sends numerous packets to a switch, each of which has a different source MAC address, in an attempt to use up memory
🗑
|
||||
| show | an attack where the attacker masks the MAC address of the computer's network adapter.
🗑
|
||||
| Malware | show 🗑
|
||||
| show | An access control policy determined by a computer system
🗑
|
||||
| show | When an orginization requires that employees take a certain number of days off consecutively, helping to detect fraud, etc
🗑
|
||||
| show | infects a vulnerable web browser and modifies online transactions. Similar to MitM
🗑
|
||||
| show | an area between two doorways, meant to hold people until they are identified and targeted.
🗑
|
||||
| many to one mapping | show 🗑
|
||||
| measured boot | show 🗑
|
||||
| show | Letter of intent between two entities concerning SLAs and BPAs
🗑
|
||||
| show | hen a program allocates memory but does not free it up properly after the process using it has been completed
🗑
|
||||
| message-digest algorithm 5 (MD5) | show 🗑
|
||||
| show | A centralized software solution that allows for the control and configuration of mobile devices
🗑
|
||||
| Mutual Authentication | show 🗑
|
||||
| Network Access Control (NAC) | show 🗑
|
||||
| Network Action Translation (NAT) | show 🗑
|
||||
| show | A type of IDS that attempts to detect malicious network activities by constantly monitoring traffic.
🗑
|
||||
| Network Intrusion Protection System (NIPS) | show 🗑
|
||||
| Network Management System (NMS) | show 🗑
|
||||
| show | THe study of physical and logical connectivity of networks
🗑
|
||||
| network perimeter | show 🗑
|
||||
| Null Pointer Dereference | show 🗑
|
||||
| null session | show 🗑
|
||||
| show | a random number issued by an authentication protocol that can only be used once.
🗑
|
||||
| show | when a netowrk adapter captures only the packets that are addressed to it
🗑
|
||||
| non repudiation | show 🗑
|
||||
| show | successor to the LM hash. A more advanced hash used to store Windows passwords based off the RC4 algorithm
🗑
|
||||
| show | Successor to the NTLM hash, based off of MD5
🗑
|
||||
| Null session | show 🗑
|
||||
| show | when a new employee is added to an organization, and to it's identity and access management
🗑
|
||||
| one-time pad | show 🗑
|
||||
| show | when an individual certificate is mapped to a single recipient
🗑
|
||||
| show | a hash that is easy to computer when generated but difficult (or impossible) to compute in reverse
🗑
|
||||
| Online certificate status protocol (OCSP) | show 🗑
|
||||
| Open mail replay | show 🗑
|
||||
| show | A standard and a programming language designed to standaridzie the transfer of secure public information across networks and the internet using any security tools and services available
🗑
|
||||
| packet filtering | show 🗑
|
||||
| pash the hash | show 🗑
|
||||
| passive reconnaissance | show 🗑
|
||||
| password cracker | show 🗑
|
||||
| PBKDF2 | show 🗑
|
||||
| show | Generally consisting of an attacker's exploiting security flaws in routers and other netowrkign hardware by flashing the firmware of the device and replacing it with a modified image
🗑
|
||||
| show | control which file system resources a person can access on the network
🗑
|
||||
| show | an application that protects an individual computer from unwanted internet traffic
🗑
|
||||
| pharming | show 🗑
|
||||
| show | getting info by pretending to be trustworthy
🗑
|
||||
| piggybacking | show 🗑
|
||||
| ping flood | show 🗑
|
||||
| show | a type of DOS that sends an oversided and/or malformed packet to another computer
🗑
|
||||
| pivot | show 🗑
|
||||
| platform as a service | show 🗑
|
||||
| Point to Point Tunneling protocol (PPTP) | show 🗑
|
||||
| show | rules or guidelines used to guide decisions and achieve outcomes.
🗑
|
||||
| Port address translation (PAT) | show 🗑
|
||||
| Port mirroring | show 🗑
|
||||
| port scanner | show 🗑
|
||||
| show | a key based on a generated (Or selected)passphrase that is used to enable connectivity between wireless clients and an access poitn
🗑
|
||||
| show | when a person invents a scenario in the hopes of persuading the victim to divulge info
🗑
|
||||
| Pretty Good Privacy (PGP) | show 🗑
|
||||
| private key | show 🗑
|
||||
| privilege escalation | show 🗑
|
||||
| show | security system implemented to protect unencrypted data transfer over wired networks
🗑
|
||||
| show | protocol used to encapsulate EAP packets within encrypted and authenticated tunnels
🗑
|
||||
| proxy auto-configuration (PAC) | show 🗑
|
||||
| proxy server | show 🗑
|
||||
| Public key | show 🗑
|
||||
| show | uses asymemetric keys alone or in addition to symmetric keys. Creates secret private key and published public key
🗑
|
||||
| show | an entire system of hardware and software, policies and procedures, and people used to create, distribute, etc digital certs
🗑
|
||||
| qualitative risk assessment | show 🗑
|
||||
| show | an assessment that measures risk by using exact monetary values
🗑
|
||||
| show | an exploitable situation that happens when a system or application is preforming two tasks and the time between them can be exploited to gain access to the program, change a file, or gain access to a resource
🗑
|
||||
| Radio Frequency Interface (RFI) | show 🗑
|
||||
| show | Mirroring. Data is copied to two identical drives. If one fails the other continues to operate
🗑
|
||||
| show | Combining the advantages of RAID 1 and 0, normally tow sets of RAID 1 mirrors (minimum) and then striped
🗑
|
||||
| RAID 5 | show 🗑
|
||||
| show | Striping with double parity, four drives minimum
🗑
|
||||
| show | In password cracking: a set of precalculated encryptd passwords located in a look up table
🗑
|
||||
| show | In business Impact Analysis the acceptable latency of data
🗑
|
||||
| Recovery Time Objective (RTO) | show 🗑
|
||||
| Redundant ISP | show 🗑
|
||||
| show | An Enclosure that contains two complete power supplies, the second of which turns on when the first fails.
🗑
|
||||
| registration Authority (RA) | show 🗑
|
||||
| show | A networking Service that allows incoming connections from remote Dial-in Clients.
🗑
|
||||
| Remote Access Trojan (RAT) | show 🗑
|
||||
| Remote Authentication Dial-In User Service (RADIUS) | show 🗑
|
||||
| Remote Code Execution (RCE) | show 🗑
|
||||
| Removable Media Controls | show 🗑
|
||||
| show | an attack in which valid data transmission is maliciously or fraudulently repeated or delayed
🗑
|
||||
| residual risk | show 🗑
|
||||
| show | the amount of risk an organization is willing to accept.
🗑
|
||||
| Risk Assessment | show 🗑
|
||||
| risk avoidance | show 🗑
|
||||
| risk management | show 🗑
|
||||
| risk mitigation | show 🗑
|
||||
| risk reduction | show 🗑
|
||||
| show | helps to track issues and address problems as they occur. AKA Risk Log
🗑
|
||||
| Risk transference | show 🗑
|
||||
| rogue access point | show 🗑
|
||||
| role based access control (RBAC) | show 🗑
|
||||
| Root of Trust (RoT) | show 🗑
|
||||
| RSA | show 🗑
|
||||
| sag | show 🗑
|
||||
| Salting | show 🗑
|
||||
| sandbox | show 🗑
|
||||
| show | An in depth code inspection procedure
🗑
|
||||
| secure coding concepts | show 🗑
|
||||
| secure hash algorithm | show 🗑
|
||||
| Secure/Multipurpose Internet Mail Extensions (S/MIME) | show 🗑
|
||||
| show | A protocol that can create a secure channel between two computers or network devices
🗑
|
||||
| secure sockets layer (SSL) | show 🗑
|
||||
| Security as a Service (SECaaS) | show 🗑
|
||||
| show | Files that log activity of users.
🗑
|
||||
| security posture | show 🗑
|
||||
| Security Posture Assessment (SPA) | show 🗑
|
||||
| show | Groups of policies that can be loaded in one procedure
🗑
|
||||
| security tokens | show 🗑
|
||||
| Self-Encrypting Drive (SED) | show 🗑
|
||||
| show | This is when more than one person is required to complete a particular task or operation
🗑
|
||||
| Service Pack (SP) | show 🗑
|
||||
| show | The name of a wireless access point (or network) to which network clients will connect; it is broadcast through the air.
🗑
|
||||
| Shoulder Surfing | show 🗑
|
||||
| show | the loading of third-party apps from a location outside of the official application for that device.
🗑
|
||||
| show | framkes and packets of network traffic are analyzed for predetermined attack patterns.
🗑
|
||||
| Simple Network Management Protocol (SNMP) | show 🗑
|
||||
| show | An element, object, or part of a system that, if it fails, will cause the whole system to fail.
🗑
|
||||
| Single Sign-on (SSO) | show 🗑
|
||||
| Smurf attack | show 🗑
|
||||
| snapshot back up | show 🗑
|
||||
| SNMP agent | show 🗑
|
||||
| software development life cycle (SDLC) | show 🗑
|
||||
| Spanning tree protocol (STP) | show 🗑
|
||||
| show | A type of phishing attack that targets particular individuals.
🗑
|
||||
| special hazard protection system | show 🗑
|
||||
| spike | show 🗑
|
||||
| show | when an attacker masquerades as another person by falsifying information
🗑
|
||||
| show | a type of malicious software either downloaded unwittingly from a website or installed along with some other third party software
🗑
|
||||
| standby generator | show 🗑
|
||||
| show | a type of packet inspection that keeps track of network connections by examining the header in each packet
🗑
|
||||
| show | when a single private IP address translates to a single public IP address
🗑
|
||||
| steganography | show 🗑
|
||||
| show | A clear separation of organization and personal information, applications, and other content
🗑
|
||||
| show | a type of algorithm that encrypts each byte in a message one at at time
🗑
|
||||
| structured exception handing (SEH) | show 🗑
|
||||
| show | A field in PKI certificates that allows an organization to specify additional hostnames, domain names, and so on
🗑
|
||||
| show | system of hardware and software that controls and monitors industrial systems like HVAC
🗑
|
||||
| surge | show 🗑
|
||||
| show | a class of cipher that uses identical or closely related keys for encryption or decryption
🗑
|
||||
| show | a type of DOS where an attacker sends a large amount of SYN request packets in an attempt to deny service
🗑
|
||||
| show | a type of piggybacking where an unauthorized person follows an authorized person into a secure area, without the authorized person consent
🗑
|
||||
| show | sets the reset flag in a TCP header to 1, telling the respective computer to kill the TCP session immediately
🗑
|
||||
| show | when a hacker takes over a TCP session between two computers without the need of a cookie or any other type of host access
🗑
|
||||
| show | a type of DOS that sends mangled IP fragments with overlapping and oversized payloads to the target machine
🗑
|
||||
| TEMPEST | show 🗑
|
||||
| temporal key integrity protocol (TKIP) | show 🗑
|
||||
| Terminal Access Controller Access-Control System Plus (TACACS+) | show 🗑
|
||||
| show | a way of prioritizing threats to an application
🗑
|
||||
| show | the method a threat uses to gain access to a target computer
🗑
|
||||
| show | part of the authentication process used by kerberos
🗑
|
||||
| show | a trojan programmed to set off on a certain date
🗑
|
||||
| show | when a user's logon hours are configured to restrict access to the network during certain times of the day and week
🗑
|
||||
| towers of hanoi | show 🗑
|
||||
| show | when two or more networks have a relationship where users from one network can gain access to resources on the other
🗑
|
||||
| transport layer security | show 🗑
|
||||
| show | Similar to DES but applies to the cipher algorithm three times to each cipher block
🗑
|
||||
| show | an application that appears to perform desired functions but is actually performing malicious functions behind the scenes
🗑
|
||||
| show | A DoD standard that sets basic requirements for assessing the effectiveness of computer security access policies. Also known as The Orange Book
🗑
|
||||
| show | A system that adheres to criteria for multilevel security and meets government regulations
🗑
|
||||
| Twofish | show 🗑
|
||||
| Typo squatting | show 🗑
|
||||
| UDP flood attack | show 🗑
|
||||
| Unified Threat Management (UTM) | show 🗑
|
||||
| Uninterruptible Power Supply (UPS) | show 🗑
|
||||
| show | A security component of windows that keeps every user in standard user mode instead of as an administrator, even if they are part of the Admin group
🗑
|
||||
| vampire tap | show 🗑
|
||||
| show | An operating system (Or application) created by virtual machine software that runs within a hosting Operating System
🗑
|
||||
| show | When a user (or malware) is able to break out of a VM's isolation (or lack there of) and gain access to the hosting computer
🗑
|
||||
| show | A connection between two or more computers or deices taht are not on the same private network
🗑
|
||||
| virtualization | show 🗑
|
||||
| virtualization sprawl | show 🗑
|
||||
| show | code that runs on a computer without the user's knowledge; it infects the computer when the code is accessed and executed
🗑
|
||||
| show | a type of phishing attack that makes use of telephones and VoIP
🗑
|
||||
| VLAN hopping | show 🗑
|
||||
| show | A hardware appliance that allows hundreds of users to connect to the network from remote locations via a VPN
🗑
|
||||
| Vulnerability | show 🗑
|
||||
| vulnerability assessment | show 🗑
|
||||
| show | the practice of finding and mitigating software vulnerabilities in networks and computers
🗑
|
||||
| vulnerability scanning | show 🗑
|
||||
| show | the act of physically drawing symbols in public places that denote open closed, or protected wireless networks
🗑
|
||||
| war-dialing | show 🗑
|
||||
| show | the act of searching for wireless networks by a person in a vehicle through the use of a device with a wireless antenna
🗑
|
||||
| show | a site that has computers, phones, and servers but can not be switched over to immediately
🗑
|
||||
| waterfall model | show 🗑
|
||||
| watering hole attack | show 🗑
|
||||
| web application firewall (WAF) | show 🗑
|
||||
| show | a decentralized model used for sharing certificates without the need for a centralized CA
🗑
|
||||
| web security gateway | show 🗑
|
||||
| show | consists of a perssurized water supply system that can deliver a high quantity of water to an entire building via a piping distribution system
🗑
|
||||
| whaling | show 🗑
|
||||
| show | a method of testing applications or systems where the tester is given access to the internal workings of the system
🗑
|
||||
| show | a type of hacker that is contracted to break into a company's systems
🗑
|
||||
| wi-fi disassociation attack | show 🗑
|
||||
| Wi-FI Protected Access (WPA) | show 🗑
|
||||
| show | A simplifed way of connecting to wireles snetworks using an eight-digit code. It is now deprecated due to its insecure nature and should be disabled if currently used
🗑
|
||||
| show | a single public key certificate that can be used by multiple subdomains of a single domain
🗑
|
||||
| wired equivalent Privacy (WEP) | show 🗑
|
||||
| show | A protocol that is part of the wireless application protocol (WAP) stack used by mobile devices. It enables secure user sessions
🗑
|
||||
| wiretapping | show 🗑
|
||||
| show | code that runs on a computer without the user's knowledge; it self replicates
🗑
|
||||
| show | a common PKI standard developed by the ITU-T that incorporates the single sign on authentication method
🗑
|
||||
| zero day attack | show 🗑
|
||||
| zombie | show 🗑
|
Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Created by:
MinaGracey