Security+ 501
What character is essential in input for a SQL injection attack
'
10000000
128
11000000
192
11100000
224
11110000
240
11111000
248
11111100
252
11111110
254
11111111
255
/16
255.255.0.0
/24
255.255.255.0
IPv4 allows for how many possible IP address?
4.3 Billion
What network port is used for SSL/TLS VPN connections?
443
What is the minimum suggested length for a strong password?
8 Characters
Creates a formal record of a DR or BC event
AAR
Allows administrators to make access control decisions based upon characteristics of the user, object, and environment.
ABAC
Acknowledges a SYN or FIN
ACK
Advanced Encryption Standard
AES
A set of subroutine definitions, protocols, and tools for building application software
API
Application Programming Interface
API
Advanced Persistent Threat
APT
Agents who are well funded, highly skilled, typically government sponsored, and have access to Zero Day Vulnerabilities
APTs
American Registry for Internet Numbers
ARIN
Address Resolution Protocol
ARP
Protocol that translates IP addresses into the hardware MAC addresses on local area networks
ARP
A type of attack in which a malicious actor sends falsified ARP messages over a local area network
ARP Poisoning
In the Kerberos protocol, what system performs authentication of the end user?
AS
What router technology can be used to perform basic firewall functionality?
Access Control List
Multi-factor authentication is used to prevent
Account Hijacking
Root kits, Polymorphism, and Armored Viruses are all types of
Advanced Malware
Any security event with negative consequences
Adverse Security Event
Malware that has the specific purpose of displaying advertisements
Adware
Changing the default search engine, displaying pop p advertisements, and replacing legitimate ads with other ads are all
Adware mechanisms
Three different types of Malware payloads
Adware, Spyware, and Ransomware
AAR
After Action Report
What is the name of the application control technology built-in to Microsoft Windows?
AppLocker
Layer that determines how users interact with the data using web clients and applications
Application
Prohibits the installation of specified applications on mobile devices
Application Blacklisting
Only allows the installation of approved applications on mobile devices
Application Whitelisting
Best defense against Trojans
Application control
Code execution where the attacker runs commands of his or her choice
Arbitrary Code Execution
System Sprawl is considered a/an
Architectural Vulnerability
Dissects how everything fits together, Analyzes the interaction of various systems
Architecture Review
Malware that prevents reverse engineering techniques to hide themselves
Armored Virus
The sum of the different points where an unauthorized user can try to enter data to or extract data from an environment
Attack Surface
Enumerates the attack surface, looking for all possible paths of attack
Attack Surface Review
External media, attrition, web, email, and improper usage are all considered
Attack Vectors
ABAC
Attribute Based Access Control
Unpredictable and uncontrollable, but normal, reduction of work force due to resignations, retirement, sickness, or death
Attrition
During what phase of the access control process does a user prove his or her identity?
Authentication
Install without the user's knowledge or intervention when published by the device manufacturer
Automatic Updates
DoS atacks affects which part of the CIA Triad?
Availability
Business Continuity Planning
BCP
Lightweight operating system stored in firmware that provides the basic functionality necessary to load the full operating system from the disk
BIOS
Allows employees to choose any device they want and use it in the corporate network
BYOD
Bring Your Own Device
BYOD
Remove all corporate information from the personally owned device
BYOD Offboarding
Ensure the device meets security requirements and is safely configured
BYOD Onboarding
Malware that provides workaround access to a system
Backdoor
Hardcoded accounts, default passwords, and unknown access channels are all
Backdoor mechanisms
Configurable text-based welcome screens from network hosts that generally display system information
Banner
Retrieves information over a network connection that explicitly identifies the operating system and version
Banner Grabbing
Provides an initial review of a systems security status, Compares the current configuration to the expected configuration
Baseline Reporting
BIOS
Basic Input/Output System
Proxy servers, content filters, SSL Accelerators, and load balancers will typically
Belong in the DMZ
Flexibility, scalability, agility, and cost effectiveness are all
Benefits of Cloud Computing
Type of Penetration Test Attackers have no knowledge of the network environment
Black Box
An attack where an attacker sends Bluetooth spam to a user's device
Bluejacking
An attack where an attacker exploits firmware flaw in order Bluetooth devices. Forces a pairing between devices which grants access to the device.
Bluesnarfing
A network of infected computers used for malicious intent
Botnet
Delivering spam, engaging in DDoS attacks, mining bitcoin, and bruteforce attacks
Botnet techniques
Layer 2 Device. Connect two networks together using MAC addresses
Bridge
BYOD
Bring Your Own Device
Occurs when a network system is overwhelmed by continuous multicast or broadcast traffic
Broadcast Storm
Attack where all password combinations are tried. Also called Known Ciphertext Attacks.
Brute Force
An exploit that takes advantage of a program that is waiting on a user's input
Buffer Flow
What type of attack seeks to write data to areas of memory reserved for other purposes
Buffer Overflow
Highly Sensitive, Sensitive, Internal, Public
Business Classifications
A set of controls designed to keep a business running in the face of adversity, whether natural or man-made
Business Continuity Planning
An enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard
CCMP
Counter Mode Cipher Block Chaining Message Authentication Code Protocol
CCMP
Confidentiality, Integrity, and Availability
CIA Triad
A strategy in which a mobile device is chosen by a company, but it can be used for personal activites as well
COPE
An attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated
CSRF
Offers employees a list of approved devices that can also be used for private purposes
CYOD
Which one of the following security mechanisms prevents laptops from theft while they are in use?
Cable Lock
CHAP
Challenge Handshake Authentication Protocol
Ensures that an organization follows a standard process for requesting, reviewing, approving, and implementing changes to information systems
Change Management
CYOD
Choose Your Own Device
Attack where attacker can create an encrypted message of his or her choice
Chose-Plaintext Attack
A packet with every single option set for whatever protocol is in use. Used in DDoS attacks.
Christmas Tree Packet
What type of lock always requires entering a code to enter the facility?
Cipher Lock
10.0.0.1 - 10.255.255.255
Class A Private IP Address Range
172.16.0.1 - 172.31.255.255
Class B Private IP Address Range
What class of fire extinguisher is designed to work on electrical fires?
Class C
192.168.0.1-192.168.255.255
Class C Private IP Address Range
An attack where the attacker hides elements of a web page behind other elements so that a user cannot see what he or she is actually clicking
Clickjacking
The delivery of computing resources as a service over a network
Cloud Computing
Occur when an attacker exploits a vulnerability in a system that allows the attacker to run commands on that system
Code Extension Attack
Performs assessment of software security
Code Review
Protects against malicious drivers
Code Signing
Empty data center, stocked with core equipment, inexpensive, No servers or data
Cold Site
The developer runs a compiler to convert source code in an executable file written in machine language. C, C++, and Java are examples of this
Compiled Code
Ensure that an organization's information security controls are consistent with the laws, regulations, and standards that govern the organization's activities
Compliance Programs
Ensure that an organizations information security controls are consistent with the laws, regulations, and standards that govern the organizations activities
Compliance Programs
Laws, regulations, and standards are all
Compliance obligations
Data theft affects which part of the CIA Triad?
Confidentiality
Allow quick identification and remediation of security gaps
Configuration Baselines
VLAN Trunking must be enabled as well as switch ports must be assigned to VLANs in order to
Configure VLANs
The highest priority of a first responder must be
Containing the damage through isolation
A type of exploit used by a malicious hackers to present a faked or modified Web site to the user as if it were legitimate
Content Spoofing
Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions
Continuous Security Monitoring
What type of object must a hacker typically access in order to engage in a session hijacking attack
Cookie
Data stored by websites in user browsers. Useful to recognize users and to remember information
Cookies
Competitors that use hacking tools and techniques for corporate espionage purposes
Corporate Espionage
COPE
Corporate Owned, Personally Enabled
CSRF, XSRF, and Sea Surf all refer to
Cross-Site Request Forgery
Weak Cipher Suites, Poor Key Management, and Poor Certificate Management are all
Cryptographic Vulnerabilities
Access control method in which users control access to resources they own
DAC
Discretionary Access Control
DAC
A denial of service that leverages a botnet to overwhelm a target
DDoS attack
Microsoft Technology that enforces specific restrictions on the acceptable locations for executable code. Prevents attacks that attempt to execute code from space assigned to a process
DEP
Examples of weak algorithms
DES, RC4
Dynamic Link Library
DLL
A technique used for running code within the address space of another process by forcing it to load a dynamic-link library(Tricks an application into loading malicious code)
DLL Injection
Data Loss Prevention
DLP
Contains systems that must accept direct external connections, isolates those systems due to risk of compromise
DMZ
Demilitarized Zone
DMZ
Domain Naming Service
DNS
Port 53
DNS
Service that translates common domain names into IP addresses for the purpose of network routing
DNS
A type of attack that exploits vulnerabilities in the domain name system to divert Internet traffic away from legitimate servers and towards fake ones
DNS Poisoning
Translates domain names into IP addresses (UDP Port 53)
DNS Servers
Adds signatures to DNS
DNSSEC
Assign information into categories, known as classifications, that determine storage, handling and access requirements
Data Classification Policies
DEP
Data Execution Prevention
Layer that transfers data between two nodes connected on a network
Data Link
Technology solutions that search systems and monitor networks for sensitive information that is unsecured and provide the ability to remove the information, block the transmission, or encrypt the stored data.
Data Loss Prevention
Concept that data is subject to the law of the jurisdiction where it is stored
Data Sovereignty
Organizations should use multiple, overlapping security controls to achieve each of their security objectives
Defense in Depth principle
During the offboarding process administrators disable accounts and revoke authorizations at the appropriate time
Deprovisioning
What type of security control is designed to scare a potential intruder into not attempting a break-in in the first place?
Deterrent Control
Serves as the software interfaces between hardware devices and the operating system
Device Driver
Attack where all words in the English language are used to guess a password combination
Dictionary Attack
Backup that includes all data modified since the last full backup
Differential
Designed to restore a business to normal operations as quickly as possible. A subset of business continuity
Disaster recovery
A type of access control system where permissions may be set by the owners of files, computers, and other resources
Discretionary Access Control
DAC
Discretionary Access Control
DCS
Distributed Control System
DDoS
Distributed Denial of Service
Denial of Service
DoS
Attack that makes a resource unavailable for legitimate use, sends a large number of requests to a server, difficult to distinguish from legitimate responses
DoS attack
Attacks steal a domain registration or alter DNS records
Domain Hijacking
Attack where attacker uses a Man in the Middle exploit. Two systems are forced to use weak cryptographic implementations
Downgrade Attack
Refactoring and Shimming are forms of
Driver Manipulation
Involves searching through trash or garbage looking for something useful. This is often done to uncover useful information that may help an individual get access to a particular network
Dumpster Diving
Appear to function normally but trigger an emergency security response
Duress Code
Execute code to verify that it is functioning correctly and does not have security flaws
Dynamic Code Testing
Port Security mode. Switches memorize the first MAC address they see on each port and limit access to that address
Dynamic Port Security
49152-65535
Dynamic Ports
End of Life
EOL
The forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source
Email Spoofing
What term does the Security+ exam use for smart devices?
Embedded Devices
When developing a disaster plan what should be the number one priority
Employee Safety
Uses cryptography to render information unreadable without the necessary decryption key
Encryption
What are the two key issues for cloud data security?
Encryption and Access Control
Product will no longer be offered for purchase, but the vendor will support existing customers
End of Sale
Vendor will reduce or eliminate support for existing users of the product
End of Support
During what phase of continuous security monitoring does the organization define metrics
Establish
During what phase of continuous security monitoring does the organization define metrics?
Establish
Notifying a vendor of vulnerability, providing the vendor a reasonable amount to create a patch, and disclosing the vulnerability is
Ethical Disclosure
Record of a computer's alerts and notifications
Event Log
A fraudulent Wi-Fi access point that appears to be legitimate, set up to eavesdrop on wireless communications. The wireless LAN equivalent of the phishing scam.
Evil Twin
Provides a chance to debrief departing employees and remind them of their NDAs
Exit Interview
Block traffic based upon more advanced criteria, such as source and destination IP addresses/ports, and the protocols used for communication
Extended ACL
Closes a connection
FIN
What characteristic of biometrics measures the frequency at which legitimate users are denied access to a system or facility?
FRR
Fault Tolerance
FT
Ports 20 and 21, Data transfer and control
FTP
System misidentifies an individual as an authorized user
False Acceptance
FAR
False Acceptance Rate
When a scanner fails to report a vulnerability that does exist, making it much more dangerous
False Negative
Occurs when a control fails to trigger in a situation where it should
False Negative Error
When a scanner reports a vulnerability that does not exist, requiring verification by security administrators
False Positive
Occurs when a control inadvertently triggers when it should not
False Positive Erros
System fails to recognize an authorized user
False Rejection
FRR
False Rejection Rate
Makes a single system resilient against technical failures
Fault Tolerance
RAID is not a backup strategy but is instead considered a
Fault tolerance technique
What type of storage network requires the use of dedicated connections?
Fibre Channel
Network device that filters and blocks unwanted network traffic
Firewall
Source addresses, destination addresses, destination port/protocol, and action (allow or deny) are all
Firewall Rule Contents
Defines how the firewall should act when it sees a new connection request
Firewall Rules
What technology can help prevent denial of service attacks on a network?
Flood Guard
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Fourth Amendment
Detects patterns in ciphertext
Frequency Analysis
Backup that includes a complete copy of all data
Full
Grants complete authority over a resource
Full Control
Switches primary operations to the alternate facility and can be very disruptive to business
Full Interruption Test
The three types of data backups
Full, Differential, and Incremental
A software testing technique that feeds software many different input values in an attempt to cause an unpredictable state or unauthorized access
Fuzzing
What Windows mechanism allows the easy application of security settings to groups of users?
GPOs
What technology allows administrators to pinpoint the location of a mobile device?
GPS
What is the most appropriate type of fire suppression system to install in a data center computer room?
Gaseous Fire Suppression
Alerts when a device leaves a defined area
Geofencing
Allows the real time and historical location of GPS enabled devices
Geolocation
Process of adding geographical identification metadata to various media such as a photograph or video, websites, SMS messages
Geotagging
Type of Penetration Test. Attackers have some knowledge of the network environment
Gray Box
High Availability
HA
Which regulatory scheme applies to healthcare providers in the United States?
HIPAA
A physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. Expensive.
HSM
Hyper Text Makeup Language
HTML
Used to create electronic documents (called pages) that are displayed on the World Wide Web
HTML
Port 80, Unencrypted Communications
HTTP
Port 443, Encrypted Communications
HTTPS
Hackers who seek to use hacking tools to advance political and social agendas
Hacktivist
HSM
Hardware Security Module
One way functions that transform a variable length input into a fixed length output
Hash function
Uses multiple systems to protect against service failure
High Availability
Employers should always make personnel security the
Highest Priority
Network that is set up to act as a decoy to lure cyberattacks and to detect, deflect, or study attempts to gain unauthorized access to information systems
Honeynet
A computer system that is set up to act as a decoy to lure cyberattacks and to detect, deflect, or study attempts to gain unauthorized access to information systems
Honeypot
DLP that uses software agents installed on a single system
Host Based DLP
Which one of the following security controls is built in to Microsoft Windows?
Host Firewall
Software components of an operating system that limit connections to a server
Host Firewalls
Fully operational data center, stocked with equipment and data, available at moments notice, Expensive
Hot Site
Three different sites of disaster recovery facilities
Hot Site, Cold Site, and Warm Site
HMI
Human Machine Interface
Attack where different variations of passwords are used
Hybrid Attack
Cloud utilized by organizations that use both public and private clouds
Hybrid Cloud
Internet Corporation for Assigned Names and Numbers
ICANN
What type of packet do participating systems send during a Smurf attack
ICMP echo request
Industrial Control System
ICS
Intrusion Detection System
IDS
Port 143, Management of electronic mail messages on a server
IMAP4
Port 993
IMAP4 (Encrypted)
Network layer protocol routes information across networks, provides an addressing scheme, delivers packets from source to destination
IP
Numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication
IP Address
A hijacking technique in which a cracker masquerades as a trusted host to conceal his identity, spoof a Web site, hijack browsers, or gain access to a network
IP Spoofing
A hijacking technique in which the attacker masquerades as a trusted host to conceal his identity, hijack browsers, or gain access to a network
IP Spoofing
Intrusion Prevention System
IPS
Network protocol suite that authenticates and encrypts the packets of data sent over a network
IPsec
Processes and practices used to design systems
IT Architecture
Infrastructure as a Service
IaaS
In SAML, what organization performs authentication of the end user?
Identity Provider
Security stance that treats everything not given specific and selective permission as suspicious
Implicit Deny
What security principle does a firewall implement with traffic when it does not have a rule that explicitly defines an action for that communication?
Implicit Deny
Any action which is not explicitly allowed muse be denied
Implicit Deny principle
Notification, Escalation, Reporting, System Isolation, Forensic Analysis, and Evidence Handling are all
Incident Response Procedures
Backup that includes all data modified since the last full of incremental backup
Incremental
What type of backup includes only those files that have changed since the most recent full or incremental backup?
Incremental
SCADA, DCS, and PLC are all types of
Industrial Control Systems
Common policies every organization should implement include the
Information Security Policy, Privacy Policy, and Acceptable Use Policy
IR
Infrared
What is the most effective defense against cross-site scripting attacks?
Input validation
A malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates
Insider Threat
Background investigations, monitoring, training, and DLP are ways to defend against
Insider Threats
Website Defacement affects which part of the CIA Triad?
Integrity
IP
Internet Protocol
IoT
Internet of Things
Computer executes the source code instructions as written by the developer. R, Perl, and PHP are examples of this
Interpreted Code
A social engineer calls an administrative assistant in your organization and obtains her password by threatening her that her boss' account will be deleted if she does not provide the password to assist with troubleshooting. What type of attack is this/
Intimidation
A device or software application that monitors a network or systems for malicious activity or policy violations
Intrusion Detection System
A preemptive approach to network security used to identify potential threats and respond to them swiftly
Intrusion Prevention System
Vulnerability Scan. A dangerous mode that might disrupt system operation
Intrusive Scanning
Regularly moving people between jobs to prevent fraud
Job Rotation
What toolkit enables attackers to easily automate evil twin attacks
KARMA
Rootkit that can run with system privileges
Kernel Mode Rootkits
Set of all possible encryption keys usable with an algorithm
Keyspace
Attack where attacker has access to an unencrypted message
Known-Plaintext Attack
Provides the means to query a centralized directory service, such as Microsoft Active Directory
LDAP
An individual should only have the minimum set of privileges necessary to carry out his or her job functions
Least Privelege
Allowing the user to have minimum permissions necessary
Least Privilege
Consist of shared code objects that perform related functions.
Libraries
LDAP
Lightweight Directory Access Protocol
What two factors are used to evaluate a risk?
Likelihood and impact
Which device helps networked services scale with increasing demand?
Load Balancer
System that spreads demand across systems
Load Balancing
The process of distributing data across disparate services to provide redundancy, reliability, and improve performance
Load Balancing
Malware that is set to issue a payload when certain criteria is met
Logic Bomb
Date/Time reached, file contents, and API call results are all
Logic Bomb conditions
Mandatory Access Control
MAC
Fill switch's MAC address table with many entries, causing it to flood traffic on all ports
MAC Floods
Attack that alters a systems hardware address
MAC Spoofing
Examples of weak hash functions
MD4, MD5, SHA-1
A cryptographic algorithm that takes an input of arbitrary length and produces a message digest that is 128 bits long
MD5 Hash
Perform mobile device configuration management, prevents users from modifying security settings, control data stored on devices and, Manage applications on devices
MDM
Man In The Browser
MITB
Man In The Middle
MITM
Provide security services for other organizati0ons as a managed service
MSSPs
Which access control card is the easiest to duplicate without permission?
Magnetic Stripe card
Malicious Software
Malware
Attack exploits flaws in browsers and browser plugins
Man In The Browser
An attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other
Man in the Middle
Implementing least privilege, implementing separation of duties, implementing job rotation, and managing the account life cycle are all tasks needed to
Manage accounts
MSSPs
Managed Security Service Providers
Compliance with policies and standards are always
Mandatory
An access control system where the operating system enforces security policies that users may not modify
Mandatory Access Control
Enforcing periods of time when employees have no access to systems
Mandatory Vacations
Require that the user check for updates and manually download and install them when available
Manual Updates
Removes portions of sensitive information to reduce its sensitivity
Masking
Connect different telecommunication networks together
Media Gateways
Memory Leaks, DLL Injection and Null Pointers are all
Memory Vulnerabilities
Occurs when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released
Memory leak
Top Secret, Secret, Confidential, Unclassified
Military Classifications
Collecting minimal information and storing it only as long as needed
Minimization
MDM
Mobile Device Management
Adds the ability to delete files and also includes Read & Execute permissions
Modify
Combines authentication techniques from two or more of the authentication categories: something you know, something you have, something you are, somewhere you are, and something you do.
Multifactor Authentication
What type of fuzz testing captures real software input and modifies it?
Mutation Fuzzing
Network Access Control
NAC
Method of remapping one IP address space into another by modifying network address information in IP header of packets while they are in transit across a traffic routing device. (Translates Private IP addresses at the border of a network.)
NAT
What technology provides the translation that assigns public IP addresses to privately addressed systems that wish to communicate on the Internet?
NAT
Which agreement is most directly designed to protect confidential information after an employee has left the organization?
NDA
A set of communication protocols that enable two electronic devices, one of which is usually a portable device such as a smartphone, to establish communication in short range
NFC
Covers distances measured in centimeters using electromagnetic induction Usually used for payment methods (Apple Pay, Android Pay)
NFC
Near Field Communications
NFC
What U.S. federal government agency publishes security standards that are widely used throughout the government and private industry?
NIST
NTLM
NT LAN Manager
Port 123, Protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks
NTP
NFC
Near Field Communication
Ports 137, 138, and 139. Used for network communications
NetBIOS
Layer that expands networks to many different nodes (IP)
Network
Intercepts network traffic coming from unknown devices and verifies that the system and user are authorized before allowing further communication. Uses 802.1x
Network Access Control
NAT
Network Address Translation
Wireshark is an example of a
Network Analyzer
DLP that scans network transmissions for sensitive information
Network Based DLP
Analyzes details of network communications to find oddities particular to a specific operating system and version
Network Fingerprinting
Hardware devices that regulate connections between two networks. Placed on the border of networks
Network Firewalls
software construct serving as a communication endpoint, which is used by the Transport Layer protocols of Internet Protocol suite, such as User Diagram Protocol and Transmission Control Protocol
Network Ports
What is the most important control to apply to smart devices?
Network Segmentation
NTP
Network Time Protocol
Ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated
Non Repudiation
Digital Signatures provide
Non Repudiation
Vulnerability scan. A safe mode that wont disrupt system operation
Non-Intrusive Scanning
A value reserved for indicating that the pointer does not refer to a valid object
Null Pointer
Authorization protocol designed to work across a variety of web services
OAuth
Open Systems Interconnection
OSI
Backups should be stored at an
Offsite location
Allows computing clients to verify the identity of an end-user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end-user in an interoperable and REST-like manner
OpenID Connect
Identification and authentication protocol designed to work with OAuth
OpenID Connect
Disaster recovery efforts end only when the business is
Operating under normal conditions
Adversaries that seek to use hacking tools, such as ransomware, for financial gain
Organized Crime
What type of firewall rule error occurs when a service is decommissioned but the related firewall rules are not removed?
Orphaned Rule
Firewall configuration error that allows access to decommissioned systems and services
Orphaned Rules
The core issues around BYOD relate to
Ownership
Which authentication protocol requires the use of external encryption to protect passwords?
PAP
Each computer on LAN is translated to the same IP address, but with a different port number assignment.
PAT
Padding Oracle On Downgraded Legacy Encryption
POODLE
An exploit that takes advantage of the way some browsers deal with encryption. Can be used to target browser-based communication that relies on SSL 3.0 protocol for encryption and authentication
POODLE attack
Port 110, Used by local e-mail clients to retrieve e-mail from a remote server
POP3
Port 995
POP3 (Encrypted)
Platform as a Service
PaaS
Basic unit of network communications, contain a data payload to be sent, contains a header with additional information
Packet
What information is not found in network flow data?
Packet Content
Silently alert security personnel to a dangerous situation when pressed
Panic Button
Activates the disaster facility but do not switch operations there
Parallel Test
Allows the use of credentials from one system to gain access to another system
Pass the hash attack
PAP
Password Authentication Protocol
Recognizing known patterns of sensitive information such as SSNs
Pattern Matching
The malicious action that the malware performs.
Payload
Goal is to test security controls. Testers attack systems and networks. Verify if threats exist and exploit known vulnerabilities
Penetration Testing
After exploiting a vulnerability in a system, attackers install tools on that system to allow future access- even if the initial vulnerability is corrected
Persistence
PII
Personal Identifiable Information
Most valuable asset on any computer
Personal data (Data)
A scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent Web sites without their knowledge or consent
Pharming
Attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication
Phishing
Layer that sends bits over the network
Physical
Tailgating, Shoulder Surfing, and Dumpster diving are all forms of
Physical Social Engineering
After exploiting a vulnerability in a system, attackers use that system as a base from which to target other systems on the same LAN
Pivot
A programming language object, whose value refers to another value stored elsewhere in the computer memory using its memory address.
Pointer
Malware that changes code to avoid detection, uses encryption with a different key on infected systems
Polymorphic Virus
What technique does some malware use to modify itself each time it infects a new system to avoid signature detection systems?
Polymorphism
Ports used by LDAP
Port 389(unencrypted) Port 636 (encrypted)
Port used by Kerberos
Port 88
PAT
Port Address Translation
Restricts traffic from a source port to a single destination port
Port Isolation
Application designed to probe a server or host for open ports
Port Scanner
Limits the devices that may connect to a network switch port by MAC address
Port Security
POP3
Post Office Protocolv3
Common points of failure in sysetms will usually be
Power supply and storage media
Criminal record checks, sex offender registry, reference checks, education and employment verification, and credit checks are all apart of
Pre-employment Screening
Layer that translates data so it can be transmitted on a network. Also performs encryption and decryption
Presentation
Limiting Administrative access and patching systems/applications are ways to
Prevent Code Execution Attacks
Anti-malware software, security patches, and user education are all ways to
Prevent Malware
POLP
Principle of Least Privilege
Cloud used by organizations as a dedicated cloud infrastructure
Private Cloud
Available for anyone's use but not routable over the internet
Private IP address
The Payment Card Industry Data Security Standard (PCI DSS) is an example of what type of regulation?
Private regulation
A situation that occurs when a user accumulates excess permissions after shifting job responsibilities one or more times
Privilege Creep
Term used to indicate that the product is in the end of its useful life and a vendor stops marketing, selling, or rework sustaining it
Product End of Life
PLC
Programmable Logic Controller
Firewall configuration error that allows more access than necessary
Promiscuous Rules
The way that a malware object spreads.
Propagation Mechanism
Tool (hardware or software) used to capture and analyze signals and data traffic over a network(Also known as packet analyzers or network analyzers)
Protocol Analyzer
After onboarding, administrators create authentication credentials and grant appropriate authorization.
Provisioning
A server that acts as an intermediary for requests from clients seeking resources from other servers
Proxy Server
Anonymity, Performance Boosting and Content Filtering are all
Proxy Server Benefits
Cloud used by organizations as a share tenancy infrastructure
Public Cloud
SaaS, PaaS, and IaaS are all
Public Cloud Tiers
Assigned by a central authority and are routable over the internet. Managed by ICANN
Public IP addresses
Disk mirroring, stores the same data on two different disks
RAID 1
Disk striping with parity, uses three of more disks to store data and parity information
RAID 5
Malware that provides backdoors to hacked systems
RAT
Remote Access Trojan
RAT
Port 3389, Provides a user with a graphical interface to connect to another computer over a network connection
RDP
Provides a description of the change, expected impact, risk assessments, rollback plan, who is involved, schedule and the affected items
RFC
Radio Frequency Identification
RFID
Uses electromagnetic fields to automatically identify and track tags attached to objects
RFID
Maximum time period from which data may be lost in the wake of a disaster
RPO
Maximum amount of time that it should take to recover a service after a disaster
RTO
Power the IoT by providing reliable and secure computing for IoT devices
RTOS
Occurs when the proper functioning of a security control depends upon the timing of actions performed by the user or computer
Race Condition
Attack where precomputed hashes are used to crack a password
Rainbow Table Attack
Cryptolocker is an example of what type of malicious software
Ransomware
Malware that blocks access to a system
Ransomware
Arrives via email attachment, encrypts local files, demands ransom on short notice are all
Ransomware techniques
Allows the user to read the file
Read
Allows the user to read the file and execute an application
Read & Execute
Asks each team member to review their role in the disaster recovery process and provide feedback
Read-throughs
RTOS
Real Time Operating System
RPO
Recovery Point Objective
RTO
Recovery Time Objective
RAID
Redundant Array of Inexpensive Disks
Modifying a driver to carry out malicious activities. Requires access to driver source code
Refactoring
A description of the specific controls that would achieve an organizations security objectives
Reference Architectures
1024-49151
Registered Ports
What component of a change management program includes final testing that the software functions properly?
Release Management
Code execution attack that takes place over a network connection
Remote Code Execution
RDP
Remote Desktop Protocol
What phase of the capability maturity model introduces the reuse of code across projects?
Repeatable
RFC
Request For Change
Proxy server that retrieves resources on behalf of a client from one or more servers
Reverse Proxy
Process of systematically analyzing potential responses to each risk and implementing strategies to control those risks appropriately
Risk Management
Risk avoidance, risk transference, risk mitigation, risk acceptance, risk deterrence are all
Risk Management Strategies
Any Wi-Fi access point that is installed on a network but is not authorized for operation on that network, and is not under the management of the network administrator
Rogue Access Point
A special superuser account that provides unrestricted access to system resources
Root Account
Malware that can escalate user privileges. Can run in user mode or kernel mode
Rootkit
Backdoors, Botnet Agents, and Adware/Spyware are all
Rootkit Payloads
Layer 3 device. Used to connect networks. Use ACL's to perform stateless inspections
Router
What network device can connect together multiple networks?
Router
Perform basic filtering and can reduce the load placed on firewalls
Routers
A serious network problem which happens when a data packet is continually routed through the same routers over and over
Routing Loop
A technology that allows you to encrypt your emails. Based on asymmetric cryptography to protect your emails from unwanted access. It also allows you to digitally sign your emails
S/MIME
Allows SSO within a web browser across a variety of systems
SAML
A network which provides access to consolidated, block level data storage
SAN
Storage Area Network
SAN
What type of system is used to gather information from remote sensors via telemetry?
SCADA
Provides secure command line transfer over SSH
SCP
Provide real-time analysis of security alerts generated by applications and network hardware
SIEM
Security solution that collects information from diverse sources, analyzes it for signs of security incidents, and retains it for later use.
SIEM
Port 25, Used for email routing between mail servers
SMTP
Port 465
SMTP (Encrypted)
Attack consists of insertion of a SQL query via the input data from the client to the application. The most common application layer attack.
SQL Injection
Port 22, Secure logins, file transfers (scp, sftp) and port forwarding
SSH
Service Set Identifier
SSID
Handle the difficult cryptographic work of setting up TLS connections
SSL Accelerator
Provide dedicated hardware for SSL/TLS handshakes
SSL/TLS Accelerators
Builds a loop-free logical topology for Ethernet networks. Prevents broadcast storms
STP
Opens a connection
SYN
What TCP flag indicates that a packet is requesting a new connection?
SYN
Fill connection state tables on firewalls with half open connection entries
SYN Floods
Software as a Service
SaaS
Development and testing environments where programmers can work with code to modify and test it without having access to any production resources.
Sandboxes
Unskilled attackers who simply reuse hacking tools developed by others
Script Kiddie
Technology where the system firmware checks that the system boot loader is signed with a cryptographic key authorized by a database contained in the firmware
Secure Boot
SCP
Secure Copy
S/MIME
Secure/Multipurpose Internet Mail Extensions
SAML
Security Assertion Markup Language
Keeps the lessons learned during security training
Security Awareness
Procedures and mechanisms that an organization puts in a place to manage security risks
Security Controls
Any observable action on a computer system that impacts security
Security Event
A collection of standards and practices designed to form a solid approach to information security
Security Frameworks
Any adverse event that violates security policies
Security Incident
SIEM
Security Information and Event Mnagement
Procedures, policies, guidelines, and standards all for the
Security Policy Framework
Provides users with the knowledge they need to protect the organizations security
Security Training
Performing any critical business function should require the involvement of two or more individuals
Separation of Duties
Layer that manages the exchange of communications between systems
Session
An additional copy of the primary database file
Shadow File
Wraps a legitimate driver with a malicious shim. Does not require access to the legitimates driver's source code
Shimming
Attack where the attacker uses observation techniques, such as looking over someone's shoulder, to get information
Shoulder Surfing
What is the most effective tool to use against dumpster diving attacks
Shredder
Identifying viruses by detecting known code patterns from a database
Signature Detection
What type of malware prevention is most effective against known viruses?
Signature Detection
Uses a practice scenario to test the disaster recovery plan
Simulation
What type of website does the attacker use when waging a watering hole attack?
Site trusted by the end user
A distributed denial-of-service attack in which large numbers of ICMP packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP broadcast address
Smurf Attack
Captures a system state at a moment in time. Usually used in virtual machines.
Snapshot
Combines processing, memory, networking, and other embedded system components on a single chip
SoC
Manipulating people into divulging information or performing an action that undermines security
Social Engineering
User education is the best defense against
Social Engineering Attacks
Using Authority, Intimidation, Consensus, Scarcity, Urgency, and Familiarity are
Social Engineering tactics
SDN
Software Designed Networking
Security questions are an example of what type of authentication factor?
Something you know
Unsolicited commercial email.
Spam
STP
Spanning Tree Protocol
An email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information
Spear Phishing
Spam delivered through instant messaging (IM) instead of through e-mail messaging
Spim
What software development methodology uses four stages in an iterative process?
Spiral
Malware that gathers information without the users knowledge or consent
Spyware
Logging keystrokes, monitoring web browsing, and searching hard drives are all
Spyware techniques
Perform filtering based upon source IP address
Standard ACL
A type of packet filtering that helps to control how data packets move through a firewall. Track open connections.
Stateful Inspection
Watch network traffic, and restrict or block packets based on source and destination addresses or other static values. They are not 'aware' of traffic patterns or data flows
Stateless Inspection
Use automated techniques to analyze code for errors and security flaws without actually executing it
Static Code Testing
Port Security mode. Administrators manually configure valid MAC addresses for each port
Static Port Security
Worm created in 2010. Infiltrated an Iranian Nuclear facility and damaged uranium enrichment equipment.
Stuxnet
Used to determine what subnet an IP address belongs to. Network admins use this to divide the host part of the address into subnets
Subnet Mask
The practice of dividing a network into two or more networks
Subnetting
SCADA
Supervisory Control and Data Acquisition
Responsible for performing all of the NAC-related tasks on behalf of the user and system
Supplicant
What is the piece of software running on a device that enables it to connect to a NAC-protected network?
Supplicant
Layer 2 device. Used to create networks
Switch
Which devices carrie VLANs on a network?
Switch
New devices are connected to a network, but old devices are not promptly disconnected, leading to security vulnerabilities
System Sprawl
SoC
System on a Chip
Connection Oriented Protocol. Guarantees delivery. Uses Flags
TCP
Port 69, Allows a client to get a file from or put a file onto a remote host
TFTP
A security protocol used in the 802.11 wireless networking standard. Designed by the IEEE 802.11i task group and the Wi-Fi Alliance as an interim solution to replace WEP without requiring the replacement of legacy hardware
TKIP
Temporal Key Integrity Protocol
TKIP
Time elapses between authorization and the action
TOCTU
What hardware technology may be embedded in a laptop computer to protect encrypted hard drives from removal?
TPM
Refers to when a person tags along with another person who is authorized to gain entry into a restricted area
Tailgating
Port 23, Unencrypted text communications
Telnet
An application created by a vendor that is different than the manufacturer of the device and/or its operating system
Third Party Application
External force that jeopardizes computers or systems
Threat
Allows organizations to stay current on upcoming cyber security threats
Threat Intelligence
TOCTU
Time of Check/Time of Use
Limits the use of resources during certain hours
Time of Day restrictions
TCP
Transmission Control Protocol
Layer that creates connections between systems and transfers data reliably (TCP/UDP)
Transport
What message can an SNMP agent send to a network management system to report an unusual event?
Trap
TFTP
Trivial File Transfer Protocol
Malware that disguises themselves as another program and will deliver a malicious payload behind the scenes.
Trojan Horse
Verifying correct password, Using a different account to access a service, accessing a different service with the same same account, and investigating authentication logs are ways to
Troubleshoot permission issues
Attack that consists of registering domain names similar to official sites, hoping that users will make a typo and visit their site. Also known as URL Hijacking.
Typosquatting
User Datagram Protocol
UDP
Specification that defines a software interface between an operating system and platform firmware. Replaces BIOS
UEFI
An approach to security management that allows an administrator to monitor and manage a wide variety of security-related applications and infrastructure components through a single management console
UTM
Designed protect users from blended threats while reducing complexity. Describe a category of security appliances which integrates a range of security features into a single appliance
UTM
Unified Threat Management
UTM
UEFI
Unified Extensible Firmware Interface
UTM
Unified Threat Management
Phishing and social engineering are considered
User Based Threats
Connectionless protocol. Does not guarantee delivery. Used for voice and video apps
User Datagram Protocol
Best defense against viruses
User Education
The best way to prevent Social Engineering attacks is
User Education
Rootkit that can run with normal user privileges, are easy to write and difficult to detect
User Mode Rootkit
Allows an employee to connect to a hosted server using a private device
VDI
A method of attacking a network by sending packets to a port that is not normally accessible from a given end system
VLAN Hopping
Limit the unnecessary exposure of VLANs by limiting the number of switches where they are trunked
VLAN Pruning
What technique should network administrators use on switches to limit the exposure of sensitive network traffic?
VLAN Pruning
Extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network
VPN
Type of networking device that provides secure creation of VPN connections and delivery of messages between VPN nodes
VPN Concentrator
A collection of ports from a set of connected Fibre Channel switches, that form a virtual fabric
VSAN
Virtual Storage Area Network
VSAN
VDI
Virtual Desktop Infrastructure
Separate systems on a network into logical groups based upon function, regardless of physical location
Virtual LAN
Malware that spreads by human action
Virus
Voice phishing attack. An electronic fraud tactic in which individuals are tricked into revealing critical financial or personal information to unauthorized entities.
Vishing
Program designed to assess computers, computer systems, networks or applications for known weaknesses
Vulnerability Scanner
Filters, monitors, and blocks HTTP traffic to and from a web application
WAF
Web Application Firewall
WAF
Wi-Fi encryption method that uses a static key. The most vulnerable.
WEP
Wireless Equivalent Privacy
WEP
W-Fi Protected Access
WPA
Wi-Fi encryption method that uses TKIP. Also uses RC4 with 128-bit key.
WPA
Wi-Fi Protected Access Version 2
WPA2
Wi-Fi encryption method that uses AES
WPA2
Allows quick wireless setup for devices. Vulnerable due to the unchangeable PIN number
WPS
Wi-Fi Protected Setup
WPS
Gathers the team together for a formal review of the disaster recovery plan
Walk-Through (Tabletop Exercise)
Physical act of seeking out a WiFi network with a mobile device or laptop while driving a vehicle
War Driving
Stocked with all necessary equipment and data but are not maintained. Can be made available in hours or days.
Warm Site
A method of compromise in which malicious actors infect a website with malware that targets users accessing the website
Watering Hole Attack
Identifies sensitive information using electronic tags
Watermarking
What DLP technique tags sensitive content and then watches for those tags in data leaving the organization?
Watermarking
Specifically protect web applications by using application awareness to peer deep into the application layer and block web attacks
Web Application Firewalls
0-1023
Well Known Ports
A type of phishing fraud that targets high-profile end users such as C-level corporate executives, politicians and celebrities
Whaling
Type of Penetration Test. Attackers have full knowledge of the network environment.
White Box
In what application control approach may users install only approved software on their devices?
Whitelist
Protects confidentiality, prevents eavesdropping, allows use of insecure transmission methods
Wireless Encryption
IEEE 802.11
Wireless LAN
Malware that can be spread by themselves without human interaction
Worms
What technology can you use as a compensating control when it's not possible to patch an embedded system?
Wrapper
Allows the user to create files and modify their contents
Write
WORM
Write Once Read Many
Cross Site Scripting
XSS
Occur when an attacker embeds malicious scripts in a third party website that are later run by innocent visitors to that site
XSS
A vulnerability in a product that has been discovered by at least one researcher but has not yet been patched by the vendor
Zero Day Vulnerability
What command can administrators use to determine whether the SELinux kernel module is enabled?
getenforce
Command used to test the reach-ability of a host on an Internet Protocol (IP) network
ping
Port Isolation and Private VLANs are
the same
When trying to troubleshoot authentication issues you should
try to use another system first
What Java clause is critical for error handling
try...catch
What command is used to apply operating system updates on some Linux distributions?
yum
