CompTIA Security+
tokens
(251) ___, a physical device that may generate a code, plug in via USB, or connect via Bluetooth or other means to present a certificate or other information.
10
(295) RAID ___ is mirroring with striping. Data is striped across two or more drives and then mirrored to the same number of drives. It combines the advantages and disadvantages of both RAID 0 & RAID 1.
snapshot
(297) A third type of backup is a ___. It captures the full state of a system or device at the time the backup is completed.
public
(323) ___ cloud service providers deploy infrastructure and then make it accessible to any customers who wish to take advantage of it in a multitenant model.
private
(324) The term ___ cloud is used to describe any cloud infrastructure that is provisioned for use by a single customer. This infrastructure may be built and managed by the organization that will be using the infrastructure, or it may be built and managed by a third party. Only one customer uses the environment.
community
(325) A ___ cloud service shares characteristics of both the public and private models.
7
(656) Echo service uses port ___.
sn1per
(695) ___ is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities across a network.
scanless
(696) ___ is a utility that is used to create an exploitation website that can perform Open port scans in a more stealth-like manner.
information (RFI)
(729) Request for ___ is used when you think you know what you want but need more information from the vendors.
viruses
(73) Computer ___ are malicious programs that self-copy and self-replicate. They require one or more infection mechanisms that they use to spread themselves, typically paired some form of search capability to find new places to spread to.
tender (RFT)
(730) Request for ___ is an opportunity for potential suppliers to submit an offer to supply goods or services against a detailed tender.
urgency
(87) ___ relies on creating a feeling that the action must be taken quickly due to some reason or reasons.
measured
(331) The second security feature intended to help prevent boot-level malware is ___ boot. These boot processes measure each component, starting with the firmware and ending with the boot start drivers.
domain kiting
(343) ___ ___ refers to exploiting flaws in the domain registration system.
controllers
(462) Data ___ are the entities who determine the reasons for processing personal information and direct the methods of processing the data.
driver
(498) ___ updates fix a security issue or add a feature to a supported piece of hardware.
Message Digest 5 (MD5)
(588) ___ ___ ___ is an algorithm that creates a fixed-length 128-bit hash value unique to the input file. It is a hashing algorithm for integrity checking.
X.690
(601) ___ uses BER, CER, and DER for encoding.
transitive
(608) ___ trust occurs when X trusts Y, and Y trusts Z, therefore X trusts Z.
fault tolerant RAID
(622) ___-___ ___ protects against the loss of the array's data if a single component fails (RAID 1, RAID 5, RAID 6).
financial, reputational, strategic, operational, compliance
(10) Name the 5 types of potential security incidents.
tailgating
(100) ___ is a physical entry attack that requires simply following someone who has authorized access to an area so that as they open secured doors you can pass through as well.
spam
(96) ___, sometimes called unsolicited or junk email, may not immediately seem like a social engineering technique, but it often employs social engineering techniques to attempt to get recipients to open the message or to click on links inside of it.
dumpster diving
(98) ___ ___ is exactly what it sounds like: retrieving potentially sensitive information from a dumpster.
shoulder surfing
(99) ___ ___ is the process of looking over a person's shoulder to capture information like passwords or other data.
eliciting information
(101) ___ ___, often called elicitation, is a technique used to gather information without targets realizing they are providing it. Techniques like flattery, false ignorance, or even acting as a counselor or sounding board are all common elements of an elicitation effort.
pretexting
(102) ___ is the process of using a made-up scenario to justify why you are approaching an individual. It is often used as part of impersonation efforts to make the impersonator more believable.
identity fraud
(103) ___ ___, or identity theft, is the use of someone else's identity.
hoaxes
(104) ___, which are intentional falsehoods, come in a variety of forms ranging from virus hoaxes to fake news.
invoice scams
(105) A final type of fraud is the use of ___ ___, which involve sending fake invoices to organizations in the hopes of receiving payment.
influence, hybrid warfare
(106) As cyberwarfare and traditional warfare have continued to cross over in deeper and more meaningful ways, online ___ campaigns, which have traditionally focused on social media, email, and other online-centric mediums, have become part of what has come to be called ___ ___.
brute force
(107) ___ ___ attacks, which iterate through passwords until they find one that works. Methods can be more complex than just using a list of passwords and often involve word lists that use common passwords, words specifically picked as likely to be used by the target, and modification rules to help account for complexity rules.
password spraying
(108) ___ ___ attacks are a form of brute-force attack that attempts to use a single password or small set of passwords against many accounts. This attack bypasses account-lockout policies.
dictionary
(109) ___ attacks are yet another form of brute-force attack that uses a list of words for their attempts.
financial
(11) ___ risk is the risk of monetary damage to the organization as the result of a data breach.
online, offline
(110) Regardless of the password attack mechanism, an important differentiator between attack methods is whether they occur ___, and thus against a live system that may have defenses in place, or if they are ___ against a compromised or captured password store.
web shell
(180) When attackers discover a file inclusion vulnerability, they often exploit it to upload a ___ ___ to the server. These allow the attacker to execute commands on the server and view the results in the browser.
privilege escalation
(181) ___ ___ attacks seek to increase the level of access that an attacker has to a target system. They exploit vulnerabilities that allow the transformation of a normal user account into a more privileged account, such as the root superuser account.
full, incremental, differential
(296) A ___ backup copies the entire device or storage system. A ___ backup captures the changes since the last backup and is faster to backup but slower to recover. A ___ backup captures the changes since the last full backup and is faster to recover but slower to back up.
images
(298) ___ are a similar concept to snapshots, but most often they refer to a complete copy of a system or server, typically down to the bit level for the drive.
wildcard certificates
(598) ___ ___ allow all of the subdomains to use the same public key certificate and have it displayed as valid. A single wildcard certificate for *.diontraining.com will secure all these domains (www.diontraining.com, mail.diontraining.com, ftp.diontraining.com, etc.)
single sided, dual sided
(599) ___-___ certificates only require the server to be validated. ___-___ certificates require both the server and the user to be validated.
disclosure, alteration, denial
(6) The three key threats to cybersecurity programs are ___, ___, and ___.
threat maps
(60) ___ ___ provide geographic view of threat intelligence.
Subject Alternative Name (SAN)
(600) ___ ___ ___ allows a certificate owner to specify additional domains and IP addresses to be supported. It is a digital certificate which allows multiple domains to be protected by a single certificate.
basic encoding rules (BER)
(602) ___ ___ ___ are the original ruleset governing the encoding of data structures for certificates where several different encoding types can be utilized.
canonical encoding rules (CER)
(603) ___ ___ ___ is a restricted version of the BER that only allows the use of only one encoding type.
distinguished encoding rules (DER)
(604) ___ ___ ___ is the restricted version of the BER which allows one encoding type and has more restrictive rules for length, character strings, and how elements of a digital certificate are stored in X.509.
key escrow
(605) ___ ___ is a trusted third-party storage solution providing backup source for cryptographic keys.
key recovery agent
(606) ___ ___ ___ is a specialized type of software that allows the restoration of a lost or corrupted key to be performed.
web trust
(607) ___ of ___ is a decentralized trust model that addresses issues associated with the public authentication of public keys within a CA-based PKI system.
certificate signing request (CSR)
(609) A ___ ___ ___ is what is submitted to the CA to request a digital certificate.
purging, sanitizing
(644) ___ or ___ is the act of removing data in such a way that it cannot be reconstructed using any known forensic techniques.
clearing
(645) ___ involves overwriting data once (and seldom more than three times) with repetitive data (such as all zeros) or resetting a device to factory settings
hypervisor
(327) In a virtualized datacenter, the virtual host hardware runs a special operating system known as a ___ that mediates access to the underlying hardware resources. It manages the distribution of the physical resources of a host machine (server) to the virtual machines being run (guests).
I
(328) Type ___ hypervisors referred to as "bare metal" operate directly on top of the underlying hardware.
II
(329) Type ___ hypervisors run as an application on top of an existing operating system. In this approach, the operating system supports the hypervisor and the hypervisor requests resources for each guest operating system from the host operating system.
file integrity monitoring
(356) ___ ___ ___ tools like Tripwire create a signature or fingerprint for a file, and then monitor the file and filesystem for changes to monitored files.
IPsec
(357) ___ is more than just a single protocol. It is an entire suite of security protocols used to encrypt and authenticate IP traffic. provides encryption, integrity, and authentication for data tunneled over virtual private networks (VPNs) across public networks.
authentication header (AH)
(358) ___ ___ uses hashing and a shared secret key to ensure integrity of data and validates senders by authenticating the IP packets that are sent.
obfuscation
(36) An alternative to de-identifying data is transforming it into a format where the original information cannot be retrieved, this is known as data ___.
on-path attack
(360) An ___ ___, sometimes call a man-in-the-middle attack, is an attack that occurs when an attacker causes traffic that should be sent to its intended recipient to be relayed through a system or device the attacker controls. Once the attacker has the traffic flowing through that system, they can eavesdrop or even alter the communications as they wish.
Domain Name System Security Extension (DNSSEC)
(361) ___ ___ ___ ___ ___ focuses on ensuring that DNS information is not modified or malicious, but it doesn't provide confidentiality like many of the other secure protocols. It uses digital signatures, allowing systems that query a DNSSEC-equipped server to validate that the server's signature matches the DNS record.
Simple Network Management Protocol, 3
(362) ___ ___ ___ ___ version ___ improves on previous versions of SNMP by providing authentication of message sources, message integrity validation, and confidentiality via encryption.
Secure Shell
(363) ___ ___ is a protocol used for remote console access to devices and is a secure alternative to telnet.
payment card industry data security standard (PCI DSS)
(448) The ___ ___ ___ ___ ___ ___ provides detailed rules about the storage, processing, and transmission of credit and debit card information.
National Institute, Standards, Technology (NIST)
(449) The ___ ___ for ___ and ___ is responsible for developing cybersecurity standards across the U.S. federal government.
hackivists
(45) ___ use hacking techniques to accomplish some activist goal. They might deface the website of a company whose policies they disagree with. Or they may attack a network due to some political issue.
International Organization, Standardization (ISO)
(450) The ___ ___ for ___ publishes a series of standards that offer best practices for cybersecurity and privacy.
threats
(451) ___ are any possible events that might have an adverse impact on the confidentiality, integrity, and/or availability of our information or information systems.
risks
(452) ___ occur at the intersection of a vulnerability and a threat that might exploit that vulnerability.
identifying process
(453) The risk ___ ___ requires identifying the threats and vulnerabilities that exist in your operating environment.
management
(454) Risk ___ is the process of systematically addressing the risks facing an organization.
mitigation
(455) Risk ___ is the process of applying security controls to reduce the probability and/or magnitude of risk.
avoidance
(456) Risk ___ is a risk management strategy where we change our business practices to completely eliminate the potential that a risk will materialize.
transference
(457) Risk ___ shifts some of the impact of a risk from the organization experiencing the risk to another entity.
acceptance
(458) Risk ___ is the final risk management strategy and it boils down to deliberately choosing to take no other risk management strategy and to simply continue operations as normal in the face of risk.
inherent
(459) The ___ risk facing an organization is the original level of risk that exists before implementing any controls.
cyber-dependent crime
(46) ___ ___, including ransomware, data compromise, distributed denial of service attacks, website defacement, and attacks against critical infrastructure.
residual
(460) The ___ risk is the risk that remains after an organization implements controls designed to mitigate, avoid, and/or transfer the inherent risk.
appetite
(461) An organization's risk ___ is the level of risk that it is willing to accept a cost of doing business.
owner
(463) A data ___ is a person responsible for the confidentiality, integrity, availability, and privacy of information assets and specific data. They are usually senior executives and somebody with authority and responsibility.
service pack
(496) ___ ___ are a tested, cumulative grouping of patches, hotfixes, security updates, critical updates, and possibly some feature or design changes.
windows
(497) ___ update are recommended updates to fix a noncritical problem that users have found, as well as to provide additional features or capabilities.
patch management
(499) ___ ___ is the process of planning, testing, implementing, and auditing of software patches.
security incidents
(5) ___ ___ occur when an organization experiences a breach of confidentiality, integrity, and/or availability of information or information systems.
cross-cutting crime factors
(50) ____ ____ ___, including social engineering, money mules, and the criminal abuse of cryptocurrencies.
banner grabbing
(567) ___ ___ is a technique used to gain information about servers and inventory the systems or services.
network sniffing
(568) ___ ___ is the process of finding and investigating other computers on the network by analyzing the network traffic or capturing the packets being sent.
protocol analyzers
(569) ___ ___ are software tools that allow for the capture, reassembly, and analysis of packets from the network.
indicators, compromise
(57) Threat intelligence sources may also provide ___ of ___. These are the telltale signs that an attack has taken place and may include file signatures, log patterns, and other evidence left behind by attackers.
baseline reporting
(571) ___ ___ is documenting and reporting on the changes in a baseline.
SYSLOG
(572) ___ is a standardized format used for computer message logging that allows for the separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. It uses port 514.
Write Once Read Many (WORM)
(573) ___ ___ ___ ___ technology like a DVD-R that allows data to be written only once but read unlimited times.
Control Objectives, Information, Related Technology (COBIT)
(646) ___ ___ for ___ and ___ ___ is a security framework that divides IT into four domains: Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate.
aircrack, ng
(709) ___-___ is a complete suite of wireless security assessment and exploitation tools that includes monitoring attacking, testing, and cracking of wireless networks.
Trusted Automated eXchange of Indicator Information (TAXII)
(71) ___ ___ ___ of ___ ___ is intended to allow cyber threat information to be communicated at the application layer via HTTPS. It is specifically designed to support STIX data exchange.
dereferencing
(710) ___ attempts to access a pointer that references an object at a particular memory location.
Autopsy
(760) ___ refers to an open-source forensics platform that allows to examine the contents of a hard drive or mobile device and recover evidence from it.
metasploit
(761) ___ is an exploitation framework that can be used by cybercriminals as well as ethical hackers to probe systematic vulnerabilities on networks and servers.
continuity, operations (COOP)
(762) ___ of ___ refers to a U.S. government initiative that provides the details on how to ensure continued performance of essential functions during unexpected events.
cryptographic (CE)
(763) The ___ erase method sanitizes a self-encrypting drive by erasing the media encryption key and then reimaging the drive.
secure (SE)
(764) A ___ erase is used to perform the sanitization of flash-based devices (such as SSDs or USB devices) when cryptographic erase is not available.
zero-fill
(765) The ___ method relies on overwriting a storage device by setting all bits to the value of zero.
Type I
(766) SOC ___ ___ is an audit/test/report that assesses the design of security processes at a specific point in time.
Industry information-sharing, collaboration (ISAC)
(767) ___ ___ and ___ groups are industry specific groups on sharing threat information (for example aviation or financial businesses).
threat hunting
(768) ___ ___ is a defensively activity where security personnel proactively search through a network and logs to isolate and detect advanced threats that would evade existing security mechanisms.
security orchestration, automation, response (SOAR)
(574) ___ ___, ___ and ___ is a class of security tools that facilitates incident response, threat hunting, and security configuration by orchestrating automated runbooks and delivering data enrichment.
international data encryption algorithm (IDEA)
(575) ___ ___ ___ ___ is a symmetric block cipher which uses 64-bit blocks to encrypt plaintext into ciphertext.
blowfish
(576) ___ is a symmetric block cipher that uses 64-bit blocks and a variable length encryption key to encrypt plaintext into ciphertext.
twofish
(577) ___ is a symmetric block cipher that replaced blowfish and uses 128-bit blocks and a 128-bit, 192-bit, or 256-bit encryption key to encrypt plaintext into ciphertext.
Rivest Cipher (RC4)
(578) ___ ___ ___ is a symmetric stream cipher and ONLY stream cipher using a variable key size from 40-bits to 2048-bits that is used in SSL and WEP.
Rivest Cipher (RC5)
(579) ___ ___ ___ is a symmetric block cipher with a key size up to 2048-bits.
Open Source (OSINT)
(58) ___ ___ threat intelligence is threat intelligence that is acquired from publicly available sources.
Rivest Cipher (RC6)
(580) ___ ___ ___ is a symmetric block cipher that was introduced as a replacement for DES but AES was chosen instead.
digital signature
(581) ___ ___ is a hash digest of a message encrypted with the sender's private key to let the recipient know the document was created and sent by the person claiming to have sent it.
Diffie-Hellman (DH)
(582) ___-___ used to conduct key exchanges and secure key distribution over an unsecure network. It is used for the establishment of a VPN tunnel using IPSec.
RSA
(583) ___ is an asymmetric algorithm that relies on the mathematical difficulty of factoring large prime numbers.
Elliptic Curve Cryptography (ECC)
(584) ___ ___ ___ is an algorithm that is based upon the algebraic structure of elliptic curves over finite fields to define the keys. Its heavily used in mobile devices.
pretty good privacy (PGP)
(585) ___ ___ ___ is an asymmetric encryption program used for signing, encrypting, and decrypting emails. The IDEA algorithm is used by PGP.
one time pad
(586) ___-___ ___ is a stream cipher that encrypts plaintext information with a secret random key that is the same length as the plaintext input. Every message is encrypted with a different shared key that only the two owners of the one-time use pad would know.
pseudo random number generator (PRNG)
(587) ___-___ ___ ___ is a simulated random number stream generated by a computer that is used in cryptography video games, and more.
Secure Hash Algorithm 1 (SHA-1)
(589) ___ ___ ___ ___ is an algorithm that creates a fixed-length 160-bit hash value unique to the input file.
closed-source
(59) Commerical security vendors, government organizations, and other security-centric organizations also create and make use of proprietary, or ___ intelligence.
credentialed
(769) A ___ scan means the vulnerability scanner can access the device and see how it is configured. This gives us a very detailed and accurate scan, with minimal risk, from the point of view of an inside threat actor.
stalkware
(77) Spyware is associated with identity theft and fraud, advertising and redirection of traffic, digital rights management (DRM) monitoring, and with ___, a type of spyware used to illicitly monitor partners in relationships.
credential stuffing
(770) ___ ___ involves getting a valid set of credentials from one location, and then trying them elsewhere to gain access.
captive portal
(771) A ___ ___ is a web page accessed with a web browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources.
permission propagation
(772) ___ ___ occurs when a technician sets permissions on a folder or a drive, and the folder properties apply those permissions to all of the folders under that folder in the tree. Inheritance occurs due to this.
exact data match (EDM)
(773) An ___ ___ ___ is a pattern matching technique that uses a structured database of string values to detect matches.
Federal Educational Rights, Privacy Act (FERPA)
(774) The ___ ___ ___ and ___ ___ of 1974 is a U.S. federal law that governs the access to educational information and records by public entities such as potential employers, publicly funded educational institutions and foreign governments.
sensitive personal information (SPI)
(775) ___ ___ ___ is information about a subject's opinions, beliefs, and nature afforded specially protected status by privacy legislation. This is information about an individual's race or ethnic origin.
escaping
(776) ___ is a secure coding technique that ensures that any system commands are not processed and executed as actual commands; instead, they are only recognized as text.
transitive access
(777) ___ ___ is a security issue that allows user access to pass through unexpectedly from one software component to another without proper authorization or access permissions.
scarcity
(84) ___ is used for social engineering in scenarios that makes something look more desirable because it may be the last one available.
familiarity
(85) ___-based attacks rely on you liking the individual or even the organization the individual is claiming to represent.
trust
(86) ___, much like familiarity, relies on a connection with the individual they are targeting.
phishing
(88) ___ is a broad term used to describe the fraudulent acquisition of information, often focused on credentials like usernames and passwords, as well as sensitive personal information like credit card numbers and related data.
smishing, vishing
(89) Phishing is most often done via email, but a wide range of phishing techniques exist, including things like ___, which is phishing via SMS (text) messages, and ___, or phishing via telephone.
denial
(9) ___ is the disruption of an authorized user's legitimate access to information.
spear phishing
(90) ___ ___ targets specific individuals or groups in an organization in an attempt to gather desired information or access.
whaling
(91) ___, much like spear phishing, targets specific people, but is aimed at senior employees like CEOs and CFOs-"big fish" in the company.
credential harvesting
(92) ___ ___ is the process of gathering credentials like usernames and passwords.
pharming
(93) ___ attacks redirect traffic away from legitimate websites to malicious versions. It typically requires a successful technical attack that can change DNS entries on a local PC or on a trusted local DNS server, allowing the traffic to be redirected.
typosquatting
(94) Typo squatters use misspelled and slightly off but similar to the legitimate site URLs to conduct ___ attacks. Typo squatters rely on the fact that people will mistype URLs and end up on their sites, thus driving ad traffic or even sometimes using the typo-based website to drive sales of similar but not legitimate.
watering hole
(95) Unlike pharming, ___ ___ attacks don't redirect users; instead, they use websites that targets frequent to attack them.
Secure Hash Algorithm 2 (SHA-2)
(590) ___ ___ ___ ___ is a family of algorithms that includes SHA-224, SHA-256, SHA-348, and SHA-512. SHA=256 is one of the most common hash algorithms used to ensure the data integrity of a file has not been altered.
Secure Hash Algorithm 3 (SHA-3)
(591) ___ ___ ___ ___ is a family of algorithms that creates hash digests between 224-bits and 512-bits.
DSA, RSA, ECDSA, or SHA
(592) Digital signatures use either ___, ___, ___, or ___.
Mimikatz
(593) ___ is a penetration testing tool used to automate the harvesting of hashes and conducting the Pass the Hash attack.
birthday attack
(594) ___ ___ is a technique used by an attacker to find two different messages that have the same identical hash digest.
hash collision
(595) A ___ ___ is a random match in hash values that occurs when a hashing algorithm produces the same hash value for two distinct pieces of data.
public key infrastructure (PKI)
(596) ___ ___ ___ is an entire system of hardware, software, policies, procedures, and people that is based on both symmetric and asymmetric encryption.
x.509
(597) ___ is the standard used PKI for digital certificates and contains the owner/user's information and the certificate authority's information. AES, PKCS, and SSL/TLS are all compatible with x.509
red, blue, white, purple
(142) When conducting a pen test exercise, ___ team members are the attackers who attempt to gain access to systems. ___ team members are the defenders who must secure systems and networks from the attack. ___ team members are the observers and judge. ___ team is a single team that does the offensive and defensive roles and collaborates throughout the pen-test.
feasibility/ planning
(144) The ___ phase is where initial investigations into whether the effort should occur are conducted. It also looks at alternative solutions and high-level costs for each solution proposed.
confidentiality
(2) ___ ensures that unauthorized individuals are not able to gain access to sensitive information.
nonrepudiation
(218) ___ provides assurance to the recipient that the message was originated by the sender and not someone masquerading as the sender.
cryptocurrency
(246) The first major application of blockchain is ___.
vertical
(300) ___ scalability requires a larger or more powerful system or device.
encapsulated security payload (ESP)
(359) ___ ___ ___ operates in either transport mode or tunnel mode. In tunnel mode, it provides integrity and authentication for the entire packet; in transport mode, it only protects the payload of the packet.
system logs
(412) ___ ___ include everything from service changes to permission issues. The Windows system log tracks information generated by the system while it is running.
processors
(466) Data ___ are service providers that process personal information on behalf of a data controller.
Port Address Translation (PAT)
(525) In ___ ___ ___ a router keeps track of requests from internal hosts by assigning them random high number ports for each request.
threat vectors, attack vectors
(55) Threat actors targeting an organization need some means to gain access to that organization's information or systems. ___ ___ are the means (resources) that threat actors use to obtain that access. ___ ___ is how we get to the machine and how we will affect it.
C
(550) Class ___ fires are electrical fires. They should be extinguished with a CO2 extinguisher labeled in blue.
D
(551) Class ___ fires are combustible metals or combustible metal alloys. These are labeled with yellow.
K
(552) Class ___ fires are cooking oils combustibles. They are labeled with black labels.
wet pipe sprinkler systems
(553) ___ ___ ___ ___ are pipes filled with water all the way to the sprinkler head and are just waiting for the bulb to be melted or broken.
dry pipe sprinkler system
(554) ___ ___ ___ ___ are pipes filled with pressurized air and only push water into the pipes when needed to combat the fire.
pre-action
(555) A ___ sprinkler system will activate when heat or smoke is detected.
cryptanalysis attack
(570) A ___ ___ compares a precomputed encrypted password to a value in a lookup table.
trojans
(63) ___ are a type of malware that is typically disguised as legitimate software. They rely on unsuspecting individuals running them, thus providing attackers with a path into a system or device.
public data
(630) ___ ___ has no impact to the company if released and is often posted in the open-source environment.
private data
(631) ___ ___ contains data that should only be used within the organization.
confidental data
(632) ___ ___ is the highest classification level that contains items such as trade secrets, intellectual property data, source code, and other types that would seriously affect the business if disclosed.
route print
(689) ___ ___ is a command-line in MS Windows used to display the contents of a routing table.
software defined networking (SDN), software defined visibility (SDV)
(740) ___ ___ ___ and ___ ___ ___refer to software technologies designed to simplify network infrastructure management.
federation
(741) An authentication subsystem in which a single set of authentication credentials provides access to multiple systems across different organizations is called ___.
tap
(742) A monitoring port on a network device is referred to as a ___.
pathping
(743) ___ is the command-line utility in MS Windows that combines the features of ping and tracert.
cuckoo
(744) ___ is an anti-malware tool that enables automated analysis of suspicious files in a sandbox environment.
head
(745) A Linux command that allows to display the beginning of a file (by default its first 10 lines) is ___.
tail
(746) ___ is a Linux command that displays the last part (by default its 10 last lines) of a file.
cat
(747) ___ is a command that allows to create, view, and concatenate files.
grep
(748) ___ is a Linux command-line command that enables searching files for lines containing a match to a given text pattern.
logger
(749) ___ is a Linux command that enables adding messages to the /var/log/syslog file.
fileless
(75) ___ virus attacks are similar to traditional viruses in a number of critical ways. They spread via methods like spam email and malicious websites, and they exploit flaws in browser plug-ins and web browsers themselves. They reside in RAM.
Windows PowerShell
(750) ___ ___ is a type of extended command-line shell and a scripting language designed to simplify administrative tasks in Microsoft Windows.
Python
(751) ___ refers to a cross-platform, general-purpose programming language.
OpenSSL
(752) ___ refers to a software library used to implement encrypted connections.
tcpreplay
(753) ___ is a command-line interface (CLI) packet-crafting tool.
wireshark
(754) ___ is a packet-capture utility but is not native to an OS.
WinHex
(755) ___ is a hexadecimal editor for the Windows family of operating systems.
memdump
(757) ___ is a forensic utility that enables the extraction of RAM contents.
authenticator apps
(803) ___ ___ are mobile applications that help you securely verify your identity, so only you or the people you trust can access apps and data.
static authentication
(804) ___ ___ uses a specific authenticator, such as a password or PIN. It is called static because the authenticator is reused multiple times and stays the same until you change it.
supervisory control and data acquisition (SCADA)
(805) ___ ___ ___ ___ ___ systems are used by industrial organizations and companies in the public and private sectors to control and maintain efficiency, distribute data for smarter decisions, and communicate system issues to help mitigate downtime.
Endpoint Detection, Response (EDR)
(806) ___ ___ and ___ is a software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.
Portable Operating System Interface (POSIX)
(807) ___ ___ ___ ___ is a family of standards specified by IEEE for maintaining compatibility among operating systems. Therefore, any software that conforms to these standards should be compatible with other operating systems that adhere to the standards.
rm
(833) The ___ command is used to delete one or more files or directories.
confidentiality, integrity, availability
(1) The three key objectives of cybersecurity programs are ___, ___, and ___.
usernames
(249) ___, the most commonly used means of claiming an identity.
compensating
(25) ___ controls are controls designed to mitigate the risk associated with expectations made to a security policy.
certificates
(250) ___ are digitally-signed electronic documents that bind a public key with a user's identity.
SSH keys
(252) ___ ___, which are cryptographic representations of identity that replace a username and password.
smartcards
(253) ___ use an embedded chip. Both contactless and physical chip reader-capable cards as well as hybrid cards are broadly deployed, and cryptographic smartcards often have the ability key pairs on the card itself.
Extensible Authentication Protocol (EAP)
(254) The ___ ___ ___ is an authentication framework that is commonly used for wireless networks. It is commonly used for wireless network authentication.
6
(294) RAID ___ is striping with double parity. Like RAID 5, but additional parity is stored on another drive. An advantage is like RAID 5. You need at least 4 drives.
horizontal
(301) ___ scaling uses smaller systems or devices but adds more of them.
signature
(346) ___-based detection relies on known hash or signature matching to detect a threat.
incident response policies
(403) ___ ___ ___ are commonly defined as part of building an IR capability.
program
(469) ___ viruses infect an executable or application.
53
(660) Domain Name System (DNS) uses port ___.
RIPEMD
(705) ___ creates a 160-bit fixed output.
anti-spam
(97) ___-___ software is used to prevent incoming e-mail spam.
Annualized Loss Expectancy (ALE)
(566) ___ ___ ___ is the expected cost of a realized threat over a given year. SLE x ARO equals this.
rainbow tables
(111) ___ ___ are an easily searchable database of precomputed hashes using the same hashing methodology as the captured password file. Thus, if you captured a set of passwords that were hashed using MD5, you could compare or even purchase a full set of passwords for most reasonable password lengths, and then simply look up the hashes of those passwords in the table.
password cracker
(112) If you have captured a password file, you can also use a ___ ___ against it. These like John the Ripper, attempt to crack passwords by trying brute-force and dictionary attacks against a variety of common password storage formats.
card cloning, skimming
(113) ___ ___ attacks focus on capturing information from cards like RFID and magnetic stripe cards often used for entry access. Attackers may also conduct ___ attacks that uses hidden or fake readers or social engineering and hand-held readers to capture cards, and then employ cloning tools to use credit cards and entry access cards for their own purpose.
supply chain
(114) ___ ___ attacks attempt to compromise devices, systems, or software before it even reaches the organization.
asset criticality
(115) Asset inventory and ___ ___ information helps guide decisions about the types of scans that are performed, the frequency of those scans, and the priority administrators should place on remediating vulnerabilities detected by the scan.
vulnerability management, vulnerability scanning
(116) ___ ___ programs play a crucial role in identifying, prioritizing, and remediating vulnerabilities in our environments. They use ___ ___ to detect new vulnerabilities in as they arise and then implement a remediation workflow that addresses the highest-priority vulnerabilities.
risk appetite
(117) The organization's ___ ___ is its willingness to tolerate risk within the environment.
regulatory requirements
(118) ___ ___, such as those imposed by the Payment Card Industry Data Security Standard (PCI DSS) or the Federal Information Security Management Act (FISMA), may dictate a minimum frequency for vulnerability scans.
technical
(119) ___ constraints may limit the frequency of scanning. For example, the scanning system may only be capable of performing a certain number of scans per day, and organizations may need to adjust scan frequency to ensure that all scans complete successfully.
reputational
(12) ___ risk occurs when the negative publicity surrounding a security breach causes the loss of goodwill among customers, employees, suppliers, and other stakeholders.
business
(120) ___ constraints may limit the organization from conducting resource-intensive vulnerability scans during periods of high business activity to avoid disruption of critical processes.
licensing limitations
(121) ___ ___ may curtail the bandwidth consumed by the scanner or the number of scans that may be conducted simultaneously.
Security Content Automation Protocol (SCAP)
(122) The ___ ___ ___ ___ is an effort by the security community, led by the National Institute of Standards and Technology (NIST), to create a standardized approach for communicating security-related information. They use a National Vulnerability Database (NVD).
Common Configuration Enumeration (CCE)
(123) ___ ___ ___ provides a standard nomenclature for describing system configuration issues.
Common Platform Enumeration (CPE)
(124) ___ ___ ___ provides a standard nomenclature for describing product names and versions.
Common Vulnerabilities, Exposures (CVE)
(125) ___ ___ and ___ provides a standard nomenclature for describing security-related software flaws.
Common Vulnerability Scoring System (CVSS)
(126) ___ ___ ___ ___ provides a standardized approach for measuring and describing the severity of security-related software flaws. It allows responders to prioritize the responses and better manage resources. Scores are calculated by a formula that uses several metrics, including complexity and severity.
Extensible Configuration Checklist Description Format (XCCDF)
(127) ___ ___ ___ ___ ___ is a language for specifying checklists and reporting checklist results. It is a specification language for writing security checklists, benchmarks, and related kinds of documents.
Open Vulnerability, Assessment Language (OVAL)
(128) ___ ___ and ___ ___ is a language for specifying low-level testing procedures used by checklists.
known environment
(129) ___ ___ penetration testing is performed in the testing cycle after the code is generated.
strategic
(13) ___ risk is the risk that an organization will become less effective in meeting its major goals and objectives as a result of the breach.
static
(130) ___ testing analyzes codes without executing it. This approach points developers directly at vulnerabilities and often provides specific remediation suggestions.
static, dynamic, interative
(131) Application testing occurs using three techniques: ___ testing, ___ testing, and ___ testing.
dynamic
(132) ___ testing executes code as part of the test, running all the interfaces that the code exposes to the user with a variety of inputs, searching for vulnerabilities.
interactive
(133) ___ testing combines static and dynamic testing, analyzing the source code while testers interact with the application through exposed interfaces.
true positive, false positive, false negative, true negative
(134) An attack and an alarm is a ___ ___. No attack and an alarm is a ___ ___. An attack and no alarm is a ___ ___. No attack and no alarm is a ___ ___.
white, box
(135) ___-___ tests, also referred to as known environment tests, are tests performed with full knowledge of the underlying technology, configurations, and settings that make up the target.
black, box
(136) ___-___ tests, also referred to as unknown environment tests, are intended to replicate what an attacker would encounter.
gray, box
(137) ___-___ tests may provide information about the environment to the penetration testers without giving full access, credentials, or configuration details. This test can help focus penetration testers time and effort while also providing a more accurate view of what an attacker would actually encounter.
war driving, war flying
(138) One common goal of penetration testers is to identify wireless networks that may present a means of gaining access to an internal network of the target without gaining physical access to the facility. Testers use a technique called ___ ___, where they drive by facilities in a car equipped with high-end antennas and attempt to eavesdrop on or connect to wireless networks. Recently, testers have expanded this approach to the use of drones and unmanned aerial vehicles (UAVs) in a technique called ___ ___.
privilege escalation
(139) ___ ___ uses hacking techniques to shift from the initial access gained by the attacker to move advanced privileges, such as root access on the same systems. System/application misconfiguration and system/application vulnerability facilitate this.
operational
(14) ___ risk is risk to the organization's ability to carry out its day-to-day functions.
pivoting, lateral movement
(140) ___, or ___ ___, occurs as the attacker uses the initial system compromise to gain access to other systems on the target network.
persistence
(141) Attackers establish ___ on compromised networks by installing backdoors and using other mechanisms that will allow them to regain access to the network, even if the initial vulnerability is patched.
Software Development Life Cycle (SDLC)
(143) ___ ___ ___ ___ describes the steps in a model for software development throughout its life. It maps software creation from an idea to requirements gathering and analysis to design, coding, testing, and rollout. The phases are planning, requirements, design, coding, testing, training and transition, and ongoing operations and maintenance. End of life decommissioning is the last phase.
analysis, requirements definition
(145) Once an effort has been deemed feasible, it will typically go through an ___ and ___ ___ phase. In this phase customer input is sought to determine what the desired functionality is, what the system or application currently does and what it doesn't do, and what improvements are desired.
design
(146) In the SDLC, the ___ phase includes design for functionality, architecture, integration points and techniques, dataflows, business processes, and any other elements that require design consideration.
development, unit testing
(147) The actual coding of the application occurs during the ___ phase. This phase may involve testing of parts of the software, including ___ ___, the testing of small components individually to ensure they function properly.
testing, integration, user acceptance testing (UAT)
(148) Although some testing is likely to occur in the development phase, formal testing with customers or others outside of the development team occurs in the ___ and ___ phase. Individual units or software components are integrated and then tested to ensure proper functionality. In addition, connections to outside services, data sources, and other integration may occur during this phase. During this phase ___ ___ ___ occurs to ensure that the users of the software are satisfied with its functionality.
training, transition
(149) The important task of ensuring that the end users are trained on the software and that the software has entered general use occurs in the ___ and ___ phase. This phase is sometimes called the acceptance, installation, and deployment phase.
compliance
(15) ___ risk occurs when a security breach causes an organization to run afoul of legal or regulatory requirements.
ongoing operations, maintenance
(150) Once a project reaches completion, the application or service will enter what is usually the longest phase: ___ ___ and ___. This phase includes patching, updating, minor modifications, and other work that goes into daily support.
disposition
(151) The ___ phase occurs when a product or system reaches the end of life.
development
(152) The ___ environment is typically used for developers or other "builders" to do their work.
test, quality assurance
(153) The ___ environment is where the software or systems can be tested without impacting the production environment. ___ ___ activities take place in this environment.
staging
(154) The ___ environment is a transition environment for code that has successfully cleared testing and is waiting to be deployed into production.
production
(155) The ___ environment is the live system. Software, patches, and other changes that have been tested and approved move here.
waterfall
(156) The ___ methodology is a sequential model in which each phase is followed by the next phase.
spiral
(157) The ___ model uses the linear development concepts from the waterfall model and adds an iterative process that revisits four phases multiple times during the development life cycle to gather more detailed requirements, design functionality guided by the requirements, and build based on the design.
agile
(158) ___ software development is an iterative and incremental process, rather than the linear processes that waterfall and spiral use.
DevOps, toolchains
(159) ___ combines software development and IT operations with the goal of optimizing the SDLC. This is done by using collections of tools called ___ to improve the coding, building and test, packaging, release, configuration and configuration management, and monitoring elements of a SDLC.
security
(16) ___ controls are specific measures that fulfill the security objectives of an organization.
operational
(18) ___ are security controls that are primarily implemented and executed by people (as opposed to systems). These include user access reviews, log monitoring, and vulnerability management.
Continuous Integration (CI), Continuous Development (CD)
(160) ___ ___ is a development practice that checks code into a shared repository on a consistent ongoing basis. Since it relies on an automated build process, it also requires automated testing. It is also often paired with ___ ___, which rolls out tested changes into production automatically as soon as they have been tested.
continuous validation, continuous monitoring
(161) Using continuous integration and continuous development methods requires building ___ ___ and automated security testing into the pipeline testing process. It can result in new vulnerabilities being deployed into production and could allow an untrusted or rogue developer to insert flaws into code that is deployed and then remove the code as part of a deployment in the next cycle. This means that logging, reporting, and ___ ___ must all be designed to fit the CI/CD process.
Open Web Application Security Project (OWASP)
(162) One of the best resources for secure coding practices is the ___ ___ ___ ___ ___. It is the home of a broad community of developers and security practitioners, and it hosts many community-developed standards, guides, and best practice documents, as well as a multitude of open-source tools.
Application Programming Interface (API)
(163) ___ ___ ___ are interfaces between clients and servers or applications and operating systems that define how the client should ask for information from the server and how the server will respond.
pair programming
(164) ___ ___ is an agile software development technique that places two developers at one workstation. One developer writes the code, while the other developer reviews their code as they write it.
static code, dynamic code
(165) ___ ___ analysis is conducted by reviewing the code for an application. Unlike many other methods, it does not run the program; instead, it focuses on understanding how the program is written and what the code is intended to do. ___ ___ analysis relies on execution of the code while providing it with input to test the software.
fuzz, fuzzing
(166) ___ testing, or ___, involves sending invalid or random data to an application to test its ability to handle unexpected data. The application is monitored to determine if it crashes, fails, or responds in an incorrect manner.
injection vulnerabilities
(167) ___ ___ are among the primary mechanisms that attackers use to break through a web application and gain access to the systems supporting that application. These vulnerabilities allow an attacker to supply some type of code to the web application as input and trick the web server into either executing that code or supplying it to another server to execute.
command injection
(168) ___ ___ is an attack in which the goal is to execute arbitrary commands on the host operating system via a vulnerable application.
blind content-based
(169) In a ___ ___ SQL injection attack, the perpetrator sends input to the web application that tests whether the application is interpreting injected code before attempting to carry out the attack.
technical
(17) ___ are security controls that the computer system executes. Examples of these security controls include firewall rules, access control lists, intrusion prevention systems, and encryption.
LDAP injection attack, XML injection attack, DLL injection attack
(170) Attackers might embed commands in text being sent as part of a LDAP query, conducting an ___ ___ ___. They may also attempt to embed code in Extensible Markup Language documents, conducting an ___ ___ ___. Commands may even attempt to load dynamically linked libraries containing malicious code in a ___ ___ ___.
session hijacking
(171) ___ ___ attacks take a different approach by stealing an existing authenticated session. These attacks don't require that the attacker gain access to the authentication mechanism, instead they take over an already authenticated session with a website.
man-in-the-middle, session replay
(172) In a ___ attack, the attacker fools the user into thinking that the attacker is actually the target website and presenting a fake authentication form. They may then authenticate to the website on the user's behalf and obtain the cookie. Once the attacker has the cookie, they may perform cookie manipulation to alter the details sent back to the website or simply use the cookie as the badge required to gain access to the site. This is known as a ___ ___ attack.
pass the hash
(173) The NTLM ___-___-___ attack is another form of replay attack that takes place against the operating system rather than a web application. It is a technique that allows an attacker to authenticate to a remote server without extracting cleartext password from a digest.
Structured Threat Information eXpression (STIX)
(174) ___ ___ ___ ___ is an XML language originally sponsored by the U.S. Department of Homeland Security. In its current version, 2.0, it defines 12 domain objectives, including things like attack patterns, identities, malware, threat actors, and tools.
secure cookies
(175) Web developers can protect against cookie theft marking cookies with the SECURE attribute. ___ ___ are never transmitted over unencrypted HTTP connections.
directory traversal
(176) A ___ ___ is an HTTP attack that allows attackers to access restricted directories and execute commands outside the web server's root directory.
file inclusion
(177) ___ ___ attacks take directory traversal to the next level. Instead of simply retrieving a file from the local operating system and displaying it to the attacker, file inclusion attacks usually execute the code contained within a file, allowing the attacker to fool the web server into executing arbitrary code.
local file
(178) ___ ___ inclusion attacks seek to execute code stored in a file located elsewhere on the web server. They work in a manner very similar to a directory traversal attack.
remote file
(179) ___ ___ inclusion attacks allow the attacker to go a step further and execute code that is stored on a remote server. These attacks are especially dangerous because the attacker can directly control the code being executed without having to first store a file on the local server.
spyware
(76) ___ is malware that is designed to obtain information about an individual, organization, or system.
Cross, Site Scripting (XSS)
(182) ___-___ ___ attacks occur when web applications allow an attacker to perform HTML injection, inserting their own HTML code into a web page. It involves a trusted site, a client browsing the trusted site, and the attacker's site. It exploits the trust a user's web browser has in a website, it is a malicious script injected into a trusted website, and the user's browser executes attacker's script.
request forgery
(183) ___ ___ attacks exploit trust relationships and attempt to have users unwittingly execute commands against a remote server.
cross, site request forgery (XSRF)
(184) ___-___ ___ ___ attacks exploit the trust a website has in the user's web browser. It is tricked by an attacker into submitting unauthorized web requests. The website executes attacker's requests.
server, side request forgery (SSRF)
(185) ___-___ ___ ___ attacks allow an attacker to take control over a server and use it as a proxy for unauthorized actions.
input validation
(186) ___ ___ means that programmers have written code that validates the information being received from a user matches specific format or range of values.
input whitelisting
(187) The most effective form of input validation uses ___ ___, in which the developer describes the exact type of input that is expected from the user and then verifies that the input matches that specification before passing the input to other processes or servers.
input blacklisting
(188) Developers might develop ___ ___ to control user input. With this approach, developers do not try to explicitly describe acceptable input but instead describe potentially malicious input that might be blocked.
web application firewalls (WAF)
(189) ___ ___ ___ also pay an important role in protecting web applications against attack. These sit in front of a web server and receives all network traffic headed to that server. This prevents malicious traffic from ever reaching the web server and acts as an important component of a layered defense against web application vulnerabilities.
managerial
(19) ___ controls are procedural mechanisms that focus on the mechanics of the risk management process. Examples of administrative controls include periodic risk assessments, security planning exercises, and the incorporation of security into the organization's change management, service acquisition, and project management practices.
database normalization
(190) ___ ___ is the process of removing redundant entries from a database.
data exposure, data minimizaiton
(191) Maintaining sensitive personal information in databases exposes an organization to risk in the event that information is stolen by an attacker. Database administrators should take measures to protect against ___ ___. ___ ___ is the best defense.
hashing, salting
(192) ___ uses a cryptographic hash function to replace sensitive identifiers with an irreversible alternative identifier. ___ these values with a random number prior to hashing them makes these hashed values resistant to a type of attack known as a rainbow table attack.
code signing
(193) ___ ___ provides developers with a way to confirm the authenticity of their code to end users. Developers use a cryptographic function to digitally sign their code with their own private key and then browsers can use the developer's public key to verify that signature and ensure that the code is legitimate and was not modified by unauthorized individuals.
code repositories
(194) ___ ___ are centralized locations for storage and management of application source code. The main purpose of this is to store the source files used in software development in a centralized location that allows for secure storage and the coordination of changes among multiple developers.
version control
(195) Code repositories also perform ___ ___, allowing the tracking of changes and the rollback of code to earlier versions when required. Code repositories perform the housekeeping work of software development, making it possible for many people to share work on a large software project in an organized fashion.
dead code
(196) Code repositories also help avoid the problem of ___ ___, where code is in use in an organization but nobody is responsible for the maintenance of that code, and, in fact, nobody may even know where the original source files reside.
elasticity
(197) ___ goes a step further than scalability and says that applications should be able to automatically provision resources to scale when necessary and then automatically deprovision those resources to reduce capacity (and cost) when it is no longer needed.
error handling
(198) Developers must anticipate unexpected situations and write ___ ___ code that steps in and handles these situations in a secure fashion.
backdoor
(199) In some cases, developers may include usernames and passwords in source code. There are two variations on this error. First, the developer may create a hard-coded maintenance account for the application that allows the developer to regain access even if the authentication system fails. This is known as a ___ vulnerability and is problematic because it allows anyone who know the backdoor password to bypass normal authentication and gain access to the system.
preventive
(20) ___ controls intend to stop a security issue before it occurs. Firewalls and encryption are examples of these controls.
resource exhaustion
(200) One of the issues that we need to watch for with memory or any other limited resource on a system is ___ ___. Whether intentional or accidental, systems may consume all of the memory, storage, processing time, or other resources available to them, rendering the system disabled or crippled for other uses.
memory leaks
(201) ___ ___ are one example of resource exhaustion. It is a situation in which an application fails to properly release memory allocated to it or continually requests more memory than required.
memory pointers
(202) ___ ___ can also cause security issues. Pointers are a commonly used concept in application development. They are simply an area of memory that stores an address of another location in memory.
buffer overflow
(203) ___ ___ attacks occur when an attacker manipulates a program into placing more data into an area of memory than is allocated for that program's use. The goal is to overwrite other information in memory with instructions that may be executed by a different process running on the system. It relies on overwriting contents of memory to cause unpredictable results in an application.
race conditions, time, check, time, use (TOCTTOU)
(204) ___ ___ occur when the security of a code segment depends upon the sequence of events occurring within the system. The ___-of-___-to-___-of-___ issue is a race condition that occurs when a program checks access permissions too far in advance of a resource request.
device drivers, refactoring
(205) ___ ___ play an important role in computing. They serve as the software interface between hardware devices and the operating system. They are the reason that you can use almost any printer from a wide variety of manufacturers with Windows or any other operating system. One way that attackers might do this is by ___ an existing driver. Refactoring is the practice of modifying an application's code without changing its external behavior.
shimming
(206) Attackers without access to the driver source code can use a technique called ___. This takes a legitimate driver and wraps a malicious driver around the outside of it. It alters the external behavior of an application and at the same time does not introduce any changes to the application's code.
crytpography
(207) ___ is the practice of encoding information in a manner that it cannot be decoded without access to the required decryption key.
encryption, decryption
(208) Cryptography consists of two main operations: ___, which transforms plain-text information into ciphertext using a key, and ___, which transform ciphertext back into plain text using another key.
nonrepudation
(209) ___ ensures that individuals can prove to a third party that message came from its purported sender.
detective
(21) ___ controls identify security events that have already occurred. Intrusion detection systems are an example of these controls.
cipher, ciphering, substitution, transposition
(210) A ___ is a method used to scramble or obfuscate characters to hide their value. ___ is the process of using a cipher to do that type of scrambling to a message. Two primary types of nonmathematical cryptography are ___ and ___.
substitution cipher, Ceaser cipher
(211) A ___ ___ is a type of coding or ciphering system that changes one character or symbol into another. One of the oldest known of these ciphers is called the ___ ___.
polyaphabetic, Vigenere
(212) One of the problems with substitution ciphers is that they did not change the underlying letter and word frequency of the text. One way to combat this was to have multiple substitution alphabets for the same message. Ciphers using this approach are known as ___ substitution ciphers. For example, you might shift the first letter by three to the right, the second letter by two to the right, and the third letter by one to the left. The most famous example is the ___ cipher.
transposition
(213) A ___ cipher involves transporting or scrambling the letters in a certain manner. Typically, a message is broken into blocks of equal size, and each block is then scrambled.
Steganography
(214) ___ is the art of using cryptographic techniques to embed secret messages within another file. These work by making alterations to the least significant bit of the many bits that make up image files.
symmetric
(215) ___ cryptosystems use a shared secret key available to all users of the cryptosystem.
asymmetric
(216) ___ cryptosystems use individual combinations of public and private keys for each user of the system.
Obfuscation
(217) ___ is a concept closely related to confidentiality. It is the practice of making it intentionally difficult for humans to understand how code works.
keys, key space, key length
(219) All cryptographic algorithms rely on ___ to maintain their security. Every algorithm has a specific ___ ___. This is the range of values that are valid for use as a key for a specific algorithm. A key space is defined by its ___ ___. It is nothing more than the number of binary bits in the key.
corrective
(22) ___ controls remediate security issues that have already occurred. Restoring backups after a ransomware attack is an example of these controls. Fire-activated sprinkler systems, and software patches.
block
(220) ___ ciphers operate on "chunks", or blocks, of a message and apply the encryption algorithm to an entire message block at the same time. Transposition ciphers are an example of these.
stream
(221) ___ ciphers operate on one character or bit of a message at a time. The Caesar cipher is an example of these.
private key
(222) Symmetric key cryptography can also be called secret key cryptography and ___ ___ cryptography.
public key
(223) Asymmetric key algorithms, also known as ___ ___ algorithms, provide a solution to the weaknesses of symmetric key encryption. In these systems, each user has two keys: a public key, which is shared with all users, and a private key, which is kept secret and known only by the owner of the keypair.
DES, 3DES, IDEA, AES, Blowfish, Twofish, RC4, RC5, RC6 Diffie-Hellman, RSA, PGP, Elliptic Curve Cryptography
(224) ___, ___, ___, ___, ___, ___, ___ and ___ are examples of symmetric algorithms. ___-___, ___, ___ and ___ ___ ___ are examples of asymmetric algorithms.
digital certificates
(225) ___ ___ provide communicating parties with the assurance that the people they are communicating with truly are who they claim to be.
homomorphic encryption
(247) ___ ___ technology allows encrypting data in a way that preserves the ability to perform computation on that data.
quantum computing
(248) ___ ___ is an emerging field that attempts to use quantum mechanisms to perform computing and communication tasks.
certificate authorities (CA)
(226) ___ ___ are the glue that binds the public key infrastructure together. These neutral organizations offer notarization services for digital certificates. It is a type of trusted third party that issues digital certificates used for creating digital signatures and public-private key pairs. They accept requests for digital certificates, and authenticate the entity making the request.
registration authorities (RA)
(227) ___ ___ assist CAs with the burden of verifying users' identities prior to issuing digital certificates. They ensure the user is allowed to receive a certificate.
offline, root certificate, online, intermediate
(228) Certificate authorities must carefully protect their own private keys to preserve their trust relationships. To do this, they often use an ___ CA to protect their ___ ___, the top-level certificate for their entire PKI. This offline CA is disconnected from networks and powered down until it is needed. The offline CA uses the root certificate to create subordinate ___ CAs that serve as the ___ CAs used to issue certificates on a routine basis.
certificate chaining
(229) In the CA trust model, the use of series of intermediate CAs is known as ___ ___. To validate a certificate, the browser verifies the identity of the intermediate CA(s) first and then traces the path of trust back to a known root CA, verifying the identify of each link in the chain of trust.
deterrent
(23) ___ controls seek to prevent an attacker from attempting to violate security policies. Vicious guard dogs and barbed wire fences are examples of these controls.
self, signed, certificates
(230) Certificate authorities do not need to be third-party service providers. Many organizations operate internal CAs that provide ___-___ ___ for use inside an organization.
cryptovariables
(231) Cryptographic keys are sometimes referred to as ___.
key exchange
(232) ___ ___ is the secure distribution of the secret keys required to operate the algorithms.
message digest
(233) Hash functions have a very simple purpose- they take a potentially long message and generate a unique output value derived from the content of the message. This value is commonly referred to as the ___ ___. These can be generated by the sender of a message and transmitted to the recipient along with the full message for two reasons.
Hashed Message Authentication Code (HMAC)
(234) The ___ ___ ___ ___ algorithm implements a partial digital signature-it guarantees the integrity of a message during transmission, but it does not provide for nonrepudiation.
enrollment, certificate signing request (CSR)
(235) When you want to obtain a digital certificate, you must first prove your identity to the CA in some manner; this process is called ___. Once you've satisfied the certificate authority regarding your identity, you provide them with your public key in the form of a ___ ___ ___.
domain validation certificates
(236) Certificate authorities issue different types of certificates depending upon the level of identity verification that they perform. The simplest, and most common, certificates are ___ ___ ___, where the CA simply verifies that the certificate subject has control of the domain name.
extended validation certificates
(237) ___ ___ ___ provide a higher level of assurance and the CA takes steps to verify that the certificate owner is a legitimate business before issuing the certificate.
verify, certificate revocation list (CRL), online certificate status protocol (OCSP)
(238) When you receive a digital certificate from someone with whom you want to communicate, you ___ the certificate by checking the CA's digital signature using the CA's public key. Next, you must check and ensure that the certificate was not revoked using a ___ ___ ___ or the ___ ___ ___ ___.
certificate pinning
(239) ___ ___ refers to a deprecated security mechanism designed to defend HTTPS websites against impersonation attacks performed with the use of fraudulent digital certificates.
physical
(24) ___ controls are security controls that impact the physical world. Examples of these security controls include fences, perimeter lighting, locks, fire suppression systems, and burglar alarms.
certificate stapling
(240) ___ ___ allows for checking digital certificate revocation status without contacting Certificate Authority (CA).
downgrade attack
(241) A ___ ___ is sometimes used against secure communications such as TLS in an attempt to get the user or system to inadvertently shift to less secure cryptographic modes. The idea is to trick the user into shifting to a less secure version of the protocol, one that might be easier to break.
rainbow table, salting
(242) ___ ___ attacks attempt to reverse hashed password value by recomputing the hashes of common passwords. The attacker takes a list of common passwords and runs them through the hash function to generate the table. The most common approach to preventing these attacks is ___, which adds a randomly generated value to each password prior to hashing.
key stretching
(243) ___ ___ is used to create encryption keys from passwords in a strong manner. These algorithms use thousands of iterations of salting and hashing to generate encryption keys that are resilient against attack.
Tor, perfect forward secrecy
(244) ___, formerly known as The Onion Router, provides a mechanism for anonymously routing traffic across the Internet using encryption and a set of relay nodes. It relies upon a technology known as ___ ___ ___, where layers of encryption prevent nodes in the relay chain from reading anything other than the specific information they need to accept and forward the traffic. It prevents the situation where a compromise of one secret key or message leads to a compromise of previous confidential messages.
blockchain
(245) The ___ is, in its simplest description, a distributed and immutable public ledger. This means that it can store records in a way that distributes those records among many different systems located around the world and do so in manner that prevents anyone from tampering with those records. It creates a data store that nobody can tamper with or destroy.
Challenge Handshake Authentication Protocol (CHAP)
(255) ___ ___ ___ ___ is an authentication protocol designed to provide more security than protocols like PAP (Password Authentication Protocol). It uses an encrypted challenge and three-way handshake to send credentials. It periodically re-authenticates client at random intervals to prevent session hijacking.
Password Authentication Protocol (PAP)
(256) ___ ___ ___ is a password-centric authentication protocol that was commonly used with the Point-to-Point Protocol (PPP) to authenticate users. It refers to an obsolete authentication protocol that sends passwords in cleartext. A username and password are used as part of this authentication system.
RADIUS (Remote Authentication Dial-In User Service)
(257) ___ is one of the most common authentication, authorization, and accounting (AAA) systems for network devices, wireless networks, and other services. It is primarily used to manage remote and wireless authenticaiton infrastructure and network access. It combines authentication and authorization. Encrypts only the password in the access-request packet.
Terminal Access Controller Access Control System Plus (TACACS+)
(258) ___ ___ ___ ___ ___ ___ ___ uses TCP traffic to provide authentication, authorization, and accounting services. It provides full-packet encryption as well as granular command controls, allowing individual commands to be secured as needed. It encrypts the entire payload of the access-request packet. It is primarily used for device administration. It separates authentication and authorization.
Kerberos
(259) ___ assigns a unique encrypted key, called a ticket, to each user that logs on to the network.
at rest
(26) Data ___ ___ is stored data that resides on hard drives, tapes, in the cloud, or on other storage media. This data is prone to pilfering by insiders or external attackers who gain access to systems and are able to browser through their contents.
Security Assertion Markup Language (SAML) identity provider (IdP) identity service provider (SP), relying parties (RP)
(260) ___ ___ ___ ___ is an XML-based open standard for exchanging authentication and authorization information. It is often used between identity providers and service providers for web-based applications. It is a solution for providing SSO and federated identity management. The ___ ___ provides the validation of the user's ___. It allows a ___ ___ to establish a trust relationship with an identity provider so that the SP can trust the identity of a user without the user having to authenticate directly with the SP. ___ ___ provide services to members of a federation.
OpenID
(261) ___ is an open standard for authentication. Identity providers can be leveraged for third-party sites using established identities.
OAuth
(262) ___ is an open standard for authorization used by many websites. It provides a method for users to determine what information to provide to third-party applications and sites without sharing credentials.
single sign-on (SSO)
(263) ___ ___ systems allow a user to log in with a single identity and then use multiple systems or services without reauthenticating.
directory services
(264) ___ ___ are used in networks to provide information about systems, users, and other information about an organization.
Lightweight Directory Access Protocol (LDAP)
(265) Directory services like the ___ ___ ___ ___ are commonly developed as part of an identity management infrastructure and offer hierarchically organized information about the organization. It uses a client-server model for mutual authentication.
multifactor authentication, know, have, are
(266) One way to ensure that a single compromised factor like a password does not create undue risk is to use ___ ___. There are three major types of factors: something you ___, something you ___, or something you ___.
one-time passwords
(267) A common implementation of a second factor is the use of ___ ___.
time-based one-time passwords (TOTP), HMAC-based one-time password (HOTP)
(268) There are two primary models for generation of one-time password passwords. The first is ___ ___ ___.These are passwords allow users to log in to a system with a username and password combination and then a one-time token, generally generated from a separate device. They are computed from a shared secret and current time, it is not vulnerable to replay attacks, and it is valid for only one login session. The other is a ____ ___ ___. A password is based on a cryptographic hash function and a secret cryptographic key, it is valid for only one login session, and not vulnerable to replay attacks.
fingerprints, retina scanning, iris recognition, facial recognition, voice recognition, vein recognition, gait analysis
(269) Biometric factors are an example of "something you are" factor. ___, which check the unique patterns of ridges and valleys on your fingertips using either optical, ultrasonic, or captative scanners. ___ ___ uses the unique patterns of blood vessels in the retina to tell users apart. ___ ___ systems use pattern recognition and infrared imaging to uniquely identify an individual's eyes. ___ ___ techniques match specific features to an original image in a database. ___ ___ systems rely on patterns, rhythms, and the sounds of user's voice itself to recognize the user. ___ ___ uses scanners that can see the pattern of veins, often in a user's finger. ___ ___ measures how a person walks to identify them.
in motion
(27) Data ___ ___ is data that is in transit over a network. When data travels over an untrusted network, it is open to eavesdropping attacks by anyone with access to those networks.
false rejection, false acceptance
(270) ___ ___ errors mean that a legitimate biometric measure was presented, and the system rejected it. ___ ___ occurs when a biometric factor is presented and is accepted when it shouldn't be.
password key
(271) For individuals, one option that provides high level of security is a ___ ___. These are hardware devices that support things like one-time passwords, public key cryptography for security certificates, and various security protocols like FIDO and Universal 2 Factor.
password vaults
(272) ___ ___ are another common solution for authentication management. They are software solutions that store, manage, and secure passwords and other information.
Trusted Platform Module (TPM)
(273) Computers also have the ability to have built in or add-on security modules like the ___ ___ ___ standard. These modules or chips have a built-in crypto processor used to store RSA key pairs protected by a password set by the system owner. These modules can help prevent unauthorized changes to firmware and software as part of a trusted or secure boot process.
Hardware Security Modules (HSM)
(274) A final option you should be aware of is use of ___ ___ ___. HSMs integrate crypto processors to securely create, store, and manage encryption keys; provide encryption and decryption services; and perform other cryptographic processing in a secure way. They provide an effective way to manage encryption keys. These hardware devices store and manage encryption keys in a secure manner that prevents humans from ever needing to work directly with the keys.
attribute-based attribute control (ABAC)
(275) ___ ___ ___ relies on policies that are driven by attributes of the users. It is dynamic and context-aware using IF-THEN statements. It provides the most detailed and explicit type of access control over a resource because it is capable of making access decisions based on a combination of subject and object attributes, as well as context-sensitive or system-wide attributes.
Discretionary Access Control (DAC)
(276) ___ ___ ___ is an access control model based on user identity. Every object has an owner who at his/her own discretion determines what kind of permissions other users can have to that object.
role-based access control (RBAC)
(277) ___ ___ ___ systems rely on roles that are then matched with privileges that are assigned to those roles. An example is group-based access control in MS Windows environments.
rule-based access control
(278) ___ ___ ___ is applied using a set of rules, or access control lists, that apply to various objects or resources. When an attempt is made to access an object, the rule is checked to see if the access is allowed. A common example is an ACL.
mandatory access control (MAC)
(279) ___ ___ ___ systems rely on the operating system to enforce control as set by a security policy administrator. Labels and clearance levels can only be applied and changed by an administrator. It provides the strongest level of protection.
in processing
(28) Data ___ ___ is data that is actively in use by a computer system. This includes data stored in memory while processing takes place. An attacker with control of the system may be able to read the contents of memory and steal sensitive information.
privileged access management (PAM)
(280) ___ ___ ___ is the set of controls, tools, and processes used to handle privileges for elevated accounts and rights. These tools focus on ensuring that the concept of least privilege is maintained by helping administrators specify only the minimum set of privileges needed for a role or task.
conditional access
(281) ___ ___ describes the process of testing the security state of devices and users before allowing access to data, networks, or other resources. An advantage is that it does not simply look for permissions to provide access control. Instead, you need to have both the permissions or rights to access an object and a system or device that is sufficiently secure or trusted to access the object as well.
filesystem controls
(282) ___ ___ determine which accounts, users, groups, or services can perform actions like reading, writing, and executing files.
redundancy
(283) One of the most common ways to build resilience is through ___- in other words, having more than one of a system, service, device, or other component.
load balancers
(284) ___ ___, which make multiple systems or services appear to be a single resource, allowing both redundancy and increased ability to handle loads by distributing it to more than one system.
NIC teaming, redundant network interface cards
(285) ___ ___, which combines multiple network cards into a single virtual network connection. ___ ___ ___ ___ are also used to ensure connectivity in situations where a system's availability is important and multiple systems cannot be reasonably used.
uninterruptible power supply (UPS)
(286) Protection of power, through the use of ___ ___ ___ systems that provide battery or other backup power options for short periods of time.
power conditioner
(287) A ___ ___ helps provide consistent and clean power.
power distribution units
(288) ___ ___ ___ are also used to provide intelligent power management and remote control of power delivered inside server stacks and other environments.
hot, cold
(289) ___ and ___ aisles create a constant flow of air circulation to prevent buildup of heat emanating from the back of the equipment racks and allow cool air to flow into the front of the equipment racks.
encryption
(29) ___ technology uses mathematical algorithms to protect information from prying eyes, both while it is in transit and while it resides on systems.
redundant array, independent disks (RAID)
(290) The use of ___ ___ of ___ ___ is a common solution that uses multiple disks with data either striped (spread across disks) or mirrored (completely copied), and technology to ensure that data is not corrupted or lost (parity).
0
(291) RAID ___ is striping. Data is spread across all devices in the array. An advantage of this array is better I/O performance. A disadvantage is no fault tolerance. You need at least 2 drives.
1
(292) RAID ___ is mirroring. All data is copied exactly to another drive or drives. An advantage of this array is high read speeds from multiple drives, data available if a drive fails. A disadvantage is that it uses twice the storage for the same amount of data. You need at least 2 drives.
5
(293) RAID ___ is striping with parity. Data is stripped across drives, with one used for parity of the checksum. Parity is spread across drives as well as data. An advantage is that data reads are fast, data writes are slightly slower. Drive failures can be rebuilt as long as only one drive fails. A disadvantage is it can only tolerate a single drive failure at a time. Rebuilding arrays after a drive loss can be slow and impact performance. You need at least 3 drives.
scalability
(299) ___ is a common design element and a useful response control for many systems in modern environments where services are designed to scale across many servers instead of requiring a larger server to handle more workload. It says that applications should be designed so that computing resources they require may be incrementally added to support increasing demand.
integrity
(3) ___ ensures that there are no unauthorized modifications to information or systems, either intentionally or unintentionally.
host-based
(30) ___ DLP uses software agents installed on systems that search those systems for the presence of sensitive information. These searches often turn up Social Security numbers, credit card numbers, and other sensitive information in the most unlikely places! They can also monitor system configurations and user actions, blocking undesirable actions.
hot
(302) ___ sites have all the infrastructure and data needed to operate the organization. It is a duplicate of the original site, with fully operational computer systems as well as near-complete backups of user data.
warm
(303) ___ sites have some or all the systems needed to perform the work required by the organization, but the live data is not in place.
cold
(304) ___ sites have space, power, and often network connectivity, but they are not prepared with systems or data. It is a disaster recovery facility that provides only the physical space for recovery operations.
burning
(305) ___ is most often done in a high-temperature incinerator. Primarily used for paper records, although some incinerators may support electronic devices.
faraday cage
(306) Additional isolation for systems may be provided by physical controls such as a ___ ___, which blocks electromagnetic fields.
shredding
(307) ___ can be done on-site; can support paper or devices using an industrial shredder.
pulping
(308) ___ breaks paper documents into wood pulp, removing ink. Materials can be recycled.
pulverizing
(309) ___ breaks devices down into very small pieces to prevent recovery.
network-based
(31) ___ DLP systems are dedicated devices that sit on the network and monitor outbound network traffic, watching for any transmissions that contain unencrypted sensitive information. They can block those transmissions, preventing the unsecured loss of sensitive information.
degaussing
(310) ___ magnetically wipes data from tapes and traditional magnetic media like hard drives.
cloud computing
(311) ___ ___ can be an intimidating term, but the fundamental idea is straightforward: cloud service providers deliver computing services to their customers in a web browser or Amazon Web Services (AWS) providing virtualized servers to corporate clients who use them to build out their own technology environment.
multitenancy
(312) The fact that many different users share resources in the same cloud infrastructure is known as ___. In a multitenant environment, the same physical hardware might support the workloads and storage needs of many different customers, all of whom operate without any knowledge of or interaction with their fellow customers.
on-demand self-service computing
(313) ___ ___ ___ are cloud resources that are available when and where you need them.
cloud service providers
(314) ___ ___ ___ are firms that offer cloud computing services to their customers.
cloud consumers
(315) ___ ___ are organizations and individuals who purchase cloud services from cloud service providers.
cloud partners
(316) ___ ___ are organizations that offer ancillary products or services that support or integrate with the offerings of a cloud service provider.
cloud auditors
(317) ___ ___ are independent organizations that provide third-party assessments of cloud services and operations.
cloud carriers
(318) ___ ___ serve as the intermediaries that provide the connectivity that allows the delivery of cloud services from providers to consumers.
infrastructure (IaaS)
(319) ___ as a service offering allow customers to purchase and interact with the basic building blocks of a technology infrastructure. These include computing, storage, and networks. Customers have the flexibility to configure and manage those services in any way they like to meet their own business needs.
pattern matching
(32) ___ ___, where they watch for the telltale signs of sensitive information. For example, if they see a number that is formatted like a credit card or social security number, they can automatically trigger on that.
software (SaaS)
(320) ___ as a service offering provide customers with access to a fully managed application running in the cloud. The provider is responsible for everything from the operation of the physical datacenters to the performance management of the application itself, although some of these tasks may be outsourced to other cloud service providers. The customer is only responsible for limited configuration of the application itself. It is based on monthly or annual subscription fees.
platform (PaaS)
(321) ___ as a service offering fit into a middle ground between SaaS and IaaS solutions. The service provider offers a platform where customers may run applications that they have developed themselves. The cloud service provider builds and manages the infrastructure and offers customers an execution environment, which may include code libraries, services, and tools that facilitate code execution.
function (FaaS)
(322) ___ as a service platforms are an example of PaaS computing. This approach allows customers to upload their own code functions to the provider and then the provider will execute those functions on a scheduled basis, in response to events, and/or on demand.
hybrid
(326) ___ cloud is a catch-all term used to describe cloud deployments that blend public, private, and/or community cloud services together.
watermarking
(33) ___, where systems or administrators apply electronic tags to sensitive documents and then the DLP system can monitor systems and networks for unencrypted content containing those tags. It is also commonly used in digital rights management (DRM) solutions that enforce copyright and data ownership restrictions.
secure boot
(330) ___ ___ ensures that the system boots using only software that the original equipment manufacturer trusts. To perform a secure boot operation, the system must have a signature database listing the secure signatures of trusted software and firmware for the boot process.
boot integrity
(332) ___ ___ begins with the hardware root of trust. The hardware root of trust for a system contains the cryptographic keys that secure the boot process.
signature-based
(333) ___ ___ detection, which uses a hash or other signature generation method to identify files or components of the malware that have been previously observed.
heuristic, behavior-based
(334) ___ or ___ detection, looks at what actions the malicious software takes and matches them to profiles of unwanted activities.
sandboxing
(335) ___ is used by some tools and by the antimalware vendors themselves to isolate and run sample malicious code.
real-time operating system (RTOS)
(336) A ___ ___ ___ is an operating system that is used when priority needs to be placed on processing data as it comes in, rather than using interrupts for the operating system or waiting for tasks being processed to be handled before data is processed.
Raspberry Pis
(337) ___ ___ are single-board computers, which means that they have all the features of a computer system on a single board, including network connectivity, storage, video output, input, CPU and memory.
proxy
(338) ___ servers accept and forward requests, centralizing the requests and allowing actions to be taken on the requests and responses. They can filter or modify traffic and cache data, and since they centralize requests, they can be used to support access restrictions by IP address or similar requirements.
forward
(339) ___ proxies are placed between clients and servers, and they accept requests from clients and send them forward to servers.
minimization
(34) Data ___ techniques seek to reduce the risk by reducing the amount of sensitive information that we maintain on a regular basis. The best way to achieve this is to simply destroy data when it is no longer necessary to meet our original business purpose.
caching
(340) A ___ proxy server is used to store web data locally for quick retrieval.
reverse
(341) ___ proxies are placed between clients and servers, and they are used to help with load balancing and caching of content.
content filters
(342) ___ ___ are devices or software that allow, or block traffic based on content rules. These can be as simple as blocking specific URLs, domains, or hosts, or they may be complex, with pattern matching, IP reputation, and other elements built into the filtering rules.
data loss prevention (DLP)
(344) ___ ___ ___ monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data. They help organizations enforce information handling policies and procedures to prevent data loss and theft. They search systems for stores of sensitive information that might be unsecured and monitor network traffic for potential attempts to remove sensitive information from the organization.
intrusion detection, intrusion prevention
(345) Network-based ___ ___ systems and ___ ___ systems are used to detect threats and, in the case of IPS, to block them.
behavior
(347) ___-based detections look for specific patterns or sets of actions that match threat behaviors.
anomaly
(348) ___-based detection establishes a baseline for an organization or network and then flags when out-of-the-ordinary behavior occurs.
stateless
(349) ___ firewalls, sometimes called packet filters, filter every packet based on data such as the source and destination IP and port, the protocol, and other information that can be gleaned from the packet's headers. They are the most basic type of firewall.
de-identified, de-idenification
(35) If we can't completely remove data from a dataset, we can often transform it into a format where the original sensitive information is ___. The ___ process removes that ability to link data back to an individual, reducing its sensitivity.
stateful
(350) ___ firewalls, sometimes called dynamic packet filters, pay attention to the state of traffic between systems. They can make a decision about a conversation and allow it to continue once it has been approved rather than reviewing every packet.
next-generation (NGFW)
(351) ___ firewall devices are far more than simple firewalls. In fact, they might be more accurately described as all-in-one network security devices in many cases. There capabilities consist of deep packet inspections, IDS/IPS functionality, antivirus and antimalware, and other functions.
web application (WAF)
(352) ___ ___ firewalls are security devices that are designed to intercept, analyze, and apply rules to web traffic, including tools such as database queries, APIs, and other web application tools. It sits between external users and the Internet.
unified threat management (UTM)
(353) ___ ___ ___ devices frequently include firewalls, IDS/IPS, antimalware, URL and email filtering and security, data loss prevention, VPN, and security monitoring and analytics capabilities.
sinkhole
(354) A DNS ___ is a DNS server that is configured to provide incorrect answers to specific DNS queries. This allows administrators to cause malicious and unwanted domains to resolve to a harmless address and can also allow logging of those queries to help identify infected or compromised systems.
ephemeral
(355) ___ keys are used to provide perfect forward secrecy, meaning that even if the secrets used for key exchange are compromised, the communication itself will not be.
secure real-time protocol (SRTP)
(364) ___ ___ ___ is a secure version of the Real-time Protocol, a protocol designed to provide audio and video streams via networks. It uses encryption and authentication to attempt to reduce the likelihood of successful attacks, including replay and denial-of-service attempts.
Secure Lightweight Directory Access Protocol (LDAPS)
(365) ___ ___ ___ ___ ___ is a TLS-protected version of LDAP that offers confidentiality and integrity protections.
domain hijacking
(366) ___ ___ changes the registration of a domain, either through technical means like a vulnerability with a domain registrar or control of a system belonging to an authorized user, or through nontechnical means such as social engineering. The end result of this attack is that the domain's settings and configuration can be changed by an attacker, allowing them to intercept traffic, send and receive email, or otherwise take action while appearing to be the legitimate domain holder.
DNS poisoning
(367) ___ ___ can be accomplished in multiple ways. One form is another form of the on-path attack where an attacker provides a DNS response while pretending to be an authoritative DNS server. Remapping a domain name to a rogue IP address is also an example of this type of exploit.
zone transfers
(368) Domain Name Service (DNS) poisoning attacks can be mitigated by ensuring that your DNS server updates its information only from authoritative sources by proper authentication or the use of secure communications. ___ ___ usually occurs when you bring up a new DNS server as a secondary DNS server. A full transfer of all the zone information will take place in order to replicate the already existing records for that zone.
reverse DNS
(369) ___ ___ resolution is a normal practice to resolve IP addresses to host names and would not prevent DNS poisoning.
hashing
(37) ___ uses a hash function to transform a value in our dataset to a corresponding hash value. If we apply a strong hash function to a data element, we may replace the value in our file with the hashed value. To validate that a file has not been modified, the file should include a hash or checksum that the user can compare to the checksum of the downloaded file.
URL redirection
(370) ___ ___ can take many forms, depending on the vulnerability that attackers leverage, but one of the most common is to insert alternate IP addresses into a system's hosts file. The hosts file is checked when a system looks up a site via DNS and will be used first, making a modified hosts file a powerful tool for attackers who can change it.
domain reputation
(371) ___ ___ services and tools provide information about whether a domain is a trusted email sender or sends a lot of spam email. "Distribution of Spam"
Address Resolution Protocol Poisoning
(372) ___ ___ ___ ___ attacks send malicious ARP packets to the default gateway of a network with the intent of changing the pairings of MAC addresses to IP addresses that the gateway maintains. Attackers will send ARP replies that claim that the IP address for a target machine is associated with their MAC address, causing systems and the gateway to send traffic intended for the target system to the attacker's system.
MAC flooding
(373) ___ ___ targets switches by sending so many MAC addresses to the switch that the CAM or MAC table that stores pairing of ports and MAC addresses is filled. Since these tables have a limited amount of space, flooding them results in a default behavior that sends out traffic to all ports when the destination is not known to ensure traffic continues to flow.
MAC cloning
(374) ___ ___ duplicates the media access control address of a device.
cellular
(375) ___ networks provide connectivity for mobile devices like cell phones by dividing geographic areas into "cells" with tower coverage allowing wireless communications between devices and towers or cell sites.
rogue access points
(376) ___ ___ ___ are APs added to your network either intentionally or unintentionally. Once they are connected to your network, they can offer a point of entry to attackers or other unwanted users.
bluejacking
(377) ___ simply sends unsolicited messages to Bluetooth-enabled devices.
bluesnarfing
(378) ___ is unauthorized access to a Bluetooth device, typically aimed at gathering information like contact lists or other details the device contains.
disassociation
(379) ___ describes what happens when a device disconnects from an access point. Many wireless attacks work better if the target system can be forced to disassociate from the access point that it is using when the attack starts. That will cause the system to attempt to reconnect, providing an attacker with a window of opportunity to set up a more powerful evil twin or to capture information as the system tries to reconnect.
tokenization
(38) ___ replaces sensitive values with a unique identifier using a lookup table. For example, we might replace a widely known value, such as a student ID, with a randomly generated 10-digit number.
jam, jamming
(380) Another means of attacking radio frequency networks like Wi-Fi and Bluetooth is to ___ them. ___ will block all the traffic in the range or frequency it is conducted against.
initialization vector (IV)
(381) A type of attack against Wi-Fi networks is an ___ ___ attack. It modifies the IV of an encrypted wireless packets during transmission.
site survey
(382) ___ ___ involve moving throughout the entire facility or space to determine what existing networks are in place and to look at the physical structure for the location options for your access points.
heatmap
(383) Site survey tools test wireless signal strength as you walk, allowing you to match location using GPS and physically marking your position on a floorplan or maps as you go. They then show where wireless signal is, how strong it is, and what channel or channels each access point or device is on in the form of a ___.
local area network controllers
(384) Enterprise networks rely on wireless ___ ___ ___ ___ to help managed access points and the organization's wireless network.
counter mode cipher block chaining message authentication code protocol
(385) WPA2 introduced the use of the ___ ___ ___ ___ ___ ___ ___ ___ ___ (CCMP). CCMP uses Advanced Encryption Standard (AES) encryption to provide confidentiality, delivering much stronger encryption than WEP or the wired equivalent privacy protocol used previously.
simultaneous authentication, equals (SAE)
(386) WPA3-Personal provides additional protection for password-based authentication, using a process known as ___ ___ of ___. SAE replaces the preshared keys used in WPA2 and requires interaction between the client and network to validate both sides. That interaction slows down brute-force attacks and makes them less likely to succeed.
protected extensible authentication protocol (PEAP)
(387) ___ ___ ___ ___ authenticates servers using a certificate and wraps EAP using a TLS tunnel to keep it secure. Devices on the network use unique encryption keys, and Temporal Key Integrity Protocol (TKIP) is implemented to replace keys on a regular basis.
Flexible Authentication, Secure Tunneling Extensible Authentication Protocol (EAP-FAST)
(388) ____ ___ via ___ ___ ___ ___ ___ is a Cisco-developed protocol that improved on vulnerabilities in the Lightweight Extensible Authentication Protocol (LEAP). It is focused on providing faster reauthentication while devices are roaming.
Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)
(389) ___ ___ ___ ___ ___ implements certificate-based authentication as well as mutual authentication of the device and network. It uses certificates on both client and network device to generate keys that are then used for communication.
data masking
(39) ___ ___ partially redacts sensitive information by replacing some or all sensitive fields with blank characters. For example, we might replace all but the last four digits of a credit card number with X's or *'s to render the card number unreadable.
EAP Tunneled Transport Layer Security (EAP-TTLS)
(390) ___ ___ ___ ___ ___ extends EAP-TLS, and unlike EAP-TLS, it does not require the client devices have a certificate to create a secure session. This removes the overhead and management effort that EAP-TLS requires to distribute and manage endpoint certificates while still providing TLS support for devices.
bring your own device (BYOD)
(391) In ___ ___ ___ ___, the user owns the device and the user controls and maintains the device. The user brings their own personally owned device. This provides more user freedom and lower cost to the organization, but greater risk since the organization does not control, secure, or manage the device.
choose your own device (CYOD)
(392) In ___ ___ ___ ___, the organization owns the device but the user controls and maintains the device. The organization owns the device but allows the user to select and maintain it.
corporate-owned, personally enabled (COPE)
(393) In ___-___, ___ ___, the organization owns the device, and the organization maintains the device. Corporate-provided devices allow reasonable personal use while meeting enterprise security and control needs.
corporate, owned
(394) In ___-___, the organization owns the device and the organization controls and maintains the device. These devices provide the greatest control but least flexibility.
Virtual Desktop Infrastructure (VDI)
(395) One key technology that can help make mobile device deployments more secure is the use of ___ ___ ___ to allow relatively low-security devices to access a secured, managed environment. Using VDI allows device users to connect to the remote environment, perform actions, and then return to normal use of their device.
communication plans
(396) ___ ___ are critical to incident response processes. A lack of communication, incorrect communication, or just poor communication can cause significant issues for an organization and its ability to conduct business.
stakeholder management plans
(397) ___ ___ ___ are related to communication plans and focus on groups and individuals who have an interest or role in the systems, organizations, or services that are impacted by an incident.
business continuity plans (BC)
(398) ___ ___ ___ focus on keeping an organizational functional when misfortune or incidents occur.
disaster recovery plans (DR)
(399) ___ ___ ___ define the processes and procedures that an organization will take when a disaster occurs. A DR plan focuses on natural and man-made disasters that may destroy facilities, infrastructure, or otherwise prevent an organization from functioning normally.
availability
(4) ___ ensures that information and systems are ready to meet the needs of legitimate users at the time users request them.
data exfiltration
(40) Attackers who gain access to sensitive information and remove it from the organization are said to be performing ___ ___.
business impact analysis (BIA)
(400) The ___ ___ ___ examines the loss of revenue, legal obligations, and customer service interruption that can arise as the result of a disaster.
contingency
(401) A ___ plan establishes the procedures that can quickly recover critical systems after a service disruption, and it defines and prioritizes specific tasks to aid in the recovery process.
continuity, operation planning
(402) In addition to these types of plans, ___ of ___ ___ is a federally sponsored program in the U.S. that is part of the national continuity program. COOP defines the requirements that government agencies need to meet to ensure that continuity of operations can be ensured.
retention policy
(404) A ___ ___ is important to incident responders since it may determine how long the organization keeps incident data, how long logs will be available, and what data is likely to have been retained and thus may have been exposed if a system or data store is compromised or exposed.
metadata
(422) ___ is data about other data- in the case of systems and services, metadata is created as part of files, embedded in documents, used to define structured data, and included in transactions and network communications, among many other places you can find it.
Adversarial Tactics, Techniques, Common Knowledge
(405) MITRE provides the ATT&CK, or ___ ___, ___, and ___ ___, knowledgebase of adversary tactics and techniques. The ATT&CK matrices includes detailed descriptions, definitions, and examples for the complete threat lifecycle from initial access through execution, persistence, privilege escalation, and exfiltration. At each level, it lists techniques and components, allowing threat assessment modeling to leverage common descriptions and knowledge.
simulation authentication, equals (SAE)
(406) WPA3-Personal provides additional protection for password-based authentication, using a process known as ___ ___ of ___. SAE replaces the preshared keys used in WPA2 and requires interaction between both the client and network to validate both sides. It is a secure password-based authentication and password-authenticated key agreement method.
diamond model, intrusion analysis
(407) The ___ ___ of ___ ___ provides an excellent methodology for communicating cyber events and allowing analysts to derive mitigation strategies implicitly. It is constructed around a graphical representation of an attacker's behavior. It is a methodology framework for intrusion analysis developed by U.S. government intelligence community.
core features, meta-features, confidence value
(408) The Diamond Model uses a number of specific terms: ___ ___ for an event, which are the adversary, capability, infrastructure, and victim (the vertices of the diamond). The ___, which are the start and end timestamps, phase, result, direction, methodology, and resources, which are used to order events in a sequence known as an activity thread, as well as for grouping events based on their features. A ___ ___, which is undefined by the model but that analysts are expected to determine based on their own work.
Cyber Kill Chain, reconnaissance, weaponization, delivery, exploitation, installation, command, control, actions, objectives
(409) Lockheed Martin's ___ ___ ___ is a seven-step process that portrays how attackers step through their actions to reach their final goal but does not deal with the specifics of how to mitigate them. ___ identifies targets. ___ involves building or otherwise acquiring a ___, which combines malware and an exploit into a payload that can be delivered to the target. ___ occurs when the adversary deploys their tool either directly against targets or via a release that relies on staff at the target interacting with it, such as in an email payload, on a USB stick, or via websites that they visit. ___ uses a software, hardware, or human vulnerability to gain access. ___ focuses on persistent backdoor access for attackers. ___-and-___ (C2) access allows two-way communication and continued control of the remote system. Defenders will seek to detect the C2 infrastructure by hardening the network, deploying detection capabilities, and conducting ongoing research to ensure they are aware of new C2 models and technology. ___ on ___ occurs when the mission's goal is achieved. Adversaries will collect credentials, escalate privileges, pivot and move laterally through the environment, and gather and exfiltrate information. It identifies the phases of a cyberattack.
white-hat
(41) ___ hackers, also known as authorized attackers, are those who act with authorization and seek to discover security vulnerabilities with the intent of correcting them. They may be employees of the organization or contractors hired to engage in penetration testing.
cybersecurity framework (CSF)
(410) NIST ___ ___ is a set of industry standards and best practices created by NIST to help organizations manage cybersecurity risks. It is used for building a secure system. It contains a set of controls that are sorted into five categories to reduce risk and help organizations respond more rapidly when incidents do occur.
security information, event management (SIEM)
(411) In many organizations, the central security monitoring tool is a ___ ___ and ___ ___ tool. This is tools that are used to gather and analyze multiple sources of data to enable cybersecurity analysts to understand trends better and make decisions.
application logs
(413) ___ ___ for Windows include information like installer information for applications, errors generated by applications, license checks, and any other logs that applications generate and send to the application log.
security logs
(414) ___ ___ for Windows systems store information about failed and successful logins, as well as other authentication log information.
vulnerability scan output
(415) ___ ___ ___ is another form of data that can be pulled into incident analysis activities. Scans can provide clues about what attackers may have targeted, changes in services, or even suddenly patched issues due to attackers closing a hole behind them.
network, security device logs
(416) ___ and ___ ___ ___ can include logs for routers and switches with configuration changes, traffic information, network flows, and data captured by packet analyzers.
web logs
(417) ___ ___ track requests to the web server and related events. These logs can help track what was accessed, when it was accessed, and what IP address sent the request.
DNS logs
(418) ___ ___ provide details about DNS queries. This may seem less useful, but DNS logs can show attackers gathering information, provide information that shows what systems may be compromised based on their DNS requests, and show whether internal users are misusing organizational resources.
Authentication logs
(419) ___ ___ are useful to determine when an account was logged into and may also show privilege use, login system or location, incorrect password attempts, and other details of logins and usage that can be correlated to intrusions and misuse.
black-hat
(42) ___ hackers, also known as unauthorized attackers, are those with malicious intent. They seek to defeat security controls and compromise the confidentiality, integrity, and availability of information and systems for their own, unauthorized purposes.
dump files
(420) ___ ___, may not seem as if they'd be useful for incident response, but they can obtain information that shows the state of memory and the system at the time of a crash.
VoIP, call manager, session initiation protocol
(421) ___, ___ ___ logs, and ___ ___ ___ logs can provide information about calls that were placed as well as other events on a VoIP system.
(423) ___ metadata includes headers and other information found in an email. Email headers provide details about the sender, the recipient, the date and time the message was sent, whether the email had an attachment, which systems the email traveled through, and other header markup that systems may have added, including antispam and other information.
mobile
(424) ___ metadata is collected by phones and other mobile devices as they are used. It can include call logs, SMS and other message data, data usage, GPS location tracking, cellular tower information, and other details found in a call data records.
web
(425) ___ metadata is embedded into websites as part of the code for the website but it often invisible to everyday users. It can include metatags, headers, cookies, and other information that help with search engine optimization, website functionality, advertising, and tracking, or that may support specific functionality.
file
(426) ___ metadata can be powerful tool when reviewing when a file was created, how it was created, if and when it was modified, who modified it, the GPS location of the device that created it, and many other details.
playbooks
(427) ___ are step-by-step actions that need to occur within the security orchestration, automation, and response (SOAR) process. The actions typically need to be performed by humans, so the playbook serves as the definitive guide to ensure that any documentation, required reporting, or other mandated actions that require human involvement and decision-making occur exactly when they should.
runbook
(428) A ___ is a set of rules that can be largely automated and, while it can indeed include human elements, often is used to automate features such as threat response.
isolation
(429) ___ moves a system into a protected space or network where it can be kept away from other systems with limited or no access to other sources.
gray-hat
(43) ___ hackers, also known as semi-authorized attackers, are those who fall somewhere between white-hat and black-hat hackers. They act without proper authorization, but they do so with the intent of informing their targets of any security vulnerabilities.
containment
(430) ___ leaves the system in place but works to prevent further malicious actions or attacks.
segmentation
(431) ___ is often employed before an incident occurs to place systems with different functions or data security levels in different zones or segments of a network.
access control
(432) An ___ ___ policy is geared toward preventing unauthorized access. Examples of such policies include least privilege, job rotation, and separation of duties.
seperation, duties
(433) Organizations may implement ___ of ___ for extremely sensitive job functions. It takes two different tasks that, when combined, have great sensitivity and creates a rule that no single person may have the privileges required to perform both tasks.
job rotation
(434) ___ ___ practices take employees with sensitive roles and move them periodically to other positions in the organization.
mandatory vacations
(435) ___ ___ serve a similar purpose by forcing employees to take annual vacation of a week or more consecutive time and revoking their access privileges during their vacation period.
care, diligence, diligence, care
(436) Due ___ and due ___ are the standards the company must adhere to when implementing and enforcing company-wide security policies. Due ___ ensures that IT infrastructure risks are known and managed properly. Due ___ is the mitigation actions that an organization takes to defend against the risks that have been uncovered during due care.
acceptable use policy (AUP)
(437) ___ ___ ___ is a set of established guidelines for the appropriate use of computer networks and internal network within an organization.
Master Service Agreements (MSA)
(438) ___ ___ ___ provide an umbrella contract for the work that a vendor does with an organization over an extended period of time.
Service Level Agreements (SLA)
(439) ___ ___ ___ are written contracts that specify the conditions of service that will be provided by the vendor and the remedies available to the customer if the vendor fails to meet the SLA.
script kiddies
(44) The term ___ ___ is a derogatory term for people who use hacking techniques but have limited skills. Often such attackers may relay almost entirely on automated tools they download from the Internet.
memorandum, understanding (MOU)
(440) A ___ of ___ is a letter written to document aspects of the relationship. MOUs are an informal mechanism that allows the parties to document their relationship to avoid future misunderstandings.
business partnership agreements (BPA)
(441) ___ ___ ___ exists when two organizations agree to do business with each other in a partnership.
policies
(442) ___ are high-level statements of management intent.
standards
(443) ___ provide mandatory requirements describing how an organization will carry out its information security policies.
procedures
(444) ___ are detailed, step-by-step processes that individuals and organizations must follow in specific circumstances.
guidelines
(445) ___ provide best practices and recommendations related to a given concept, technology, or task.
health insurance portability, accountability act (HIPAA)
(446) The ___ ___ ___ and ___ ___ includes security and privacy rules that affect health-care providers, health insurers, and health information clearinghouses in the U.S.health insurance portability, accountability act (HIPAA)
Sarbanes-Oxley (SOX)
(447) ___-___ is a United States federal law that sets new or expanded requirements for all US public company boards, management, and public accounting firms.
critical
(495) ___ updates are software code for a specific problem addressing a critical, non-security bug in the software.
stewards
(464) Data ___ are individuals who carry out the intent of the data controller and are delegated responsibility from the controller. They're primarily responsible for data quality. This involves ensuring data are labeled and identified with appropriate metadata. That data is collected and stored in a format and with values that comply with applicable laws and regulations.
custodians
(465) Data ___ are individuals or teams who do not have controller or stewardship responsibility but are responsible for the secure safekeeping of information. They handle managing the system on which the data assets are stored. This includes responsibility for enforcing access control, encryption, and backup/recovery measures.
boot sector
(467) ___ ___ viruses are stored in the first sector of a hard drive and are loaded into memory upon boot up.
macro
(468) ___ viruses are embedded into a document and is executed when the document is opened by the user.
child sexual exploitation
(47) ___ ___ ___, including child pornography, abuse, and solicitation.
multipartite
(470) A ___ virus is a virus that combines boot and program viruses to first attach itself to the boot sector and system files before attacking other files on the computer.
polymorphic
(471) A ___ virus is an advanced version of an encrypted virus that changes itself every time it is executed by altering the decryption module to avoid detection.
metamorphic
(472) A ___ virus is a virus that is able to rewrite itself entirely before it attempts to infect a file. It is an advance version of polymorphic viruses.
armored
(473) ___ viruses have a layer of protection to confuse a program or person analyzing it.
adware
(474) ___ is a specific type of spyware that displays advertisements based upon its spying on you.
active interception
(475) ___ ___ occurs when a computer is placed between the sender and receiver and is able to capture or modify the traffic between them.
easter egg
(476) ___ ___ are non-malicious code that when invoked, displays an insider joke, hidden message, or secret feature.
endpoint DLP system
(477) ___ ___ ___ is a software-based client that monitors the data in use on a computer and can stop a file transfer or alert an admin of the occurrence.
network DLP system
(478) ___ ___ ___ is either a software or hardware-based solution that is installed on the perimeter of the network to detect data in transit.
storage DLP system
(479) ___ ___ ___ is software installed on servers in the datacenter to inspect the data at rest.
payment fraud
(48) ___ ___, including credit card fraud and business email compromises.
cloud DLP system
(480) ___ ___ ___ is cloud software as a service that protects data being stored in cloud services.
basic input output system (BIOS)
(481) ___ ___ ___ ___ is firmware that provides the computer instructions for how to accept input and send output.
network attached storage (NAS)
(482) ___ ___ ___ are storage devices that connect directly to your organization's network.
advanced encryption standard (AES)
(483) ___ ___ ___ is a symmetric key encryption that supports 128-bit, 192-bit and 256-bit keys. It uses a 128-bit block size.
simultaneous authentication, equals (SAE)
(484) WPA3-Personal provides additional protection for password-based authentication, using a process known as ___ ___ of ___. SAE replaces the preshared keys used in WPA2 and requires interaction between both the client and network to validate both sides. It is a secure password-based authentication and password-authenticated key agreement method.
mobile device management (MDM)
(485) ___ ___ ___ can prevent certain applications from being installed on the device. It is software that allows IT administrators to control, secure and enforce policies on smartphones, tablets and other endpoints.
antivirus
(486) ___ software is capable of detecting and removing virus infections and other types of malware. It is not able to detect new viruses that do not have a pattern or signature defined.
Wi-Fi protected access 2 (WPA2)
(487) ___ ___ ___ ___ is the highest level of wireless security. It is a 802.11i standard to provide better wireless security featuring AES with a 128-bit key, CCMP, and integrity checking.
802.1x
(488) ___ is implemented on network devices such as switches to provide access control by authenticating connecting clients based on the user or system identity.
link key
(489) Bluetooth pairing creates a shared ___ ___ to encrypt the connection.
terrorism
(49) ___ support, including facilitating the actions of terrorist groups online.
subscriber identity module (SIM)
(490) ___ ___ ___ is an integrated circuit that securely stores the international mobile subscriber identity (IMSI) number and its related key. This tells the cellphone towers which cellular device is assigned to which number.
geotagging
(491) ___ is the embedding of the geolocation coordinates into a piece of data.
hardening
(492) ___ is the act of configuring an operating system securely by updating it, creating rules and policies to govern it, and removing unnecessary applications and services.
System Center Configuration Management (SCCM)
(493) Microsoft's ___ ___ ___ ___ can be used to manage large amounts of software across the network as well as push out new configurations and policy updates to all our PCs.
security
(494) ___ updates are software code that is issued for a product-specific security-related vulnerability.
group policy, group policy objectives
(500) ___ ___ is a set of rules or policies that can be applied to a set of users or computer accounts within the operating system. ___ ___ ___ aid in the hardening of the operating system. Using these new accounts and computers can be configured with organizational requirements. You can force a reset fo the default administrator account password by using a group policy update.
security template
(501) ___ ___ is a group of policies that can be loaded through one procedure.
baselining
(502) ___ is a process of measuring changes in the network, hardware, and software environment.
NTFS, FAT32, New Technology File System, ext4, APFS
(503) Windows systems can utilize ___ or ___. NTFS stands for ___ ___ ___ ___ and is the default file system format which is more secure because it supports logging, encryption, larger partition sizes, and larger file sizes than FAT32. Linux systems should use ___ and MacOS should use the ___.
hardware root, trust (ROT)
(504) ___ ___ of ___ is a cryptographic module embedded within a computer system that can endorse trusted execution and attest to boot settings and metrics. It is used to scan the boot metrics and OS files to verify their signatures, which we can then use to sign a digital report.
field programmable gate array (FBGA), physically unclonable function (PUF)
(505) Anti-tamper mechanisms include a ___ ___ ___ ___ and a ___ ___ ___.
attestation
(506) ___ is a claim that the data presented in the report is valid by digitally signing it using the TPM's private key.
eFUSE
(507) ___ is a means for software or firmware to permanently alter the state of a transistor on a computer chip.
system
(508) ___ virtual machines are complete platforms designed to replace an entire physical computer and includes a full desktop/server operating system.
processor
(509) ___ virtual machines are designed to only run a single process or application like a virtualized web browser or a simple web server.
Advanced Persistent Threat (APT)
(51) The security company Mandiant created the term ___ ___ ___ to describe a series of attacks that they first traced to sources connected to the Chinese military. They tend to be characterized by highly skilled attackers with significant resources.
sprawl
(510) VM ___ is used to describe a situation in which large number of deployed VMs lack proper administrative controls. Asset documentation and usage audits can help prevent this.
escape
(511) VM ___ allows an attacker to break out of a normally isolated VM by interacting directly with the hypervisor. Sandboxing and patch management can help mitigate this.
arbitrary (ACE)
(512) ___ code execution occurs when an attacker is able to execute or run commands on a victim computer.
remote (RCE)
(513) ___ code execution occurs an attacker is able to execute or run commands on a remote computer.
buffer
(514) A ___ is a temporary storage area that a program uses to store data.
stored, persistent
(515) In a ___/___ cross site scripting attack, an attacker attempts to get data provided by the attacker to be saved on the web server by the victim.
reflected (XSS)
(516) A ___ cross site scripting attack attempts to have a non-persistent effect activated by a victim clicking a link on the site.
document object model (DOM)
(517) In a ___ ___ ___-based cross site scripting attack, an attacker attempts to exploit the victim's web browser.
SQL injection
(518) A ___ ___ is an attack consisting of the insertion or injection of an SQL query via input data from the client to a web application. Countermeasures include stored procedures and input validation.
MAC spoofing
(519) ___ ___ occurs when an attacker masks their own MAC address to pretend they have the MAC address of another device.
insider
(52) ___ threats occur when an employee, contractor, vendor or other individual with authorized access to information systems uses that access to wage an attack against the organization.
IP spoofing
(520) ___ ___ is used to trick a router's ACL.
de-militarized zone (DMZ)
(521) ___ ___ focuses on providing controlled access to publicly available servers that are hosted within your organizational network.
jumpbox
(522) A ___ is a system on a network used to access and manage devices in a separate security zone. This would create network segmentation between the supplier's laptops and the rest of the network to minimize the risk. It is a hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them.
Network Address Translation (NAT)
(523) ___ ___ ___ is the process of changing an IP address while it transits across a router. It is used to share external IP addresses among several internal IP addresses.
dynamic host configuration protocol (DHCP)
(524) A ___ ___ ___ ___ server is used to allocate internal IP addresses.
modem
(526) A ___ is a device that could modulate digital information into an analog signal for transmission over a standard dial-up phone line.
honeypot
(527) A ___ is a single computer (or file, group of files, or IP range) that might be attractive to an attacker.
honeynet
(528) A ___ is a group of computers, servers, or networks used to attract an attacker.
vertical, horizontal
(529) ___ privilege escalation is going from a user account to an administrator account. ___ privilege escalation is going from one user account to another user account.
Annualized Rate, Occurrence (ARO)
(565) ___ ___ of ___ is the number of times per year that a threat is realized.
competitors
(53) ___ may engage in corporate espionage designed to steal sensitive information from your organization and use it to their own business advantage. This may include theft of customer information, stealing proprietary software, identifying confidential product development plans, or gaining access to any information that would benefit them.
electromagnetic interference (EMI)
(530) ___ ___ is a disturbance that can affect electrical circuits, devices, and cables due to radiation or electromagnetic conduction.
radio frequency interference (RFI)
(531) ___ ___ ___ is a disturbance that can affect electrical circuits, devices, and cables due to AM/FM transmissions or cell towers.
crosstalk
(532) ___ occurs when a signal transmitted on one copper wire creating an undesired effect on another wire.
data emanation
(533) ___ ___ is the electromagnetic field generated by a network cable or device when transmitting.
protected distribution system (PDS)
(534) ___ ___ ___ is a secured system of cable management to ensure that the wired network remains free from eavesdropping, tapping, data emanations, and other threats.
service set identifier (SSID)
(535) ___ ___ ___ uniquely identifies the network and is the name of the WAP used by the clients.
evil twin
(536) ___ ___ is a rogue, counterfeit, and unauthorized WAP with the same SSID as your valid one.
Pre-Shared Key (PSK)
(537) A ___ ___ is the same encryption key that is used by the access point and the client.
wired equivalent privacy (WEP)
(538) ___ ___ ___ is the original 802.11 wireless security standard that claims to be as secure as a wired network. It uses a 24-bit initialization vector (IV)
Wi-Fi Protected Access (WPA)
(539) ___ ___ ___ is the replacement for WEP which uses TKIP (Temporal Key Integrity Protocol), Message Integrity Check (MIC), and RC4 encryption. It uses a 48-bit initialization vector (IV)
dark web
(54) In some cases, competitors will use a disgruntled insider to get information from your company. They may also seek out insider information available for purchase on the ___ ___, a shadowy anonymous network often engaging in illicit activity.
Wi-Fi Disassociation Attack
(540) ___ ___ ___ is an attack that targets an individual client connected to a network, forces it offline by deauthenticating it, and then captures the handshake when it reconnects.
Wi-Fi Protected Setup (WPS)
(541) ___ ___ ___ is an automated encryption setup for wireless networks at a push of a button but is severely flawed and vulnerable.
war chalking
(542) ___ ___ is the act of physically drawing symbols in public places to denote the open, closed, and protected networks in range.
Wi-Fi Protected Access 3 (WPA3)
(543) ___ ___ ___ ___ was introduced in 2018 to strengthen WPA2. It has an equivalent cryptographic strength of 192-bits in WPA3- Enterprise Mode.
forward secrecy
(544) ___ ___ is a feature of key agreement protocols (like SAE) that provides assurance that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised.
radio frequency identification (RFID)
(545) ___ ___ ___ are devices that use a radio frequency signal to transmit identifying information about the device or token holder.
near field communication (NFC)
(546) ___ ___ ___ allows two devices to transmit information when they are within close range through automated pairing and transmission.
crossover error rate (CER)
(547) ___ ___ ___ is an equal error rate (EER) where the false acceptance rate and false rejection rate are equal.
A
(548) Class ___ fires consist of wood, paper, rubber, fabrics, and many plastics. This fire should be put out with a water based extinguisher with a green label.
B
(549) Class ___ fires consist of flammable liquids and gases such as gasoline, oils, paint, and tar. Use a dry chemical agent extinguisher with a red square label.
programmable logic controller (PLC)
(556) ___ ___ ___ is a type of computer designed for deployment in an industrial or outdoor setting that can automate and monitor mechanical systems.
system, on, chip (SOC)
(557) ___-___-___ is a processor that integrates the platform functionality of a multiple logical controllers onto a single chip.
multi-factor authentication
(558) ___ ___ uses two or more authentication factors to prove a user's identity.
Remote Access Services (RAS)
(559) ___ ___ ___ are services that enables dial-up and VPN connections to occur from remote clients.
threat intelligence, predictive analysis
(56) ___ ___ is the set of activities and resources available to cybersecurity professionals seeking to learn about changes in the threat environment. Threat intelligence information can also be used for ___ ___ to identify likely risks to the organization.
discretionary
(560) In ___ access control, the access control policy is determined by the owner.
chmod, 4, 2, 1
(561) ___ is a program in Linux that is used to change the permissions or rights of a file or folder using a shorthand number system. ___ is for read, ___ is for write, and ___ is for execute.
privilege creep
(562) ___ ___ occurs when a user gets additional permission over time as they rotate through different positions or roles.
propagation
(563) ___ occurs when permissions are passed to a subfolder from the parent through inheritance.
Single Loss Expectancy (SLE)
(564) ___ ___ ___ is the cost associated with the realization of each individualized threat that occurs. Asset Value (AV) x Exposure Factor (EF) equals this.
malware
(61) The term ___ describes a wide range of malicious software is intentionally designed to cause harm to systems and devices, networks, or users. It can also gather information, provide illicit access, and take a broad range of actions that the legitimate owner of a system or network may not want to occur.
secure multipurpose internet mail extensions (S/MIME)
(610) ___/___ ___ ___ ___ is a standard that provides cryptographic security for electronic messaging.
Secure Socket Layer (SSL), Transport Layer Security (TLS)
(611) ___ ___ ___ and ___ ___ ___ are cryptographic protocols that provide secure Internet communications for web browsing, instant messaging, email, VoIP, and many other services. TLS is the upgraded version of SSL.
secure shell (SSH)
(612) ___ ___ is a protocol that can create a secure channel between two computers or network devices to enable one device to control the other device. It requires a server (daemon) to be run on one device and a client on the other.
one-way hash
(613) A ___-___ ___ is used to validate the integrity of a message.
virtual private network (VPN)
(614) A ___ ___ ___ is a secure connection between two or more computers or device that are not on the same private network.
Internet Key Exchange (IKE)
(615) ___ ___ ___ is a method used by IPSec to create a secure tunnel by encrypting the connection between authenticated peers.
surge
(616) A ___ is an unexpected increase in the amount of voltage provided.
spike
(617) A ___ is a short transient in voltage that can be due to a short circuit, tripped circuit breaker, power outage, or lightning strike.
sag
(618) A ___ is an unexpected decrease in the amount of voltage provided.
brownout
(619) A ___ occurs when the voltage drops low enough that it typically causes the lights to dim and can cause a computer to shut off.
ransomeware, cryptomalware
(62) ___ is malware that takes over a computer and then demands a ransom. There are many types of this malware including ___ ___, which encrypts files and hold them hostage until a ransom is paid.
blackout
(620) A ___ occurs when there is a total loss of power for a prolonged period.
fault resistant RAID
(621) ___-___ ___ protects against the loss of the array's data if a single disk fails (RAID 1 or RAID 5).
disaster tolerant RAID
(623) ___-___ ___ provides two independent zones with full access to the data (RAID 10).
cluster
(624) A ___ is two or more servers working together to perform a particular job function.
failover
(625) A ___ cluster a secondary server can take over the function when the primary one fails.
load balancing cluster
(626) A ___-___ cluster servers are clustered in order to share resources such as CPU, RAM, and hard disks.
10 Tape
(627) In a ___ ___ rotation, each tape is used once per day for two weeks and then the entire set is reused.
grandfather father son
(628) In a ___-___-___ rotation, three sets of backup tapes are defined as the son (daily), the father (weekly), and the grandfather (monthly).
towers hanoi
(629) In a ___ of ___, three sets of backup tapes (like the grandfather-father-son) that are rotated in a more complex system.
personal identifiable information (PII)
(633) ___ ___ ___ is a piece of data that can be used either by itself or in combination with some other pieces of data to identify a single person.
Gramm Leach Bliley Act (GLBA)
(634) ___-___-___ ___ is a United States federal law that requires financial institutions to explain how they share and protect their customers' private information.
Federal Information Security Managment Act (FISMA) of 2002
(635) ___ ___ ___ ___ ___ of ___ requires each agency to develop, document, and implement an agency-wide information systems security program to protect their data.
privacy
(636) ___ is a data governance requirement that arises when collecting and processing personal data to ensure the rights of the subject's data.
General Data Protection Regulation (GDPR)
(637) ___ ___ ___ ___ regulates that personal data cannot be collected, processed, or retained without the individual's informed consent. It is a regulation that applies to companies that do business in the European Union.
Change Management Policy
(638) ___ ___ ___ defines the structured way of changing the state of a computer system, network, or IT procedure.
due process
(639) ___ ___ is a legal team that refers to how an organization must respect and safeguard personnel's rights.
Remote Access Trojans (RATs)
(64) ___ ___ ___ provide attackers with remote access to systems to maintain persistent access. These are similar to backdoors.
non disclosure agreement (NDA)
(640) ___-___ ___ is an agreement between two parties that defines what data is considered confidential and cannot be shared outside of the relationship.
service level agreement (SLA)
(641) ___-___ ___ is an agreement concerned with the ability to support and respond to problems within a given timeframe and continuing to provide the agreed upon level of service to the user.
interconnection security agreement (ISA)
(642) ___ ___ ___ is an agreement for the owners and operators of the IT systems to document what technical requirements each organization must meet.
business partnership agreement (BPA)
(643) ___ ___ ___ conducted between two business partners that establishes the conditions of their relationship.
Center Internet Security (CIS)
(647) ___ for ___ ___ is known as the "Top 20 Controls", it is a framework composed of 20 control groups covering topics that range from hardware inventory to penetration testing within an organization. The underlying thesis for the framework is to pare down the controls to those that are most critical, helping prevent organizations from becoming overwhelmed or choosing the wrong controls to apply to reduce risk.
Risk Management Framework (RMF)
(648) NIST ___ ___ ___ is a seven-step methodology that provides for risk management through the entire information systems life cycle.
ISO 27001
(649) ___ ___ covers Information Security Management Systems (ISMS). Infosec rules and requirements used by many governing bodies to create compliance/regulations.
worms
(65) Unlike trojans that require user interaction, ___ spread themselves without a user's actions. They can spread via e-mail attachments, network file shares, or other methods as well.
ISO 22301
(650) ___ ___ covers security and resilience, business continuity management.
ISO 27002
(651) ___ ___ covers Information Security Best Practices. It provides guidelines and suggestions for how to start or improve infosec at an organization.
ISO 27701
(652) ___ ___ covers Privacy Information Management. It is an extension to 27001 that outlines rules and regulations specifically tied to privacy.
ISO 31000
(653) ___ ___ covers Risk Management Best Practices. It provides generic suggestions for managing risk response within an organization.
system organization controls (SOC)
(654) ___ and ___ ___ is a suite of reports produced during an audit which is used by service organizations to issue validated reports of internal controls over those information systems to the users of those services.
internet control message protocol (ICMP)
(655) ___ ___ ___ ___ is the core protocol used by the ping and traceroute utilities for network diagnostics, and it should be disabled on the server.
20, 21
(657) File Transfer Protocol (FTP) uses ports ___ and ___.
22, 23
(658) Secure Shell (SSH) uses port ___ and Telnet uses port ___.
25
(659) Simple Mail Transfer Protocol (SMTP) uses port ___ to connect to and deliver mail between e-mail servers.
rootkits
(66) ___ are malware that is specifically designed to allow attackers to access a system through a backdoor. They target the boot loader or kernel. They are activated before booting the OS and are difficult to detect. The best practice is to boot from an external device and scan internal hard drive to detect any.
67, 68
(661) Dynamic Host Configuration Protocol (DHCP) uses ports ___ and ___.
69
(662) Trivial File Transfer Protocol (TFTP) uses port ___.
80, 443
(663) Hypertext Transfer Protocol (HTTP) uses port ___. Hypertext Transfer Protocol Secure (HTTPS) uses port ___
88
(664) Kerberos uses port ___.
110, 995
(665) Post Office Protocol version 3 (POP3) uses port ___ to allow clients to retrieve mail from an e-mail server which is not encrypted. The encrypted port for POP3 is ___ and works over TLS/SSL.
135
(666) Microsoft EPMAP (End Point Mapper), also known as DCE/RPC Locator service, used to remotely manage services including DHCP server, DNS server, and WINS uses port ___.
137, 139
(667) NetBIOS (Network Basic Input/Output System) uses ports ___ and ___.
143, 993
(668) Internet Message Access Protocol (IMAP) uses port ___ to allow clients to retrieve mail from an e-mail server which is not encrypted. Port ___ is the secure port for IMAP and it works over TLS/SSL encryption.
161, 162
(669) Simple Network Management Protocol (SNMP) uses ports ___ and ___.
backdoors
(67) ___ are methods or tools that provide access that bypasses normal authentication and authorization procedures, allowing access to systems, devices, or applications.
389
(670) Lightweight Directory Access Protocol (LDAP) uses port ___.
3389
(671) Remote Desktop Protocol (RDP) uses port ___.
passive, active
(672) ___ reconnaissance focuses on collecting information that is widely and openly available from publicly available sources. ___ reconnaissance involves interacting with the target.
diversion theft
(673) ___ ___ is when a thief attempts to take responsibility for a shipment by diverting the delivery to a nearby location.
prepending
(674) ___ is a technical method used in social engineering to trick users into entering their username and passwords by adding an invisible string before the weblink they click.
clean desk policy
(675) ___ ___ ___ is a policy where all employees must put away everything from their desk at the end of the day into locked drawers and cabinets.
log file
(676) A ___ ___ is a file that records either event that occur in an operating system or other software runs, or messages between different users of a communication software.
syslog, rsyslog, syslog-ng
(677) ___, ___, ___ are three variations of syslog which all permit the logging of data from different types of systems in a central repository.
journalctl
(678) ___ is a Linux command line utility used for viewing logs collected by systemd.
nxlog
(679) ___ is a multi-platform log management tool that helps to easily identify security risks, policy breaches or analyze operational problems in server logs, operation system logs and application logs.
bots, botnets
(68) ___ are remotely controlled systems or devices that have a malware infection. Groups of these are known as ___, which are used by attackers who control them to perform various actions, ranging from additional compromises and infection to denial-of-service attacks or acting as spam relays.
netflow
(680) ___ is a network protocol system created by Cisco that collects active IP network traffic as it flows in and out of an interface, including its point of origin, destination, volume and paths on the network.
sflow
(681) ___is a multi-vendor, packet sampling technology used to monitor network devices including routers, switches, host devices and wireless access points.
identification
(682) ___ ensures the scene is safe, secure the scene to prevent evidence contamination, and identify the scope of evidence to be collected.
collection
(683) ___ is used ensure authorization to collect evidence is obtained, and then document and prove the integrity of evidence as it is collected.
tracert, traceroute
(684) ___ is a network command-line utility in MS Windows that tracks and displays the route taken by IPv4 packets on their way to another host. ___ is the Linux command-line utility.
nslookup, dig
(685) ___ or ___ is a utility used to determine the IP address associated with a domain name, obtain the mail server settings for a domain, and other DNS information.
nmap
(686) ___ is the command-line tool used for discovering hosts and services on a network. It is capable of port scanning the network and determining what services are running on any hosts that are detected.
hping
(687) ___ is an open-source packet generator and analyzer for the TCP/IP protocol that is used for security auditing and testing of firewalls and networks.
netstat
(688) The ___ tool is a command-line utility that displays network connections for incoming and outgoing TCP packets, routing tables, and some network interface and network protocol statistics.
distributed denial, service (DDoS), denial, service (DoS)
(69) A ___ ___-of-___ attack comes from several different source IP addresses. Whereas a general ___-of-___ attack comes from one specific source attacker.
netcat
(690) ___ is a utility for reading from and writing to network connections using TCP or UDP which is a dependable back-end that can be used directly or easily driven by other programs and scripts.
nbstat
(691) The ___ command is a diagnostic tool for NetBIOS over TCP/IP used to troubleshoot NetBIOS name resolution problems.
route
(692) ___ is a utility that is used to view and manipulate the IP routing table on a host or server.
curl
(693) ___ is a command line tool to transfer data to or from a server, using any of the supported protocols.
theHarvester
(694) ___ is a tool used for gathering OSINT.
dnsenum
(697) ___ is a utility that is used for DNS enumeration to locate all DNS servers and DNS entries for a given organization.
tcpdump
(698) ___ is a packet-capture utility built into most modern Linux distributions, but is also found in some macOS and Windows ports. It's used to view network packets and to output to a file.
Jack, Ripper
(699) ___ the ___ is an open source password security auditing and password recovery tool available for many operating systems.
disclosure
(7) ___ is the exposure of sensitive information to unauthorized individuals, otherwise known as data loss.
keyloggers
(70) ___ are programs that capture keystrokes from keyboards, although applications may capture other input like mouse movements, touchscreen inputs, or credit card swipes from attached devices. Their goal is to capture user input to be analyzed and used by an attacker.
device manager, Remote Desktop Services
(700) ___ ___ is a system utility in Windows that enables you to perform advanced storage tasks. ___ ___ ___, known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to take control of a remote computer or virtual machine over a network connection.
chain, custody
(701) ___ of ___ forms list every person who has worked with or who has touched the evidence that is a part of an investigation. It refers to the requirement that all evidence be properly labeled with information on who secured and validated it.
legal hold
(702) If your legal counsel determines that evidence should be collected for any reason, be it a pending investigation, litigation, or other situation where evidence would be required, a ___ ___ must be formally initiated. It halts the usual backup and disposition processes, and immediately puts your personnel into data protection mode.
order, volatility
(703) ___ of ___ refers to prioritizing collection of data evidence that is less persistent and more volatile over collection of data evidence that is more persistent and less volatile.
processor cache, random access memory, swap file, hard drive USB drive
(704) The correct order for evidence collection is based on the order of volatility is the ___ ___, ___ ___ ___, ___ ___, and then the ___ ___ or ___ ___.
NTLM (New Technology LAN Manager), MD-5
(706) ___ & ___ both create a 128-bit fixed output.
air gaps
(707) ___ ___ are designed to remove connections between two networks to create physical segmentation between them. The only way to cross this is to have a physical device between these systems, such as using a removable media device to transfer files between them.
anonymization
(708) Data ___ is the process of removing personally identifiable information from data sets so that the people whom the data describe remain anonymous.
network access control (NAC)
(711) ___ ___ ___ uses a set of protocols to define and implement a policy that describes how to secure access to network nodes whenever a device initially attempts to access the network. It typically installs a user agent on the client that analyzes the system and compares its configuration to your policies.
data protection officer (DPO)
(712) The primary role of the ___ ___ ___ is to ensure that an organization processes the personal data of its staff, customers, providers, or any other individuals in compliance with the applicable data protection rules.
bracketing
(713) ___ is providing a high and low estimate in order to entice a more specific number.
confidential bait
(714) ___ ___ is pretending to divulge confidential information in hopes of receiving confidential information in return.
feigned ignorance
(715) ___ ___ is pretending to be ignorant of a topic in order to exploit the person's tendency to educate.
Denial, the obvious, deliberate false statements
(716) ___ of ___ ___ & ___ ___ ___ is saying something wrong in the hopes that the person will correct the statement with true information.
flattery
(717) ___ is using praise to coax a person into providing information.
null-pointer deference
(718) ___ ___ ___ describes an attempt to read a variable from an invalid memory address.
session ID
(719) A ___ ___ is a unique identifier assigned by the website to a specific user. It is a piece of data that can be stored in a cookie, or embedded as an URL parameter. It is also stored in a visitor's browser.
logic bombs
(72) ___ ___, unlike the other types of malware described here, are not independent malicious programs. Instead, they are functions or code that are placed inside other programs that will active when set conditions are met.
operational technology
(720) ___ ___ DDoS attacks target industrial equipment and infrastructure.
.ps1
(721) ___ lists the filename of a Microsoft PowerShell script file.
.py
(722) ___ refers to a filename extension used in a cross-platform, general-purpose programming language.
.sh
(723) __ refers to a script file type designed to be run in a Unix command line.
VBA
(724) ___ enables running macros in Microsoft Office applications.
.vbs
(725) Files with the ___ filename extension are used in a scripting language based on the Microsoft's Visual Basic programming language.
criminal syndicates
(726) ___ ___ are threat actors whose sole intent behind breaking into a computer system or network is monetary gain.
Automated Indicator Sharing (AIS)
(727) ___ ___ ___ is a service the Cybersecurity and Infrastructure Security Agency (CISA) provides to enable real-time exchange of machine-readable cyber threat indicators and defensive measures between public and private-sector organizations.
comments (RFC)
(728) A type of formal document that describes the specifications for a particular technology is known as request for ___.
proposal (RFP)
(731) Request for ___ is used when you know you have a problem but don't know how you want to solve it.
quote (RFQ)
(732) A request for ___ is a document that businesses send to potential suppliers in order to learn more about their pricing information. This standardized form helps companies sort through bids more effectively because its objectivity makes it easier to compare and contrast vendors.
tactics, techniques, procedures (TTPs)
(733) ___, ___, and ___ is the term used by cybersecurity professionals to describe the behaviors, processes, actions, and strategies used by a threat actor to develop threats and engage in cyberattacks.
managed service providers (MSP)
(734) A ___ ___ ___ is used when a company needs IT services but lacks any IT personnel.
managed security service provider (MSSP)
(735) A ___ ___ ___ refers to a third-party vendor offering IT security management services.
containerization
(736) ___ refers to the concept of virtualization on an application level. It is a software deployment process that bundles an application's code with all the files and libraries it needs to run on any infrastructure.
software development kit (SDK)
(737) A ___ ___ ___ is a set of software tools and programs provided by hardware and software vendors that developers can use to build applications for specific platforms.
vulnerability scanning
(738) ___ ___ identifies the lack of security controls, identifies common misconfigurations, and passively tests security controls.
penetration
(739) ___ testing bypasses security controls, actively tests security controls, and exploits vulnerabilities.
trigger, payload
(74) Viruses also typically have both a ___, which sets the conditions for when the virus will execute, and a ___, which is what the virus does, delivers, or the actions it performs.
dd
(756) ___ is a Linux command-line utility that can be used in the forensic process for creating and copying image files. Once the image is created using dd, a hash of the file should be made and placed into evidence to validate the integrity of the disk image that was created.
WinDump
(758) ___ is a multi-function disk and binary data editor used for low-level data processing, data recovery, and digital forensics.
FTK imager
(759) ___ refers to a tool for creating forensic images of computer data. They can create a perfect copy or forensic image of computer data without making changes to the original evidence.
awareness training
(778) With ___ ___, users can recognize the signs of suspicious messages, viruses, malware, and phishing links that should be brought to the attention of the administrator before they spread through the company's network. This can be effective even if there are no signatures available for a threat.
screened subnet
(779) A ___ ___ can host important servers on a secure network behind the firewall but does not offer client policies. It is also called a DMZ.
potentially unwanted program (PUP)
(78) While many types of malware infections are malicious, ___ ___ ___ are programs that may not be wanted by the user but are not as dangerous as other types of malware. It is an application downloaded and installed with the user's consent (legal app). It is also a type of computer program not explicitly classified as malware by AV software.
tabletop
(780) A ___ exercise requires the involved parties to gather and step through a scenario to discern weaknesses in the plan. These exercises are generally paper based, meaning that no actual steps are undertaken.
risk likelihood, impact
(781) ___ ___ and ___ of the risk has direct bearing on how much you want to budget for appropriate security controls to prevent the risk from occurring.
mean time, repair (MTTR)
(782) The ___ ___ to ___ is the average length of time from the moment a device or service fails until it is repaired.
mean time between failures (MTBF)
(783) The ___ ___ ___ ___ is the average length of time a specific device is expected to work until it fails.
recovery time objective (RTO)
(784) The ___ ___ ___ is the maximum amount of time that is considered tolerable for a service or certain business function to be unavailable.
recovery point objective (RPO)
(785) The ___ ___ ___ is the maximum acceptable amount of lost data as a result of an outage or disaster.
jump server
(786) A ___ ___ is a server that authenticates the users before they can access a network. It is like a gatekeeper. After the users authenticated, they can access the network with fewer restrictions. If the jump server is compromised, the attacker virtually has access to the entire network.
fog computing
(787) ___ ___ refers to a local network infrastructure between IoT devices and the cloud designed to speed up data transmission and processing.
edge computing
(788) ___ ___ is a networking technology that enables devices in remote locations to process data and perform actions in real time. It works by minimizing network latency through processing most data at the "edge" of the network—such as by the device itself or by a nearby server—and only sending the most relevant data to the main datacenter for near-instant processing.
virtual private cloud (VPC)
(789) A ___ ___ ___ is a private cloud located inside a public cloud that enables you to experience the benefits of a virtualized network while using public cloud resources.
adversarial artifical intelligence
(79) ___ ___ ___ is a developing field where artificial intelligence is used by attackers for malicious purposes.
authenticator application
(790) An ___ ___ is a software that generates additional authentication token (in the form of a random code) used in multi-step verification process.
Managed Power Distribution Unit (Managed PDU)
(791) ___ ___ ___ ___ refers to a device designed to distribute (and monitor the quality of) electric power to multiple outlets.
dual-power supply
(792) A ___ ___ would add power redundancy on a server box.
storage area network (SAN)
(793) A ___ ___ ___ transfers data between the server and the storage device. It also allows data to be shared between the storage systems. Information in organizations is expanding at an accelerated rate. Organizations currently use storage systems to store this data.
internet connection sharing (ICS)
(794) An ___ ___ ___ is a Windows service that enables one Internet-connected computer to share its Internet connection with other computers on a local area network (LAN).
integer overflow
(795) An ___ ___ occurs when you attempt to store inside an integer variable a value that is larger than the maximum value the variable can hold.
green hat
(796) A ___ ___ hacker is a newbie in the hacking world. As such, green hat hackers may not be as familiar with all the security mechanisms companies or individuals may be using.
blue hat
(797) A ___ ___ hacker is security experts who use their skills to identify potential security vulnerabilities in a company's network or system.
syslog server
(798) A ___ ___, also known as the syslog collector or receiver, centrally stores the syslog messages and SNMP traps from various network devices. With centralized storage, you can easily search, filter, and view the syslog messages.
thin client
(799) A ___ ___ is a type of client/server computing in which applications are run, and data is stored, on the server rather than on the client.
alteration
(8) ___ is the unauthorized modification of information and is a violation of the principle of integrity.
social engineering
(80) ___ ___ is the practice of manipulating people through a variety of strategies to accomplish desired actions.
snap-in
(800) A ___ is a software module for the Microsoft Management Console (MMC) that provides administrative capabilities for a particular type of device.
cybersecurity emergency response team (CERT), computer security incident response team (CSIRT)
(801) ___ ___ ___ ___ or ___ ___ ___ ___ ___ are the first responders in the event of a cyberattack.
Internet Engineering Task Force (IETF)
(802) The ___ ___ ___ ___ is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP).
Telecommunications Electronics Material Protected, Emanating Spurious Transmissions (TEMPEST)
(808) ___ ___ ___ ___ from ___ ___ ___ was a classified project of the U.S. government designed to research how some devices like computers throw off electromagnetic radiation (EMR) that could compromise data security. These emanations are often called compromising emanations or compromising emissions.
electronic code block (ECB)
(809) ___ ___ ___ is a simple mode of operation with a block cipher that's mostly used with symmetric key encryption. It is a straightforward way of processing a series of sequentially listed message blocks. The input plaintext is broken into numerous blocks.
authority
(81) ___, which relies on the fact that most people will obey someone who appears to be in charge or knowledgeable, regardless of whether or not they actually are.
Self-Encrypting Drive (SED)
(810) A ___ ___ is a storage device that performs whole disk encryption by using embedded hardware.
Structured Exception Handling (SEH)
(811) ___ ___ ___ is an exception handling mechanism included in most programs to make them robust and reliable. It is used to handle many types of errors and any exceptions that arise during the normal execution of an application.
Full Disk Encryption (FDE)
(812) ___ ___ ___ is a security safeguard that protects all data stored on a hard drive from unauthorized access using disk-level encryption. With FDE, all data is encrypted by default, taking the security decision out of the hands of the user.
Encryption File System (EFS)
(813) ___ ___ ___ is a Windows feature that allows users to encrypt information on hard disks, external flash disks, CDs, DVDs, backup tapes, and other forms of physical media.
File Transfer Protocol Secure (FTPS)
(814) ___ ___ ___ ___ is an extension of the popular File Transfer Protocol that supports Transport Layer Security (TLS) and the new defunct Secure Sockets Layer (SSL). It uses port 21.
Secure File Transfer Protocol (SFTP)
(815) ___ ___ ___ ___ is a protocol for securely uploading and downloading files to and from a remote host. Based on SSH security. It uses port 22 with SSH.
sideloading
(816) Installing mobile apps from websites and app stores other than the official marketplaces is referred to as ___.
Cloud Access Security Broker (CASB)
(817) ___ ___ ___ ___ is a software tool or service that enforces cloud-based security requirements. It is placed between the organization's resources and the cloud, monitors all network traffic, and can enforce security policies.
IP Flow Information Export (IPFIX)
(818) ___ ___ ___ ___ was created as a more universal solution to collecting and analyzing vital network data. It is almost the same as netflow.
data sharing, use agreement (DSUA)
(819) A ___ ___ and ___ ___ state that personal data can only be collected for a specific reason. This agreement can specify how a dataset can be analyzed and proscribe the use of reidentification techniques.
intimidation
(82) ___ relies on scaring or bullying an individual into taking a desired action. The individual who is targeted will feel threatened and respond by doing what the social engineer wants them to do.
SYN flood
(820) A ___ ___ is a variant of a DOS attack where the attacker initiates multiple TCP sessions but never completes the 3-way handshake.
zombie
(821) A ___ is a computer connected to the internet that has been compromised by a hacker, computer virus, or trojan horse program and can be used to perform malicious tasks of one sort or another under remote direction.
sponsored authenticaiton
(822) ___ ___ of guest wireless devices requires a guest user to provide valid identification when registering their wireless device for use on the network.
Type II
(823) SOC2 ___ ___ is an audit/test/report that assesses how effective those controls are over time by observing operations for six months.
1701
(824) L2TP is an extension of the Point-to-Point Tunneling Protocol (PPTP) used by internet service providers to enable virtual private networks (VPNs). It uses UDP port ___.
3306
(825) MySQL is used by the MySQL client, MySQL Connectors, and utilities such as mysqldump and mysqlpump. It uses port ___.
Nessus
(826) ___ is a popular vulnerability scanner. It can be used to check how vulnerable your network is by using various plugins to test for vulnerabilities.
Smurf
(827) A ___ attack is a network layer distributed denial of service (DDoS) attack in which an attacker attempts to flood a targeted server with Internet Control Message Protocol (ICMP) packets.
implicit deny
(828) ___ ___ will ensure that anything not specifically allowed in the rules above is blocked.
implicit allow
(829) ___ ___ will allow anything into the network that is not specifically denied.
consensus
(83) ___-based social engineering uses the fact that people tend to want to do what others are doing to persuade them to take an action.
infrastructure, code
(830) ___ as ___ is designed with the idea that a well-coded description of the server/network operating environment will produce consistent results across an enterprise and significantly reduce IT overhead costs through automation while precluding the existence of security vulnerabilities.
wget
(831) The ___ command is a command-line utility for downloading files from the Internet.
touch
(832) The ___ command is a standard command used in the UNIX/Linux operating system used to create, change, and modify timestamps of a file.
XML injection
(834) ___ ___ manipulates or compromises the logic of an XML application or service.