MILE 2 Key Concepts(Key Concept Flashcards)

 Flashcard Set 1

Define: Access Profile

An access profile is information about a user that is stored on a computer, including their password and name as well as what they are allowed access to.

Define: Access point

An access point is a computer networking device which allows a wi-fi compliant device to connect to a wired network and usually connects via a router.

Define: Acceptable use policy

Acceptable use policy is a policy that defines the level of access and degree of use of the organization’s network or internet by the members of an organization.

Define: Access path

An access path is a logical order that directs to the location on the computer where an object such as webpage, file etc., is stored.

What is an access control list?

A set of rules or instructions to inform the operating system about the access constraints for users or user groups, so that the operating system knows whether or not a user id has permission to access a file or a directory.

Define: Transmission control protocol tcp

Transmission control protocol (tcp) is a set of rules or protocol that is used along with the internet protocol to send data in the form of message units between computers over the internet. Whereas the ip protocol deals only with packets, tcp enables two hosts to establish a connection and exchange streams of data. Tcp takes care of keeping track of the individual units of data called packets. Tcp guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent. It originated in the initial network implementation in which it complemented the internet protocol (ip). Therefore, the entire suite is commonly referred to as tcp/ip.

Define: Transport layer security tls

Transport layer security (tls) is a protocol that ensures privacy between communicating applications and the users on the internet. When a server and client communicate, tls ensures that no third party may overhear or tamper with any message. Tls is the successor to the secure sockets layer (ssl).

Define: Transport layer security tls

Transport layer security (tls) is a protocol that ensures privacy between communicating applications and the users on the internet. When a server and client communicate, tls ensures that no third party may overhear or tamper with any message. Tls is the successor to the secure sockets layer (ssl).

Define: Triple des

Triple des (3des) is the common name for the triple data encryption algorithm (tdea or triple dea) symmetric-key block cipher, which applies the data encryption standard (des) cipher algorithm three times to each data block. It transforms each 64-bit plaintext block by applying the des three successive times, using either two or three different keys, for an effective key length of 112 or 168 bits.

Define: Triple wrapped

Triple wrapped describes any data that has been signed with a digital signature, encrypted, and then signed again is called triple-wrapped.

Define: Advanced encryption standard aes

An advanced data encryption algorithm that employs key sizes of variable length in the range of 128 – 256 bits. Advanced encryption standards help protect highly sensitive data such as financial information, and classified government records.

Define: Administrative Safeguards

Administrative safeguards are a special set of the hipaa security rules. Administrative safeguards focus on internal organization, policies and procedures and the maintenance of security managers which are in place to protect sensitive patient information.

Define: Ad hoc network

An ad hoc network is a local area network (lan) that spontaneously builds as devices connect. An ad hoc network does not rely on a base station to coordinate different points, rather the individual base nodes forward packets to and from each other.

Define: Active security testing

Active security testing is security testing which involves directly interacting with a target, such as sending packets

Define: Active Security Testing

Active security testing is security testing which involves directly interacting with a target, such as sending packets

Define: Alert Situation

An alert situation is when the interruption in an enterprise is not resolved even after the competition of the threshold stage, an alert situation requires the enterprise to start escalation procedure.

Define: Adware

Adware is software distributed to the user free of cost with advertisements embedded into them. As such, it displays advertisements, and redirects your queries to sponsor’s websites. Adware helps advertisers collect data for marketing purposes, without your permissions to do so. A user can disable ad pop-ups by purchasing a registration key.

Define: Adversary

An adversary is a process, user or device that possesses a threat to the network.

Define: Advanced persistent threat

Advanced persistent threat is a user or a program that has highly sophisticated techniques and intends to pursue them with a malicious intent.

Define: Advanced penetration testing

Advanced penetration testing is the process of testing a network to discover vulnerabilities which make it open to harmful intruders; then addressing and remedying the issues.

Define: App attack

An app attack occurs when a user unknowingly installs a harmful app on their tablet or smartphone and the app in turn steals their personal data.

Define: Anti virus software

Antivirus software is a program or a set of programs that help prevent any malicious object, code, program from entering your computer or network. If any such malicious programs enter your computer, antivirus software helps detect, quarantine, or remove such programs from the computer or networks.

Define: Anti malware

Anti-malware is a program designed to protect computers and networks against any threats or attacks from viruses such as adware, spyware, and any such other malicious programs.

Define: Alternate process

An alternate process is a back-up process devised to help continue a business critical process without any interruption, from the time the primary enterprise system breaks down to the time of its restoration.

Alternate facilities

Alternate facilities are secondary facilities including offices, data processing centers etc., from where high- priority emergency tasks can be performed, delivered when primary facilities are interrupted, unavailable.

Attack

An attack is an action with malicious intention to interrupt the operations of a network or steal the data, etc.

Define: Asymmetric key public key

An asymmetric key (public key) is a security measure that uses two keys to ensure the confidentiality of a message. One key encrypts the message, while the other key decrypts it.

Define: Asset

An asset is the resources of an organization, business either having tangible value – finance, infrastructure, physical properties, human resource – or of intangible value such as goodwill that helps business and can be converted to cash for future use.

Define: Architecture

Architecture is a structure that defines or describes the very fundamentals of a system or an organization, its components, the relationship between each of these components, their relationship to the overall system, and finally, their effectiveness in guiding the system towards its goals.

Define: Application layer

An application layer is one of the seven layers in the open-system interconnection (osi) model of the tcp/ip protocol suite. Application layer defines the way process-to-process communication happens in a network; it only offers a strong communication interface and end user services.

Flashcard Set 2

Define: Authentication

Authentication is the process of identifying a piece of information, the veracity of information provided. In computers, it is the process of identifying a person or system with the username; password, etc. Authentication helps individuals; systems gain authorization based on their identity.

Define: Audit trail

An audit trail is a detailed history of transactions to help you trace a piece of information back to its origin. In the field of computers, audit trail or paper log, helps maintain security, recover any lost data.

Define: Attenuation

Attenuation is the weakening of signal strength, analog or digital, especially when transmitted over long distances.

Define: Attack vector

An attack vector is a means and ways by which an attacker gains entry into the target system. Attackers mainly use the human element or the weak links to gain such access.

Define: Attack mechanism

An attack mechanism is a system or strategy by which a target is hit; the attacker may use different attack mechanisms such as a container or payload to hit the intended target.

Define: Banner

A banner is a display on an information system that sets the parameters for system or data use.

Define: Bandwidth

Bandwidth is the volume of data or information that can pass through a network for a given period, and is usually measured in bits per second.

Define: Backdoor

A backdoor or trapdoor is a process to gain unauthorized access to a computer or a network. A programmer may bypass security steps and gain access to a computer by trapdoor programs, in the event of an attack on the computer system or networks. Attackers may also use such mechanisms to enter computers or networks without proper permission.

Define: Availability

Availability is the time duration a system or resource is ready for use.

Define: Authenticity

Authenticity is the proof or validity that a claimed identity (whether human or a resource) is real and legitimate.

Define: Behavioral outcome

A behavioral outcome is what an individual who has completed a specific training module is expected to accomplish on regular IT security job performance.

Define: Bastion

A bastion is a system of high level of security protection; such a system offers very strong protection against attacks.

Define: Bastion host

A bastion host is a special services computer on a network that is designed to withstand attacks.

Define: Baseline security

Baseline security is the minimum set of security controls required for safeguarding an it system. Baseline security is based upon a system’s identified needs for confidentiality, integrity and availability protection.

Define: Banner grabbing

Banner grabbing is the process of grabbing banner information such as the application type and version. This information is then transmitted by a remote port when a connection is initiated.

Define: Block cipher

A block cipher is a method used to cipher text information by encrypting data in blocks, strings, or groups at a time rather than encrypting individual bits.

Define: Blended attack

A blended attack is a hostile action with the intent of spreading malicious code.

Define: Black core

A black core is a communication network architecture in which user data traversing a global internet protocol (ip) is end-to-end encrypted at the ip layer.

Define: Bit error rate

A bit error rate is the ratio between the number of bits incorrectly received and the total number of bits transmitted in a telecommunications system.

Define: Biometrics

Biometrics are a security system, which takes into account the unique physiological characteristics of a person such as fingerprints, dna, hair, etc., for identification purposes.

Define: Brute force

Brute force is a computing method that relies on strong algorithms and computing techniques to find the ultimate solution to a given issue.

Define: Broadcast

A broadcast is a process of transmitting the same message to multiple users simultaneously.

Define: Bridge

A bridge is an electronic device that connects two networks such as lan that uses the same protocol such as ethernet or token ring, and creates two distinct lan’s or wide area networks. Operating at the data link layer of the open system interconnect model, bridges have the ability to filter the information and can pass such information to the right nodes, or decide not to pass any information. They also help in streamlining or reducing the volume of traffic on a lan by dividing the data into two segments.

Define: Botnet

A botnet is a remote controlled robotic network or a network of computers set up to further attacks such as spam, virus, etc., to the target computers or networks. Attackers use various malicious programs, viruses to take control of computers and form a botnet or robotic network; the owners of such member computers may be unaware that their computer carries and forwards such a threat.

Define: Block cipher algorithm

A block cipher algorithm is a family of functions and their inverses parameterized by a cryptographic key in which the function maps bit strings of a fixed length to bit strings of the same length.

Define: Certificate authority

A certificate authority (ca) is an independent third party that verifies the online identity of an entity. They issue digital certificates that contain information about the owner of the certificate and details of the certificates, thus verifying the identity of the owner.

Define: Central services node

A central services node is the key management infrastructure core node that provides central security management and data management services.

Define; Business impact analysis assessment

Business impact analysis assessment A business impact analysis/assessment is the process of evaluating and identifying risks and threats that a business might face in the event of an accident, disaster, or an emergency. It evaluates the possible risk to tangible and intangible assets such as personal, infrastructure, data and goodwill. In addition, it offers steps needed to recover from any such disasters.assessment

Define: Business continuity plan

A business continuity plan is also known as a business emergency plan, it offers safeguards against a disaster, and outlines the strategies, action plan on how to continue business as usual in the event of any disaster.

Define: Buffer Overflow

A buffer overflow is when a program tries to store an excess amount of data to a buffer than it can hold, as there is a limit on how much data a buffer can hold, the surplus data overflows to the adjoining buffers. Thus, overwriting the data stored in those buffers, and triggering unpredictable consequences.

Flashcard Set 3

Define: Exploitable channel

a channel that allows the violation of the security policy governing an information system and is usable or detectable by subjects external to the trusted computing base.

Define: External network

a network not controlled by the organization.

Define: External security testing

security testing conducted from outside the organization’s security perimeter.

Define: Forensics

the practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data.

Define: Forward cipher

one of the two functions of the block cipher algorithm that is determined by the choice of a cryptographic key.

Define: Freeware

an application, program, or software available for use at no cost.

Define: Full disk encryption fde

the process of encrypting all the data on the hard disk drive used to boot a computer, including the computer’s operating system, and permitting access to the data only after successful authentication with the full disk encryption product.

Define: Graduated security

a security system that provides several levels (e.g., low, moderate, high) of protection based on threats, risks, available technology, support services, time, human concerns, and economics.

Define: Group authenticator

used sometimes in addition to a sign-on authenticator, to allow access to specific data or functions that may be shared by all members of a particular group.

Define: Guard system

a mechanism limiting the exchange of information between information systems or subsystems.

Define: Guessing entropy

a measure of the difficulty that an attacker has to guess the average password used in a system.

Define: Guideline

a general rule or a piece of advice required to follow in order to accomplish the set goals of an organization.

Define: Hybrid encryption

a method of encryption that combines two or more encryption algorithms or systems.

Define: Hybrid security control

a security control that is implemented in an information system in part as a common control and in part as a system-specific control.

Define: Hyperlink

could be a word, a phrase, or an image that refers to data or related information that the user can directly follow either by clicking or by hovering.

Define: Hypertext markup language html

a set of markup symbols or codes that are inserted in a file intended for display on a world wide web (www) browser page.

Define: Hypertext transfer protocol http

This protocol defines how messages are formatted and transmitted on the internet and what actions web servers and browsers should take in response to various commands.

Define: Ip flood

a type of denial of service attack where the victim or system is flooded with information that uses up all the available bandwidth and prevents legitimate users from access.

Define: Ip spoofing

It is a hijacking technique where a hacker impersonates as a trusted host to conceal his identity, spoof a website, hijack browsers, or gain access to a network.

Define: Ip forwarding

It is a process used to determine using which path a packet or datagram can be sent.

Define: Iso

an international standard-setting body that is composed of voluntary representatives from various national standards organizations.

Define: Issue specific policy

is intended to address specific needs within an organisation, such as a password policy.

Define: Itu t

one of the three sectors of the international telecommunication union (itu).

Define: Jitter

any deviation in, or displacement of, the signal pulses in a high-frequency digital signal.

Define: Jump bag

a container that has all the items necessary to respond to an incident inside to help mitigate the effects of delayed reactions.

Define: Kerberos

a computer network authentication protocol and is ticket-based allowing nodes to communicate over a non-secure.

Define: Kernel

an essential center of a computer operating system, the core that provides basic services for all other parts of the operating system.

Define: Loadable kernel modules

an object file that contains code to extend the running kernel or the base kernel of an operating system.

Define: Log clipping

the selective removal of log entries from a system log to hide a compromise.

Define: Logic bombs

a piece of code that is deliberately inserted into a system to trigger a malicious program.

Flashcard Set 4

Define: Logic gate

an elementary building block of a digital circuit. This device is used to implement a boolean function.

Define: Loopback address

a pseudo address that sends outgoing signals back to the same computer for testing.

Define: Monoculture

the case where a large number of users run the same software, and are vulnerable to the same attacks.

Define: Morris worm

was written by a graduate student at cornell university, robert tappan morris, and launched on november 2, 1988 from mit.

Define: Multi homed

any computer host that has multiple ip addresses to connected networks.

Define: Multicast

a method of sending packets of data to a group of receivers in a single transmission.

Define: Multiplexing

a technique by which multiple analog or digital data streams are combined into one signal over a shared medium.

Define: Network mapping

the study of physical connectivity of networks.

Define: Network taps

hardware devices that help in accessing the data flow across a computer network.

____________ is a character that doesn’t have a corresponding character letter to its corresponding ascii code.

Non printable character

____________ refers to the ability of a system to prove that a specific user and only that specific user sent a message and that it hasn’t been modified.

Non repudiation

____________ is also known as anonymous logon. It is a method that allows an anonymous user to retrieve information such as user names and share this over the network, or connect without authentication.

Null session

____________ is a unit of digital information that consists of eight bits.

Octet

____________ is designed in a manner that it is hard to reverse the process, that is, to find a string that hashes to a given value.

One way encryption

____________ is a routing protocol for ip networks and uses a link-state routing algorithm.

One way function

____________ model defines a networking framework to implement protocols in seven layers.

Osi layers

____________ is an iso standard for worldwide communications.

Osi

____________ is defined as the limitation of system operation by excessive burden on the performance capabilities of a system component.

Overload

____________ is a server that acts as an intermediary for requests from clients seeking resources from other servers.

Proxy server

A ____________ is the publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography.

Public key

____________ is also known as asymmetric cryptography.

Public key encryption

____________ is a key agreement protocol based on asymmetric cryptography.

Public key forward secrecy pfs

____________ is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption.

Public key infrastructure pki

____________ is a network worm.

Qaz

____________ is a device that forwards or transfers data packets across networks.

Router

The ____________ defines a manner for routers to share information on how to route traffic among various networks.

Routing information protocol rip

____________ is where two or more poorly configured routers repeatedly exchange the same data packet over and over.

Routing loop

____________ determine which rpc services are running on a machine.

Rpc scans

____________ targets actions based on rules for entities operating on objects.

Rule set based access control rsbac

In ____________, a user cannot write data to higher or lower classifications levels than their own.

Strong star property

Flashcard Set 5

Define: Sub network

A separately identifiable part of a larger network that typically represents a certain limited number of host computers, the hosts in a building or geographic area, or the hosts on an individual local area network.

____________ is used to determine the number of bits that are used for the subnet and host portions of the address. It is used as a screen of numbers used for routing traffic within a subnet. Once a packet has arrived at a gateway or connection point with its unique network number, it can be routed to its destination within the internal gateways using the subnet number.

Subnet mask

____________ is also called switching hub, bridging hub, officially mac bridge. It is a computer networking device that connects devices together on a computer network by using packet switching to receive, process and forward data to the destination device.

Switch

____________ is a fully switched network is a computer network that uses only network switches rather than network hubs on ethernet local area networks. The switches allow for a dedicated connection to each workstation. A switch allows for many conversations to occur simultaneously.

Switched network

____________ are sometimes also known as symlinks. Symbolic links are essentially advanced shortcuts that point to another file.

Symbolic links

____________ is a branch of cryptography involving algorithms that use symmetrical keys for two different steps of the algorithm. Symmetric cryptography is called secret-key cryptography because the entities that share the key.

Symmetric cryptography

____________ is a cryptographic key that is used in a symmetric cryptographic algorithm.

Symmetric key

____________ is a type of denial-of-service attack in which an attacker sends a succession of syn requests to a target’s system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.

Syn flood

____________ is the signal made up of a distinctive pattern of bits that network hardware looks for to signal that start of a frame. Synchronization refers to one of two distinct but related concepts: synchronization of processes, and synchronization of data.

Synchronization

____________ is a widely used standard for message logging facility in unix systems. It permits separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them.

Syslog

____________ is a digital circuit using tdm (time-division multiplexing).

T1 t3.

____________ is defined as deliberately trying to change or alter a system’s logic, data, or control information to cause the system to perform unauthorized functions or services.

Tamper.

____________ is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may be used to infer the remote machine’s operating system (os), or incorporated into a device fingerprint.

Tcp fingerprinting.

____________ checks each and every port after performing a full three-way handshake on each port to determine if it was open.

Tcp full open scan.

____________ determines if a port is open by performing the first half of a three-way handshake. It is also referred to as the syn scanning.

Tcp half open scan.

____________ is a software package that is used to restrict access to certain network services based on the source of the connection

Tcp wrapper

____________ is a freeware protocol analyzer for unix systems that can monitor network traffic on a wire. It allows the user to display tcp/ip and other packets being transmitted or received over a network.

Tcpdump

____________ is a basic communication language or protocol of the internet and can be used as a communications protocol in a private network as well (either an intranet or an extranet).

Tcp ip

____________ is a tcp-based, application-layer, internet standard protocol and an essential tcp/ip protocol for accessing remote computers. Through telnet, an administrator or another user can access someone else’s computer remotely.

Telnet

____________ is a possible danger that might exploit a vulnerability to violate security protocols and thus, cause possible harm. A threat can be either deliberate (example, an individual cracker or a criminal organization) or accidental (example, the possibility of a computer malfunctioning, or the possibility of a natural disaster such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event.

Threat

____________ is a structured process used to identify and evaluate various risks or threats that an organization might be exposed to.

Threat assessment

____________ is a process that is used to optimize network security by identifying the key objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system or network.

Threat model

____________ is a methodology that a threat uses to get to the target.

Threat vector

____________ is a mechanism that limits the lifespan of data in a computer or network. Ttl is generally implemented as a counter or time stamp attached to or embedded in the data. Ttl value in an ip data packet tells a network router whether or not the packet has been in the network too long and should be discarded.

Time to live

____________ is ip fragmentation that is the process of breaking up a single internet protocol (ip) datagram into multiple packets of smaller size.

Tiny fragment attack

____________ is an authentication method that offers additional security. Using this method, each user has a smart card or token that either displays a constantly changing password, passkey, or buttons that calculate a new password based on a challenge phrase. Without this card or token, it is impossible to authenticate yourself to the system. This two-factor authentication provides additional security by requiring an attacker to both guess the user’s password and steal the smart card or token that is used to access the system.

Token based access control

____________ is known by several names such as, hardware token, authentication token, usb token, cryptographic token, software token, virtual token, or key fob. A security token may be a physical device that an authorized user is given to access a system or network. Security tokens are used to prove one’s identity electronically and are used in addition to or in place of a password to prove that the customer is who they claim to be. The token acts like an electronic key to access something.

Token based devices

____________ is a local area network in which all computers are connected in a ring or star topology and a binary digit or token-passing scheme is used in order to prevent the collision of data between two computers that want to send messages at the same time. It uses a special three-byte frame called a “token” that travels around a logical “ring” of workstations or servers.

Token ring

____________ is the geometric arrangement of a computer system. Common topologies include a bus, star, and ring. Two networks have the same topology if the connection configuration is the same, although the networks may differ in physical interconnections, distances between nodes, transmission rates, and/or signal types.

Topology

____________ is a tool that maps the route a packet takes from the local machine to a remote destination. The history of the route is recorded as the round-trip times of the packets received from each successive host (remote node) in the route (path). The sum of the mean times in each hop indicates the total time spent to establish the connection.

Traceroute tracert exe