Chapters 1 & 3
Any data about an individual that could be used to identify them (1.1)
What is personally identifiable information? (PII)
The physical parts of a computer and related devices (4.1)
What is hardware?
An attack that attempts to misdirect legitimate users to malicious websites through the abuse of URLs or hyperlinks in emails (4.2)
What is phishing?
This is created by switches to logically segment a network without altering its physical topology (4.3)
What is a virtual local area network? (VLAN)
The process of converting a ciphertext message block back into plaintext through the use of cryptographic algorithm and the appropriate key (5.1)
What is decryption (or deciphering)?
Any circumstance or event with the potential to adversly impact organizational operations; OR something or someone that aims to exploit a vulnerability to thwart protection efforts (1.2)
What is a threat?
The secure alternative port to Telnet's port 23 (4.1)
What is port 22? (SSH)
Malware used for the purpose of facilitating a ransom attack (4.2)
What is ransomware?
This type of cloud is generally developed and deployed for a private organization that builds its own cloud, and so is responsible for all management (4.3)
What is a private cloud?
What is degaussing?
A professional organization that sets standards for telecommunication, computer engineering, and similar disciplines (1.4)
What is the Institute of Electrical and Electronics Engineers? (IEEE)
This type of attack consists of faking the sending address of a transmission to gain illegal entry into a secure system (4.1)
What is a spoofing attack?
A special type of active IDS that automatically attempts to detect and block attacks before they reach target systems (4.2)
What is an intrusion prevention system? (IPS)
A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources with minimal management effort or interaction (4.3)
What is cloud computing?
A catalog or registry of all the information assets that the organization is aware of (5.2)
What is an inventory?
An entity with authorized access that has the potential to harm an information system (3.1)
What is an insider threat?
The secure alternative port to LDAP's port 389 (4.1)
An intrusion detection system that monitors a network by observing network traffic patterns (4.2)
What is a network-based intrusion detection system? (NIDS)
A cloud service model which provides an environment for customers to use to build and operate their own software (4.3)
What is platform as a service (PaaS)?
A security policy that defines acceptable use of the organization's network and computer systems (each employee should be required to sign a copy) (5.3)
What is an acceptable use policy? (AUP)
An architectural approach to the design of buildings and spaces which emphasizes passive features to reduce the likelihood of criminal activity (3.2)
What is crime prevention through environmental design? (CPTED)
The layer of the network model that is responsible for managing the integrity of a connection and controlling a session (4.1)
What is the upper (or host/application) layer?
The GUI for the Nmap security scanner, an open-source application that scans networks (4.2)
What is Zenmap?
Networks that are often microsegmented with firewalls at nearly every connecting point, removing the design belief that the network has any trusted space (4.3)
What are zero trust networks?
A type of security training activity that attracts and engages a learner's attention by acquainting him with aspects of an issue or concern (5.4)
What are awareness activities?