Hack and Cheese
Sending an unsolicited message or picture message using a Bluetooth connection.
What is Bluejacking?
The size of a cryptographic key in bits, where longer keys generally offer better security.
What is Key length?
An access control model where resources are protected by inflexible, system-defined rules.
What is Mandatory access control (MAC)?
Information that is primarily stored on specific media, rather than moving from one medium to another.
What is Data at rest?
Identifying, testing, and deploying OS and application updates, often classified as critical, security-critical, recommended, and optional.
What is Patch management?
A social engineering tactic where a team will communicate a lie or half-truth to get someone to believe a falsehood.
What is Pretexting?
Installing an app to a mobile device without using an app store.
What is Sideloading?
A de-identification method where a unique token is substituted for real data.
What is Tokenization?
An access control model where each resource is protected by an access control list managed by the resource’s owner.
What is Discretionary access control (DAC)?
Information that is being transmitted between two hosts, such as over a private network or the Internet.
What is Data in transit (or data in motion)?
The process and supporting technologies for tracking, controlling, and securing the organization’s mobile infrastructure.
What is Mobile device management (MDM)?
A social engineering attack where an attacker pretends to be someone they are not.
What is Impersonation?
Removing the protective seal and any OS-specific restrictions to give users greater control over the device.
What is Jailbreaking?
A technique that strengthens potentially weak input for cryptographic key generation against brute force attacks.
What is Key stretching?
An access control model where resources are protected by ACLs that provide user permissions based on job functions.
What is Role-based access control (RBAC)?
Information that is present in the volatile memory of a host, such as system memory or cache.
What is Data in use (or data in processing)?
Specific procedures that must be performed if a certain type of event is detected or reported.
What is Incident response plan (IRP)?
A human-based attack where the attacker extracts information while speaking over the phone or leveraging IP-based voice messaging services (VoIP).
What is Vishing?
A form of phishing that uses SMS text messages to trick a victim into revealing information.
What is SMiShing?
A complete cryptographic system or product likely to use multiple within a cipher suite.
What is Cryptographic primitive?
An access control technique that evaluates a set of attributes that each subject possesses to determine if access should be granted.
What is Attribute-based access control (ABAC)?
A de-identification method where generic or placeholder labels are substituted for real data while preserving the structure or format of the original data.
What is Data masking?
Hardware or software configured with a list of known weaknesses and exploits that can scan for their presence in a host OS or particular application.
What is Vulnerability scanner?
An impersonation attack in which a request for a website is redirected to a similar-looking, but fake, website.
What is Pharming?
A type of email-based social engineering attack, in which the attacker sends email from a supposedly reputable source to elicit private information from the victim.
What is Phishing?
A two-way encryption scheme in which encryption and decryption are both performed by the same key.
What is Symmetric encryption?
A general term for the collected protocols, policies, and hardware that authenticate and authorize access to a network at the device level.
What is Network access control (NAC)?
The process by which an attacker takes data that is stored inside of a private network and moves it to an external network.
What is Data exfiltration?
A solution that provides real-time or near-real-time analysis of security alerts generated by network hardware and applications.
What is Security information and event management (SIEM)?
An activity where the goal is to use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines.
What is Social engineering?
A wireless attack where an attacker gains access to unauthorized information on a device using a Bluetooth connection.
What is Bluesnarfing?
A cipher that uses public and private keys, where the keys are mathematically linked but the private key is not derivable from the public one.
What is Asymmetric algorithm?
Policies, procedures, and support software for managing accounts and credentials with administrative permissions.
What is Privileged access management (PAM)?
The method and tools used to create a forensically sound copy of data from a source device, such as system memory or a hard disk.
What is Data acquisition?
A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.
What is Endpoint detection and response (EDR)?
A deception strategy that returns spoofed data in response to network probes.
What is Fake telemetry?
Gaining superuser-level access over an Android-based mobile device.
What is Rooting?
A cryptographic hashing algorithm created to address possible weaknesses in MDA, with the current version being SHA-2.
What is Secure Hash Algorithm (SHA)?
A secure entry system with two gateways, only one of which is open at any one time.
What is Access control vestibule?
Software that aggregates and catalogs data from multiple sources within an industrial control system.
What is Data historian?
The location where security professionals monitor and protect critical information assets in an organization.
What is Security operations center (SOC)?
Hosts, networks, files, or credentials set up with the purpose of luring attackers away from assets of actual value and/or discovering attack strategies and weaknesses in the security configuration.
What are Honeypots?