Vocabulary
True/False
A virtual container runs on top of the host operating system kernel and provides an isolated execution environment for applications.
True
pp. 374
A ________ is a private network that is configured within a public network in order to take advantage of the economies of scale and management facilities of large networks.
VPN
pg. 417
The capability of an organization to continue delivering products or services at acceptable predefined levels following a disruptive incident, is known as what?
Business continuity
pg. 625
Application whitelisting helps prevent intrusion of unknown _______.
Software
pg. 495
This occurs after the detection of a security event, seeks to minimize the damage of the event and facilitate rapid recovery.
Incident Response
A company that remotely manages a customer's IT infrastructure and/or end-user systems, typically on a proactive basis and under a subscription model.
Managed Service Provider (MSP)
pp. 379
Which hypervisor performs better? Type 1 or 2?
Type 1
A type 1 hypervisor doesn't compete for resources with an operating system. pp.373
Describes who you are in the digital world.
Digital identity
(AC control family)
A program that may be unwanted, despite the possibility that users consented to download it. ______s include spyware, adware, and dialers and are often downloaded in conjunction with programs that users actually want.
Potentially Unwanted Program (PUP)
Name one of the categories of threat sources.
Adversarial, accidental, structural, environmental.
pg. 564
A _______ ________ _______ consists of incremental hardware and software additions implemented among existing network components.
Network management system
pp.399
A ______ is a dedicated network that provides access to various types of storage devices, including tape libraries, optical juke-boxes, and disk arrays.
Storage Area Network (SAN)
pp. 377
This document is a predetermined set of instructions or procedures that describe how an organization's mission/business processes will be sustained during and after a significant disruption.
Business Continuity Plan (BCP)
pg. 625
Any mechanisms that bypasses a normal security check; it may allow unauthorized access to functionality.
Backdoor/trapdoor
pg. 488
Name (2) types of accidental threats.
User error, mishandling, user error, loss of information systems, undesirable effects of change, resource depletion, misconfig, maintenance error, software malfunction, accidental physical damage.
This type of cloud deployment model is shared by several organizations and supports a specific community with shared concerns.
Community cloud
pg. 468
A __________ acts as a relay of application-level traffic.
Application-level gateway/application proxy
pp. 413
This NIST control family addresses the policies and procedures to protect physical facilities.
Physical and Environmental Protection (PE)
Enables a user to access all network resources after a single authentication.
Single Sign On (SSO)
pg. 497
An application or set of tools that provides the ability to gather security data from information system components and present that data as actionable information via a single interface.
Security Information and Event Management (SIEM)
pg. 569
A software tool that captures keystrokes on a compromised system.
Keylogger
pg. 488
Access points that users install without coordinating with IT.
Rogue access point
pg. 427
This NIST control family focuses on measures to protect against unauthorized access to information systems.
Access Control (AC)
______ detection involves searching for activity that is different from the normal behavior of system entities and system resources.
Anomaly
pg. 504
A document outlining how an organization will respond to and recover from a cybersecurity incident.
Incident Response Plan (IRP)
A perimeter network segment that is physically or logically between internal and external networks.
Demilitarized zone (DMZ)
pg. 508
NIST 800-41 offers a five-phase firewall planning and implementation guide. Plan, configure, _______, deploy, and manage.
Test
pg. 429
What does the model IAAA stand for?
Identification, Authentication, Authorization, Accountability
An intruder transmits packets from the outside with a source IP address field containing an address of an internal host. The attacker hopes that the use of a spoofed address allows penetration of systems that employ simple source address security, in which packets from specified trusted internal hosts are accepted.
IP address spoofing
pp. 411
The first step in incident response.
Preparation
A malware program that includes a backdoor for administrative control over the target computer. ____s are usually downloaded invisibly with user-requested programs - such as games - or sent as email attachments.
Remote Access Trojan (RAT)
pg. 489
________ works by encoding voice information into a digital format, which is carried across IP networks in discrete packets.
VoIP - Voice over IP
pg. 438
THe use of two or more factors to verify an identity.
Multi-factor Authentication (MFA)
(IA Family)
This tool blocks communication with known or suspected hostile sources and also blocks suspicious activity or packet content.
Firewall
pg. 575
The process of identifying and verifying an event.
Detection and analysis
Data transmitted over enterprise networks and between the enterprise networks and external network links.
Data in motion
pg. 511
A ______-based IDS detects both external and internal intrusions.
Host-based IDS
pg. 505
This control family ensures that third-party vendors comply with security and privacy requirements.
Supply Chain Risk Management (SR)
True/False
Non-malware attacks are considered more threatening than malware-based attacks.
True
pg. 577
During this phase of the cyber attack kill chain, the attacker sends a malicious payload to the victim by one of many intrusion methods.
Delivery phase
pg. 572
An algorithm that maps data to a unique value to verify integrity. It’s a one-way function, meaning that it is practically impossible to reverse the process and determine the original input from the hash value output.
Cryptographic hash
In this deployment approach for Identity and Access Management (IAM), each organization subscribes to a common set of policies, standards, and procedures for the provisioning and management of users. Alternatively, the organization can buy a service from a supplier.
Federated
pg. 496
This control family requires testing and evaluation of information systems during development to ensure thy meet security requirements.
System and Services Acquisition (SA)
This tool monitors, filters, or blocks data packets as they travel to and from a web application.
Web application firewall (WAF)
pg. 574
The key to preventing the delivery phase of the cyber attack kill chain is to what?
Maintain a robust security training and awareness program so that social engineering efforts are more likely to fail.
pg. 573