Chapter 1
A physical object, which a user possesses and controls, that is used to authenticate the user's identity (1.1)
What is a token?
An acronym applied to three interrelated elements: a service, a physical server, and a network protocol (4.1)
What is DNS? (domain name service)
A unique logical address that represents the network interface within the network and is useful for maintaining communication when hardware is swapped (4.1)
What is an IP address? (Internet Protocol)
Recordings of evidence of activities performed or results achieved which serve as verification that the organization and information system are performing as intended (5.1)
What are records?
A security policy that stipulates which information is considered PII and covers other privacy-related issues (5.3)
What is a privacy policy?
Any biological characteristics of an individual, such as a fingerprint, hand geometry, voice, or iris patterns (1.1)
What are biometrics?
Also called intelligent hubs, these wired devices know the addresses of the devices connected to them and can route traffic to those ports or devices (4.1)
What are switches?
These represent data at layer 3 of the Open Systems Interconnection (OSI) model (4.1)
What are packets?
The result of a cryptographic transformation of data which, when properly implemented, provides signer non-repudiation and data integrity (5.1)
What is a digital signature?
The first stage of change management, wherein a change in procedure or product is sought by a stakeholder (5.3)
What is a request for change? (RFC)
The chances of a vulnerability being exploited or a threat occurring (1.2)
What is likelihood (or probability)?
What is a media access control (MAC) address?
The Internet protocol used to transfer files between hosts (4.1)
What is File Transfer Protocol? (FTP)
The altered form of a plaintext messafe so it is unreadable for anyone except the intended recipients (5.1)
What is ciphertext? (5.1)
A practice - which can be done through education, training, or awareness activities - to ensure employees know what is expected of them and to weed out carelessness and complacency (5.4)
What is security awareness training?
The potential adverse impacts that result from the possibility of unauthorized access, user disclosure, disruption, modification, or destruction of information and/or information systems (1.2)
What is information security risk?
A modernization of IPv4 consisting of eight groups of four digits, which addressed weaknesses with IPv4 like length, security, and quality of service (4.1)
What is IPv6?
A program that is inserted into a system, usually covertly, with the intent of compromising the CIA of the victim's data, applications, or operating system (4.2)
What is malware?
An algorithm that uses the same key in both the encryption and decryption processes (5.1)
What is symmetric encryption?
A type of security awareness activity where the goal is to improve understanding, relatability, and application (5.4)
What is education?
The internet standards organization - made up of network designers, operators, vendos, and researchers - which defines protocol standards (1.4)
What is the Internet Engineering Task Force? (IETF)
The prevention of authorized access to resources or the delaying of time-critical operations (4.1)
What is a (distributed) denial-of-service attack?
An attack with the goal of gaining access to a target system through the use of a falsified identity (4.2)
What is spoofing?
Monitoring of incoming network traffic (5.1)
What is ingress monitoring?
The human equivalent of phishing, where someone impersonates an authority figure or trusted individual in an attempt to gain access to something (5.4)
What is pretexting?