Permission Puzzles
Barrier Busters
Crypto Challenges
Threat Theater
Tunnel Vision
100

The process of determining what rights and privileges a particular entity has. 

What is Authorization? 

100

A firewall designed specifically to protect software running on web servers and their back-end databases from code injection and DoS attacks. 

What is a web application firewall (WAF)? 

100

A cryptographic technique that provides secure key exchange. 

What is Diffie-Hellman (D-H)? 

100

A person or entity responsible for an event that has been identified as a security incident or as a risk. 

Who is a threat actor? 

100

A secure tunnel created between two endpoints connected via an unsecure transport network (typically the Internet).

What is a virtual private network (VPN)?

200

A method of validating a particular entity’s or individual’s unique credentials.

What is Authentication?

200

A stateful inspection firewall that can monitor TCP sessions and UDP traffic.

What is a layer 4 firewall?

200

A function that converts an arbitrary-length string input to a fixed-length string output.

What is hashing?

200

A type of threat actor that is motivated by a social issue or political cause.

Who are Hacktivists?

200

A logical network segment comprising a broadcast domain established using a feature of managed switches to assign each port a VLAN ID.

What is a virtual LAN (VLAN)?

300

Authentication technology that enables a user to authenticate once and receive authorizations for multiple services.

What is single sign-on (SSO)?

300

A stateful inspection firewall that can filter traffic based on specific application protocol headers and data, such as web or email data.

What is a layer 7 firewall?

300

A cryptographic hashing algorithm created to address possible weaknesses in MDA.

What is Secure Hash Algorithm (SHA)?

300

A type of threat actor that uses hacking and computer fraud for commercial gain.

What is Organized crime?

300

A hardware device inserted into a cable run to copy frames for analysis.

What is a Test access point (TAP)?

400

A security concept where a centralized platform verifies subject identification, ensures the subject is assigned relevant permissions, and then logs these actions to create an audit trail.

What is “authentication, authorization, and accounting (AAA)”?

400

A standalone hardware device that performs only the function of a firewall, which is embedded into the appliance’s firmware.

What is an appliance firewall?

400

A method used to verify both the integrity and authenticity of a message by combining a cryptographic hash of the message with a secret key.

What is Hash-based Message Authentication Code (HMAC)?

400

A type of threat actor who is assigned privileges on the system that cause an intentional or unintentional incident.

What is an internal threat?

400

A network protocol suite used to secure data through authentication and encryption as the data travels across the network or the Internet.

What is Internet Protocol Security (IPsec)?

500

A security process that provides identification, authentication, and authorization mechanisms for users, computers, and other entities to work with organizational assets like networks, operating systems, and applications.

What is identity and access management (IAM)?

500

A hardware device that has the primary function of a router, but also has firewall functionality embedded into the router firmware.

What is a router firewall?

500

A method of generating random values by sampling physical phenomena that has a high rate of entropy.

What is a true random number generator (TRNG)?

500

A type of threat actor that is supported by the resources of its host country’s military and security services.

Who are Nation-state actors?

500

A framework for creating a security association (SA) used with IPSec.

What is Internet Key Exchange (IKE)?

M
e
n
u