Data Handling
Random Terminology
Vulnerabilities
Network Architecture
Hackers
100

Data that can identify or locate an individual is classified as __________.

PII

100

An access control vestibule is an example of ______ Security.

Physical

100

The pattern .../.../.../ is indicative of this kind of attack.

Directory Traversal

100

A __________ uses an access control list to allow or deny network access.

Firewall

100

The method used by hackers to get people to provide them with confidential information is generally called __________ Engineering.

Social

200

___________ is the US law governing all health-related information of an individual.

HIPAA

200
A _________ site is one that failsover immediately for the production site.

Hot

200

________ ________ is a hardware specific vulnerability.

Firmware version

200

This form of network hardening involves dividing the network into lots of smaller sections, requiring the hacker to break through more "walls" to compromise the entire network.

Segmentation

200

When a company pays hackers to find a vulnerability in their network, it is called a _______ _________.

Bug Bounty

300

_____________ is a class of software and hardware that prevent restricted data from leaving a network.

DLP

300

_________ is the name of the process involving securely wiping decommissioned devices.

Sanitization

300

Being able to execute code on an app sign-up page indicates a failure of ________ ________.

Input Validation

300

This system collects and analyzes logs from multiple sources, and presents the results in centralized dashboard.

SIEM

300

An attack that uses email as the attack vector is called _________.

Phishing

400

The law governing the private data of European citizens is called __________.

GDPR

400

The authenticity of a web site is guaranteed by its _______ ________.

Digital Certificate

400

Researching the potential threats to a network without actually interacting with the network is called ________ _________.

Threat Hunting

400

A firewall would be considered this kind of security control type.

Technical

400

The defenders in an offensive and defensive security exercise are called the _________ _________.

Blue Team

500

The law governing the handing of credit card and debit card data is called ___________.

PCI DSS

500

A _________ _________ categorizes and prioritizes risks in a central, easy to read format.

Risk Register

500

_______ _________ involves injecting commands that are always true in order to gain access to database information.

SQL Injection

500

Internet-facing devices should be placed in a secure area of the network known as a _________ __________.

Screened Subnet

500

An attacker that maintains a presence in the victim's network over time, without being detected is an __________ ___________ Threat

Advanced Persistent (Threat)

M
e
n
u