1
Q
AAA
A
Authentication, Authorization, and Accounting
2
Q
3DES
A
Triple Data Encryption Standard
3
Q
ACL
A
Access Control List
4
Q
AES
A
Advanced Encryption Standard
5
Q
AES-256
A
Advanced Encryption Standards 256-bit
6
Q
AH
A
Authentication Header
7
Q
AI
A
Artificial intelligence
8
Q
AIS
A
Automated Indicator Sharing
9
Q
ALE
A
Annualized Loss Expectancy
10
Q
AP
A
Access Point
11
Q
API
A
Application Programming Interface
12
Q
APT
A
Advanced Persistent Threat
13
Q
ARO
A
Annualized Rate of Occurrence
14
Q
ARP
A
Address Resolution Protocol
15
Q
ASLR
A
Address Space Layout Randomization
16
Q
ATT&CK
A
Adversarial Tactics, Techniques, and Common Knowledge
17
Q
AUP
A
Acceptable Use Policy
18
Q
AV
A
Antivirus
19
Q
BASH
A
Bourne Again Shell
20
Q
BCP
A
Business Continuity Planning
21
Q
BGP
A
Border Gateway Protocol
22
Q
BIA
A
Business Impact Analysis
23
Q
BIOS
A
Basic Input/Output System
24
Q
BPA
A
Business Partners Agreement
25
BPDU
Bridge Protocol Data Unit
26
BYOD
Bring Your Own Device
27
CA
Certificate Authority
28
CAPTCHA
Completely Automated Public Turing Test to Tell Computers and Humans Apart CAR
29
CAR
Corrective Action Report
30
CASB
Cloud Access Security Broker
31
CBC
Cipher Block Chaining
32
CCMP
Counter Mode/CBC-MAC Protocol
33
CCTV
Closed-circuit Television
34
CERT
Computer Emergency Response Team
35
CFB
Cipher Feedback
36
CHAP
Challenge Handshake Authentication Protocol
37
CIA
Confidentiality, Integrity, Availability
38
CIO
Chief Information Officer
39
CIRT
Computer Incident Response Team
40
CMS
Content Management System
41
COBO
Corporate-owned, Business-only
42
COOP
Continuity of Operation Planning
43
COPE
Corporate Owned, Personally Enabled
44
CP
Contingency Planning
45
CRC
Cyclical Redundancy Check
46
CRL
Certificate Revocation List
47
CSO
Chief Security Officer
48
CSP
Cloud Service Provider
49
CSR
Certificate Signing Request
50
CSRF
Cross-site Request Forgery
51
CSU
Channel Service Unit
52
CTM
Counter Mode
53
CTO
Chief Technology Officer
54
CVE
Common Vulnerability Enumeration
55
CVSS
Common Vulnerability Scoring System
56
CYOD
Choose Your Own Device
57
DAC
Discretionary Access Control
58
DBA
Database Administrator
59
DDoS
Distributed Denial of Service
60
DEP
Data Execution Prevention
61
DES
Digital Encryption Standard
62
DHCP
Dynamic Host Configuration Protocol
63
DHE
Diffie-Hellman Ephemeral
64
DKIM
DomainKeys Identified Mail
65
DLL
Dynamic Link Library
66
DLP
Data Loss Prevention
67
DMARC
Domain Message Authentication Reporting and Conformance
68
DNAT
Destination Network Address Translation
69
DNS
Domain Name System
70
DNSSEC
Domain Name System Security Extensions
71
DoS
Denial of Service
72
DPO
Data Privacy Officer
73
DRP
Disaster recovery plan
74
DSA
Digital Signature Algorithm
75
DSL
Digital Subscriber Line
76
EAP
Extensible Authentication Protocol
77
ECB
Electronic Code Book
78
ECC
Elliptic Curve Cryptography
79
ECDHE
Elliptic Curve Diffie-Hellman Ephemeral
80
ECDSA
Elliptic Curve Digital Signature Algorithm
81
EDR
Endpoint Detection and Response
82
EFS
Encrypted File System
83
ERP
Enterprise Resource Planning
84
ESN
Electronic Serial Number
85
ESP
Encapsulated Security Payload
86
EULA
End User License Agreement
87
FACL
File System Access Control List
88
FDE
Full Disk Encryption
89
FIM
File Integrity Management
90
FPGA
Field Programmable Gate Array
91
FRR
False Rejection Rate
92
FTP
File transfer protocol
93
FTPS
Secured File Transfer Protocol
94
GCM
Galois Counter Mode
95
GDPR
General Data Protection Regulation
96
GPG
Gnu Privacy Guard
97
GPO
Group Policy Object
98
GPS
Global positioning system
99
GPU
Graphics Processing Unit
100
GRE
Generic Routing Encapsulation
101
HA
High Availability
102
HDD
Hard Disk Drive
103
HIDS
Host-based Intrusion Detection System
104
HIPS
Host-based Intrusion Prevention System
105
HMAC
Hashed Message Authentication Code
106
HOTP
HMAC-based One-time Password
107
HSM
Hardware Security Module
108
HTML
Hypertext Markup Language
109
HTTP
Hypertext Transfer Protocol
110
HTTPS
Hypertext Transfer Protocol Secure
111
HVAC
Heating, Ventilation Air Conditioning IaaS Infrastructure as a Service
112
IaC
Infrastructure as Code
113
IAM
Identity and Access Management
114
ICMP
Internet Control Message Protoco
115
ICS
Industrial Control Systems
116
IDEA
International Data Encryption Algorithm
117
IDF
Intermediate Distribution Frame
118
IdP
Identity Provider
119
IDS
Intrusion Detection System
120
IEEE
Institute of Electrical and Electronics Engineers
121
IKE
Internet Key Exchange
122
IM
Instant Messaging
123
IMAP
Internet Message Access Protocol
124
IoC
Indicators of Compromise
125
loT
Internet of Things
126
IP
Internet Protocol
127
IPS
Intrusion Prevention System
128
IPSec
Internet Protocol Security
129
IR
Incident Response
130
IRC
Internet Relay Chat
131
IRP
Incident Response Plan
132
ISO
International Standards Organization
133
ISSO
Information Systems Security Officer
134
IV
Initialization Vector
135
KDC
Key Distribution Center
136
KEK
Key Encryption Key
137
L2TP
Layer 2 Tunneling Protocol
138
LAN
Local Area Network
139
LDAP
Lightweight Directory Access Protocol
140
LEAP
Lightweight Extensible Authentication Protocol
141
MaaS
Monitoring as a Service
142
MAC
Mandatory Access Control/Media Access Control/Message Authentication Code
143
MAN
Metropolitan Area Network
144
MBR
Master Boot Record
145
MD5
Message Digest 5
146
MDF
Main Distribution Frame
147
MDM
Mobile Device Management
148
MFA
Multifactor Authentication
149
MFD
Multifunction Device
150
MFP
Multifunction Printer
151
ML
Machine Learning
152
MMS
Multimedia Message Service
153
MOA
Memorandum of Agreement
154
MOU
Memorandum of Understanding
155
MPLS
Multi-protocol Label Switching
156
MSA
Master Service Agreement
157
MSCHAP
Microsoft Challenge Handshake Authentication Protocol
158
MSP
Managed Service Provider
159
MSSP
Managed Security Service Provider
160
MTBF
Mean Time Between Failures
161
MTTF
Mean Time to Failure
162
MTTR
Mean Time to Recover
163
MTU
Maximum Transmission Unit
164
NAC
Network Access Contro
165
NAT
Network Address Translation
166
NDA
Non-Disclosure Agreement
167
NFC
Near Field Communication
168
NGFW
Next-generation Firewall
169
NIDS
Network-based Intrusion Detection System
170
NIPS
Network-based Intrusion Prevention System
171
NIST
National Institute of Standards & Technology
172
NTFS
New Technology File System
173
NTLM
New Technology LAN Manager
174
NTP
Network Transfer Protocol
175
OAUTH
Open Authorization
176
OCSP
Online Certificate Status Protocol
177
OID
Object Identifier
178
OS
Operating System
179
OSINT
Open-source Intelligence
180
OSPF
Open Shortest Path First
181
OT
Operational Technology
182
OTA
Over the Air
183
OVAL
Open Vulnerability Assessment Language
184
P12
PKCS #12
185
P2P
Peer to Peer
186
PaaS
Platform as a Service
187
PAC
Proxy Auto Configuration
188
PAM
Privileged Access Management/Pluggable Authentication Modules
189
PAP
Password Authentication Protocol
190
PAT
Port Address Translation
191
PBKDF2
Password-based Key Derivation Function 2
192
PBX
Private Branch Exchange
193
PCAP
Packet Capture
194
PCI DSS
Payment Card Industry Data Security Standard
195
PDU
Power Distribution Unit
196
PEAP
Protected Extensible Authentication Protocol
197
PED
Personal Electronic Device
198
PEM
Privacy Enhanced Mail
199
PFS
Perfect Forward Secrecy
200
PGP
Pretty Good Privacy
201
PHI
Personal Health Information
202
PII
Personally Identifiable Information
203
PIV
Personal Identity Verification
204
PKCS
Public Key Cryptography Standards
205
PKI
Public Key Infrastructure
206
POP
Post Office Protocol
207
POTS
Plain Old Telephone Service
208
PPP
Point-to-Point Protocol
209
PPTP
Point-to-Point Tunneling Protocol
210
PSK
Pre-shared Key
211
PTZ
Pan-tilt-zoom
212
PUP
Potentially Unwanted Program
213
RA
Recovery Agent/ Registration Authority
214
RACE
research and Development in Advanced Communications Technologies in Europe
215
RAD
Rapid Application Development
216
RADIUS
Remote Authentication Dial-in User Service
217
RAID
Redundant Array of Inexpensive Disks
218
RAS
Remote Access Server
219
RAT
Remote Access Trojan
220
RBAC
Role-based Access Control/ Rule-based Access Control
221
RC4
Rivest Cipher version 4
222
RDP
Remote Desktop Protocol
223
RFID
Radio Frequency Identifier
224
RIPEMD
RACE Integrity Primitives Evaluation Message Digest
225
ROI
Return on Investment
226
RPO
Recovery Point Objective
227
RSA
Rivest, Shamir, & Adleman
228
RTBH
Remotely Triggered Black Hole
229
RTO
Recovery Time Objective
230
RTOS
Real-time Operating System
231
RTP
Real-time Transport Protocol
232
S/MIME
Secure/Multipurpose Internet Mail Extensions
233
SaaS
Software as a Service
234
SAE
Simultaneous Authentication of Equals
235
SAML
Security Assertions Markup Language
236
SAN
Storage Area Network/Subject Alternative Name
237
SASE
Secure Access Service Edge
238
SCADA
Supervisory Control and Data Acquisition
239
SCAP
Security Content Automation Protocol
240
SCEP
Simple Certificate Enrollment Protocol
241
SD-WAN
Software-defined Wide Area Network
242
SDK
Software Development Kit
243
SDLC
Software Development Lifecycle
244
SDLM
Software Development Lifecycle Methodology
245
SDN
Software-defined Networking
246
SE
Linux Security-enhanced Linux
247
SED
Self-encrypting Drives
248
SEH
Structured Exception Handler
249
SFTP
Secured File Transfer Protocol
250
SHA
Secure Hashing Algorithm
251
SHTTP
Secure Hypertext Transfer Protocol
252
SIEM
Security Information and Event Management
253
SIM
Subscriber Identity Module
254
SLA
Service-level Agreement
255
SLE
Single Loss Expectancy
256
SMB
Server Message Block
257
SMS
Short Message Service
258
SMTP
Simple Mail Transfer Protocol
259
SMTPS
Simple Mail Transfer Protocol Secure
260
SNMP
Simple Network Management Protocol
261
SOAP
Simple Object Access Protocol
262
SOAR
Security Orchestration, Automation, Response
263
SoC
System on Chip
264
SOC
Security Operations Center
265
SOW
Statement of Work
266
SPF
Sender Policy Framework
267
SPIM
Spam over Internet Messaging
268
SQL
Structured Query Language
269
SQLi
SQL Injection
270
SRTP
Secure Real-Time Protocol
271
SSD
Solid State Drive
272
SSH
Secure Shell
273
SSL
Secure Sockets Layer
274
SSO
Single Sign-on
275
STIX
Structured Threat Information eXchange
276
SWG
Secure Web Gateway
277
TACACS+
Terminal Access Controller Access Control System
278
TAXII
Trusted Automated eXchange of Indicator Information
279
TCP/IP
Transmission Control Protocol/Internet Protoco
280
TGT
Ticket Granting Ticket
281
TKIP
Temporal Key Integrity Protocol
282
TLS
Transport Layer Security
283
TOC
Time-of-check
284
TOTP
Time-based One-time Password
285
TOU
Time-of-use
286
TPM
Trusted Platform Module
287
TTP
Tactics, Techniques, and Procedures
288
TSIG
Transaction Signature
289
UAT
User Acceptance Testing
290
UAV
Unmanned Aerial Vehicle
291
UBA
User Behavior Analytics
292
UDP
User Datagram Protocol
293
UEFI
Unified Extensible Firmware Interface
294
UEM
Unified Endpoint Management
295
UPS
Uninterruptible Power Supply
296
URI
Uniform Resource Identifier
297
URL
Universal Resource Locator
298
USB
Universal Serial Bus
299
USB OTG
USB On the Go
300
UTM
Unified Threat Management
301
UTP
Unshielded Twisted Pair
302
VBA
Visual Basic
303
VDE
Virtual Desktop Environment
304
VDI
Virtual Desktop Infrastructure
305
VLAN
Virtual Local Area Network
306
VLSM
Variable Length Subnet Masking
307
VM
Virtual Machine
308
VoIP
Voice over IP
309
VPC
Virtual Private Cloud
310
VPN
Virtual Private Network
311
VTC
Video Teleconferencing
312
WAF
Web Application Firewall
313
WAP
Wireless Access Point
314
WEP
Wired Equivalent Privacy
315
WIDS
Wireless Intrusion Detection System
316
WIPS
Wireless Intrusion Prevention System
317
WO
Work Order WPA Wi-Fi Protected Access
318
WPS
Wi-Fi Protected Setup
319
WTLS
Wireless TLS
320
XDR
Extended Detection and Response
321
XML
Extensible Markup Language
322
XOR
Exclusive Or
323
XSRF
Cross-site Request Forgery
324
XSS
Cross-site Scripting
SY0 701
flashcards
Decks in class (131)
# Cards
-
Security controls 1.111
-
Preventive Control types (1.1)4
-
Deterrent control types (1.14
-
Detective control types (1.1)4
-
Corrective control (1.1)4
-
Compensating control (1.1)4
-
Directive control type (1.1)4
-
CIA Triad 1.24
-
Confidentiality (1.2)4
-
Integrity (1.2)5
-
Availability (1.2)4
-
Non repudiation (1.2)5
-
Acronyms324
-
Authentication, Authorization, & Accounting 1.27
-
Gap Analysis 1.25
-
Zero Trust 1.28
-
Physical Security 1.27
-
1.2 Deception & Disruption4
-
Change management steps 1.39
-
Technical change management steps 1.39
-
Public Key Infrastructure 1.46
-
Encrypting data 1.410
-
Key Exchange 1.46
-
Encryption technologies 1.47
-
Obfuscation 1.47
-
Hashing & digital signatures 1.49
-
Blockchain technology 1.42
-
Certificates 1.412
-
2.1 Threat Actors15
-
2.2 Common Threat Vectors13
-
2.2 Phishing4
-
Impersonation 2.26
-
Watering Hole Attacks 2.24
-
Other Social engineering attacks (2.2)3
-
Memory Injections 2.33
-
Buffer Overflows 2.31
-
Race Conditions 2.33
-
Malicious Updates 2.33
-
2.3 Operating system vulnerabilities3
-
2.3 SQL Injection4
-
2.3 Cross Site Scripting7
-
2.3 Hardware Vulnerabilities4
-
2.3 Virtualization Vulnerabilities4
-
2.3 Cloud specific Vulnerabilities.3
-
Supply chain vulnerabilities 2.37
-
Misconfiguration vulnerabilities 2.35
-
Mobile device vulnerabilities 2.34
-
Zero-day vulnerabilities 2.33
-
An overview of Malware 2.46
-
2.4 Viruses and worms5
-
2.4 Spyware and Bloatware5
-
2.4 Other Malware Types6
-
2.4 Physical attacks4
-
2.4 Denial of Service4
-
2.4 DNS attacks4
-
2.4 Wireless Attacks5
-
2.4 On Path Attacks2
-
2.4 Replay attacks6
-
2.4 Malicious Code3
-
2.4 Application attacks11
-
2.4 Cryptographic Attacks5
-
2.4 Password attacks6
-
2.4 Indicators of compromise9
-
2.5 Segmentation and Access Control3
-
2.5 Mitigation techniques6
-
2.5 Hardening techniques9
-
3.1 Cloud Infrastructure6
-
3.1 Network Infrastructure concepts4
-
3.1 other Infrastructure concepts10
-
3.1 Infrastructure Considerations12
-
3.2 Secure Infrastructures5
-
3.2 Intrusion prevention5
-
3.2 Network appliances10
-
3.2 Port Security4
-
3.2 Firewall Types6
-
3.2 Secure communication11
-
3.3 Data types and classifications3
-
3.3 States of Data5
-
3.3 Protecting data9
-
3.4 Resiliency11
-
3.4 Capacity planning4
-
3.4 Recovery Testing5
-
3.4 Backups8
-
3.4 Power resiliency3
-
4.1 Secure Baselines4
-
4.1 Hardening targets10
-
4.1 Securing wireless & Mobile8
-
4.1 Wireless Security settings11
-
4.1 Application Security7
-
4.2 Asset management6
-
4.3 Vulnerability scanning5
-
4.3 Threat intelligence5
-
4.3 Penetration testing5
-
4.3 Analyzing Vulnerabilities9
-
4.3 Vulnerability remediation9
-
4.4 Security monitoring8
-
4.4 Security tools11
-
4.5 Firewalls6
-
4.5 Web filtering8
-
4.5 Operating system security3
-
4.5 Secure Protocols5
-
4.5 email security5
-
4.5 Monitoring data7
-
4.5 Endpoint Security8
-
4.6 Identity and Access Management10
-
4.6 Access controls8
-
4.6 Multifactor Authentication7
-
4.6 Password Security7
-
4.7 Scripting and automation4
-
4.8 Incident response10
-
4.8 Incident planning5
-
4.8 Digital Forensics7
-
4.9 Log data12
-
5.1 Security policies10
-
5.1 Security Standards5
-
5.1 Security procedures7
-
5.1 Security considerations4
-
5.1 Data roles & Responsibilities2
-
5.2 Risk Management4
-
5.2 Risk Analysis6
-
5.2 Risk Management Strategies2
-
5.2 Business impact analysis1
-
5.3 Third Party Assessment10
-
5.3 Agreement types2
-
5.4 Compliance7
-
5.4 privacy6
-
5.5 Audits and Assessments3
-
5.5 Penetration tests6
-
5.6 Security Awareness5
-
5.6 User training2
-
1.1 Compare and contrast types of secuirty controls1
