C836 Fundamentals of Information
security Terms updated 2024.
A Chinese military general who lived in the sixth century BC and wrote The Art of War, a text that
shows early examples of operations security principles - ANSWER-Sun Tzu
A client-side attack that takes advantage of some of the page rendering features that are available in
newer browsers - ANSWER-Clickjacking
A combination of a network design feature and a protective device such as a firewall; often used for
systems that need to be exposed to external networks but are connected to our network (such as a
web server) - ANSWER-Demilitarized Zone (DMZ)
A combination of DAC and MAC, primarily concerned with the confidentiality of the resource. Two
security properties define how information can flow to and from the resource: the simple security
property and the * property. - ANSWER-The Bell-LaPadula model
A firewall technology that can analyze the actual content of the traffic that is flowing through -
ANSWER-Deep packet inspection
A firewall technology that functions on the same general principle as packet filtering firewalls, but is
able to keep track of the traffic at a granular level. Has the ability to watch the traffic over a given
connection - ANSWER-Stateful packet inspection
A firewall technology that inspects the contents of each packet in network traffic individually and
makes a gross determination (based on source and destination IP address, port number, and the
protocol being used) of whether the traffic should be allowed to pass - ANSWER-Packet filtering
A fully featured sniffer that is also a great tool for troubleshooting traffic; this well-known tool is used
by many network operations and security teams - ANSWER-Wireshark
A group of tools that can include network mapping tools, sniffers, and exploits - ANSWER-Exploit
framework
,A hardware- and software-based technology that prevents certain portions of the memory used by
the operating system and applications from being used to execute code - ANSWER-Executable space
protection
A measure of how agreeable a particular characteristic is to the users of a system - ANSWER-
acceptability
A measure of the differences of a particular characteristic among a group of individuals - ANSWER-
Uniqueness
A mechanism for maintaining control over the traffic that flows into and out of our networks -
ANSWER-Firewall
A method by which a person follows directly behind another person who authenticates to the
physical access control measure, thus allowing the follower to gain access without authenticating -
ANSWER-Tailgating (also known as piggybacking)
A method of securing a message that involves generating a hash and encrypting it using a private key
- ANSWER-Digital signature
A method of security that involves designing a network to always have another route if something
fails or loses connection - ANSWER-Redundancy
A methodical examination and review that ensures accountability through technical means -
ANSWER-Auditing
A model that adds three more principles to the CIA triad: Possession or Control, Authenticity, and
Utility - ANSWER-Parkerian hexad
A monitoring tool that alerts when an attack or other undesirable activity is taking place - ANSWER-
Intrusion detection system (IDS)
A more active method of finding security holes that includes using the kinds of tools attackers use to
mimic an attack on our environment - ANSWER-Penetration testing
, A multilayered defense that will allow us to achieve a successful defense should one or more of our
defensive measures fail - ANSWER-defense in depth
A password is an example of this type of factor - ANSWER-Something you know
A phrase that refers to an organization's strategy and policies regarding the use of personal vs.
corporate devices - ANSWER-Bring your own device (BYOD)
A principle that states we should only allow a party the absolute minimum permission needed for it
to carry out its function - ANSWER-The principle of least privilege
A process that provides a history of the activities that have taken place in the environment -
ANSWER-Logging
A program that seeks to make users aware of the risk they are accepting through their current
actions and attempts to change their behavior through targeted efforts - ANSWER-Security
Awareness, Training, and Education (SATE)
A public list that holds all the revoked certificates for a certain period of time - ANSWER-Certificate
revocation list (CRL)
A security method that involves shifting the contents of memory around to make tampering difficult -
ANSWER-Address space layout randomization (ASLR)
A set of methods we use to establish a claim of identity as being true - ANSWER-Authentication
A set of metrics that judge how well a given system functions - ANSWER-performance measurement
A set of resources devoted to a program, process, or similar entity, outside of which the entity
cannot operate - ANSWER-Sandbox
A set of symmetric block ciphers endorsed by the US government through NIST. Shares the same
block modes that DES uses and also includes other modes such as XEX-based Tweaked CodeBook
(TCB) mode - ANSWER-AES
security Terms updated 2024.
A Chinese military general who lived in the sixth century BC and wrote The Art of War, a text that
shows early examples of operations security principles - ANSWER-Sun Tzu
A client-side attack that takes advantage of some of the page rendering features that are available in
newer browsers - ANSWER-Clickjacking
A combination of a network design feature and a protective device such as a firewall; often used for
systems that need to be exposed to external networks but are connected to our network (such as a
web server) - ANSWER-Demilitarized Zone (DMZ)
A combination of DAC and MAC, primarily concerned with the confidentiality of the resource. Two
security properties define how information can flow to and from the resource: the simple security
property and the * property. - ANSWER-The Bell-LaPadula model
A firewall technology that can analyze the actual content of the traffic that is flowing through -
ANSWER-Deep packet inspection
A firewall technology that functions on the same general principle as packet filtering firewalls, but is
able to keep track of the traffic at a granular level. Has the ability to watch the traffic over a given
connection - ANSWER-Stateful packet inspection
A firewall technology that inspects the contents of each packet in network traffic individually and
makes a gross determination (based on source and destination IP address, port number, and the
protocol being used) of whether the traffic should be allowed to pass - ANSWER-Packet filtering
A fully featured sniffer that is also a great tool for troubleshooting traffic; this well-known tool is used
by many network operations and security teams - ANSWER-Wireshark
A group of tools that can include network mapping tools, sniffers, and exploits - ANSWER-Exploit
framework
,A hardware- and software-based technology that prevents certain portions of the memory used by
the operating system and applications from being used to execute code - ANSWER-Executable space
protection
A measure of how agreeable a particular characteristic is to the users of a system - ANSWER-
acceptability
A measure of the differences of a particular characteristic among a group of individuals - ANSWER-
Uniqueness
A mechanism for maintaining control over the traffic that flows into and out of our networks -
ANSWER-Firewall
A method by which a person follows directly behind another person who authenticates to the
physical access control measure, thus allowing the follower to gain access without authenticating -
ANSWER-Tailgating (also known as piggybacking)
A method of securing a message that involves generating a hash and encrypting it using a private key
- ANSWER-Digital signature
A method of security that involves designing a network to always have another route if something
fails or loses connection - ANSWER-Redundancy
A methodical examination and review that ensures accountability through technical means -
ANSWER-Auditing
A model that adds three more principles to the CIA triad: Possession or Control, Authenticity, and
Utility - ANSWER-Parkerian hexad
A monitoring tool that alerts when an attack or other undesirable activity is taking place - ANSWER-
Intrusion detection system (IDS)
A more active method of finding security holes that includes using the kinds of tools attackers use to
mimic an attack on our environment - ANSWER-Penetration testing
, A multilayered defense that will allow us to achieve a successful defense should one or more of our
defensive measures fail - ANSWER-defense in depth
A password is an example of this type of factor - ANSWER-Something you know
A phrase that refers to an organization's strategy and policies regarding the use of personal vs.
corporate devices - ANSWER-Bring your own device (BYOD)
A principle that states we should only allow a party the absolute minimum permission needed for it
to carry out its function - ANSWER-The principle of least privilege
A process that provides a history of the activities that have taken place in the environment -
ANSWER-Logging
A program that seeks to make users aware of the risk they are accepting through their current
actions and attempts to change their behavior through targeted efforts - ANSWER-Security
Awareness, Training, and Education (SATE)
A public list that holds all the revoked certificates for a certain period of time - ANSWER-Certificate
revocation list (CRL)
A security method that involves shifting the contents of memory around to make tampering difficult -
ANSWER-Address space layout randomization (ASLR)
A set of methods we use to establish a claim of identity as being true - ANSWER-Authentication
A set of metrics that judge how well a given system functions - ANSWER-performance measurement
A set of resources devoted to a program, process, or similar entity, outside of which the entity
cannot operate - ANSWER-Sandbox
A set of symmetric block ciphers endorsed by the US government through NIST. Shares the same
block modes that DES uses and also includes other modes such as XEX-based Tweaked CodeBook
(TCB) mode - ANSWER-AES
