2025/2026 Exam Prep & Study Guide
ACL - correct answerAccess Control List
A mechanism that implements access control for a system resource by enumerating the
identities of the system entities that are permitted to access the resources. A list of
entities, together with their access rights, that are authorized to have access to a
resource.
AES - correct answerAdvanced Encryption Standard.
A symmetric algorithm used to encrypt data and provide confidentiality. AES is quick,
highly secure, and used in a wide assortment of cryptography schemes. It includes key
sizes of 128 bits, 192 bits, or 256 bits.
APT - correct answerAdvanced persistent threat.
A group that has both the capability and intent to launch sophisticated and targeted
attacks. Intent is usually to steal data and is often associated with nation-state actors.
Air Gaps - correct answerAn air-gapped system is not physically connected to another
system in any way.
Prevents malware that uses a network from being able to find the system. A human can
still introduce malware.
IoT - correct answerInternet of things. The network of physical devices connected to the
Internet. It typically refers to smart devices with an IP address, such as wearable
technology and home automation systems.
ICS - correct answerIndustrial control system. A system that controls large systems
such as power plants or water treatment facilities. A SCADA system controls the ICS.
SCADA - correct answerSupervisory control and data acquisition. Typically industrial
control systems within large facilities such as power plants or water treatment facilities.
SCADA systems are often contained within isolated networks that do not have access
to the Internet, but are still protected with redundant and diverse security controls.
SCADA systems can be protected with NIPS systems and VLANs.
Bastion Host - correct answerA strongly protected computer that is in a network
protected by a firewall (or is part of a firewall) and is the only host (or one of only a few
hosts) in the network that can be directly accessed from networks on the other side of
the firewall.
, Similar to a jump box
Jump box - correct answerA server in the DMZ whose purpose is to act as a secure
transition point between the corporate network and the datacenter network, providing a
trusted path between the two zones.
SaaS - correct answerSoftware as a Service; a subscription service where you
purchase licenses for software that expire at a certain date.
IaaS - correct answerInfrastructure as a Service. A cloud computing technology useful
for heavily utilized systems and networks. Organizations can limit their hardware
footprint and personnel costs by renting access to hardware such as servers. Compare
to PaaS and SaaS.
CI/CD - correct answerContinuous Integration, Continuous Delivery/Deployment
PaaS - correct answerPlatform as a Service. Intention is to be able to quickly and
reliably develop and deliver applications.
WAF - correct answerWeb application firewall.
A firewall specifically designed to protect a web application, such as a web server. A
WAF inspects the contents of traffic to a web server, can detect malicious content, and
block it.
IDS - correct answerIntrusion Detection System
A software and/or hardware system that scans, audits, and monitors the security
infrastructure for signs of attacks in progress.
HIDS - correct answerHost-based intrusion detection system.
An IDS used to monitor an individual server or workstation. It protects local resources
on the host such as the operating system files.
*Does no actively prevent threat - only monitors and alerts
IPS - correct answerIntrusion Prevention System.
A preventative control that will stop an attack in progress. It is similar to an active IDS
except that it's placed in line with traffic. An IPS can actively monitor data streams,
detect malicious content, and stop attacks in progress.
CIA Triad - correct answerConfidentiality, Integrity, Availability