ISACA CybserSecurity Fundamentals
accountability - ANSWER ability to map a given activity or event back to the responsible
party
advanced encryption standard (AES) - ANSWER algorithm that supports keys from 128
bits to 256 bits
advanced persistent threat - ANSWER 1. pursues its objectives repeatedly over an
extended period of time
2. adapts to defenders efforts to resist it
3. is determined to maintain the level of interaction needed to execute its objectives
adware - ANSWER software package that automatically display advertising material to
a computer
application layer - ANSWER layer provides services for an application program to
ensure that effective communication with another application program in a network is
possible
attack vector - ANSWER path or route used by the adversary to gain access to the
target. There are two types of attack vectors:
1. ingress
2. egress
attenuation - ANSWER reduction of signal strength during transmission
availability - ANSWER ensuring timely and reliable access to and use of information
back door - ANSWER means of regaining access of a comprised system by installing
software or configuring existing software to enable remote access under attack-defined
conditions
bastion - ANSWER system heavily fortified against attacks
botnet - ANSWER robot network: large automated distributed network of compromised
computers that are controlled to launch large-scale attacks
Bridges - ANSWER Data link layer devices that reduce collision domains
buffer overflow - ANSWER occurs when a program/process tries to store more data in a
buffer than it was intended to hold.
business continuity plan - ANSWER plan used by enterprise to respond to disruption of
critical business processes
business impact analysis - ANSWER Evaluates the criticality and sensitivity of
information assets
, ISACA CybserSecurity Fundamentals
Certificate (Certification) authority (CA) - ANSWER trusted third party that serves
authentication infrastructures or enterprises and registers entities and issues them
certificates
chain of custody - ANSWER legal principle regarding the validity and integrity of
evidence
INCLUDES:
-who had access to evidence
-ability to identify evidence is the exact item that has been recovered or tested
checksum - ANSWER mathematical value assigned to a file that's used to verify that
data contained in the file has not been maliciously changed
cloud computing - ANSWER model for enabling convenient, on-demand network access
to a shared pool of configurable resources that can be rapidly provisioned and released
with minimal management or service provider interaction
collision - ANSWER situation that occurs when two or more demands are made
simultaneously on equipment that can handle only one at any given instant
compliance document - ANSWER policies, standards and procedures
confidentiality - ANSWER preserving authorized restrictions on access and disclosure,
including means for protecting privacy and proprietary information
configuration management - ANSWER control of changes to a set of configuration items
over a system life cycle
consumerization - ANSWER new model in which emerging technologies are first
embraced by the consumer market and later spread to the business
content filtering - ANSWER controlling access to a network by analyzing the contents of
incoming and outgoing packets and letting them pass or denying them based on a list of
rules
control - ANSWER means of managing risk. This includes:
1. policies
2. procedures
3. guidelines
4. practices/organizational structures
criticality analysis - ANSWER analysis to evaluate resources or business functions to
identify their importance to the enterprise
accountability - ANSWER ability to map a given activity or event back to the responsible
party
advanced encryption standard (AES) - ANSWER algorithm that supports keys from 128
bits to 256 bits
advanced persistent threat - ANSWER 1. pursues its objectives repeatedly over an
extended period of time
2. adapts to defenders efforts to resist it
3. is determined to maintain the level of interaction needed to execute its objectives
adware - ANSWER software package that automatically display advertising material to
a computer
application layer - ANSWER layer provides services for an application program to
ensure that effective communication with another application program in a network is
possible
attack vector - ANSWER path or route used by the adversary to gain access to the
target. There are two types of attack vectors:
1. ingress
2. egress
attenuation - ANSWER reduction of signal strength during transmission
availability - ANSWER ensuring timely and reliable access to and use of information
back door - ANSWER means of regaining access of a comprised system by installing
software or configuring existing software to enable remote access under attack-defined
conditions
bastion - ANSWER system heavily fortified against attacks
botnet - ANSWER robot network: large automated distributed network of compromised
computers that are controlled to launch large-scale attacks
Bridges - ANSWER Data link layer devices that reduce collision domains
buffer overflow - ANSWER occurs when a program/process tries to store more data in a
buffer than it was intended to hold.
business continuity plan - ANSWER plan used by enterprise to respond to disruption of
critical business processes
business impact analysis - ANSWER Evaluates the criticality and sensitivity of
information assets
, ISACA CybserSecurity Fundamentals
Certificate (Certification) authority (CA) - ANSWER trusted third party that serves
authentication infrastructures or enterprises and registers entities and issues them
certificates
chain of custody - ANSWER legal principle regarding the validity and integrity of
evidence
INCLUDES:
-who had access to evidence
-ability to identify evidence is the exact item that has been recovered or tested
checksum - ANSWER mathematical value assigned to a file that's used to verify that
data contained in the file has not been maliciously changed
cloud computing - ANSWER model for enabling convenient, on-demand network access
to a shared pool of configurable resources that can be rapidly provisioned and released
with minimal management or service provider interaction
collision - ANSWER situation that occurs when two or more demands are made
simultaneously on equipment that can handle only one at any given instant
compliance document - ANSWER policies, standards and procedures
confidentiality - ANSWER preserving authorized restrictions on access and disclosure,
including means for protecting privacy and proprietary information
configuration management - ANSWER control of changes to a set of configuration items
over a system life cycle
consumerization - ANSWER new model in which emerging technologies are first
embraced by the consumer market and later spread to the business
content filtering - ANSWER controlling access to a network by analyzing the contents of
incoming and outgoing packets and letting them pass or denying them based on a list of
rules
control - ANSWER means of managing risk. This includes:
1. policies
2. procedures
3. guidelines
4. practices/organizational structures
criticality analysis - ANSWER analysis to evaluate resources or business functions to
identify their importance to the enterprise
