Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
194 Cards in this Set
- Front
- Back
|
Which port is Echo?
|
7
|
|
|
Which port is Chargen?
|
19
|
|
|
Which port is FTP-Data?
|
20
|
|
|
Which port is FTP-Control?
|
21
|
|
|
Which port is SSH?
|
22
|
|
|
Which port is Telnet?
|
23
|
|
|
Which port is SMTP?
|
25
|
|
|
Which port is TACACS+?
|
49
|
|
|
Which port is DNS?
|
53
|
|
|
Which port is HTTP?
|
80
|
|
|
Which port is Kerberos?
|
88
|
|
|
Which port is POP3?
|
110
|
|
|
Which port is IMAPv4?
|
143
|
|
|
Which port is SNMP?
|
161
|
|
|
Which port is LDAP?
|
389
|
|
|
Which port is SSL?
|
443
|
|
|
Which port is Secure LDAP?
|
636
|
|
|
Which port is L2TP?
|
1701
|
|
|
Which port is PPTP?
|
1723
|
|
|
Which port is RADIUS?
|
1812
|
|
|
What are e-mail Hoaxes?
|
E-mail messages containing false information for the sole purpose of having readers forward the message to others.
|
|
|
Phishing?
|
Impersonating a trusted sender to obtain the recipient's logon and other confidential data.
|
|
|
Malware?
|
Vicious software, viruses, Trojan horses, and worms sent through e-mail to infect and attack the recipient's e-mail server.
|
|
|
S/MIME
|
Built into most Web browsers. This method of sending e-mail uses RSA encryption.
|
|
|
PGP
|
Uses keys and a secret passphrase to encrypt and decrypt e-mail.
|
|
|
ActiveX
|
A set of Microsoft technologies used to link desktop applications to Web sites.
|
|
|
JavaScript
|
A scripting language that enables developers to create interactive Web sites.
|
|
|
CGI
|
Scripts that manipulate data and enable user interaction on Web servers.
|
|
|
SYN flood
|
An attack that prevents users from accessing a target server this is done by flooding the server with half-open TCP connections.
|
|
|
Smurf attack
|
A non-OS-specific attack that uses a thrid party's network segment to overwhelm a host with a flood of Internet Control Message Protocol (ICMP) packets.
|
|
|
Ping of Death
|
An attack that uses IP packet fragmentation techniques to crash remote systems.
|
|
|
asset
|
an entity that has value.
|
|
|
availability
|
ensures that data is accessible to authorized users.
|
|
|
California Database Security Breach Act
|
A state act that requires disclosure to California residents if a breach of personal information has or is believed to have occurred.
|
|
|
Children's Online Privacy Protection Act (COPPA)
|
A U.S. federal act that requires operators of online services or Wev sites directed at children under the age of 13 to obtain parental consent prior to the collection, use, disclosure, or display of a child's personal information.
|
|
|
confidentiality
|
Ensures that only authorized parties can view the information.
|
|
|
cybercrime
|
Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information.
|
|
|
cybercriminals
|
a loose-knit network of attackers, identity thieves, and financial fraudsters that are more highly motivated, less risk-averse, better funded, and more tenacous than hackers.
|
|
|
cyberterrorism
|
attacks launched by cyberterrorists that could cripple a nation's electronic and commercial infrastructure.
|
|
|
cyberterrorist
|
an attacker motivated by ideology to attack computers or infrastructure networks.
|
|
|
exploit
|
to take advantage of a vulnerability.
|
|
|
Gramm-Leach-Bliley Act (GLBA)
|
A US federal act that requires private data to be protected by banks and other financial institutions.
|
|
|
hacker
|
anyone who illegally breaks into or attempts to break into a computer system; A person who uses advanced computer skills to attack computers but not with malicous intent.
|
|
|
Health Insurance Portability and Accountability Act (HIPAA)
|
A US federal act that requires health care nenterprises to guard protected health information.
|
|
|
identity theft
|
using someone's personal information, such as a SSN to establish bank or credit card accounts that are then left unpaid, leaving the victim with the debts and ruining their credit rating.
|
|
|
information assurance (IA)
|
a superset of information security, including security issues that do not involve computers.
|
|
|
information security
|
the tasks of guarding information that is in a digital format. more specifically, that which protects the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures.
|
|
|
integrity
|
ensures that the information is correct and no unauthorized person or malicious software has altered that data.
|
|
|
risk
|
the likelihood that a threat agent will exploit a vulnerability.
|
|
|
Sarbanes-Oxley Act (Sarbox)
|
A US federal act that enforces reporting requirements and internal controls on electronic financial reporting systems.
|
|
|
script kiddie
|
an unskilled user who downloads automated attack software to attack computers.
|
|
|
signature-based defense
|
a method that identifies malware on a computer by matching it to an antivirus signature file.
|
|
|
spy
|
a person who has been hired to break into a computer and steal information.
|
|
|
threat
|
an event or action that may defeat the security measures in place and result in a loss.
|
|
|
threat agent
|
a person or thing that has the power to carry out a threat.
|
|
|
USA Patriot Act
|
A US federal act that broadens the surveillance of law enforcement agencies to enhance the detection and suppression of terrorism.
|
|
|
vulnerability
|
a weakness that allows a threat agent to bypass security.
|
|
|
zero-day attack
|
an attack that occurs when an attacker discovers and exploits a previously unknown flaw, providing "zero days" of warning.
|
|
|
adware
|
a software program that delivers advertising content in a manner that is unexpected and unwanted by the user
|
|
|
Basic Input/Output System (BIOS)
|
a coded program embedded on a processor chip that recognizes and controls different devices on the computer system..
|
|
|
boot virus
|
a virus that infects the Master Boot Record (MBR) of a hard disk drive.
|
|
|
bot herder
|
an attacker who controls several botnets.
|
|
|
botnet
|
a group of zombie computers that are under the control of an attacker.
|
|
|
cells
|
the coverage areas for cellular communications
|
|
|
cellular telphones
|
portable communications devices that function in a manner unlike wired telephones.
|
|
|
channels
|
Internet Relay Chat discussion forums.
|
|
|
companion virus
|
a virus that adds a program to the operating system that is a copycat "companion" to a legitimate program.
|
|
|
EEPROM (Electrically erasavle Programmable Read-Only Memory)
|
Nonvolatile computer memory that can be electrically erased and rewritten repeatedly.
|
|
|
file infector virus
|
a virus that infects program executable files with an .EXE or .COM file extension.
|
|
|
flash memory
|
a type of nonvolatile computer memory that can be electrically erased and rewritten repeatedly.
|
|
|
flashing
|
the process for rewriting the contents of the BIOS.
|
|
|
bot herder
|
an attacker who controls several botnets.
|
|
|
botnet
|
a group of zombie computers that are under the control of an attacker.
|
|
|
cells
|
the coverage areas for cellular communications
|
|
|
cellular telphones
|
portable communications devices that function in a manner unlike wired telephones.
|
|
|
channels
|
Internet Relay Chat discussion forums.
|
|
|
companion virus
|
a virus that adds a program to the operating system that is a copycat "companion" to a legitimate program.
|
|
|
EEPROM (Electrically erasavle Programmable Read-Only Memory)
|
Nonvolatile computer memory that can be electrically erased and rewritten repeatedly.
|
|
|
file infector virus
|
a virus that infects program executable files with an .EXE or .COM file extension.
|
|
|
flash memory
|
a type of nonvolatile computer memory that can be electrically erased and rewritten repeatedly.
|
|
|
flashing
|
the process for rewriting the contents of the BIOS.
|
|
|
geometric variance
|
spam that uses "speckling" and different colors so that no two spam e-mails appear to be the same.
|
|
|
GIF layering
|
spam that is divided into multiple images but still creates a legible message.
|
|
|
guest system
|
a forgein virtual operating system.
|
|
|
host system
|
the native operating system to the hardware
|
|
|
hypervisor
|
software that runs on a physical computer and manages one or more virtual machine operating systems.
|
|
|
image spam
|
spam that uses graphical images of text to circumvent text-based spam filters.
|
|
|
instant messaging
|
a method of online communication like e-mail except that it is conducted instantaneously in real time.
|
|
|
IRC Internet Relay Chat
|
an open communication protocol that is used for real-time "chatting" with other IRC users over the Internet. Also used to control zombies.
|
|
|
keylogger
|
a small hardware device or a program that monitors each keystroke a user types on the computer's keyboard.
|
|
|
live migration
|
technology that enables a virtual machine to be moved to a different physical computer with no impact to the users.
|
|
|
load balancing
|
balancing processing load among several servers; moving a virtual machine to another physical server with more RAM or CPU resources.
|
|
|
logic bomb
|
a computer program or a part of a program that lies dormant until it is triggered by a specific logical event.
|
|
|
macro
|
a series of commands and instructions that can be grouped as a single command.
|
|
|
macros virus
|
a virus written in a scripting language.
|
|
|
malware
|
malicious software that enters a computer system without the owner's knowledge or consent.
|
|
|
master boot record
|
an area on a hard disk drive that contains the program necessary for the computer to start up and a description of how the hard drive is organized.
|
|
|
metamorphic virus
|
a virus that alters how it appears to avoid detection
|
|
|
mobile telecommunications switching office (MTSO)
|
the link between the cellular network and the wired telephone world that controls all of the transmitters and base stations in the cellular network.
|
|
|
network attached storage
|
a single dedicated hard disk-based file storage device that provides centralized and consolidated disk storae that is available to LAN users through a standard network connection.
|
|
|
operating system virtualization
|
a virtualized environment in which an entire operating system environment is simulated.
|
|
|
partition table
|
a table on the hard drive that describes how the hard drive is organized.
|
|
|
polymorphic virus
|
a virus that changes how it appears and encrypts its contents differently each time.
|
|
|
privilege escalation
|
the act of exploiting a vulnerability in the software to gain access to resources that the user would normally be restricted from obtaining.
|
|
|
PROM - Programmable Read-Only Memory
|
A chip with which the contents can be overwritten to provide new functionality.
|
|
|
Read Only Memory
|
a chip that cannot be reprogrammed.
|
|
|
removable storage
|
devices, such as USB flash drives, that can store data from a computer and then be disconnected.
|
|
|
resident virus
|
a virus that is loaded into random access memory and can interrupt almost any function executed by the computer operating system and alter it.
|
|
|
rootkit
|
a set of software tools used by an intruder to break into a computer, obtain special privileges to perform unauthorized functions, and then hide all traces of its existence.
|
|
|
server virtualization
|
creating and managing multiple server operating systems.
|
|
|
spam
|
unsolicited e-mail.
|
|
|
spyware
|
a general term used to describe software that violates a user's personal security
|
|
|
storage Area network
|
a specialized high-speed network for attaching servers to storage devices
|
|
|
trojan horses
|
a program advertised as performing one activity but actually doing something else, or performing both the advertised and malicious activities.
|
|
|
virtual machine
|
a self-contained software environment.
|
|
|
virtualization
|
a means of managing and presenting computer resources by function without regard to their physical layout or location.
|
|
|
virus
|
a program that secretly attaches itself to a legitimate "carrier," such as a document or program, and then executes when that document is open or the program is launched.
|
|
|
word splitting
|
spam that horizontally separates words so that they can still be read by the human eye.
|
|
|
worm
|
a program that is designed to take advantage of a vulnerability in an application or an operating system to enter a system
|
|
|
zombie
|
computer under the control of an attacker.
|
|
|
Active Directory
|
Microsoft's directory service, which is a central database of all network resources, is used to manage the network and provide users with access to resources.
|
|
|
ActiveX
|
A set of technologies developed by Microsoft that specifies how applications should share information.
|
|
|
ActiveX controls
|
A specific way of implementing ActiveX; also called add-ons.
|
|
|
add-ons
|
A specific way of implementing ActiveX; also called ActiveX controls.
|
|
|
address space layout randomization (ASLR)
|
A windows vista feature that randomly assigns executable operating system code to different possible locations in memory
|
|
|
antispyware
|
software that helps prevent computers from becoming infected by different types of spyware
|
|
|
antivirus
|
software that can scan a computer for infections as well as monitor computer activity and scan all new documents, such as e-mail attachments, that might contain a virus.
|
|
|
automated patch update service
|
a locally managed patch update service that is used to distribute patches instead of relying upon the vendor's online update service.
|
|
|
Bayesian filtering
|
an advanced method for detecting spam.
|
|
|
bittorrent
|
a type of p2p network that maximizes transfer speeds by gathering pieces of a file and downloading them separately.
|
|
|
blacklist
|
a list of senders for which the user does not want to receive e-mail.
|
|
|
buffer overflow
|
a process that attempts to store data in random access memory beyond the boundaries of a fixed length storage buffer.
|
|
|
chat
|
instant messaging between several users simultaneously.
|
|
|
configuration baseline
|
operating system configurations settings that will be used for each computer in the organization.
|
|
|
cookie
|
user-specific information stored in a file on the user's loca computer by a web browser.
|
|
|
cross site scripting
|
using client-side scripts typically written in JavaScript that are designed to extract information from the victim and then pass the information to the attacker.
|
|
|
Data execution prevention (DEP)
|
A windows feature that uses a CPU's ability to mark sections of a computer's memory as exclusively for data and not for code.
|
|
|
definition files
|
antivirus update files; also known as signature files.
|
|
|
firewall
|
hardware or software designed to prevent malicous packets from entering or leaving the computers; sometimes called a packet filter.
|
|
|
first-party cookie
|
a cookie that is created from the web site that a user is currently viewing.
|
|
|
Group Policies
|
a microsoft windows feature that provides centralized management and configuration of computers.
|
|
|
Host intrusion detection systems (HIDS)
|
software that attempts to monitor and possibly prevent attempts to intrude into a system and network resources.
|
|
|
hotfix
|
a software update that addresses a specific customer situation and often may not be distributed outside that customer's organization.
|
|
|
IMAP4
|
the current version of internet mail access protocol (IMAP).
|
|
|
input validation
|
verifying user input.
|
|
|
java
|
a complete object-oriented programming language created by sun microsystems that can be used to create standalone applications.
|
|
|
java applet
|
a type of smaller java program
|
|
|
javascript
|
a programming scripting language developed by netscape.
|
|
|
kernel
|
part of the operating system that is responsible for managing the system resources.
|
|
|
mx (mail exchange) record
|
an entry in the domain name system that identifies the mail server responsible for handling that domain name.
|
|
|
nx (no eXecute)
|
a bit setting to designate a part of memory to contain only data, not executable code.
|
|
|
packet filter
|
another name for a firewall.
|
|
|
patch
|
a general software security update intended to cover vulnerabilities that have been discovered.
|
|
|
personal software firewall
|
software that runs as a program on a local system to protect it against attacks.
|
|
|
pop3
|
the current version of Post Office Protocol
|
|
|
sandbox
|
a restrictive fence that surrounds a java program and keeps it awway from private data and other resources on a local computer.
|
|
|
scripting language
|
a computer programming language that is typically interpreted into a language the computer can understand without the need f a compiler.
|
|
|
security policy
|
a document or series of documents that clearly defines the defense mechanisms an organization will employ to keep information secure.
|
|
|
security template
|
a method to configure a suite of configuration baseline security settings.
|
|
|
service pack
|
a cumulative package of all security updates plus additional features.
|
|
|
signature files
|
antivirus update files; also known as definition files.
|
|
|
signed java applet
|
a java applet from a trusted source
|
|
|
smtp open relay
|
an uncontrolled smtp relay
|
|
|
smtp relay
|
forwarding e-mail sent from an email client to a remote domain through an smtp server.
|
|
|
snap-in
|
a software modue that provides administrative capabilities for a device.
|
|
|
sql injection
|
an injection attack that uses structered query language
|
|
|
swarm
|
downloading parts of a bittorrent file simultaneously from multiple users.
|
|
|
third-party cookie
|
a cookie that is used by a web site other than the site that created it.
|
|
|
torrents
|
active internet connections that download a specific file through a bittorrent.
|
|
|
tracker
|
a server program operated by the person or organization who wants to share a bittorrent file.
|
|
|
anomaly-based monitoring
|
a process for detecting attacks by observing statistical anomalies.
|
|
|
audit
|
a methodical examination and review that produces a detailed report of its findings.
|
|
|
audit records
|
operating system logs that contain only security event information
|
|
|
baseline
|
a reference set of data against which operational data is compared.
|
|
|
behavior-based monitoring
|
monitoring that uses the "normal" processes and actions as the standard by which attacks are compared.
|
|
|
change management team (CMT)
|
a group of personnel within an organization who oversee changes.
|
|
|
data classification
|
the process of assigning a level of business importance, availability, sensitivity, security, and regualtion requirements to data.
|
|
|
discover
|
part of the pretrial phase of a lawsuit in which each party through the law of civil procedure can request documents and evidence.
|
|
|
event
|
an occurrence within a software system that is communicated to users or other programs outside the operating system.
|
|
|
false positives
|
alarms that are raised when there is no actual abnormal behavior.
|
|
|
information lifecycle management (ILM)
|
a set of strategies for administering, maintaining, and managing computer storage systems to retain data.
|
|
|
inheritance
|
the process by which permissions given to a higher-level "parent" are passed down to a lower-level "child"
|
|
|
log
|
a record of events that occur.
|
|
|
log entries
|
information in a log that contains information related to a specific event that has occured
|
|
|
log management
|
the process for generating, transmitting, storing, analyzing, and disposing of computer security log data.
|
|
|
performance baseline
|
a baseline that is established to create the "norm" of performance.
|
|
|
performance monitors
|
hardware or software through which data is accumulated on the normal operations of the systems and networks.
|
|
|
privilege auditing
|
reviewing a subject's privileges over and object.
|
|
|
privilege management
|
process of assigning and revoking privileges to objects; it covers the procedures of managing object authorizations.
|
|
|
signature-based monitoring
|
monitoring that compares activities against a predefined signature.
|
|
|
storage and retention policies
|
policies that outline the requirements for data storage.
|
|
|
system events
|
operational actions that are performed by the operating system.
|
|
|
system monitoring
|
a low-level systme program that uses a notification engine designed to monitor and track down hidden activity on a desktop system, server, pda or cell phone.
|
|
|
usage auditing
|
the process of examining whihc subjects are accessing specific objects and how frequently.
|
