Every key term from the study guide â searchable and filterable.
A set of rules on a router or firewall that determines which traffic is permitted or denied.
A symmetric encryption algorithm; the current standard for data encryption. Available in 128, 192, and 256âbit key lengths.
The expected annual cost of a risk. Calculated as SLE Ă ARO.
A detection method that establishes a baseline of normal behavior and alerts on deviations.
How often a specific threat is expected to occur per year.
Resolves IP addresses to MAC addresses on a local network.
Encryption using a key pair (public and private). Data encrypted with one key can only be decrypted with the other.
The process of verifying the identity of a user, device, or system.
The assurance that systems and data are accessible when needed by authorized users.
A copy of data stored separately from the original for recovery purposes.
A network of compromised computers controlled remotely by an attacker.
An attack that tries every possible combination to guess a password or encryption key.
A trusted entity that issues and signs digital certificates.
The three core principles of information security: Confidentiality, Integrity, and Availability.
A method for allocating IP addresses and IP routing using variableâlength subnet masks.
Industryâstandard security configuration guidelines published by the Center for Internet Security.
Delivery of IT resources (compute, storage, networking) over the internet on a payâasâyouâgo basis.
A DR facility with basic infrastructure but no preâinstalled hardware or data.
An alternative security measure used when the primary control cannot be implemented.
The assurance that information is accessible only to authorized individuals.
A lightweight virtualization technology that packages an application with its dependencies, sharing the host OS kernel.
The Linux task scheduler that runs commands or scripts at specified intervals.
A standardized system for identifying and naming known security vulnerabilities.
A standardized method for rating vulnerability severity on a scale of 0.0 to 10.0.
A model describing the seven stages of a cyber attack, from reconnaissance to actions on objectives.
AIâgenerated synthetic media (audio/video) used for impersonation in social engineering attacks.
A security strategy that uses multiple layers of controls so no single failure compromises security.
Automatically assigns IP addresses and network configuration to devices.
A cryptographic technique providing authentication, integrity, and nonârepudiation.
A network segment between the internet and internal network, hosting publicâfacing services.
Translates domain names into IP addresses.
Malware that downloads automatically when visiting a compromised website without user interaction.
Agentâbased security monitoring and response for endpoints (workstations, servers).
The process of converting plaintext into ciphertext using an algorithm and key.
The percentage of an asset's value lost in a single incident.
When a security system fails to detect a real threat.
When a security system incorrectly identifies legitimate activity as malicious.
An authentication standard enabling passwordless login via WebAuthn and CTAP2 protocols.
Malware that operates entirely in memory without writing files to disk.
A network security device that monitors and controls traffic based on security rules.
A backup of all selected data, regardless of when it was last backed up.
A oneâway function that converts data into a fixedâlength value for integrity verification.
An intrusion detection system installed on individual hosts to monitor local activity.
A fully operational DR facility with realâtime data replication, providing the fastest recovery.
Software that creates and manages virtual machines. Type 1 runs on hardware; Type 2 runs on a host OS.
Cloud model providing virtualized computing resources; customer manages OS, apps, and data.
A system that monitors network or host activity and alerts on suspicious behavior (passive).
Backs up only data that has changed since the last backup of any type.
The assurance that data has not been altered or tampered with.
Observable evidence suggesting a system may have been compromised.
Like an IDS but also takes action to block or prevent detected threats (active, inline).
Software or hardware that records keystrokes to capture sensitive information.
See Cyber Kill Chain.
The principle that users should have only the minimum access necessary for their role.
Access control enforced by the system based on classification labels.
Malicious software designed to damage, disrupt, or gain unauthorized access to systems.
Authentication requiring factors from two or more different categories.
Average time between system failures.
Average time to fix a failed component or system.
Translates private IP addresses to a public IP for internet access.
A firewall combining stateful inspection, application awareness, IPS, and threat intelligence.
An IDS that monitors network traffic passing through a network segment.
US agency that develops cybersecurity frameworks, standards, and guidelines.
The assurance that a sender cannot deny sending a message (provided by digital signatures).
Cloud model providing a platform for developing and deploying applications.
A SQL query that separates code from data, preventing SQL injection attacks.
A FIDO2âbased passwordless credential using asymmetric cryptography; phishingâresistant.
The process of acquiring, testing, and applying software updates to fix vulnerabilities.
Authorized simulated attacks to identify exploitable vulnerabilities.
A social engineering attack using deceptive emails or websites to steal credentials.
The framework for managing digital certificates and publicâkey encryption.
Malware that encrypts files and demands payment for the decryption key.
Access control that assigns permissions based on organizational roles.
Malware that hides deep in the OS to maintain persistent, undetected access.
Maximum acceptable data loss, measured in time.
An asymmetric encryption algorithm used for digital signatures and key exchange.
Maximum acceptable downtime before systems must be restored.
Cloud model delivering applications over the internet (customer manages only their data).
The key exchange method used in WPA3 wireless security.
Isolating a program or process in a restricted environment to limit its access.
A list of all components and dependencies in a software product, used for supply chain security.
A family of cryptographic hash functions. SHAâ256 is the current standard.
Cloud security framework dividing responsibilities between the provider and customer.
A detection method matching activity against known attack patterns.
The cost of a single incident. Calculated as Asset Value Ă Exposure Factor.
Phishing via SMS text messages.
The most widely used openâsource IDS/IPS engine.
Platform that automates incident response workflows and integrates security tools.
A centralized facility for monitoring, detecting, and responding to security events.
Manipulating people into divulging information or performing actions that compromise security.
Phishing targeted at specific individuals using personalized information.
An attack that inserts malicious SQL into database queries through unsanitized input.
A Linux file permission that allows a program to run with the file owner's privileges.
An attack that targets trusted vendor relationships to distribute malicious code through legitimate channels.
Encryption using the same key for both encryption and decryption.
Encrypts an entire database at rest without requiring application changes.
Proactively searching for threats that have evaded existing security controls.
A protocol that provides encrypted communication between clients and servers.
Malware disguised as legitimate software.
Uses machine learning to detect anomalous user and device behavior indicating compromise.
A protocol that automatically configures network devices; a security risk when enabled.
Malware that attaches to files and requires user action to execute.
Phishing via voice/phone calls.
A logical network segment on a switch that isolates traffic.
An attack where malware breaks out of a virtual machine to access the hypervisor or host.
Uncontrolled creation of virtual machines that become unmanaged and potentially vulnerable.
Creates an encrypted tunnel for secure remote network access.
A weakness in a system that could be exploited by a threat.
A firewall that filters and monitors HTTP traffic to protect web applications.
A DR facility with hardware installed but requiring data restoration.
An obsolete, broken wireless security protocol. Never use.
A phishing attack specifically targeting senior executives.
Selfâreplicating malware that spreads across networks without user interaction.
A wireless security protocol using AES encryption. Acceptable minimum standard.
The latest wireless security protocol using SAE key exchange. Preferred standard.
Crossâlayer detection and response integrating endpoint, network, cloud, and email telemetry.
A web attack that injects malicious JavaScript into pages viewed by other users.
A vulnerability that is unknown to the vendor and has no available patch.
A security model based on 'never trust, always verify' regardless of network location.