Last 2 Exam Misses

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/102

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 6:17 PM on 7/8/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

103 Terms

1
New cards

Cross-Site Request Forgery

CSRF

2
New cards

CSRF

Authenticated browser is tricked into performing unwanted actions on a web application

3
New cards

session hijacking

Attacker takes over a valid user session often by stealing a session token or cookie

4
New cards

session token prediction

Attacker guesses or predicts weak session token values to take over a session

5
New cards

Common Vulnerabilities and Exposures

CVE

6
New cards

CVE

Standardized identifier used to consistently reference a known vulnerability

7
New cards

Common Vulnerability Scoring System

CVSS

8
New cards

CVSS

Scoring system used to rate vulnerability severity

9
New cards

CVE vs CVSS

One identifies the vulnerability; the other scores its severity

10
New cards

Infrastructure as Code

IaC

11
New cards

IaC

Infrastructure managed and provisioned using scripts code or automated configuration

12
New cards

Network Access Control

NAC

13
New cards

NAC

Controls network access by checking devices or users against security policies before allowing connection

14
New cards

Mobile Device Management

MDM

15
New cards

MDM

Centralized management of mobile devices including policies remote wipe encryption and compliance checks

16
New cards

Business Email Compromise

BEC

17
New cards

BEC

Targeted business email fraud involving invoices payments executives vendors or finance roles

18
New cards

Short Message Service

SMS

19
New cards

smishing

Social engineering using SMS text messages

20
New cards

vishing

Social engineering using voice calls

21
New cards

typosquatting

Using lookalike or misspelled domains to trick users

22
New cards

File Transfer Protocol

FTP

23
New cards

FTP

File transfer protocol using port 21

24
New cards

Simple Mail Transfer Protocol

SMTP

25
New cards

SMTP

Mail transport protocol commonly associated with port 25 and mail relay risk

26
New cards

Hypertext Transfer Protocol

HTTP

27
New cards

HTTP

Unencrypted web protocol using port 80

28
New cards

Web Application Firewall

WAF

29
New cards

WAF

Layer 7 web application control used to filter HTTP traffic and mitigate web app attacks

30
New cards

Intrusion Prevention System

IPS

31
New cards

IPS

Broader network prevention tool that detects and blocks malicious traffic

32
New cards

WAF vs IPS

One focuses on web application HTTP traffic; the other broadly blocks network threats

33
New cards

Mean Time to Repair

MTTR

34
New cards

MTTR

Average time needed to repair or restore a system after failure

35
New cards

Mean Time Between Failures

MTBF

36
New cards

MTBF

Average time between system failures

37
New cards

MTTR vs RTO

One is actual average repair time; the other is the recovery time target

38
New cards

Recovery Point Objective

RPO

39
New cards

RPO

Maximum acceptable data loss measured in time

40
New cards

Recovery Time Objective

RTO

41
New cards

RTO

Maximum acceptable time to restore a service after disruption

42
New cards

Open-Source Intelligence

OSINT

43
New cards

OSINT

Using publicly available information to gather intelligence about risks vulnerabilities or targets

44
New cards

Secure Multipurpose Internet Mail Extensions

S/MIME

45
New cards

S/MIME

Email certificate technology used to sign and encrypt email content

46
New cards

Simultaneous Authentication of Equals

SAE

47
New cards

SAE

WPA3 authentication method based on Diffie-Hellman style key agreement

48
New cards

Management Frame Protection

MFP

49
New cards

MFP

Wireless protection against eavesdropping forging and tampering with management frames

50
New cards

Wi-Fi Protected Access 3

WPA3

51
New cards

WPA3

Latest wireless security standard using SAE and stronger protections than WPA2

52
New cards

Personally Identifiable Information

PII

53
New cards

PII

Data that can identify a specific person directly or indirectly

54
New cards

General Data Protection Regulation

GDPR

55
New cards

GDPR

European Union privacy regulation focused on personal data rights and processing requirements

56
New cards

California Consumer Privacy Act

CCPA

57
New cards

CCPA

Broad California privacy law similar in approach to GDPR

58
New cards

Gramm-Leach-Bliley Act

GLBA

59
New cards

GLBA

Financial-sector privacy regulation rather than broad horizontal privacy law

60
New cards

Payment Card Industry Data Security Standard

PCI DSS

61
New cards

PCI DSS

Industry standard for protecting payment card data

62
New cards

Federal Information Security Management Act

FISMA

63
New cards

FISMA

US federal law focused on security requirements for federal information systems

64
New cards

database encryption

Encrypts an entire collection of database records while supporting efficient database operations

65
New cards

volume encryption

Protects an entire disk or storage volume rather than database-aware records and queries

66
New cards

resource provisioning

Allocating and adjusting hardware software infrastructure and compute resources based on need

67
New cards

user provisioning

Creating modifying and removing user accounts and access during the employee lifecycle

68
New cards

ad hoc assessment

Risk assessment performed as needed in response to a specific event threat or change

69
New cards

one-time assessment

Comprehensive point-in-time risk evaluation used as a baseline or independent review

70
New cards

continuous assessment

Ongoing risk monitoring or evaluation rather than a single scheduled review

71
New cards

recurring assessment

Risk review performed on a regular schedule such as monthly quarterly or annually

72
New cards

business continuity policy

Guidelines for keeping critical operations running during unexpected interruptions

73
New cards

incident response policy

Guidelines for detecting responding to containing and recovering from security incidents

74
New cards

fileless malware

Malware using memory command line WMI PowerShell or legitimate tools without obvious files on disk

75
New cards

hybrid warfare

State actor strategy combining espionage disinformation hacking diplomacy or soft power

76
New cards

national legal implications

Country-level laws and regulations governing how personal data must be handled

77
New cards

operational control

Day-to-day security process such as log monitoring backups media handling or configuration management

78
New cards

technical control

Technology-based security mechanism such as encryption firewalls access controls or IDS IPS

79
New cards

managerial control

Administrative oversight such as policies risk assessments planning and security governance

80
New cards

asset ownership

Assigning accountability for hardware software or data assets

81
New cards

data owner

Role that decides how data is used accessed classified and protected

82
New cards

data custodian

Role that manages and controls access to data based on owner-defined requirements

83
New cards

data processor

Entity that handles personal data according to another entity’s instructions

84
New cards

data controller

Entity that decides why and how personal data is processed

85
New cards

journaling

Tracks transactions and changes so recovery can occur to the exact point of failure

86
New cards

snapshot

Point-in-time capture of a system or data state

87
New cards

replication

Real-time or near-real-time duplication of data to another location

88
New cards

serverless

Running code without managing the underlying infrastructure

89
New cards

microservices

Application design using small independently deployable services

90
New cards

router

Layer 3 device used to route traffic between networks

91
New cards

bridge

Layer 2 device used to connect network segments

92
New cards

switch

Layer 2 device commonly used to connect devices within a LAN

93
New cards

hub

Layer 1 device that broadcasts traffic to all connected ports

94
New cards

cloud compute isolation

Separation between instances or workloads so one compromised instance does not affect another

95
New cards

external compliance reporting

Compliance status shared with outside stakeholders regulators or the public

96
New cards

internal compliance reporting

Compliance status shared with internal management

97
New cards

RAD

Fast prototyping and rapid application development methodology

98
New cards

Scrum

Agile framework using sprints roles and iterative delivery

99
New cards

availability of skilled personnel

Key factor for ongoing supportability of a security automation tool

100
New cards

data plane

Zero Trust component responsible for transmitting data after access decisions are made