Polishing

Mutation Testing

Introduces small code changes to test defenses; “break code on purpose”; static vs dynamic distinction.

Code Auditing

Manual review of code without executing it; “read-only inspection for errors.”

Event

Neutral observation in a system; could be anything; “just a logged action.”

Incident

An event causing negative impact requiring response; “employee using outdated privileges without malicious intent.”

Intrusion

Confirmed violation of CIA; malicious intent or compromise; “someone breaking into your house.”

Whitelisting

Only approved apps allowed; “VIP list; deny all else.”

Blacklisting

Block known bad; “banned list.”

Graylisting

Temporarily delay until verified; “probationary access.”

Bluelisting

Trust based on a community set; “club membership for trusted apps.”

Public Cloud

Open to anyone; multi-tenant; “hotel room anyone can book.”

Private Cloud

Exclusive to one org; “personal mansion.”

Community Cloud

Shared by orgs with common goals; “government consortium.”

Hybrid/Shared Cloud

Combination of cloud types; “timeshare style mix.”

RAID 0

Striping, fast, no redundancy; “all offense, no backup players.”

RAID 1

Mirroring; redundant; “two identical teams.”

RAID 5

Striping + parity; 1 disk tolerance; “backup notes for each play.”

RAID 6

Double parity; 2 disk tolerance; “double backup.”

RAID 10

Mirror of stripes; combination of performance + redundancy; “combo team.”

AES

Symmetric, 128/192/256-bit; “modern vault.”

DES

Symmetric, 56-bit; outdated; “rusty padlock.”

3DES

Symmetric, 112–168-bit; legacy; “reinforced old vault.”

RSA

Asymmetric, 1024–4096+ bits; “mailbox key.”

ECC

Asymmetric, strong per-bit efficiency; “compact smart lock.”

ISO Standards

International standards framework. “Global rulebook” – recognized internationally. Often referenced for organizational compliance and policy frameworks.

NIST Publications

US-specific technical guidance (SP 800 series). “Government playbook” – 800-series documents. Used for best practices, risk assessment, and security controls guidance.   

Zzuf

Fuzzing tool for testing software with unexpected input. “Throw spaghetti at the code” – detects buffer overflows. Focus on software security testing and vulnerability discovery.

Nessus

Vulnerability scanner for networks. “Security checklist scanner” – scans for system vulnerabilities. Often used in questions about network security audits or compliance checks.

Audit Logs

Records user/system activity (auth, file access). “Security diary” – tracks user actions. Look for tracking user behavior, auditing policy enforcement.

Trace Logs

Detailed sequence of program/system calls. “Black box flight recorder” – execution path tracking. Useful for incident investigation or debugging software/system behavior.

Qualitative Risk Analysis

Uses subjective scoring to assess risk (High/Medium/Low). “Risk feels” – no numeric calculations. Compare to quantitative for scenario questions: non-numeric, prioritization-based decisions.

RFC 1918 – 172.16.0.0/12

Private IPv4 address range. “Neighborhood block” – for internal network use. Used to identify internal vs external IPs; may appear in NAT/VLAN scenarios.

RFC 1918 – 192.168.0.0/16

Private IPv4 address range. “Apartment building” – for internal network use. Commonly used in home/small-office network examples.

Testimonial Evidence

Witness statements used in legal proceedings. “Eyewitness story” – relies on memory. Often compared with hearsay or real evidence in forensic questions.

Hearsay Rule

Second-hand statements usually inadmissible. “He said, she said” – not original evidence. Know distinction for chain-of-custody and evidence reliability.

Real Evidence

Physical objects used as evidence. “Weapon, hard drive” – tangible items. High reliability; often contrasted with testimonial evidence.

Parol Evidence Rule

Oral statements cannot override written contracts. “Words don’t beat the contract” – written contract supersedes oral statements. Appears in legal/regulatory scenario questions on agreements.

Workflow-based Provisioning

Account creation requires approval chain. “Follow the steps” – admin-controlled workflow. Compare to automated/self-service; often in identity management scenarios.

Automated Provisioning

Scripts or tools automatically create accounts. “Robot creates the access” – system-driven process. Fast deployment, may reduce errors but requires monitoring.

Discretionary Provisioning

Admin decides access individually. “Manager approval” – admin choice. Flexibility vs consistency tradeoff; often contrasted with automated/self-service.

Wave Pattern Detector

Detects movement using sound waves (ultrasonic/microwave). “Ultrasonic motion sensor” – motion-based detection. Frequently tested in physical security/IDS questions.

Capacitance Detector

Detects changes in an electrical field. “Touch-sensor motion” – electrical disturbance triggers alarm. Used in access detection, often indoors.

Heat-based Detector

Detects changes in temperature (body or fire). “Thermal motion sensor” – heat/thermal detection. Common in fire safety or intrusion detection scenarios.

Infrared Detector

Detects infrared radiation from objects. “Night vision beam” – IR-based motion. Often contrasted with wave pattern or heat detectors.

Application Logs

Records application-level events. “App diary” – software actions. Look for questions on app-level auditing or incident troubleshooting. 

Web Server Logs

Tracks HTTP requests and responses. “Web guestbook” – HTTP events. Often used in forensic or intrusion analysis scenarios.

System Logs

Records OS/system-level events. “Operating system diary” – kernel, auth events. Key for system auditing and incident investigations.

Facility Codes (Syslog)

Identifies the source of the log (kernel, mail, auth, etc.). “Who wrote the diary” – source of log entries. Often appears in questions involving log filtering or prioritization.

NAT

Translates private IP addresses to public and vice versa. “Translator for IP addresses” – internal ↔ external mapping. Appears in network architecture questions or firewall/NAT scenarios.

VLAN

Creates virtual segments within a network. “Virtual partition of network” – logical network segmentation. Used to separate traffic and enhance security.

Static Packet Filtering Firewall

Examines packet headers only; basic control. “Guard at the door” – layer 3–4 inspection. Compare to stateful or application-level firewalls; simple allow/deny rules.

Circuit-level Gateway

Monitors TCP handshakes for session validity. “Traffic cop” – session-level firewall. Often tested for session-based inspection vs packet header inspection.

Stateful Inspection Firewall

Tracks sessions and context to allow/deny traffic. “Memory-aware guard” – tracks stateful sessions. Know differences from static packet filtering and application-level gateway.

CBC (DES mode)

Each block depends on previous; chained encryption. “Paper chain” – sequential dependency. Understand block chaining, error propagation, and when it’s used vs ECB.

CFB / OFB (DES modes)

Converts block cipher to stream cipher. “Stream-like encryption” – stream-mode operation. Look for questions on converting block ciphers to stream for bit-level encryption.

Registration

Creates credentials/accounts after proofing. “Boarding pass issuance” – follows identity proofing. Appears in identity management scenario questions; distinguish from proofing.

Shortcut Trust

Trust between child domains in same forest. “Hallway shortcut” – single-forest link. Compare with forest/external/realm trust; affects authentication paths.

External Trust

Trust between separate organizational domains. “International border” – cross-organization domain link. Often tested in cross-domain authentication scenarios.

Realm Trust

Trust between Kerberos and AD realm. “Passport control” – cross-authentication realm. Appears in hybrid environments or mixed Kerberos/AD questions.