CIS 136 Final Exam Review

geographical dispersal

The process of placing compute assets in strategic locations to ensure the ability to recover in case of an attack or natural disaster.

disk redundancy

The principle behind writing data to two or more disks at the same time.

network redundancy

The process of adding additional instances of network devices and connections to help ensure network availability and decrease the risk of failure.

Redundant Array of Inexpensive Disks (RAID)

A technology that ensures that a disk failure does not lead to lost data.

multipath

The multiple physical routes established for storage. For example, multipath I/O defines more than one physical path between the CPU in a computer and its mass-storage devices through the buses, controllers, and bridge devices connecting them.

network interface card (NIC) teaming

The process of combining two or more network interfaces to increase network capacity.

generator

A device that provides power to spaces and other devices during complete power loss, blackouts, or in areas where standard electrical service isn’t available.

dual supply

The power that is supplied to the building via multiple paths. It ensures a single path failure does not interrupt power to the building.

managed power distribution unit (PDU)

Essentially, a power strip with multiple outputs designed to distribute electric power, especially designed to deliver power to racks of computers and networking equipment located within a data center.

replication

The process of copying data from one system to another so that a specific data set is in one or more locations.

storage area networks (SANs)

The most common storage networking architecture used by enterprises for business-critical applications that need to deliver high throughput and low latency. By storing data in centralized shared storage, SANs enable organizations to apply consistent methodologies and tools for security, data protection, and disaster recovery.

virtual machine (VM)

A computer file, typically called an image, that behaves like an actual computer.

full backups

The process of creating one or more full copies of all data in a specific set/system.

incremental backups

A series of backup data sets in which daily changes to the data are compared to the state of the data on the previous day. They all have to be applied to the original full backup copy to come up with an up-to-date full backup copy.

snapshot backups

Duplicate copies primarily used to restore a system, virtual machine, and disk or drive to an operational state and to serve as the system’s restore point when the snapshot was taken.

differential backups

The data backups that preserve data, saving only the difference in the data since the last full backup.

tape backups

A magnetic tape or tape cartridges used as storage devices that can hold enormous amounts of data.

disk backups

A data backup and recovery method that backs up data to a hard disk storage unit.

copy backups

The methodology of making a copy of a set of backups.

NAS (network-attached storage) backups

The backups that are copied over the network to a storage array.

cloud backups

The duplicate copies of your computer or entire set of computers saved to cloud-based storage services.

image backups

The images of your entire operating system, including files, executable programs, and OS configurations. With an image backup, you can restore a single file, directory, or entire disk to the same or another device or to a virtual machine.

online vs. offline backups

An online backup places your files onto spare backup data servers. It is called an online backup because it uses the Internet to transfer files. The offline backup is a cold backup. A cold backup is performed while the database is offline and unavailable to its users.

offsite storage backups

The process of ensuring redundancy and protection by securing your data at a remote server away from your premises.

revert to known state

A process in which the desired outcome is to take a system back to a prior moment in time or state of existence.

last known-good configuration

The configuration of a system made just before a problem started.

live boot media

A USB flash drive or external hard disk drive containing a full operating system that can be booted to.

high availability

A characteristic of a system that aims to ensure an agreed level of operational performance, usually uptime, for a higher than normal period.

diversity

An adequate distance between primary and secondary (or backup) sites; this is an important disaster recovery term.

embedded systems

The microprocessor-based computer hardware systems with software that is designed to perform a dedicated function, either as an independent system or as a part of a larger system.

Raspberry Pi

A low-cost, credit-card-sized computer that plugs into a computer monitor, keyboard, and mouse.

Arduino

An open-source electronics platform based on easy-to-use hardware and software.

**Field-Programmable Gate Array (FPGA)**

An array of programmable logic blocks and a hierarchy of “reconfigurable interconnects” that allow the blocks to be “wired together.” Logic blocks can be configured to perform complex combinational functions, or merely simple logic gates such as the AND gate, OR gate, and NOT gate.

**supervisory control and data acquisition (SCADA)**

The systems capable of managing parts inventories for just-in-time manufacturing, regulating industrial automation and robots, and monitoring process and quality control.

**industrial control systems (ICS)**

The systems that monitor, control, sense, and warn engineers of all aspects of the processes in industrial plants.

logistics

The detailed organization, implementation, and management of the flow of things between points.

Internet of Things (IoT)

A system that is connected to a network or the Internet which is embedded with sensors, software, and other technologies. Examples of IoT systems include industrial control systems (ICS), sensors, thermostats, wearable systems, security cameras, and other systems exchanging data with other systems over the Internet.

sensors

The network devices that inspect network traffic.

smart devices

The devices ranging from A/C systems, garage doors, security systems, TVs, and so on that can be controlled for wired or wireless networks.

wearables

The devices such as smart watches, pedometers, glasses, 3D headsets, and smart clothing that are Internet-aware.

facility automation

A full-service commercial and industrial automatic control system for buildings, factories, and larger facilities.

smart meters

The electronic devices that record information such as consumption of electric energy, voltage levels, current, and power factor. Smart meters communicate the information of consumption behavior to the consumer, and electricity suppliers for system monitoring and customer billing.

**Voice over Internet Protocol (VoIP)**

A process for sending audio signals, primarily voice, over a data network, such as the Internet.

**heating, ventilating, and air conditioning (HVAC)**

The technology of indoor, building, and data center environmental comfort. Its goal is to provide thermal comfort and acceptable indoor air quality.

**multifunction printer (MFP)**

An office machine that incorporates the functionality of multiple devices in one, so as to have a smaller footprint specialized in document management, distribution, and production in a large office setting.

**real-time operating system (RTOS)**

An operating system intended to serve real-time applications that process data as it comes in, typically without buffer delays. Processing time requirements are measured in tenths of seconds or shorter increments of time.

**system on a chip (SoC)**

An integrated circuit that integrates all or most components of a computer system or other electronic system to perform a complete function.

5G

A fifth-generation advanced wireless network technology developed based on 802.11ac IEEE wireless standard.

**NarrowBand-Internet of Things (NB-IoT)**

An Internet of Things implementation based on low-power wide-area (LPWA) technology developed to enable a wide range of new IoT devices and services.

baseband radio

The original frequency range of transmission signal before it is modulated. It can also refer to the type of data transmission in which analog data is sent over a single nonmultiplex channel.

**subscriber identity module (SIM)**

An integrated circuit that is intended to securely store the international mobile subscriber identity (IMSI) number and its related key, which are used to identify and authenticate subscribers on mobile telephony devices like mobile phones and computers. It is widely known as a SIM card.

**Zigbee**

A specification that uses the 2.4 GHz band and a self-healing true mesh network. It was created on the IEEE’s 802.15.4 standard. Zigbee is intended as a simpler and less expensive wireless personal area network (WPAN) alternative to Bluetooth and Wi-Fi.

bollard

A standalone post used for physical security purposes. It is typically steel, short, and sturdy, and anchored in a hard surface such as concrete.

barricade

A defensive barrier constructed to stop or obstruct passage.

access control vestibule

The entries with panels built from prefabricated composite or metal that are used as a way to control ingress/egress of a building, allowing security to have visibility into persons accessing the facility. They can also be used to control the heat and airflow in their facilities.

motion recognition

The capability of newer cameras and software to recognize that something moved or changed position relative to its surroundings or the surroundings to the object.

object detection

A security camera functionality that enables cameras to evaluate and detect any new objects in a specific area, sometimes also employing facial recognition.

**closed circuit television (CCTV)**

video surveillance system that uses video cameras to monitor specific areas.

industrial camouflage

The use of blended images where the surrounding scenery and the camouflaged structure appear as one, with the goal to deceive passersby to believe the structure is something else entirely.

guards

The persons typically deployed at ingress/egress points with the goal of reducing tailgating, verifying identity of scanned ID cards, and ensuring property does not leave the premises.

\

robot sentries

The mechanized guards that provide a 24/7/365 watchman, continuously monitoring and alerting on differentials. Robot sentries report anything out of the normal to the manned security desk/office.

reception

The public-facing part of a business or organization, where a reception desk places a friendly face in front of a visitor, essentially a buffer zone away from strangers accessing anyone in the company. Receptionists vet the person attempting to gain access to the facility or a particular employee.

**two-person integrity/control**

An escort and an observer that are assigned to a particular person doing work in a high-risk area, such as a data center, where a single person can cause massive amounts of damage in a few minutes.

electronic locks

Locks that usually have a magnetic strike plate that is energized to keep the magnet engaged until authorization is given to disengage, thereby releasing the magnetic hold.

physical locks

The traditional locks designed to deter entry by unauthorized users who don’t have a key.

cable locks

The devices typically deployed to secure equipment to stable heavy equipment in a room that is not easily removed. For example, you would use a computer cable lock that connects a laptop computer to a desk or a projector to its cart or stand.

USB data blocker

A device that stops an attacker from connecting a USB drive to a computer and stealing data.

fire suppression

The act of extinguishing fires through the application of a substance.

Faraday cage

An enclosure designed to block any RF signals from entering or leaving, or having an effect on devices inside the cage.

air gap

A concept that refers to the gap or lack of connection between a computer and other networks. Because the computer isn’t directly connected to the network, it can’t be attacked through the network.

screened subnet

One or more routers or firewalls that provide controlled access to company assets like web servers. Previously known as demilitarized zone (DMZ).

**protected cable distribution system (PDS)**

A system designed to deter, detect, and/or make difficult physical access to the communication lines carrying data and/or voice communications.

hot aisle

In its simplest form, a type of data center design that involves lining up server racks in alternating rows with hot air exhausts facing one way and cold air intakes facing the other.

cold aisle

In a hot aisle/cold aisle data center design, the rows are composed of rack fronts.

pulping

A data destruction method where paper is first shredded and then reduced to pulp.

pulverizing

Grinding or shredding media and paper multiple times beyond recognition.

degaussing

A data destruction method involving the reduction or elimination of a magnetic field (or data) stored on tape and disk media such as computer and laptop hard drives, diskettes, reels, cassettes, and cartridge tapes.

digital signatures

Mathematical schemes for verifying the authenticity of digital messages or documents.

key length

The number of bits in an encryption algorithm’s key.

key stretching

A technique used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources (time and possibly space) needed to test each possible key.

key exchange

Also referred to as key establishment; a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm.

**elliptic-curve cryptography (ECC)**

An approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields.

perfect forward secrecy

A feature of specific key agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised.

**quantum cryptography**

The science of exploiting quantum mechanical properties to perform cryptographic tasks.

**post-quantum cryptography**

The use of cryptographic algorithms (usually public-key algorithms) that are thought to be secure against an attack by a quantum computer.

**ephemeral keys**

Cryptographic keys that can be used more than once within a single session, such as for broadcast applications, where the sender generates only one ephemeral key pair per message, and the private key is combined separately with each recipient’s public key.

authenticated mode

An encryption type that includes authentication (or authenticated encryption \[AE\]) and authenticated encryption with associated data (AEAD). With AE, the requirement is to both protect the privacy of the message and to ensure authenticity. A method for achieving both of these goals at the same time is called authenticated encryption.

unauthenticated mode

An encryption protocol that provides no authentication of the encrypted data.

counter mode

An encryption mode that uses an arbitrary number (the counter) that changes with each block of text encrypted. The counter is encrypted with the cipher, and the result is XOR’d (exclusive OR’d) into ciphertext. Because the counter changes for each block, the problem of repeating ciphertext that results from the Electronic Code Book method is avoided.

blockchain

A specific type of database. It differs from a typical database in the way it stores information; a blockchain stores data in blocks that are then chained together. As new data comes in, it is entered into a fresh block. Once the block is filled with data, it is chained onto the previous block, which makes the data chained together in chronological order.

public ledger

Information organized into a long chain of blocks. When a buyer and seller engage in a transaction, the blockchain verifies the authenticity of their accounts. This is done by using the public ledger and by checking if the funds are available to proceed with the transactions.

cipher suite

A set of algorithms that helps secure a network connection that uses Transport Layer Security (TLS). The set of algorithms that cipher suites usually contain includes a key exchange algorithm, bulk encryption algorithm, and message authentication code (MAC) algorithm.

stream cipher

A way of combining plaintext digits with a pseudorandom cipher digit stream, or keystream.

block cipher

An encryption method that applies a deterministic algorithm along with a symmetric key to encrypt a block of text instead of encrypting one bit at a time as in stream ciphers.

symmetric encryption

An encryption algorithm implementation that uses a single key that needs to be shared among the people who need to receive the message.

asymmetric encryption

A process that uses a public-key and private-key pair to encrypt and decrypt messages when communicating.

lightweight cryptography

An encryption method that features a small footprint and/or low computational complexity. It is aimed at expanding the applications of cryptography to constrained devices such as the ever-expanding IoT market.

**steganography**

The practice of hiding a secret message inside of or even on top of something that is not secret, such as an image, video, or audio file.

**audio steganography**

A technique used to transmit hidden information by modifying an audio signal in an imperceptible manner.

**video steganography**

A technique to hide any kind of file in a cover video file.