Cybersecurity Course 6 Vocabulary Flashcards

A complete set of vocabulary flashcards covering terms and definitions from Cybersecurity Course 6, including incident response, networking, and log analysis.

Business continuity plan (BCP)

A document that outlines the procedures to sustain business operations during and after a significant disruption

Command-line interface (CLI)

A text-based user interface that uses commands to interact with the computer

Advanced persistent threat (APT)

An instance when a threat actor maintains unauthorized access to a system for an extended period of time

Analysis

The investigation and validation of alerts

Anomaly-based analysis

A detection method that identifies abnormal behavior

Array

A data type that stores data in a comma-separated ordered list

Broken chain of custody

Inconsistencies in the collection and logging of evidence in the chain of custody

Chain of custody

The process of documenting evidence possession and control during an incident lifecycle

Command and control (C2)

The techniques used by malicious actors to maintain communications with compromised systems

Configuration file

A file used to configure the settings of an application

Endpoint detection and response (EDR)

An application that monitors an endpoint for malicious activity

Eradication

The complete removal of the incident elements from all affected systems

Common Event Format (CEF)

A log format that uses key-value pairs to structure data and identify fields and their corresponding values

Computer security incident response teams (CSIRT)

A specialized group of security professionals that are trained in incident management and response

Containment

The act of limiting and preventing additional damage caused by an incident

Crowdsourcing

The practice of gathering information using public collaboration

Data exfiltration

Unauthorized transmission of data from a system

Data packet

A basic unit of information that travels from one device to another within a network

Detection

The prompt discovery of security events

Documentation

Any form of recorded content that is used for a specific purpose

Endpoint

Any device connected on a network

Event

An observable occurrence on a network, system, or device

False negative

A state where the presence of a threat is not detected

False positive

An alert that incorrectly detects the presence of a threat

Final report

Documentation that provides a comprehensive review of an incident

Key-value pair

A set of data that represents $2$ linked items: a key, and its corresponding value

Honeypot

A system or resource created as a decoy vulnerable to attacks with the purpose of attracting potential intruders

Host-based intrusion detection system (HIDS)

An application that monitors the activity of the host on which it’s installed

Incident

An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies

Incident handler’s journal

A form of documentation used in incident response

Incident response plan

A document that outlines the procedures to take in each step of incident response

Indicators of attack (IoA)

The series of observed events that indicate a real-time incident

Indicators of compromise (IoC)

Observable evidence that suggests signs of a potential security incident

Internet Protocol (IP)

A set of standards used for routing and addressing data packets as they travel between devices on a network

Intrusion detection system (IDS)

An application that monitors system activity and alerts on possible intrusions

Intrusion prevention system (IPS)

An application that monitors system activity for intrusive activity and takes action to stop the activity

Lessons learned meeting

A meeting that includes all involved parties after a major incident

Log management

The process of collecting, storing, analyzing, and disposing of log data

Network protocol analyzer (packet sniffer)

A tool designed to capture and analyze data traffic within a network

Log analysis

The process of examining logs to identify events of interest

Logging

The recording of events occurring on computer systems and networks

Media Access Control (MAC) Address

A unique alphanumeric identifier that is assigned to each physical device on a network

National Institute of Standards and Technology (NIST) Incident Response Lifecycle

A framework for incident response consisting of $4$ phases: Preparation; Detection and Analysis; Containment, Eradication, and Recovery; and Post-incident activity

Network-based intrusion detection system (NIDS)

An application that collects and monitors network traffic and network data

Network data

The data that’s transmitted between devices on a network

Network Interface Card (NIC)

Hardware that connects computers to a network

Network traffic

The amount of data that moves across a network

Object

A data type that stores data in a comma-separated list of key-value pairs

Packet sniffing

The practice of capturing and inspecting data packets across a network

Post-incident activity

The process of reviewing an incident to identify areas for improvement during incident handling

Resilience

The ability to prepare for, respond to, and recover from disruptions

Search Processing Language (SPL)

Splunk’s query language

Security information and event management (SIEM)

An application that collects and analyzes log data to monitor critical activities in an organization

Signature

A pattern that is associated with malicious activity

Open-source intelligence (OSINT)

The collection and analysis of information from publicly available sources to generate usable intelligence

Packet capture (p-cap)

A file containing data packets intercepted from an interface or network

Playbook

A manual that provides details about any operational action

Recovery

The process of returning affected systems back to normal operations

Root user (or superuser)

A user with elevated privileges to modify the system

Security operations center (SOC)

An organizational unit dedicated to monitoring networks, systems, and devices for security threats or attacks

Security orchestration, automation, and response (SOAR)

A collection of applications, tools, and workflows that uses automation to respond to security events

Signature analysis

A detection method used to find events interest

Sudo

A command that temporarily grants elevated permissions to specific users

tcpdump

A command-line network protocol analyzer

Suricata

An open-source intrusion detection system and intrusion prevention system

VirusTotal

A service that allows anyone to analyze suspicious files, domains, URLs, and IP addresses for malicious content

Standards

References that inform how to set policies

Telemetry

The collection and transmission of data for analysis

Threat hunting

The proactive search for threats on a network

Threat intelligence

Evidence-based threat information that provides context about existing or emerging threats

Triage

The prioritizing of incidents according to their level of importance or urgency

True negative

A state where there is no detection of malicious activity

True positive

An alert that correctly detects the presence of an attack

Wildcard

A special character that can be substituted with any other character

Wireshark

An open-source network protocol analyzer

YARA-L

A computer language used to create rules for searching through ingested log data

Zero-day

An exploit that was previously unknown