Question 1

What are Compensating Controls?

Accepted Answer

The management, operational, and technical controls (i.e., safeguards or countermeasures) employed by an organization in lieu of the recommended controls in the low, moderate, or high baselines, that provide equivalent or comparable protection for an information system.

Question 2

What are Countermeasures?

Accepted Answer

Actions, devices, procedures, techniques, or other measures that reduce the vulnerability of an information system. Synonymous with security controls and safeguards.

Question 3

What are Human Threats?

Accepted Answer

Possible disruptions in operations or breach of security controls resulting from intentional or unintentional human actions.

Question 4

What is 3G?

Accepted Answer

3G (Third Generation GSM) is often another name for UMTS (Universal Mobile Telecommunications System), a third generation mobile communications system. The 3GSM name emphasizes the combination of the 3G nature of the technology and the GSM standard that it is designed to succeed.

Question 5

What is 4G?

Accepted Answer

4G (Fourth Generation) is the fourth generation of mobile telecommunications technology. 4G adds mobile ultra- broadband internet access to mobile devices in addition to the usual voice and other data services provided by the earlier third generation (3G) technology. Two formats considered as 4G technologies are Mobile WiMAX and LTE.

Question 6

What is 6G?

Accepted Answer

6G is the sixth generation of wireless technology, will start where the 5G specifications end. A new generation happens about every 10 years, and 6g technology is expected to be available 2030. 6G is predicted to operate in higher frequencies–the terahertz (THz) spectrum–with lower latency than 5G. Because transmitting in the THz frequencies is best for short ranges only, cellular networks might become mesh networks using multiple base stations and smaller inexpensive antennas to create microcells that can be accessed concurrently by 6G devices, or by relying on smart devices and smart surfaces (internet of everything) as networking elements to create microcells, or some combination, leading to ambient connectivity. Mobile edge computing and core computing will certainly be completely integrated. Another theoretical solution is solving the full duplex transmission problem, which would allow two-way transmission on the same frequency, at the same time, doubling the capacity of current bandwidths. Using some or all of this new architecture, 6G networks are expected to support data rates of 1 terabit per second (Tbps), that’s 1,000,000 Mbps.

Question 7

What is a Bot?

Accepted Answer

A computer bot – which is short for robot – is a software application programmed to execute specific tasks as part of another computer program or to simulate human activity. Bots are designed to automate tasks on their own without human intervention, thus eliminating cumbersome manual processes. These tasks are often highly repetitive and predefined and can be done far more quickly, reliably and accurately than a human.

Question 8

What is a Botnet?

Accepted Answer

Botnet, a term derived from "robot network," refers to an assembly of computers that malware has compromised. These infected machines, individually known as "bots," are remotely controlled by an attacker, often referred to as the "bot-herder." This network of bots can launch synchronized, large-scale attacks on targeted systems or networks. Given that a botnet can incorporate millions of bots, the bot-herder has the capacity to execute substantial and highly impactful criminal operations.Bot-herders typically control the botnet remotely through a command-and-control server. This allows them to steal personal data and passwords, propagate spam messages, or launch other types of attacks, such as DDoS attacks, taking maximum advantage of the computing and bandwidth resources made available through the botnet.

Question 9

What is a Breach?

Accepted Answer

A security breach is any incident that results in unauthorized access of data, applications, services, networks and/or devices by bypassing their underlying security mechanisms. A security breach occurs when an individual or an application illegitimately enters a private, confidential or unauthorized logical IT perimeter.

Question 10

What is a Central Log Management System?

Accepted Answer

A system that allows the central collection of system event messages (i.e., system logs) from various computing devices.

Question 11

What is a Certificate?

Accepted Answer

A set of data that uniquely identifies an entity, contains the entity’s public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity. Additional information in the certificate could specify how the key is used and its crypto period.

Question 12

What is a Chain of Custody?

Accepted Answer

A process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date/time it was collected or transferred, and the purpose for the transfer.

Question 13

What is a Command and Control Server?

Accepted Answer

Centralized machines that are able to send commands and receive outputs of machines part of a botnet. Anytime attackers who wish to launch a DDoS attack can send special commands to their botnet’s C&C servers with instructions to perform an attack on a particular target, and any infected machines communicating with the contacted C&C server will comply by launching a coordinated attack.

Question 14

What is a Console?

Accepted Answer

A program that provides user and administrator interfaces to an intrusion detection and prevention system.

Question 15

What is a Content Delivery Network (CDN)?

Accepted Answer

A globally distributed network of proxy servers deployed in multiple data centers. The goal of a CDN is to serve content to end users with high availability and high performance.

Question 16

What is a Cyber Attack?

Accepted Answer

Actions, devices, procedures, techniques, or other measures that reduce the vulnerability of an information system. Synonymous with security controls and safeguards.

Question 17

What is a Data Breach?

Accepted Answer

A network breach is when unauthorized access to the network has occurred as a result of bypassing underlying security mechanisms. This could be someone coming through the firewall or entering the network via a phishing email.

A data breach happens after a network breach, when an individual or an application illegitimately enters a private, confidential or unauthorized logical IT perimeter and steals confidential or unauthorized data such as private consumer information, credit cards, IP etc.

Question 18

What is a Decoder?

Accepted Answer

A decoder that captures network packets.

Question 19

What is a Digital Signature?

Accepted Answer

An asymmetric key operation where the private key is used to digitally sign data and the public key is used to verify the signature. Digital signatures provide authenticity protection, integrity protection, and non-repudiation.

Question 20

What is a Distributed Denial of Service (DDoS) Attack?

Accepted Answer

DDoS is an attempt to exhaust the resources available to a network, application, or service so that genuine users cannot gain access. A Denial of Service technique that uses numerous hosts to perform the attack.

Question 21

What is a DNS Water Torture DDoS Attack?

Accepted Answer

In a DNS Water Torture DDoS attack, the attacker overwhelms the Domain Name System (DNS) server with a large volume of requests for non-existent or invalid records. In most cases, these state exhaustion DDoS attacks will be handled by a DNS Proxy server, which will then use up most, if not all, of its resources querying the DNS Authoritative server with these records. This will, in most cases, result in both the DNS Proxy server and the DNS Authoritative server using up all their time handling those bad requests, slowing response for legitimate requests and eventually, stopping responses all together.

Question 22

What is a Domain Name System (DNS)?

Accepted Answer

A naming system for computers, services, or any resource connected to the internet or private network. It associates various information with domain names assigned to each of the participating entities.

Question 23

What is a False Negative?

Accepted Answer

An instance in which an intrusion detection and prevention technology fails to identify malicious activity as being such.

Question 24

What is a False Positive?

Accepted Answer

An instance in which an intrusion detection and prevention technology incorrectly identifies benign activity as being malicious.

Question 25

What is a Hacker?

Accepted Answer

Unauthorized user who attempts to or gains access to an information system.

Question 26

What is a Honey Pot?

Accepted Answer

A system (e.g., a Web server) or system resource (e.g., a file on a server) that is designed to be attractive to potential crackers and intruders and has no authorized users other than its administrators.

Question 27

What is a Hybrid Network?

Accepted Answer

Any computer network that uses more than one type of connecting technology or topology is a hybrid network.

Question 28

What is a Large Payload Post DDoS Attack?

Accepted Answer

A Large Payload Post is a class of HTTP DDoS attack where the attacker abuses XML encoding used by webservers. In this type of DDoS attack, a webserver is sent a data structure encoded in XML, which the server then attempts to decode, but is compelled to use an excessive amount of memory, thus overwhelming the system and crashing the service. These types of DDoS attacks are also referred to as “Oversize Payload Attacks” or “Jumbo Payload Attacks."

Question 29

What is a Low and Slow DDoS Attack?

Accepted Answer

A Low and Slow DDoS attack, also known as a slow-rate attack, involves what appears to be legitimate traffic at a very slow rate. This type of state exhaustion DDoS attack targets application and server resources and is difficult to distinguish from normal traffic. Common attack tools include Slowloris, Sockstress, and R.U.D.Y. (R U Dead Yet?), which create legitimate packets at a slow rate, thus allowing the packets to go undetected by traditional mitigation strategies. Low and slow attacks are often HTTP focused but can also involve Long-Lived TCP sessions (slow transfer rates) that attack any TCP-based service.

Question 30

What is a Mimicked User Browsing DDoS Attack?

Accepted Answer

A Mimicked User Browsing DDoS attack involves botnets that pose as legitimate users attempting to access a website. A sufficiently high volume of these bots will ultimately overwhelm the target website causing it to crash, or making it impossible for legitimate traffic to get through. The common motive behind such DDoS attacks may be financial or political.

Question 31

What is a private 5G network?

Accepted Answer

A private 5G network is a local area network (LAN) that will use 5G technologies to create a dedicated network with unified connectivity, optimized services, and a secure means of communication within a specific area. It will deliver the speed, latency and other benefits promised by 5G to support next-generation applications.

Question 32

What is a Probe?

Accepted Answer

A system component that monitors and analyzes network activity and may also perform prevention actions.

Question 33

What is a Reflection/Amplification DDoS Attack?

Accepted Answer

The Domain Name System (DNS) is a database that stores internet domain names and further translates them into IP addresses. A DNS reflection/amplification distributed denial-of-service (DDoS ) attack is a common two-step DDoS attack in which the attacker manipulates open DNS servers. The cybercriminal first uses a spoofed IP address to send massive requests to DNS servers. The DNS server then replies to the request, creating an attack on the target victim. The size of these attacks is larger than the spoofed request, resulting in large amounts of traffic going to the victim server. The attack often results in complete inaccessibility of data for a company or organization.

Question 34

What is a Sensor?

Accepted Answer

An intrusion detection and prevention system component that monitors and analyzes network activity and may also perform prevention actions.

Question 35

What is a Service Provider (SP)?

Accepted Answer

Designed for Service Providers, SP provides comprehensive network visibility and reporting capabilities to help providers detect and understand availability threats, and improve traffic engineering, peering relationships and service performance. SP can also help Service Providers grow their business by serving as a platform for managed DDoS protection services.

Question 36

What is a Signature?

Accepted Answer

A recognizable, distinguishing pattern associated with an attack, such as a binary string in a virus or a particular set of keystrokes used to gain unauthorized access to a system.

Question 37

What is a SIM?

Accepted Answer

SIM (Subscriber Identity Module) is part of a removable integrated circuit smart card known as a SIM Card. They are used in mobile phones and mobile computers using hone connections to securely store the service-subscriber key (IMSI) used in identifying a subscriber. Since the SIM identifies the subscriber, not the device, a user can change phones by removing the SIM card from one mobile phone and inserting it into another mobile phone or broadband telephony device.

Question 38

What is a Slow Post DDoS Attack?

Accepted Answer

In a Slow Post DDoS attack, the attacker sends legitimate HTTP POST headers to a Web server. In these headers, the sizes of the message body that will follow are correctly specified. However, the message body is sent at a painfully low speed. These speeds may be as slow as one byte every two minutes. Since the message is handled normally, the targeted server will do its best to follow specified rules. As in a Slowloris attack, the server will subsequently slow to a crawl.

Question 39

What is a Slow Read DDoS Attack?

Accepted Answer

A slow read DDoS attack involves an attacker sending an appropriate HTTP request to a server, but then reading the response at a very slow speed, if at all. By reading the response slowly – sometimes as slow as one byte at a time – the attacker prevents the server from incurring an idle connection timeout.  Since the attacker sends a Zero window to the server, the server assumes the client is actually reading the data and therefore keeps the connection open. This has the cumulative effect of consuming server resources, thus preventing legitimate requests from going through.

Question 40

What is a Slowloris DDoS Attack?

Accepted Answer

Slowloris is an application layer DDoS attack which uses partial HTTP requests to open connections between a single computer and a targeted Web server, then keeping those connections open for as long as possible, thus overwhelming and slowing down the target. This type of DDoS attack requires minimal bandwidth to launch and only impacts the target web server, leaving other services and ports unaffected. Slowloris DDoS attacks can target many type of Web server software, but has proven highly-effective against Apache 1.x and 2.x.

Question 41

What is a State Exhaustion DDoS Attack?

Accepted Answer

State-exhaustion DDoS attacks, or resource exhaustion attacks, are primarily focused on taking down services or underlying network infrastructure which is responsible for delivering content to the end users. This might involve an attacker targeting DNS name servers with invalid name queries, thus resulting in increased load on the DNS infrastructure itself, disrupting service as users will no longer be able to connect to the services as the DNS name cannot be resolved to IP addresses. This DDoS attack vector was used in the DYN attack in 2016 which resulted in major web sites like Amazon, Twitter, Github and others becoming unavailable. The attacker might also target Transport Layer Security (TLS) endpoints, thereby resulting in legitimate users being unable to connect to the services. As the name suggests, these DDoS attacks target stateful devices such as Next Gen Firewalls with the intention of filling TCP State Tables with bogus connections. These DDoS attacks are typically employed by determined attackers who monitor and adjust their attacks for maximum impact.

Question 42

What is a SYN Flood DDoS Attack?

Accepted Answer

A SYN Flood is a common form of Denial-of-Service (DDoS) attack Denial-of-Service (DDoS) attack that can target any system connected to the Internet and providing Transmission Control Protocol (TCP) services (e.g. web server, email server, file transfer). A SYN flood attack is a type of TCP State-Exhaustion Attack that attempts to consume the connection state tables present in many infrastructure components, such as load balancers, firewalls, Intrusion Prevention Systems (IPS), and the application servers themselves. This type of DDoS attack can take down even high-capacity devices capable of maintaining millions of connections.

Question 43

What is a Threat Event?

Accepted Answer

An event or situation that has the potential for causing undesirable consequences or impact.

Question 44

What is a Threat?

Accepted Answer

Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

Question 45

What is a Threshold?

Accepted Answer

A value that sets the limit between normal and abnormal behavior.

Question 46

What is a Trojan Horse?

Accepted Answer

A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.

Question 47

What is a UDP Flood DDoS Attack?

Accepted Answer

A UDP flood is a form of volumetric Denial-of-Service (DoS) attack where the attacker targets and overwhelms random ports on the host with IP packets containing User Datagram Protocol (UDP) packets. In this type of attack, the host looks for applications associated with these datagrams. When none are found, the host issues a “Destination Unreachable” packet back to the sender. The cumulative effect of being bombarded by such a flood is that the system becomes inundated and therefore unresponsive to legitimate traffic. In a UDP flood DDoS attack, the attacker may also choose to spoof the IP address of the packets. This ensures that the return ICMP packets are not able to reach their host, while also keeping the attack completely anonymous.

Question 48

What is a Volumetric DDoS Attack?

Accepted Answer

Volumetric DDoS attacks are designed to overwhelm internal network capacity and even centralized DDoS mitigation scrubbing facilities with significantly high volumes of malicious traffic. These DDoS attacks attempt to consume the bandwidth either within the target network/service, or between the target network/service and the rest of the Internet.

Question 49

What is a Whitelist?

Accepted Answer

A list of discrete entities, such as hosts or applications, that are known to be benign.

Question 50

What is a Zero Day Exploit?

Accepted Answer

A zero-day exploit is a malicious computer attack that takes advantage of a security hole before the vulnerability is known. This means the security issue is made known the same day as the computer attack is released. In other words, the software developer has zero days to prepare for the security breach and must work as quickly as possible to develop a patch or update that fixes the problem.

Question 51

What is a Zero Trust Architecture?

Accepted Answer

Zero Trust Security Architecture is a set of security principles that are designed to provide comprehensive protection of digital assets, services, and communications in an environment that has increasingly become perimeter-less. This is accomplished by moving the defensive focus from static, network-based perimeters to one that focuses on users, resources, and assets. The zero trust model is the application of these principles based on the premise that no entity, whether inside or outside the network, should be trusted by default. This model assumes that an attacker is already present in the environment, whether it be via a device, user, or network location, and that an enterprise-owned environment is no different or more trustworthy than any non-enterprise-owned environment. Zero trust architecture is based on the idea of least privilege access, which means that access is granted to users and devices on a per-request basis, ensuring that users and devices have only the necessary access to perform their functions and often for only a finite period of time. This minimizes the attack surface and limits the damage that can be caused in the event of a data breach.

Question 52

What is a Zero-Day Attack?

Accepted Answer

A previously-unknown attack vector which has been observed for the first time in the context of an actual attack, vs. being discovered and characterized by security researchers prior to its employment by attackers.

Question 53

What is A-CDM?

Accepted Answer

A-CDM is Adaptive Common Data Model, a more advanced version of the legacy Common Data Model. A-CDM provides metrics and KPI s from flow data for a perspective from the application point of view and network information for a view from the network perspective. The Adaptive CDM data set provides both points of view that are essential in fully understanding the user experience.

Question 54

What is Access Control Entry?

Accepted Answer

Access Control Entry (ACE) is a specific entry in an access control list.

Question 55

What is Access Control?

Accepted Answer

The process of granting or denying specific requests to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities (e.g., federal buildings, military establishments, and border crossing entrances).

Question 56

What is Active Threat Level Analysis System (ATLAS)?

Accepted Answer

Active Threat Level Analysis System. ATLAS is Arbor’s process for collecting and analyzing campaign-based security events. Arbor collects a broad store of attack data from hundreds of sources who have agreed to share anonymous traffic data with more than 120Tbps of Internet traffic. Allows Arbor to deliver intelligence about DDoS malware, campaigns, and Botnets that threaten Internet infrastructure and network availability.

Question 57

What is Advanced Persistent Threat (APT)?

Accepted Answer

An adversary that possesses sophisticated levels of expertise and significant resources, which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives.

Question 58

What is an Access Control List?

Accepted Answer

A list of permissions associated with an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object.
A mechanism that implements access control for a system resource by enumerating the system entities that are permitted to access the resource and stating, either implicitly or explicitly, the access modes granted to each entity.

Question 59

What is an Agent?

Accepted Answer

A host-based intrusion detection and prevention program that monitors and analyzes activity and may also perform prevention actions.

Question 60

What is an airlink status?

Accepted Answer

An airlink status is the state of a radio link in mobile communications over which a particular data session is transmitted.

Question 61

What is an Alert?

Accepted Answer

Notification that a specific attack has been directed at an organization’s information systems.

Question 62

What is an Analyzer?

Accepted Answer

The function of an IDS that applies analytical processes to collected IDS data in order to derive conclusions about potential or actual intrusions.

Question 63

What is an APN?

Accepted Answer

APN (Access Point Name) is the name of an access point for GPRS that identifies an IP network to which a mobile device can be linked. An APN can be public (providing mobile access to the Internet) or private (providing mobile access to a company intranet, for example). The SIM card in a cell phone, for example, is configured with the service provider APN.

Question 64

What is an Application Layer DDoS Attack?

Accepted Answer

Application layer DDoS attacks are designed to attack the application itself, focusing on specific vulnerabilities or issues, resulting in the application not being able to deliver content to the user. Application layer DDoS attacks are designed to attack specific applications, the most common is web servers, but can include any application such SIP voice services and BGP.

Learning Center

In-depth guides and blogs written by talented network and security experts.

Learn About Cybersecurity

Learn About Network Monitoring

Learn About DDoS Attacks

Learn About Mobile Network Monitoring and 5G

F-L

What is an Incident?

What is an Incident of Attack?

What is Incident Response (IR)?

What is an Incident Response Plan?

What is an Indicator of Attack?

What is an Indicator of Compromise?

Cybersecurity Awareness Month