Question 1

What are Compensating Controls?

Accepted Answer

The management, operational, and technical controls (i.e., safeguards or countermeasures) employed by an organization in lieu of the recommended controls in the low, moderate, or high baselines, that provide equivalent or comparable protection for an information system.

Question 2

What are Countermeasures?

Accepted Answer

Actions, devices, procedures, techniques, or other measures that reduce the vulnerability of an information system. Synonymous with security controls and safeguards.

Question 3

What is 3G?

Accepted Answer

3G (Third Generation GSM) is often another name for UMTS (Universal Mobile Telecommunications System), a third generation mobile communications system. The 3GSM name emphasizes the combination of the 3G nature of the technology and the GSM standard that it is designed to succeed.

Question 4

What is 4G?

Accepted Answer

4G (Fourth Generation) is the fourth generation of mobile telecommunications technology. 4G adds mobile ultra- broadband internet access to mobile devices in addition to the usual voice and other data services provided by the earlier third generation (3G) technology. Two formats considered as 4G technologies are Mobile WiMAX and LTE.

Question 5

What is 6G?

Accepted Answer

6G is the sixth generation of wireless technology, will start where the 5G specifications end. A new generation happens about every 10 years, and 6g technology is expected to be available 2030. 6G is predicted to operate in higher frequencies–the terahertz (THz) spectrum–with lower latency than 5G. Because transmitting in the THz frequencies is best for short ranges only, cellular networks might become mesh networks using multiple base stations and smaller inexpensive antennas to create microcells that can be accessed concurrently by 6G devices, or by relying on smart devices and smart surfaces (internet of everything) as networking elements to create microcells, or some combination, leading to ambient connectivity. Mobile edge computing and core computing will certainly be completely integrated. Another theoretical solution is solving the full duplex transmission problem, which would allow two-way transmission on the same frequency, at the same time, doubling the capacity of current bandwidths. Using some or all of this new architecture, 6G networks are expected to support data rates of 1 terabit per second (Tbps), that’s 1,000,000 Mbps.

Question 6

What is a Bot?

Accepted Answer

An automated software program that operates as an agent for a user or another program, or simulates a human activity when it receives a specific input (like a ro-"bot").

Question 7

What is a Botnet?

Accepted Answer

A group of computers and/or embedded devices which have been compromised and subsumed into a centrally-controlled attack infrastructure used for malicious activities such as launching DDoS attacks, stealing confidential information, propagating malicious software, and/or other nefarious purposes.

Question 8

What is a Breach?

Accepted Answer

A security breach is any incident that results in unauthorized access of data, applications, services, networks and/or devices by bypassing their underlying security mechanisms. A security breach occurs when an individual or an application illegitimately enters a private, confidential or unauthorized logical IT perimeter.

Question 9

What is a Central Log Management System?

Accepted Answer

A system that allows the central collection of system event messages (i.e., system logs) from various computing devices.

Question 10

What is a Certificate?

Accepted Answer

A set of data that uniquely identifies an entity, contains the entity’s public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity. Additional information in the certificate could specify how the key is used and its crypto period.

Question 11

What is a Chain of Custody?

Accepted Answer

A process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date/time it was collected or transferred, and the purpose for the transfer.

Question 12

What is a Command and Control Server?

Accepted Answer

Computer systems which are used by attackers send commands and receive outputs of machines part of a botnet. Anytime attackers who wish to launch a DDoS attack can send special commands to their botnet’s C&C servers with instructions to perform an attack on a particular target, and any infected machines communicating with the contacted C&C server will comply by launching a coordinated attack.

Question 13

What is a Console?

Accepted Answer

A program that provides user and administrator interfaces to an intrusion detection and prevention system.

Question 14

What is a Data Breach?

Accepted Answer

A network breach is when unauthorized access to the network has occurred as a result of bypassing underlying security mechanisms. This could be someone coming through the firewall or entering the network via a phishing email.

A data breach happens after a network breach, when an individual or an application illegitimately enters a private, confidential or unauthorized logical IT perimeter and steals confidential or unauthorized data such as private consumer information, credit cards, IP etc.

Question 15

What is a Decoder?

Accepted Answer

A decoder that captures network packets.

Question 16

What is a Digital Signature?

Accepted Answer

An asymmetric key operation where the private key is used to digitally sign data and the public key is used to verify the signature. Digital signatures provide authenticity protection, integrity protection, and non-repudiation.

Question 17

What is a Distributed Denial of Service (DDoS) Attack?

Accepted Answer

DDoS attacks are programmatically-generated attacks intended to disrupt the availability of applications, services, data, content, and/or infrastructure to legitimate users of those entities. They are attacks against capacity and/or state, and are generated using multi-node botnets, bespoke attack harness infrastructure, and/or DDoS-for-hire services.

Question 18

What is a False Negative?

Accepted Answer

An instance in which an intrusion detection and prevention technology fails to identify malicious activity as being such.

Question 19

What is a False Positive?

Accepted Answer

An instance in which an intrusion detection and prevention technology incorrectly identifies benign activity as being malicious.

Question 20

What is a Hybrid Network?

Accepted Answer

Any computer network that uses more than one type of connecting technology or topology is a hybrid network.

Question 21

What is a private 5G network?

Accepted Answer

A private 5G network is a local area network (LAN) that will use 5G technologies to create a dedicated network with unified connectivity, optimized services, and a secure means of communication within a specific area. It will deliver the speed, latency and other benefits promised by 5G to support next-generation applications.

Question 22

What is a Probe?

Accepted Answer

A system component that monitors and analyzes network activity and may also perform prevention actions.

Question 23

What is a Sensor?

Accepted Answer

An intrusion detection and prevention system component that monitors and analyzes network activity and may also perform prevention actions.

Question 24

What is a Signature?

Accepted Answer

A recognizable, distinguishing pattern associated with an attack, such as a binary string in a virus or a particular set of keystrokes used to gain unauthorized access to a system.

Question 25

What is a SIM?

Accepted Answer

SIM (Subscriber Identity Module) is part of a removable integrated circuit smart card known as a SIM Card. They are used in mobile phones and mobile computers using hone connections to securely store the service-subscriber key (IMSI) used in identifying a subscriber. Since the SIM identifies the subscriber, not the device, a user can change phones by removing the SIM card from one mobile phone and inserting it into another mobile phone or broadband telephony device.

Question 26

What is a Threat Event?

Accepted Answer

An event or situation that has the potential for causing undesirable consequences or impact.

Question 27

What is a Threat?

Accepted Answer

Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

Question 28

What is a Threshold?

Accepted Answer

A value that sets the limit between normal and abnormal behavior.

Question 29

What is a Whitelist?

Accepted Answer

A list of discrete entities, such as hosts or applications, that are known to be benign.

Question 30

What is a Zero-Day Attack?

Accepted Answer

A previously-unknown attack vector which has been observed for the first time in the context of an actual attack, vs. being discovered and characterized by security researchers prior to its employment by attackers.

Question 31

What is A-CDM?

Accepted Answer

A-CDM is Adaptive Common Data Model, a more advanced version of the legacy Common Data Model. A-CDM provides metrics and KPI s from flow data for a perspective from the application point of view and network information for a view from the network perspective. The Adaptive CDM data set provides both points of view that are essential in fully understanding the user experience.

Question 32

What is Access Control Entry?

Accepted Answer

Access Control Entry (ACE) is a specific entry in an access control list.

Question 33

What is Access Control?

Accepted Answer

The process of granting or denying specific requests to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities (e.g., federal buildings, military establishments, and border crossing entrances).

Question 34

What is Advanced Persistent Threat (APT)?

Accepted Answer

An Advanced Persistent Threat (APT) is an adversary that possesses sophisticated levels of expertise and significant resources, which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives.

Question 35

What is an Access Control List?

Accepted Answer

An Access Control List (ACL) is

A list of permissions associated with an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object.
A mechanism that implements access control for a system resource by enumerating the system entities that are permitted to access the resource and stating, either implicitly or explicitly, the access modes granted to each entity.

Question 36

What is an Agent?

Accepted Answer

A host-based intrusion detection and prevention program that monitors and analyzes activity and may also perform prevention actions.

Question 37

What is an airlink status?

Accepted Answer

An airlink status is the state of a radio link in mobile communications over which a particular data session is transmitted.

Question 38

What is an Alert?

Accepted Answer

A notification of an important observed event.

Question 39

What is an Analyzer?

Accepted Answer

The function of an IDS that applies analytical processes to collected IDS data in order to derive conclusions about potential or actual intrusions.

Question 40

What is an APN?

Accepted Answer

APN (Access Point Name) is the name of an access point for GPRS that identifies an IP network to which a mobile device can be linked. An APN can be public (providing mobile access to the Internet) or private (providing mobile access to a company intranet, for example). The SIM card in a cell phone, for example, is configured with the service provider APN.

Question 41

What is an Attack Signature?

Accepted Answer

A characteristic byte pattern used in malicious code or an indicator, or set of indicators, that allows the identification of malicious network activities.

Question 42

What is an Encrypted Key?

Accepted Answer

A cryptographic key that has been encrypted using an Approved security function with a key encrypting key, a PIN, or a password in order to disguise the value of the underlying plaintext key.

Question 43

What is an Evasion?

Accepted Answer

Modifying the format or timing of malicious activity so that its appearance changes but its effect on the target is the same.

Question 44

What is an Event?

Accepted Answer

Any observable occurrence in a system and/or network. Events sometimes provide indication that an incident is occurring.

Question 45

What is an Exploit?

Accepted Answer

An Exploit is a technique (usually code) which targets a vulnerability to achieve access to information or cause an outage

Question 46

What is an Incident Response Plan?

Accepted Answer

The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber-attacks against an organization’s information system(s).

Question 47

What is an Incident?

Accepted Answer

A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices.

Question 48

What is an Indicator of Attack?

Accepted Answer

An Indicator of Attack (IOA) is differentiated from an Indicator of Compromise (q.v.) by quality and a lower incidence of false positives. It can be thought of as a higher quality indicator of a true attack. ASERT differentiates IOAs from IOCs on the basis of quality and insight. IOCs are mere indicators of malicious software, while IOAs from the Arbor perspective are high fidelity and help identify malice and intent in the form of Campaigns (i.e. directed, persistent efforts by a proven Attackers). An Indicator of Compromise (or IOC) is found normally in the context of a threat feed as an item shared that might lead to discovery of an exploit or malware. An IOC is the result of research by third parties or investigators who are observing and documenting rogue behavior of attackers and malware. IOCs typically produce high false positives (i.e. alarms that aren’t real). Related terms include IOA (q.v.) and Tactics, Techniques and Practices" (TTP). Controversy: IOA as a term was coined recently by Counterstrike (a Threat Intelligence provider) and as such is not as well-known as IO, may change definition readily and may lead to some confusion among vendors who try to co-opt the term (as Arbor has done).

Question 49

What is an Indicator of Compromise?

Accepted Answer

An Indicator of Compromise (or IOC) is found normally in the context of a threat feed as an item shared that might lead to discovery of an exploit or malware. An IOC is the result of research by third parties or investigators who are observing and documenting rogue behavior of attackers and malware. IOCs typically produce high false positives (i.e. alarms that aren’t real). Related terms include IOA (q.v.) and Tactics, Techniques and Practices" (TTP).

Question 50

What is an Inline Sensor?

Accepted Answer

A sensor deployed so that the network traffic it is monitoring must pass through it.

Question 51

What is Anomaly-Based Detection?

Accepted Answer

Detection and classification of network traffic conditions such as DDoS attacks via observed departures from established behavioral norms and traffic patterns.

Question 52

What is Antivirus Software

Accepted Answer

A program that monitors a computer or network to identify all major types of malware and prevent or contain malware incidents.

Question 53

What is Application-Based IDPS?

Accepted Answer

A host-based intrusion detection and prevention system that performs monitoring for a specific application service only, such as a Web server program or a database server program.

Question 54

What is Arbor Cloud?

Accepted Answer

A DDoS service that delivers a fully managed, best-practices hybrid defense from the data center to the cloud; all supported by the world's leading experts in DDoS attack mitigation. Arbor Cloud delivers an integrated, on-demand solution to both enterprises and service providers with comprehensive protection from modern, high-volume DDoS attacks that target bandwidth, “low and slow” attacks targeting applications and infrastructure, and concurrent, multi-vector attacks.

Question 55

What is Arbor Edge Defense (AED)?

Accepted Answer

AED is an inline security appliance deployed at the network perimeter (i.e. between router and firewall) that can automatically detect and block inbound threats (e.g. DDoS attacks, malware) and outbound malicious communication (i.e. C2, bad URLs) using unique, curated, ATLAS threat intelligence.

Question 56

What is ATLAS Intelligence Feed (AIF)?

Accepted Answer

AIF delivers policies and countermeasures that enable customers to quickly address attacks as part of an advanced threat. As new attack information is discovered, the ATLAS Intelligence Feed is updated, and changes are delivered automatically to Arbor products via subscription over a secured SSL connection arming them with the latest threat intelligence to thwart modern-day attacks or advanced threats.

Question 57

What is ATLAS Security Engineering Research Team (ASERT)?

Accepted Answer

NETSCOUT’s expert researchers and engineers charged with building the tools and front-line database to analyze malware at internet scale. ASERT provides context to the overall threat environment seen within ATLAS. NETSCOUT security engineers and researchers who investigate and characterize Internet-wide security trends, with a focus on DDoS attacks; discover and provide mitigation guidance for new DDoS attack vectors and attack campaigns; design new DDoS detection/classification/traceback/mitigation mechanisms; curate and deliver integrated, actionable DDoS threat intelligence via ATLAS; and serve as the apex of NETSCOUT mitigation support for complex, high-impact DDoS attacks.

Question 58

What is ATLAS?

Accepted Answer

NETSCOUT’s system process for collecting and analyzing Internet-wide security events. Active Threat Level Analysis System (ATLAS) delivers unparalleled visibility into the backbone networks at the core of the Internet. Network operators (including 90 percent of Tier 1 service providers) share statistics representing approximately one-third of all internet traffic. NETSCOUT Arbor correlates this and other data sets to provide intelligence giving organizations a broader perspective to better understand and react to the threats they face.

Question 59

What is Authorization?

Accepted Answer

Access privileges granted to a user, program, or process or the act of granting those privileges.

Question 60

What is Availability?

Accepted Answer

The most important aspect of information security, which focuses on maintaining the accessibility and resiliency of systems, applications, data, and infrastructure elements to authorized users in the face of attack. DDoS attacks are intended to have an adverse impact on availability.

Question 61

What is Beamforming?

Accepted Answer

New millimeter-wave 5G radios and edge computing combine to deliver ultra-low latency, high bandwidth, and reliability. A 5G cell site is about the size of a large suitcase and can be more easily installed compared with 4G/LTE.

Although the reach of 5G radios is not as far as 4G, being able to concentrate on a smaller area without wasting resources on an unused field can lead to more-efficient deployments. This 5G capability is called beamforming—the ability to concentrate bandwidth over a focused area such as a pop-up hospital, allowing health care workers to quickly adapt, monitor, and change treatments for patients.

Question 62

What is Blacklist?

Accepted Answer

A list of discrete entities, such as hosts or applications, that have been previously determined to be associated with malicious activity.

Question 63

What is BSC?

Accepted Answer

BSC (Base Station Controller) is the part of a mobile telephone network that handles allocation of radio channels, receives measurements from mobile phones, controls handovers from one base transceiver station (BTS) to another, and stores database information for all sites.

Question 64

What is Business Impact Analysis?

Accepted Answer

An analysis of an information system’s requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption.

Learning Center

In-depth guides and blogs written by talented network and security experts.

Learn About Cybersecurity

Learn About Network Monitoring

Learn About DDoS Attacks

Learn About Mobile Network Monitoring and 5G

Glossary of Terms

A-B

What is 3G?

What is 4G?

What is 6G?

What is A-CDM?

What is Access Control?

What is Access Control Entry?

Cybersecurity Awareness Month

In case you missed it...

Learning Center

In-depth guides and blogs written by talented network and security experts.

Learn About Cybersecurity

Learn About Network Monitoring

Learn About DDoS Attacks

Learn About Mobile Network Monitoring and 5G

Glossary of Terms

A-B

What is 3G?

What is 4G?

What is 6G?

What is A-CDM?

What is Access Control?

What is Access Control Entry?

Cybersecurity Awareness Month

In case you missed it...

More questions? Talk to an expert.