Network + Flash Cards 3

501. printer

"Printer" is often used to mean "print device" but also refers to a term used to describe the software components of a printing solution. The printer is the object that Windows sends output to. It consists of a spool directory, a printer driver, and configuration information.

502. structured query language (SQL)

Programming and query language common to many relational database management systems.

503. Simple Mail Transfer Protocol (SMTP)

Application protocol used to send mail between hosts on the Internet. Messages are sent between servers over TCP port 25 or submitted by a mail client over secure port TCP/587.

504. Post Office Protocol (POP)

Application protocol that enables a client to download email messages from a server mailbox to a client over port TCP/110 or secure port TCP/995.

505. Internet Message Access Protocol (IMAP)

Application protocol providing a means for a client to access and manage email messages stored in a mailbox on a remote server. IMAP4 utilizes TCP port number 143, while the secure version IMAPS uses TCP/993.

506. Voice over IP (VoIP)

Generic name for protocols that carry voice traffic over data networks.

507. plain old telephone service (POTS)

Parts of telephone network "local loop" that use voice-grade cabling. Analog data transfer over POTS using dial-up modems is slow (33.3Kbps).

508. private branch exchange (PBX)

Routes incoming calls to direct dial numbers and provides facilities such as voice mail, Automatic Call Distribution (ACD), and Interactive Voice Response (IVR). A PBX can also be implemented as software (virtual PBX). An IP-based PBX or hybrid PBX allows use of VoIP.

509. Session Initiation Protocol (SIP)

Application protocol used to establish, disestablish, and manage VoIP and conferencing communications sessions. It handles user discovery (locating a user on the network), availability advertising (whether a user is prepared to receive calls), negotiating session parameters (such as use of audio/ video), and session management and termination.

510. VoIP phones

Handset or software client that implements a type of voice over Internet Protocol (VoIP) to allow a user to place and receive calls.

511. voice gateway

Means of translating between a VoIP system and legacy voice equipment and networks.

512. terminal emulator

Software that reproduces text input and output for a given command shell or OS.

513. Secure Shell (SSH)

Application protocol supporting secure tunneling and remote terminal emulation and file copy. SSH runs over TCP port 22.

514. Telnet

Application protocol supporting unsecure terminal emulation for remote host management. Telnet runs over TCP port 23.

515. Remote Desktop Protocol (RDP)

Application protocol for operating remote connections to a host using a graphical interface. The protocol sends screen data from the remote host to the client and transfer mouse and keyboard input from the client to the remote host. It uses TCP port 3389.

516. Network Time Protocol (NTP)

Application protocol allowing machines to synchronize to the same time clock that runs over UDP port 123.

517. performance metrics

Measurement of a value affecting system performance, such as CPU or memory utilization.

518. bottleneck

Troubleshooting issue where performance for a whole network or system is constrained by the performance of a single link, device, or subsystem.

519. performance baseline

Estimated performance or stability of a service based on historical information or vendor guidance.

520. sensor

Device that can report environmental conditions such as temperature or chassis intrusion to a monitoring system.

521. Simple Network Management Protocol (SNMP)

Application protocol used for monitoring and managing network devices. SNMP works over UDP ports 161 and 162 by default.

522. Syslog

Application protocol and event logging format enabling different appliances and software applications to transmit logs or event records to a central server. Syslog works over UDP port 514 by default.

523. logging level

Threshold for storing or forwarding an event message based on its severity index or value.

524. Quality of Service (QoS)

Systems that differentiate data passing over the network that can reserve bandwidth for particular applications. A system that cannot guarantee a level of available bandwidth is often described as Class of Service (CoS).

525. Bandwidth

Generally used to refer to the amount of data that can be transferred through a connection over a given period. Bandwidth more properly means the range of frequencies supported by transmission media, measured in Hertz.

526. Latency

The time it takes for a signal to reach the recipient. A video application can support a latency of about 80 ms, while typical latency on the Internet can reach 1000 ms at peak times. Latency is a particular problem for 2-way applications, such as VoIP (telephone) and online conferencing.

527. Jitter

Variation in the time it takes for a signal to reach the recipient. Jitter manifests itself as an inconsistent rate of packet delivery. If packet loss or delay is excessive, then noticeable audio or video problems (artifacts) are experienced by users.

528. Differentiated Services (DiffServ)

Header field used to indicate a priority value for a layer 3 (IP) packet to facilitate Quality of Service (QoS) or Class of Service (CoS) scheduling.

529. 802.1p

IEEE standard defining a 3-bit (0 to 7) class of service priority field within the 802.1Q format format.

530. Traffic shapers

Appliances and/or software that enable administrators to closely monitor network traffic and to manage that network traffic. The primary function of a traffic shaper is to optimize network media throughput to get the most from the available bandwidth.

531. iperf

Utility used to measure the bandwidth achievable over a network link.

532. bandwidth speed tester

Hosted utility used to measure actual speed obtained by an Internet link to a representative server or to measure the response times of websites from different locations on the Internet.

533. NetFlow

Cisco-developed means of reporting network flow information to a structured database. NetFlow allows better understanding of IP traffic flows as used by different network applications and hosts.

534. interface statistics

Metrics recorded by a host or switch that enable monitoring of link state, resets, speed, duplex setting, utilization, and error rates.

535. interface errors

Troubleshooting issue where an interface reports packet errors due to frame corruption and other factors.

536. CIA Triad

Three principles of security control and management. Also known as the information security triad. Also referred to in reverse order as the AIC triad.

537. Vulnerability

Weakness that could be triggered accidentally or exploited intentionally to cause a security breach.

538. Threat

Potential for an entity to exercise a vulnerability (that is, to breach security).

539. Risk

Likelihood and impact (or consequence) of a threat actor exercising a vulnerability.

540. Posture assessment

Process for verifying compliance with a health policy by using host health checks.

541. mission essential function (MEF)

Business or organizational activity that is too critical to be deferred for anything more than a few hours, if at all.

542. Business impact analysis (BIA)

Systematic activity that identifies organizational risks and determines their effect on ongoing, mission critical operations.

543. exploit

Specific method by which malware code infects a target host, often via some vulnerability in a software process.

544. zero-day

Vulnerability in software that is unpatched by the developer or an attack that exploits such a vulnerability.

545. vulnerability assessment

Evaluation of a system's security and ability to meet compliance requirements based on the configuration state of the system, as represented by information collected from the system.

546. Common Vulnerabilities and Exposures (CVE)

Scheme for identifying vulnerabilities developed by MITRE and adopted by NIST.

547. Security Information and Event Management (SIEM)

Solution that provides real-time or near-real-time analysis of security alerts generated by network hardware and applications.

548. penetration testing

Test that uses active tools and security utilities to evaluate security by simulating an attack on a system. A pen test will verify that a threat exists, then will actively test and bypass security controls, and will finally exploit vulnerabilities on the system.

549. Least privilege

Basic principle of security stating that something should be allocated the minimum necessary rights, privileges, or information to perform its role.

550. Role-based access

Access control model where resources are protected by ACLs that are managed by administrators and that provide user permissions based on job functions.

551. Zero trust

Security design paradigm where any request (host-to-host or container-to-container) must be authenticated before being allowed.

552. Vendor management

Policies and procedures to identify vulnerabilities and ensure security of the supply chain.

553. access control list (ACL)

Collection of access control entries (ACEs) that determines which subjects (user accounts, host IP addresses, and so on) are allowed or denied access to the object and the privileges given (read only, read/write, and so on).

554. multifactor

Authentication scheme that requires the user to present at least two different factors as credentials, from something you know, something you have, something you are, something you do, and somewhere you are. Specifying two factors is known as 2FA.

555. local authentication

OS subsystem that authenticates users when they attempt to start a shell on the host.

556. hashes

Function that converts an arbitrary length string input to a fixed length string output. A cryptographic hash function does this in a way that reduces the chance of collisions, where two different inputs produce the same output.

557. single sign-on (SSO)

Authentication technology that enables a user to authenticate once and receive authorizations for multiple services.

558. Kerberos

Single sign-on authentication and authorization service that is based on a time-sensitive ticket-granting system.

559. digital certificate

Identification and authentication information presented in the X.509 format and issued by a Certificate Authority (CA) as a guarantee that a key pair (as identified by the public key embedded in the certificate) is valid for a particular subject (user or host).

560. Public key infrastructure (PKI)

Framework of certificate authorities, digital certificates, software, services, and other cryptographic components deployed for the purpose of validating subject identities.

561. Extensible Authentication Protocol (EAP)

Framework for negotiating authentication methods that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication, and establish secure tunnels through which to submit credentials.

562. IEEE 802.1X Port-based Network Access Control (NAC)

Standard for encapsulating EAP communications over a LAN (EAPoL) to implement port-based authentication.

563. Remote Authentication Dial-in User Service (RADIUS)

AAA protocol used to manage remote and wireless authentication infrastructures.

564. Terminal Access Controller Access Control System (TACACS+)

AAA protocol developed by Cisco that is often used to authenticate to administrator accounts for network appliance management.

565. Lightweight Directory Access Protocol (LDAP)

Network protocol used to access network directory databases, which store information about authorized users and their privileges, as well as other organizational information.

566. network segmentation enforcement

Enforcing a security zone by separating a segment of the network from access by the rest of the network. This could be accomplished using firewalls or VPNs or VLANs. A physically separate network or host (with no cabling or wireless links to other networks) is referred to as air-gapped.

567. screened subnet

Segment isolated from the rest of a private network by one or more firewalls that accepts connections from the Internet over designated ports.

568. firewall

Software or hardware device that protects a system or network by blocking unwanted network traffic.

569. proxy server

Server that mediates the communications between a client and another server. It can filter and often modify communications, as well as provide caching services to improve performance.

570. Port Address Translation (PAT)

Maps private host IP addresses onto a single public IP address. Each host is tracked by assigning it a random high TCP port for communications.

571. defense in depth

Security strategy that positions the layers of network security as network traffic roadblocks; each layer is intended to slow an attack's progress, rather than eliminating it outright.

572. Network Access Control (NAC)

General term for the collected protocols, policies, and hardware that authenticate and authorize access to a network at the device level.

573. honeypot

Host, network, or file set up with the purpose of luring attackers away from assets of actual value and/or discovering attack strategies and weaknesses in the security configuration.

574. Separation of duties

Security policy concept that states that duties and responsibilities should be divided among individuals to prevent ethical conflicts or abuse of powers.

575. intrusion detection system (IDS)

Security appliance or software that uses passive hardware sensors to monitor traffic on a specific segment of the network.

576. intrusion prevention system (IPS)

Security appliance or software that combines detection capabilities with functions that can actively block attacks.

577. Bring Your Own Device (BYOD)

Security framework and tools to facilitate use of personally-owned devices to access corporate networks and data.

578. 802.11 standards

IEEE standards for wireless networking based on spread spectrum radio transmission in the 2.4 GHz and 5 GHz bands. The standard, known as Wi-Fi, has six main iterations: a, b, g, Wi-Fi 4 (n), Wi--Fi 5 (ac), and Wi-Fi 6 (ax). These specify different modulation techniques, supported distances, and data rates, plus special features, such as channel bonding, MIMO, and MU-MIMO.

579. Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)

Mechanism used by 802.11 Wi-Fi standards to cope with contention over the shared access media.

580. frequency band

Portion of the radio frequency spectrum in which wireless products operate, such as 2.4 GHz band or 5 GHz band.

581. channel

Subdivision of frequency bands used by Wi-Fi products into smaller channels to allow multiple networks to operate at the same location without interfering with one another.

582. Multiple Input Multiple Output (MIMO)

Use of multiple reception and transmission antennas to boost bandwidth via spatial multiplexing and to boost range and signal reliability via spatial diversity.

583. channel bonding

Capability to aggregate one or more adjacent channels to increase bandwidth.

584. Multiuser MIMO (MU-MIMO)

Use of spatial multiplexing to connect multiple MU-MIMO-capable stations simultaneously, providing the stations are not on the same directional path.

585. cellular radio

Mobile telephony standards divided into 2G (GSM; up to about 14 Kbps), 2.5G (GPRS, HSCSD, and EDGE; up to about 48 Kbps), and 3G (WCDMA; up to about 2 Mbps).

586. Global System for Mobile Communication (GSM)

Standard for cellular radio communications and data transfer. GSM phones use a SIM card to identify the subscriber and network provider. 4G and later data standards are developed for GSM.

587. Code Division Multiple Access (CDMA)

Method of multiplexing a communications channel using a code to key the modulation of a particular signal. CDMA is associated with Sprint and Verizon cellular phone networks.

588. Long Term Evolution (LTE)

Packet data communications specification providing an upgrade path for both GSM and CDMA2000 cellular networks. LTE Advanced is designed to provide 4G standard network access.

589. access point (AP)

Device that provides a connection between wireless devices and can connect to wired networks, implementing an infrastructure mode WLAN.

590. Basic Service Set Identifier (BSSID)

MAC address of an access point supporting a basic service area.

591. Service Set Identifier (SSID)

Character string that identifies a particular wireless LAN (WLAN).

592. Extended SSID (ESSID)

Network name configured on multiple access points to form an extended service area.

593. site survey

Documentation about a location for the purposes of building an ideal wireless infrastructure; it often contains optimum locations for wireless antenna and access point placement to provide the required coverage for clients and identifying sources of interference.

594. heat map

In a Wi-Fi site survey, a diagram showing signal strength and channel uitilization at different locations.

595. roam

WLAN configured with multiple access points in an extended service set allowing clients to remain connected to the network within an extended service area.

596. wireless LAN controller

Device that provides wireless LAN management for multiple APs.

597. fat AP

Access point whose firmware contains enough processing logic to be able to function autonomously and handle clients without the use of a wireless controller.

598. thin AP

Access point that requires a wireless controller in order to function.

599. Independent Basic Service Set (IBSS)

Type of wireless network where connected devices communicate directly with each other instead of over an established medium.

600. radio frequency (RF) attenuation

Loss of signal strength due to distance and environmental factors.

601. Received Signal Strength Indicator (RSSI)

Signal strength as measured at the receiver, using either decibel units or an index value.

602. Wi-Fi analyzer

Device or software that can report characteristics of a WLAN, such as signal strength and channel utilization.

603. antenna type

Specially arranged metal wires that can send and receive radio signals, typically implemented as either an omnidirectional or a unidirectional type.

604. Polarization

Orientation of the wave propagating from an antenna.

605. antenna cable attenuation

Signal loss caused by an external antenna connected to an access point over cabling.

606. Effective Isotropic Radiated Power (EIRP)

Signal strength from a transmitter, measured as the sum of transmit power, antenna cable/connector loss, and antenna gain.

607. Co-channel interference (CCI)

Troubleshooting issue where access points within range of one another are configured to use the same channel, causing increased contention.

608. Adjacent channel interference (ACI)

Troubleshooting issue where access points within range of one another are configured to use different but overlapping channels, causing increased noise.

609. spectrum analyzer

Device that can detect the source of interference on a wireless network.

610. Wi-Fi Protected Access (WPA)

Standards for authenticating and encrypting access to Wi-Fi networks.

611. pre-shared key (PSK)

Wireless network authentication mode where a passphrase-based mechanism is used to allow group authentication to a wireless network. The passphrase is used to derive an encryption key.

612. Simultaneous Authentication of Equals (SAE)

Personal authentication mechanism for Wi-Fi networks introduced with WPA3 to address vulnerabilities in the WPA-PSK method.

613. enterprise authentication

Wireless network authentication mode where the access point acts as pass-through for credentials that are verified by an AAA server.

614. disassociation

Management frame handling process by which a station is disconnected from an access point.

615. open authentication

Wireless network authentication mode where guest (unauthenticated) access is permitted.

616. captive portal

Web page or website to which a client is redirected before being granted full network access.

617. demarcation point

Location that represents the end of the access provider’s network (and therefore their responsibility for maintaining it). The demarc point is usually at the Minimum Point of Entry (MPOE). If routing equipment cannot be installed at this location, demarc extension cabling may need to be laid.

618. T-carrier

System was developed by Bell Labs to allow multiple calls to be placed on a single cable. Each 64 Kbps channel provides enough bandwidth for a voice communication session and is known as a DS0 or a Kilostream link. Channels can be multiplexed over a leased line to provide more bandwidth (T1, T2, T3, and so on).

619. smartjack

Termination point for an access provider’s cabling, also referred to as the Network Interface Unit (NIU).

620. Channel Service Unit/Data Service Unit (CSU/DSU)

Appliance or WAN interface card providing connectivity to a digital circuit. The DSU encodes the signal from Data Terminal Equipment (DTE)-a PBX or router-to a signal that can be transported over the cable. The CSU is used to perform diagnostic tests on the line.

621. Digital subscriber line (DSL)

Carrier technology to implement broadband Internet access for subscribers by transferring data over voice-grade telephone lines. There are various "flavors" of DSL, notably S(ymmetric)DSL, A(symmetric)DSL, and V(ery HIgh Bit Rate)DSL.

622. cable modem

Cable Internet access digital modem that uses a coaxial connection to the service provider's fiber optic core network.

623. metro-optical

City-wide fiber optic networks enabling Carrier Ethernet virtual private networks and WAN links and "full fiber" Internet access.

624. passive optical network (PON)

Technology based on DWDM to provision "near" fiber Internet access solutions (FTTx - Fiber to the Home, Fiber to the Curb, and so on).

625. Satellite

System of microwave transmissions where orbital satellites relay signals between terrestrial receivers or other orbital satellites. Satellite internet connectivity is enabled through a reception antenna connected to the PC or network through a DVB-S modem.

626. virtual private network (VPN)

Secure tunnel created between two endpoints connected via an unsecure transport network (typically the Internet).

627. Point-to-Point Protocol (PPP)

Dial-up protocol working at layer 2 (Data Link) used to connect devices remotely to networks.

628. Generic Routing Encapsulation (GRE)

Tunneling protocol allowing the transmission of encapsulated frames or packets from different types of network protocol over an IP network.

629. Split tunnel

VPN configuration where only traffic for the private network is routed via the VPN gateway.

630. Full tunnel

VPN configuration where all traffic is routed via the VPN gateway.

631. Virtual Network Computing (VNC)

Remote access tool and protocol. VNC is the basis of macOS screen sharing.

632. HTML5 VPN or clientless VPN

Using features of HTML5 to implement remote desktop/VPN connections via browser software (clientless).

633. VPN headend

Appliance that incorporates advanced encryption and authentication methods in order to handle a large number of VPN tunnels, often in hub and spoke site-to-site VPN topologies.

634. dynamic multipoint VPN (DMVPN)

Software-based mechanism that allows VPNs to be built and deleted dynamically.

635. Internet Protocol Security (IPSec)

Network protocol suite used to secure data through authentication and encryption as the data travels across the network or the Internet.

636. Authentication Header (AH)

IPSec protocol that provides authentication for the origin of transmitted data as well as integrity and protection against replay attacks.

637. Encapsulating Security Payload (ESP)

IPSec sub-protocol that enables encryption and authentication of the header and payload of a data packet.

638. Internet Key Exchange (IKE)

Framework for creating a Security Association (SA) used with IPSec. An SA establishes that two hosts trust one another (authenticate) and agree secure protocols and cipher suites to use to exchange data.

639. out-of-band (OOB)

Accessing the administrative interface of a network appliance using a separate network from the usual data network. This could use a separate VLAN or a different kind of link, such as a dial-up modem.

640. configuration baseline

Settings for services and policy configuration for a network appliance or for a server operating in a particular application role (web server, mail server, file/print server, and so on)

641. change management

Process for approving, preparing, supporting, and managing new or updated business processes or technologies.

642. standard operating procedure (SOP)

Documentation of best practice and work instructions to use to perform a common administrative task.

643. audit report

Detailed and specific evaluation of a process, procedure, organization, job function, or system, in which results are gathered and reported to ensure that the target of the audit is in compliance with the organization's policies, regulations, and legal responsibilities.

644. system life cycle

Method to track the life cycle phases of one or more hardware, service, or software systems in your organization.

645. floor plan

Documentation detailing site premises using an accurate scale.

646. wiring diagram

Documentation of connector pinouts and/or cable runs.

647. Main Distribution Frame (MDF)

Passive wiring panel providing a central termination point for cabling. A MDF distributes backbone or "vertical" wiring through a building and connections to external access provider networks.

648. Intermediate Distribution Frame (IDF)

Passive wiring panel providing a central termination point for cabling. An IDF is an optional layer of distribution frame hierarchy that cross-connects "vertical" backbone cabling to an MDF to "horizontal" wiring to wall ports on each floor of a building or each building of a campus network.

649. rack

Storage solution for server and network equipment. Racks are designed to a standard width and height (measured in multiples of 1U or 1.75"). Racks offer better density, cooling, and security than ordinary office furniture.

650. incident response plan

Procedures and guidelines covering appropriate priorities, actions, and responsibilities in the event of security incidents, divided into preparation, detection/analysis, containment, eradication/recovery, and post-incident stages.

651. disaster recovery plan (DRP)

Documented and resourced plan showing actions and responsibilities to be used in response to critical incidents.

652. business continuity plan (BCP)

Collection of processes that enable an organization to maintain normal business operations in the face of some adverse event.

653. Onboarding

Process of bringing in a new employee, contractor, or supplier.

654. Offboarding

Process of ensuring that all HR and other requirements are covered when an employee leaves an organization.

655. password policy

Security policy that promotes user selection of strong passwords by specifying a minimum password length, requiring complex passwords, requiring periodic password changes, and placing limits on reuse of passwords.

656. acceptable use policy (AUP)

Policy that governs employees' use of company equipment and Internet services. ISPs may also apply AUPs to their customers.

657. Data loss prevention (DLP)

Software solution that detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks.

658. service level agreement (SLA)

Agreement that sets the service requirements and expectations between a consumer and a provider.

659. non-disclosure agreement (NDA)

Agreement that stipulates that entities will not share confidential information, knowledge, or materials with unauthorized third parties.

660. memorandum of understanding (MOU)

Usually a preliminary or exploratory agreement to express an intent to work together that is not legally binding and does not involve the exchange of money.

661. Badge reader

Authentication mechanism that allows a user to present a smartcard to operate an entry system.

662. Biometric

Authentication mechanism that allows a user to perform a biometric scan to operate an entry or access system. Physical characteristics stored as a digital data template can be used to authenticate a user. Typical features used include facial pattern, iris, retina, or fingerprint pattern, and signature recognition.

663. access control vestibule

Secure entry system with two gateways, only one of which is open at any one time

664. Radio Frequency ID (RFID)

Means of encoding information into passive tags, which can be easily attached to devices, structures, clothing, or almost anything else.

665. factory reset

Standard routine created by manufacturer that can be invoked to restore an appliance to its shipped state, clearing any user customization, configuration, or modification.

666. data remnants

Leftover information on a storage medium even after basic attempts have been made to remove that data.

667. sanitization

Process of thoroughly and completely removing data from a storage medium so that file remnants cannot be recovered.

668. Secure Erase (SE)

Method of sanitizing a drive using the ATA command set.

669. Instant Secure Erase (ISE)

Media sanitization command built into HDDs and SSDs that are self-encrypting that works by erasing the encryption key, leaving remnants unrecoverable.

670. Internet of Things (IoT)

Devices that can report state and configuration data and be remotely managed over IP networks.

671. physical access control system (PACS)

Components and protocols that facilitate the centralized configuration and monitoring of security mechanisms within offices and data centers.

672. industrial control system (ICS)

Network managing embedded devices (computer systems that are designed to perform a specific, dedicated function).

673. supervisory control and data acquisition (SCADA)

Type of industrial control system that manages large-scale, multiple-site devices and equipment spread over geographically large areas from a host computer.

674. Z-Wave

Low-power wireless communications protocol used primarily for home automation. Z-Wave uses radio frequencies in the high 800 to low 900 MHz and a mesh topology.

675. Zigbee

Low-power wireless communications open source protocol used primarily for home automation. ZigBee uses radio frequencies in the 2.4 GHz band and a mesh topology.

676. High availability

Metric that defines how closely systems approach the goal of providing data availability 100 percent of the time while maintaining a high level of system performance.

677. Maximum Tolerable Downtime (MTD)

Longest period that a process can be inoperable without causing irrevocable business failure.

678. Recovery time objective (RTO)

Maximum time allowed to restore a system after a failure event.

679. Work Recovery Time (WRT)

In disaster recovery, time additional to the RTO of individual systems to perform reintegration and testing of a restored or upgraded system following an event.

680. Recovery Point Objective (RPO)

Longest period that an organization can tolerate lost data being unrecoverable.

681. Mean Time Between Failures (MTBF)

Metric for a device or component that predicts the expected time between failures.

682. Mean Time to Failure (MTTF)

Metric indicating average time a device or component is expected to be in operation.

683. Mean Time to Repair (MTTR)

Metric representing average time taken for a device or component to be repaired, replaced, or otherwise recover from a failure.

684. hot site

Fully configured alternate processing site that can be brought online either instantly or very quickly after a disaster.

685. warm site

Alternate processing location that is dormant or performs noncritical functions under normal conditions, but which can be rapidly converted to a key operations site if needed.

686. cold site

Predetermined alternate location where a network can be rebuilt after a disaster.

687. HVAC (Heating, Ventilation, Air Conditioning)

Control systems that maintain an optimum heating, cooling, and humidity level working environment for different parts of the building.

688. power distribution unit (PDU)

Advanced strip socket that provides filtered output voltage. A managed unit supports remote administration.

689. uninterruptible power supply (UPS)

Battery-powered device that supplies AC power that an electronic device can use in the event of power failure.

690. generator

Standby power supply fueled by diesel or propane. In the event of a power outage, a UPS must provide transitionary power, as a backup generator cannot be cut-in fast enough.

691. Multipathing

Overprovisioning controllers and cabling so that a host has failover connections to networks and storage media.

692. Diverse paths

Provisioning failover Internet access links that will not be affected by the same disaster event.

693. NIC teaming

Two or more NIC aggregated into a single channel link for fault tolerance and increased throughput. Also known as NIC bonding.

694. load balancer

Type of switch, router, or software that distributes client requests between different resources, such as communications links or similarly-configured servers. This provides fault tolerance and improves throughput

695. clustering

Load balancing technique where a group of servers are configured as a unit and work together to provide network services.

696. virtual IP

Public address of a load balanced cluster that is shared by the devices implementing the cluster.

697. first hop redundancy protocol (FHRP)

Provisioning failover routers to serve as the default gateway for a subnet.

698. enumeration

Attack that aims to list resources on the network, host, or system as a whole to identify potential targets for further attack.

699. spoofing

Attack technique where the threat actor disguises their identity or impersonates another user or resource

700. denial of service (DoS)

Any type of physical, application, or network attack that affects the availability of a managed resource.

701. on-path

Attack where the threat actor makes an independent connection between two victims and is able to read and possibly modify traffic.

702. DNS poisoning

Attack where a threat actor injects false resource records into a client or server cache to redirect a domain name to an IP address of the attacker's choosing.

703. VLAN hopping

Exploiting a misconfiguration to direct traffic to a different VLAN without authorization.

704. rogue access point

Wireless access point that has been enabled on the network without authorization

705. evil twin

Wireless access point that deceives users into believing that it is a legitimate network access point.

706. deauthentication attack

Spoofing frames to disconnect a wireless station to try to obtain authentication data to crack.

707. distributed DoS (DDoS)

Attack that involves the use of infected Internet-connected computers and devices to disrupt the normal flow of traffic of a server or service by overwhelming the target with traffic

708. botnet

Group of hosts or devices that have been infected by a control program called a bot that enables attackers to exploit the hosts to mount attacks.

709. command and control (C-and-C or C2)

Infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets.

710. malware

Software that serves a malicious purpose, typically installed without the user's consent (or knowledge).

711. Ransomware

Malware that tries to extort money from the victim by encrypting the victim’s files and demanding payment.

712. Dictionary

Type of password attack that compares encrypted passwords against a predetermined list of possible password values.

713. Brute force

Type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack encrypted passwords.

714. Social engineering

Activity where the goal is to use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines.

715. Phishing

Email-based social engineering attack, in which the attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim.

716. shoulder surfing

Social engineering tactic to obtain someone's password or PIN by observing him or her as he or she types it in.

717. Tailgating

Social engineering technique to gain access to a building by following someone who is unaware of their presence.

718. Piggybacking

Allowing a threat actor to enter a site or controlled location without authorization.

719. hardening

Process of making a host or app configuration secure by reducing its attack surface, through running only necessary services, installing monitoring software to protect against malware and intrusions, and establishing a maintenance schedule to ensure the system is patched to be secure against software exploits

720. MAC filtering

Applying an access control list to a switch or access point so that only clients with approved MAC addresses can connect to it.

721. DHCP snooping

Switchport protection mechanism that blocks DHCP offers from unauthorized sources.

722. Router Advertisement (RA) Guard

Switchport security feature to block router advertisement packets from unauthorized sources.

723. Port security

Preventing a device attached to a switch port from communicating on the network unless it matches a given MAC address or other protection profile.

724. private VLAN (PVLAN)

Method of isolating hosts to prevent hosts within the same VLAN from communicating directly.

725. default VLAN

Default VLAN ID (1) for all unconfigured switch ports.

726. native VLAN

VLAN ID used for any untagged frames received on a trunk port. The same ID should be used on both ends of the trunk and the ID should not be left as the default VLAN ID (1).

727. implicit deny

Firewall ACL rule configured by default to block any traffic not matched by previous rules

728. explicit deny

Firewall ACL rule configured manually to block any traffic not matched by previous rules.

729. iptables

Command-line utility for configuring the netfilter firewall implemented in the Linux kernel.

730. control plane policing

Security methods to prevent DoS attacks against a route processor over control or management plane protocols and packets.

731. Geofencing

Security control that can enforce a virtual boundary based on real-world geography.

732.Scalability

Property by which a computing environment is able to gracefully fulfill its ever increasing resource needs.

733. Elasticity

Property by which a computing environment can instantly react to both increasing and decreasing demands in workload.

734. cloud deployment models

Classifying the ownership and management of a cloud as public, private, community, or hybrid.

735. Infrastructure as a Service (IaaS)

Cloud service model that provisions virtual machines and network infrastructure.

736. Software as a Service (SaaS)

Cloud service model that provisions fully developed application services to users.

737. Platform as a Service (PaaS)

Cloud service model that provisions application and database services as a platform for development of apps.

738. Desktop as a Service (DaaS)

Cloud service model that provisions desktop OS and applications software.

739. infrastructure as code (IaC)

Provisioning architecture in which deployment of resources is performed by scripted automation and orchestration.

740. Automation

Using scripts and APIs to provision and deprovision systems without manual intervention.

741. orchestration

Automation of multiple coordinated steps in a deployment process.

742. cloud responsibility matrix

Documentation listing which security and management tasks are the responsibility of the cloud provider and which are the responsibility of the cloud consumer.

743. hypervisor

Software or firmware that creates and manages virtual machines on the host hardware.

744. Network Function Virtualization (NFV)

Provisioning virtual network appliances, such as switches, routers, and firewalls, via VMs and containers.

745. storage area network (SAN)

Network dedicated to provisioning storage resources, typically consisting of storage devices and servers connected to switches via host bus adapters.

746. Fibre Channel

High speed network communications protocol used to implement SANs.

747. Fibre Channel over Ethernet (FCoE)

Standard allowing for a mixed use Ethernet network with both ordinary data and storage network traffic

748. Internet Small Computer System Interface (iSCSI)

IP tunneling protocol that enables the transfer of SCSI data over an IP-based network to create a SAN.

749. east-west traffic

Design paradigm accounting for the fact that data center traffic between servers is greater than that passing in and out (north-south).

750. overlay network

Network protocols that use encapsulation to provision virtual tunnels and networks without requiring reconfiguration of the underlying transport network.

751. Software defined networking (SDN)

APIs and compatible hardware/virtual appliances allowing for programmable network appliances and systems.

752. spine and leaf topology

Topology commonly used in datacenters comprising a top tier of aggregation switches forming a backbone for a leaf tier of top-of-rack switches.

753. top-of-rack (ToR)

High-performance switch model designed to implement the leaf tier in a spine and leaf topology.

754. Colocation

Deploying private servers, network appliances, and interconnects to a hosted datacenter facility shared with other customers.

755. Multiprotocol Label Switching (MPLS)

"Layer 2.5" network protocol used by service providers to implement WAN access links and virtual private networks with traffic engineering (congestion control), Class of Service, and Quality of Service.

756. software-defined WAN (SD-WAN)

Services that use software-defined mechanisms and routing policies to implement virtual tunnels and overlay networks over multiple types of transport network.