Test yourself on NIST definitions
Posted on
January 25, 2022
by
‍
The National Institute of Standards and Technology (NIST) has an IT glossary of terms.

When it comes to proposing standards and defining the language involved, few institutions compare in scale and scope to the National Institute of Standards and Technology (NIST), a U.S. government agency headquartered in Gaithersburg, Md. One issue the NIST grapples with on a daily basis is revising and updating its ever-burgeoning guide to IT terminology.

There is no end to the language that must be defined and catalogued in order to keep pace with the constantly expanding array of technology in use. As a guide for those trying to keep up with their bulletins and papers, the NIST maintains a massive glossary of terms β€” available online to serve your tech terminology needs β€” that must continually be added to.

Th NIST glossary contains acronyms, terms, and definitions extracted (verbatim) from final copies of their publications. As of this writing, there are 8,977 entries in the NIST glossary and the questions that follow are parsed from that useful resource.

Some of the entries are more obscure and others more common. The goal here was to select terms that are either new or have consistently been in use, and steer clear of terms that are one-offs or dated. Twenty-five questions based on the postings in the NIST glossary. In all cases, pick the best answer(s) to each question. The answers appear at the end of the questions. Good luck!

1. A graphics file you have been sent has been saved with a .docx extension when it is clearly not a Microsoft Word document. This constitutes a(n):
A. Mismatched addition
B. File name anomaly
C. Trojan horse
D. Strain annex

2. Which of the following is a data structure where the data is hashed and combined until there is a singular root hash that represents the entire structure?
A. Patricia root
B. Merkle tree
C. BPA hierarchy
D. Durbin Watson branch

3. Which of the following defines the property of a byte string as having its bytes positioned in order of decreasing significance (the first byte is the most significant byte and the last byte is the least significant)?
A. Marshaled
B. Stage-managed
C. Orchestrated
D. Big-endian

4. Which of the following is an electronic key that is used as input to the key expansion step to derive other keys?
A. Succession key
B. Cradle key
C. Derivation key
D. Lineage key

5. Which of the following is defined as a time-varying value that has at most a negligible chance of repeating?
A. Nonce
B. Seam
C. Stratum
D. Gradation

6. In which of the following is invalid data input into an application via the environment, or input by one process into another process, to see how it responds?
A. Fuzz testing
B. Milking
C. Force feeding
D. Jamming

7. Which of the following is defined as the set of points on the boundary of a system, a system element, or an environment where an attacker can try to enter, cause an effect on, or extract data from, that system, system element, or environment?
A. Perimeter weakness
B. Total exposure
C. Attack surface
D. Standard fault

8. Which of the following measures the likelihood of attack using the misuse vulnerability in an environment relative to vulnerable systems in other environments?
A. Estimated return on effort
B. Perceived target value
C. Predicted investment return
D. Projected loss expectancy

9. With which of the following does a disruption event cause the system to fail to a pre-determined state?
A. Failover
B. Fail soft
C. Fail safe
D. Fail to known state

10. Which of the following best fits the definition of a debrief conducted immediately after an exercise or test with the staff and participants?
A. Coffee connection
B. Hotwash
C. Table tennis
D. Laugh and lounge

11. Which IKE mode is used in IPsec Phase 1 to negotiate the establishment of an IKE SA through three messages/packets?
A. Tentative
B. Aggressive
C. Perspicuous
D. Qualifying

12. Which of the following is an attack where a blockchain network user attempts to explicitly double spend a digital asset?
A. Evil clone
B. Twin declaration
C. Midnight confession
D. Double spend

13. Which of the following is a situation in which BGP sessions are repeatedly dropped and restarted, normally as a result of line or router problems?
A. Resurrecting
B. Degenerating
C. Flapping
D. Relapsing

14. Which of the following is a verification process whereby assurance is obtained that the owner of a key pair actually has the private key associated with the public key?
A. Chain of custody
B. Proof of possession
C. Passport verification
D. Neighbor vouching

15. Which of the following refers to a type of attack that combines multiple attack methods against one or more vulnerabilities?
A. Blended attack
B. Sequestered attack
C. Appropriated attack
D. Appropriated attack

Please visit GoCertify to attempt the remaining 10 questions of this quiz.

ANSWERS

The National Institute of Standards and Technology (NIST) has an IT glossary of terms.

1. B β€” A file name anomaly (also known as a file signature anomaly) occurs when there is a mismatch between the internal file header (type of file) and the external extension (.docx, in this case).
‍
2. B β€” A Merkle tree is a data structure where the data is hashed and combined until there is a singular root hash that represents the entire structure.
‍
3. D β€” Big-endian is the property of a byte string meaning its bytes are positioned in order of decreasing significance.
‍
4. C β€” A derivation key is an electronic key that is used as input to the key expansion step to derive other keys.
‍
5. A β€” A nonce is a time-varying value that has at most a negligible chance of repeating.
‍
6. A β€” With fuzz testing, invalid data is input into an application via the environment, or input by one process into another process to see how it responds.
‍
7. C β€” The set of points on the boundary of a system, a system element, or an environment where an attacker can try to enter, cause an effect on, or extract data from, that system, system element, or environment is known as the attack surface.
‍
8. B β€” Perceived target value measures the likelihood of attack using the misuse vulnerability in an environment relative to vulnerable systems in other environments.
‍
9. D β€” With Fail to a Known State, a disruption event cause the system to fail to a pre-determined state.

10. B β€” A hotwash is a debrief conducted immediately after an exercise or test with the staff and participants.
‍
11. B β€” Aggressive mode is used in IPsec phase 1 to negotiate the establishment of an IKE SA through three messages/packets.
‍
12. D β€” Double spend is an attack where a blockchain network user attempts to explicitly double spend a digital asset.
‍
13. C β€” Flapping is a situation in which BGP sessions are repeatedly dropped and restarted, normally as a result of line or router problems.
‍
14. B β€” Proof of possession is a verification process whereby assurance is obtained that the owner of a key pair actually has the private key associated with the public key.
‍
15. A β€” A blended attack refers to a type of attack that combines multiple attack methods against one or more vulnerabilities.

‍

About the Author

Emmett Dulaney is a professor at Anderson University and the author of several books including Linux All-in-One For Dummies and the CompTIA Network+ N10-008 Exam Cram, Seventh Edition.

Posted to topic:
Tech Know