ALL CompTIA Security+ (SY0-701) Exam Objectives Master Set

Public key infrastructure (PKI)

A system that manages the creation, distribution, and revocation of digital certificates.

Public key

A cryptographic key that is used for encryption and verifying digital signatures in asymmetric encryption.

Private key

A cryptographic key that is used for decryption and creating digital signatures in asymmetric encryption.

Key escrow

A process where a trusted third party holds a copy of an encryption key.

Encryption

The process of converting plaintext into ciphertext to protect data confidentiality.

Full-disk encryption

The process of encrypting the entire disk to protect all data stored on it.

Partition encryption

The process of encrypting a specific partition on a disk.

File encryption

The process of encrypting individual files to protect their contents.

Volume encryption

The process of encrypting a logical volume, which can span multiple disks or partitions.

Database encryption

The process of encrypting a database to protect its contents.

Record encryption

The process of encrypting individual records within a database.

Transport/communication encryption

The process of encrypting data during transmission to ensure its confidentiality.

Asymmetric encryption

A cryptographic system that uses two different keys: a public key for encryption and a private key for decryption.

Symmetric encryption

A cryptographic system that uses the same key for both encryption and decryption.

Key exchange

The process of securely sharing encryption keys between parties.

Algorithms

Mathematical functions used in encryption and decryption processes.

Key length

The size of the encryption key, measured in bits.

Trusted Platform Module (TPM)

A hardware component that provides secure storage and cryptographic functions.

Hardware security module (HSM)

A physical device that generates, stores, and manages cryptographic keys.

Key management system

A system that handles the generation, storage, and distribution of cryptographic keys.

Secure enclave

A secure area within a processor that protects sensitive data.

Obfuscation

The process of making something unclear or difficult to understand.

Steganography

The process of hiding secret information within an innocent-looking carrier file.

Tokenization

The process of replacing sensitive data with a non-sensitive token.

Data masking

The process of modifying sensitive data to protect its confidentiality.

Hashing

The process of converting data into a fixed-size string of characters.

Salting

The process of adding random data to the input of a hash function to prevent precomputed attacks.

Digital signatures

A cryptographic mechanism to verify the authenticity and integrity of digital documents.

Key stretching

A technique to make a cryptographic key more resistant to brute-force attacks.

Blockchain

A distributed ledger that records transactions across multiple computers.

Open public ledger

A transparent and publicly accessible record of all transactions in a blockchain.

Certificates

Digital documents that bind a public key to an entity.

Certificate authorities

Entities that issue and sign digital certificates.

Certificate revocation lists (CRLs)

Lists of revoked digital certificates.

Online Certificate Status Protocol (OCSP)

A protocol for checking the revocation status of digital certificates.

Self-signed

A digital certificate that is signed by its own private key.

Third-party Certificate

A digital certificate that is signed by a trusted third-party certificate authority.

Root of trust

A trusted entity or component that forms the basis of a security system.

Certificate signing request (CSR) generation

The process of creating a request for a digital certificate.

Wildcard

A type of digital certificate that can be used for multiple subdomains.

Confidentiality

The principle of protecting data from unauthorized access.

Integrity

The principle of ensuring accuracy and completeness of data.

Availability

The principle of ensuring data is accessible when needed.

Non-repudiation

The ability to prove that a specific action or event occurred and that it was performed by a specific entity.

Authentication

The process of verifying the identity of individuals or systems.

Authorization

The process of granting or denying access rights based on authenticated identity.

Accounting

The process of tracking and recording activities for auditing purposes.

Gap analysis

The assessment of the difference between the current and desired state of security measures.

Zero Trust

A security model that requires continuous verification and authentication for all users and devices, assuming no trust by default.

Control Plane

The network component that manages access to resources and enforces security policies.

Adaptive identity

A control plane component that dynamically adjusts access privileges based on user behavior and context.

Threat scope reduction

A control plane technique that limits the exposure of resources to potential threats.

Policy-driven access control

A control plane approach that enforces access rules based on predefined policies.

Policy Administrator

A control plane component responsible for managing and defining security policies.

Policy Engine

A control plane component that evaluates and enforces security policies.

Data Plane

The network component that handles data traffic

Implicit trust zones

Data plane areas where trust is assumed, allowing communication without additional authentication.

Subject/System

Entities within the data plane that interact with each other.

Policy Enforcement Point

A data plane component that enforces security policies and controls access to resources.

Physical security

Measures taken to protect physical assets and prevent unauthorized access.

Bollards

Physical barriers used to control or block vehicle access.

Access control vestibule

A small enclosed area designed to control access to a building or secure area.

Fencing

Physical barriers used to enclose and protect an area.

Video surveillance

The use of cameras to monitor and record activities in a specific area.

Security guard

A person responsible for monitoring and protecting a specific area or property.

Access badge

A physical or electronic card used to grant access to a secure area.

Lighting

Illumination used to enhance visibility and deter unauthorized access.

Sensors

Devices used to detect and respond to specific environmental conditions.

Infrared

A type of sensor that detects heat radiation.

Pressure

A type of sensor that detects changes in pressure.

Microwave

A type of sensor that uses microwave radiation to detect movement.

Ultrasonic

A type of sensor that uses sound waves to detect objects or movement.

Deception and disruption technology

Techniques and tools used to mislead or disrupt attackers.

Honeypot

A decoy system designed to attract and monitor unauthorized access attempts.

Honeynet

A network of honeypots used to gather information about attackers.

Honeyfile

A file that appears valuable to attackers but is actually monitored.

Honeytoken

A piece of information that appears valid but is actually a trap for attackers.

Technical Control

A control category that utilizes technology or tools to prevent or detect risks in a system or process.

Managerial Control

A control category that involves the implementation of policies and procedures to manage risks within an organization.

Operational Control

A control category that focuses on the day-to-day activities and processes to mitigate risks and ensure smooth operations.

Physical Control

A control category that utilizes physical barriers or safeguards to protect assets and prevent unauthorized access.

Preventive Control

A control type that aims to proactively stop risks from occurring by implementing measures and safeguards.

Deterrent Control

A control type that discourages individuals from engaging in risky behavior through the presence of deterrent measures.

Detective Control

A control type that identifies risks or incidents after they have occurred, allowing for timely response and mitigation.

Corrective Control

A control type that addresses risks or incidents and takes appropriate actions to rectify them and prevent recurrence.

Compensating Control

A control type that provides an alternative measure to mitigate risks when primary controls are not effective or feasible.

Directive Control

A control type that provides guidance or instructions to individuals to ensure compliance with organizational policies or procedures.

Business processes impacting security operation

Processes that affect security operations, including approval, ownership, stakeholders, impact analysis, test results, backout plan, maintenance window, and standard operating procedure.

Approval process

Process for obtaining approval for security-related activities.

Ownership

Responsibility and accountability for security-related activities.

Stakeholders

Individuals or groups with an interest or involvement in security operations.

Impact analysis

Assessment of the potential effects of security-related activities on the system or organization.

Test results

Outcomes of security testing to evaluate the effectiveness of security measures.

Backout plan

Plan to revert security-related changes in case of issues or failures.

Maintenance window

Scheduled period of time during which security maintenance activities can be performed without impacting normal operations.

Standard operating procedure

Documented set of step-by-step instructions for performing security-related tasks.

Technical implications

Technical considerations and consequences of security operations, including allow lists/deny lists, restricted activities, downtime, service restart, application restart, legacy applications, and dependencies.

Allow lists/deny lists

Lists of allowed or denied entities (e.g., IP addresses, users) for security purposes.

Restricted activities

Activities limited or controlled due to security requirements.

Downtime

Periods of time when a system or service is not available for use.