CompTIA Security+ (SY0-701) Master Flashcards

70 question-and-answer flashcards covering the principal concepts, definitions, processes, and best-practice facts found in the CompTIA Security+ (SY0-701) study notes. Use them to drill quickly on domains 1–5, including CIA/AAA, threat actors, zero trust, IAM, encryption, incident response, automation, and more.

What are the three elements of the CIA triad?

Confidentiality, Integrity, and Availability.

Which two additional principles expand the CIA triad into the CIANA Pentagon?

Non-repudiation and Authentication.

What are the three "Triple-A" pillars of security?

Authentication, Authorization, and Accounting.

In CompTIA’s Security+ (SY0-701) exam, which domain has the highest weighting?

Domain 4 – Security Operations at 28 %.

What is Zero Trust’s fundamental assumption?

Never trust; always verify every device, user, and transaction.

Name the two planes that make up a Zero-Trust architecture.

Control Plane and Data Plane.

In Zero Trust, which component actually enforces an allow/deny decision?

Policy Enforcement Point (PEP) in the Data Plane.

Define a ‘threat’ in cybersecurity terms.

Anything that can exploit a vulnerability and cause harm to information systems.

Where does risk exist in relation to threats and vulnerabilities?

At the intersection where a threat matches a corresponding vulnerability.

List five common methods to protect confidentiality.

Encryption, Access Controls, Data Masking, Physical Security, Training/Awareness.

What security goal ensures undeniable proof of an action?

Non-repudiation.

Give the five typical authentication factors.

Something you know, have, are, do, and somewhere you are.

What is the difference between a vulnerability scan and a penetration test?

A scan passively identifies weaknesses; a pen test actively exploits them to prove impact.

Which document outlines specific remediation steps, resources, and timelines?

POA&M (Plan of Action and Milestones).

What are the four broad categories of security controls?

Technical, Managerial, Operational, and Physical.

Name at least four security control TYPES.

Preventive, Deterrent, Detective, Corrective, Compensating, Directive.

Which risk management strategy transfers risk to another party?

Risk Transference (e.g., through insurance or contractual clauses).

Define ‘script kiddie’.

An unskilled attacker who uses pre-made tools or scripts created by others.

Which threat actor is motivated mainly by ideology and activism?

Hacktivist.

What is Shadow IT?

Use of IT systems or services without explicit organizational approval.

Give two Bluetooth-specific attack names.

BlueBorne and BlueSmack (others include Bluesnarfing, Bluejacking, Bluebugging).

Which wireless security protocol introduces SAE and Enhanced Open?

WPA3.

What protocol adds digital signatures to e-mail headers for integrity/authentication?

DKIM (DomainKeys Identified Mail).

Which DNS attack alters a resolver’s cache to redirect traffic?

DNS Cache Poisoning (DNS Spoofing).

What tool class unifies log collection, correlation, and alerting?

SIEM (Security Information and Event Management).

Give two advantages of automating security with SOAR.

Faster reaction time and consistent, repeatable responses (also reduced human error, workforce multiplier, etc.).

What is the primary purpose of a honeypot?

Act as a decoy system to attract and study attackers while protecting real assets.

Explain the difference between symmetric and asymmetric encryption.

Symmetric uses one key for encryption/decryption; asymmetric uses a public/private key pair.

Which asymmetric algorithm is based on factoring large prime numbers?

RSA.

What hashing function family includes SHA-256 and SHA-512?

SHA-2 family.

What is a birthday attack?

A cryptographic attack that seeks two inputs producing the same hash (collision).

What does FDE stand for and what does it protect?

Full-Disk Encryption; protects data at rest on an entire storage drive.

Describe a ‘race condition’.

A vulnerability where the timing of events lets an attacker manipulate shared resources before proper validation.

Which Windows feature centrally administers password and security policies?

Group Policy via Active Directory (GPO).

Give the five steps of the CompTIA incident-response model.

Preparation, Detection, Analysis, Containment, Eradication, Recovery, Post-Incident Activity.

What is the first action after discovering ransomware on a workstation?

Isolate/disconnect the machine from the network to stop spread.

Define ‘MTTR’.

Mean Time To Repair – average time to restore a failed component.

What backup type stores data in geographically separate facilities?

Off-site backups (can be to cloud).

Which redundancy configuration mirrors data across two drives?

RAID 1.

Name two common threat-intelligence feed types.

Open-Source Intelligence (OSINT) and Proprietary/Commercial feeds.

What is a ‘false positive’ alert?

Security system flags benign activity as malicious when it is not.

Which NIST publication gives guidelines for media sanitization?

NIST SP 800-88.

What does EDR stand for and what is its role?

Endpoint Detection and Response; continuous monitoring and response on endpoint devices.

Which 802.1X component actually authenticates the user’s credentials?

The Authentication Server (often a RADIUS server).

What are the two major wireless bands and their non-overlapping 2.4 GHz channels?

2.4 GHz and 5 GHz; channels 1, 6, 11 are non-overlapping in 2.4 GHz.

What is the main goal of input validation in web applications?

Ensure only properly formed data is processed, preventing injection attacks like SQLi and XSS.

Which protocol secures IP traffic at layer 3 and provides ESP & AH?

IPsec.

Name one advantage of containerization over full VM virtualization.

Lightweight; shares host OS kernel resulting in faster startup and lower resource use.

What cloud security concern arises from multiple tenants sharing hardware?

Shared physical server vulnerabilities (e.g., side-channel attacks, VM escape).

State one benefit of Single Sign-On (SSO).

Users authenticate once to access multiple services, improving usability and reducing password fatigue.

What document formally authorizes system operation and accepts residual risk?

Authority to Operate (ATO), although not explicit above, contextual in governance.

Which encryption tool is embedded in many CPUs for hardware key storage?

TPM (Trusted Platform Module).

Define ‘compensating control’.

Alternate security measure put in place when a primary control is not feasible or has failed.

What log source would best indicate repeated failed logins on a server?

Operating-system security logs / authentication logs.

Name three motivational triggers used by social engineers.

Authority, Urgency, Social Proof (also Scarcity, Likability, Fear).

What is the purpose of a degausser?

Create a strong magnetic field to irreversibly erase data on magnetic media.

Which toolset provides open-standard automation of vulnerability management (includes OVAL, XCCDF)?

SCAP (Security Content Automation Protocol).

What does CVE stand for?

Common Vulnerabilities and Exposures – unique identifiers for publicly known vulnerabilities.

Explain a ‘split-tunnel’ VPN.

Only specific traffic routes through the VPN; other traffic goes directly to the internet.

Identify one key difference between SNMP v2 and v3.

SNMP v3 adds authentication and encryption (integrity, confidentiality), whereas v1/v2 use plaintext community strings.

What is a ‘bounce’ or ‘reflector’ in a DDoS amplification attack?

An intermediary server (e.g., open DNS resolver) used to reflect and amplify traffic toward a victim.

Describe ‘pass the hash’.

Using stolen password hash values to authenticate without cracking the plaintext password.

Which policy enforces removal of user access once employment terminates?

De-provisioning policy (part of IAM lifecycle).

What is a ‘purple-team’ penetration test?

Integrated testing where red (offense) and blue (defense) teams collaborate to improve security.

Which access-control model bases decisions on attributes like user role, resource type, and environment?

ABAC – Attribute-Based Access Control.

What technique blindfolds a camera by overloading its sensor with light?

Blinding sensors/cameras (a bypass of surveillance systems).

Name two services generally included in a cloud-based SASE solution.

SD-WAN networking plus cloud-delivered security such as CASB, FWaaS, or Zero-Trust access.

What document records every identified risk and its status throughout a project?

Risk Register.

When should the ‘backout plan’ in change management be executed?

When a change causes unexpected problems and must be reversed to the previous stable state.

Give one core benefit of Infrastructure as Code (IaC).

Consistency/Repeatability—servers and configurations are deployed identically every time via code.

What are the three elements of the CIA triad?

Confidentiality, Integrity, and Availability.

Which two additional principles expand the CIA triad into the CIANA Pentagon?

Non-repudiation and Authentication.

What are the three "Triple-A" pillars of security?

Authentication, Authorization, and Accounting.

In CompTIA’s Security+ (SY0-701) exam, which domain has the highest weighting?

Domain 4 – Security Operations at 28 %.

What is Zero Trust’s fundamental assumption?

Never trust; always verify every device, user, and transaction.

Name the two planes that make up a Zero-Trust architecture.

Control Plane and Data Plane.

In Zero Trust, which component actually enforces an allow/deny decision?

Policy Enforcement Point (PEP) in the Data Plane.

What are the core tenets of Zero Trust?

The core tenets of Zero Trust are: Verify explicitly, use least privilege, and assume breach.

Define a ‘threat’ in cybersecurity terms.

Anything that can exploit a vulnerability and cause harm to information systems.

Where does risk exist in relation to threats and vulnerabilities?

At the intersection where a threat matches a corresponding vulnerability.

List five common methods to protect confidentiality.

Encryption, Access Controls, Data Masking, Physical Security, Training/Awareness.

What security goal ensures undeniable proof of an action?

Non-repudiation.

Something you know, have, are, do, and somewhere you are.

Give the five typical authentication factors.

What is the difference between a vulnerability scan and a penetration test?

A scan passively identifies weaknesses; a pen test actively exploits them to prove impact.

Which document outlines specific remediation steps, resources, and timelines?

POA&M (Plan of Action and Milestones).

What are the four broad categories of security controls?

Technical, Managerial, Operational, and Physical.

Name at least four security control TYPES.

Preventive, Deterrent, Detective, Corrective, Compensating, Directive.

Which risk management strategy transfers risk to another party?

Risk Transference (e.g., through insurance or contractual clauses).

Name three common risk management strategies.

Risk Acceptance, Risk Mitigation, and Risk Avoidance.

Define ‘script kiddie’.

An unskilled attacker who uses pre-made tools or scripts created by others.

Which threat actor is motivated mainly by ideology and activism?

Hacktivist.

What is an 'insider threat'?

A security risk from someone within the organization (current or former employee, contractor, etc.) who has authorized access.

What is Shadow IT?

Use of IT systems or services without explicit organizational approval.

Give two Bluetooth-specific attack names.

BlueBorne and BlueSmack (others include Bluesnarfing, Bluejacking, Bluebugging).

Which wireless security protocol introduces SAE and Enhanced Open?

WPA3.

What protocol adds digital signatures to e-mail headers for integrity/authentication?

DKIM (DomainKeys Identified Mail).

What is SPF in email security?

Sender Policy Framework – an email validation system designed to prevent email spoofing by verifying sender IP addresses.

Which DNS attack alters a resolver’s cache to redirect traffic?

DNS Cache Poisoning (DNS Spoofing).

What tool class unifies log collection, correlation, and alerting?

SIEM (Security Information and Event Management).

Give two advantages of automating security with SOAR.

Faster reaction time and consistent, repeatable responses (also reduced human error, workforce multiplier, etc.).