CompTIA+ Chapter 16 Vocab No.1

Access Control List (ACL)

A record or list of the resources (for example, a printer, folder, or file) that a user, device, or program has access to on a corporate network, server, or workstation

Access control Vestibule

A physical security technique of using two doors on either end of a small entryway where the first door must close before the second door can open 

anti-malware software

Utility software that can prevent infection, scan a system, and detect and remove all types of general malware, including viruses, spyware, worms, and rootkits 

ATA Secure Erase

Standards developed by the American National Standards Institute (ANSI) that dictate how to securely erase data from solid-state devices such as a USB flash drive or SSD in order to protect personal privacy 

Authenticator app

an app with a counter or number generator that uses a two-factor authentication program by being synchronized with the same calculations on the server 

biometric data

Data that identifies a person by a fingerprint, handprint, face, retina, iris, voice, or handwritten signature 

boot sector virus

a virus that infects the first sector on a MBR hard drive by replacing the program in this sector that is used to boot the system. It can infect the partition table in that sector 

botnet

A network of computers that have been turned into zombies by malware. This group of computers is often used to carry out DDoS (Distributed Denial of Service) attacks 

brute force attack

A way to crack a password by trying every possible combination of letters, numbers, and symbols 

Certificate Authority (CA)

An organization, such as VeriSign, that assigns digital certificates or digital signatures to individuals or organizations 

Certificate Manager

A Windows utility (certmgr.msc) in the Microsoft Management Console (MMC) used to view and delete root certificates 

Chain of Custody (CoC)

Documentation that tracks all evidence collected and used in an investigation, including when and from whom the evidence was collected, the condition of the evidence, and how the evidence was secured while in possession of a responsible party 

Closed-source software

programming that is owned by the creator (developer) 

cross-site scripting (XSS)

an attacker uses an online application that unknowingly sends a malicious script to an unsuspecting user’s browser, which executes the script under the user’s credentials 

cryptojacking

a type of zombie attack that installs crypto mining software to run mining operations  

Data Loss Prevention (DLP)

Methods that protect corporate data from being exposed or stolen; for example, software that filters employee email to verify that privacy laws are not accidentally or intentionally being violated 

data retention

a policy for regulated data, which is used to determine the number of years regulated data must be retained after a termination date 

degausser

A machine that exposes a storage device to a strong magnetic field to completely erase the data on a magnetic hard drive or tape drive 

dictionary attack

A method to discover or crack a password by trying words in a dictionary 

digital certificate

Data that serves to authenticate the source of a file or document or to identify and authenticate a person or organization sending data over a network. The data is assigned by a certificate authority such as VeriSign 

Digital Rights Management (DRM)

Software and hardware security limitations meant to protect digital content and prevent piracy 

Distributed Denial-of-service (DDoS)

A type of attack performed by multiple computers or botnets that overwhelm a server or network and take it down. This attack can be carried out even when users of the botnet computers are not aware of the attack

End User License agreement (EULA)

A digital or printed statement of your rights to use or copy software, which you agree to when the software is installed 

Entry control roster

A list of people allowed into a restricted area and a log of approved visitors. The list is used and maintained by security guards 

hard token

used to restrict access to a secured physical location using a physical device you possess 

key fob

A hardware token that fits conveniently on a key chain. One way it can be used for security is by displaying a number that can be used to authenticate 

keylogger

A type of spyware that tracks anything you type, including passwords. Keystrokes are logged to a text file and transmitted over the Internet without your knowledge 

mutual authentication

To authenticate in both directions at the same time as both entities confirm the identity of the other 

man-in-the-middle attack

An attack that pretends to be a legitimate website, network, FTP site, or person in a chat session in order to obtain private information 

Payment Card Industry (PCI)

Standards that regulate how credit card and debit card data is transmitted and stored to help prevent fraud. These standards apply to vendors, retailers, and financial institutions