A+ CORE2 Flashcards

2-step verification

Authentication mechanism that uses a separate channel to authorize a sign-on attempt or to transmit an additional credential. This can use a registered email account or a contact phone number for an SMS or voice call.

3-2-1 backup rule

Best practice maxim stating that at any given time there should be at least three copies of data stored on two media types, with one copy held off site.

32-bit versus 64-bit

Processing modes referring to the size of each instruction processed by the CPU. 32-bit CPUs replaced earlier 16-bit CPUs and were used through the 1990s to the present day, though most PC and laptop CPUs now work in 64-bit mode. The main 64 bit platform is called AMD64 or EM64T (by Intel). Software can be compiled as 32-bit or 64-bit. 64-bit CPUs can run most 32-bit software, but a 32 bit CPU cannot execute 64-bit software.

802.1X

Standard for encapsulating EAP communications over a LAN (EAPoL) or WLAN (EAPoW) to implement port-based authentication.

access control list (ACL)

Collection of access control entries (ACEs) that determines which subjects (user accounts, host IP addresses, and so on) are allowed or denied access to the object and the privileges given (readonly, read/write, and so on).

access control vestibule

Secure entry system with two gateways, only one of which is open at any one time.

accessibility prefpane

macOS utility related to desktop and input/output device accessibility configuration.

accounts settings

Windows Settings pages relating to user account creation and maintenance.

active directory (AD)

Network directory service for Microsoft Windows domain networks that facilitates authentication and authorization of user and computer accounts.

active listening

A technique in communications to ensure that you capture all the information that the other person is "transmitting," including non-verbal cues such as tone of voice or gestures. There are various active listening techniques for ensuring that you are "getting the right message," such as summarizing, reflecting (matching the speaker's communication style), interpreting, and verbal attends (such as "Uh-huh," or "I see.")

ad blocker

Browser feature or add-in that prevents third-party content from being displayed when visiting a site.

administrative tools

Folder in Control Panel containing default Microsoft management consoles used to configure the local system.

administrator

Privileged user account that has been granted memberships of the Administrators security group. There is also an account named Administrator, but this is usually disabled by default.

Advanced Encryption Standard (AES)

Symmetric 128-, 192-, or 256-bit block cipher used for bulk encryption in modern security standards, such as WPA2, WPA3, and TLS.

AirDrop

iOS feature for simple file sharing via Bluetooth.

alarm system

Physical intrusion detection and warning that can use circuit, motion, proximity, and duress triggers.

Android

Cell phone/smartphone/tablet OS developed by the Open Handset Alliance (primarily driven by Google). Unlike iOS, it is an open-source OS, based on Linux.

antivirus scan (A-V)

Software capable of detecting and removing virus infections and (in most cases) other types of malware, such as worms, Trojans, rootkits, adware, spyware, password crackers, network mappers, DoS tools, and so on.

APK

Android app package format used when sideloading software from a source other than a trusted store.

.app

Default extension for a macOS app subdirectory when installed to the Applications folder.

Apple File System (APFS)

Default file system for macOS-based computers and laptops.

Apple ID

Cloud-based service allowing users to synchronize settings and manage apps, file sharing, and backups between multiple Apple devices.

application programming interface (API)

Methods exposed by a script or program that allow other scripts or programs to use it. For example, an API enables software developers to access functions of the TCP/IP network stack under a particular operating system.

Apps settings

Windows Settings pages relating to configuration of Windows Features and third-party software apps.

apt-get

One of the package management tools available in Linux for installing and updating software.

asset

Thing of economic value. For accounting purposes, assets are classified in different ways, such as tangible and intangible or short term and long term. Asset management means identifying each asset and recording its location, attributes, and value in a database.

asset tagging

Practice of assigning an ID to assets to associate them with entries in an inventory database.

asymmetric encryption cipher

Cipher that uses public and private keys. The keys are mathematically linked, using either Rivel, Shamir, Adleman (RSA) or elliptic curve cryptography (ECC) algorithms, but the private key is not derivable from the public one. An asymmetric key cannot reverse the operation it performs, so the public key cannot decrypt what it has encrypted, for example.

authentication, authorization, and accounting (AAA)

Security concept where a centralized platform verifies subject identification, ensures the subject is assigned relevant permissions, and then logs these actions to create an audit trail.

authenticator app

Software that allows a smartphone to operate as a second authentication factor or as a trusted channel for 2-step verification.

automation

Use of scripts to perform configuration steps without requiring manual intervention.

AutoRun/AutoPlay

Windows mechanisms for automatic actions to occur when a peripheral storage device is attached.

backdoor

Mechanism for gaining access to a computer that bypasses or subverts the normal method of authentication.

backup

Security copy of production data made to removable media, typically according to a regular schedule. Different backup types (full, incremental, or differential) balance media capacity, time required to backup, and time required to restore.

acceptable use policy (AUP)

Policy that governs employees' use of company equipment and Internet services. ISPs may also apply AUPs to their customers.

backup chain

Sequence of jobs starting with a full backup and followed by either incremental or differential backups to implement a media rotation scheme.

badge reader

Authentication mechanism that allows a user to present a smart card to operate an entry system.

bash

Command interpreter and scripting language for Unix-like systems.

.bat

Extension for the batch file format that is used to execute a series of Windows CMD shell commands.

BIOS/UEFI password

Passwords set in system firmware to prevent unauthorized booting of a computer (user password) or changes to system setup (supervisor password).

BitLocker

Feature of Windows allowing for encryption of NTFS-formatted drives. The encryption key can be stored in a TPM chip on the computer or on a USB drive.

blue screen of death (BSOD)

Microsoft status screen that indicates an error from which the system cannot recover (also called a stop error). Blue screens are usually caused by bad driver software or hardware faults (memory or disk). Other operating systems use similar crash indicators, such as Apple's pinwheel and Linux's kernel panic message.

bollards

Sturdy vertical post installed to control road traffic or designed to prevent ram-raiding and vehicle ramming attacks.

Boot Configuration Data (BCD)

Information about operating systems installed on the computer located in \boot\bcd on the system partition. The BCD can be modified using the bcedit command-line tool or msconfig.

boot method (OS setup)

Device used to start the setup program and hold source files for installing or upgrading an OS.

boot sector virus

Malicious code inserted into the boot sector code or partition table of a storage device that attempts to execute when the device is attached.

bootleg app

Software that illegally copies or imitates a commercial product or brand.

bootrec command

Windows command in Windows allowing for the repair (or attempted repair) of the boot manager and boot loader.

botnet

Group of hosts or devices that has been infected by a control program called a bot, which enables attackers to exploit the hosts to mount attacks.

branch

In scripting and programming, control statement that uses a condition to determine which code block to execute next.

bring your own device (BYOD)

Security framework and tools to facilitate use of personally owned devices to access corporate networks and data.

brute force attack

Type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack encrypted passwords.

cache (browser)

Cookies, site files, form data, passwords, and other information stored by a browser. Caching behavior can be enabled or disabled, and data can be cleared manually.

cat command

Linux command to view and combine (concatenate) files.

cd command

Command-line tool used to navigate the directory structure.

Certificate Manager console (certmgr. msc)

Console related to managing digital certificates for the current user and trusted root certification authority certificates.

certificate of destruction

Validation from an outsourcing provider of recycling/repurposing services that media has been destroyed or sanitized to the agreed standard.

certificate warning

Browser indication that a site connection is not secure because the certificate is invalid or the issuing CA is not trusted.

chain of custody

Record of evidence handling from collection to presentation in court to disposal.

change management

Process through which changes to the configuration of information systems are implemented as part of the organization's overall configuration management efforts.

chkdsk command

Command-line tool that verifies the integrity of a disk's file system.

chmod command

Linux command for managing file permissions.

chown command

Linux command for managing the account owner for files and directories.

Chrome OS

Proprietary OS developed by Google to run on specific laptop (chromebooks) and PC (chromeboxes) hardware.

clean install

OS setup method where the target disk is repartitioned and formatted, removing any existing OS and/or data files.

command and control (C2 or C&C)

Infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets.

command prompt (cmd.exe)

Basic shell interpreter for Windows.

compatibility concern

Considerations that must be made when using an app in an environment with multiple device and OS platforms.

complexity requirement

Rules designed to enforce best-practice password selection, such as minimum length and use of multiple character types.

computer security incident response team (CSIRT)

Team with responsibility for incident response. The CSIRT must have expertise across a number of business domains (IT, HR, legal, and marketing, for instance).

confidentiality, integrity, and availability (CIA triad)

Three principles of security control and management. Also known as the information security triad. Also referred to in reverse order as the AIC triad.

configuration management

Process through which an organization's information systems components are kept in a controlled state that meets the organization's requirements, including those for security and compliance.

console

Device that implements input and output for a command shell. In Linux, multiple virtual consoles support use of a single host by multiple user sessions simultaneously.

content filtering

Security measure performed on email and Internet traffic to identify and block suspicious, malicious, and/or inappropriate content in accordance with an organization's policies.

Control Panel

Legacy management interface for configuring user and system settings in Windows.

copy command

Command-line tool for copying files in Windows.

counter mode with cipher block chaining message authentication code protocol (CCMP)

Encryption protocol used for wireless LANs that addresses the vulnerabilities of the WEP protocol.

cp command

Command-line tool for copying files in Linux.

credit card transactions

Regulated data related to processing financial transactions.

cron job

Scheduled task that is managed by the Linux cron daemon.

cross-site scripting (XSS)

Malicious script hosted on the attacker's site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site, circumventing the browser's security model of trusted zones.

cryptominer

Malware that hijacks computer resources to create cryptocurrency.

cybersecurity

Protection of computer systems and digital information resources from unauthorized access, attack, theft, or data damage.

definitions

Information about new viruses and other malware used to update antivirus scanners.

Defragment and Optimize Drives tool (dfrgui.exe)

Fragmentation occurs when a data file is not saved to contiguous sectors on an HDD and reduces performance. The defragmenter mitigates this and can also perform optimization operations for SSDs.

denial of service attack (DoS)

Any type of physical, application, or network attack that affects the availability of a managed resource.

desktop

Graphical OS interface that allows programs to run within window containers. Desktop styles include tools for launching apps, such as the Windows Start Menu, and managing apps, such as the Windows taskbar. Changes to the desktop style over the course of version and feature updates can be confusing for users.

desktop management software

General category of software designed to facilitate remote support of desktops and mobile devices on a corporate network.

developer mode

Mobile-device feature designed for testing apps during development that may weaken corporate security protections if misused.

Device Manager

Primary interface for configuring and managing hardware devices in Windows. Device Manager enables the administrator to disable and remove devices, view hardware properties and system resources, and update device drivers.

device wipe

Remote-initiated factory reset of a mobile device that removes all user data and settings.

Devices and Printers

Control Panel app for using and configuring attached hardware.

Devices settings

Windows Settings pages for using and configuring attached hardware.

df/du commands

Command-line tools used to report storage usage in Linux.

dictionary attack

Type of password attack that compares encrypted passwords against a predetermined list of possible password values.

differential backup

Job type in which all selected files that have changed since the last full backup are backed up.

dig command

Utility to query a DNS server and return information about a particular domain name or resource record.

digital certificate

Identification and authentication information presented in the X.509 format and issued by a Certificate Authority (CA) as a guarantee that a key pair (as identified by the public key embedded in the certificate) is valid for a particular subject (user or host).

digital forensics

Process of gathering and submitting computer evidence to trial. Digital evidence is latent, meaning that it must be interpreted. This means that great care must be taken to prove that the evidence has not been tampered with or falsified.

digital rights management (DRM)

Copyright protection technologies for digital media. DRM solutions usually try to restrict the number of devices allowed for playback of a licensed digital file, such as a music track or ebook.