CompTIA Security+ (SY0-701) Study Notes

Comprehensive vocabulary flashcards covering the key concepts, terms, and technologies from the CompTIA Security+ (SY0-701) study notes.

Information Security

The practice of protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction.

CIA Triad

The foundational security model consisting of Confidentiality, Integrity, and Availability.

Confidentiality

Ensures that information is accessible only to authorized personnel through methods like encryption.

Integrity

Ensures that data remains accurate and unaltered from its original state, often verified with checksums or hashing.

Availability

Ensures that information and resources are accessible and operational when needed by authorized users through redundancy measures.

Non-Repudiation

A security measure that guarantees an action or event cannot be denied by the involved parties, often using digital signatures.

Authentication

The security process of verifying the identity of a user, device, or system.

Authorization

The process of determining the specific permissions and resources an authenticated user can access.

Accounting

The tracking of user activities and resource usage for auditing, billing, or accountability purposes.

Technical Controls

Security controls implemented through technologies, hardware, and software mechanisms to manage and reduce risks.

Managerial Controls

Also known as administrative controls, these involve the strategic planning and governance side of security.

Operational Controls

Procedures and measures designed to protect data on a day-to-day basis, governed by internal processes and human actions.

Preventive Controls

Proactive security measures implemented to thwart potential threats or breaches before they occur.

Deterrent Controls

Security measures designed to discourage potential attackers by making the effort seem less appealing or more challenging.

Detective Controls

Measures that monitor and alert organizations to malicious activities as they occur or shortly thereafter.

Corrective Controls

Measures designed to mitigate potential damage and restore systems to their normal state after an incident.

Compensating Controls

Alternative security measures implemented when primary controls are not feasible or effective.

Directive Controls

Security measures that guide, inform, or mandate actions, often rooted in policy or documentation.

Zero Trust Model

A security principle where no one is trusted by default, requiring verification for every device, user, and transaction.

Control Plane

Within Zero Trust, refers to the framework responsible for defining, managing, and enforcing access policies.

Data Plane

Within Zero Trust, where the actual decision to grant or deny access is executed at policy enforcement points.

Threat

Anything that could cause harm, loss, damage, or compromise to information technology systems.

Vulnerability

Any weakness in system design or implementation, such as software bugs or misconfigurations.

Risk

The intersection where a threat meets a matching vulnerability within enterprise systems.

Data Masking

A method involving obscuring specific data within a database to make it inaccessible to unauthorized users while retaining use for authorized users.

Hashing

A one-way cryptographic process of converting data into a fixed-size value to ensure data integrity.

Redundancy

The duplication of critical components or functions of a system with the intention of enhancing reliability.

Knowledge Factor

An authentication method based on 'something you know,' such as a password or PIN.

Possession Factor

An authentication method based on 'something you have,' such as a smart card or hardware token.

Inherence Factor

An authentication method based on 'something you are,' utilizing biometrics like fingerprints or facial recognition.

Action Factor

An authentication method based on 'something you do,' such as unique keystroke patterns.

Location Factor

An authentication method based on 'somewhere you are,' typically using IP addresses or GPS data.

Syslog Servers

Servers used to aggregate logs from various network devices and systems for centralized analysis.

SIEM (Security Information and Event Management)

Systems providing real-time analysis of security alerts generated by various hardware and software infrastructure.

Gap Analysis

The process of evaluating the differences between an organization's current performance and its desired performance.

POA&M (Plan of Action and Milestones)

A document outlining specific measures to address vulnerabilities, allocate resources, and set remediation timelines.

Script Kiddie

An unskilled threat actor with limited technical knowledge who uses pre-made software or scripts to exploit systems.

Hacktivist

A threat actor driven by political, social, or environmental ideologies rather than personal gain.

APT (Advanced Persistent Threat)

A prolonged and targeted cyberattack, often nation-state sponsored, where an intruder remains undetected while stealing data.

False Flag Attack

An attack orchestrated to appear as if it originated from a source other than the actual perpetrators to mislead investigators.

Shadow IT

The use of IT systems, devices, or software without explicit organizational approval.

Threat Vector

The specific means or pathway by which an attacker gains unauthorized access to deliver a malicious payload.

Attack Surface

The sum of all various points where an unauthorized user can try to enter or extract data from an environment.

Vishing

A social engineering attack that uses voice calls to trick victims into revealing sensitive information.

Baiting

A social engineering technique where an attacker leaves a malware-infected physical device, like a USB drive, for a victim to find and use.

BlueBorne

A set of Bluetooth vulnerabilities allowing attackers to take over devices or intercept communications without user interaction.

Honeypot

A decoy system set up to attract and deceive potential hackers for monitoring purposes.

Honeytoken

A piece of data or a resource with no legitimate value used to alert administrators when it is accessed or used.

Bollards

Short, sturdy vertical posts designed to control or prevent vehicle access to a physical location.

Access Control Vestibule

A double-door system, sometimes called a mantrap, that allows only one door to be open at a time to prevent tailgating.

Piggybacking

A physical security breach where an unauthorized person enters a secure area with the consent of an authorized person.

Tailgating

A physical security breach where an unauthorized person follows an authorized person into a secure area without their consent.

FAR (False Acceptance Rate)

The rate at which a biometric system erroneously authenticates an unauthorized user.

FRR (False Rejection Rate)

The rate at which a biometric system erroneously denies access to an authorized user.

CER (Crossover Error Rate)

The point where the False Acceptance Rate ($FAR$) and False Rejection Rate ($FRR$) are equal, used to measure biometric effectiveness.

Social Engineering

A manipulative strategy that exploits human psychology to gain unauthorized access to systems or data.

Typosquatting

A cyberattack where an attacker registers domain names similar to popular websites, relying on user typographical errors.

Watering Hole Attack

A targeted attack where an attacker compromises a specific website known to be frequented by their intended targets.

Spear Phishing

A targeted form of phishing focused on a specific group of individuals or an organization.

Whaling

A form of spear phishing that specifically targets high-profile individuals like CEOs or CFOs.

Business Email Compromise (BEC)

A sophisticated attack where an attacker takes over a legitimate business email account to conduct unauthorized transactions.

Disinformation

The deliberate creation and sharing of false information with the specific intent to deceive or mislead.

Computer Virus

Malicious code that attaches to clean files and requires user interaction to execute and spread.

Worm

A type of malware that can self-replicate and spread across networks without any user interaction.

Trojan

Malicious software disguised as harmless or desirable software to trick users into installing it.

RAT (Remote Access Trojan)

A type of Trojan that provides an attacker with full remote control of a victim's machine.

Ransomware

Malware that encrypts user data and demands payment for the decryption key.

Botnet

A network of compromised computers, known as zombies, controlled remotely by a malicious actor.

Rootkit

Malware designed to gain administrative-level control over a system while remaining hidden from the operating system.

Logic Bomb

Malicious code inserted into a program that executes only when specific conditions are met.

Keylogger

Software or hardware designed to record every keystroke made on a device to capture sensitive information.

Bloatware

Unnecessary software pre-installed on a new device that consumes resources and may introduce vulnerabilities.

Fileless Malware

Malware that operates directly in system memory without relying on the local file system to avoid signature-based detection.

Stage 1 Dropper

A lightweight piece of malware designed to initiate an infection and retrieve additional malicious tools.

Data at Rest

Inactive data stored on physical or digital storage media, such as hard drives or databases.

Data in Transit

Data that is actively moving across a network from one location to another.

Data in Use

Data that is currently being processed, updated, or accessed by a system's CPU or memory.

Data Owner

A senior executive responsible for labeling information assets and ensuring appropriate security controls are in place.

Data Custodian

An individual responsible for managing the systems where data is stored, including backups and access controls.

Data Sovereignity

The concept that digital information is subject to the laws of the country in which it is located.

GDPR (General Data Protection Regulation)

A comprehensive data privacy regulation that protects the data of EU citizens regardless of where the data is stored.

Tokenization

The process of replacing sensitive data with non-sensitive tokens while storing the original data in a secure, separate database.

Symmetric Encryption

A type of encryption that uses the same single key for both encryption and decryption.

Asymmetric Encryption

Also known as Public Key Cryptography, it uses a pair of keys: a public key for encryption and a private key for decryption.

AES (Advanced Encryption Standard)

A symmetric block cipher that is the standard for the US government, supporting key sizes of $128$, $192$, and $256$ bits.

Diffie-Hellman

An asymmetric algorithm primarily used for secure key exchange over an insecure channel.

ECC (Elliptic Curve Cryptography)

A highly efficient asymmetric algorithm used in mobile devices that provides strong security with smaller key sizes.

MD5 (Message Digest Algorithm 5)

A legacy hashing algorithm that creates a $128$-bit digest, now considered insecure due to collision vulnerabilities.

SHA-2 (Secure Hash Algorithm 2)

A family of hashing algorithms that offers longer digests, such as $SHA-256$ and $SHA-512$, to maintain security.

Digital Signature

A hash digest of a message encrypted with the sender's private key to ensure integrity, authenticity, and non-repudiation.

Key Stretching

A technique used to make a weak key more secure by repeatedly hashing it, increasing the time needed for brute-force attacks.

Salting

Adding random data to a password before hashing to ensure identical passwords have unique hash outputs.

PKI (Public Key Infrastructure)

A framework of hardware, software, and policies used to manage digital keys and certificates.

Certificate Authority (CA)

A trusted third party responsible for issuing, managing, and revoking digital certificates.

CRL (Certificate Revocation List)

A list of digital certificates that have been revoked by a Certificate Authority before their expiration date.

OCSP (Online Certificate Status Protocol)

A protocol used to check the revocation status of a certificate in real-time using its serial number.

Steganography

The practice of concealing a secret message within another non-secret file, such as an image, to hide its existence.

Blockchain

A decentralized, shared, and immutable ledger used for recording transactions and tracking assets.

TPM (Trusted Platform Module)

A dedicated hardware microcontroller used to provide hardware-level security through integrated cryptographic keys.

HSM (Hardware Security Module)

A physical device used for safeguarding and managing digital keys while performing encryption operations in a tamper-proof environment.