CompTIA Security+ (SY0-701) Practice Exam

Information Security

Act of protecting data and information from unauthorized access, unlawful alteration, and disruption. It involves implementing measures and protocols to ensure confidentiality, integrity, and availability of information.

Information System Security

Act of protecting the information system's integrity, confidentiality, and availability from threats and vulnerabilities.

Information Security

Act of protecting data and information from unauthorized access, unlawful alteration, and disruption. It involves implementing measures and protocols to ensure confidentiality, integrity, and availability of information.

Information System Security

Act of protecting the information system's integrity, confidentiality, and availability from threats and vulnerabilities.

Confidentiality

Ensuring that sensitive information is accessed only by authorized individuals and kept secret from unauthorized parties.

Integrity

Ensuring that information is accurate, reliable, and protected from unauthorized modification or destruction.

Availability

Ensuring that information and resources are accessible and usable when needed by authorized users.

Non-repudiation

The assurance that someone cannot deny the validity of their signature or the sending of a message, ensuring accountability in transactions.

Authentication

The process of verifying the identity of a user, device, or entity before granting access to systems and data.

Accounting

The process of tracking and recording user activities and resource utilization, often for auditing and compliance purposes.

Security controls

Measures implemented to protect information systems from threats and vulnerabilities, ensuring confidentiality, integrity, and availability.

Zero trust

A security model that assumes no user or device is trustworthy by default until verified, enforcing strict access controls and continuous verification.

Control plane

Consists of the adaptive identity, threat scope reduction, policy-driven access control, and secured zones

Threat

An event or circumstance that has the potential to cause harm to an information system, including data breaches, malware, and unauthorized access.

Vulnerability

A weakness in a system that can be exploited by threats to gain unauthorized access or cause damage, often due to flaws in software, hardware, or organizational processes.

Confidentiality

The principle of protecting information so that only authorized individuals have access to it, ensuring privacy and preventing unauthorized disclosure.

Encryption

The process of converting information or data into a code to prevent unauthorized access, ensuring that only those with the correct decryption key can read it.

Access controls

Measures that restrict access to information and resources based on user identity and permissions, ensuring that only authorized personnel can access sensitive data.

Data masking

The process of obscuring specific data within a database to protect it from unauthorized access while still allowing for data analysis and processing.

physical security measures

Procedures and controls designed to protect physical assets and facilities from unauthorized access, damage, or interference.

Training and awareness

Initiatives designed to educate employees about security policies, potential threats, and safe practices to enhance organizational security posture.

Integrity

The assurance that data is accurate and trustworthy, preventing unauthorized modifications or alterations.

Hashing

A process that transforms input data into a fixed-size string of characters, which is typically a sequence of numbers and letters, used to ensure data integrity by producing a unique output for unique inputs.

Digital signatures

Use encryption to ensure integrity and authenticityof digital messages or documents, allowing the recipient to verify the sender's identity and the message's integrity.

Checksums

A method used to verify the integrity of data by producing a fixed-size value from input data, which changes if the data is altered.

Access controls

Ensures that only authrorized individuals have permission to access, use, or modify resources, protecting sensitive information from unauthorized access.

Regular audits

Involves reviewing logs and operations to ensure that only authorized changes have been made and any discrepancies are addressed.

3 Nines

A reliability standard indicating that a system or service is operational 99.9% of the time, allowing for minimal downtime.

Server redundancy

A method of ensuring system availability by deploying multiple servers to take over in case one fails, minimizing downtime.

Data redundancy

The practice of storing duplicate copies of data in different locations to ensure availability and prevent data loss in case of hardware failure or corruption.

Digital signature

A cryptographic mechanism that verifies the authenticity and integrity of a message or document, ensuring it has not been altered and confirming the identity of the sender.

Authentication

The process of verifying the identity of a user or system, typically through credentials such as passwords, biometrics, or digital certificates.

Something you know

that serves as a credential in authentication, such as a password or PIN. It is one of the key factors in authentication, alongside something you have (like a token) and something you are (like biometrics).

Something you have

a physical object used as a credential for authentication, such as a security token, smart card, or mobile device. It is one of the key factors in authentication, along with something you know and something you are.

Something you do

refers to a method of authentication based on user actions or behaviors, such as typing patterns or gestures. It complements the other factors in authentication, focusing on how a user interacts with systems.

Somewhere you are

is a factor in authentication that relies on the user's physical location, such as an IP address or GPS data. It helps determine access rights based on a specific geographic location.

Multi factor authentication

is a security measure that requires two or more verification factors to gain access to a resource, enhancing security by combining something you know, something you have, and something you are.

Two factor authentication

is a subset of multi-factor authentication that requires two distinct forms of verification from the categories of knowledge, possession, or inherence, to enhance the security of user access.

Authorization

is the process that determines what resources a user can access and what actions they are allowed to perform after authentication has been successfully established.

Accounting

is the process of granting or denying access rights to resources based on user identity and permissions, ensuring that only authorized individuals can access specific data or functionalities.

Audit trail

is a record that logs all activities performed by users within a system, enabling administrators to track changes, access, and actions for security and compliance purposes.

Regulatory compliance

ensures that organizations follow laws, regulations, and guidelines that govern their industry, including data protection and privacy standards.

Forensic analysis

is the process of collecting, preserving, and examining electronic data in a way that ensures its integrity, often for use in legal proceedings.

Syslog servers

are servers that collect and store logs from various network devices and systems in real time, aiding in monitoring, troubleshooting, and auditing.

SIEM

(Security Information and Event Management) is a software solution that aggregates and analyzes security alerts from various sources in real time, helping organizations detect and respond to security threats effectively.

Technical controls

Security measures implemented to protect information systems, ensuring confidentiality, integrity, and availability.

Managerial or administrative controls

refer to policies, procedures, and guidelines that govern an organization's security processes and practices, focusing on risk management and compliance.

Operational control

refers to the day-to-day security measures and practices that ensure the effectiveness of technical and managerial controls, including the management of security incidents and compliance with security policies.

Preventive controls

are security measures designed to prevent security incidents before they occur, such as firewalls, access controls, and encryption.

Deterrent controls

are security measures aimed at discouraging individuals from engaging in malicious activities, such as warning signs, security guards, and surveillance cameras.

Detective controls

are security measures that identify and respond to security incidents after they occur, such as intrusion detection systems, log monitoring, and audits.

IDS

refers to Intrusion Detection Systems, which monitor network or system activities for malicious activities or policy violations, providing alerts for potential security breaches.

Corrective controls

are security measures that take action to restore systems or processes to normal after a security incident, such as patch management, system recovery, and incident response.

Compensating controls

are alternative security measures implemented to fulfill the requirement of a primary control that cannot be deployed for some reason. (backup)

Directive controls

are security measures that establish policies, procedures, and guidelines to influence and direct behavior concerning information security.

Zero trust

is a security model that requires strict identity verification for every person and device attempting to access resources on a network, regardless of whether they are inside or outside the network perimeter.

Control plane

is the part of a network that carries signaling information, managing the operations and provisioning of the network. It is distinct from the data plane, which carries the actual user data.

Adaptive identity

is a security approach that uses real-time information and algorithms to dynamically manage user identities and access rights based on risk assessments.

Threat scope reduction

is the process of minimizing potential attack surfaces by implementing various security measures to limit exposure of vulnerabilities and reduce the likelihood of successful cyberattacks.

Policy driven access control

is a method of restricting access to resources based on predefined policies that determine who can access what under specific conditions. This approach ensures that access rights are managed according to the organization's security requirements.

Secured zones

are defined areas within a network that enforce strict access controls and security measures to protect sensitive data and systems from unauthorized access or threats.

Policy administrator

is an individual or role responsible for managing and enforcing security policies within an organization, ensuring compliance and proper implementation of access control measures.

Subject/system

is a component or entity that requests access to resources or performs actions within a system, often evaluated against access control policies to determine its permissions.

Policy enforcement point

is a mechanism or component within a security architecture that enforces access control and security policies by making decisions on whether to allow or deny requests based on defined rules. (gate keeper)

Gap analysis

is a method used to assess the differences between current and desired performance, identifying areas that require improvement to achieve specific security objectives.

Technical gap analysis

is a specialized form of gap analysis focused on evaluating the technical capabilities of systems and processes against the required security standards or benchmarks.

Business gap analysis

is a method for assessing the differences between the current business operations and desired outcomes, focusing on identifying operational inefficiencies and gaps in processes.

Plan of Action Milestones

(POAM) is a document that outlines specific tasks, responsibilities, and timelines for addressing identified security weaknesses or deficiencies within an organization, ensuring that remediation efforts are effectively tracked and managed.

Threat actor attributes

is an individual or group that aims to compromise the security of an organization by exploiting vulnerabilities, stealing data, or damaging systems.

Unskilled attackers

are individuals or groups who lack the knowledge or skills to execute sophisticated cyberattacks. They often use readily available tools or scripts to exploit vulnerabilities without a deep understanding of the underlying technologies.

Hacktivists

are individuals or groups that use hacking techniques to promote social or political causes, often targeting organizations that they believe are unethical or unjust.

Organized crime

refers to structured groups engaged in illegal activities, often for profit. These groups may leverage cybercrime tactics to commit fraud, steal data, or facilitate other forms of organized criminal enterprise.

Nation-state actors

are government-sponsored groups or individuals who engage in cyber operations, often for strategic or military purposes, targeting other nations' infrastructure or sensitive data.

Insider threats

are security risks that originate from within an organization, often involving employees or contractors who have inside information regarding an organization's security practices, data, or computer systems.

Shadow IT

refers to information technology systems and solutions used inside an organization without explicit approval or oversight from the IT department, posing security risks.

Honeypots

are decoy systems designed to attract cyber attackers, allowing organizations to study their tactics and improve security measures.

Honeynets

are networks of honeypots deployed to monitor and analyze malicious activity, providing insights into attack strategies and behaviors.

Honeytokens

are pieces of data like a fabricated user credential that are deliberately planted to detect unauthorized access or usage, alerting organizations to potential breaches.

Data exfiltration

is the unauthorized transfer of data from a computer or network, often carried out by cyber attackers to steal sensitive information.

LulzSec

is a hacker group known for its high-profile cyber attacks and breaches, often targeting corporations and government agencies for entertainment and political statements.

50 days of Lulz

refers to a period during which the hacker group LulzSec executed a series of impactful cyber attacks, showcasing their capabilities and garnering media attention.

Fin7

is a cybercriminal organization known for conducting sophisticated attacks against financial institutions and retail companies, often using advanced techniques for data theft and financial fraud.

Carbanak

is a cybercriminal group that uses advanced malware to target financial institutions worldwide, enabling large-scale theft of funds through online banking and automated transactions.

Stuxnet

is a computer worm that specifically targets industrial control systems, notably used to attack Iran's nuclear facilities, showcasing the potential for cyber warfare.

Shadow IT

refers to the use of information technology systems and services without the approval or knowledge of an organization’s IT department. This can lead to security risks and non-compliance with policies.

Threat vector

is a pathway or method used by cyber attackers to gain unauthorized access to a network or system. This includes various tactics such as phishing, malware, or exploiting vulnerabilities. (How)

Attack surface

is the total sum of vulnerabilities or points of entry within an organization's systems or applications that can be exploited by attackers. Reducing the attack surface is crucial for enhancing cybersecurity. (Where)

BlueBorne

is a collection of vulnerabilities affecting Bluetooth devices that allow attackers to execute code or gain unauthorized access to devices without user interaction, posing significant security risks.

BlueSmack

a type of Denial of service attack that targets Bluetooth enabled devices by sending a specially crafted Logical Link Control and Adaptation Protocol packet to a target device

Tactics, techniques, and procedures

(TTPs) refer to the behavior patterns and methodologies used by cyber adversaries to execute their attacks, encompassing various strategies, tools, and phases of an attack.

Deception and disruption technologies

designed to mislead, confuse

and divert attackers away from critical assets

while simultaneously detecting and neutralizing threats.

Honeyfiles

files intentionally placed to attract and deceive attackers, providing insights into their methods and behavior.

Bogus DNS

refers to deceptive Domain Name System entries meant to redirect users to unintended or malicious destinations, often used in phishing attacks.

Decoy directories

folders set up to mislead attackers into thinking they have accessed valuable information, while protecting real data.

Dynamic page generation

the process of creating web pages in real-time based on user input or interaction, often using server-side scripting languages.

Port triggering

a technique used in routers to allow specific outgoing traffic to open ports for incoming responses, enhancing security while enabling specific applications.

Fake telemetry data

configured to respond

by sending out fake telemetry or network data.

This data can be used to confuse an attacker

and make it more challenging

for them to understand the network's real layout,

and prevent them

from being able to identify genuine vulnerabilities

in your systems.

Bollards

short, sturdy vertical posts designed to control

or prevent access by vehicles to an area or structure.

Fences

barriers that are usually made

of posts and wire, or boards that are erected to

enclose a space or separate areas.

Surveillance systems

A surveillance system is an organized strategy

or setup designed to observe and report activities

within a given area using cameras, sensors, and recording equipment.

Access controlled vestibule

double-door system

that's designed with two doors that are electronically

controlled to ensure the only one door can be open

at a given time.