Security+ Key Concepts: Responsibility, Encryption, DDoS, and Access Control

What is a responsibility matrix?

A responsibility matrix is a cloud document that defines which security, compliance, and operational tasks are performed by the cloud provider and which are performed by the customer.

What is a UTM?

A UTM is a single security appliance that combines multiple security technologies such as a firewall, IPS, antivirus, VPN, and content filtering into one device.

What is Layer 7 filtering?

Layer 7 filtering examines application-level information such as URLs, HTTP headers, and application functions when making security decisions.

What is configuration enforcement?

Configuration enforcement ensures systems continuously comply with predefined security baselines and prevents unauthorized configuration changes.

What is content categorization?

Content categorization classifies websites into categories such as social media, gambling, malware, or adult content so organizations can control access.

What is blocked content?

Blocked content occurs when a user is denied access to a website or resource because it violates organizational policy.

What is vulnerability prioritization?

Vulnerability prioritization ranks vulnerabilities based on risk, exploitability, likelihood, and business impact to determine remediation order.

What is a vulnerability scanner?

A vulnerability scanner identifies and assesses security weaknesses but does not fix them.

What is data masking?

Data masking replaces sensitive information with realistic but fictitious values to protect data in development and testing environments.

What is symmetric encryption?

Symmetric encryption uses the same key to encrypt and decrypt data.

What is asymmetric encryption?

Asymmetric encryption uses a public key and a private key to encrypt and decrypt data.

What is a stream cipher?

A stream cipher is a type of symmetric encryption that encrypts data one bit or one byte at a time and is useful when the total message size is unknown.

What is a block cipher?

A block cipher is a type of symmetric encryption that encrypts data in fixed-size blocks and may require padding.

What is the difference between a stream cipher and a block cipher?

A stream cipher encrypts one bit or byte at a time, while a block cipher encrypts fixed-size blocks of data.

What is AES?

AES is the modern symmetric encryption standard used for wireless security, disk encryption, VPNs, and data protection.

What is salting?

Salting adds random data to a password before hashing so identical passwords produce different hashes.

What is key stretching?

Key stretching repeatedly hashes a password to increase the time and computing power required to crack it.

What is the difference between salting and key stretching?

Salting adds randomness to create unique hashes, while key stretching repeatedly hashes passwords to increase cracking time.

What is a race condition?

A race condition occurs when the outcome of a process depends on timing or the order of events, allowing unintended behavior.

What is a TOCTOU vulnerability?

A TOCTOU vulnerability occurs when a resource is checked, modified, and then used, allowing an attacker to exploit the gap between the check and use.

What is pretexting?

Pretexting is a social engineering attack where an attacker creates a believable story to persuade a victim to reveal information or perform an action.

What is User Behavior Analytics?

UBA establishes behavioral baselines and detects unusual activity that may indicate insider threats or compromised accounts.

What is chain of custody?

Chain of custody is the documented record of every person who collected, handled, transferred, or analyzed evidence.

What is continuous integration?

Continuous integration is a development practice where code is frequently merged into a shared repository and automatically tested.

What is probability?

Probability is the measure of the likelihood that an event will occur.

What is risk appetite?

Risk appetite is the overall amount of risk an organization is willing to pursue to achieve business objectives.

What is risk tolerance?

Risk tolerance is the amount of risk an organization is willing to accept before taking action.

What is Zero Trust?

Zero Trust is a security model based on the principle of never trust and always verify.

What is the Control Plane in Zero Trust?

The Control Plane evaluates identities, policies, and risks to determine whether access should be granted or denied.

What is the Data Plane in Zero Trust?

The Data Plane moves data after access has been approved by the Control Plane.

What is the Policy Engine?

The Policy Engine evaluates identity, device posture, risk, and policies to make access decisions.

What is the Policy Administrator?

The Policy Administrator applies the decision made by the Policy Engine and configures access controls.

What is the Policy Enforcement Point?

The PEP sits between the user and the resource and enforces access decisions.

What is policy-driven access control?

Policy-driven access control grants or denies access based on identity, device health, risk, and organizational policies.

What is EAP?

EAP is an authentication framework that supports multiple authentication methods for wireless and remote access.

What is a third-party certificate?

A third-party certificate is digitally signed by a trusted Certificate Authority and is trusted by systems and browsers.

What is AML?

Anti-Money Laundering regulations are controls designed to detect and prevent financial crimes involving illegally obtained money.

What is KYC?

Know Your Customer regulations require organizations to verify customer identities before providing services.

What is a Statement of Work (SOW)?

A Statement of Work defines specific tasks, deliverables, timelines, and costs for a project.

What is a Service Level Agreement (SLA)?

An SLA defines measurable service expectations such as uptime, response times, and performance requirements.

What is a Master Service Agreement (MSA)?

An MSA establishes the general terms and conditions governing future business engagements between two parties.

What is an influence campaign?

An influence campaign is a coordinated effort, often by a nation-state, to manipulate public opinion, beliefs, or behavior.

What is an insider threat?

An insider threat originates from a person with authorized access who intentionally or accidentally causes harm to an organization.

What is a reflection DDoS attack?

A reflection DDoS attack spoofs the victim's IP address so third-party systems unknowingly send traffic to the victim.

What is an amplification DDoS attack?

An amplification DDoS attack sends a small request that generates a much larger response toward the victim.

What is a Data Owner?

A Data Owner determines data classification, protection requirements, and who should have access to the data.

What is a Data Custodian?

A Data Custodian implements and manages the technical controls used to protect data.

What is a Data Controller?

A Data Controller determines why and how personal data will be processed.

What is a Data Processor?

A Data Processor handles personal data on behalf of a Data Controller.

What is data sanitization?

Data sanitization permanently removes data from storage media so it cannot be recovered.

What is NetFlow?

NetFlow collects network traffic metadata such as source IPs, destination IPs, ports, protocols, and traffic volume without capturing packet contents.

What is technical debt?

Technical debt is the future cost and risk created when organizations delay fixing or replacing outdated systems, software, or code.

What is Recovery Point Objective (RPO)?

RPO defines the maximum amount of data loss an organization can tolerate after a disaster.

What is Recovery Time Objective (RTO)?

RTO defines the maximum amount of downtime an organization can tolerate before systems must be restored.

Why is site access design important?

Site access design controls how people move through a facility and restricts access to sensitive areas using physical security controls.

What is a UPS?

A UPS (Uninterruptible Power Supply) provides immediate battery power when utility power fails, keeping systems running until a generator starts or a safe shutdown can occur.

What is a generator?

A generator provides long-term backup power during an outage but typically requires time to start after power is lost.

What is an incremental backup?

An incremental backup copies only data that has changed since the last backup of any type (full or incremental).

What is a differential backup?

A differential backup copies all data changed since the last full backup.

What is a low-power device?

A low-power device is a small device designed to use very little power and hardware resources.

What is vertical scaling?

Vertical scaling increases the power of one server by adding more CPU, RAM, or storage.

What is horizontal scaling?

Horizontal scaling increases capacity by adding more servers to share the workload.

What are HTTP and HTTPS?

HTTP (80) loads websites but sends data in plaintext (insecure). HTTPS (443) loads websites using TLS encryption to protect data in transit (secure).

FTP vs SFTP vs FTPS

FTP (20/21) transfers files in plaintext (insecure). SFTP (22) transfers files securely through SSH (secure). FTPS (989/990) transfers files securely using TLS (secure).

What are SSH and Telnet?

Telnet (23) remotely manages devices but sends everything in plaintext (insecure). SSH (22) remotely manages devices using encrypted communication (secure).

SMTP vs SMTPS vs SMTP TLS

SMTP (25) sends email without encryption (insecure). SMTPS (465) and SMTP TLS (587) send email using encryption (secure).

POP3 vs POP3S

POP3 (110) downloads email and usually removes it from the server (insecure). POP3S (995) performs the same function using TLS encryption (secure).

IMAP vs IMAPS

IMAP (143) synchronizes email while keeping messages on the server (insecure). IMAPS (993) provides the same functionality using TLS encryption (secure).

What are LDAP and LDAPS?

LDAP (389) provides directory services without encryption (insecure). LDAPS (636) provides directory services protected by TLS (secure).

What is DNS?

DNS (53 TCP/UDP) translates domain names into IP addresses so systems can locate websites and services.

What is DHCP?

DHCP Server (67 UDP) assigns IP addresses and network settings. DHCP Client (68 UDP) receives those settings.

Kerberos

Kerberos (88) is an authentication protocol used by Active Directory that verifies identities using tickets without sending passwords across the network.

SNMP vs SNMP Trap

SNMP (161 UDP) monitors and manages network devices. SNMP Trap (162 UDP) sends alerts and notifications from devices to management systems.

What is SMB?

SMB (445) provides Windows file sharing, printer sharing, and access to network resources.

What is NTP?

NTP (123 UDP) synchronizes clocks across devices on a network.

What is Syslog?

Syslog (514 UDP) sends log messages from devices to a centralized logging server.

RADIUS

RADIUS (1812/1813) is an AAA protocol used for VPNs, Wi-Fi authentication, and network access control.

What is TACACS+?

TACACS+ (49) is an AAA protocol commonly used to control administrator access to routers, switches, and network devices.

What are IKE and IPsec?

IKE/IPsec (500 UDP) establishes secure VPN connections and exchanges encryption keys for protected communication.

What is Microsoft SQL Server?

Microsoft SQL Server (1433) allows applications and users to connect to and interact with Microsoft SQL databases.

What is RDP?

RDP (3389) allows users to remotely control a Windows desktop over a network.

What are administrative (managerial) controls?

Administrative controls reduce risk by establishing rules, policies, procedures, governance decisions, and training that tell people how security should be handled. Examples include security policies, security awareness training, background checks, and acceptable use policies.

What are technical (logical) controls?

Technical controls reduce risk by using technology to automatically enforce security on systems and networks. Examples include firewalls, MFA, IDS/IPS, antivirus, and encryption.

What are physical controls?

Physical controls reduce risk by preventing unauthorized physical access to facilities, people, or equipment. Examples include locks, fences, security guards, cameras, and mantraps.

What are preventive controls?

Preventive controls stop an attack, incident, or unauthorized action before it happens. Examples include firewalls, MFA, locks, and security guards.

What are detective controls?

Detective controls identify, monitor, and alert on attacks or incidents that are currently happening or have already occurred. Examples include IDS, SIEM, security cameras, audits, and log reviews.

What are corrective controls?

Corrective controls repair damage and eliminate the cause of a security incident after it occurs. Examples include patching vulnerabilities, restoring backups, and antivirus quarantine actions.

What are deterrent controls?

Deterrent controls discourage attackers from attempting an attack by making them believe they will be caught or blocked. Examples include warning signs, visible cameras, security guards, and lighting.

What are compensating controls?

Compensating controls provide alternative protection when the preferred or required security control cannot be implemented. An example is increased monitoring when MFA cannot be deployed.

What are recovery controls?

Recovery controls restore business operations and data after a disaster or security incident. Examples include backups, disaster recovery plans, and alternate sites.

What are directive controls?

Directive controls tell users exactly what actions they are required or expected to follow. Examples include policies, standards, procedures, and posted instructions.

What is geographic dispersion?

Geographic dispersion spreads systems, data centers, or operations across multiple geographic locations so a disaster in one area does not take down everything.

What is data sovereignty?

Data sovereignty means data must comply with the laws and regulations of the country where the data is stored.

What is geolocation?

Geolocation identifies or restricts users, devices, or systems based on their physical geographic location.

What is Asset Value (AV)?

Asset Value is the dollar value of the asset being protected.

Formula: AV = Value of Asset

What is Exposure Factor (EF)?

Exposure Factor is the percentage of the asset lost during a single incident.

Formula: EF = Percentage Lost

What is Single Loss Expectancy (SLE)?

SLE is the expected financial loss from one incident.

Formula: SLE = AV × EF

What is Annual Rate of Occurrence (ARO)?

ARO is the estimated number of times an incident occurs each year.

Formula: ARO = Number of Incidents ÷ Years

What is Annualized Loss Expectancy (ALE)?

ALE is the expected yearly financial loss from a risk.

Formula: ALE = SLE × ARO

What is MTD?

MTD is the maximum amount of downtime the business can survive before serious or unrecoverable damage occurs.