Official CompTIA Sec+ SY0-701 Set

Preventive Controls

Security measures implemented to proactively stop unauthorized access or breaches before they occur by blocking or mitigating potential threats and vulnerabilities.

Deterrent Controls

Security measures designed to discourage unauthorized or malicious activities by increasing the perceived risks or consequences for potential attackers.

Detective Controls

Security measures that identify and detect security incidents or breaches after they occur by monitoring and analyzing system activities, events, and behaviors.

Corrective Controls

Security measures implemented to rectify or mitigate the impact of security incidents or breaches after they have occurred, aimed at restoring systems, data, or processes to a secure state and preventing similar incidents in the future.

Compensating Controls

Additional security measures implemented to mitigate the risks associated with an existing security control that may be insufficient or ineffective, providing an alternative means of achieving the desired level of security posture.

Directive Controls

Security measures designed to guide specific behaviors or actions within an organization to ensure compliance with security policies, regulations, or standards, typically through the establishment of clear rules, procedures, or guidelines.

Technical Control Type

also known as logical controls, are security measures implemented through technology to protect information systems, networks, and data.

Managerial Control Type

Administrative or organizational measures implemented to establish, monitor, and enforce security policies, procedures, and guidelines within an organization, typically involving management oversight, governance frameworks, risk assessments, and compliance monitoring.

Operational Control Type

Security measures implemented by people to manage daily activities and procedures within an organization, ensuring compliance with security policies and standards.

Integrity

The principle of ensuring that data remains accurate, consistent, and trustworthy throughout its lifecycle, safeguarding against unauthorized modification, tampering, or corruption to maintain its reliability and validity.

Availability

The principle of ensuring that data, systems, and resources are accessible and operational when needed by authorized users, maintaining uptime, responsiveness, and functionality to support business operations and meet service level agreements.

Encryption

The process of converting plaintext data into ciphertext using cryptographic algorithms and keys, rendering it unreadable to unauthorized parties and protecting it from interception or unauthorized access during transmission or storage, thereby ensuring confidentiality and data security.

Access Controls

Security measures that manage user access to systems and data through authentication, authorization, and permissions, ensuring only authorized users can interact with resources.

Hashing

A cryptographic technique that converts input data into a fixed-size output, providing data integrity verification and protecting sensitive information from unauthorized access or modification.

Digital Signatures

Is an encrypted hash of a message, encrypted with the sender’s private key in a signed email scenario, it provides three key benefits

• Authentication: identifies the sender of the email

• Non-repudiation

• Integrity

Non-Repudiation

The assurance that a sender cannot deny the authenticity or integrity of a message or transaction they have digitally signed or initiated, providing evidence of the sender's identity and the integrity of the communication.

Redundancy

The inclusion of extra components, systems, or processes within a system or network to ensure continued operation and minimize the risk of failure or disruption, enhancing reliability and fault tolerance.

Fault Tolerance

The ability of a system or network to continue operating and providing services in the event of hardware failures, software errors, or other disruptions, achieved through redundancy, error detection, and error recovery mechanisms.

Authentication

The process of verifying an individual's or entity's identity by validating their credentials before granting access to a system, network, or servic

Authorization

The process of determining and granting access rights and privileges to users, applications, or devices based on their identity, roles, or permissions, allowing them to access specific resources or perform certain actions within a system or network.

AAA Server

centralized server responsible for Authentication, Authorization, and Accounting (AAA) services in a network, managing user authentication, access control policies, and logging of user activities for auditing and billing purposes.

Internal File Server

A centralized server within an organization's network infrastructure that stores and manages files and documents accessible to authorized users, facilitating data sharing, collaboration, and centralized data management.

Certificate Authority (CA)

is a trusted entity responsible for issuing, managing, and revoking digital certificates. Digital certificates are used to verify the identity of entities (such as individuals, organizations, or devices) and to establish secure communications over networks.

Authorization Model

Frameworks that define how permissions and access rights are granted to users and systems within an organization, ensuring that only authorized entities can access specific resources.

Role-Based Access Control

User accounts are placed in roles or groups

• admins assign access through the roles and groups rather then the users directly

Certificate-Based Authentication

A method of authentication where digital certificates are used to verify the identity of users, devices, or services attempting to access a system or network.

Gap Analysis

A process of assessing the disparity between the current state and the desired state of an organization, system, process, or project, identifying areas where performance, capabilities, or outcomes fall short of expectations or objectives.

Baselining

Ensures that systems are deployed with a common baseline or starting point, and imaging is a common baselining method.

NIST Special Publication 800-171

Framework for protecting controlled unclassified information

ISO/IEC 27001

Standard for information security management systems

Zero trust

An approach to security architecture in which no entity is trusted by default

Based on three principles:

1. Assume breach

2. Verify explicitly

3. Least privilege access

Planes of operation

Functional network divisions: data plane and control plane

Data plane

The part of a network that carries the actual user data. It is responsible for the forwarding of data packets based on the control plane's policies.

Control plane

The part of a network or system responsible for managing and configuring how data is forwarded and processed. It handles the signaling, policy decisions, and network topology.

Adaptive identity

Changes the way that the system asks a user to authenticate based on the context of the request.

Examples: Location, device, app, risk

Threat scope reduction

An end goal of ZTNA, which is to decrease risks to the organization

Policy-driven access control

Controls based upon a user’s identity rather than simply their system’s location

Security Zones

Containment zones that prevent attackers who infiltrate one zone from easily spreading throughout the entire network

• Limit lateral movement, so the damage caused by security breach can be significantly minimized

• Help to minimize the attack surface and mitigate potential consequences of security breaches

Policy Enforcement Point (PEP)

Responsible for enabling, monitoring and terminating connections between a subject(such as a user or device) and an enterprise resource.

• Acts as the gateway that enforces access control policies

• When an access request occurs, it evaluates the request against predefined policies and applies the necessary controls

Policy decision point (PDP)

Is where access decisions are made based on various factors such as user identity, device health, and risk assessment

• Evaluates the context of an access request and decides whether it should be allowed, denied, or subjected to additional controls

• Considers the 5 W’s (Who, what, when, where, and why)

Policy Engine

Decides whether to grant access to a resource for a given subject

Policy Administrator

Responsible for communicating the decisions made by the policy engine

Access control vestibules

are secured entry points where individuals must verify their identity before accessing restricted areas, enhancing security by controlling entry to sensitive spaces.

Honeypots

decoy systems or resources intentionally deployed within a network to attract and deceive attackers, allowing security professionals to monitor and analyze their tactics, thereby gaining insight into potential threats and vulnerabilities.

Honey Nets

are networks of honeypots designed to simulate an entire network environment, used to attract and analyze attackers' activities and gather intelligence on threats.

Honeyfiles

are decoy files that appear to contain important or sensitive information, designed to attract unauthorized access and monitor attacker behavior for security analysis.

Honeytokens

are decoy data elements, such as fake credentials or identifiers, designed to attract unauthorized access and actively track attacker activities once they interact with the decoy,

Change Management

The policy outlining the procedures for processing changes

• helps reduce risk associated with changes, including outages or weakened security from unauthorized changes

Change Approval Process

a structured procedure for reviewing and authorizing proposed changes to an organization's processes, systems, or technologies to ensure they align with objectives and minimize risks.

Ownership

Clearly defines who is responsible for each change by designating a primary owner who will be the key decision maker and sponsor of the change

Stakeholders

Individuals or groups impacted by a change in the organization

Impact Analysis

Assessment of risks and consequences of a proposed change

Test Results

Outcome of testing changes in a controlled environment

Backout Plan

Strategy to revert changes in case of failure or issues

Maintenance Window

Scheduled time for implementing changes with minimal impact

Technical Change Management

Execution of change management processes for technical updates

Allow List/Deny List

Control mechanisms to permit or restrict application execution

Restricted Activities

specific actions that are governed by a change approval process within a defined scope, ensuring that only authorized modifications are performed.

Downtime

Period when services are unavailable due to system changes

Restarts

Rebooting or restarting services after making changes

Dependencies

Interconnections where one component's change affects others

Documentation

Recording changes and procedures to maintain system accuracy

Public Key Infrastructure

is a system that manages digital certificates and encryption keys to enable secure communication and authentication over insecure networks like the internet.

Symmetric Encryption

Relies on the use of a shared secret key. Lacks support for scalability, easy key distribution, and nonrepudiation

Asymmetric Encryption

Public-private key pairs for communication between parties. Supports scalability, easy key distribution, and nonrepudiation

Key Escrow

Trusted third party (such as a government agency or a designated organization) holds cryptographic keys on behalf of users.

NGFW

An advanced type of firewall that provides capabilities beyond traditional firewalls, including application awareness and control, integrated intrusion prevention, and cloud-delivered threat intelligence.

Choose Your Own Device (CYOD)

New employees chooses from a list of approved devices.

• Employees can purchase devices on the list and bring them to work

• employees gets to choose device, but fewer types for IT to manage

Database Administrator (DBA)

A professional responsible for the design, implementation, maintenance, and security of databases within an organization. Ensure data integrity, performance, and availability of database systems.

WPA (Wi-Fi Protected Access)

The original version, introduced in 2003, which uses TKIP (Temporal Key Integrity Protocol) for encryption.

WPA2 (Wi-Fi Protected Access 2)

an encryption scheme that implemented the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) and AES

WPA3 (Wi-Fi Protected Access 3) Personal

• Uses SAE

• SAE means users can use passwords that are easier to remember

• Uses perfect forward secrecy

Machine Learning(ML)

A subset of artificial intelligence (AI) that enables systems to learn and improve from experience without being explicitly programmed. It involves algorithms that analyze data, recognize patterns, and make decisions or predictions based on that data.

Chief Security Officer (CSO)

A senior executive responsible for the overall security of an organization, including its physical, digital, and data security. Develops and implements security policies and procedures to protect against threats.

Electronic Serial Number (ESN)

A unique identifier assigned to mobile devices, such as cell phones, by the manufacturer. It is used to identify the device on a mobile network.

Generic Routing Encapsulation(GRE)

A tunneling protocol used to encapsulate and transport network layer protocols over an IP network.

IP (Internet Protocol)

A set of rules governing the format of data sent over the Internet or other networks.

Network Layer Protocol

Is responsible for routing and forwarding data packets between devices in a network, ensuring efficient and reliable communication across interconnected networks.

Network-based Intrusion Detection System (NIDS)

A security mechanism that monitors network traffic for suspicious activity or malicious behavior. Analyzes incoming and outgoing packets to identify potential threats and alerts administrators to take appropriate actions to mitigate risks.

Infrastructure as Code (IaC)

Is the management of infrastructure (networks, VMs, load balancers, and connection topology) described in code

New Technology File System (NTFS)

A proprietary file system developed by Microsoft for Windows operating systems. Offers features such as support for large file sizes, file compression, encryption, access control lists (ACLs), and journaling for improved reliability and security.

AAA

Stands for Authentication, Authorization, and Accounting. It's a framework used in network security and access control to verify the identity of users, grant or deny access to resources, and track user activities for auditing purposes.

Access Control List (ACL)

A list of permissions associated with a file, directory, or network resource that defines which users or system processes are granted access and what operations they are allowed to perform on the resource.

Advanced Encryption Standard (AES)

Widely used symmetric encryption algorithm, known for its security and efficiency.

AES-256

A variant of the Advanced Encryption Standard algorithm that uses a 256-bit encryption key. Provides a high level of security and is widely used to encrypt sensitive data due to its resistance to brute-force attacks.

Authentication Header (AH)

provides a mechanism for authentication only

• Does not perform encryption it is faster than ESP

Annualized Loss Expectancy (ALE)

A calculation used in risk assessment to estimate the annual financial loss expected from a specific threat or risk scenario. Is determined by multiplying the Annual Rate of Occurrence (ARO) by the Single Loss Expectancy (SLE).

Access Point

A networking device that allows wireless devices to connect to a wired network using Wi-Fi technology. Serve as a central hub for wireless communication and provide a bridge between wireless and wired networks.

Indicators of Compromise (IOC)

Pieces of evidence or abnormal activities that may indicate a security incident or compromise within a network. Include suspicious files, network traffic patterns, and system behaviors that are indicative of malicious activity.

Application Programming Interface (API)

A set of rules, protocols, and tools that allows different software applications to communicate and interact with each other. Define how software components should interact, enabling developers to build new applications or integrate existing ones with ease.

Advanced Persistent Threat (APT)

A sophisticated and targeted cyberattack conducted by skilled adversaries, such as nation-state actors or organized cybercriminal groups, with the intention of infiltrating a specific target network over an extended period. Typically employ advanced techniques and stealthy tactics to maintain persistence and evade detection.

Annualized Rate of Occurrence(ARO)

A metric used in risk assessment to estimate the frequency or likelihood of a specific threat or risk scenario occurring within a given year. Is typically determined based on historical data, expert judgment, or statistical analysis.

Address Resolution Protocol (ARP)

A protocol used in computer networks to map IP addresses to hardware addresses (MAC addresses) on the local network. Is essential for communication between devices within the same network segment.

Address Space Layout Randomization(ASLR)

A security technique used to mitigate memory-related vulnerabilities by randomizing the memory addresses where system components, such as libraries, heap, and stack, are loaded. Makes it difficult for attackers to predict the memory layout of a process, thus increasing the complexity of exploiting vulnerabilities.

Adversarial Tactics, Techniques, and Common Knowledge(ATT&CK)

A knowledge base developed by MITRE detailing adversary behavior, including tactics, techniques, and procedures (TTPs) used in cyber attacks. Is used for threat modeling, defensive gap assessment, and improving cybersecurity strategies by understanding how attackers operate.

Antivirus(AV)

Software designed to detect, prevent, and remove malicious software (malware) from computer systems. Programs scan files, emails, and web traffic for known malware signatures and behavior patterns to protect against various cyber threats.

Bourne Again Shell(BASH)

A command-line shell and scripting language for Unix-like operating systems is an enhanced version of the original and is widely used as the default shell on most Linux distributions.

Border Gateway Protocol (BGP)

A standardized exterior gateway protocol used to exchange routing information between autonomous systems (AS) on the internet.Is essential for establishing and maintaining the global routing table, enabling routers to dynamically route traffic between different networks.

Basic Input/Output System (BIOS)

A firmware interface used to initialize and control hardware components during the boot process of a computer. Provides basic input and output functionalities, including hardware initialization, system configuration, and booting the operating system.

Business Partners Agreement(BPA)

A legal contract between two or more businesses that outlines the terms and conditions of their partnership or collaboration. The agreement typically includes details such as the scope of the partnership, responsibilities of each party, profit-sharing arrangements, dispute resolution mechanisms, and termination clauses.