1/49
Comprehensive vocabulary flashcards covering threat actors, security protocols, cloud architecture, and risk management concepts from the CompTIA SY0-701 exam notes.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
Organized crime
A type of threat actor motivated by financial gain that may be hired by foreign governments to conduct cyberattacks on critical systems such as power grids or military networks.
Salting
The process of adding extra random data to a password before applying a hash function to increase complexity and prevent identical passwords from producing identical hash values.
Phishing
A type of social engineering attack that involves sending fraudulent emails appearing to be from legitimate sources to trick recipients into providing sensitive information.
SSO (Single Sign-On)
A method of authentication that allows users to access multiple applications or services with one set of credentials.
BEC (Business Email Compromise)
A type of phishing attack where an attacker impersonates a trusted person, such as an executive or vendor, to request fraudulent payments or confidential data.
Jump server
A device or virtual machine that acts as an intermediary between a user’s workstation and a remote network segment to provide secure access to servers like database servers.
WAF (Web Application Firewall)
A type of firewall that monitors and filters traffic between a web application and the internet to block common attacks like SQL injection and buffer overflows.
Buffer overflow
A software vulnerability where an application writes more data to a memory buffer than it can hold, overwriting adjacent memory and potentially allowing code execution.
Smishing
A social engineering technique that uses SMS text messages to trick victims into revealing sensitive information or downloading malware.
Vishing
A social engineering technique that uses voice calls to trick victims into revealing sensitive information like passwords or bank details.
Impersonation
Pretending to be someone else, such as an authority figure or trusted colleague, to gain trust and obtain information or access.
Typosquatting
Registering domain names with intentional typos that are similar to well-known websites to redirect users to malicious or fraudulent sites.
Rules of engagement
Detailed guidelines regarding the execution of security testing, defining the scope, objectives, methods, and boundaries of a penetration test.
Active reconnaissance
A reconnaissance type involving sending packets or requests to a target to gather information on open ports, services, or operating systems.
DRP (Disaster Recovery Plan)
A set of policies and procedures aimed at restoring normal operations in the event of a system failure, natural disaster, or emergency.
Side loading
The process of installing software on a device outside of a manufacturer’s approved application repository.
Password spraying
A brute force attack that tries a single common password across multiple accounts to find a match and bypass account lockout protocols.
Zero Trust
A security model that assumes no user or network is trustworthy by default and requires strict, continuous verification for every transaction.
Data plane
Also known as the forwarding plane, this is the part of the network responsible for carrying user traffic and data packets between devices.
Bastion host
A special-purpose, hardened server designed to withstand attacks and provide secure gateway access to an internal network.
Endpoint log
A file containing a record of activities on an end-user device, such as processes running, files accessed, and executable details.
Threat hunting
The proactive process of searching through networks to find signs of malicious activity or hidden threats that have evaded standard security tools.
Risk Transfer
A risk management strategy where the burden of potential loss is shifted to a third party, such as an insurance company or a vendor.
FDE (Full Disk Encryption)
An encryption technique that protects all data on a hard drive, including the operating system and applications, to prevent unauthorized access if Hardware is lost.
AUP (Acceptable Use Policy)
A set of rules defining how users are permitted to use a corporate network or the internet and identifying prohibited activities.
Least privilege
A security principle that restricts access to resources to the minimum level necessary for a user to perform their job functions.
Risk register
A document used to record and track identified risks, including their probability, impact, owners, and mitigation strategies.
Bug bounty
A program that rewards security researchers for finding and reporting vulnerabilities in a company’s applications or systems.
Nation-state
A government-sponsored threat actor that conducts cyberattacks for strategic objectives such as espionage, sabotage, or warfare.
SQL injection
An attack where malicious SQL statements are inserted into input fields to manipulate a database and bypass authentication or view sensitive data.
Intellectual property
Data consisting of creative works like ideas, inventions, or designs that have commercial value and are protected by law.
Rootkit
A type of malware that modifies or replaces system files to hide its presence and activity from the operating system and antivirus tools.
SOW (Statement of Work)
A contract document that outlines the project scope, cost, deliverables, milestones, and completion time frame for a specific engagement.
Input validation
An application security technique that checks user input for malicious or unexpected data to prevent attacks like Cross-site scripting (XSS).
Sanitization
The process of removing sensitive data from a storage device or system to make it unrecoverable before disposal or reuse.
Non-repudiation
A security concept ensuring that a sender cannot deny having sent a message and a recipient cannot deny having received it, often achieved through digital signatures.
Shadow IT
The use of information technology resources, software, or applications within an organization without the explicit approval or knowledge of the IT department.
CVSS (Common Vulnerability Scoring System)
A standardized framework used to quantitatively measure the severity and impact of security vulnerabilities on a scale of 0 to 10.
FIM (File Integrity Monitoring)
A security tool used to detect and alert on unauthorized changes or modifications to files, directories, or system settings.
Steganography
The process of concealing data such as code or secret text within a non-secret carrier like a graphical image or audio file.
Tabletop exercise
A discussion-based simulation where stakeholders walk through a hypothetical security incident to test response plans and clarify roles.
Honeypot
A decoy system designed to mimic a production server to attract and monitor attacker activity without risking actual organization assets.
ACL (Access Control List)
A set of rules defining which users or systems are permitted or denied access to specific network resources based on IP, port, or protocol.
SASE (Secure Access Service Edge)
A cloud-based solution that combines network functions (like a VPN) with security services (like a firewall) to provide secure remote access.
BIA (Business Impact Analysis)
A process within business continuity planning that prioritizes the recovery of the most essential business functions and data based on their criticality.
ARO (Annualized Rate of Occurrence)
An analysis element used in risk assessment to measure the frequency or likelihood of a specific risk event occurring within a year.
ALE (Annualized Loss Expectancy)
The calculated product of the Single Loss Expectancy (SLE) and the Annualized Rate of Occurrence (ARO), representing the annual expected financial loss from a risk: ALE=SLE×ARO.
MTTR (Mean Time to Repair)
A metric reflecting the average amount of time required to repair a failed component or system and restore it to service.
VDI (Virtual Desktop Infrastructure)
A technology that hosts desktop environments on a centralized server, allowing remote users to access a secure virtual desktop without storing data locally.
Cryptojacking
A type of attack where malware hijacks a system's resources to mine cryptocurrency, often without obvious signs of performance degradation.