Security+ 701 Practice

Reverse Proxy

Sits between clients and backend servers, forwarding client requests to the appropriate server.

It obscures the identity and structure of internal servers, providing anonymity and some protection.

Lateral Movement

Cyberattack - Attacker, after gaining access to a network, moves from one device to another to expand their reach and potentially access sensitive data or systems.

Proxy Server / Forward Proxy

Intermediary between clients and a server, handling requests on the client's behalf.

Hides internal client IP addresses from the internet

DHCP (Dynamic Host Configuration Protocol)

Network protocol that automatically assigns IP addresses & other network configuration parameters to devices connecting to a network.

(Automation that gives devices neccessary info to communicate on network)

DMZ (Demilitarized Zone)

A separate subnet between the internal network and the untrusted external network that Hosts publicly accessible services, (web servers) while shielding the rest of the internal network from direct exposure to external threats. 

It allows public access to specific resources while protecting the internal network.

Hyper-visor Based Firewall

Enables fine-grained, VM-level control—ideal for microsegmentation in virtualized environments.

DNS Filtering

Controls access to websites and online content by blocking or allowing access based on predefined rules

ARP Poisoning

Cyber attack carried out over a Local Area Network (LAN) wmalicious ARP packets are sent within a LAN to associate a different MAC address with an IP address,

Evil Twin

A rogue Wi-Fi access point set up to mimic a legitimate one.

Once connected, the attacker can intercept sensitive data, steal login credentials, distribute malware, or launch man-in-the-middle attacks

Rootkit

Designed to gain unauthorized, access to a computer or network while concealing its presence creating a ‘backdoor’ for attackers.

SQL Injection

Injects malicious SQL code into input fields, allowing them to manipulate the database and potentially gain unauthorized access to sensitive data (meant for database-driven applications)

Worm Virus

Malicious program that can replicate and spread across a network independently, without the need for user interaction or attachment to a host file.

Command Injection

Cyberattack that involves executing arbitrary commands on a host operating system (OS).

Cross-site request forgery

Attack that makes the end-user perform unwanted actions within a web application that has already granted them authentication

Cross-site scripting (XSS)

Allows attackers to inject malicious scripts into web pages viewed by other users.

These scripts can then execute in the users' browsers, potentially leading to various malicious actions

Man in the Middle Attack

Intercepts & modifies communications between 2 parties

Stateful Firewall

Track the state of active connections to make more informed filtering decisions.

Stateless Firewall

Filter packets based on predefined rules without considering the context of previous packets,

DHCP (Dynamic Host Configuration Protocol)

used to dynamically assign Internet Protocol (IP) addresses to each host on your organization's network. I

Port Mirroring

Network feature that copies packets from a specified source to a destination port for analysis without impacting packet processing

MAC filtering

VLAN tagging

Process of adding a tag to an ethernet frame to identify which VLAN it belongs to

Port Forwarding

Method used in networking to allow external devices to connect to devices on a private network.

MDM Software (Mobile Device Management)

used by organizations to manage, secure, and monitor mobile devices used by their employees.

Hardware tokens

Small physical device used to authenticate a user and provide an additional layer of security during the login proces

GBICs (Gigabit Interface Converter)

converts digital signals into optical signals.

(can be inserted into a switch, router, or network device. It connect devices, such as switches or routers, to a network)

NICs (Network Interface Card)

Crucial hardware component that enables a computer or device to connect to a network

NFC (Near-Field Communication)

The use of short-range wireless communication technology for secure data transfer between devices, often for payment or access control

SFP (Small Form-factor Pluggable)

Transceiver that connects network devices to optical fiber networks.

TPM (Trusted Platform Module (TPM)

Specialized CHIP or HARDWARE that securely stores cryptographic keys, passwords, and other sensitive data.

UDP (User Datagram Protocol)

Communication protocol that prioritizes speed over reliability.

TKIP (Temporal Key Integrity Protocol)

encryption method. TKIP provides per-packet key mixing a message integrity and re-keying mechanism.

AES (Advanced Encryption Standard)

Symmetric encryption algorithm used to protect sensitive data by encrypting it into an unreadable format,

CTO (Chief Technology Officer)

Developing and implementing IT security policies and strategies

CIO (Chief Information Officer)

Responsible for establishing, implementing, and ensuring compliance with an agency-wide information security program

CEO (Chief Executive Officer)

Responsible for guiding your company through crises—whether they are financial, operational, or security-related.

MIME (Multipurpose Internet Mail Extensions)

Relates to email security

S/MIME (Secure/Multipurpose Internet Mail Extensions)

Uses public-key cryptography to encrypt emails and create digital certificates, providing authentication, non-repudiation of origin, message integrity, and message privacy.

Ensures that email content is protected from unauthorized access and modification, and it verifies the sender's identity. 

SSL

Operates at the application layer, securing individual web sessions or application-specific traffic. 

IPSec

Operates at the network layer, providing secure connections for entire networks or remote access to networks.

Domain Keys Identified Mail (DKIM)

Acts like a digital signature for emails by attaching a cryptographic signature to outgoing emails. (prevents email spoofing)

Sender Policy Framework (SPF)

Acts like a whitelist. Defines & verifies authorized senders

Agents (for logging & monitoring)

Used to send logs for systems that don’t have a logging / forwarding capability

• Often used on desktop & server endpoint

Agentless (for logging & monitoring)

Used to send data without a separate program or agent deployed to allow that

• Network appliances send syslog data without the need for a local agent

SIEM (Security Information Event Management)

Provides real-time monitoring, analysis, correlation, & notification on potential attacks.

• Log aggregation happens here

SOAR (Security Operations Automation Response)

Centralized alert & automation with threat-specific runbooks

• Responses may be fully automated

Runbook

Implements playbook data into a automated tool.

• Playbooks turned into automation

SD-WAN (Software Defined Wide Area Network)

Network technology that uses software to manage & optimize network connections that extend over large geographic areas.

• offers more integrated security features compared to traditional VPNs, such as advanced threat protection, firewalls, and consistent policy enforcement across locations, enhancing overall network security beyond standard VPN capabilities.

IKE (Internet Key Exchange)

Protocol used to set up secure connections & exchange cryptographic keys in IPSec.

DHE (Diffie-Hellman Exchange)

Key exchange protocol that allows 2 parties to security establish a shared secret key over an insecure channel.

CRC (Cyclic Redundancy Check)

Error detecting code commonly used to detect accidental changes to raw data during transmission or storage

ESP (Encapsulating Security Payload)

Encrypts and authenticate network traffic between computers using a Virtual Private Network

AH (Authentication Header)

• Ensures the integrity of packet headers

• Provides user authentication

• Offers optional replay protection & access protection.

• Does NOT encrypt any part of packets

Transport Mode

Encrypts only the payload of the IP packet, leaving header untouched.

• Often uses for end-to-end encryption

Tunnel Mode

Encrypts the ENTIRE IP packet, including the header.

• Often used for creating secure tunnels between networks

Which data state requires data to be processed in a unencrypted form?

Data In Use.

• Needs to be accessible by the system or application currently using it

  • Making it the most vulnerable state where encryption is crucial for security. 

SASE (Secure Access Service Edge)

Network architecture that combines WAN capabilities with comprehensive security services, often delivered from the cloud.

• It's essentially a next-generation VPN, enabling secure access to web-based applications and cloud resources.

CASB (Cloud Access Security Broker)

Security solution that acts as a policy enforcement point between users and cloud service providers

SWG (Secure Web Gateway)

Solution that acts as a checkpoint between users and the internet.

• Filters internet traffic to ensure compliance with corporate security policies and protect against web-based threats. 

Active Reconnaissance

Active reconnaissance involves direct interaction with a target system to gather intelligence.

• Scanning Ports

• Exploiting security gaps to obtain detailed insights.

• Vulnerability assessments

Passive Reconnaissance

Focuses on gathering information about a target system without direct interaction.

• analyzing publicly available data (DNS enumeration)

• Scanning internet databases

• Monitoring Social media

IRP (Incident Response Plan)

Documented strategy that outlines how an organization will detect, respond to, and recover from cybersecurity incidents

DRP (Disaster Recovery Plan)

Documented, structured approach that describes how an organization can quickly resume operations after an unexpected disaster

RPO (Recovery Point Objective)

The maximum acceptable data loss in terms of time

SDLC (Software Development Lifecycle)

Framework that integrates security measures into every phase of software development

RAID (Redundant Array of Independent Disks

Enhances cyber security by providing data redundancy and fault tolerance.

LEAP (Lightweight Extensible Authentication Protocol)

• Wireless LAN authentication method developed by Cisco, for analyzing digital evidence.

PEAP (Protected Extensible Authentication Protocol)

• Secure method for authenticating users on a network

  • Uses a TLS tunnel to encrypt the authentication process, protecting user credentials & preventing MITM / eaves dropping.

    • Type of EAP, often used in WPA2-Enterprise

Netflow

Feature developed by Cisco for Routers to collect statistics on network traffic.

• Provides Application usage reporting

Spyware

Malicious software that secretly collect information about a user's computer or browsing activity without their knowledge or consent

Keylogger

Surveillance technology used to record and log every keystroke made on a device,

Bloatware

Trojan

Virus that disguises itself as legitimate programs to trick users into installing it

DKIM (Domain Keys Identified Mail)

Email authentication method, that digitally signs emails (private key) sent from your authorized server.

• Works by: Adding a digital signature to emails.

Data Custodian

Data Owner

High level data relationship, Accountable for specific data.

Data Processor

Data Controller