Up to Date Professor Messer Notes for Sec+

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/44

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 3:32 PM on 7/17/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

45 Terms

1
New cards

What is the CIA Triad

Confidentiality: unauthorized people don’t have access to sensitive information

Integrity: no unauthorized modifications to info or system

Availability: info and systems are accessible to users when needed

2
New cards

Nonrepudiation

proof of origin, can’t denied you did it

3
New cards

Methods for Confidentiality

Encryption: scrambles data to make it unreadable by unauthorized users

Access Controls: ensures authorized users have access to the data

4
New cards

3 methods of Access Controls

Identification: users claim an identity with a username

Authentication: users prove their identity like password

Authorization: user is given access or restrict access to resources

5
New cards

Hashing

converts data into a fixed-length hash value used to verify data integrity.

6
New cards

What is one method of Hashing

Secure Hashing Algorithms (SHA)

7
New cards

What is redundancy

Having duplicate components or data to provide a backup

8
New cards

methods of redundancy

Disk: stores data in multiple hard drives in case one fails

Server: multiple servers in case one fails so service is available

Network: Multiple network connections or devices to keep network available

Power: multiple power sources in case main power source fails

9
New cards

Fault Tolerance

a system to continue operating even if a component fails (result of redundancy)

10
New cards

Scalability

increase the capacity of a system or service to meet new demands

11
New cards

What are two scaling

Horizontal Scaling: adding additional servers or systems for increase demand

Vertical Scaling: adds resources, memory or processing to a server

12
New cards

Elasticity

Controls scalability by having the system add or remove resources to a server

13
New cards

Patching

keeps system up to date by patching software bugs

14
New cards

Resiliency

Reliable, available, and able to recover from failures while balancing cost

15
New cards

Basic Risk Concepts

Risk: chance that the threat will cause harm

threat: the thing that case harm

Vulnerability: a weakness

security incident: events that negatively affect the CIA

16
New cards

3 types of Threat

attacker: inside/outside the org

natural: hurricanes, tsunamis

accidental: mistakes or system errors

17
New cards

Risk Mitigation

reduces the risk or chances a threat will exploit

18
New cards

Control Categories

Technical Control: use tech to reduce risk

Operational: ensure day to day operations comply with security policy

Management: Controls focused on managing risk through policies, planning, and oversight.

Physical: security controls impacting the physical world

19
New cards

Control Types

Preventative: stop a security issue before it occurs

Deterrent: discourages users from causing incidents

Detective: identify security events that have already happened

Compensating: alternatives if the original security measure fails

Corrective: restore normal operations after an incident

20
New cards

What are two OS logs

Windows Logs: logs store on windows

Linux logs: logs store in Linux, /var/log/directory

21
New cards

what are the three windows logs

Security: Records security-related events such as logins, authentication attempts, and account changes

System: Records Windows operating system events, hardware issues, and system errors.

Application: Records events generated by installed applications, including errors and crashes.

22
New cards

directory of linux logs and what they do

/var/log/secure: authentication and authorization

/var/log/syslog: what is the system doing

23
New cards

Network Logs

record traffic on the network

24
New cards

Firewall log

records traffic that is allowed or blocked by the firewall

25
New cards

IDS vs IPS

Intrusion detection system: alerts admins about suspicious activities

Intrusion Prevention system: block suspicious activities

26
New cards

WHAT IS PROTOCOL ANALZYER

Sniffers that captures network traffic to analyze packets

27
New cards

Metadata

more data about a data

28
New cards

Centralized System

system where management, control, or data is handled from a one central location

29
New cards

SIEM

security info and event management that helps collect and analyze data from systems

30
New cards

SEM vs SIM

security event management: real time monitoring, correlation, and alerting

security information management: log term log storage, reporting, and analysis

31
New cards

UBA

User Behavior Analytics: analyzes user behavior to detect unusual activities

32
New cards

False Positive vs False Negative

  1. alerts when there isn’t a threat

  2. threat exists, but doesn’t alert

33
New cards

SIEM syslogs

used to send, store, and manage log messages from network devices and systems

34
New cards

What are two syslog categories

Originator: sends syslog messages

Collector: receives and stores syslogs

35
New cards

DAD Triad

disclosure: exposure of sensitive info

Alteration: unauthorized mod of info

Denial: disruption of an authorized users access

36
New cards

Data exfiltration

attackers gaining access to sensitive info

37
New cards

Examples of Authentication

driver’s license, digital certificate, smart cards, password, biometrics

38
New cards

Examples of Identification

username, name

39
New cards

What are the AAA

Authentication, Authorization, and Accounting

40
New cards

What is Accounting

track user activities and record it in logs

41
New cards

Example of Accounting

audit trail: who did what, when and where

42
New cards
43
New cards
44
New cards
45
New cards