SEC+ Now

CCMP-TKIP-chain

Wi-Fi encryption ladder: WEP (broken) → TKIP/WPA (deprecated) → CCMP/WPA2 (current, uses AES)

IDS-IPS-grid

NIDS=network detect, NIPS=network prevent, HIDS=host detect, HIPS=host prevent — active=prevent, passive=detect

IPsec-AH-ESP

AH = auth + integrity ONLY (no encryption); ESP = auth + integrity + CONFIDENTIALITY — "need encryption" → ESP

SIEM-vs-SOAR

SIEM = collects logs, detects threats, sends alerts; SOAR = automates the RESPONSE to those alerts

ICS-vs-SCADA

ICS = broad umbrella (all industrial control); SCADA = specific type of ICS for remote monitoring — SCADA ≠ SoC

cloud-models

IaaS = rent hardware/VMs (you manage OS up); PaaS = rent platform (you manage app only); SaaS = use the app (manage nothing)

sym-asym-list

Symmetric: AES, DES, 3DES, RC4, IDEA — Asymmetric: RSA, DSA, DHE, ECDHE, ECC, PGP, GPG — AES is NOT asymmetric

PAM-2 Meanings

"Unix/Linux auth framework" → Pluggable Authentication Modules; "elevated/admin accounts" → Privileged Access Management

RPO-vs-RTO

RPO = max DATA LOSS tolerated (how old a backup can be); RTO = max DOWNTIME tolerated (how fast to recover)

OCSP-vs-CRL

"Fastest cert validity check" → OCSP (real-time single query); CRL = download whole revocation list (slow)

MDM-vs-UEM-vs-MMC

MDM = mobile devices only; UEM = all endpoints (mobile+PC+IoT); MMC = Windows admin console (NOT mobile mgmt)

STIX-vs-TAXII

STIX = FORMAT/language for threat intel; TAXII = TRANSPORT that delivers STIX — "dedicated transport" → TAXII

FTPS-vs-SFTP

FTPS = FTP + TLS, port 990 (NOT SSH-based); SFTP = SSH file transfer, port 22 — completely different stacks

CSRF-vs-XSS

XSS = injects script into page (exploits browser's trust in site); CSRF = tricks browser to send requests (exploits site's trust in browser)

FAR-FRR-CER

FAR = accepts impostor (security risk); FRR = rejects valid user (inconvenience); CER = crossover/balance point

MAC-3 meanings

MAC = 1) 48-bit hardware address on adapters 2) Mandatory Access Control (strictest) 3) Message Authentication Code (hash+key)

HMAC

Hash-Based Message Authentication Code — hash function + SECRET KEY; verifies BOTH integrity AND authenticity (plain hash = integrity only)

contracts-cluster

"Performance/uptime" → SLA; "work to be performed" → SOW; "informal intent" → MOU; "confidentiality" → NDA; "master framework" → MSA

DSA-vs-RSA

DSA = digital signatures ONLY (asymmetric, no encryption); RSA = signatures + encryption + key exchange

PSK-vs-SAE

PSK = WPA/WPA2 pre-shared key (Wi-Fi password); SAE = WPA3 auth method, replaces PSK, stops offline guessing attacks

TOTP-vs-HOTP

TOTP = time-based OTP (changes every ~30s, Google Auth); HOTP = counter-based OTP (changes each use)

block-modes-exam

ECB = weakest (don't use); CBC = chained blocks; CFB = block→stream; GCM = CTR + auth tag (confidentiality + integrity)

VPN-vs-VLAN

VPN = encrypted tunnel over public internet (privacy); VLAN = logical network segment, no encryption (segmentation only)

AES-strength-rank

AES > 3DES > DES > RC4 — "least vulnerable" or "strongest" = AES; "broken/deprecated stream cipher" = RC4

SSL-deprecated

SSL = deprecated encryption protocol; "deprecated encryption protocol" on exam → SSL (not TLS, not SSH)