CompTIA Security+ (SY0-701) – Domain 1.2 Fundamental Security Concepts

A series of flashcards summarizing key fundamental security concepts for the CompTIA Security+ exam, focusing on CIA principles, the AAA framework, Zero Trust model, and examples of security methods.

What does the CIA triad stand for in security principles?

Confidentiality, Integrity, and Availability.

Define Confidentiality in the context of security.

Ensures that data is only accessible to authorized users and protected from disclosure.

What principle maintains the accuracy and consistency of information?

Integrity.

What does Availability ensure in security frameworks?

Ensures systems and data are accessible when needed by authorized users.

What is Non-repudiation?

Ensures that an action or transaction cannot be denied later by proving authenticity and integrity.

What does AAA stand for in security?

Authentication, Authorization, and Accounting.

What is the purpose of Authentication?

Verifies the identity of a user, system, or device before granting access.

What is the function of Authorization in AAA?

Determines what an authenticated entity is allowed to do or access.

What does Accounting entail in AAA?

Tracks user activity for auditing, compliance, or billing purposes.

What does the Zero Trust model imply about access control?

Access is granted based on context and risk without assuming trust.

What is the Control Plane in a Zero Trust model?

It is responsible for adaptive identity management, threat scope reduction, and policy-driven access control.

What is the definition of Data Plane?

The part of the network where data is processed based on policy decisions.

Give an example of a method used to ensure Confidentiality.

Encryption.

What is an example of a method to maintain Integrity?

Hashing (SHA-256).

List one method that ensures Availability.

Load balancing.