CompTIA Security+ Certification Practice Exams

Vocabulary flashcards covering network devices, security protocols, fundamental security concepts, common attack types, and hardening techniques based on CompTIA Security+ practice exam questions.

Router

A network device that transmits data between different networks by examining the destination network address in a packet.

Layer 2 switch

A device used to separate a large busy network into many smaller collision domains.

Load balancer

A solution that increases web server performance by distributing incoming connections between multiple web servers hosting the same content.

VLAN

A technology used to isolate customer traffic from corporate network traffic on the same physical infrastructure.

SNMP

Simple Network Management Protocol; a protocol used for network management traffic that should be allowed through wireless routers for administration.

IPv6

An IP protocol suite that uses $128$-bit IP addresses.

MX Record

A DNS resource record used to identify the mail server responsible for receiving e-mail for a domain.

ICMP

Internet Control Message Protocol; the protocol suite used for ping traffic.

iSCSI

A SAN disk access protocol that operates over a dedicated TCP/IP network.

Fibre Channel SAN

A storage area network solution that uses optical technology designed solely for high-speed connectivity from servers to disk storage.

FTP

File Transfer Protocol; uses TCP ports $20$ and $21$.

TFTP

Trivial File Transfer Protocol; a protocol that does not have authentication configuration options and uses UDP port $69$.

Telnet

A protocol used for performing clear-text remote command-line management.

HTTPS

Hypertext Transfer Protocol Secure; a secure protocol that uses TCP port $443$.

NTP

Network Time Protocol; designed to synchronize time between computers.

Tracert

A troubleshooting tool used to verify the routers in a transmission path between two hosts.

RDP

Remote Desktop Protocol; a protocol used for remote connections that requires port $3389$ to be open.

Confidentiality

A security concept focused on ensuring that data is only available to authorized users through methods like encryption and file permissions.

Integrity

A security concept focused on ensuring that data or programs have not been tampered with, often using digital signatures or file hashing.

Availability

A security concept focused on ensuring that systems and data are accessible when needed, often through clustering, backups, or RAID.

Steganography

An alternative method of sending confidential messages by hiding information within other files, such as personal photos.

Auditing

The process of tracking modifications to sensitive files to ensure accountability and nonrepudiation.

Data Owner

The party responsible for determining how data labels are assigned to information.

Least Privilege

A security principle where users are assigned only the minimum permissions necessary to complete their required tasks.

Tailgating

A security breach where an unauthorized person follows an authorized individual into a secure facility.

Phishing

An attack involving fraudulent e-mails that attempt to lure users into providing credentials on a fake website.

Zero-day exploit

An attack that uses an exploit for a vulnerability that is currently unknown to the product vendor.

Separation of Duties

A security control that restricts individuals from performing conflicting management tasks, such as preventing firewall administrators from modifying logs.

SLA

Service Level Agreement; a document from a provider that states a specific percentage of service availability.

Clean Desk Policy

A policy requiring that all paper documents containing sensitive data are protected or shredded so they cannot be stolen.

Mandatory Vacation

A security policy designed to prevent and detect improper or fraudulent activity by employees.

ARP Poisoning

An attack that modifies the ARP cache of a system to associate an IP address with the wrong MAC address.

Mantrap

A physical protective control used in high-security environments to limit or prevent tailgating.

Buffer Overflow

An attack that sends excessive data to an application to overwrite memory and run arbitrary code.

SQL Injection

An attack involving the insertion of malicious database code into a web page input field, often using strings like 'or 1=1--'.

Spoofing

An attack where the hacker modifies the source IP address of a packet to impersonate another system.

Domain Kiting

The process of repeatedly registering and deleting a domain name to avoid paying for it.

XSS

Cross-site scripting; an attack involving the insertion of a client-side script into a web page.

Man-in-the-middle

An attack where a hacker intercepts traffic between two parties on a network, often via ARP poisoning.

Session Hijacking

An attack where a hacker disconnects a party from a communication and takes over the session while impersonating that system.

Vishing

A social engineering attack conducted over the phone to obtain personal or financial information.

Trojan

Malicious software that is disguised as a legitimate program, such as a free utility or tax software.

Keylogger

Hardware or software that captures every character a user types on their keyboard.

Botnet

A network of compromised computers that receive remote commands to perform coordinated actions like a DDoS attack.

Spam

The transmission of unwelcome bulk messages, often via e-mail.

Ransomware

Malicious software that encrypts a user's files and provides payment instructions for decryption.

Polymorphic Malware

Malware that dynamically alters its code to avoid detection by security software.

Fuzzing

The process of testing web site code by providing malformed URLs and an abundance of random data to ensure robustness.

Hardening

The process of disabling unneeded network services on a computer to reduce its attack surface.

Initial Baseline Configuration

Standardized security parameters and settings applied to newly deployed systems.

Remediation

The process of bringing a non-compliant system into compliance with security health policies, such as installing required software updates.