CompTIA Security+ SY0-701 (copy)

Port 21

• FTP (File Transfer Protocol)
• Used to transfer files from host to host
• TCP

Port 88

• Kerberos
• Network authentication protocol
• UDP

Diffie-Hellman (DH)

• Used to conduct key exchanges and secure key distribution over an unsecure network
• Asymmetric algorithm
• Used for the key exchange inside of creating a VPN tunnel establishment as part of IPSec
• OBJ 1.4

RSA (Rivest, Shamir, Adleman)

• Asymmetric algorithm that relies on the mathematical difficulty of factoring large prime numbers
• Commonly used for key exchange
• Can support key sizes between 1024 bits and 4096 bits
• OBJ 1.4

Elliptic Curve Cryptography (ECC)

• Heavily used in mobile devices and its based on the algebraic structure of elliptical curves over finite fields to define its keys
• Public key cryptography algorithm for digital signatures
• Most commonly used for mobile devices and low power computing devices
• OBJ 1.4

Responsiveness

• The ability of a system to provide timely and accurate feedback to user requests
• OBJ 3.1

Availability

• The ability of a system to remain operational and accessible at all times
• OBJ 3.1

ISO/IEC 27017

• Offers cloud-specific guidance to manage information security based on an Information Security Management System (ISMS)
• Focuses on cloud services security
• OBJ 5.1

ISO/IEC 27018

• Focuses on protecting personally identifiable information in public clouds
• OBJ 5.1

Credential stuffing

• In this attack, adversary uses previously stolen username-password pairs to gain unauthorized access
• OBJ 2.4

Replay attack

• Type of application attack that involves capturing and retransmitting data such as authentication tokens or credentials to impersonate a legitimate user or session
• OBJ 2.4

Out-of-band configuration

• Device receives a mirrored copy of web server traffic
• OBJ 3.2

Port 53

• Domain Name System (DNS)
• Translates domain names into IP addresses
• TCP and UDP

Symmetric Algorithm (Private key)

• Encryption algorithm in which both the sender and the receiver must know the same shared secret using a privately held key
• OBJ 1.4

Asymmetric Algorithm (Public key)

• Encryption algorithm where different keys are used to encrypt and decrypt the data
• One key is going to be used to encrypt the data and another key is going to be used to decrypt the data
• Examples are Diffie-Hellman, RSA, and ECC
• OBJ 1.4

Discretionary Access Control (DAC)

• Resource owners specify which users can access their resources
• Access control based on user identity, profile, or role
• Allows resource owners to grant access to specific user
• OBJ 5.1

Attribute-based access control (ABAC)

• Access decisions are based on the combination of attributes
• Considers various attributes like user attributes, environment attributes, resource attributes
• Provides fine-grained control and dynamic access decisions
• OBJ 5.1

Access Control List (ACL)

• A rule set that is placed on firewalls, routers, and other network infrastructure devices that permit or allow traffic through a particular interface
• OBJ 2.5

Authentication

• Verifies user's identity, device, or system
• OBJ 4.6

Possession-based factor

• Something the user physically possesses like a smart card, a hardware token like a key fob, or a software token used with a smartphone
• Something you have
• Software token: authenticator app or SMS-based one-time-use token
• OBJ 4.6

Password spraying

• A form of brute force attack that involves trying a small number of commonly used passwords against a large number of usernames or accounts
• This attack avoids triggering account lockouts from "too many failed login attempts" on one account
• Can be mitigated by using unique passwords and by implementing multifactor authentication
• OBJ 2.4

Just in Time permissions (JIT)

• Security model where administrative access is granted only when needed for a specific period
• OBJ 4.6

Port 135

• Remote Procedure Call (RPC)
• Facilitates communication between different systems
• TCP and UDP

Control Plane

• Refers to the overarching framework and set of components responsible for defining, managing, and enforcing the policies related to user and system access within an organization
• Adaptive identity, threat scope reduction, policy-driven access control, and secured zones
• Essentially the brain behind who gets to access what, ensuring security decisions are informed and robust
• OBJ 1.2

Implicit Trust Zones

• Areas within a network where communication is allowed without exhaustive security checks
• OBJ 1.2

Data Plane

• Ensures the policies are properly executed
• Subject/system, policy engine, policy administrator, and establishing policy enforcement points
• Manages the transmission of data
• OBJ 1.2

Active device

• Interacts with network traffic and can take immediate actions, such as blocking or altering packets when possible threats are identified
• OBJ 3.2

Passive device

• AKA as tap/monitor device, inspects network traffic without directly interacting with it or taking immediate action against potential threats
• OBJ 3.2

Fail-open mode

• Allows traffic to continue in case of a device failure but does not involve interacting with network traffic to take immediate actions against potential threats
• OBJ 3.2

Fail-closed mode

• The system automatically denies all traffic to prevent potential security breaches when it cannot ascertain the safety of the traffic due to a system or connectivity failure
• OBJ 3.2

Permission Restrictions

• Pertain to how access to data can be controlled based on user roles and responsibilities, allowing organizations to define who can view or manipulate data
• Define data access and actions through ACLs or RBAC
• OBJ 3.3

Data masking

• Method to de-identify some or all characters in a sequence, but not changing the total number of characters that field should contain
• Method that involves obscuring specific data within a database to make it inaccessible for unauthorized users while retaining the real data's authenticity and use for authorized users
• Example: Credit card digits, social security numbers, etc.
• OBJ 3.3

Data classifications

• Deal with the sensitivity levels of data such as confidential, secret, and restricted
• Based on the value to the organization and the sensitivity of the information, determined by the data owner
• OBJ 3.3

Obfuscation

• Technique that involves making data difficult to be understood
• OBJ 3.3

Attestation

• Formal declaration by a responsible party that the organization's processes and controls are compliant
• OBJ 4.6

Secure Access Service Edge (SASE)

• A network architecture combining network security and WAN capabilities in a single cloud-based service
• OBJ 3.2

Corporate Owned Personally Enabled (COPE)

• Deployment model that involves the company providing devices to its employees and allowing them to use them for both work and personal purposes
• OBJ 4.1

Host-based Intrusion Detection System (HIDS)

• Monitors and analyzes the internals of a computing system, looking for unauthorized activity or policy violations, making it apt for systems monitoring
• Looks at suspicious network traffic going to or from a single endpoint
• OBJ 4.4

Security Information and Event Management (SIEM)

• A solution for real-time or near-real-time analysis of security alerts generated by network hardware and applications
• Collects and aggregates log data
• OBJ 4.4

Network Intrusion Detection System (NIDS)

• Passively identify potential threats and generate alerts
• OBJ 4.4

Network Intrusion Prevention System (NIPS)

• Actively block or prevent threats from accessing the network
• OBJ 4.4

Web Application Firewall (WAF)

• Specifically designed to monitor HTTP traffic to and from web applications
• Prevents common web application attacks like cross-site scripting and SQL injections
• Ideal for application-based security
• OBJ 4.4

Log aggregation

• Collects and consolidates log data from various sources such as network devices, servers, and applications into a central location
• OBJ 4.4

Honeypot

• Decoy system or network set up to attract potential hackers
• Can be used against insider threats to detect internal fraud, snooping, and malpractice
• OBJ 1.2

Honeytoken

• Fake piece of data, such as a username or password, designed to appear valuable or sensitive in order to attract attackers
• OBJ 1.2

Honeynet

• Network of decoy systems designed to mimic an entire network of systems, including servers, routers, and switches
• OBJ 1.2

Honeyfile

• Decoy file placed within a system to lure in potential attackers and detect unauthorized access or data breaches
• OBJ 1.2

Black box test

• Executed without any prior knowledge of the target environment
• NO prior knowledge
• OBJ 5.5

Grey box test

• A mix of both black and white black test
• SOME partial knowledge
• OBJ 5.5

White box test

• Tester has complete knowledge of the system's architecture, design, and source code
• COMPLETE knowledge
• OBJ 5.5

Risk owner

• Responsible for identifying, assessing, managing, and mitigating a particular risk, as well as for monitoring the effectiveness of these measures and taking corrective action when necessary
• OBJ 5.2

Risk assessor

• Evaluates and analyzes the risks but is not necessarily responsible for managing them
• OBJ 5.2

Risk register

• Document listing all identified risks, their security, and mitigation strategies
• OBJ 5.2

Risk indicator

• Metric used to measure aspects of risk
• OBJ 5.2

Data plane

• Ensures the policies are properly executed
• Subject/system, policy engine, policy administrator, and establishing policy enforcement points
• OBJ 1.2

Fail over

• Meant to keep an organization running after a significant failure
• Temporary means to prevent complete failure
• OBJ 3.4

Parallel processing

• Tests that checks the reliability and stability of the backup or secondary system while it's running alongside the primary system
• OBJ 3.4

Clustering

• The use of multiple computers, storage devices, and redundant network connections that all work together as a single system to provide high levels of availability, reliability, and scalability
• OBJ 3.4

Role-Based Access Control (RBAC)

• Assigns users to roles and assigns permissions to roles
• Enforces minimum privileges
• Effective for managing permissions based on job roles and turnover
• OBJ 5.1

Mandatory Access Control (MAC)

• Uses security labels to authorize resource access
• Requires assigning security labels to both users and resources
• Access is granted only if the user's label is equal to or higher than the resource's label
• OBJ 5.1

Rule-Based Access Control

• Uses security rules or access control lists
• Policies can be changed quickly and frequently
• Applied across multiple users on a network segment
• OBJ 5.1

Brute force attack

• This attack involves systematically trying every possible combination until the correct one is found (can also be physical)
• OBJ 2.4

Dictionary attack

• Uses a list of commonly used passwords to crack passwords
• May include variations with numbers and symbols
• Effective against common, easy-to-guess passwords
• OBJ 2.4

Distributed Denial of Service (DDoS) attack

• Aims to overwhelm a system's resources by flooding it with unwanted requests, causing it to become unavailable to its intended users
• OBJ 2.4

Privilege escalation

• Type of application attack that involves exploiting a vulnerability or misconfiguration to gain higher privileges or access than intended on a system or application
• OBJ 2.4

Buffer overflow attack

• Type of application attack that involves sending more data than expected to a function, causing it to overwrite adjacent memory locations and execute arbitrary code
• OBJ 2.4

Injection attack

• Type of application attack that involves inserting malicious code or commands into an application or database to execute unauthorized actions or access sensitive data
• OBJ 2.4

On-path attack

• Type of network attack that involves intercepting or modifying data in transit between two parties, such as by using a packet sniffer or a proxy server
• OBJ 2.4

Firewall

• A network security device or software that monitors and controls network traffic based on security rules
• OBJ 4.5

Screened Subnet (Dual-homed host)

• Acts as a security barrier between external untrusted networks and internal trusted networks using a protected host with security measures like a packet-filtering firewall
• OBJ 4.5

Packet filtering firewall

• Checks packet headers for traffic allowance based on IP addresses and port numbers
• OBJ 4.5

Stateful firewall

• Monitors all inbound and outbound network connections and requests
• Operates at Layer 4, with improved awareness of connection state
• OBJ 4.5

Proxy firewall

• Acts as an intermediary between internal and external connections, making connections on behalf of other endpoints
• Two types: session layer (layer 5) and application layer (layer 7)
• OBJ 4.5

Kernel proxy firewall (fifth generation firewall)

• Has minimal impact on network performance while thoroughly inspecting packets across all layers
• OBJ 4.5

Next-generation firewall (NGFW)

• Aims to address the limitations of traditional firewalls by being more aware of applications and their behaviors
• Conducts deep packet inspection for traffic
• Operates fast with minimal network performance impact
• Offers full-stack traffic visibility
• Integrates with various security products
• OBJ 3.2

Unified Threat Management (UTM)

• Provides the ability to conduct numerous security functions within a single device or network appliance
• OBJ 3.2

Inline configuration

• Device sits between the network firewall and the web servers
• OBJ 3.2

Identity and Access Management (IAM)

• Ensures the right access for the right people at the right times
• OBJ 4.6

Identification

• Claims a username or email as an identity
• OBJ 4.6

Authorization

• Establishes the user's access permissions or levels
• OBJ 4.6

Accounting/Auditing

• Involves monitoring and recording user actions for compliance and security records
• OBJ 4.6

Provisioning

• Process of creating new user accounts, assigning them appropriate permissions, and providing users with access to systems
• OBJ 4.6

Deprovisioning

• Process of removing an individuals access rights when the rights are no longer required
• OBJ 4.6

Identity proofing

• Process of verifying the identity of a user before the account is created
• OBJ 4.6

Interoperability

• The ability of different systems, devices, and applications to work together and share information
• OBJ 4.6

Multi-Factor Authentication (MFA)

• Security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity
• Knowledge-based factor
• Possession-based factor
• Inherence-based factor
• Behavior-based factor
• Location-based factor
• OBJ 4.6

Knowledge-based factor

• Information that the user must provide to authenticate their identity
• Something you know
• OBJ 4.6

Inherence-based factor

• Involves biometric characteristics that are unique to individuals, including fingerprints, facial recognition, voice recognition, or iris scans
• Something you are
• OBJ 4.6

Behavior-based factor

• Recognizing patterns that are typically associated with a user such as their keystroke patterns, mouse movement, or even the way a user walks down the hallway
• Something you do
• OBJ 4.6

Location-based factor

• Involves determining a user's location to help authenticate them
• Somewhere you are
• OBJ 4.6

Single-factor authentication

• Using a single authentication factor to access a user account
• OBJ 4.6

Two-factor authentication (2FA)

• Using two different authentication factors to gain access to a system
• OBJ 4.6

Multi-factor authentication (MFA)

• Using two or more factors to authenticate with a given system
• OBJ 4.6

Passkeys

• Users can create and access online accounts without needing to input a password
• OBJ 4.6

Passwordless authentication

• Provides improved security and a more user-friendly experience
• Biometric authentication, hardware tokens, one-time passwords, magic links, passkeys
• OBJ 4.6

Brute-force attack mitigations

• Increasing password complexity
• Increasing password length
• Limiting the number of login attempts
• Using multifactor authentication
• Using CAPTCHAS

Hybrid attack

• Blends brute force and dictionary techniques by using common passwords with variations, such as adding number or special characters
• OBJ 2.4

Benefits of single sign on (SSO)

• Improved user experience
• Increased productivity
• Reduced information technology support costs
• Enhanced security

Lightweight Directory Access Protocol (LDAP)

• Used to access and maintain distributed directory information services over an internet protocol network
• Port 389
• TCP
• OBJ 4.6

LDAPS (Lightweight Directory Access Protocol Secure)

• Can support LDAP over SSL or StartTLS, both of which encrypt the data to provide secure transmission
• Port 636
• TCP