COMPTIA A+ CORE 2 SECURITY

Access control vestibule

• Controls access so only one person can enter at a time

• Prevents tailgating and piggybacking

Badge reader

A machine that reads employee badges and records the time

smart card

Use cards to enter spaces

security guard

a guard who protects a place (not police)

door lock

Type of mechanical lock designed to prevent the opening of a hoist way door from being opened.

Biometric locks

Door and entry locks that are activated by such biometric features as voice; eye retina; fingerprint or signature

Hardware tokens

A small, physical device that you carry with you and use for signing in with 2FA.

Server lock

lock that prohibits access to servers

USB lock

prevents unauthorized USB use

Active Directory

A Windows server directory database and service that is used in managing a domain to allow for a single point of administration for all shared resources on a network, including files, peripheral devices, databases, Web sites, users, and services.

login script

are used to automate actions when users log in

Organizational Units

Are used to group users and devices to simplify management

Home Folder

Private folders users can use to store personal files

folder redirection

is simply a means of storing a copy of certain user profile folders on another computer, usually a file server.

Software tokens

piece of a two-factor authentication security device that may be used to authorize the use of computer services.

Mobile Device Management (MDM)

remotely controls smart phones and tablets, ensuring data security

MAC address filtering

A technique used by a router or wireless access point to allow access to a private network to only certain computers or devices identified by their MAC addresses.

Certificates

Digitally signed electronic documents that bind a public key with a user identity.

Antivirus

software that is specifically designed to detect viruses and protect a computer and files from harm

Anti-malware software

Software designed to stop malware from damaging a computer or network

Firewalls

Determines which processes, protocols, and hosts are allowed to communicate over a network

multifactor authentication (MFA)

An authentication process that requires the client to provide two or more pieces of information. The three categories of authentication factors are knowledge (something you know), possession (something you have), and inherence (something you are).

Access control lists

Object based description of a single resource and the permission each subject

email filtering

service that blocks email messages from designated sources

Principle of Least Privilege

A security discipline that requires that a particular user, system, or application be given no more privilege than necessary to perform its function or job.

WEP (Wired Equivalent Privacy)

Wireless security protocol that uses a standard 40-bit encryption to scramble data packets. Does not provide complete end-to-end encryption and is vulnerable to attack.

Wireless Protected Access (WPA)

Users authenticate using an alphanumeric passphrase (PSK) via TKIP(Temporal Key Integrity Protocol)

Encrypts with RC4 (Rivest Cipher 4)

WPA2 (Wi-Fi Protected Access 2)

A data encryption standard that uses the AES (Advanced Encryption Standard) protocol.

TKIP (Temporal Key Integrity Protocol)

A security protocol created by the IEEE 802.11i task group to replace WEP.

AES (Advanced Encryption Standard)

An encryption standard used by WPA2 and is currently the strongest encryption standard used by Wi-Fi.

Single-factor

In order for Sara, a client, to logon to her desktop computer, she must provide her username, password, and a four digit PIN. Which of the following authentication methods is Sara using?

Multifactor

Using a PIN or password in addition to TPM is an example of what type of authentication?

Remote Authentication Dial-In User Service (RADIUS)

Networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users accessing network resources. Supports various network access scenarios, including Wi-Fi, VPNs, and wired Ethernet connections

TACACS (Terminal Access Controller Access Control System)

is an authentication program used on Unix and Linux based systems, along with certain network routers. Allows a remote access server to communicate with an authentication server and verify if a user has permission to access a network or database.

Ransomware

Software that encrypts programs and data until a ransom is paid to remove it.

Trojan

A program disguised as a harmless application that actually produces harmful results.

Keylogger

A small hardware device or a program that monitors seach keystroke a user types on the computer's keyboard.

Rootkit

Allows an attacker to execute commands at an elevated privilege

Virus

Malware that can self-copy and self- replicate but requires human interaction to spread

Botnet

A logical computer network of zombies under the control of an attacker.

Worm

a software program capable of reproducing itself that can spread from one computer to the next over a network

Spyware

software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.

Recovery Console

Command-line interface boot mode for Windows that is used to repair a Windows XP system suffering from massive OS corruption or other problems.

SecureDNS

was designed to protect applications (and caching resolvers serving those applications) from using forged or manipulated DNS data, such as that created by DNS cache poisoning.

DNS cache poisoning

An exploit in which the DNS database is changed in such as way that a URL no longer connects to the correct Web site

Phishing

An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information

Spear phishing

a phishing expedition in which the emails are carefully designed to target a particular person or organization

impersonation

An attack that creates a fictitious character and then plays out the role of that person on a victim.

shoulder surfing

Watching an authorized user enter a security code on a keypad.

Tailgating

The act of unauthorized individuals entering a restricted-access building by following an authorized user.

dumpster diving

Involves digging through trash receptacles to find computer manuals, printouts, or password lists that have been thrown away

DDoS (Distributed Denial of Service)

An attack on a computer or network

device in which multiple computers send data and requests to the device in an attempt

to overwhelm it so that it cannot perform normal operations.

Denial of Service (DoS)

attack floods a network or server with service requests to prevent legitimate users' access to the system

Zero-day

An application company sent out a software patch for one of their applications on Monday. The company has been receiving reports about intrusion attacks from their customers on Tuesday. Which of the following attacks does this describe? A. Zero day B. Directory traversal C. Logic bomb D. Session hijacking

Man-in-the-middle

is where someone gets between the sender and receiver of information, sniffing any information sent.

Brute Force

A method for determining a solution to a problem by sequentially testing all possible solutions.

dictionary attack

A password attack that uses a list of known passwords or common words

Rainbow Tables

an attack on a password that uses a large pregenerated data set of hashes from nearly every possible password

Spoofing Attack

A situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.

Non-compliant systems

• A constant challenge - There are always changes and updates

• Standard operating environments (SOE) are a set of tested and

approved hardware/software systems

• Must have OS and application patches to be in compliance

Zombie

a program that secretly takes over another computer for the purpose of launching attacks on other computers

administrator account

User account, created when the OS is first installed, that is allowed complete, unfettered access to the system without restriction.

power user

User who requires the capabilities of a workstation or other powerful computer, typically working with multimedia applications and using industry-specific software.

guest

an anonymous user account that provides access to a computer on a limited or temporary basis

Standard user account

has fewer permissions than an administrative-level account but enough permissions to be productive

File Attributes

The properties assigned to a file. Examples of file attributes are read-only and hidden status.

single sign-on

A gateway service that permits users to log in once with a single user ID and password to gain access to multiple software applications.

EFS (Encrypting File System)

A file-encryption tool available on Windows systems that have partitions formatted with NTFS.

Authenticator applications

The app is pre-set by you to work with the service and provides a constantly rotating set of codes that you use to utilize two-factor authentication or verification.

shredder

a machine that cuts documents into small pieces so that no one can read them

Drive wipe

Process that overwrites all information on a drive so it cannot be retrieved.

Overwrite

The process of replacing an existing file with one that contains changes

Low Level Format

A process that determines the type of encoding to be done on the disk platter and the sequence in which the read/write heads will access stored data.

certificate of destruction

A document that constitutes proof that a health record was destroyed and that includes the method of destruction, the signature of the person responsible for destruction, and inclusive dates for destruction

Port Forwarding/Mapping

Enables remote access to applications or server from outside the network.

Radio power levels

Increasing the radio frequency (RF) signal increases the signal distance from the wireless access point. Decreasing the RF

WPS (Wi-Fi Protected Setup)

A user-friendly—but not very secure—security setting available on some consumer-grade APs. Part of the security involves requiring a PIN in order to access the AP's settings or to associate a new device with the network. The PIN can be easily cracked through a brute force attack, so this PIN feature should be disabled if possible.

Firewall settings

Every device on a network should be protected by a firewall. A firewall can be enabled (when one exists) on a wireless router.

content filtering

occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission of unauthorized information

Disabling SSID broadcast:

An SSID can be broadcast by an AP to let users know the name of the WLAN. For security purposes, an AP might be configured not to broadcast its SSID. However, knowledgeable users could still determine the SSID of an AP by examining captured packets.

Changing default SSID

Many default SSID names give away the type of router being used, thus making it vulnerable as default passwords are easily

found online. The SSID name and password should be changed.

WPA3

Latest and most secure version of wireless network encryption currently available

Kerberos

Used on Windows to authenticate users in Active directory

Memory resident viruses

remain in memory while running

Boot sector viruses

reside in the first sector of storage media, which stores boot data

Macro viruses

take advantage of automation features in productivity software and spread through files associated with them

Email viruses

spread either as attachments or scripts that are part of the email

Recovery mode

Microsoft Windows Recovery Environment (Windows RE) is a simplified, scaled-back version of the Windows operating system

Spoofing

a technique an attacker uses to hide their identity

DNS Poisoning

False DNS information

ARP Spoofing

Attacker spoofs the IP to MAC mapping usually to perform a man-in-the-middle attack