CompTIA A+ Vocabulary List Flashcards
Access Control
Methods to restrict access to resources.
ACL (Access Control List)
A list of permissions attached to an object.
Adware
Software that displays unwanted ads.
Antivirus
Software that detects and removes malware.
APT (Advanced Persistent Threat)
A prolonged and targeted cyberattack.
Authentication
The process of verifying identity.
Authorization
Granting access to resources.
Backup
Copying data to prevent loss.
Botnet
Network of infected devices under a hacker’s control.
Brute Force Attack
Trying many passwords to gain access.
Certificate Authority (CA)
Entity that issues digital certificates.
CIA Triad
Confidentiality, Integrity, and Availability.
Clickjacking
Trick users into clicking on something different from what they perceive.
Cloud Computing
Delivery of services over the internet.
Cross-site Scripting (XSS)
Injecting malicious scripts into webpages.
Cryptography
Securing information through encoding.
Cybersecurity
Protecting systems, networks, and data from attacks.
Data Breach
Unauthorized access to data.
DDoS (Distributed Denial of Service)
Overwhelming a service with traffic.
Digital Signature
A mathematical scheme for verifying authenticity.
Disaster Recovery
Restoring operations after a disaster.
Encryption
Converting information into a secure format.
DNS (Domain Name System)
Translates domain names to IP addresses.
Endpoint
Any device connected to a network.
Hashing
Transforming data into a fixed-size value.
Exploit
Using a vulnerability to execute an attack.
Honeypot
A decoy system to attract attackers.
Firewall
A network security device that monitors traffic.
IDS (Intrusion Detection System)
Monitors for suspicious activity.
IoT (Internet of Things)
Network of interconnected devices.
Keylogger
Software or hardware that records keystrokes.
IPsec (Internet Protocol Security)
A suite for securing IP communications.
Malware
Malicious software designed to harm.
Man-in-the-Middle Attack
Intercepting communication between two parties.
Multi-factor Authentication (MFA)
Using multiple methods for verification.
NAC (Network Access Control)
Enforces security policies on devices.
Enforces security policies on devices.
Dividing a network into smaller parts.
Penetration Testing
Testing security by simulating attacks.
Phishing
Fraudulent attempts to obtain sensitive information.
Proxy Server
Intermediary for requests from clients.
Public Key Infrastructure (PKI)
A framework for managing digital keys and certificates.
Rootkit
Software designed to hide the existence of certain processes.
Ransomware
Malware that encrypts files and demands payment.
Sandboxing
Running code in an isolated environment.
Secure Socket Layer (SSL)
Protocol for encrypting internet traffic.
SIEM (Security Information and Event Management)
Tools for analyzing security data.
Social Engineering
Manipulating people into divulging information.
Spam
Unsolicited messages, often containing malware.
Spyware
Software that secretly monitors user activity.
SQL Injection
Inserting malicious SQL queries.
Trojan Horse
Malicious software disguised as legitimate.
Two-Factor Authentication (2FA)
Using two methods to verify identity.
VPN (Virtual Private Network)
Creates a secure connection over the internet.
Zero-Day Exploit
Exploiting a previously unknown vulnerability.
Vulnerability
A weakness that can be exploited.
Whitelist
List of approved entities.
Backdoor
Hidden method to bypass security.
Worm
Malware that replicates itself to spread.
Breach
Unauthorized access to data or systems.
Cipher
Algorithm for performing encryption or decryption.
Cold Site
Backup site that is not immediately operational.
Cookie
Small data file used to store information.
Credential Stuffing
Using stolen credentials to gain access.
Data Encryption
Converting data into a secure format.
Decryption
Converting encrypted data back to its original form.
Directory Traversal
Exploiting a web server to access files.
Domain Hijacking
Taking control of a domain name.
Escalation of Privileges
Gaining higher access than intended.
Eavesdropping
Intercepting private communications.
Incident Response
Handling security breaches.
False Positive
Incorrectly identifying benign activity as malicious.
Hash Function
Algorithm that maps data to a fixed size.
Injection
Malicious code execution by manipulating input.
Integrity
Ensuring data is accurate and unchanged.
Key Exchange
Sharing cryptographic keys securely.
IP Spoofing
Faking an IP address to impersonate another device.
Key Management
Handling cryptographic keys securely.
Least Privilege
Limiting access to only what is necessary.
Load Balancer
Distributing network traffic across multiple servers.
MAC Address
Unique identifier for network interfaces.
Malvertising
Using online ads to spread malware.
Message Authentication Code (MAC)
Ensuring message integrity.
Patch Management
Updating software to fix vulnerabilities.
Password Cracking
Recovering passwords from data.
Plaintext
Unencrypted information.
Polymorphic Malware
Malware that changes to evade detection.
Rogue Access Point
Unauthorized wireless access point.
Session Hijacking
Taking over a session between a client and server.
Spear Phishing
Targeted phishing attack.
Spoofing
Faking an identity or source.
Steganography
Hiding data within other data.
Surveillance
Monitoring activities or communications.
Symmetric Encryption
Using the same key for encryption and decryption.
Threat Actor
Entity responsible for an attack.
Tokenization
Replacing sensitive data with tokens.
Traffic Analysis
Monitoring and analyzing network traffic.
URL Filtering
Blocking access to specific URLs.
User Behavior Analytics (UBA)
Analyzing user behavior for threats.
Virtualization
Creating virtual versions of resources.
Wireless Security
Protecting wireless networks from threats.
