CompTIA CySA+ CS0-003 Deck 5 Flashcards
Learn key concepts found in the CompTIA CySA+ CS0-003 Exam.
Shibboleth
An identity federation method that provides single sign-on capabilities and enables websites to make informed authorization decisions for access to protected online resources.
Trust Model
In PKI, a description of how users and different CAs exchange information and certificates.
(CASB)
Cloud Access Security Broker
(CASB) Cloud Access Security Broker
Enterprise management software designed to mediate access to cloud services by users across all types of devices.
Forward proxy
A server that mediates the communications between a client and another server. It can filter and often modify communications as well as provide caching services to improve performance.
Reverse proxy
A type of proxy server that protects servers from direct contact with client requests.
(DLP)
Data loss prevention
(DLP) Data loss prevention
A software solution that detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks.
(PII)
Personally Identifiable Information
(PII) Personally Identifiable Information
Data that can be used to identify or contact an individual (or, in the case of identity theft, to impersonate them).
(PHI)
Protected Health Information
(PHI) Protected Health Information
Data that can be used to identify an individual and includes information about past, present, or future health, as well as related payments and data used in the operation of a healthcare business.
(PIFI)
Personal Identifiable Financial Information
(PIFI) Personal Identifiable Financial Information
Personal information about a consumer provided to a financial institution that can include account number, credit/debit card number, name, social security number and other information.
(CHD)
Cardholder data
Cardholder data (CHD)
Any type of personally identifiable information (PII) associated with a person who has a payment card, such as a credit or debit card.
(IP) Intellectual Property
Data that is of commercial value and can be granted rights of ownership, such as copyrights, patents, and trademarks.
(PKI)
Public key infrastructure
(PKI) Public key infrastructure
Framework of certificate authorities, digital certificates, software, services, and other cryptographic components deployed for the purpose of validating subject identities.
(SSL)
Secure Socket Layer
(SSL) Secure Socket Layer
The original, obsolete version of the security protocol now developed as TLS.
What is the acronym for the three-digit security code typically located on the signature strip of a credit card?
CVV
(SIEM)
Security Information and Event Management
(SIEM) Security Information and Event Management
A solution that provides real-time or near-real-time analysis of security alerts generated by network hardware and applications.
(SOAR)
Security Orchestration, Automation, and Response
(SOAR) Security Orchestration, Automation, and Response
A class of security tools that facilitates incident response, threat hunting, and security configuration by orchestrating automated runbooks and delivering data enrichment.
________ _______ combines and analyzes data from disparate sources to gain a greater understanding of it.
Data Enrichment
Single Pane of Glass
A comprehensive, unified user interface that provides a comprehensive view of an IT environment and allows administrators to manage all connected components from one place. This type of interface simplifies the management of complex IT infrastructures.
(API)
Application Programming Interface
(API) Application Programming Interface
Methods exposed by a script or program that allow other scripts or programs to use it. For example, an API enables software developers to access functions of the TCP/IP network stack under a particular operating system.
Webhooks
Automated messages sent from applications to other applications containing information about an event, such as the time it occurred, the data associated with it, and any other relevant information.
Plugins
Additions that help tailor the software product to more closely match the infrastructure being managed from one organization to another.
