CompTIA Security+ 701 Flashcards

Question 1

Q

AAA (Authentication, Authorization, and Accounting)

Answer

A

a security framework that
ensures only authorized individuals are able to access resources

Question 2

Q

ABAC (Attribute Based Access Control)

Answer

A

evaluates attributes to determine the
access

Question 3

Q

ACL (Access Control List)

Answer

A

list of rules that specifies which users or systems are
granted or denied access to a particular object or system resource

Question 4

Q

AES (Advanced Encryption Standard)

Answer

A

a specification for the encryption of electronic
data established by the U.S National Institute of Standards and Technology (NIST) in
2001. AES is widely used today as it is a much stronger than DES and triple DES
despite being harder to implement

Question 5

Q

AIS (Automated Indicator Sharing)

Answer

A

service provided by CISA that enables real-time
exchange of machine-readable cyber threat indicators and defensive measures
between public and private sector organizations

Question 6

Q

APT (Advanced Persistent Threat)

Answer

A

a type of cyber attack in which an unauthorized
user gains access to a system or network and remains undetected for an extended
period of time

Question 7

Q

ARP (Address Resolution Protocol)

Answer

A

a protocol used to map an IP address to a
physical MAC address

Question 8

Q

ASLR (Address Space Layout Randomization)

Answer

A

a technique used to prevent
attackers from exploiting vulnerabilities in software by randomizing the location of key
data areas in memory

Question 9

Q

BCP (Business Continuity Planning)

Answer

A

detailed strategy and set of systems for
ensuring an organization’s ability to prevent or rapidly recover from a significant
disruption to its operations. The plan is essentially a playbook for how any type of
organization—such as a private-sector company, a government agency or a school will
continue its day-to-day business during a disaster scenario or otherwise abnormal
conditions

Question 10

Q

BDPU Guard (Bridge Protocol Data Units)

Answer

A

BDPU guard is a feature that defends the
layer 2 STP topology against BDPU-related threats

Question 11

Q

BIA (Business Impact Analysis)

Answer

A

the BIA should identify the operational and financial
impacts resulting from the disruption of business functions and processes

Question 12

Q

BIOS (Basic Input/Output System)

Answer

A

BIOS, or Basic Input/Output System, is software
stored on a small memory chip, also known as firmware. BIOS is found on the
motherboard. BIOS instructs the computer on how to perform basic functions like
booting and keyboard control; it is also used to identify and configure the hardware in a
computer such as the hard drive, CPU, memory, and related equipment. Finally, it
manages data flow between the computer’s operating system (OS) and attached
devices

Question 13

Q

BLOB (Binary Large Object Storage)

Answer

A

used by cloud providers as a database for
large amounts of text or binary data

Question 14

Q

BPA (Business Partnership Agreement)

Answer

A

agreement between 2 companies that are
doing business together in which it is confirmed how much each company should
contribute as well as their responsibility and how the profit will be split

Question 15

Q

BYOD (Bring Your Own Device)

Answer

A

a policy that allows employees to use their personal
devices, such as smartphones or laptops, to access company resources

Question 16

Q

CA (Certificate Authority)

Answer

A

trusted entity that issues digital certificates used to verify
the identities of individuals, organizations, websites or devices

Question 17

Q

CAC (Common Access Card)

Answer

A

smart card about the size of a credit card. It is the
standard identification for Active Duty United States Defense personnel

Question 18

Q

CASB (Cloud Access Security Broker)

Answer

A

software/hardware that sits between users
and their cloud service to enforce security policies

Question 19

Q

CAPTCHA (Completely Automated Public Turing test to tell Computers and
Humans Apart)

Answer

A

a challenge-response test used to distinguish between human and
automated users

Question 20

Q

CBC (Cipher Block Chaining)

Answer

A

a mode of operation for a block cipher – one in which
a sequence of bits are encrypted as a single unit, or block, with a cipher key applied to
the entire block. Cipher block chaining uses what is known as an initialization vector (IV)
of a certain length. By using this along with a single encryption key, organizations and
individuals can safely encrypt and decrypt large amounts of plaintext

Question 21

Q

CER (Certificate)

Answer

A

security files provided and generated by an Certificate Authority.
These files help a browser to verify if a website is secure and save to enter, verifying its
authenticity. These CER security certificates are usually installed on a web server

Question 22

Q

CER (Crossover Error Rate)

Answer

A

point where FAR and FRR are equal

Question 23

Q

CHAP (Challenge Handshake Authentication Protocol)

Answer

A

challenge-response
identity authentication protocol. It depends on a combination of CHAP security
credentials and a “shared secret” between the requestor (client) and the authenticator
(server), and it does not expose a password

Question 24

Q

CIA (Confidentiality, Integrity, and Availability)

Answer

A

the three core principles of
information security

Question 25

Q

CIRT (Computer Incident Response Team)

Answer

A

a team responsible for responding to
and mitigating cyber security incidents

Question 26

Q

COPE (Corporate-Owned, Personally-Enabled)

Answer

A

a policy that allows employees to
use company-owned devices for personal use

Question 27

Q

CRC (Cyclic Redundancy Check)

Answer

A

a mathematical algorithm used to detect errors in
data transmission

Question 28

Q

CRL (Certificate Revocation List)

Answer

A

first phase of checking if certificate is valid

Question 29

Q

CSA (Cloud Security Alliance)

Answer

A

non-profit organization that provides different
resources to help Cloud Security Providers (CSPs)

Question 30

Q

CSRF (Cross-Site Request Forgery)

Answer

A

is a web security vulnerability that allows an
attacker to induce users to perform actions that they do not intend to perform

Question 31

Q

CSO (Chief Security Officer)

Answer

A

a senior-level executive responsible for overseeing an
organization’s security program

Question 32

Q

CSP (cloud service provider)

Answer

A

is a third-party company that provides scalable
computing resources that businesses can access on demand over a network, including cloud-based compute, storage, platform, and application services

Question 33

Q

CSR (Certificate Signing Request)

Answer

A

a request made by a user or device to a
certificate authority for a digital certificate

Question 34

Q

CSRF (Cross Site Request Forgery)

Answer

A

attack that forces an end user to execute
unwanted actions on a web application in which they are currently authenticated

Question 35

Q

CSV (Comma Separated Values)

Answer

A

a file format used to store data in a table-like
format, with each row separated by a comma

Question 36

Q

CVE (Common Vulnerabilities and Exposure)

Answer

A

list of vulnerabilities created by
MITRE

Question 37

Q

CVSS (Common Vulnerabilities Scoring System)

Answer

A

ranking of vulnerabilities and their
severity

Question 38

Q

CYOD (Choose Your Own Device)

Answer

A

company has set of devices that employees can
choose to use for work

Question 39

Q

DAC (Discretionary Access Control)

Answer

A

restricting access to objects based on the
identity of subject

Question 40

Q

DDoS (Distributed Denial of Service)

Answer

A

a type of cyber attack in which multiple
systems are used to flood a target server or network with traffic, causing it to become
unavailable

Question 41

Q

DES (Data Encryption Standard)

Answer

A

is a symmetric-key block cipher published by the
National Institute of Standards and Technology (NIST) that was widely used in the past
but is now considered insecure

Question 42

Q

DHCP (Dynamic Host Configuration Protocol)

Answer

A

a protocol used to automatically
assign IP addresses and other network settings to devices on a network

Question 43

Q

DMZ (Demilitarized Zone)

Answer

A

a network segment that is isolated from the internal
network and is used to provide public-facing services, such as web servers or email
servers

Question 44

Q

DNS (Domain Name System)

Answer

A

a system that translates domain names into IP
addresses

Question 45

Q

DoS (Denial of Service)

Answer

A

a type of cyber attack in which a server or network is
overwhelmed with traffic, causing it to become unavailable

Question 46

Q

DPO (Data Protection Officer)

Answer

A

DPO makes sure that the organization is correctly
protecting individuals personal data according to current legislation

Question 47

Q

DRP (Disaster Recovery Plan)

Answer

A

preparing for any type of disaster that could occur

Question 48

Q

EAP (Extensible Authentication Protocol)

Answer

A

architectural framework that provides
extensibility for authentication methods for commonly used protected network access
technologies such as IEEE 802.1X-based wireless access, IEEE 802.1X-based wired
access and Point-to-Point Protocol (PPP)

Question 49

Q

EFS (Encrypting File System)

Answer

A

a feature in Windows that allows files and folders to be
encrypted using a user’s public key. Windows’ EFS feature allows you to easily encrypt
and decrypt files on your Windows NTFS drives. Once you’ve encrypted files with this
tool, other people won’t be able to access them unless they have your password

Question 50

Q

EMI (Electromagnetic Interference)

Answer

A

interference caused by electromagnetic waves,
which can disrupt the functioning of electronic devices

Question 51

Q

EMP (Electromagnetic Pulse)

Answer

A

a burst of electromagnetic radiation that can cause
damage to electronic devices

Question 52

Q

ESP (Encapsulating Security Payload)

Answer

A

is security payload is an individual protocol in
IPSec. ESP is responsible for the CIA triad of security (Confidentiality, Integrity,
Availability), which is considered significant only when encryption is carried along with
them. Securing all payload/ packets/ content in IPv4 and IPv6 is the responsibility of
ESP

Question 53

Q

FAR (False Acceptance Rate)

Answer

A

metric used to measure the likelihood of granting
access to an unauthorized user

Question 54

Q

FDE (Full Disk Encryption)

Answer

A

security technique that encrypts all data stored on a disk
or storage device, including the operating system, applications, and user data

Question 55

Q

FISMA (Federal Information Security Management Act)

Answer

A

FISMA requires federal
agencies to develop, document, and implement an agency-wide program to provide
information security for the information and systems that support the operations and
assets of the agency, including those provided or managed by another agency,
contractor, or other source

Question 56

Q

FRR (False Rejection Rate)

Answer

A

metric used to measure the likelihood of denying access
to an authorized user

Question 57

Q

FTP (File Transfer Protocol)

Answer

A

a protocol used to transfer files between computers over
a network. Port 21

Question 58

Q

GDPR (General Data Protection Regulation)

Answer

A

regulation in European Union (EU) law
on data protection and privacy for individuals within the EU and the European Economic
Area (EEA). It came into effect on May 25, 2018 and is enforced by the EU Data
Protection Authorities

Question 59

Q

GPS (Global Positioning System)

Answer

A

a system of satellites used to determine the
location of a device

Question 60

Q

GRE (Generic Routing Encapsulation)

Answer

A

a protocol used to encapsulate one type of
packet within another

Question 61

Q

GBAC (Group Based Access Control)

Answer

A

gives access to a group of individuals to the
resources that they need

Question 62

Q

HMAC (Hash-based Message Authentication Code)

Answer

A

is a cryptographic
authentication technique that uses a hash function and a secret key. With HMAC, you
can achieve authentication and verify that data is correct and authentic with shared
secrets, as opposed to approaches that use signatures and asymmetric cryptography

Question 63

Q

HIDS (Host Intrusion Detection System)

Answer

A

HIDS stands for host-based intrusion
detection system and represents an application that is monitoring a computer or
network for suspicious activities

Question 64

Q

HIPAA (Health Insurance Portability And Accountability Act)

Answer

A

federal law that was
enacted in 1996 to protect the privacy and security of patients’ personal health
information (PHI)

Answer 65

A

algorithm used to generate one-time
passwords that are used for authentication purposes

Answer 66

A

type of specialized hardware device designed to
securely store and manage digital keys and perform cryptographic operations. It can be
used to store encryption keys, digital certificates, and other sensitive data

Answer 67

A

web security policy mechanism used to
protect against protocol downgrade attacks and cookie hijacking

Answer 68

A

is the standard markup language for creating
Web pages

Answer 69

A

HTTP is the foundation of the World Wide Web,
and is used to load webpages using hypertext links. HTTP is an application layer
protocol designed to transfer information between networked devices and runs on top of
other layers of the network protocol stack. A typical flow over HTTP involves a client
machine making a request to a server, which then sends a response message. HTTP
uses port 80

Answer 70

A

a secure version of HTTP that uses
encryption to protect data in transit. HTTPS uses port 443

Answer 71

A

a cloud computing model in which infrastructure
resources, such as servers and storage, are provided by a third-party provider

Answer 72

A

a cybersecurity practice that enables IT
administrators to restrict access to organizational resources so that only the people who
need access have access

Answer 73

A

a network layer protocol used by network
devices to diagnose network communication issues. ICMP is mainly used to determine
whether or not data is reaching its intended destination in a timely manner

Answer 74

A

a monitoring system that detects suspicious
activities and generates alerts when they are detected. Based upon these alerts, a
security operations center (SOC) analyst or incident responder can investigate the issue
and take the appropriate actions to remediate the threat

Answer 75

A

a network security technology that goes beyond
the capabilities of an IDS (Intrusion Detection System) by actively preventing identified
threats from being carried out. An IPS monitors network traffic, just like an IDS, but it
can also take action to prevent attacks

Answer 76

A

The IEEE describes itself
as the world’s largest technical professional society – promoting the development and
application of electrotechnology and allied sciences for the benefit of humanity, the
advancement of the profession, and the well-being of our members

Answer 77

A

a standard protocol used to set up a secure and
authenticated communication channel between two parties via a virtual private network
(VPN)

Answer 78

A

an Internet standard protocol used by
email clients to retrieve email messages from a mail server over a TCP/IP connection.
IMAP uses port 143

Answer 79

A

physical devices that are connected to the internet
and that can exchange data with each other

Answer 80

A

a protocol, or set of rules, for routing and addressing packets of
data so that they can travel across networks and arrive at the correct destination

Answer 81

A

an IPv4 address is a 32-bit address that is usually
represented in dotted decimal notation, with a decimal value representing each of the four octets (bytes) that make up the address

Answer 82

A

a network protocol that serves as the successor to
IPv4. The purpose of IPv6 is to provide a larger address space for the internet as the
number of connected devices continues to grow. One of the main differences between
IPv6 and IPv4 is the size of the address space. IPv4 uses 32-bit addresses, allowing for
approximately 4.3 billion unique addresses. In contrast, IPv6 uses 128-bit addresses,
which allows for an almost unlimited number of unique addresses

Answer 83

A

a document that regulates security-
relevant aspects of an intended connection between an agency and an external system.
It regulates the security interface between any two systems operating under two
different distinct authorities

Answer 84

A

an international standard-
setting organization

Answer 85

A

a company that provides Internet access to
customers

Answer 86

A

a lightweight data interchange format

Answer 87

A

is a software protocol for enabling
anyone to locate data about organizations, individuals and other resources such as files
and devices in a network – whether on the public internet or a corporate intranet. LDAP
is a “lightweight” version of Directory Access Protocol (DAP), which is part of X.500, a
standard for directory services in a network. LDAP is considered lightweight because it
uses a smaller amount of code than other protocols

Answer 88

A

a unique identifier assigned to a network interface
controller (NIC)

Answer 89

A

limiting access to resources based on the
sensitivity of information

Answer 90

A

provides managed cloud services to
customers. Managed cloud services are a type of cloud computing service in which a
third-party provider manages and delivers cloud computing resources and services to
customers over the internet

Answer 91

A

a security feature that requires multiple forms of
authentication to access a resource

Answer 92

A

an MITB attack injects malicious software (malware) into
a victim’s web browser. The malware typically exploits vulnerabilities in the browser or
its plugins to intercept and manipulate data exchanged between the browser and the
websites the user visits

Answer 93

A

a type of cyber attack in which an attacker intercepts
communications between two parties in order to either steal or change the data in
transit

Answer 94

A

provides managed security services to
customers, typically on a subscription basis

Answer 95

A

average amount of time between system
failure which shows how reliable a system is

Answer 96

A

average time it takes for an organization to detect a
security incident or breach after it occurs

Answer 97

A

average time that it takes to fix a system

Answer 98

A

a system used to control access to a network based
on the identity of the user or device

Answer 99

A

a technique used to map private IP addresses
to public IP addresses

Answer 100

A

contract that prevents any side of the business to
give away the secrets to others

Answer 101

A

short-range wireless communication technology
that enables data exchange between devices that are within close proximity to each
other, typically within a few centimeters

Answer 102

A

a system used to detect unauthorized
activity on a network

Answer 103

A

type of security system that is used to
detect and prevent unauthorized access, attacks, and other malicious activity on a
network

Answer 104

A

a U.S. government agency
that develops standards for technology and engineering

Answer 105

A

a file system used in Windows operating
systems

Answer 106

A

open standard protocol that is used for authorization
and authentication between applications or services. It allows users to grant access to their private resources stored on one website to another website or application, without
sharing their credentials, such as passwords

Answer 107

A

a protocol used to check the validity of a
digital certificate

Answer 108

A

conceptual framework that is used to
standardize and describe the communication functions of a telecommunication or
computing system. The OSI model is divided into seven layers, each with a specific
function, that define the communication process between two devices in a network

Answer 109

A

a cloud computing model in which a third-party provider
offers a platform for developing and deploying applications

Answer 110

A

type of security solution that helps
organizations manage and control access to privileged accounts and systems

Answer 111

A

a set of security
standards for protecting credit card data

Answer 112

A

an encryption program that provides cryptographic
privacy and authentication for data communication. PGP is used for signing, encrypting,
and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase
the security of e-mail communications

Answer 113

A

security feature used in Wi-Fi networks to
protect against certain types of attacks that can be carried out against wireless
management frames

Answer 114

A

a protocol used to retrieve email messages
from a mail server

Answer 115

A

a protocol used to establish a direct connection
between two devices

Answer 116

A

a technique used to increase the
reliability and performance of data storage

Answer 117

A

networking protocol that is
used to provide centralized authentication, authorization, and accounting (AAA)
management for users who connect and use network services. RADIUS is commonly
used in enterprise and service provider environments, such as Wi-Fi networks, virtual
private networks (VPNs), and dial-up services

Answer 118

A

computer’s short-term memory, where the data that
the processor is currently using is stored. Your computer can access RAM memory
much faster than data on a hard disk, SSD, or other long-term storage device, which is
why RAM capacity is critical for system performance

Answer 119

A

a type of malware that allows an attacker to remotely
control a victim’s computer

Answer 120

A

a protocol used to remotely access and control a
desktop computer

Answer 121

A

software architectural style that describes
the architecture of the web

Answer 122

A

a technology used for tracking and identifying
objects using radio waves

Answer 123

A

a cryptographic
hash function

Answer 124

A

the maximum amount of time it takes to recover
data after a disaster

Answer 125

A

an operating system commonly found in
Internet of Things Devices

Answer 126

A

high level rules that determine how, where and
when employees can access spaces or resources

Answer 127

A

standard for secure email
messaging that provides encryption and digital signing capabilities

Answer 128

A

specialized, high-speed network that provides network
access to storage devices. SANs are typically composed of hosts, switches, storage
elements, and storage devices that are interconnected using a variety of technologies,
topologies, and protocols

Answer 129

A

a cloud computing model in which a third-party
provider offers software applications

Answer 130

A

key exchange protocol that provides
stronger security and that replaced PSK in WPA2

Answer 131

A

refers to the use of satellite
technology for communication purposes, including voice, data, and video transmission

Answer 132

A

a system used to control and
monitor industrial processes

Answer 133

A

a protocol used to securely transfer files between two
devices

Answer 134

A

a protocol used to securely transfer files
between two devices

Answer 135

A

SHA stands for secure hashing algorithm. SHA is a
modified version of MD5 and used for hashing data and certificates. A hashing
algorithm shortens the input data into a smaller form that cannot be understood by using
bitwise operations, modular additions, and compression functions

Answer 136

A

a unique identifier used to identify a user or group in
Windows operating systems

Answer 137

A

type of security solution that
provides real-time analysis of security alerts and events generated by network hardware
and applications

Answer 138

A

a protocol used to send email messages
between servers

Answer 139

A

a protocol used to manage and
monitor network devices

Answer 140

A

security technology
that helps organizations automate and streamline their security operations and incident
response processes

Answer 141

A

integrated circuit (IC) that combines various components of a
computer or electronic system into a single chip

Answer 142

A

a programming language used for managing and
manipulating data in relational databases

Answer 143

A

a protocol used for secure remote access to a device. Uses Port
22

Answer 144

A

SSL, or Secure Sockets Layer, is an encryption-based
Internet security protocol. It was first developed by Netscape in 1995 for the purpose of
ensuring privacy, authentication, and data integrity in Internet communications. SSL is
the predecessor to the modern TLS encryption used today. A website that implements
SSL/TLS has “HTTPS” in its URL instead of “HTTP”

Answer 145

A

a protocol used to prevent loops in a network
topology

Answer 146

A

designed to support the sharing of
cybersecurity threat intelligence between different organizations and cybersecurity
technologies

Answer 147

A

protocol
used for providing centralized authentication, authorization, and accounting (AAA)
services for network devices such as routers, switches, and firewalls

Answer 148

A

application protocol
for exchanging Cyber Threat Intelligence over HTTPS. It works with STIX

Answer 149

A

a protocol used to establish a reliable
connection between two devices. Uses three way handshake

Answer 150

A

TOTP uses a timestamp and a time-based
factor to generate the password. Specifically, TOTP calculates the message
authentication code based on the current time and a time interval (usually 30 seconds)

Answer 151

A

chip on motherboard that can be used to store
critical information such as encryption keys. TPM can be used for FDE (Full Disk
Encryption)

Answer 152

A

checks whether user activity sticks out from their
usual activity

Answer 153

A

a protocol used for sending datagrams over a
network. Connectionless

Answer 154

A

modern version of BIOS. UEFI can be
used for securely starting a device

Answer 155

A

a unique identifier used to locate a resource on the
Internet. It is also referred to as a web address

Answer 156

A

a logical grouping of devices on a network that
are grouped together based on factors such as function, department, or location, rather
than physical location

Answer 157

A

a software environment that emulates a physical computer

Answer 158

A

a virtual private network, or VPN, is an encrypted
connection over the Internet from a device to a network. The encrypted connection
helps ensure that sensitive data is safely transmitted. It prevents unauthorized people
from eavesdropping on the traffic and allows the user to conduct work remotely. VPN
technology is widely used in corporate environments

Answer 159

A

proprietary protocol used by Cisco switches to
exchange VLAN information. With VTP, you can synchronize VLAN information (such as
VLAN ID or VLAN name) with switches inside the same VTP domain

Answer 160

A

firewall used to protect web applications

Answer 161

A

network device that receives and transmits data over
WLAN

Answer 162

A

wired equivalent privacy is meant to protect Wi-Fi
transmissions by encrypting the data so outsiders who are not inside the encrypted
network will not be able to read the messages or data contained within. WEP is better
than no security at all, and it is still used on older devices that do not support WPA or
WPA2

Answer 163

A

a system used to detect unauthorized
access to a wireless network

Answer 164

A

a security protocol used for wireless networks. There
is WPA, WPA2, WPA3

Answer 165

A

a standard for public key certificates used for authentication in network
communication

Answer 166

A

a markup language used for encoding
documents in a format that is both human-readable and machine-readable

Answer 167

A

a type of attack in which an attacker injects malicious
code into a web page viewed by other users. Usually this code is javascript code. There
are 3 main versions of XSS: DOM Based, Stored and Reflected XSS

Brainscape's Knowledge GenomeTM

CompTIA Security+ 701 Flashcards

Brainscape's Knowledge Genome^TM