CompTIA Security+ SY0-701 Exam Acronyms 4 Flashcards
Which of the following solutions would be best suited for a company that needs comprehensive IT services but lacks qualified IT personnel?
MSA
MaaS
MSP
MSSP
** Answer: MSP **
MSP stands for Managed Service Provider, which is a third-party company that manages an organization’s IT infrastructure. MSPs can help organizations improve their cybersecurity by remotely managing their IT systems, networks, and security protocols.
They cover network infrastructure, systems, applications, and various security requirements, providing continuous monitoring, management, support, and maintenance. MSP vendors can provide remote and on-site resources.
Which of the terms listed below refers to a third-party vendor offering IT security management services?
MSP
MaaS
MSA
MSSP
** Answer: MSSP **
MSSP stands for Managed Security Service Provider. MSSPs are third parties that offer cybersecurity services to organizations. They can help protect systems, devices, and applications from cyberthreats.
– Monitoring: MSSPs monitor systems and security devices.
– Threat detection: MSSPs scan systems for threats and respond to them.
– Vulnerability scanning: MSSPs scan systems for vulnerabilities.
– System management: MSSPs can manage system upgrades, changes, and modifications.
Which of the following acronyms refers to the broad category of hardware and software systems used for monitoring and controlling physical devices, processes, and industrial operations?
ICS
OT ( Missed)
SCADA
EDR
** Answer: OT **
Operational technology (OT) refers to hardware and software systems that execute monitoring and/or control over industrial equipment and processes.
Operational technology (OT) security is a set of practices and technologies that protect industrial control systems from cybersecurity threats. OT systems are used to monitor and control industrial processes, devices, and infrastructure.
Which of the answers listed below refers to a basic method for establishing a dedicated point-to-point link between two networked devices?
PPTP
IGMP
PPP
MPLS
** Answer: PPP **
PPP (Point-to-Point Protocol) is a basic method for establishing a dedicated point-to-point link between two networked devices.
Explanation: PPP allows two computers to directly communicate with each other over a serial connection, creating a private and dedicated network between them.
Which of the following defines the maximum acceptable amount of data loss measured by a specific point in time before a disaster or outage?
RPO
MTBF
RTO
MTTR
** Answer: RPO **
Recovery Point Objective (RPO) is a measurement of the maximum amount of data loss an organization can tolerate after a disruptive event. It’s a key component of a disaster recovery plan and is often used in conjunction with Recovery Time Objective (RTO).
RTO (Recovery Time Objective) measures how much downtime you can withstand before your business sustains significant damages.
Which of the terms listed below refers to a framework for managing access to digital resources?
PAM
SSO
IAM
MFA
** Answer: IAM **
Identity and Access Management (IAM) is a cybersecurity framework that controls who can access an organization’s digital resources. IAM helps to improve security, compliance, and user experience.
Which of the following answers refer to SCAP? (Select 3 answers)
a. A type of security system designed to collect logs and events from various sources
b. Designed to provide a centralized user interface for accessing collected data
c. A collection of standards developed by NIST
d. Provides a common language for communicating security information
e. Allows different security tools to share data and work together more effectively
f. Enables real-time threat detection, incident response, and compliance monitoring
** Answer: b, c, d, e **
Security Content Automation Protocol (SCAP) is a framework of open standards that help organizations manage vulnerabilities, measure security, and comply with policies. SCAP automates processes like vulnerability analysis, configuration verification, and report generation.
**How SCAP works **
– SCAP uses standards to communicate information about software flaws and security configurations
– SCAP includes specifications like XCCDF and OVAL, which describe checklists and vulnerabilities
– The OpenSCAP scanner tool evaluates system items against the rules and generates a report
– The report is returned to the organization for monitoring and analysis
Benefits of SCAP
– SCAP helps organizations improve their cybersecurity posture
– SCAP reduces the risk of data breaches and other cyber attacks
– SCAP helps organizations comply with policies, laws, and regulations
– SCAP reduces the risk of human error
– SCAP streamlines security processes
A Windows feature used for centrally managing and enforcing policies and settings for users and computers in a network is referred to as:
SAE
NTLM
GPO
SSO
** Answer: GPO **
A security Group Policy Object (GPO) is a virtual collection of settings that define security permissions for a group of users or computers. GPOs are a key tool for system administrators to manage security and consistency across a network.
What GPOs can do
– Enforce password policies
– Restrict access to certain features
– Manage software updates
– Control the appearance of the desktop
– Prevent users from accessing certain information
– Prevent tasks that might jeopardize critical systems or data
Which of the answers listed below refers to a protocol used for automating the issuance and management of certificates within a PKI environment?
PKCS
SCEP
CSR
OCSP
** Answer: SCEP **
Simple Certificate Enrollment Protocol (SCEP) is an open-source protocol that helps devices get digital certificates. It’s used to make the process of issuing certificates more secure, scalable, and easier.
Simple Certificate Enrollment Protocol (SCEP) simplifies large-scale certificate enrollment but has limitations in secure identity verification. Without strong security checks, attackers can misuse SCEP challenge passwords to obtain certificates
Which of the following answers refers to the characteristic features of RSA? (Select 3 answers)
a. Asymmetric encryption algorithm
b. A public key is used for encryption and a private key is used for decryption
c. Suitable for bulk data encryption
d. Used for secure communications, digital signatures, and key exchange
e. Symmetric encryption algorithm
f. A single key used for both encryption and decryption
** Answer: a, b, d **
RSA (Rivest-Shamir-Adleman) is a public-key encryption algorithm that uses a private and public key pair to protect data. RSA is used in many security applications, including digital signatures, digital certificates, and secure communication.
– RSA uses a private key and a public key that are mathematically linked.
– The public key is accessible to anyone, but the private key is known only by the key pair creator.
– RSA uses the factorization of two prime numbers to encrypt data.
– RSA is considered a staple of asymmetric encryption.
Which of the answers listed below describe the characteristics of a non-persistent VDI? (Select 2 answers)
a. At the end of a session, user desktop reverts to its original state.
b. Each user runs their copy of the virtual desktop
c. At the end of a session, user data and personal settings are saved
d. Virtual desktop is shared among multiple users
** Answer: b, d **
A non-persistent VDI is an environment where many users share virtual desktops. In contrast to persistent VDI, non-persistent VDI resets virtual desktops after each session. With non-persistent desktops, user settings, and data aren’t saved after logout. The desktops return to their original state for the next session.
Which of the following answers refers to an obsolete protocol used for secure data transfer over the web?
SMTPS
SRTP
SHTTP
S/MIME
** Answer: SHTTP **
Secure Hypertext Transfer Protocol (S-HTTP) is an older security protocol that allows users to exchange files securely over the internet. It was developed in 1994 by Eric Rescorla and Allan M. Schiffman. S-HTTP has since been largely replaced by HTTPS.
In a persistent VDI: (Select 2 answers)
a. Each user runs their own copy of the virtual desktop
b. At the end of a session, user desktop reverts to its original state
c. Virtual desktop is shared among multiple users
d. At the end of a session, user data and personal settings are saved
** Answer: a, d **
A “persistent VDI” in security refers to a virtual desktop infrastructure (VDI) where a user’s personalized settings, files, and customizations are saved and accessible across multiple login sessions, essentially giving them a dedicated virtual desktop that retains their data even after they log off, unlike a non-persistent VDI which resets to a standard state each time a user logs in; this provides greater user convenience but can also introduce more security concerns due to the potential for sensitive data to remain on the desktop if not properly managed.
An authentication mechanism that generates one-time passwords based on a counter value and a secret key is known as:
OAuth
HOTP
RADIUS
TOTP
** Answer: HOTP **
HOTP (Hash-based Message Authentication Code) is a one-time password (OTP) that uses a counter to generate unique passwords. HOTP is a type of multi-factor authentication (MFA) that can help prevent hackers from accessing sensitive information.
Which of the acronyms listed below refers to a documented process for addressing identified issues and preventing their repetition?
DRP
COOP
QA
CAR
** Answer: DRP **
DRP can refer to both Disaster Recovery Plan and Digital Risk Protection, which are both important for cybersecurity and business continuity.
**Digital Risk Protection (DRP) **
– A strategic use of tools and services to monitor, assess, and mitigate risk across an organization’s digital footprint
– Helps protect sensitive data, such as financial and personally identifiable information
– Helps identify spoofing plans and secure digital assets
– Can detect, analyze, and take down fraudulent content across the web, social media, and app stores
Which of the following answers refers to a software tool designed to simplify the process of creating and maintaining online content?
VDI
SaaS
CMS
SDK
** Answer: CMS **
CMS stands for Content Management System, and CMS security is the protection of a CMS from cyberattacks. CMSs are software platforms that allow users to build and manage websites. They store large amounts of sensitive data, including customer information, financial data, and intellectual property.
For many developers, a website’s content management system (CMS) is of particular concern in terms of security. There are many ways the CMS can cause weaknesses. Code Injection involves the insertion (or injection) of extra code into a website, often with unwanted results.
Which block cipher mode combines CTM for encryption with an authentication mechanism to ensure both data confidentiality and integrity?
CBC
GCM
ECB
CFB
** Answer: GCM **
Galois/Counter Mode (GCM) is a cryptographic mode of operation that encrypts and authenticates data. It’s used in many encryption algorithms, including AES (Advanced Encryption Standard).
**Where GCM is used **
– GCM is used in the IEEE 802.1AE (MACsec) Ethernet security.
– It’s used in WPA3-Enterprise Wifi security protocol.
– It’s used in SSH, TLS 1.2 and TLS 1.3.
– It’s used in the SoftEther VPN server and client, as well as OpenVPN.
Benefits of GCM
– GCM is efficient for high-speed packet networks.
– It can accept IVs of arbitrary length.
– It can act as a stand-alone message authentication code (MAC).
– It can be used as an incremental MAC.
The term “FPGA” refers to a reconfigurable integrated circuit that can be programmed and customized to perform various digital functions and tasks.
True
False
** Answer: FPGA **
Field Programmable Gate Arrays (FPGAs) are a powerful solution to help organizations navigate the cyber threat landscape and foster a safer future, today. In this blog post, we’ll explore five key ways FPGAs enable cyber resilience by protecting systems and data from sophisticated attacks
Which of the answers listed below refer to SIEM? (Select 3 answers)
a. Allows different security tools to share data and work together more effectively
b. Designed to provide a centralized user interface for accessing collected data
c. A collection of standards developed by NIST
d. Enables real-time threat detection, incident response, and compliance monitoring
e. A type of security system designed to collect logs and events from various sources
f. Provides a common language for communicating security information
** Answer: b, d, f **
SIEM stands for security information and event management. It’s a security management system that monitors, analyzes, and responds to IT events. SIEM tools help detect threats and incidents, and can automate responses.
SIEM (security information and event management) systems are integral to a security operations center (SOC). They provide the necessary tools and capabilities for comprehensive security monitoring, threat detection and analysis, incident response, and compliance management, all critical components of SOC operations.
Which of the following answers refers to a trusted third-party service for validating user identity in a federated identity system?
RA
IdP
CA
Kerberos
** Answer: IdP **
An Identity Provider (IdP) is a system that stores, manages, and creates digital identities. IdPs are a key component of enterprise IT infrastructure and are essential for modern digital security.
** Benefits of IdPs **
– Improved user experience: Users can access services without having to repeatedly log in.
– Simplified user management: It’s easier to add or remove users and manage permissions.
– Strong access control: IdPs help organizations ensure that only authorized users can access services.
** Why IdPs are important **
– IdPs help organizations scale up the number of users without increasing IT overhead.
– IdPs help organizations reduce the risk of security breaches.
Which of the answers listed below refers to a deprecated TLS-based method for securing SMTP?
IDPS
STARTTLS
DKIM
SMTPS
** Answer: SMTPS **
SMTPS (Simple Mail Transfer Protocol Secure) is a security extension of SMTP that protects email communication. SMTPS uses Transport Layer Security (TLS) to encrypt and authenticate emails, and prevent data tampering.
SMTP security best practices
– Enforce password policies that require strong passwords that include a combination of upper and lower-case letters, numbers, and symbols
– Implement password expiration policies to help ensure that passwords are regularly changed
– Scan SMTP traffic for vulnerabilities
Which of the following enables running macros in Microsoft Office applications?
DOM
API
DLL
VBA
** Answer: VBA **
Visual Basic for Applications (VBA) can be used for both security threats and security defense. Attackers can use VBA to create malicious macros in Microsoft Office documents, but VBA can also be used to monitor network activity and detect suspicious behavior.
Which of the answers listed below refers to a language used to structure and describe data in a format that is both human- and machine-readable?
HTML
XML
JSON
XHTML
** Answer: XML **
In SNMP, each node in a MIB is uniquely identified by a(n):
OID
IP
OUI
MAC
** Answer: OID **
Management Information Base, also known as MIB, is a hierarchical database that contains configuration and other vital management information of SNMP devices in the form of data objects. An SNMP management system uses these database files to interpret the messages sent by the managed devices.
Which of the following acronyms refers to a block cipher mode that works by chaining the ciphertext blocks together, such that each ciphertext block depends on the previous block?
CBC
GCM
ECB
CFB
** Answer: CBC **
Cipher block chaining (CBC) is a mode of encryption that uses a block cipher to scramble plaintext into ciphertext. CBC is a commonly used encryption mode that is simple to implement.
Which of the answers listed below refers to a dedicated protocol designed for enabling real-time text-based communication over the Internet?
IRC
RTC
IM
MMS
** Answer: IRC **
Internet Relay Chat (IRC) can be vulnerable to security threats like data leakage, malware, and impersonation. Because IRC connections are often unencrypted, they are a target for hackers and attackers.
– Lack of encryption: Messages are sent in plain text, which can be intercepted.
– User impersonation: Users can impersonate others by using their nicknames.
– Cyberbullying: IRC can be used anonymously to facilitate malicious communication.
– DDoS attacks: IRC networks can be overwhelmed by DDoS attacks that attempt to crash the server.
– Trojan horse viruses: Users can download files that contain malware.
Your answer to this question is incorrect or incomplete.
A specialized electronic component that accelerates visual rendering is called:
TPU
GPU
DSP
CPU
** Answer: GPU **
Graphics processing units (GPUs) are used in cybersecurity to detect and respond to threats. GPUs are well-suited for this task because they can process large amounts of data in parallel.
Which of the following answers refers to a protocol that enables the exchange of messages and data between applications running on different OSs and using different programming languages?
VDE
SOAP
VDI
SMTP
** Answer: SOAP **
SOAP (Simple Object Access Protocol) security is a set of practices that protect SOAP messages and user data from unauthorized access. SOAP is an XML-based messaging protocol that allows applications to communicate across different operating systems and programming languages.
Which of the answers listed below refers to a deprecated MS Windows authentication protocol replaced by Kerberos?
PPTP ( Your answer)
WEP
NTLM
SNMPv2
** Answer: NTML **
NTLM, or New Technology LAN Manager, is a set of Microsoft security protocols that authenticate users and computers on a network. It’s primarily used in Windows domain environments.
Which of the following enables delivery of various data packet types over the same network link?
LWAPP
MPLS
MLPPP
MIBS
** Answer: MPLS **
Multiprotocol Label Switching (MPLS) is a private network technology that can be secure when combined with additional security measures. MPLS itself is designed to manage traffic efficiently, but it doesn’t inherently provide encryption or other security features.
Which of the answers listed below refers to a Windows-specific feature for handling exceptions, errors, and abnormal conditions in software?
EPC
SEH
EH
EXR
** Answer: SEH **
This feature is designed to block exploits that use the Structured Exception Handler (SEH) overwrite technique. This protection mechanism is provided at run-time. Therefore, it helps protect applications regardless of whether they have been compiled with the latest improvements, such as the /SAFESEH option.
Which of the following acronyms refers to a security mechanism used in the DNS to authenticate and secure communications between DNS servers during zone transfers and other transactions?
SOA
DKIM
SPF
TSIG
** Answer: TSIG **
Transaction Signature (TSIG) is a security protocol that protects Domain Name System (DNS) communications. TSIG uses shared keys and cryptography to verify that DNS messages are authentic and unaltered.
Transaction Signatures (TSIG) provide a secure method for communicating from a primary to a secondary Domain Name server (DNS). It is a simple and effective method for organizations to enhance their security.
Which of the answers listed below refers to a cable rack that interconnects wiring between an MDF and workstation devices?
ICS
MDI
IDF
MTU
** Answer: IDF **
An Intermediate Distribution Frame (IDF) can improve network security by limiting the spread of security breaches. IDFs are secondary hubs in a network that connect the main distribution frame (MDF) to end-user devices. It is a secondary hub within the network infrastructure, extending the connectivity from the MDF to various endpoints or areas within a building or campus. It acts as a bridge, facilitating communication between the MDF and the end-user devices or local networks.
Which of the following technologies enables automated handling of multiple security incidents?
SOAP
SIEM
SOAR
SASE
** Answer: SOAR **
SOAR stands for Security Orchestration, Automation, and Response. It’s a set of tools and technologies that help organizations manage and respond to security threats. SOAR seeks to alleviate the strain on IT teams by incorporating automated responses to a variety of events. A SOAR system can also be programmed to custom-fit an organization’s needs.
What is the name of a solution that increases the efficiency of IP address space management by allowing network administrators to divide networks into subnets of different sizes?
DNAT
VLSM
MPLS
VLAN
** Answer: VLSM **
A VLSM (short for “variable length subnet mask”) is a computer networking technique to divide an IP network into subnets with different subnet masks. VLSM allows network designers to give each subnet a different number of IP addresses, ultimately resulting in less network congestion and wasted IPs.
