CompTIA Security+ Vocabulary List Flashcards
Active Directory
Directory service by Microsoft for Windows domain networks.
AES (Advanced Encryption Standard)
Symmetric encryption algorithm.
Application Layer
Layer 7 of the OSI model, providing network services to applications.
Anomaly Detection
Identifying unusual patterns that do not conform to expected behavior.
Attack Surface
Total points where an attacker can try to enter data into or extract data from an environment.
Audit Trail
Record of activities to ensure integrity and track changes.
Biometrics
Authentication using physical characteristics, like fingerprints or facial recognition.
Authentication Header (AH)
IPsec protocol providing connectionless integrity and data origin authentication.
Black Box Testing
Testing without knowledge of the internal workings of the application.
Blue Team
Group responsible for defending an organization from cyber attacks.
Bollard
Physical security device to prevent vehicle-based attacks.
CCTV (Closed-Circuit Television)
Video surveillance system.
Compensating Controls
Security controls that provide alternative measures.
Certificate Revocation List (CRL)
List of certificates that have been revoked by the Certificate Authority.
Chain of Custody
Documentation showing the seizure, custody, control, transfer, analysis, and disposition of evidence.
Ciphertext
Encrypted text transformed from plaintext.
Confidentiality
Ensuring that information is only accessible to those authorized to have access.
Control Diversity
Using different types of controls (administrative, technical, physical) to achieve security.
Data-at-Rest
Inactive data stored physically in any digital form.
Data-in-Transit
Data actively moving from one location to another.
Degaussing
Process of reducing or eliminating a magnetic field, often used to erase data from magnetic storage.
Digital Forensics
Process of uncovering and interpreting electronic data.
Elliptic Curve Cryptography (ECC)
Encryption algorithm based on elliptic curves over finite fields.
Demilitarized Zone (DMZ)
Physical or logical subnetwork that contains and exposes an organization’s external-facing services.
Dumpster Diving
Searching through waste to find confidential information.
EAP (Extensible Authentication Protocol)
Framework for transporting authentication protocols.
Evil Twin
Rogue wireless access point mimicking a legitimate one.
EMI (Electromagnetic Interference)
Disturbance affecting an electrical circuit due to electromagnetic radiation.
Escrowed Encryption
Encryption process where decryption keys are held in escrow.
File Integrity Monitoring
Process of validating the integrity of operating system and application software files.
Federated Identity Management
Linking a user’s electronic identity and attributes, stored across multiple distinct identity management systems.
Geofencing
Creating a virtual boundary for a geographic area.
Hashcat
Popular password cracking tool.
Identity Federation
Linking a single identity across multiple systems.
HIPS (Host-based Intrusion Prevention System)
System designed to protect a host from malicious attacks.
Hybrid Attack
Combining dictionary and brute-force attacks to crack passwords.
HIDS (Host-based Intrusion Detection System)
System that monitors and analyzes the internals of a computing system.
Incident Response Plan
Organized approach to addressing and managing the aftermath of a security breach or attack.
IDS (Intrusion Detection System)
System that monitors network or system activities for malicious activities.
IMAP (Internet Message Access Protocol)
Protocol used by email clients to retrieve messages from a mail server.
Kerberos
Network authentication protocol using tickets.
IoC (Indicators of Compromise)
Artifacts observed on a network or in an operating system that with high confidence indicate a computer intrusion.
KDE (Kernel Density Estimation)
Non-parametric way to estimate the probability density function of a random variable.
Least Privilege
Principle of limiting access rights for users to the bare minimum.
Key Escrow
Secure storage and recovery of encryption keys.
IP Spoofing
Creating IP packets with a forged source IP address.
Logic Bomb
Code inserted into a system that sets off a malicious function when specified conditions are met.
LDAP (Lightweight Directory Access Protocol)
Protocol for accessing and maintaining distributed directory information services.
MAC (Mandatory Access Control)
Access control policy determined by the system.
Mantrap
Physical security device that monitors and controls two interlocking doors to a small room.
Malware
Software intentionally designed to cause damage.
MD5 (Message Digest Algorithm 5)
Widely used cryptographic hash function.
MitM (Man-in-the-Middle)
Attack where the attacker secretly intercepts and relays messages.
Multi-Tenancy
Architecture where a single instance of software serves multiple customers.
NAC (Network Access Control)
Solutions to define and implement a security policy that grants access to network resources.
Non-Repudiation
Assurance that someone cannot deny the validity of their actions.
Netflow
Network protocol for collecting IP traffic information.
NIDS (Network Intrusion Detection System)
System for monitoring and analyzing network traffic.
NTLM (NT LAN Manager)
Suite of Microsoft security protocols for authentication.
Obfuscation
Making something obscure or unclear.
OID (Object Identifier)
Identifier used to name an object.
One-Time Pad
Encryption technique that cannot be cracked.
OAuth (Open Authorization)
Open standard for access delegation.
PAP (Password Authentication Protocol)
Authentication protocol that uses a two-way handshake.
OpenID
Decentralized authentication protocol.
OWASP (Open Web Application Security Project)
Online community creating freely available security-related resources.
Pivoting
Using one compromised system to attack others.
Pharming
Redirecting website traffic to another, fraudulent website.
PFS (Perfect Forward Secrecy)
Property ensuring that the compromise of one session key does not affect others.
Red Team
Group playing the role of an adversary to test security.
Rainbow Table
Precomputed table for reversing cryptographic hash functions.
Remote Code Execution (RCE)
Executing code remotely on a different system.
PTZ (Pan-Tilt-Zoom)
Camera that can be remotely controlled to pan, tilt, and zoom.
Smurf Attack
DDoS attack using IP spoofing and ICMP.
SOAR (Security Orchestration, Automation, and Response)
Stack of compatible software programs enabling security operations teams to streamline and standardize activities.
Sandbox
Isolated environment for running untrusted programs.
Residual Risk
Risk remaining after security measures have been applied.
SFTP (Secure File Transfer Protocol)
Secure version of FTP using SSH.
Rogue AP
Unauthorized wireless access point.
Salting
Adding random data to a hash function to ensure unique outputs.
SIEM (Security Information and Event Management)
Solution for real-time analysis of security alerts.
Spear Phishing
Targeted phishing attack.
Shibboleth
Single sign-on (SSO) solution for web resources.
SDN (Software-Defined Networking)
Network management approach enabling programmatically efficient network configuration.
Spyware
Software that secretly monitors user activity.
Syslog
Standard for message logging.
Steganography
Concealing messages within other non-secret text or data.
SYN Flood
Attack sending a series of SYN requests to consume resources.
Threat Hunting
Proactively searching for cyber threats.
Tokenization
Replacing sensitive data with unique identification symbols.
UEBA (User and Entity Behavior Analytics)
Analyzing user behavior to detect anomalies.
Vishing
Phishing conducted through phone calls.
Vulnerability Scanner
Tool for identifying security weaknesses.
XOR Cipher
Simple symmetric encryption algorithm.
War Driving
Searching for Wi-Fi networks by moving around.
Worm
Self-replicating malware.
YARA
Tool for identifying and classifying malware.
Zero Trust
Security concept assuming no implicit trust.
Zero-Day Exploit
Exploiting a vulnerability that is not yet known to the vendor.
Zoning
Dividing a storage area network (SAN) into logical segments.