Security+ Glossary Flashcards
layered security
An approach to operational security that incorporates many different avenues of defense
security auditing
The act of performing an organized technical assessment of the security strengths and weaknesses of a computer system to ensure that the system is in compliance
deep web
Those portions of the World Wide Web that are not indexed by standard search engines.
application whitelisting
The practice of allowing approved programs to run on a computer computer network or mobile device
stream cipher
A relatively fast type of encryption that encrypts data one bit at a time
protocol analyzer
This type of diagnostic software can examine and display data packets that are being transmitted over a network
aggregation switch
A network device that combines switches together in a network.
Enhances redundancy and increases bandwidth.
VM sprawl
One of 3 virtualization risks
Situation where the number of virtual machines exceeds the organization’s ability to control or manage all of those virtual machines
X.509
A standard for formatting digital certificates that defines the structure of a certificate with the information that was provided in a CSR
controls
Countermeasures that avoid mitigate or counteract security risks due to threats and attacks
packet analyzer
A device or program that monitors network communications on the network wire or across a wireless network and captures data
endpoint protection
Software that incorporates anti-malware scanners into a larger suite of security controls
DSU
Data Service Unit
Device used to establish connectivity between a LAN and a WAN.
static code analysis
The process of reviewing source code while it is in a static state i.e. it is not executing
incremental backup
A backup type in which all selected files that have changed since the last full or incremental backup (whichever was most recent) are backed up
access recertification
A security control where user access privileges are audited to ensure they are accurate and adhere to relevant standards and regulations.
rule-based access control
A non-discretionary access control technique that is based on a set of operational rules or restrictions
model verification
The process of evaluating how well a software project meets the specifications that were defined earlier in development
XTACACS
An extension to the original TACACS protocol
COBIT 5
A framework for IT management and governance created by ISACA
stress testing
A software testing method that evaluates how software performs under e.xtreme load
data retention
The process of maintaining the existence of and control over certain data in order to comply with business policies and/or applicable laws and regulations
whitelisting
The practice of allowing approved progran1s to run on a computer computer network or mobile device
prevention
The security approach of blocking unauthorized access or attacks before they occur






