SEC+ Chapter3
802.1X
.1X is a technology that provides port-based authentication for network devices. It is based on the IEEE 802.1X standard and is used to authenticate devices connecting to a network using Extensible Authentication Protocol (EAP). It is used to provide secure authentication for wired and wireless networks.
Access control list (ACL)
:
Certificate signing request (CSR)
:
Certificate authority (CA)
A Certificate Authority (CA) is an entity that is responsible for verifying and issuing digital certificates. It is used to authenticate an entity's identity and to provide assurance to other entities that the entity is who they claim to be. In the context of the CompTIA SY0-601 Security+ Exam, a Certificate Authority is an entity that issues digital certificates used to authenticate and secure communications between two entities.
Certificate revocation list (CRL)
A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked before their expiration date. It is used to revoke digital certificates that have been compromised or which are no longer valid for use. This list is maintained by the Certificate Authority (CA) and is used by clients to verify the validity of a digital certificate before trusting its contents. In the CompTIA SY0-601 Sec+ Exam, CRLs are used to ensure that digital certificates are
Virtual local area network (VLAN)
A Virtual Local Area Network (VLAN) is a logical grouping of network devices, such as computers and printers, that are configured to communicate within a local network. VLANs are used to segregate network traffic and can be used to provide additional security, as traffic between VLANs must pass through a router or switch, which can be used to enforce access control. VLANs can also be used to reduce broadcast traffic and extend network connectivity.
Virtual private network (VPN)
A Virtual Private Network (VPN) is a secure, encrypted connection between two networks over the Internet. It is used to protect data transmissions by allowing users to establish secure remote access to a private corporate network. This allows users to access resources that are not accessible from the public Internet and to securely communicate with other users on the private network.
Block list/deny list
A block list (also known as a deny list) is a security tool used to prevent specific IP addresses, domains, or email addresses from connecting to a network or server. This allows network administrators to control who is allowed to access the network and to protect against malicious actors. Block lists are commonly used to protect against malware, phishing, and other malicious activities.
Host-based firewall
A host-based firewall is a security software application that is installed on an individual computer or server, and is designed to prevent unauthorized access from external hosts by creating a barrier between a trusted internal network and an untrusted external network. Host-based firewalls can also be used to control outgoing and incoming network traffic, as well as to monitor and log all traffic that passes through the firewall.
Mobile application
A mobile application in the context of the CompTIA SY0-601 Sec+ Exam, section 3.4 is a software program designed for use on a mobile device such as a smartphone or tablet. Mobile applications can provide access to data, services, and features that are typically found on a desktop computer. Such applications can also enable users to interact with the device, such as making calls, playing music, or taking photos. Security considerations for mobile applications include authentication, data encryption,
Recording microphone
A recording microphone is a type of microphone that is used to capture audio recordings. In the context of the CompTIA SY0-601 Sec+ Exam, Section 3.4, it is a device used to record audio during a security assessment. It can be used to capture conversations or sound from an environment during a security assessment.
Self-encrypting drive (SED)/
A self-encrypting drive (SED) is a type of storage device with built-in encryption hardware that automatically encrypts and decrypts all data stored on the device. This type of drive is useful for protecting data from unauthorized access and for ensuring data confidentiality.
Trust model
A trust model is a set of rules and regulations that dictate how a system or network handles access control. It defines the rules for authentication and authorization, as well as the trust relationships between users, systems, and applications. In the context of the CompTIA SY0-601 Security+ Exam, Section 3.2 covers trust models, including user-to-user and user-to-system trust models.
API inspection and integration
API inspection and integration in the context of the CompTIA SY0-601 Sec+ exam is the process of analyzing application programming interfaces (APIs) to identify potential security risks and vulnerabilities. It also involves integration of security controls and measures into the API to protect it from those risks. This process includes examining the code and structure of the API, as well as identifying any security misconfigurations, weaknesses, or exploitable vulnerabilities.
Access control schemes
Access control schemes are methods used to control access to information systems and assets. They are based on the concept of assigning access rights to users based on their job roles and responsibilities. Access control schemes can include authentication methods such as passwords, biometrics, or two-factor authentication, as well as authorization mechanisms such as access control lists and role-based access control.
Access policies
Access policies are security policies that define who is authorized to access specific resources, such as servers, systems, applications, and data. They specify who can access resources, when they can access them, and how they can access them. Access policies also define the roles and responsibilities of users and administrators for managing access to resources.
Account audits
Account audits refer to the process of evaluating the security of user accounts in an IT system. This includes verifying that accounts are configured with the appropriate access levels and that user actions are being logged. Account audits are important for ensuring the confidentiality, integrity, and availability of the system and its data.
Account permissions
Account permissions refer to the rights and privileges that are associated with user accounts in an information system. These rights and privileges define what users are allowed to do within the system, such as create, modify, and delete files, run applications, and access network resources. Account permissions are typically based on roles or groups, and can be used to limit access to sensitive information.
Account policies
Account policies are an element of a security policy that governs the use of user accounts on a system or network. They are used to control user access, authentication and authorization, password complexity and expiry, account lockout duration, and other security-related settings. Account policies are one of the security measures that can be used to prevent unauthorized access to a system or network.
Account types
Account types in the context of the CompTIA SY0-601 Sec+ Exam, section 3.3, refer to the various types of computer user accounts. These accounts can be classified into three main categories: standard user accounts, administrative user accounts, and service accounts. Standard user accounts are typically used by regular users on a system, granting them access to specific resources and capabilities; administrative user accounts are used by system administrators to manage the system, granting them full access to the system
Active/active
Active/active is a term used to describe an environment where multiple instances of a system or application are running simultaneously, all in active, or production, mode. This type of setup is often used to increase the availability and scalability of an application or system. In the context of the CompTIA SY0-601 Sec+ Exam, section 3, active/active refers to an environment where two or more firewalls are in active, or production, mode and are working together to
Active/passive
Active/passive in the context of the CompTIA SY0-601 Sec+ Exam, Section 3.1 refers to the comparison between an active attack and a passive attack. Active attacks are attempts to gain unauthorized access to a system or network by exploiting its vulnerabilities. Passive attacks are attempts to gain unauthorized access to a system or network by intercepting or collecting data from the system or network without exploiting any vulnerabilities.
Agent and agentless
Agent: A software component that is installed on a host system and provides additional security features. It may be used to monitor and control the system, detect malware, and enforce policy.
Aggregators
Aggregators in the context of the CompTIA SY0-601 Sec+ Exam, section 3.1 refer to the tools and techniques used to gather and analyze data from multiple sources in order to gain insight into a particular situation. These tools and techniques can be used to identify trends, discover anomalies, and detect threats. Aggregators can also be used to identify patterns in data, such as malicious or suspicious activity.
Allow list
Allow list is a type of whitelisting which is the process of explicitly allowing access to a specific set of resources within a computer system. It is a security technique used to limit access to systems or networks by only allowing traffic from specific sources. It is one of the security controls covered in Section 3.3 of the CompTIA SY0-601 Security+ exam.
Intranet
An Intranet in the context of the CompTIA SY0-601 Sec+ Exam, section 3.3 is a private network that uses Internet technologies to securely share information, data, and resources within an organization. It can include webpages, file shares, applications, and other services that are only accessible to internal users.
Extranet
An extranet is a private network that uses internet protocols and is accessible to authorized users outside of an organization. It can be used to securely share information with customers, vendors, or other business partners. It is a common security control for organizations with multiple external business relationships.
Anti-malware
Anti-malware is a type of security software designed to detect, prevent, and remove malicious software, such as viruses, spyware, and ransomware. It is one of the key components of an organization's security posture and can help mitigate the risk of data breaches.
Antivirus
Antivirus is a type of security software designed to detect, prevent, and remove malicious software (malware) from a computer or network. It works by scanning for known malware signatures, patterns of suspicious activity, and other suspicious content. It can also monitor for suspicious changes in the system, such as changes to system files or registry settings.
Appliance vs. host-based vs. virtual
Appliance: An Appliance is a physical, dedicated hardware device that provides a specific set of security functions, typically in the form of a firewall or an intrusion detection/prevention system.
Application management
Application management in the context of the CompTIA SY0-601 Sec+ Exam, section 3.1, is the process of managing and controlling the applications on a network. This includes configuring, maintaining, monitoring, and patching applications to ensure they are secure and working properly. It also includes managing user access to applications, and ensuring that they are updated and patched when necessary.
Application security
Application security is the practice of ensuring the security of applications against security threats. This includes protecting against malware, unauthorized access, and other security vulnerabilities. It also involves developing secure coding practices, code reviews, and other measures to identify and mitigate potential security flaws. Application security is a critical component of the CompTIA SY0-601 Sec+ Exam, and it is covered in Section 3 of the exam.
Attribute-based access control (ABAC)
Attribute-based access control (ABAC) is a type of access control model used to define and enforce access decisions based on attributes associated with users, objects, and environments. It is based on the concept of policy-based access control, where access is granted or denied based on specific conditions that are set out in the policy. ABAC policies are typically expressed in a language called XACML, which is used to specify the conditions under which access should be granted. ABAC is
Authentication management
Authentication management is the process of managing user access to systems and resources by verifying the identity of users through authentication methods. This is a key concept for the CompTIA SY0-601 Security+ Exam, as it is covered in Section 3.1 of the exam. Authentication management involves monitoring authentication activities, implementing authentication controls, and ensuring that authentication systems are secure. It also involves verifying the identity of users using a variety of authentication methods, such as passwords, biometrics,
Authentication protocols
Authentication protocols are protocols that are used to verify the identity of a user or device in a network or computing environment. They typically involve the use of a username and password, two-factor authentication, public key infrastructure (PKI), and biometric authentication. Authentication protocols are essential in the CompTIA SY0-601 Security+ exam as they are a key component in the implementation of secure systems.
Authentication/authorization
Authentication/authorization is the process of verifying that a user has the appropriate credentials to access a system, application, or network. It is a critical component of the CompTIA SY0-601 Security+ Exam, Section 3.2, which covers access control methods and technologies. It includes topics such as authentication protocols, authentication factors, authorization models, and controlling access to resources.
Auto-update
Auto-update in the context of the CompTIA SY0-601 Sec+ Exam, section 3, refers to a process in which software or firmware is automatically updated to the latest version when available. This process typically occurs without the user's explicit knowledge or authorization, allowing for the system to stay up to date with the latest security patches and other software updates.
Biometrics
Biometrics in the context of the CompTIA SY0-601 Sec+ Exam, section 3.7 is defined as the use of physical or behavioral characteristics to authenticate the identity of an individual. Examples of physical biometrics include fingerprints, facial recognition, and iris scans. Examples of behavioral biometrics include keystroke dynamics, voice recognition, and gait analysis.
Bluetooth
Bluetooth is a short-range wireless technology for exchanging data between two or more devices. It is commonly used for connecting peripherals such as headsets and keyboards to computers, as well as for connecting multiple computers or devices together in a network.
Boot attestation
Boot attestation is a process used to ensure that only authorized software is loaded onto a system by verifying the software's integrity. This process is typically done during system boot-up and requires an authentication mechanism such as a digital signature or certificate. Boot attestation helps to protect a system from malicious software, such as viruses, rootkits, and Trojans.
Boot integrity
Boot integrity in the context of the CompTIA SY0-601 Sec+ Exam, section 3.1, is the process of validating the integrity of system components and processes that are executed during the boot process. This includes validating the integrity of the BIOS, the boot sector, and the boot loader, as well as any other components that are executed during the boot process. Additionally, boot integrity also ensures that the boot process is secure and cannot be tampered with or exploited
Boot security/Unified Extensible
Boot security/Unified Extensible Firmware Interface (UEFI) is a set of standards that enable a computer to boot an operating system. It is designed to replace the legacy Basic Input/Output System (BIOS) and provides a more secure boot process. UEFI can be used to secure the boot process by allowing only digitally signed boot loaders and drivers to be loaded, providing additional authentication of the boot process. UEFI also provides a secure environment to store credentials and other
Bridge Protocol Data
Bridge Protocol Data is a type of network data that is used to connect networks that use different protocols. It is used to help the networks communicate with each other and exchange data. It is also used to minimize the amount of traffic between networks. It is important to understand this concept for the CompTIA SY0-601 Sec+ Exam.
Bring your own device (BYOD)
Bring Your Own Device (BYOD) is a policy that allows employees to use their personal devices, such as smartphones, laptops, and tablets, to access corporate resources. From the perspective of the CompTIA SY0-601 Sec+ Exam, section 3.1, BYOD policies require a comprehensive security plan in order to ensure the security of the corporate network and resources. The security plan should include authentication, authorization, access control, and data encryption requirements. Additionally, the security
Broadcast storm prevention
Broadcast storm prevention is a network security technique used to protect against a broadcast storm, which is a type of network attack that causes a network to be flooded with broadcast messages. This can lead to a denial of service attack and can even cause the network to crash. Broadcast storm prevention techniques include limiting the number of broadcast messages per second, disabling unnecessary services, and using VLANs to segregate broadcast traffic.
CASB
CASB stands for Cloud Access Security Broker. It is a security service that sits between cloud service consumers and cloud service providers. It acts as a gateway to monitor, control, and secure cloud-based traffic.
CN
CN stands for Common Name, which is a type of attribute in an X.509 digital certificate. Common Name is used to identify the entity associated with the certificate, such as a website, server, or individual.
Camera use
Camera use in the context of the CompTIA SY0-601 Sec+ Exam, section 3.3 refers to the use of security cameras to monitor activities in restricted areas. This includes the installation of cameras in strategic locations, as well as the use of recorded videos and images for investigative purposes. Additionally, camera use may involve understanding how to properly configure and manage camera systems and how to use video analytics for security purposes.
Captive portals
Captive portals are a type of network security feature used to authenticate users before they can gain access to a public Wi-Fi network. They are usually implemented in the form of a web page containing a login form that must be completed before the user is granted access to the network. Captive portals are commonly used in public Wi-Fi hotspots, such as those found in airports, hotels, and coffee shops.
Carrier unlocking
Carrier unlocking is the process of unlocking a mobile device, such as a smartphone, from a specific carrier so that it can be used with a different carrier. It is usually done by entering a code that is provided by the new carrier.
Cellular
Cellular in the context of the CompTIA SY0-601 Sec+ Exam, section 3.1, refers to the use of cellular networks for data transmission. This includes the use of cellular data services, such as 3G, 4G, and 5G, for connecting devices to each other, the internet, or other networks.
Certificate attributes
Certificate attributes are the characteristics of digital certificates that are used to describe the certificate, such as the type of algorithm used, the subject name, the issuing CA, the validity period, the purpose, and the public key. These attributes are referenced in the CompTIA SY0-601 Sec+ Exam, section 3.1 as part of the topic of digital certificates.
Certificate chaining
Certificate chaining in the context of the CompTIA SY0-601 Sec+ Exam, section 3.3 is the process of validating a digital certificate by verifying the trustworthiness of each certificate in a chain of certificates. This involves verifying the issuer of each certificate, the digital signature associated with each certificate, and the certificate revocation status of each certificate. It is a key component of public key infrastructure (PKI) and is used to ensure the authenticity of digital certificates.
Certificate formats
Certificate formats in the context of the CompTIA SY0-601 Sec+ exam refer to the various types of digital certificates that can be used for authentication, encryption, and digital signatures. These formats include X.509 certificates, OpenPGP certificates, and S/MIME certificates. X.509 certificates are the most commonly used certificates for authentication and encryption, while OpenPGP certificates are used for encryption and digital signatures. S/MIME certificates are used for digital signatures
Certificates
Certificates in the context of the CompTIA SY0-601 Sec+ Exam, Section 3.2 refers to digital documents that use cryptographic techniques to prove the identity of a user, service, or device. Certificates are used to secure communications between clients and servers, enable single sign-on (SSO) authentication, and provide authentication for public-key infrastructure (PKI).
Challenge-Handshake
Challenge-Handshake Authentication Protocol (CHAP) is an authentication protocol used to provide secure authentication between two devices. In the context of the CompTIA SY0-601 Security+ exam, CHAP is used to authenticate users and devices in a network. CHAP requires the client to prove their identity to the server by sending a unique encrypted challenge phrase, which is then compared to the encrypted challenge phrase stored on the server. If the two phrases match, the user is
Channel overlaps
Channel overlaps refer to the overlapping areas of the wireless spectrum caused by overlapping channels in 802.11 wireless networks. These overlaps can lead to decreased throughput and interference due to other networks operating on the same channels.
Choose your own device (CYOD)
Choose Your Own Device (CYOD) is a security policy that allows users to select their own device, such as a laptop or tablet, to use for work. This policy is designed to address the needs of an organization's mobile workforce and give users more control over their work environment. It can help reduce the cost of purchasing and maintaining hardware, and increase the organization's flexibility in terms of device selection. In the context of the CompTIA SY0-
Cloud native controls vs.
Cloud native controls are security measures that are built into cloud platforms and services that are designed to protect data and resources. This includes authentication and access control, data encryption, and secure logging and auditing.
Cloud security controls
Cloud security controls refer to the security measures implemented to protect data and systems stored in the cloud. These measures include authentication, access control, encryption, and data loss prevention. They also include monitoring and logging, patch management, and incident response. These security controls are designed to protect data and systems from unauthorized access, malicious activity, and other security threats.
Code signing
Code signing is a process used to authenticate the source of an application or code and verify its integrity. It ensures that the code or application has not been altered or tampered with and that it comes from a trusted source. It also provides a way for users to verify the identity of the publisher.
Collectors
Collectors are components that gather data from different sources (such as user logs, system logs, network traffic, and system events) to create a comprehensive view of the system and network activities. They are often used to detect suspicious activity or to monitor compliance with security policies.
Compute
Compute, in the context of the CompTIA SY0-601 Sec+ Exam, section 3.1, is the ability to install, configure, and maintain computers and other related hardware and software, including virtualization technologies, network infrastructure components, storage systems, and cloud services. It also includes the ability to troubleshoot and resolve computer and related technology issues.
Concepts
Concepts in the context of the CompTIA SY0-601 Sec+ Exam, section 3.0 refer to the core ideas and understandings of the security principles and technologies that are tested within the exam. The concepts include the fundamentals of security, threats and vulnerabilities, access control, cryptography, and other security topics. They serve as the foundation for the knowledge and skills needed to pass the exam.
Conditional access
Conditional access is an authentication and authorization mechanism used in computer networks that restricts access to resources based on certain conditions. In the context of the CompTIA SY0-601 Sec+ Exam, section 3.2, conditional access is a security control that can be used to enforce access control requirements, such as requiring authentication of users before granting access to resources or enforcing least privilege or separation of duties.
Connection methods and receivers
Connection methods and receivers refer to the ways in which two or more computers or devices connect or communicate with each other. In the context of the CompTIA SY0-601 Sec+ exam, this could include wired connections such as Ethernet, wireless connections such as Wi-Fi, and various types of receivers, such as Bluetooth or infrared.
Container security
Container security in the context of the CompTIA SY0-601 Security+ Exam, section 3.7, refers to the security measures taken to protect the integrity of containers such as Docker or Kubernetes. This includes the use of authentication, access control, encryption, and other methods to ensure that only authorized users can access the container and its contents.
Containerization
Containerization is a virtualization method used to isolate applications and their resources from the underlying operating system. It allows for the combination of multiple applications and services in a single container that can be managed and deployed as a single unit. Containerization can be used to improve application portability, scalability, and security.
Content management
Content management in the context of the CompTIA SY0-601 Sec+ Exam, section 3.2 is the process of managing digital content such as text, documents, images, audio, and video. It includes the planning, creation, storage, publishing, and archiving of digital content. Content management is important in the context of security because it helps to control access to sensitive information and ensure that only authorized personnel can access it.
Content/URL filter
Content/URL filtering is a security technique that can be used to control the content or URLs that can be accessed on a network. It is used to control the types of webpages, websites, or other content that can be accessed from the network, and to protect users from malicious websites, malware, and other threats. Content/URL filtering can also be used to enforce acceptable use policies or other organizational policies.
Context-aware authentication
Context-aware authentication is a type of authentication process that uses contextual elements to determine the risk associated with a given authentication request. Context-aware authentication can include factors such as the physical location of the user, the type of device being used, the user's access history, and the user's identity. Context-aware authentication helps organizations to better protect their systems from unauthorized access by ensuring that authentication requests are only granted when the associated risk is deemed acceptable.
Controller and access point security
Controller and access point security in the context of the CompTIA SY0-601 Sec+ Exam, section 3.2 refers to the processes and techniques used to secure wireless local area networks (WLANs). This includes authentication and encryption methods, as well as techniques to limit access to the network. It also covers the security measures implemented by the access points and controllers themselves, such as access control lists, MAC filtering, SSID hiding, and rogue access point detection.
Corporate-owned
Corporate-owned in the context of the CompTIA SY0-601 Sec+ Exam, section 3.1, refers to a device or system that is owned and managed by a company. It is the responsibility of the organization to secure the device or system and any data stored on it.
Cost
Cost is a factor in risk management that considers the time, money, and resources required to implement a security solution. It includes both the initial outlay of resources and any potential loss of revenue that may be incurred due to the implementation of the security solution.
Counter-mode/CBC-MAC
Counter-mode/CBC-MAC (or CCM) is a message authentication code (MAC) algorithm used for encryption and authentication of data in wireless networks. It is based on the AES block cipher, and uses both counter mode and cipher block chaining (CBC) to provide encryption and authentication. It is used to protect data sent over wireless networks and ensure that only authorized parties can access the data.
Cryptographic protocols
Cryptographic protocols are a set of rules or processes used to protect and secure data. They include the use of encryption algorithms, digital signatures, authentication, access control, and key exchange. Cryptographic protocols are used to protect data transmissions, provide authentication, and ensure data integrity. Cryptographic protocols are essential for maintaining the security of the information being transmitted, and are the foundation of secure communication.
Custom firmware
Custom firmware is software that is developed for a specific device or platform that replaces the original firmware of the device. It is designed to add functionality or modify existing functionality to the device in order to meet the needs of the user. Custom firmware can be used to secure a device or to extend its capabilities.
DLP
DLP stands for Data Loss Prevention and is a security measure to protect data from being accessed by unauthorized users. It can be used to monitor and detect sensitive data being transferred or stored outside of a secure environment and can be used to prevent data from being accessed, leaked, or modified.
DNS
DNS stands for Domain Name System and is a hierarchical naming system for computers, services, or other resources connected to the Internet or a private network. It is used to translate domain names into numerical IP addresses, which computers use to communicate with each other.
Deployment models
Deployment models are the various ways in which information systems can be deployed. In the context of the CompTIA SY0-601 Sec+ Exam, Section 3.1, deployment models include cloud computing, virtualization, thin-client computing, and traditional client/server architectures. Cloud computing is a model of data processing that involves using remote servers hosted on the Internet to store, manage, and process data, rather than local servers or personal computers. Virtualization is the process of
Directory services
Directory services are systems that store, organize, and provide access to information about network resources, such as users, computers, and other devices. Examples of directory services are Microsoft's Active Directory and OpenLDAP. Directory services help manage network resources by providing authentication, authorization, and policy enforcement.
Disablement
Disablement in the context of the CompTIA SY0-601 Sec+ Exam, section 3.2 is the process of disabling a user account, a device, or an application when it is no longer needed or when an issue has been identified. It is a security measure which is used to prevent unauthorized access to systems and resources.
Discretionary access control (DAC)
Discretionary access control (DAC) is a type of access control that allows the owner or administrator of a system to decide which users or groups will have access to the system and what type of access they will have. It is based on the principle that the user has control over who can access their resources and what kind of access they will receive. It is commonly employed in operating systems, databases, and network resources.
Disk encryption
Disk encryption is a security measure that encrypts data stored on a disk. In the context of the CompTIA SY0-601 Sec+ Exam, this involves encrypting data stored on a hard drive, optical drive, USB drive, or other type of disk storage media. This ensures that the data is unreadable without the correct key or authentication credentials.
Distinguished encoding rules (DER)
Distinguished Encoding Rules (DER) is a standard for encoding and decoding digital certificates and other objects used in cryptography. It is a binary format used to represent data objects with specific structure, such as a Public Key Certificate, and is defined in the X.690 series of ITU-T standards. DER is often used in the context of Public Key Infrastructure (PKI), where it is used to store and transmit digital certificates and other objects. It is also used as a
Domain name resolution
Domain Name Resolution is the process of resolving a domain name into an IP address. This process is used by DNS to take a domain name, such as www.example.com, and convert it into an IP address such as 192.168.1.1. This process is necessary for a host to be able to make a connection to a domain.
Domain validation
Domain validation is a type of authentication that verifies the identity of an entity by validating the domain associated with the entity. In the context of the CompTIA SY0-601 Sec+ Exam, this is a process used to ensure that only trusted services and applications can access an organization's network resources. Domain validation can be implemented through the use of technologies such as digital certificates, public key infrastructure (PKI), and digital signatures.
Dynamic Host Configuration
Dynamic Host Configuration Protocol (DHCP) is a network protocol used to dynamically assign IP addresses to network devices. It allows a network administrator to manage and control IP addresses from a central location, providing the ability to add or remove devices from the network without having to manually configure each device. DHCP also simplifies the process of changing IP addresses when needed.
Dynamic code analysis
Dynamic code analysis is a type of security testing that examines source code while the code is in execution. This type of analysis focuses on real-time understanding of the code and its behavior. It looks for any potential security issues, such as buffer overflow flaws or memory leaks. The analysis also looks for any anomalies in the code that could be exploited by an attacker.
Dynamic resource allocation
Dynamic resource allocation is a security control in which resources, such as computing power or memory, are allocated to systems or applications on an as-needed basis. This is important for the CompTIA SY0-601 Sec+ exam because it helps to ensure that systems and applications are able to meet their performance requirements without wasting resources. With dynamic resource allocation, IT administrators can ensure that their system's resources are being used efficiently and securely.
EAP
EAP stands for Extensible Authentication Protocol. It is a protocol used in networks to authenticate users and devices. It is covered in the CompTIA SY0-601 Security+ exam, Section 3.1, as part of the security architecture and design domain.
EAP-FAST
EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling) is an authentication protocol used in secure network access. It is designed to provide secure authentication for both wireless and wired networks and is one of the protocols covered in the CompTIA SY0-601 Sec+ Exam, section 3.1. It is a secure version of the EAP protocol and uses TLS (Transport Layer Security) to authenticate users and encrypt the data traveling between
EAP-TLS
EAP-TLS (Extensible Authentication Protocol - Transport Layer Security) is a mutual authentication protocol used in wireless networks that provides strong cryptographic authentication and privacy protection. It is an IEEE 802.1X protocol and is commonly used in enterprise networks. It is one of the authentication methods covered in the CompTIA SY0-601 Security+ exam in section 3.2.
EAP-TTLS
EAP-TTLS (Extensible Authentication Protocol-Tunneled Transport Layer Security) is a secure network authentication protocol defined in RFC 5281 and is one of the most common authentication methods used in 802.1x wireless networks. It is a two-phase authentication protocol where the client is authenticated using a username and password in the first phase. Once the client is authenticated, the second phase encrypts the data using an encrypted tunnel. EAP-TTLS is often used
East-west traffic
East-west traffic in the context of the CompTIA SY0-601 Sec+ Exam, section 3.1, is traffic that is generated between devices within the same network segment, such as from a server to a workstation or from one virtual machine to another. East-west traffic is considered internal traffic and should be segmented and monitored to protect against malicious intrusions and attacks.
Email and web
Email and web in the context of the CompTIA SY0-601 Sec+ Exam, section 3.1 refer to the security measures and concepts related to the use of email and web technologies. This includes topics such as email policies, web security principles, email encryption, web authentication methods, and other related topics.
Email is an electronic messaging system that allows users to send and receive messages over the internet. It is commonly used to communicate with colleagues, customers, and vendors. It is important to secure email traffic to protect confidential data. The SY0-601 Exam covers topics related to email security such as encryption, authentication, and anti-spam measures.
Encryption
Encryption is the process of encoding data into an unreadable form using an algorithm and a key, making it accessible only to authorized parties. It is used to protect data in transit from interception or alteration.
Endpoint detection
Endpoint detection in the context of the CompTIA SY0-601 Sec+ Exam, section 3.1 is a process of monitoring endpoints (e.g. workstations, laptops, and mobile devices) for malicious activity or policy violations. Endpoint detection typically involves the use of security software and/or hardware to detect, alert, and protect against potential threats.
Endpoint protection
Endpoint protection in the context of the CompTIA SY0-601 Sec+ Exam is a type of security that encompasses the protection of an endpoint device and the user data stored on it. This includes patch management, malware prevention, antivirus, firewalls, and other measures that help protect the device and user data from unauthorized access.
Enforcement and monitoring of:
Enforcement and monitoring of: refers to the policies and procedures that are put in place to ensure the security of a system or network. This includes monitoring the system for any suspicious activity and enforcing any security policies that are in place. It also includes ensuring that users are following proper security protocols, such as not sharing passwords or using strong passwords. Finally, it involves monitoring for any potential security threats, such as viruses or other malicious software, and responding appropriately to any threats that are detected.
Expiration
Expiration in the context of the CompTIA SY0-601 Sec+ Exam is the process of disabling a user's access to a given system or resource when a certain specified time limit has been reached. It is a security measure used to ensure that accounts do not remain open for an indefinite period of time, allowing an intruder to gain access to the system.
Extended validation
Extended validation is a security measure that requires a higher level of authentication to ensure that an entity is who they claim to be. In the context of the CompTIA SY0-601 Sec+ Exam, section 3.3, extended validation is a process that requires an additional layer of authentication for an entity to be verified as a legitimate entity, such as a company, organization, or individual. This could include providing additional documentation or other forms of proof.
Extensible Authentication
Extensible Authentication Protocol (EAP) is a network authentication protocol used in the secure authentication of wireless networks, allowing for the authentication of a user before granting access to a network. It provides a framework for multiple authentication methods, which allows organizations to choose the most suitable authentication method for their environment. EAP can be used with a variety of authentication methods, including certificates, tokens, and passwords.
External media
External media in the context of the CompTIA SY0-601 Sec+ Exam, section 3.1, refers to any removable storage device that can be used to store data, including USB drives, external hard drives, and optical media such as CDs and DVDs. External media can be a security risk if not properly protected, as attackers may use it as a means of exfiltrating data or introducing malicious code into a system.
File Transfer Protocol, Secure (FTPS)
File Transfer Protocol, Secure (FTPS) is a network protocol used for secure file transfer over a TCP/IP network. It encrypts both the command channel and data channel for secure transfers. FTPS is an extension of the standard FTP protocol and is used to provide secure file transfers over the Internet. It is one of the protocols used to secure file transfer in the CompTIA SY0-601 Sec+ Exam, Section 3.1.
File integrity monitors
File integrity monitors are systems or applications that monitor files and directories for changes, such as unauthorized modifications, deletions, or additions. They can alert administrators or take automated action when any changes are detected. File integrity monitoring is a critical part of any security program and is a key security control in the CompTIA SY0-601 Security+ certification exam.
Filesystem permissions
Filesystem permissions refer to the settings that determine which users or groups of users are allowed to access and/or modify files and folders on a computer system. These permissions can be set at the individual file or folder level, as well as at the system level. These settings control who can read, write, execute, or delete files, as well as who can make changes to the file or folder's attributes. By setting filesystem permissions, administrators can ensure that only authorized personnel can access sensitive
Firewall considerations
Firewall considerations in the context of the CompTIA SY0-601 Sec+ Exam, Section 3.2, refer to the ability of the firewall to inspect and control network traffic. Firewall considerations include configuring the firewall to allow only authorized traffic to pass, blocking unauthorized traffic, preventing malicious code from entering the network, preventing denial of service attacks, and controlling access to sensitive data. Additionally, the firewall should be configured to monitor and log all network traffic, and alert administrators
Firewalls
Firewalls are a type of network security device that can monitor and control incoming and outgoing network traffic based on predetermined security rules. Firewalls can be both hardware-based and software-based, and are commonly used to protect networks from unauthorized access. Firewalls can be used to restrict access to specific services, block malicious traffic, and prevent unauthorized users from accessing confidential data.
Firmware over-the-air (OTA) updates
Firmware over-the-air (OTA) updates are a type of software update that allows for the installation of security patches and other updates to a device's firmware without the need for a physical connection. This type of update is especially important for devices that are not easily accessed, such as IoT devices, to ensure they are up to date with the latest security patches and features. OTA updates can also be used for mobile devices, such as smartphones and tablets, and are often
Forward
Forward in the context of the CompTIA SY0-601 Sec+ Exam, section 3.1 is the process of sending data from one network node to another, typically over the internet. It is an essential part of communication between computers and networks, allowing data to be routed from its source to its destination.
Full device encryption
Full device encryption is an encryption method that ensures that all data stored on a device is encrypted and can only be accessed with a unique key. It is used to protect data stored on mobile devices and laptops, as well as data stored on servers and cloud-based storage. It is a key component of the Security+ exam and is covered in Section 3.2.
Fuzzing
Fuzzing is a type of automated security testing technique that involves providing invalid, unexpected, or random data to a target application in order to identify potential security vulnerabilities. It is used to uncover security bugs or weaknesses in application code by sending a continuous stream of random data to the target application, which will cause the application to crash or behave abnormally.
GPS tagging
GPS tagging is a method of adding geographic information to digital photographs taken with a GPS-enabled camera. This tagging is used to track the location and time of the photos, allowing for more accurate records. GPS tagging can be used to establish a timeline of events or for forensic purposes.
Geofencing
Geofencing is a feature of mobile device management (MDM) systems that uses GPS or RFID to create a virtual boundary around a geographic area. It can be used to limit access to certain areas and restrict the use of mobile devices within those boundaries. For example, it could be used to prevent employees from using their mobile devices in sensitive areas or to block access to certain websites.
Geolocation
Geolocation in the context of the CompTIA SY0-601 Sec+ Exam, section 3.2 is the process of identifying the geographic location of a device or user by using technologies such as Global Positioning System (GPS) and IP address lookups. Geolocation can be used to detect and prevent malicious activity or to provide location-based services, such as weather reports.
Geotagging
Geotagging is the process of adding geographical information to digital media, such as photos and videos. This information is usually in the form of coordinates (latitude and longitude) or place names. Geotagging can be used to track user movements, provide context for digital media, or create location-based services.
Global Positioning System (GPS)
Global Positioning System (GPS) is a satellite-based navigation system that allows users to determine their exact location and track their movements. GPS is used in a variety of applications, including navigation, location-based services, and tracking of assets. GPS can be used to access geolocation information, which can be used in security systems to limit access to a particular geographic area.
Guest accounts
Guest accounts are user accounts that are created to allow temporary access to systems or networks for visitors or outside contractors. These accounts typically have limited privileges and are used to provide access to resources without compromising the security of the system. Guest accounts are typically set up with a limited expiration date and the account is disabled after the expiration date.
HSM
HSM stands for Hardware Security Module, which is a physical device that provides secure cryptographic key storage and cryptographic processing. It is used to protect sensitive data and can provide authentication, integrity, and encryption services.
HTML5
HTML5 is a markup language used for structuring and presenting content on the World Wide Web. HTML5 is the fifth and current version of the HTML standard, and defines a set of rules for how web content should be structured and displayed. HTML5 is not only used for webpages, but can also be used to create mobile applications, interactive web forms, and dynamic content.
Hardening
Hardening in the context of the CompTIA SY0-601 Sec+ Exam, section 3.0, is the process of securing a system, device, or application by reducing its surface of vulnerability. This is done by eliminating unnecessary services and features, ensuring that the latest security patches are applied, disabling unnecessary accounts, and configuring access control lists to prevent unauthorized access.
Hashing
Hashing is a process used to store and verify passwords and other sensitive information. In the context of the CompTIA SY0-601 Sec+ Exam, section 3.1, hashing is a process where a cryptographic algorithm is used to transform a plaintext password into a secure, encrypted form that is unreadable to unauthorized personnel. Hashing is a one-way process, meaning that the original message cannot be reconstructed from the hashed output.
Heat maps
Heat maps in the context of the CompTIA SY0-601 Sec+ exam, section 3.4 are graphical representations of data that can be used to help visualize the data in a more meaningful and eye-catching way. Heat maps are typically used to analyze and compare data sets in order to identify potential security risks or vulnerabilities. Heat maps use color coding to represent the intensity of a particular data point. For example, a heat map may show the number of failed log-in
Heuristic/behavior
Heuristic/behavior in the context of the CompTIA SY0-601 Sec+ Exam, Section 3.1 is the process of using experience, intuition, and insight to make decisions and solve problems quickly. Heuristics helps security professionals identify potential threats and vulnerabilities, and guide their decision-making in determining the best course of action to counter these threats.
High availability across zones
High availability across zones is a security principle that focuses on providing secure access to applications and services even when a single data center or network service is unavailable. This means that the data and applications are spread across multiple data centers or networks, providing redundancy and backup in the event that one of the data centers or networks goes down. This helps to ensure that the system remains available and secure even when one of the data centers or networks is unavailable.
High availability
High availability is a key component of any secure network infrastructure. It refers to the ability of a system to remain available and functioning at all times, regardless of any potential outages or other disruptions. High availability is achieved by having redundant components, such as servers, networks, and storage, as well as fault-tolerance measures like clustering. These components and measures help ensure that the system can remain up and running, even in the face of unexpected failures.
Host-based intrusion detection
Host-based intrusion detection is the process of monitoring and analyzing the activities on a networked computer to detect malicious activities. It involves monitoring events such as logins, file access, and changes to system files to detect unauthorized activity. Host-based intrusion detection systems (HIDS) are used to detect intrusions in real-time and provide alerts when suspicious activities are detected.
Host-based intrusion prevention
Host-based intrusion prevention is a type of security control that is implemented at the host level to detect and prevent malicious activity on a computer system. Host-based intrusion prevention systems (HIPS) are designed to monitor and detect malicious activity such as attempted data exfiltration or malicious code execution. The HIPS can then take action to stop the malicious activity, such as blocking network connections or terminating the malicious process.
Hypertext transfer protocol
Hypertext Transfer Protocol (HTTP) is a communication protocol used to transfer data between a web server and a web browser. It is used to request and send webpages over the Internet, and is the foundation of the World Wide Web. HTTP is an application layer protocol that operates over the TCP/IP protocol suite.
Hypertext Transfer
Hypertext Transfer is a method of communication between two computers, or between a client and a server, over the Internet. It is used to transfer webpages between computers and to make them available to users. Hypertext Transfer Protocol (HTTP) is the protocol used to transfer webpages and other documents on the World Wide Web.
IEEE 802.1X
IEEE 802.1X is a protocol used for authentication of devices on a network. It is based on the Extensible Authentication Protocol (EAP) and is used to control access to a network by using authentication methods such as username and password, one-time passwords, or digital certificates. It can also be used to control the levels of access available to different users.
IPSec
IPSec is a suite of protocols used to secure IP communications by authenticating and encrypting each IP packet of a data stream. It is commonly used to secure Virtual Private Networks (VPNs) and is one of the most popular protocols used in today's networks. It is included in the CompTIA SY0-601 exam in Section 3.1, which covers network security.
Identity provider (IdP)
Identity Provider (IdP) is an entity that provides users with access to network resources and services by verifying the user's digital identity. An IdP is responsible for authenticating users, maintaining user account information, and providing secure access to the network. It is also responsible for authorizing users for access to resources, and providing secure communication between the user and the network.
Impossible travel time/risky login
Impossible travel time/risky login in the context of the CompTIA SY0-601 Sec+ Exam is when a user attempts to log in to a system from a remote location using a device that is not authorized by the organization. It is considered a security risk because it could potentially allow an unauthorized user to access the system.
Solutions
In the CompTIA SY0-601 Sec+ Exam, section 3, "Solutions" is defined as the implementation of the security policy and procedures to protect an organization's assets. This includes the use of tools, techniques, and processes that can help to identify, prevent, and mitigate threats.
Implications of IPv6
In the context of the CompTIA SY0-601 Sec+ Exam, Implications of IPv6 refer to the potential security risks that accompany the transition from IPv4 to IPv6. IPv6 has a larger address space than IPv4, which means that there are more potential attack vectors that can be used to target IPv6 systems. Additionally, IPv6 lacks the traditional security features that IPv4 has, such as access control lists and Network Address Translation, which can make it more
Identity
In the context of the CompTIA SY0-601 Sec+ Exam, Section 3, identity is defined as "the collection of characteristics and information that defines an individual, such as name, age, address, physical characteristics, and biometric information, which can be used to authenticate a user's identity."
Anomaly
In the context of the CompTIA SY0-601 Sec+ Exam, Section 3.0, an anomaly is an event or behavior that deviates from the expected or normal state. An anomaly may be caused by malicious activity or may indicate an unauthorized attempt to gain access to the system or data.
Registration authority (RA)
In the context of the CompTIA SY0-601 Sec+ Exam, Section 3.1, a Registration Authority (RA) is an entity that verifies the identity of a user, system, or device before providing access to a network or other secure system. RA's are responsible for establishing, maintaining, and verifying the identity of users and systems. They may also provide additional services such as distributing certificates and revoking certificates when necessary.
Hotspot
In the context of the CompTIA SY0-601 Sec+ Exam, Section 3.1, a hotspot is a wireless access point (WAP) that is used to provide users with access to a network. Hotspots are typically used in public places such as coffee shops, airports, and hotels, and are typically open to anyone.
File transfer
In the context of the CompTIA SY0-601 Sec+ Exam, Section 3.1, file transfer is the process of copying or moving a file from one computer or server to another over a network. It is typically done using a protocol such as FTP, SFTP, or SCP. File transfer protocols allow for the secure transmission of data over the network.
Persistence
In the context of the CompTIA SY0-601 Sec+ Exam, Section 3.1, persistence refers to the ability of malicious actors to maintain access to a system, even after a reboot or other system event. This is often accomplished through malicious software that is configured to run when the system boots up.
.cer
In the context of the CompTIA SY0-601 Sec+ Exam, Section 3.2, a '.cer' file is a digital certificate file that is used to authenticate and verify the identity of a user or system. It contains information such as the identity of the certificate-holder, the public key of the certificate-holder, and the digital signature of the issuing certificate authority.
Database
In the context of the CompTIA SY0-601 Sec+ Exam, Section 3.2, a Database is a structured collection of data stored in a computer system that can be accessed, manipulated, and managed by authorized personnel. A database typically consists of multiple tables, which are used to store and organize related information. The database can be queried to retrieve specific data and generate reports.
Network
In the context of the CompTIA SY0-601 Sec+ Exam, Section 3.2, a network is a collection of interconnected computers, devices, and other resources that can communicate with each other over a communications medium such as Ethernet or WiFi. A network enables users to share resources such as files, printers, and applications.
Methods
In the context of the CompTIA SY0-601 Sec+ Exam, Section 3.3, methods refer to the techniques, procedures, and processes used to secure and protect information systems and assets. Examples of methods include access control, encryption, authentication, and monitoring.
Open ports and services
In the context of the CompTIA SY0-601 Sec+ Exam, Section 3.3, open ports and services refer to ports and services that are accessible to the public, either directly or through a firewall. Open ports and services can be used to access a system or network, and can be exploited by malicious actors if they are not securely configured. Common open ports and services include Telnet, FTP, HTTP, and SSH.
Always-on
In the context of the CompTIA SY0-601 Sec+ Exam, section 3.1, Always-on is a type of network architecture in which the network is always available to users, regardless of the time of day. This type of architecture is often used for critical systems, such as those used in medical or financial organizations, due to the need for constant access.
Attributes
In the context of the CompTIA SY0-601 Sec+ Exam, section 3.1, attributes are characteristics associated with a resource or object that are used to identify it. Attributes can include labels, descriptions, and access control details. Examples of attributes include user IDs, passwords, access control lists, encryption methods, and group membership.
Permissions
In the context of the CompTIA SY0-601 Sec+ Exam, section 3.1, permissions refer to the rules that define who is allowed to access which resources on a system, and what those users can do with those resources. This includes privileges such as read, write, execute, and delete. Permissions are typically assigned to users, groups, and/or objects.
Tokens
In the context of the CompTIA SY0-601 Sec+ Exam, section 3.1, tokens are authentication methods that require a user to provide two or more pieces of evidence to gain access to a system. The pieces of evidence can include a physical token or a combination of something the user knows (e.g. a password) and something the user has (e.g. a smart card).
Virtual IP
In the context of the CompTIA SY0-601 Sec+ Exam, section 3.2, a Virtual IP (VIP) is an IP address used by a server to provide services to multiple clients. This type of IP address allows for multiple services to be provided to multiple clients simultaneously. A VIP is typically assigned to a router or firewall, and is used to provide access to multiple services from a single IP address.
Machine/computer
In the context of the CompTIA SY0-601 Sec+ Exam, section 3.2, a machine/computer is defined as any device with a processor and memory that is capable of running an operating system and applications, such as a laptop, desktop, or mobile device.
Hardware vs. software
In the context of the CompTIA SY0-601 Sec+ Exam, section 3.2, hardware refers to physical components of a computer system such as a processor, motherboard, memory, storage, display, and peripherals. Software, on the other hand, refers to the set of instructions or programs that enable the hardware components to work together and processes data. Examples of software include operating systems, applications, and drivers.
Mobile devices
In the context of the CompTIA SY0-601 Sec+ Exam, section 3.2, mobile devices are any handheld devices such as smartphones, tablets, and wearable technology that are used to store or access data on the go. Mobile devices are often used for communication, computing, and the transfer of data.
Site surveys
In the context of the CompTIA SY0-601 Sec+ Exam, section 3.2, site surveys are a type of vulnerability assessment that involves physically visiting the site to evaluate its physical security measures, including building access, light levels, walls, and locks. Typically, the site survey will also assess the wireless network signal strength and any other potential sources of interference, such as radio signals or cellular towers. The goal is to identify any security risks or potential threats that may exist
Registry
In the context of the CompTIA SY0-601 Sec+ Exam, section 3.2, the Registry is a database that stores configuration information about the operating system and applications. It is used to control how the operating system and applications behave, and the information stored in the registry is essential for the proper functioning of the system and its applications.
Wildcard
In the context of the CompTIA SY0-601 Sec+ Exam, section 3.2, the term Wildcard is used to refer to a character used in a search query to represent one or more characters. It is typically represented by an asterisk (*). For example, a search query for "*security" would return all words that end in "security".
Network address
In the context of the CompTIA SY0-601 Sec+ Exam, section 3.3, a Network address is an identifier assigned to a device or group of devices on a network. It is used to route traffic between different subnets and is typically assigned to a network interface. It is also known as the IP address.
Sensors
In the context of the CompTIA SY0-601 Sec+ Exam, section 3.3, sensors are devices or software programs that detect and measure physical or environmental conditions such as temperature, humidity, motion, light, sound, vibration, or pressure. They are used to monitor and control systems, detect intrusions, or provide input for automation systems.
Wireless access point
In the context of the CompTIA SY0-601 Sec+ Exam, section 3.7, a Wireless Access Point (WAP) is a device that provides wireless communications between different devices. It is typically used to extend the coverage of a wireless local area network (WLAN) or to connect two or more wireless networks together. WAPs are also used to provide network access to mobile devices such as laptops, tablets, and smartphones.
Intermediate CA
In the context of the CompTIA SY0-601 Sec+ Exam, section 3.8, an Intermediate CA is a Certificate Authority that is subordinate to the Root CA and is responsible for issuing certificates to other entities. It is the primary issuer of end-entity certificates, as the Root CA typically only issues certificates to other CAs. Intermediate CAs can be used to create a chain of trust, where the Root CA trusts the Intermediate CA and the Intermediate CA trusts the end
Pinning
In the context of the CompTIA Security+ SY0-601 exam, "pinning" refers to the process of verifying the integrity of a digital certificate by matching the public key of the certificate to the public key of the certificate authority that issued it. Pinning can be used to ensure that the certificate being presented by a server is the same certificate that was originally issued. This process helps to protect against man-in-the-middle attacks, where an attacker could present a
Infrared
Infrared is a wireless communication technology that uses invisible light waves in the infrared spectrum to transmit data between two devices. It is commonly used in devices such as remote controls and wireless headsets.
Inline vs. passive
Inline vs. passive refers to two methods used to protect networks from malicious traffic. Inline security, such as firewalls and intrusion prevention systems, are actively monitoring the network traffic and actively blocking malicious traffic. Passive security, such as honeypots and honeynets, are not actively monitoring the network traffic but instead monitoring for suspicious activity and can alert administrators of malicious traffic.
Input validations
Input validations are techniques used to ensure the data entered into a system is valid and secure. Examples of input validations include whitelisting, blacklists, format checks, and input length checks. These validations help to ensure that only valid data is entered into the system, which reduces the risk of malicious or erroneous data entering the system.
Installation considerations
Installation considerations in the context of the CompTIA SY0-601 Sec+ Exam, section 3.3 refer to the various factors that must be taken into account when installing network security measures. These considerations can include, but are not limited to, the following:
Instance awareness
Instance awareness in the context of the CompTIA SY0-601 Sec+ Exam, section 3.2, is the ability to identify a specific instance of a system or component within a larger network. This type of awareness is important for security professionals, as it allows them to identify and respond to potential security threats quickly and effectively. It also helps them to keep track of changes to the system and make sure that all users have the appropriate privileges and access.
Integration and auditing
Integration and auditing in the context of the CompTIA SY0-601 Sec+ Exam, section 3.2 refers to the process of integrating security solutions into existing networks and systems, as well as carrying out audits to ensure their effectiveness. This includes identifying threats, vulnerabilities, and risks, as well as understanding the impact of those threats and vulnerabilities on the system. Additionally, it involves understanding how to monitor and respond to security incidents, and ensuring the implementation of appropriate countermeasures
Jump servers
Jump servers, also known as jump hosts, are systems that are used to access and manage network devices and systems remotely. In the context of the CompTIA SY0-601 Sec+ Exam, section 3.3, jump servers are used to provide secure access to network resources via a single entry point. They are used to isolate sensitive systems from direct access by external users and limit the potential for unauthorized access or malicious activities.
Kerberos
Kerberos is an authentication protocol that provides secure communication between a client and a server on a network. It uses tickets to authenticate a user's identity and grant access to resources. It is a common authentication method used in networked systems such as Windows Active Directory.
Key escrow
Key escrow is a security measure that requires encryption keys to be stored in a secure location, such as a third-party repository, so that they can be recovered in the event of a lost or forgotten encryption key. It is used to protect data while still allowing access to third parties with legitimate need, such as law enforcement. Key escrow is a key concept for the CompTIA SY0-601 Sec+ Exam.
Key management
Key management is the process of securely generating, distributing, storing, managing, and revoking cryptographic keys used for authentication, encryption, and other security operations. Key management is a critical component of any security system, and is a topic covered in the CompTIA SY0-601 Security+ exam under the section 3.2: Cryptography domain.
Knowledge-based authentication
Knowledge-based authentication is a type of authentication process which requires users to provide answers to predetermined security questions in order to verify their identity or gain access to a system. This system is used to verify the identity of a user when attempting to authenticate to a system. This type of authentication is usually used in conjunction with other authentication methods.
Layer 2 tunneling protocol (L2TP)
Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to securely extend a private network across a public network, such as the Internet. It combines the best features of its two predecessors, Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Forwarding (L2F). L2TP encapsulates data from a variety of network protocols and creates a virtual private network (VPN). It is typically used to create secure connections between remote users and
Lightweight Directory Access
Lightweight Directory Access Protocol (LDAP) is an application protocol used to access and maintain directory information services over an Internet Protocol (IP) network. LDAP is used to interact with directory services such as Active Directory (AD) to manage user accounts, access control lists (ACLs), and other security-related information. LDAP is an important security component of many enterprise networks, and is a topic covered in the CompTIA Security+ SY0-601 exam, Section
Load balancing
Load balancing is a process of distributing network traffic across multiple servers or network resources in order to maximize performance, minimize response time, and avoid overloads. In the context of the CompTIA SY0-601 Sec+ Exam, section 3.7, load balancing is an important part of network security, as it helps to protect against distributed denial of service (DDoS) attacks. Load balancing can also be used to provide redundancy and failover capabilities, ensuring that a network remains available
Lockout
Lockout is a security feature that prevents an account from being accessed after a certain number of failed login attempts. It is used to protect against brute force attacks by forcing attackers to wait before attempting to gain access again.
Loop prevention
Loop prevention in the context of the CompTIA SY0-601 Sec+ Exam Section 3.2 is the process of preventing malicious network traffic from entering a network through a series of redundant security measures such as firewalls, access control lists, packet filters, and other security protocols. Loop prevention is a key element of network security, as it helps to protect networks from various types of malicious attacks or intrusions.
MAC
MAC stands for Mandatory Access Control. It is an access control system that allows users to be assigned access privileges based on pre-defined security policies, rather than on their individual identity. It is a type of Discretionary Access Control (DAC), which is one of the three main categories of Access Control Systems.
MDM/Unified Endpoint
MDM/Unified Endpoint is a term used to refer to a system that provides comprehensive management of endpoints in an organization. This includes devices such as laptops, mobile phones, tablets, and other computers. It provides centralized control over these devices, enabling IT administrators to manage security policies, applications, and other settings. Additionally, MDM/Unified Endpoint can be used to monitor and track the usage of these endpoints, allowing IT administrators to quickly identify and address any
Manual code review
Manual code review is a process of manually examining source code for security vulnerabilities, with the goal of identifying and eliminating them. This process can involve manual inspection of the code, or automated tools to aid in the process. It is a critical component of the security assessment process, as it helps to identify potential security flaws and allows for corrective action to be taken. In the context of the CompTIA SY0-601 Sec+ exam, section 3.2, manual code review is
Measured boot
Measured boot is a security feature that verifies the integrity of the operating system when it starts up. It checks to ensure that the system has not been tampered with and is running the correct version and configuration. If any changes are detected, the system can be configured to alert the administrator or take action to prevent the system from booting.
Media access
Media access in the context of the CompTIA SY0-601 Sec+ Exam, section 3.7 refers to the control of physical access to media, such as tape, disk, or CD-ROMs, to prevent unauthorized access or tampering. It also refers to the control of logical access to media, such as setting user accounts and assigning permissions, to ensure proper access control.
MicroSD hardware
MicroSD hardware in the context of the CompTIA SY0-601 Sec+ Exam, section 3.9 is a type of removable memory storage device that is used in mobile phones, digital cameras, and other portable devices. It is smaller than a standard SD card and typically requires an adapter to be used with a computer or laptop. MicroSD cards are also referred to as "transflash" cards.
Mobile device management (MDM)
Mobile Device Management (MDM) is a system for managing and controlling mobile devices within an organization, such as smartphones and tablets. It enables administrators to manage mobile devices from a central location and enforce security policies, such as enforcing encryption, password requirements, and other security measures. MDM can also be used to monitor and track the usage of devices, as well as control access to company networks and resources.
Monitoring services
Monitoring services in the context of the CompTIA SY0-601 Sec+ Exam, section 3.3 refers to the use of security tools, such as intrusion detection systems, to monitor the network for suspicious activity and ensure that the network is secure. Monitoring services can detect malicious activity, unauthorized access, and policy violations, and can alert administrators to take appropriate action.
NFC
NFC stands for Near Field Communication and it is a technology that allows two electronic devices to communicate with each other over a short range. It is commonly used in contactless payment systems, such as Apple Pay and Google Pay. NFC is also used in access control systems, such as unlocking doors with a smartphone.
Need for segmentation
Need for Segmentation in the context of the CompTIA SY0-601 Sec+ Exam, Section 3.1 is the process of dividing a network into smaller, more manageable networks in order to better manage security, performance, and scalability. It can be accomplished using a variety of methods, such as VLANs, firewalls, and other network segmentation technologies.
Network access control (NAC)
Network Access Control (NAC) is a security technique used to regulate which devices and users can access a network. NAC can be used to restrict access to a network based on the user's identity, system health, and other criteria. NAC can also be used to detect malicious activity, enforce policies, and alert administrators to any potential threats.
Network address allocation
Network address allocation is the process of assigning IP addresses to network interfaces in order to make them accessible to other devices on the network. This is an important part of network configuration as it ensures that each device has a unique address and can communicate with other devices.
Network appliances
Network appliances are specialized hardware devices that are designed to provide a specific set of network services. Examples of network appliances include firewalls, intrusion detection/prevention systems, virtual private networks, and load balancers. Network appliances are typically deployed to supplement the network security posture of an organization.
Network location
Network location is a term used to refer to the physical location of a network device in relation to the security boundary of an organization. This can include both internal and external networks, as well as devices that are connected to a wireless network. In the context of the CompTIA SY0-601 Sec+ Exam, section 3.2, network location is an important concept to understand in order to effectively implement security controls and countermeasures.
Network segmentation
Network segmentation is a process of dividing a computer network into multiple sub-networks or segments, which are typically isolated from each other in order to enhance network security. It is a key component of an overall security strategy and can help reduce the attack surface of a network. Network segmentation involves the use of various techniques such as firewalls, virtual LANs (VLANs) and routers, to divide the network into smaller, more secure segments. This can help to limit
Network-based intrusion detection
Network-based intrusion detection (NID) is a type of Intrusion Detection System (IDS) that monitors a network for malicious activity, such as unauthorized access, data theft, or malicious code. NID systems use a combination of signature-based detection and anomaly-based detection to detect malicious activity. Signature-based detection looks for known malicious activity, while anomaly-based detection looks for abnormal or suspicious activity. NID systems can also be used to detect and prevent network-
Next-generation firewall (NGFW)
Next-generation firewalls (NGFWs) are network security devices that combine traditional firewall features with advanced security features such as application control, intrusion prevention, and URL filtering. NGFWs are designed to provide more granular control over traffic and can detect and block malicious traffic that traditional firewalls may not be able to detect. NGFWs can also be used to enforce user authentication and access control policies, as well as to monitor and analyze network traffic flows.
Next-generation secure
Next-generation secure is a term used to refer to security measures that are updated and actively monitored to ensure that the data and systems they protect remain secure. Next-generation secure solutions often include advanced encryption algorithms, advanced authentication, and access control measures, as well as enhanced monitoring and detection capabilities. These solutions are designed to be more secure and more resilient to cyber-attacks.
OAuth
OAuth is a type of authorization protocol that enables secure access to resources or services without sharing a user's login credentials. It defines a secure method for a user to grant access to their information or services to another website, application, or service without exposing their username and password. OAuth is commonly used in web and mobile applications to allow users to access their data on a third-party service, such as Twitter or Facebook.
OS
OS is an acronym for Operating System. In the context of the CompTIA SY0-601 Sec+ Exam, Section 3.1, it is the software that manages the hardware and software resources of a computer system. Operating systems provide a platform for applications to run on, as well as providing security, memory management, and other services.
Online vs. offline CA
Online Certificate Authorities (CAs) provide digital certificates for use in secure online transactions, such as e-commerce and secure email. The CA issues a certificate to a user after verifying their identity, and the CA's digital signature is used to verify the authenticity of the certificate.
Online Certificate Status
Online Certificate Status is a security process used to validate the status of a digital certificate. It is used to determine if the certificate is still valid or has been revoked. In the CompTIA SY0-601 Security+ exam, section 3.1, Online Certificate Status is referenced in the context of server authentication protocols such as TLS/SSL, which use the protocol to ensure that the server is using a valid certificate.
Opal
Opal is a type of self-encrypting drive technology that is used to protect data stored on the device. It is based on the Trusted Computing Group's specification and provides a way to secure data with powerful encryption without having to install specialized software.
Open Systems
Open Systems in the context of the CompTIA SY0-601 Sec+ Exam, section 3.3 refer to systems that use open source software and applications that are freely available and can be modified or enhanced by users. They are typically used in distributed computing environments that require collaboration between multiple users. Open systems are typically less secure than closed systems as they allow more access to the system.
Open-source vs. proprietary
Open-source: Open-source software is software that is available to the public for free and can be modified and redistributed by anyone.
OpenID
OpenID is an authentication protocol that enables users to securely log into a website using a single digital identity. It allows users to be authenticated on websites without needing to enter a username and password each time they log in. OpenID is an open standard that is used by many websites and online services to authenticate users.
Out-of-band management
Out-of-band management is a method of managing systems and devices remotely by using a different communication line than the one used for normal operations. This type of management is used to secure systems and networks and to ensure that they are not vulnerable to malicious attacks. Out-of-band management is also used to manage remote systems and devices that are not accessible through the normal network. It can be used for tasks such as firmware updates, system configuration, and system monitoring.
P12
P12 is a type of authentication protocol used to securely authenticate a user over the internet. It is also known as Protocol 12 and is based on the Transport Layer Security (TLS) protocol. P12 is widely used in secure web applications, such as those used to access banking and other financial services. It is included in the CompTIA SY0-601 Security+ exam in section 3.1 which covers authentication and authorization.
P7B
P7B is a file format used in the CompTIA SY0-601 Sec+ Exam to securely store digital certificates and associated private keys. It is a type of PKCS#12 file, which is an industry-standard file format for storing cryptographic objects, such as keys and certificates.
Password Authentication
Password authentication is a means of verifying the identity of a user by prompting the user to enter a username and password. It is one of the methods used to authenticate a user, and is used in the CompTIA SY0-601 Security+ Exam as part of section 3.3, Authentication, Authorization, and Accounting (AAA).
Password complexity
Password complexity in the context of the CompTIA SY0-601 Sec+ Exam, section 3.3 is a set of rules and guidelines for creating secure passwords that require the use of a combination of uppercase and lowercase letters, numbers, and special characters.
Password history
Password history is a security policy that requires users to change their passwords periodically and to not reuse passwords that have already been used in the past. This policy is designed to reduce the chances of an attacker being able to guess a user's password.
Password keys
Password keys are a type of authentication method used to access a system. This type of authentication uses a combination of passwords and public-key cryptography to ensure that the correct user is accessing the system. This type of authentication is used to protect the system from malicious attacks and unauthorized access.
Password reuse
Password reuse is the practice of using the same password for multiple accounts. This practice is considered to be highly insecure and puts personal and organizational data at risk.
Password vaults
Password vaults are tools used to securely store and manage passwords. They allow users to store passwords in a protected environment and access them from multiple devices. Password vaults can store passwords for multiple accounts, as well as other sensitive data such as credit card numbers and bank account information.
Passwords and PINs
Passwords and PINs, in the context of the CompTIA SY0-601 Security+ exam, are forms of authentication that are used to gain access to networks, systems, or accounts. They are typically used as a first line of defense when attempting to secure a network, system, or account. Passwords are typically composed of a combination of characters, numbers, and symbols, while PINs are typically composed of only numbers.
Patch management
Patch management is a process used to identify, test, and deploy software updates and security patches to ensure the secure operation of computer systems. In the context of the CompTIA SY0-601 Sec+ Exam, patch management is the process of ensuring that all systems, applications, and services are up-to-date with the latest security patches and updates to protect against known security threats. This includes conducting regular patch scans, deploying patches in a timely manner, and creating a patch management
Payment methods
Payment methods in the context of the CompTIA SY0-601 Sec+ Exam, section 3.7 refer to the various methods of processing payments for goods and services, such as credit cards, debit cards, checks, and electronic payment systems. Payment methods can also refer to methods of ensuring secure payments, such as encryption, tokenization, and authentication.
Personal information exchange (PFX)
Personal Information Exchange (PFX) is a file format used to store digital certificates and their associated private keys. The format is based on the Privacy Enhanced Mail (PEM) standard and is used by Microsoft Windows and other operating systems to store certificates and their associated private keys. PFX files are commonly used to store certificates for secure web servers, client authentication, code signing, and secure email.
Point-to-multipoint
Point-to-multipoint is a type of topology in which multiple nodes are connected to a single access point. This type of network is typically used in wireless networks where multiple devices need to communicate with each other. It is also commonly seen in local area networks (LANs).
Point-to-point
Point-to-point is a type of connection between two nodes, which is established by dedicated communication lines or wireless links. It is used to provide direct communication between two computers or two networks. Point-to-point connections are typically used for applications that require high throughput or low latency, such as Voice over IP (VoIP) or streaming media. They are also used in Virtual Private Networks (VPNs) and other secure networks.
Port security
Port security is a feature of a network switch that allows a system administrator to limit and control access to a network by restricting the MAC addresses that can connect to a physical port on the switch. It can also be used to shut down a port if it detects suspicious activity.
Port spanning/port mirroring
Port spanning/port mirroring is a network monitoring method used to capture and analyze network traffic. This is done by configuring a switch port to mirror or replicate all the traffic that passes through a particular port, or group of ports, to a monitoring port. This allows the network administrator to monitor network activity and troubleshoot issues without having to be physically present at the switch or at the monitored device.
Port taps
Port taps are a type of network monitoring tool used to capture and analyze data across networks. They are usually placed inline, meaning they are placed between two points, and can be used to capture data from both directions. This is useful for security professionals as it allows them to monitor traffic to and from systems and detect malicious activity.
Post Office Protocol (POP)/
Post Office Protocol (POP) is a simple protocol used to retrieve e-mail from an e-mail server. It was designed to allow a user to access their email from any computer without having to keep the emails on their computer. POP is a client-server protocol where the POP client retrieves email from the POP server. It is a connection-based protocol that allows for the retrieval of email from a central server. It supports the downloading of emails to the user's computer
Pre-shared key (PSK) vs.
Pre-shared key (PSK) is a method of authentication in which two devices use a shared, previously established secret key for authentication. This key is typically used in wireless networks to establish a secure connection between two devices.
Privacy enhanced mail (PEM)
Privacy Enhanced Mail (PEM) is an encryption standard for email messages that was developed by the Internet Engineering Task Force (IETF) to provide improved security for electronic mail. PEM uses encryption algorithms such as RSA, DES, and 3DES to encrypt and authenticate messages. It also uses digital certificates and digital signatures to ensure that messages are not tampered with during transit.
Privileged access management
Privileged access management is the process of controlling and monitoring the access of privileged users to secure systems, applications, and data. This includes controlling and monitoring user privileges, monitoring user activity, and auditing privileged user access. This process is important in order to reduce the risk of unauthorized access to secure systems and data.
Protected Extensible
Protected Extensible is a term used to refer to a type of technology architecture in which an operating system or application is designed to be extensible, but with the security of the system enforced through a set of rules and protocols. This type of architecture is important for preventing malicious actors from making changes to the system without the authorization of the user or system administrator.
Protocols
Protocols in the context of the CompTIA SY0-601 Sec+ Exam, section 3.1 refer to rules and standards that define how network communications should occur. Protocols dictate the format, timing, sequencing, and error-correction services of the data exchange between networked systems. Examples of common protocols include TCP/IP, SSL/TLS, SSH, and SFTP.
Proxy servers
Proxy servers are a type of network device that acts as a middleman between computers on a local network and the internet. They can be used to filter requests and improve security by blocking access to certain websites, as well as hiding the IP address of the user. Proxy servers can also be used to improve performance by caching frequently requested content.
Public key infrastructure (PKI)
Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and public-private key pairs. It is used to secure digital communications and transactions over untrusted networks such as the Internet, by using a combination of encryption, authentication, and digital signatures. PKI provides a secure and efficient way for organizations to securely exchange data over an insecure network.
Public and private subnets
Public subnets are subnets that are connected to the Internet and are used to host services that are available to the public. Private subnets are subnets that are not connected to the Internet and are used to host services that are not available to the public, such as internal resources. In the context of the CompTIA SY0-601 Sec+ Exam, section 3.2, public and private subnets are part of the network segmentation process, which is used to separate
Push notifications
Push notifications are notifications that are sent to a user's device using a service such as Apple Push Notification Service (APNS) or Google Cloud Messaging (GCM). These notifications can be used to alert users to important events, such as security issues, system maintenance, or new features. Push notifications can also be used to push out advertising and other marketing messages.
Quality of service (QoS)
Quality of Service (QoS) in the context of the CompTIA SY0-601 Sec+ Exam, section 3.2 refers to the ability to prioritize certain types of network traffic over others in order to ensure that mission-critical applications and services receive the necessary resources they need. QoS can help to reduce latency, increase data throughput, and improve overall network performance. QoS can be implemented in many different ways, such as using Quality of Service (QoS) standards
RADIUS
RADIUS (Remote Authentication Dial-In User Service) is an authentication protocol used to provide centralized authentication, authorization, and accounting management for network users. It is commonly used for access control and wireless access control.
RFID
RFID stands for Radio Frequency Identification, and is a type of identification system commonly used for access control. It is a technology that uses electromagnetic fields to automatically identify and track tags attached to objects. RFID tags can be used for a variety of security applications, such as tracking assets, verifying identities, and preventing counterfeiting.
Remote Authentication Dial-in
Remote Authentication Dial-in (RADIUS) is a protocol used to authenticate users connecting to a remote network, such as a virtual private network (VPN). It is used to authenticate the user's credentials with an authentication server before allowing them access to the network. RADIUS is a critical component of network security and is covered in the CompTIA SY0-601 Security+ exam under section 3.1 Authentication, Authorization, and Accounting (AAA).
Remote access
Remote access in the context of the CompTIA SY0-601 Sec+ Exam, section 3.1 is the ability for a user to access resources from a remote location using a network connection, such as the Internet. This could include accessing a corporate network from a home computer, or connecting to a cloud-based service.
Remote access vs. site-to-site
Remote access is a type of network connection that allows a user to access a network from outside the physical boundaries of the network. This type of connection is typically used by telecommuters or remote users who need to access the network from a remote location. Site-to-site is a type of network connection that allows two or more distant locations to be connected over a public or private network. This type of connection is typically used for connecting multiple offices or remote locations in order to share data
Remote wipe
Remote wipe is a security feature that allows an administrator to remotely erase data from a computing device if it is lost or stolen. This is an important feature to protect sensitive data from unauthorized access. It is also a focus of the CompTIA SY0-601 Sec+ Exam, Section 3.3 which covers mobile device security.
Replication
Replication in the context of the CompTIA SY0-601 Sec+ Exam, section 3.1, is a process of creating a copy of data from one system to another system for the purpose of backups, redundancy, or to facilitate synchronization between systems. Replication can occur locally or across networks.
Resource policies
Resource policies refer to the guidelines and standards that organizations use to regulate and control the usage of computing resources. These policies can include acceptable use guidelines, password policies, data security requirements, and other network security standards. They are important for ensuring that users are following the organization's security protocols and that resources are being used in a safe and responsible manner.
Reverse
Reverse in the context of the CompTIA SY0-601 Sec+ Exam, section 3.2 refers to the process of restoring a system or network to its pre-attack state after a malicious incident. This includes restoring data, patching systems, and implementing additional security measures.
Role-based access control
Role-based access control (RBAC) is an access control model used to restrict and control access to resources in a computer system. In the context of the CompTIA SY0-601 Sec+ Exam, it is a security mechanism used to grant users access to resources based on their role within the organization. RBAC can be used to assign different levels of access to different users, depending on their needs. RBAC can be used to enforce policy and limit user access to only
Root
Root in the context of the CompTIA SY0-601 Sec+ Exam, section 3.8 refers to the administrative user, the highest level of user with all privileges on a system.
Rooting/jailbreaking
Rooting/jailbreaking in the context of the CompTIA SY0-601 Sec+ Exam, section 3.3 is the process of obtaining privileged access to a device or system by circumventing the normal authentication and security controls. This process is used to gain root or administrative access and is often done to install malicious software or gain access to confidential information.
Route security
Route security refers to the use of access control lists (ACLs) or route maps to control the flow of network traffic. ACLs restrict which packets can enter or exit a router, and route maps are used to control which routes a router accepts or rejects. Route security is an important part of network security, as it can help to protect a network from malicious traffic.
Routing and switching
Routing and switching in the context of the CompTIA SY0-601 Sec+ Exam, Section 3.0 is a key topic of the exam. It is the process of establishing a secure connection between two or more networks. This process involves configuring routers and switches to allow for the exchange of traffic and data between networks. It is also important to configure the routers and switches to provide security against malicious attacks.
Rule-based access control
Rule-based access control is a type of access control that uses certain rules to determine who can access a system or resource and what actions they are allowed to perform. This type of access control can be applied to all users, or it can be based on specific roles or attributes. Rule-based access control is a key concept for the CompTIA SY0-601 Sec+ exam, which covers the fundamentals of information security.
SEAndroid
SEAndroid is a security mechanism used to control access to system resources by enforcing mandatory access control (MAC) policies. SEAndroid is available on most versions of the Android operating system, and is used to enable Mandatory Access Control (MAC) and Role-Based Access Control (RBAC). SEAndroid policies are enforced at runtime, and can be used to control access to system files, network services, and other system resources.
SSH keys
SSH keys are a type of public/private key pair used to authenticate users to a remote system. SSH keys provide a more secure authentication method than a password because the private key is never sent over the network. The user's public key is stored on the remote system and is used to authenticate the user. The user's private key is stored on the local system and is used to decrypt messages sent from the remote system.
SSL/TLS
SSL/TLS is a cryptographic protocol that provides secure communications over a computer network. It is used to secure communications between two endpoints, such as a web browser and a web server, as well as ensuring the authenticity of the communication. SSL/TLS is commonly used to provide secure web browsing, email, and other communications over the internet.
Salting
Salting is a process of adding random data to a user's password before it is hashed. This random data is known as a salt, and it helps to make passwords more secure by making it more difficult for attackers to crack them using rainbow tables and other brute force attacks.
Sandboxing
Sandboxing is a security technique used to isolate a program or process from the rest of the system. It limits the system resources the program or process can access, such as memory, the file system, and network access. Sandboxing is used to help prevent malicious code from being able to access the system or other programs/processes.
Scheduling
Scheduling in the context of the CompTIA SY0-601 Sec+ Exam, section 3.1 refers to the process of organizing and planning activities, tasks, and resources in order to achieve a desired outcome. This includes determining the order and timing of tasks, assigning resources to tasks, and ensuring that the overall goals and objectives are met. Scheduling can be used to manage and coordinate people, processes, and resources in order to complete projects on time and within budget.
Screen locks
Screen locks are a security measure used to protect a system from unauthorized access. Screen locks can be applied to computers and other electronic devices to prevent individuals from accessing the device without the proper credentials. In the context of the CompTIA SY0-601 Sec+ Exam, section 3.1, screen locks are one of the topics covered in the section. This section covers the security fundamentals of system access control, including authentication, authorization, and screen locks.
Screened subnet (previously
Screened subnet (previously known as screened host or Bastion host) is an architecture used to separate a network into two parts by using a single host or router as a firewall. The inner network is protected from the outer network by the firewall, which is configured to permit only authorised traffic to pass through. This type of architecture is commonly used to protect an internal network from external threats.
Secrets management
Secrets management is a security process that involves the secure storage and management of sensitive data such as account passwords, encryption keys, and other confidential information. It includes the use of encryption, secure storage of credentials, and other measures to protect the confidentiality, integrity, and availability of secrets. The goal of secrets management is to ensure that only authorized personnel have access to the confidential information.
Secure Real-time Transport
Secure Real-time Transport (SRT) is a protocol designed to provide secure, low-latency, and reliable streaming of audio and video over the internet. It is designed to be used as a transport layer for applications that require a secure connection. It is used in conjunction with other protocols, such as Secure Socket Layer (SSL) and Transport Layer Security (TLS), to provide an encrypted connection. It is covered under the CompTIA SY0-601 Sec+ Exam
SSH
Secure Shell (SSH) is a cryptographic network protocol used for secure communication over an unsecured network. It is commonly used to securely connect to a remote server to access a command line interface or to securely transfer files. SSH is a secure alternative to the telnet and FTP protocols and is an essential tool for network administrators.
Secure coding practices
Secure coding practices are the techniques, processes, and best practices that a programmer should use when writing and maintaining code in order to create secure systems. These practices help to reduce the risk of vulnerabilities in the application and minimize the attack surface. Common secure coding practices include using parameters to filter input and output, validating user input, using cryptography to protect sensitive data, avoiding hard-coded credentials, and performing code reviews.
Secure cookies
Secure cookies are a type of cookie used in web applications to securely store and transfer user authentication information. They are used to authenticate users and protect from malicious attacks like cross-site scripting (XSS) and man-in-the-middle (MITM) attacks. Secure cookies often use encryption, digital signatures, and secure hash algorithms to protect data in transit.
Secure/Multipurpose Internet
Secure/Multipurpose Internet Mail Extensions (S/MIME) is a standard protocol for encrypting and signing email messages and attachments, allowing for the secure exchange of confidential information between email users. It is used by many government and financial institutions to secure emails, and is covered in the CompTIA Security+ SY0-601 exam, in section 3.3.
Security Assertion
Security Assertion is a statement in the CompTIA SY0-601 Sec+ Exam, Section 3.2 that states that security is a process, not a product. It emphasizes the importance of monitoring, analyzing, and responding to the security risks associated with any organization. Security Assertion also identifies the need to create and maintain effective policies, procedures, and controls to support the organization's security objectives.
Security groups
Security groups are a type of access control that is used to restrict access to network resources. They define who can access a resource and what types of operations are permitted. Security groups are typically associated with users, computers, and other network resources. They can be used to apply security policies to multiple users and computers simultaneously.
Segmentation
Segmentation in the context of the CompTIA SY0-601 Sec+ Exam, Section 3.2 is the process of dividing a network into smaller, more manageable parts. Segmentation is used to improve network performance, promote security, and reduce complexity. Segmentation is typically done using firewalls, routers, and virtual LANs (VLANs).
Self-signed
Self-signed is a type of digital certificate in which the entity signing the certificate also serves as the certificate authority. A self-signed certificate does not rely on any external Certification Authority (CA) to validate the identity of the entity signing the certificate.
Service accounts
Service accounts are user accounts created for the purpose of providing access to a service or application, rather than for a user. Service accounts often have special privileges or access to certain resources. In the context of the CompTIA SY0-601 Sec+ Exam, these accounts must be monitored and tracked, and their use needs to be minimized to reduce the risk of unauthorized access.
Shared and generic
Shared and generic in the context of the CompTIA SY0-601 Sec+ Exam, section 3.7 refers to the different types of passwords used to access systems. Shared passwords are those that are used by multiple users, while generic passwords are those that are used by all users. Shared passwords are generally less secure than unique passwords, as multiple users can access the same account. Generic passwords are even less secure, as they are used by all users, allowing a single user
Sideloading
Sideloading in the context of the CompTIA SY0-601 Sec+ Exam, Section 3.5, refers to the process of transferring data from an external device, such as a USB drive, to a mobile device without using an app store.
Signature-based
Signature-based is a type of security control that is used to detect malicious activity on a network. It works by comparing network traffic against known attack patterns or "signatures." If a signature is detected, the control will take action to prevent the attack from happening. This can include blocking the malicious traffic and alerting the security administrator. Signature-based security controls are commonly used in network firewalls and intrusion detection systems (IDS).
Simple Network Management
Simple Network Management Protocol (SNMP) is a protocol used for managing and monitoring network devices on an IP network. It is used to collect data from network devices, such as routers, switches, servers, and other network-connected devices, and to configure and control these devices. SNMP is a part of the TCP/IP suite and is a standard protocol used by many network management systems.
Simultaneous Authentication
Simultaneous Authentication is a security control that requires multiple users to authenticate to a system or resource at the same time. This is used to ensure that all users have access to the same level of security and to prevent one user from gaining access to a system without the permission of another. It is a requirement of the CompTIA SY0-601 Security+ Exam, section 3.6.
Single sign-on (SSO)
Single sign-on (SSO) is a secure authentication process in which a user is able to access multiple applications or services with a single set of credentials. This process eliminates the need for multiple usernames and passwords, and is often used for corporate environments to provide centralised access control for multiple systems and applications. In the context of the CompTIA SY0-601 Sec+ Exam, section 3.3, SSO is used to reduce the complexity of authentication and reduce
Smart cards
Smart cards are physical security tokens that feature an embedded integrated circuit chip (ICC) that can securely store data, process commands, and store cryptographic keys. This data can include user-specific authentication information or other sensitive data. Smart cards are often used to protect access to physical resources, as well as to authenticate the user to a network or other IT system.
Split tunnel vs. full tunnel
Split tunnel: A split tunnel is a type of VPN that allows remote users to connect to the corporate network while simultaneously routing all other traffic to the public internet.
Stapling
Stapling in the context of the CompTIA SY0-601 Sec+ Exam, section 3.2 refers to the process of combining two or more documents in order to ensure that the documents are kept together. Stapling is a physical security measure used to prevent tampering with documents.
Stateful
Stateful refers to an inspection of traffic that keeps track of the state of a network connection. It uses a state table to determine which traffic to allow or block, and it is a more secure method than using static port filtering.
Stateless
Stateless is a type of network packet communication where each packet of data is treated independently of any other packet. This means that each packet is not required to maintain any connection with any other packets, and therefore does not need to remember any state or context from previous packets. Stateless communication is used in some applications, such as web servers, that need to handle large amounts of data quickly and without the need to maintain state.
Static code analysis
Static code analysis is a process where code is scanned and analyzed for potential security vulnerabilities without executing the code. It is used to identify malicious code, weaknesses, and potential vulnerabilities in software. This is a key concept covered in the CompTIA SY0-601 Sec+ Exam, Section 3.3.
Storage
Storage in the context of the CompTIA SY0-601 Sec+ Exam, section 3.4 refers to the physical or virtual medium on which data is stored. This includes hard disk drives, solid-state drives, tape drives, cloud storage, and more. Storage devices and media should be properly protected to ensure the confidentiality, integrity, and availability of data.
Storage segmentation
Storage segmentation is the process of segregating data storage areas within an organization to protect the confidentiality, integrity, and availability of the data. This is done by creating logical or physical storage containers with different levels of security, such as access control lists, to ensure that the data is only accessible by authorized personnel. This process is also known as data compartmentalization.
Subject alternative name
Subject Alternative Name (SAN) is a computer security term used to describe an extension to the X.509 certificate that allows users to specify additional host names for a single SSL Certificate. It is commonly used for multi-domain SSL Certificates, allowing users to secure multiple websites using a single certificate. For the CompTIA SY0-601 Sec+ Exam, Section 3.6 specifically covers the use of Subject Alternative Names (SANs) for certificates, including how to generate certificates
Subscription services
Subscription services refer to the various services offered through an organization's subscription-based software, such as software-as-a-service (SaaS), infrastructure-as-a-service (IaaS), and platform-as-a-service (PaaS). These services are provided on a pay-as-you-go model, meaning that users are charged a monthly or annual fee for access to the services. In the context of the CompT
TPM
TPM stands for Trusted Platform Module. It is a hardware-based security feature that stores cryptographic keys and user passwords in an isolated, tamper-resistant chip. It is used to authenticate and secure a computer system, as well as protect data from unauthorized access.
Terminal Access Controller
Terminal Access Controller (TACACS) is a type of authentication protocol used for remote access to network devices. It is an important security feature as it requires users to authenticate before gaining access to a network device. The CompTIA SY0-601 Sec+ Exam, section 3.2 focuses on understanding TACACS and its use in network security.
Tethering
Tethering is a technology that allows a user to access the internet via their smartphone or other mobile device and share the device's data connection with other devices. It is typically used to provide internet access to laptops, tablets, and other mobile devices. Tethering is often used to access the internet when there is no other available connection.
Authentication header (AH)/
The Authentication Header (AH) is an IP security protocol that provides authentication and integrity for IP packet headers and data. It is part of the IPsec suite of protocols that provide communication security over IP networks. The AH protocol uses cryptographic techniques to provide authentication and integrity assurance for IP packets. It uses a combination of hashing algorithms, message authentication codes (MACs), and encryption to ensure that a packet has not been modified or corrupted during transmission.
Domain Name System
The Domain Name System (DNS) is a hierarchical, distributed database system used to provide a mapping between domain names and Internet Protocol (IP) addresses. It is used to locate computers, resources, and services on the Internet. DNS allows users to type a domain name, such as www.example.com, into their web browser instead of typing an IP address, such as 192.168.1.1. DNS is an important component of the internet infrastructure, and is covered
SMS/Multimedia Messaging Service
The SMS/Multimedia Messaging Service (MMS) is a messaging service that allows users to send multimedia messages, such as audio, video, and images, as well as text messages, over a mobile phone network. It is used to increase the amount of data that can be sent over a network, as well as to send multimedia messages.
SSH File Transfer Protocol (SFTP)
The SSH File Transfer Protocol (SFTP) is a secure file transfer protocol used to remotely manage files over a secure shell (SSH) connection. It is an extension of the Secure Shell (SSH) protocol, which provides a secure, encrypted communication channel between two computers. SFTP provides an additional layer of security for transferring files over a network, as all data is encrypted before it is sent over the secure shell connection. The SFTP protocol is used to transfer files between two
Hardware root of trust
The hardware root of trust is a security measure that is used to establish the integrity of a computer system. It is designed to provide assurance that the system is free from tampering before the operating system is loaded and can be used to verify that all components of the system are authentic and have not been modified. This is especially important for systems that contain sensitive data or are used in critical applications.
Third-party application stores
Third-party application stores refer to online stores where users can download applications to their mobile devices, such as the Apple App Store or Google Play. These stores may contain malicious applications, so users should always be sure to verify the source and read reviews before downloading an application.
Third-party updates
Third-party updates refer to the process of applying updates and patches from software or hardware vendors that are not the primary system producer. This includes updates from providers such as Adobe, Google, Microsoft, and Apple. These types of updates are important for maintaining the security of the system and should be monitored and applied regularly.
Time synchronization
Time synchronization in the context of the CompTIA SY0-601 Sec+ Exam is the process of ensuring that two or more computers or networks have the same time settings. It is important for security reasons as it is used to ensure that authentication and logging activities are recorded with the correct time and date. Time synchronization usually relies on the Network Time Protocol (NTP) to ensure accuracy. NTP is used to keep all the computers on a network within the same time zone, allowing
Time-based logins
Time-based logins are a type of authentication that requires users to authenticate themselves to a system at certain intervals. This ensures that users are regularly authenticating themselves and that their access to the system is up to date. This type of authentication is commonly used in areas with high security requirements, such as military, government, and financial applications.
Tokenization
Tokenization is a security control that replaces sensitive data with non-sensitive representations of the data, known as tokens. This process helps protect sensitive data by removing its original form, allowing organizations to store, process, and transmit it securely. Tokenization is a critical element of data security and is covered in the CompTIA SY0-601 Security+ Exam, section 3.1.
Trusted Platform Module (TPM)
Trusted Platform Module (TPM) is a security hardware device that is used to store encryption keys, passwords, and digital certificates. It is designed to provide additional security by adding an extra layer of protection against unauthorized access. It is commonly used to protect data stored on a computer and to secure communications between systems. On the CompTIA SY0-601 Security+ Exam, it is important to understand the purpose of TPM.
Tunnel/transport
Tunnel/transport is a type of network security that establishes a secure communication channel between two endpoints. This secure channel is known as a tunnel and is typically used to protect data in transit between two different networks. Tunneling protocols such as IPsec, SSL/TLS, and SSH can be used to encrypt and protect data traveling over the tunnel.
Types of certificates
Types of certificates in the context of the CompTIA SY0-601 Sec+ Exam, section 3.4 include:
USB On-The-Go (USB OTG)
USB On-The-Go (USB OTG) is a feature of USB that enables two USB devices to connect and exchange data without the need for a separate host computer. This feature was added to USB in order to allow mobile devices to connect directly to other devices and exchange data without the need for a host computer.
Unified threat management (UTM)
Unified threat management (UTM) is a security solution that combines multiple security components, such as antivirus, firewall, intrusion detection and prevention, and web content filtering, into a single appliance or software package. UTM solutions are used to provide a unified approach to protecting networks from a variety of threats, such as malware, viruses, and other malicious software. UTM is discussed in the CompTIA SY0-601 Security+ Exam in Section 3.4, which covers
USB
Universal Serial Bus (USB) is a type of connection used to transfer data between computers and other devices. It is a popular and widely used method of connecting peripheral devices such as printers, scanners, and external drives. USB is a hot-swappable technology, meaning a device can be connected or disconnected without powering down the system.
Use cases
Use cases in the context of the CompTIA SY0-601 Sec+ Exam, section 3.6 refer to the different scenarios that an organization may face and the security protocols that should be utilized in order to protect the organization's data and systems. The use cases are used to help identify risks and develop appropriate security controls. Examples of use cases may include the use of access control lists, the implementation of data encryption, or the enforcement of authentication and authorization policies.
User account
User accounts are user identities (often associated with a username and password) within a computer system that allow individuals to access and use the resources of the system. User accounts are often created during the system setup process and are used to authenticate users prior to granting them access to the system.
User
User in the context of the CompTIA SY0-601 Sec+ Exam, section 3.3 refers to a person or entity that uses a computer, network, or system. This includes accounts, individuals, and groups.
Virtual private
Virtual Private is a type of network security that is used to create secure tunnels for data transmission, which are encrypted and do not allow access from outside of the network. This type of security is used to protect the integrity and confidentiality of data sent over public networks.
Virtual desktop infrastructure (VDI)
Virtual desktop infrastructure (VDI) is a technology that uses virtual machines to deploy a desktop environment to users from a central server. It is a secure, cost-effective, and efficient way of providing desktops to users, as the desktop environment is centralized and managed from a single location. VDI is used to provide users with a consistent experience across multiple devices, which can increase productivity and reduce costs.
Virtual networks
Virtual networks are private networks that exist on top of physical networks. They are used to create isolated, secure environments, usually for specific applications or use cases. Virtual networks are usually implemented using virtualization technologies such as virtual LANs (VLANs), virtual private networks (VPNs), and virtual switches. They provide the ability to allow secure communications between different networks while isolating traffic and keeping it secure.
Voice and video
Voice and video in the context of the CompTIA SY0-601 Sec+ Exam, section 3.1 are technologies used to facilitate secure communication over a network. These technologies can include VoIP (Voice over IP), Video Conferencing, Voice Authentication, and Voice Encryption. The objective of these technologies is to provide secure communication over a network while preserving the privacy of the users.
Web application firewall (WAF)
Web application firewalls (WAFs) are security tools used to protect web applications from malicious traffic or attacks. They can be used to detect and block malicious requests, such as cross-site scripting (XSS) and SQL injection attacks. WAFs are typically deployed between the web application and its users to inspect incoming traffic and filter out malicious requests.
WiFi
WiFi (Wireless Fidelity) is a wireless networking technology that uses radio frequency (RF) waves to provide high-speed internet access and network connections over a wide area. It is used in homes, businesses, and public spaces to provide wireless access to the internet. On the CompTIA SY0-601 Security+ Exam, Section 3.7 covers wireless technologies, including WiFi, and the security methods used to protect them.
WiFi analyzers
WiFi Analyzers are software tools that allow network administrators to monitor, analyze, and troubleshoot wireless networks. They provide in-depth information about the performance, health, and security of both the wireless network and connected devices. With WiFi Analyzers, administrators can identify and resolve network issues quickly, ensuring the highest levels of network availability and performance.
WiFi direct/ad hoc
WiFi Direct/Ad Hoc is a type of wireless network connection in which two or more devices connect directly to each other without the need for a wireless access point. This type of connection is typically used for peer-to-peer communication, where devices can share files and data, as well as stream audio and video.
WiFi Protected Access 2 (WPA2)
WiFi Protected Access 2 (WPA2) is a security protocol used to secure wireless networks. It is based on the IEEE 802.11i standard and provides strong encryption and authentication to protect data from unauthorized access. WPA2 is the most secure of the Wi-Fi protocols and is required by most organizations for wireless networks.
WiFi Protected Access 3 (WPA3)
WiFi Protected Access 3 (WPA3) is a security protocol that improves the security of Wi-Fi networks by providing stronger encryption, improved authentication, and better protection against brute-force attacks. It is the latest version of the WiFi Protected Access (WPA) security protocol and is a requirement for the CompTIA Security+ exam, section 3.8.
WiFi Protected Setup (WPS)
WiFi Protected Setup (WPS) is a technology that simplifies the process of setting up a wireless network. It allows users to easily connect wireless devices without entering lengthy passwords or manually entering settings. WPS is used in the CompTIA Security+ exam to refer to a feature of wireless routers that can be used to quickly and securely connect wireless clients to a network.
Zero Trust
Zero Trust is a security concept that assumes that no entity on a network can be trusted, and that all requests for access must be verified and authenticated. This approach requires that all users, devices, and services must be authenticated and authorized before they are granted access to a network. It is an important element of modern security architectures.