CompTIA Cyber Security Analyst (CS0-003) glossary
Terms selected for CompTIA Cyber Security Analyst (CS0-003) based on common objective language and practice focus.
Incident Response
Incident response is the process of identifying, managing, and mitigating security incidents to minimize their impact on an organization.
Read full term ->Metrics
Quantitative measurements used to monitor system behavior and performance.
Read full term ->Observability
Ability to understand system state using telemetry such as logs, metrics, and traces.
Read full term ->Encryption
The process of converting information or data into a code to prevent unauthorized access.
Read full term ->Syslog
Syslog is a standard protocol used to send system log or event messages to a centralized server for monitoring and analysis.
Read full term ->Attack Surface
Total set of entry points where attackers can attempt to compromise systems.
Read full term ->Baselining
Establishing normal system or network behavior as a reference for anomaly detection.
Read full term ->Business Email Compromise (BEC)
Social engineering fraud where attackers impersonate trusted parties via email.
Read full term ->Containment
Incident response phase focused on limiting attacker movement and damage.
Read full term ->Correlation Rule
SIEM logic that links multiple events to detect suspicious activity patterns.
Read full term ->CVSS
Common Vulnerability Scoring System used to rate vulnerability severity.
Read full term ->Eradication
Incident response phase where malicious artifacts and persistence are removed.
Read full term ->Chain of Custody
Documented timeline showing evidence handling from collection to analysis.
Read full term ->Forensic Imaging
Bit-level copy of storage media used for digital investigations.
Read full term ->Indicator of Compromise (IOC)
Forensic artifact suggesting a system may be compromised.
Read full term ->Security KPI
Key performance indicator measuring effectiveness of security operations.
Read full term ->MITRE ATT&CK
A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
Read full term ->OWASP Testing Guide
Methodology guidance for testing web applications for security weaknesses.
Read full term ->Playbook
Documented response procedure for specific incident types.
Read full term ->Risk Treatment
Decision process to mitigate, transfer, avoid, or accept identified risks.
Read full term ->SIEM
Security Information and Event Management platform for log aggregation and correlation.
Read full term ->Threat Actors
Individuals or groups that pose a threat to cybersecurity, often motivated by financial gain, espionage, or disruption.
Read full term ->Threat Hunting
Proactive search for hidden threats that bypassed automated detection.
Read full term ->Threat Intelligence
Contextual information about threats used to improve detection and decision-making.
Read full term ->Threat Modeling
Threat modeling is a process used to identify, communicate, and understand threats and mitigations within the context of protecting something of value.
Read full term ->Triage
Initial analysis and prioritization of alerts or incidents.
Read full term ->TTP
Tactics, techniques, and procedures associated with adversary behavior.
Read full term ->Vulnerability Scanning
Automated process of probing systems for known security weaknesses and misconfigurations to prioritize remediation efforts.
Read full term ->Agent vs. Agentless
Agent-based scanning uses installed software on devices to detect vulnerabilities, while agentless scanning operates without installing software on target systems.
Read full term ->Anomaly Detection
Technique used to identify values or behaviors that deviate from normal patterns.
Read full term ->Asset Discovery
The process of identifying and cataloging all devices, systems, and applications within an organization's network.
Read full term ->Behavioral Analytics
Detection approach that identifies suspicious behavior patterns rather than static signatures.
Read full term ->Business Continuity
Business continuity involves planning and implementing strategies to ensure critical business functions continue during and after a disaster.
Read full term ->Cloud Infrastructure Assessments
Evaluations of cloud environments to identify security weaknesses and ensure compliance with security policies.
Read full term ->Compensating Controls
Alternative security measures that are implemented when the primary control is not feasible or effective.
Read full term ->Compliance Reports
Documents that demonstrate an organization's adherence to regulatory and industry standards for security and privacy.
Read full term ->Confidence Level
Analyst estimate of reliability and certainty for intelligence or findings.
Read full term ->Configuration Management
Configuration management is the process of maintaining consistent settings and configurations across AWS resources.
Read full term ->Credentialed vs. Non-Credentialed
Credentialed scanning uses login credentials to access systems and provide detailed vulnerability information, whereas non-credentialed scanning does not.
Read full term ->Critical Infrastructure Scanning
The process of assessing the vulnerabilities in essential systems and assets that are vital to national security, economy, and public health.
Read full term ->Cyber Kill Chain
A framework developed by Lockheed Martin that outlines the stages of a cyber attack from reconnaissance to exfiltration.
Read full term ->Data Exfiltration
The unauthorized transfer of data from a computer or network, often conducted by malicious insiders or external attackers.
Read full term ->Diamond Model
A framework for understanding and analyzing cyber threats, focusing on adversary, infrastructure, capability, and victim.
Read full term ->Disaster Recovery
Disaster recovery is the process of restoring systems and data after a catastrophic event to resume normal operations.
Read full term ->Dwell Time
Duration attackers remain undetected in an environment after compromise.
Read full term ->Email Analysis
The process of examining email content and metadata to detect phishing attempts, malware, or other security threats.
Read full term ->Exposure Window
Time period during which a system remains vulnerable before mitigation.
Read full term ->Forensic Analysis
The process of collecting, preserving, and analyzing digital evidence to understand and respond to cybersecurity incidents.
Read full term ->Forensic Timeline
Chronological reconstruction of security-relevant events during an investigation.
Read full term ->Risk Heat Map
Visualization that maps risk likelihood and impact for prioritization.
Read full term ->Hunting Techniques
Proactive methods used by security analysts to search for indicators of compromise and potential threats within a network.
Read full term ->Identity and Access Management (IAM)
A framework of policies and technologies for ensuring that the right individuals have the appropriate access to technology resources.
Read full term ->Incident Declaration
Formal decision that an event meets criteria to be handled as an incident.
Read full term ->Incident Response Plan
A set of instructions to help IT staff detect, respond to, and recover from network security incidents.
Read full term ->Incident Severity
Classification level indicating impact and urgency of incident response actions.
Read full term ->Indicator of Attack (IOA)
Behavioral signal indicating malicious activity in progress.
Read full term ->Integrating Tools
The process of combining multiple security tools and platforms to work together seamlessly, enhancing overall security posture.
Read full term ->Internal vs. External Scanning
Internal scanning assesses vulnerabilities within the network perimeter, while external scanning evaluates the organization's external attack surface.
Read full term ->Log Ingestion
Collection and onboarding of log data into monitoring platforms.
Read full term ->Maintenance Windows
Scheduled periods during which regular maintenance tasks, such as updates and patches, are performed on systems and networks.
Read full term ->Mean Time to Detect (MTTD)
Average time between incident occurrence and detection.
Read full term ->Mean Time to Respond (MTTR)
Average time required to respond to and contain incidents.
Read full term ->Mitigation Controls
Security measures implemented to reduce the risk and impact of vulnerabilities and threats.
Read full term ->Network Anomalies
Unusual patterns or deviations in network traffic that may indicate malicious activity.
Read full term ->Network Scanning
The process of identifying active devices on a network and assessing their security posture.
Read full term ->OSSTMM
Open Source Security Testing Methodology Manual framework for security testing.
Read full term ->Passive vs. Active Scanning
Passive scanning monitors network traffic without sending packets, while active scanning involves sending packets to discover devices and vulnerabilities.
Read full term ->Pattern Recognition
The automated identification of patterns and regularities in data, often used in detecting anomalies or malicious activities.
Read full term ->Post-Incident Review
Structured analysis after incident closure to capture lessons learned.
Read full term ->Root Cause Analysis
Systematic investigation to identify the fundamental reason for a security incident or failure.
Read full term ->Sandbox Analysis
Controlled execution of suspicious files to observe behavior safely.
Read full term ->Secure Software Development Life Cycle (SDLC)
A process that integrates security practices into each phase of software development to produce secure applications.
Read full term ->Sensitive Data Protection
Sensitive Data Protection involves discovering, classifying, and protecting sensitive data in Google Cloud using tools like DLP and encryption.
Read full term ->Single Pane of Glass
A unified interface that provides a comprehensive view of an organization's security posture, consolidating data from multiple sources.
Read full term ->SOC
Security Operations Center responsible for continuous monitoring and response.
Read full term ->Social Engineering Threats
Manipulative tactics used by attackers to trick individuals into divulging confidential information or performing actions that compromise security.
Read full term ->Stakeholder Communication
The process of informing and engaging stakeholders about security incidents, vulnerabilities, and remediation efforts.
Read full term ->Standardizing Processes
The act of establishing consistent procedures and practices to improve efficiency and effectiveness in security operations.
Read full term ->Static vs. Dynamic Scanning
Static scanning analyzes code or configurations without execution, while dynamic scanning tests applications during runtime to find vulnerabilities.
Read full term ->System and Network Architecture
The design and structure of a system's components and their interconnections, including hardware, software, and network resources.
Read full term ->Tabletop Exercises
Simulated scenarios used to test and improve the effectiveness of incident response plans and team readiness.
Read full term ->Threat Intelligence Sharing
The exchange of threat-related information between organizations to improve collective defense against cyber threats.
Read full term ->Unauthorized Software
Software installed on a system without the knowledge or consent of the system owner or administrator.
Read full term ->SIEM Use Case
Specific detection scenario implemented through data sources and correlation logic.
Read full term ->VirusTotal
An online service that analyzes files and URLs for viruses, worms, trojans, and other kinds of malicious content.
Read full term ->Vulnerability Prioritization
Ranking vulnerabilities by risk, exploitability, exposure, and business impact.
Read full term ->Web Application Scanners
Tools designed to identify security vulnerabilities in web applications by simulating attacks and analyzing responses.
Read full term ->Wireshark
A network protocol analyzer that captures and displays data packets for network troubleshooting and analysis.
Read full term ->YARA
YARA is a tool used to identify and classify malware samples by creating descriptions of malware families based on textual or binary patterns.
Read full term ->