CompTIA Security+ (SY0-701) glossary
Terms selected for CompTIA Security+ (SY0-701) based on common objective language and practice focus.
Least Privilege
Grant only the minimum permissions needed to perform a task.
Read full term ->AES
Advanced Encryption Standard used to protect data confidentiality.
Read full term ->Anti-malware
Security software designed to detect, block, and remove malicious code.
Read full term ->Authentication
Process of verifying a user or system identity.
Read full term ->Authorization
Process of granting permissions after identity is authenticated.
Read full term ->Brute-force Attack
Attack method that repeatedly attempts many credential combinations.
Read full term ->Data Encryption
Converting readable data into protected ciphertext using cryptographic methods.
Read full term ->EDR
Endpoint Detection and Response platform for endpoint telemetry and threat response.
Read full term ->Host Firewall
Software firewall running on an endpoint to filter inbound and outbound traffic.
Read full term ->Incident Response
Structured process for detection, containment, eradication, recovery, and lessons learned.
Read full term ->MFA
Multi-factor authentication requiring two or more verification factors.
Read full term ->Patch Management
Process of testing, deploying, and verifying updates to fix vulnerabilities and bugs.
Read full term ->Phishing
Social engineering attack that tricks users into revealing credentials or running malware.
Read full term ->Principle of Least Functionality
Security approach that disables unnecessary services, ports, and software.
Read full term ->Ransomware
Malware that encrypts data and demands payment for decryption.
Read full term ->Social Engineering
Manipulation techniques that exploit human behavior to bypass controls.
Read full term ->Single Sign-On (SSO)
Authentication model allowing users to access multiple services with one login session.
Read full term ->IAM
Identity and access management framework for controlling who can access what.
Read full term ->Shared Responsibility Model
Cloud security model dividing protection duties between provider and customer.
Read full term ->CASB
Cloud Access Security Broker that enforces security policy for cloud service use.
Read full term ->Supply Chain Risk
Security risk introduced through vendors, software components, or service providers.
Read full term ->iptables
Legacy Linux packet filtering framework for firewall rule management.
Read full term ->PAM
Pluggable Authentication Modules framework for Linux authentication policy.
Read full term ->SELinux
Mandatory access control framework enforcing security policy labels on Linux.
Read full term ->Content Filtering
Policy-based control that blocks or allows traffic based on content categories or rules.
Read full term ->DNS Poisoning
Attack where DNS records are altered to redirect users to malicious destinations.
Read full term ->HTTPS
HTTP secured by TLS to protect web traffic confidentiality and integrity.
Read full term ->IDS
Intrusion Detection System that monitors traffic and alerts on suspicious behavior.
Read full term ->IPS
Intrusion Prevention System that can actively block malicious traffic.
Read full term ->LDAP
Directory access protocol used for querying and managing identity directory services.
Read full term ->Honeypot
Decoy system designed to attract and study attacker behavior.
Read full term ->NAC
Network Access Control enforcing endpoint posture and admission policies.
Read full term ->TACACS+
AAA protocol commonly used for administrative access to network devices.
Read full term ->Accounting (AAA)
Security logging component of AAA that tracks user actions and resource use.
Read full term ->Access Control Models
Frameworks such as RBAC, ABAC, and DAC that define how permissions are granted.
Read full term ->Attestation
Formal declaration that controls or processes meet stated security requirements.
Read full term ->Baselining
Establishing normal system or network behavior as a reference for anomaly detection.
Read full term ->Business Impact Analysis (BIA)
Process that identifies critical business functions and the impact of disruptions.
Read full term ->Certificate Authority (CA)
Trusted entity that issues and signs digital certificates.
Read full term ->CIA Triad
Foundational model representing confidentiality, integrity, and availability.
Read full term ->Compensating Control
Alternative security measure used when a primary control is not feasible.
Read full term ->Credential Stuffing
Attack that reuses leaked username-password pairs across multiple services.
Read full term ->Cross-Site Scripting (XSS)
Web vulnerability where malicious scripts execute in user browsers.
Read full term ->Cross-Site Request Forgery (CSRF)
Attack that tricks authenticated users into performing unintended actions.
Read full term ->Data Loss Prevention (DLP)
Controls that monitor and prevent unauthorized data exfiltration.
Read full term ->Deception Technology
Security approach using decoys and traps to detect attacker activity.
Read full term ->Deterrent Control
Control intended to discourage malicious behavior before it occurs.
Read full term ->Digital Signature
Cryptographic proof of message origin and integrity.
Read full term ->Chain of Custody
Documented timeline showing evidence handling from collection to analysis.
Read full term ->Forensic Imaging
Bit-level copy of storage media used for digital investigations.
Read full term ->Geofencing
Policy control that restricts access based on geographic location.
Read full term ->Hashing
One-way transformation of input data into fixed-length digest values.
Read full term ->Least Common Mechanism
Security principle minimizing shared resources between subjects.
Read full term ->MITRE ATT&CK
Knowledge base mapping adversary tactics, techniques, and procedures.
Read full term ->Non-repudiation
Assurance that a user cannot deny performing a specific action.
Read full term ->Pass-the-Hash
Attack technique using captured password hash values to authenticate.
Read full term ->PKI
Public Key Infrastructure for issuing, managing, and validating certificates.
Read full term ->Risk Register
Documented inventory of identified risks, owners, and treatment plans.
Read full term ->Salting
Adding random data to passwords before hashing to resist rainbow table attacks.
Read full term ->SIEM
Security Information and Event Management platform for log aggregation and correlation.
Read full term ->Security Awareness Training
Program educating users on threats, safe behavior, and reporting procedures.
Read full term ->Federated Identity
Trust model where one identity provider authenticates users across separate systems.
Read full term ->SAML
Security Assertion Markup Language standard used for exchanging authentication and authorization data.
Read full term ->SQL Injection
Injection attack where malicious SQL statements manipulate backend databases.
Read full term ->Threat Hunting
Proactive search for hidden threats that bypassed automated detection.
Read full term ->Tokenization
Replacing sensitive data with non-sensitive tokens while retaining usability.
Read full term ->Vulnerability Scanning
Automated assessment process that identifies known weaknesses in systems and software.
Read full term ->WAF
Web Application Firewall that inspects and filters HTTP traffic to protect web apps.
Read full term ->XDR
Extended Detection and Response platform that correlates telemetry across multiple security layers.
Read full term ->Zero Trust
Security model that continuously verifies users and devices rather than assuming trusted networks.
Read full term ->Attack Surface
Total set of entry points where attackers can attempt to compromise systems.
Read full term ->Business Email Compromise (BEC)
Social engineering fraud where attackers impersonate trusted parties via email.
Read full term ->Containment
Incident response phase focused on limiting attacker movement and damage.
Read full term ->Correlation Rule
SIEM logic that links multiple events to detect suspicious activity patterns.
Read full term ->CVSS
Common Vulnerability Scoring System used to rate vulnerability severity.
Read full term ->Eradication
Incident response phase where malicious artifacts and persistence are removed.
Read full term ->Indicator of Compromise (IOC)
Forensic artifact suggesting a system may be compromised.
Read full term ->Security KPI
Key performance indicator measuring effectiveness of security operations.
Read full term ->OWASP Testing Guide
Methodology guidance for testing web applications for security weaknesses.
Read full term ->Playbook
Documented response procedure for specific incident types.
Read full term ->Risk Treatment
Decision process to mitigate, transfer, avoid, or accept identified risks.
Read full term ->Threat Intelligence
Contextual information about threats used to improve detection and decision-making.
Read full term ->Threat Modeling
Process of identifying threats and prioritizing controls during design and operations.
Read full term ->Triage
Initial analysis and prioritization of alerts or incidents.
Read full term ->TTP
Tactics, techniques, and procedures associated with adversary behavior.
Read full term ->