CompTIA Security+ (SY0-701) glossary
Terms selected for CompTIA Security+ (SY0-701) based on common objective language and practice focus.
AES
Advanced Encryption Standard used to protect data confidentiality.
Read full term ->Anti-malware
Security software designed to detect, block, and remove malicious code.
Read full term ->Authentication
Process of verifying a user or system identity.
Read full term ->Authorization
Process of granting permissions after identity is authenticated.
Read full term ->Brute-force Attack
Attack method that repeatedly attempts many credential combinations.
Read full term ->Change Management
A systematic approach to dealing with the transition or transformation of an organization's goals, processes, or technologies.
Read full term ->Data Encryption
Data encryption involves converting data into a coded format to prevent unauthorized access and ensure confidentiality.
Read full term ->EDR
Endpoint Detection and Response platform for endpoint telemetry and threat response.
Read full term ->Host Firewall
Software firewall running on an endpoint to filter inbound and outbound traffic.
Read full term ->Incident Response
Incident response is the process of identifying, managing, and mitigating security incidents to minimize their impact on an organization.
Read full term ->Least Privilege
A security principle that restricts user access rights to the minimum necessary to perform their job functions.
Read full term ->Multi-Factor Authentication (MFA)
MFA is a security process that requires users to provide multiple forms of identification before granting access to resources.
Read full term ->Patch Management
Patch management is the process of acquiring, testing, and installing patches to update software and fix vulnerabilities.
Read full term ->Phishing
A cyber attack method where attackers impersonate legitimate entities to trick individuals into providing sensitive information.
Read full term ->Principle of Least Functionality
Security approach that disables unnecessary services, ports, and software.
Read full term ->Ransomware
A type of malicious software that encrypts a victim's data and demands payment for the decryption key.
Read full term ->Single Sign-On (SSO)
Authentication model allowing users to access multiple services with one login session.
Read full term ->Social Engineering
Manipulation techniques that exploit human psychology to trick individuals into revealing sensitive information or performing insecure actions.
Read full term ->Cloud Access Security Broker (CASB)
A CASB is a security policy enforcement point positioned between cloud service consumers and providers to apply enterprise security policies as cloud-based resources are accessed.
Read full term ->IAM
IAM (Identity and Access Management) is a framework of policies and technologies for ensuring that the right individuals have access to the right resources on Google Cloud.
Read full term ->Shared Responsibility Model
The shared responsibility model outlines the division of responsibilities between cloud providers and customers, where providers manage the infrastructure and customers manage their data and applications.
Read full term ->Supply Chain Risk
Security risk introduced through vendors, software components, or service providers.
Read full term ->Vulnerability Management
Continuous process of identifying, evaluating, prioritizing, and remediating security weaknesses in systems and software.
Read full term ->Encryption
The process of converting information or data into a code to prevent unauthorized access.
Read full term ->iptables
Legacy Linux packet filtering framework for firewall rule management.
Read full term ->LDAP
Directory access protocol used for querying and managing identity directory services.
Read full term ->PAM
Pluggable Authentication Modules framework for Linux authentication policy.
Read full term ->SELinux
Mandatory access control framework enforcing security policy labels on Linux.
Read full term ->CIA Triad
The CIA Triad is a model designed to guide policies for information security within an organization, focusing on confidentiality, integrity, and availability.
Read full term ->Content Filtering
Policy-based control that blocks or allows traffic based on content categories or rules.
Read full term ->DNS Poisoning
Attack where DNS records are altered to redirect users to malicious destinations.
Read full term ->Geofencing
Policy control that restricts access based on geographic location.
Read full term ->Honeypot
Decoy system designed to attract and study attacker behavior.
Read full term ->HTTPS
HTTP secured by TLS to protect web traffic confidentiality and integrity.
Read full term ->IDS
Intrusion Detection System that monitors traffic and alerts on suspicious behavior.
Read full term ->IPS
Intrusion Prevention System that can actively block malicious traffic.
Read full term ->NAC
Network Access Control evaluates device posture and identity before granting network access.
Read full term ->PKI
Public Key Infrastructure for issuing, managing, and validating certificates.
Read full term ->TACACS+
AAA protocol commonly used for administrative access to network devices.
Read full term ->AAA Concepts
AAA stands for Authentication, Authorization, and Accounting, which are the core components of network security.
Read full term ->Access Control Models
Frameworks that define how access to resources is granted including discretionary (DAC), mandatory (MAC), and role-based (RBAC) models.
Read full term ->Accounting (AAA)
Security logging component of AAA that tracks user actions and resource use.
Read full term ->Alerting and Monitoring
Alerting and monitoring involve observing systems for security events and generating alerts when suspicious activity is detected.
Read full term ->Architecture Models
Architecture models define the structure of IT systems, including on-premises, cloud, and IoT environments.
Read full term ->Asset Management
Asset management involves tracking and managing an organization's IT assets throughout their lifecycle.
Read full term ->Attack Surface
Total set of entry points where attackers can attempt to compromise systems.
Read full term ->Attack Surfaces
An attack surface is the total sum of the vulnerabilities in a system that are accessible to an attacker.
Read full term ->Attestation
Formal declaration that controls or processes meet stated security requirements.
Read full term ->Audits and Assessments
Audits and assessments are evaluations conducted to ensure that security controls are effective and compliant with policies and regulations.
Read full term ->Automation and Orchestration
Automation and orchestration involve using technology to perform tasks with minimal human intervention, improving efficiency and consistency.
Read full term ->Baselining
Establishing normal system or network behavior as a reference for anomaly detection.
Read full term ->Blockchain
Blockchain is a distributed ledger technology that records transactions across many computers in a way that ensures the data cannot be altered retroactively.
Read full term ->Business Email Compromise (BEC)
Social engineering fraud where attackers impersonate trusted parties via email.
Read full term ->Business Impact
Business impact refers to the effect that a security incident or change can have on an organization's operations and objectives.
Read full term ->Business Impact Analysis (BIA)
Process that identifies critical business functions and the impact of disruptions.
Read full term ->Certificate Authority (CA)
Trusted entity that issues and signs digital certificates.
Read full term ->Compensating Control
Alternative security measure used when a primary control is not feasible.
Read full term ->Containment
Incident response phase focused on limiting attacker movement and damage.
Read full term ->Corrective Control
Corrective controls are actions taken to restore systems and data after a security incident has occurred.
Read full term ->Correlation Rule
SIEM logic that links multiple events to detect suspicious activity patterns.
Read full term ->Credential Stuffing
Credential stuffing is an attack where stolen account credentials are used to gain unauthorized access to user accounts on multiple systems.
Read full term ->Cross-Site Request Forgery (CSRF)
Attack that tricks authenticated users into performing unintended actions.
Read full term ->Cross-Site Scripting (XSS)
Web vulnerability where malicious scripts execute in user browsers.
Read full term ->CVSS
Common Vulnerability Scoring System used to rate vulnerability severity.
Read full term ->Data Classification
Process of categorizing data by sensitivity level to determine appropriate handling, storage, and protection controls.
Read full term ->Data Loss Prevention (DLP)
Controls that monitor and prevent unauthorized data exfiltration.
Read full term ->Deception Techniques
Deception techniques involve creating decoy systems and data to mislead attackers and gather intelligence on their methods.
Read full term ->Deception Technology
Security approach using decoys and traps to detect attacker activity.
Read full term ->Detective Control
Detective controls are mechanisms designed to identify and alert to security incidents after they have occurred.
Read full term ->Deterrent Control
Control intended to discourage malicious behavior before it occurs.
Read full term ->Digital Signature
Cryptographic proof of message origin and integrity.
Read full term ->Directive Control
Directive controls are policies and procedures that guide how security measures should be implemented and maintained.
Read full term ->Enterprise Defenses
Enterprise defenses are security measures implemented to protect an organization's IT infrastructure from threats.
Read full term ->Enterprise Infrastructure
Enterprise infrastructure encompasses the IT resources and systems that support an organization's operations and services.
Read full term ->Eradication
Incident response phase where malicious artifacts and persistence are removed.
Read full term ->Chain of Custody
Documented timeline showing evidence handling from collection to analysis.
Read full term ->Forensic Imaging
Bit-level copy of storage media used for digital investigations.
Read full term ->Hashing
One-way transformation of input data into fixed-length digest values.
Read full term ->Identity and Access Management (IAM)
Framework of policies and technologies that ensures the right individuals access the right resources at the right times for the right reasons.
Read full term ->Incident Response Process
The incident response process is a structured approach to handling and managing security incidents.
Read full term ->Indicator of Compromise (IOC)
Forensic artifact suggesting a system may be compromised.
Read full term ->Security KPI
Key performance indicator measuring effectiveness of security operations.
Read full term ->Least Common Mechanism
This principle advises minimizing the sharing of mechanisms among users to reduce the risk of unintended interactions.
Read full term ->Logs and Investigations
Logs are records of events that occur within an IT environment, used in investigations to analyze and understand security incidents.
Read full term ->Malicious Activities
Malicious activities are actions taken by threat actors to compromise, damage, or disrupt systems and data.
Read full term ->Managerial Control
Managerial controls involve policies and procedures that govern an organization's security practices and manage risk.
Read full term ->Mitigation Techniques
Mitigation techniques are strategies implemented to reduce the impact or likelihood of a security threat.
Read full term ->MITRE ATT&CK
A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
Read full term ->Non-repudiation
A security principle that ensures that a party in a communication cannot deny the authenticity of their signature or the sending of a message.
Read full term ->Obfuscation
Obfuscation is the practice of making data unintelligible or confusing to hide its meaning.
Read full term ->Operational Control
Operational controls are procedures and practices that are implemented to ensure day-to-day security operations are effective.
Read full term ->OWASP Testing Guide
Methodology guidance for testing web applications for security weaknesses.
Read full term ->Pass-the-Hash
Pass-the-hash is an attack method where an attacker uses a hashed password to authenticate as a user without knowing the actual password.
Read full term ->Physical Control
Physical controls are security measures that prevent unauthorized physical access to facilities and equipment.
Read full term ->Playbook
Documented response procedure for specific incident types.
Read full term ->Preventive Control
Preventive controls are measures taken to avoid security incidents by stopping threats before they occur.
Read full term ->Resilience and Recovery
Resilience and recovery refer to the ability of an organization to withstand and recover from security incidents and disruptions.
Read full term ->Risk Management
Risk management is the process of identifying, assessing, and prioritizing risks to minimize their impact on an organization.
Read full term ->Risk Register
A tool used in risk management to document potential risks and actions to manage them.
Read full term ->Risk Treatment
Decision process to mitigate, transfer, avoid, or accept identified risks.
Read full term ->Salting
Adding random data to passwords before hashing to resist rainbow table attacks.
Read full term ->SAML
Security Assertion Markup Language standard used for exchanging authentication and authorization data.
Read full term ->Secure Baselines
Secure baselines are predefined configurations that ensure systems are set up in a secure manner.
Read full term ->Security Awareness
Programs and activities that educate users about security threats, policies, and their role in protecting organizational assets.
Read full term ->Security Awareness and Training
Security awareness and training programs educate employees about security policies, procedures, and best practices to reduce human error and enhance organizational security.
Read full term ->Security Compliance
Security compliance involves adhering to laws, regulations, and standards that govern the protection of information.
Read full term ->Security Governance
Set of policies, roles, and processes that ensure security objectives align with business goals and regulatory requirements.
Read full term ->SIEM
Security Information and Event Management platform for log aggregation and correlation.
Read full term ->SQL Injection
Attack that inserts malicious SQL into application input to manipulate database queries.
Read full term ->Federated Identity
Trust model where one identity provider authenticates users across separate systems.
Read full term ->Technical Control
Technical controls are security measures implemented through technology to protect systems and data, such as firewalls and antivirus software.
Read full term ->Third-Party Risk
Third-party risk refers to the potential threats and vulnerabilities introduced by external vendors and partners.
Read full term ->Threat Actors
Individuals or groups that pose a threat to cybersecurity, often motivated by financial gain, espionage, or disruption.
Read full term ->Threat Hunting
Proactive search for hidden threats that bypassed automated detection.
Read full term ->Threat Intelligence
Contextual information about threats used to improve detection and decision-making.
Read full term ->Threat Modeling
Threat modeling is a process used to identify, communicate, and understand threats and mitigations within the context of protecting something of value.
Read full term ->Threat Vectors
Threat vectors are the paths or means by which an attacker can gain access to a system or network.
Read full term ->Tokenization
Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
Read full term ->Triage
Initial analysis and prioritization of alerts or incidents.
Read full term ->TTP
Tactics, techniques, and procedures associated with adversary behavior.
Read full term ->Version Control
Version control is a system that records changes to a file or set of files over time so that specific versions can be recalled later.
Read full term ->Vulnerability Categories
Vulnerability categories classify weaknesses in systems, such as application, hardware, and cloud vulnerabilities.
Read full term ->Vulnerability Scanning
Automated process of probing systems for known security weaknesses and misconfigurations to prioritize remediation efforts.
Read full term ->WAF
Web Application Firewall that inspects and filters HTTP traffic to protect web apps.
Read full term ->XDR
Extended Detection and Response platform that correlates telemetry across multiple security layers.
Read full term ->Zero Trust
A security model that assumes no implicit trust is granted to systems or users, requiring verification at every access point.
Read full term ->