CYBR2.Security+ TestOut Ch 10 - Securing Data and
Applications (SY0-601)
Secure Sockets Layer (SSL) *** A protocol that secures messages being transmitted on the
internet.
Transport Layer Security (TLS) *** A protocol that secures messages being transmitted on the
internet. It is the successor to SSL 3.0.
Secure Shell (SSH) *** A protocol that allows for secure interactive control of remote systems.
Hyper Text Transfer Protocol Secure (HTTPS) *** A secure form of HTTP that uses either
SSL or TLS to encrypt sensitive data before it is transmitted.
Secure Hypertext Transfer Protocol (S-HTTP) *** An alternate protocol that is not widely
used because it is not as secure as HTTPS.
Internet Protocol Security (IPsec) *** A set of protocols that provides secure data transmission
over unprotected TCP/IP networks.
Authentication Header (AH) *** A protocol within IPsec that provides authenticity, non-
repudiation, and integrity.
Encapsulating Security Payload (ESP) *** A protocol within IPsec that provides all the
security of AH plus confidentiality.
Security Association (SA) *** The establishment of shared security information between two
network entities to support secure communications.
, Data loss prevention (DLP) *** A system that attempts to detect and stop breaches of sensitive
data within an organization.
Network DLP *** A software or hardware solution that is typically installed near the network
perimeter that analyzes network traffic in an attempt to detect transmission of sensitive data in
violation of an organization's security policies.
Endpoint DLP *** DLP Software that runs on end-user workstations and servers.
File-level DLP *** DLP software that is used to identify sensitive files in a file system and
then to embed the organization's security policy within the file so that it travels with the a moved
or copied file.
Cloud DLP *** A software solution that analyzes traffic to and from cloud systems in an
attempt to detect sensitive data that is being transmitted in violation of an organization's security
policies.
Masking *** The process of replacing sensitive data with realistic fictional data.
Encryption *** The process of changing plain text through an algorithm into unreadable
ciphertext.
Tokenization *** The process of replacing original data with a randomly generated
alphanumeric character set called a token.
Rights management *** A system of data protection at the file level that uses various forms of
permissions, rules, and security policies.
Privilege escalation *** The exploitation of a misconfiguration, a bug, or design flaw to gain
unauthorized access to resources.
Applications (SY0-601)
Secure Sockets Layer (SSL) *** A protocol that secures messages being transmitted on the
internet.
Transport Layer Security (TLS) *** A protocol that secures messages being transmitted on the
internet. It is the successor to SSL 3.0.
Secure Shell (SSH) *** A protocol that allows for secure interactive control of remote systems.
Hyper Text Transfer Protocol Secure (HTTPS) *** A secure form of HTTP that uses either
SSL or TLS to encrypt sensitive data before it is transmitted.
Secure Hypertext Transfer Protocol (S-HTTP) *** An alternate protocol that is not widely
used because it is not as secure as HTTPS.
Internet Protocol Security (IPsec) *** A set of protocols that provides secure data transmission
over unprotected TCP/IP networks.
Authentication Header (AH) *** A protocol within IPsec that provides authenticity, non-
repudiation, and integrity.
Encapsulating Security Payload (ESP) *** A protocol within IPsec that provides all the
security of AH plus confidentiality.
Security Association (SA) *** The establishment of shared security information between two
network entities to support secure communications.
, Data loss prevention (DLP) *** A system that attempts to detect and stop breaches of sensitive
data within an organization.
Network DLP *** A software or hardware solution that is typically installed near the network
perimeter that analyzes network traffic in an attempt to detect transmission of sensitive data in
violation of an organization's security policies.
Endpoint DLP *** DLP Software that runs on end-user workstations and servers.
File-level DLP *** DLP software that is used to identify sensitive files in a file system and
then to embed the organization's security policy within the file so that it travels with the a moved
or copied file.
Cloud DLP *** A software solution that analyzes traffic to and from cloud systems in an
attempt to detect sensitive data that is being transmitted in violation of an organization's security
policies.
Masking *** The process of replacing sensitive data with realistic fictional data.
Encryption *** The process of changing plain text through an algorithm into unreadable
ciphertext.
Tokenization *** The process of replacing original data with a randomly generated
alphanumeric character set called a token.
Rights management *** A system of data protection at the file level that uses various forms of
permissions, rules, and security policies.
Privilege escalation *** The exploitation of a misconfiguration, a bug, or design flaw to gain
unauthorized access to resources.
