CompTIA Security+ 701 Study Guide
CIA triad (Confidentiality, Integrity, Availability)
AAA Of Security ANS: Authentication, Authorization, and Accounting
Checksums ANS: Method to verify the integrity of data during transmission
Digital Signatures ANS: Ensure Both Integrity of data during transaction
Server Redundancy ANS: Involves using multiple servers in a load balanced or failover configuration so
that if one is overloaded or fails, the other servers can take over the load to continue supporting your
end users
Network Redundancy ANS: Ensures that if one network path fails, the data can travel through another
route
data redundancy ANS: involves storing data in multiple places
Power Redundancy ANS: involves using backup power sources, like generators and ups systems
Non-repudiation ANS: provides undeniable proof in the world of digital transactions. Cant deny
participation or authenticity of their actions
Syslog servers ANS: used to aggregate logs from various network devices and systems so that system
administrators can analyze them to detect patterns or anomalies in the organizations systems
Technical Controls ANS: "technology", hardware, and software mechanisms that are implemented to
manage and reduce risks
,Managerial Controls ANS: ("Managing" things) also referred to administrative controls, involve the
strategic planning and governance side of security
Operational Controls ANS: Procedures and measures that are designed to protect data on a day to day
basis. Are mainly governed by internal processes and human actions
Preventive ANS: Proactive measures implemented to thwart potentical security threats or breaches
Deterrent Controls ANS: Discourage potential attackers by making the effort seem less appealing or
more challenging
Detective Controls ANS: (detect) Monitor and alert organizations to malicious activities as they occur
Corrective Controls ANS: Mitigate any potential damage and restore our systems to their normal state
Compensating Controls ANS: Alternative measures that are implemented when primary security
controls are not feasible or effective
Directive Controls ANS: Guide, inform, or mandate actions. Often rooted in Policy.
gap analysis ANS: Process of evaluating the differences between an organizations current performance
and its desired performance
Zero Trust ANS: Demands verification for every device, user, and transaction with the network
Data plane ANS: Ensures policies are properly executed
, honeypot ANS: decoy systems to attract and deceive attackers
honeynets ANS: network of decoy systems for observing complex attacks
honeyfiles ANS: decoy files to detect unauthorized access or data breaches
(APT) Advanced Persistent Threat ANS: Nation-state actor because of their long term persistence and
stealth
Threat Vector ANS: Means or pathway by which an attacker can gain unauthorized access to a
computer or network
Vishing ANS: Voice Phishing
(MDM) Mobile device management ANS: Manages Phones, remote wipe, geolocation, installs certain
apps Ex) jampf
Smishing ANS: SMS phishing
Unsecure networks Vulnerabilities ANS: MAC Address cloning, VLAN Hopping
Vulnerability in Bluetooth protocol ANS: Blueborne -- vulnerabilities in bluetooth technology that can
allow can attacher to take over devices
BlueSmack -- type of DoS attack that targets bluetooth enabled devices
CIA triad (Confidentiality, Integrity, Availability)
AAA Of Security ANS: Authentication, Authorization, and Accounting
Checksums ANS: Method to verify the integrity of data during transmission
Digital Signatures ANS: Ensure Both Integrity of data during transaction
Server Redundancy ANS: Involves using multiple servers in a load balanced or failover configuration so
that if one is overloaded or fails, the other servers can take over the load to continue supporting your
end users
Network Redundancy ANS: Ensures that if one network path fails, the data can travel through another
route
data redundancy ANS: involves storing data in multiple places
Power Redundancy ANS: involves using backup power sources, like generators and ups systems
Non-repudiation ANS: provides undeniable proof in the world of digital transactions. Cant deny
participation or authenticity of their actions
Syslog servers ANS: used to aggregate logs from various network devices and systems so that system
administrators can analyze them to detect patterns or anomalies in the organizations systems
Technical Controls ANS: "technology", hardware, and software mechanisms that are implemented to
manage and reduce risks
,Managerial Controls ANS: ("Managing" things) also referred to administrative controls, involve the
strategic planning and governance side of security
Operational Controls ANS: Procedures and measures that are designed to protect data on a day to day
basis. Are mainly governed by internal processes and human actions
Preventive ANS: Proactive measures implemented to thwart potentical security threats or breaches
Deterrent Controls ANS: Discourage potential attackers by making the effort seem less appealing or
more challenging
Detective Controls ANS: (detect) Monitor and alert organizations to malicious activities as they occur
Corrective Controls ANS: Mitigate any potential damage and restore our systems to their normal state
Compensating Controls ANS: Alternative measures that are implemented when primary security
controls are not feasible or effective
Directive Controls ANS: Guide, inform, or mandate actions. Often rooted in Policy.
gap analysis ANS: Process of evaluating the differences between an organizations current performance
and its desired performance
Zero Trust ANS: Demands verification for every device, user, and transaction with the network
Data plane ANS: Ensures policies are properly executed
, honeypot ANS: decoy systems to attract and deceive attackers
honeynets ANS: network of decoy systems for observing complex attacks
honeyfiles ANS: decoy files to detect unauthorized access or data breaches
(APT) Advanced Persistent Threat ANS: Nation-state actor because of their long term persistence and
stealth
Threat Vector ANS: Means or pathway by which an attacker can gain unauthorized access to a
computer or network
Vishing ANS: Voice Phishing
(MDM) Mobile device management ANS: Manages Phones, remote wipe, geolocation, installs certain
apps Ex) jampf
Smishing ANS: SMS phishing
Unsecure networks Vulnerabilities ANS: MAC Address cloning, VLAN Hopping
Vulnerability in Bluetooth protocol ANS: Blueborne -- vulnerabilities in bluetooth technology that can
allow can attacher to take over devices
BlueSmack -- type of DoS attack that targets bluetooth enabled devices
