CompTIA Security+ SY0-701 Flashcards
- Created By Jeff Chaplin
Preventive Controls ANS: Objective: Prevent security incidents from occurring. Examples: Firewalls,
Access control mechanisms (e.g., passwords, biometrics) Intrusion prevention systems (IPS), Security
policies and procedures
Deterrent Controls ANS: Objective: Discourage potential attackers from attempting to compromise a
system. Examples: Warning signs, Security awareness training, Visible security measures (e.g., security
guards, CCTV)
Detective Controls ANS: Objective: Detect and alert on security incidents as they occur. Examples:
Intrusion detection systems (IDS), Security information and event management (SIEM) systems, Audit
logs and monitoring, Surveillance cameras
Corrective Controls ANS: Objective: Correct and mitigate the impact of security incidents. Examples:
Antivirus and anti-malware software, Backup and recovery procedures, Patch management systems,
Incident response plans
Compensating Controls ANS: Compensating controls are security measures implemented to provide an
alternative method of protecting assets when standard controls are not feasible. Examples: Temporary
access restrictions, Alternative authentication mechanisms, Additional monitoring when primary
controls are down
Directive Controls ANS: Objective: Specify acceptable practices and expected behavior. Examples:
Security policies and guidelines, Employee handbooks, Standard operating procedures (SOPs), Codes of
conduct
Define the Five Core principles of Information Security (CIANA) ANS: Confidentiality, Integrity,
Availability, Non-Repudiation, Authentication
,Gap Analysis Steps ANS: Define the scope, Gather data about the current infrastructure, Analyze the
data and identify the gaps, Develop a plan to bridge the gap
Honeypot ANS: A honeypot is a decoy system or resource designed to attract and deceive attackers. It
appears to be a legitimate part of the network but is isolated and monitored to gather information
about attackers' tactics, techniques, and motives.
Honeynet ANS: A honeynet is a network of honeypots that are interconnected to simulate a larger and
more realistic environment for attracting and monitoring attackers. It allows organizations to capture
and analyze broader attack patterns and behaviors.
Honeyfile ANS: A honeyfile is a file or document that is intentionally created and placed in a network to
act as bait for attackers. It contains seemingly valuable information that, if accessed or modified,
triggers alerts and provides insights into unauthorized access attempts.
Honeytoken ANS: A honeytoken is a piece of data or credential that is intentionally placed within an
information system to serve as a decoy or indicator of unauthorized access. If a honeytoken is accessed
or used, it alerts security teams to potential security breaches.
Non-Repudiation ANS: A security principle ensuring that a party in a communication cannot deny the
authenticity of their signature on a document or the sending of a message that they originated. This is
typically achieved through the use of cryptographic methods, such as digital signatures and public key
infrastructure (PKI).
What are the five factors of Authentication ANS: Knowledge Factor: Something You Know, Possession
Factor: Something You Have, Inherence Factor: Something You Are, Behavioral Biometrics: Something
You Do, Location Factor: Somewhere You Are
PTZ ANS: Pan-Tilt-Zoom
, FRR ANS: False Rejection Rate - How often a biometric system fails to allow a user access who should
have had access
Chiper Lock ANS: A Mechanical locking mechanism that uses a mechanical keypad for entry
Infrared Sensor ANS: IR sensors can be either active or passive. Active IR sensors emit infrared light and
measure the reflection, while passive IR sensors detect the infrared light naturally emitted by objects.
Used in: Motion Detection, Remote Controls, Thermal Cameras, Temperature sensors
Microwave Sensor ANS: A microwave sensor uses microwave radar to detect objects and motion. These
sensors emit microwaves and measure the time it takes for the waves to be reflected back after hitting
an object. Used in: Automatic Doors, Speed Radars, Occupancy Sensing, Motion sensors
Ultrasonic Sensor ANS: An ultrasonic sensor uses ultrasonic sound waves to detect objects and measure
distances. The sensor emits sound waves at a high frequency and measures the time it takes for the
echo to return after hitting an object. Used in: Parking Assistance, Robotics, Industrial Automation
Shadow IT ANS: A type of threat actor that creates internal threats involving the use of systems,
devices, software, applications, and services that are used within an organization without explicit
approval or knowledge of the organization's IT department.
Name all four Security Controls ANS: Detective, Compensating, Directive, Corrective
Social Proof ANS: A psychological and social phenomenon where individuals copy the actions of others
in an attempt to reflect correct behavior for a given situation. This concept is often exploited in social
engineering attacks
Typosquatting ANS: "Typosquatting" is a form of cyber-attack where malicious actors register domain
names that are similar to legitimate websites, often differing by a small typo or misspelling. Example:
Real: Facebook.com | Fake: Facebo0k.com
- Created By Jeff Chaplin
Preventive Controls ANS: Objective: Prevent security incidents from occurring. Examples: Firewalls,
Access control mechanisms (e.g., passwords, biometrics) Intrusion prevention systems (IPS), Security
policies and procedures
Deterrent Controls ANS: Objective: Discourage potential attackers from attempting to compromise a
system. Examples: Warning signs, Security awareness training, Visible security measures (e.g., security
guards, CCTV)
Detective Controls ANS: Objective: Detect and alert on security incidents as they occur. Examples:
Intrusion detection systems (IDS), Security information and event management (SIEM) systems, Audit
logs and monitoring, Surveillance cameras
Corrective Controls ANS: Objective: Correct and mitigate the impact of security incidents. Examples:
Antivirus and anti-malware software, Backup and recovery procedures, Patch management systems,
Incident response plans
Compensating Controls ANS: Compensating controls are security measures implemented to provide an
alternative method of protecting assets when standard controls are not feasible. Examples: Temporary
access restrictions, Alternative authentication mechanisms, Additional monitoring when primary
controls are down
Directive Controls ANS: Objective: Specify acceptable practices and expected behavior. Examples:
Security policies and guidelines, Employee handbooks, Standard operating procedures (SOPs), Codes of
conduct
Define the Five Core principles of Information Security (CIANA) ANS: Confidentiality, Integrity,
Availability, Non-Repudiation, Authentication
,Gap Analysis Steps ANS: Define the scope, Gather data about the current infrastructure, Analyze the
data and identify the gaps, Develop a plan to bridge the gap
Honeypot ANS: A honeypot is a decoy system or resource designed to attract and deceive attackers. It
appears to be a legitimate part of the network but is isolated and monitored to gather information
about attackers' tactics, techniques, and motives.
Honeynet ANS: A honeynet is a network of honeypots that are interconnected to simulate a larger and
more realistic environment for attracting and monitoring attackers. It allows organizations to capture
and analyze broader attack patterns and behaviors.
Honeyfile ANS: A honeyfile is a file or document that is intentionally created and placed in a network to
act as bait for attackers. It contains seemingly valuable information that, if accessed or modified,
triggers alerts and provides insights into unauthorized access attempts.
Honeytoken ANS: A honeytoken is a piece of data or credential that is intentionally placed within an
information system to serve as a decoy or indicator of unauthorized access. If a honeytoken is accessed
or used, it alerts security teams to potential security breaches.
Non-Repudiation ANS: A security principle ensuring that a party in a communication cannot deny the
authenticity of their signature on a document or the sending of a message that they originated. This is
typically achieved through the use of cryptographic methods, such as digital signatures and public key
infrastructure (PKI).
What are the five factors of Authentication ANS: Knowledge Factor: Something You Know, Possession
Factor: Something You Have, Inherence Factor: Something You Are, Behavioral Biometrics: Something
You Do, Location Factor: Somewhere You Are
PTZ ANS: Pan-Tilt-Zoom
, FRR ANS: False Rejection Rate - How often a biometric system fails to allow a user access who should
have had access
Chiper Lock ANS: A Mechanical locking mechanism that uses a mechanical keypad for entry
Infrared Sensor ANS: IR sensors can be either active or passive. Active IR sensors emit infrared light and
measure the reflection, while passive IR sensors detect the infrared light naturally emitted by objects.
Used in: Motion Detection, Remote Controls, Thermal Cameras, Temperature sensors
Microwave Sensor ANS: A microwave sensor uses microwave radar to detect objects and motion. These
sensors emit microwaves and measure the time it takes for the waves to be reflected back after hitting
an object. Used in: Automatic Doors, Speed Radars, Occupancy Sensing, Motion sensors
Ultrasonic Sensor ANS: An ultrasonic sensor uses ultrasonic sound waves to detect objects and measure
distances. The sensor emits sound waves at a high frequency and measures the time it takes for the
echo to return after hitting an object. Used in: Parking Assistance, Robotics, Industrial Automation
Shadow IT ANS: A type of threat actor that creates internal threats involving the use of systems,
devices, software, applications, and services that are used within an organization without explicit
approval or knowledge of the organization's IT department.
Name all four Security Controls ANS: Detective, Compensating, Directive, Corrective
Social Proof ANS: A psychological and social phenomenon where individuals copy the actions of others
in an attempt to reflect correct behavior for a given situation. This concept is often exploited in social
engineering attacks
Typosquatting ANS: "Typosquatting" is a form of cyber-attack where malicious actors register domain
names that are similar to legitimate websites, often differing by a small typo or misspelling. Example:
Real: Facebook.com | Fake: Facebo0k.com
