My Certification Notes
Search
Search
Dark mode
Light mode
Explorer
Comptia Security+ Certification
1.0 General Security Concepts 12%
1.1 Compare and contrast various types of security controls.
1.2 Summarize fundamental security concepts.
1.4 Explain the importance of using appropriate cryptographic solutions.
2.0 Threats, Vulnerabilities, and Mitigations 22%
2.1 Compare and contrast common threat actors and motivations.
2.2 Explain common threat vectors and attack surfaces.
2.3 Explain various types of vulnerabilities.
2.4 Given a scenario, analyze indicators of malicious activity
3.0 Security Architecture 18%
3.1 Compare and contrast security implications of different architecture models.
3.3 Compare and contrast concepts and strategies to protect data.
4.0 Security Operations 28%
4.3 Explain various activities associated with vulnerability management.
4.4 Explain security alerting and monitoring concepts and tools.
4.8 Explain appropriate incident response activities.
5.0 Security Program Management and Oversight 20%
5.2 Explain elements of the risk management process.
5.3 Explain the processes associated with third-party risk assessment and management.
5.5 Explain types and purposes of audits and assessments.
Comptia Security+
Comptia Security+ Chapter 1
Comptia Security+ Chapter 1, Review 1
Comptia Security+ Chapter 1, Review 2
Comptia Security+ Chapter 2
Comptia Security+ Chapter 2, Review 1
Comptia Security+ Chapter 3
Comptia Security+ Chapter 4
Comptia Security+ Chapter 5
Comptia Security+ Chapter 6
Comptia Security+ Chapter 7
Comptia Security+ Chapter 8
Comptia Security+ Chapter 9
Comptia Security+ Chapter 10
Comptia Security+ Chapter 11
Comptia Security+ Exam
Comptia Security+ Plan
Comptia Security+ Pre-Assessment Reflection
Comptia Security+ study guide book
Review of content
Definitions
[buffer overflow
2.5 Explain the purpose of mitigation techniques used to secure the enterprise.
3.3 Compare and contrast concepts and strategies to protect data.
3.4 Explain the importance of resilience and recovery in security architecture
4.1 Given a scenario, apply common security techniques to computing resources.
4.2 Explain the security implications of proper hardware, software, and data asset management.
4.5 Given a scenario, modify enterprise capabilities to enhance security.
4.6 Given a scenario, implement and maintain identity and access management.
4.7 Explain the importance of automation and orchestration related to secure operations.
5.1 Summarize elements of effective security governance.
802.1X
access control
access control scheme
Access control vestibule
access restrictions
account deprovisioning
account provisioning
accounts
agent-based DLP
agentless-DLP
allow-listing
allows lists
alteration
anti-malware
anti-virus
API inspection
application attacks
application firewalls
application resilience
application security
application security controls
application testing vulnerability scanners
application vulnerabilities
architecture and infrastructure concepts
architecture model considerations
artificial intelligence AI
assessing threat intelligence
asset management
assignment and accounting
asymmetric encryption
attack complexity
attack complexity score
attack surfaces
attack vector score
attacker motivations
attestation
Attribute-Based Access Control ABAC
attributes
authentication interoperability
authentication, authorization and accounting (AAA)
Authority
automation and orchestration
availability
availability score
backups
baselines
benefits of automation and scripting
binding
biometric authentication
birthday attack
black hat hackers
blind content-based SQL injection
blind timing-based SQL injection
bloatware
block ciphers
block or deny lists
brand impersonation
breach impact types
brute-force
buffer overflow
business email compromise
capacity planning
certificate authorities
certificate enrolment
certificate formats
certificate pinning
certificate revocation
certificate stapling
certificate verification
certificates
Challenge Handshake Authentication Protocol CHAP
changed scope
chosen plain text attack
CIA triad
ciphers
claims to identity
Closed Circuit Television CCTV
closed source intelligence
cloud
cloud access security brokers CASB
cloud backup considerations
cloud controls matrix
cloud deployment models
cloud networking
cloud roles
cloud security architecture
cloud security issues
cloud storage resources
clustering
code injection attacks
code repositories
code reuse
code security
code signing
cold site
command injection attacks
compensating security control type
competitors
compliance risk
confidentiality
confidentiality score
configuration management tools
containerization
continuity of operations
control objectives
cookie stealing and manipulation
corrective security control type
creation and distribution of symmetric keys
Cross-Site Request Forgery XSRF
cryptanalysis
cryptographic attacks
cryptographic tools
cryptography
cryptography goals
CVSS
cybersecurity
cybersecurity objectives
cybersecurity professionals
cybersecurity risk categories
cybersecurity risk type impacts
cybersecurity risk types
cybersecurity risks
cybersecurity threat classifications
cybersecurity threats
DAD triad
data breach risks
data encryption
data encryption level
data exfiltration
data loss prevention
data loss prevention DLP
data masking
data minimisation
data plane
data protection
data sovereignty
deception and disruption technology
decommissioning
defence-in-depth
denial
deny-listing
desired security state
detective security control type
deterrent security control type
devops
devsecops
dictionary attacks
digital rights management (DRM)
digital signature
directive security control type
directory traversal attack
disclosure
Discretionary Access Control DAC
disinformation
Distinguished Encoding Rules DER format
downgrade attack
dynamic testing vulnerability scan
elasticity
embedded systems
Endpoint Detection and Response (EDR)
endpoint protection
environmental attacks
error handling best practices
escalation
espionage
exploitability
exploitability score
extended detection and response XDR
Extensible Authentication Protocol EAP
external audit and assessments
facial recognition
False Acceptance Rate FAR type 2 error
False Rate Rejection FFR type 1 error
federation
file inclusion attack
fileless virus
filesystem permissions
Financial data breach risk
financial risk
fingerprint scan
firmware
frequency analysis
fuzzing
gait analysis
gap analysis
general data considerations
geographic access restriction
geolocation
governance and auditing of third-party vendors
grey hat hackers
guard rails
hackers hats
hacktivists
handling secrets
hardening cloud infrastructure
hardening targets
hardening techniques
hardware root of trust
Hardware Security Modules HSM
hardware vulnerabilities
hash
Hash Message Authentication Code HMAC
heuristic
host-based intrusion prevention system HIPS
hot site
human vectors
human vectors and social engineering
hypervisor
identification methods
Identity and Access Management IAM
identity proofing
Identity Provider IdP
impact
impact score
impact sub-score
impersonation
industrial control systems ICS
infrastructure capacity planning
injection attacks
injection vulnerabilities
input validation
insecure direct object references
insider threats
integrity
integrity score
interactive testing vulnerability scan
internal audit or assessment
Internet of things IoT
Internet Relay Chart (IRC)
inventory enumeration
iris recognition
ISACS
isolation
journaling
Kerberos
Kerberos instance
Kerberos primary
Kerberos realm
key escrow
key exchange
key stretching
keyloggers
Lightweight Directory Access Protocol LDAP
live-boot media
load balancing
logic bomb
malinformation
malware
malware types
managerial security control category
Mandatory Access Control MAC
measured boot
memory leak
memory management best practices
message-based threat vectors
methods to secure data
misinformation
Multi-Factor Authentication MFA
multipath
nation-state attackers
nearline backups
network hardening
network vulnerability scanner
non-persistance
non-repudiation
OASIS
obfuscation
Online Certificate Status Protocol OCSP
Open Authorization OAuth
open worldwide application security project OWASP
OpenID
operating system hardening
operating system vulnerabilities
operational risk
operational security control category
organised crime
OSINT data sources
other considerations of automation and scripting
package monitoring
parallel processing
parameterized queries
partial redactions
password attacks
password guidelines
password spraying
Password vaulting
password vulnerabilities
penetration testing
penetration testing environments
people capacity planning
permission access restriction
permissions management
phishing
physical attack
physical security control category
pointer dereferencing
policies
policy engine
power
pretexting
preventive security control type
principle of least access
privilege escalation attack
Privileged Access Management PAM
privileges required score
proprietary closed source intelligence
protecting endpoints
protection of power
proving hacking ability
public cloud
public key infrastructure PKI
race conditions
rainbow table attack
ransomware
Receiver Operating Characteristic ROC
Recovery Point Objectives RPO
Recovery Time Objectives RTO
redundancy
Redundant Array of Inexpensive Disks RAID
redundant network devices
registration authorities
related key attack
Relying Party RP
Remote Dial-In User Service RADIUS
replay attack
replication
reporting on vulnerabilities
Reputational damage risk
reputational risk
request forgery
resource exhaustion
responsibility matrix
restoration to last-known good configuration
retina scan
risk identification
Role-Based Access Control RBAC
rootkit
Rule-Based Access Control RuBAC
sandboxing
scalability
scan perspectives
sealing
secretes management
secure boot
secure coding practices
secure cookies
secure web gateways SWG
securing APIs
Security Assertions Markup Language SAML
security cameras
security control categories
security control types
security controls
security enclave
security tools
segmentation
Sensors
Server-Side Request Forgery SSRF
session attacks
session replay attack
shadow IT
signature based detection
simulation
Single Sign-On SSO
Site considerations
site resilience
smishing
social engineering key principles
social engineering techniques
software development lifecycle SDLC
software diversity
something you are authentication
something you have authentication
something you know
something you know authentication
somewhere you are authentication
source code comments best practices
spyware
SQL injections SQLI
SSL stripping
standardized security languages
static code analysis
steganography
STIX
storage and destruction of symmetric keys
stored or persistent XSS
strategic risk
stream ciphers
supervisory control and data acquisition SCADA
symmetric encryption
symmetric encryption management
system and process audit
tabletop exercises
target of evaluation TOE
technical security control category
technology capacity planning
Terminal Access Controller Access Control System Plus TACACS+
testing
testing resilience and recovery control designs
threat actor attributes
threat actor motivations
threat actor types
threat actors
threat confidence score
threat data and intelligence systems
threat feed
threat indicator exchange
threat indicator management
threat intelligence
threat maps
threat vectors
time-of-check TOC
time-of-use TOU
To review
tokenization
traits
trojans
TRUST Model
trusted platform module TPM
types of vulnerabilities
typosquatting
unchanged scope
unified extensible firmware interface UEFI
Uninterruptable Power Supply UPS
unskilled attackers
Untitled
unvalidated redirects
use cases of automation and scripting
user interaction score
user provisioning
validation of vulnerability remediation
virtual private cloud VPC
virtualisation
virtualisation security
virtualisation vulnerabilities
virus
virus variates
vishing
vulnerability analysis
vulnerability database
vulnerability management
vulnerability response and remediation
vulnerability scanners
vulnerability scans
vulnerable software
warm site
watering hole attack
web application scanner
web-based vulnerabilities
when malware runs
white hat hackers
why threat actors are categorized
wired network as a threat vector
worms
XSS Cross (X) Site-Scripting
zero trust
Templates
0. Default
Definition Template
Study Chapter Template
Test Reflection Template
Home
❯
Definitions
Folder: Definitions
466 items under this folder.
Dec 29, 2025
user provisioning
Dec 29, 2025
validation of vulnerability remediation
Dec 29, 2025
virtual private cloud VPC
Dec 29, 2025
virtualisation security
Dec 29, 2025
virtualisation vulnerabilities
Dec 29, 2025
virtualisation
Dec 29, 2025
virus variates
Dec 29, 2025
virus
Dec 29, 2025
vishing
Dec 29, 2025
vulnerability analysis
Dec 29, 2025
vulnerability database
Dec 29, 2025
vulnerability management
Dec 29, 2025
vulnerability response and remediation
Dec 29, 2025
vulnerability scanners
Dec 29, 2025
vulnerability scans
Dec 29, 2025
vulnerable software
Dec 29, 2025
warm site
Dec 29, 2025
watering hole attack
Dec 29, 2025
web application scanner
Dec 29, 2025
web-based vulnerabilities
Dec 29, 2025
when malware runs
Dec 29, 2025
white hat hackers
Dec 29, 2025
why threat actors are categorized
concept
Dec 29, 2025
wired network as a threat vector
Dec 29, 2025
worms
Dec 29, 2025
zero trust
Dec 29, 2025
testing resilience and recovery control designs
Dec 29, 2025
testing
Dec 29, 2025
threat actor attributes
Dec 29, 2025
threat actor motivations
Dec 29, 2025
threat actor types
Dec 29, 2025
threat actors
Dec 29, 2025
threat confidence score
Dec 29, 2025
threat data and intelligence systems
Dec 29, 2025
threat feed
Dec 29, 2025
threat indicator exchange
Dec 29, 2025
threat indicator management
Dec 29, 2025
threat intelligence
Dec 29, 2025
threat maps
Dec 29, 2025
threat vectors
Dec 29, 2025
time-of-check TOC
Dec 29, 2025
time-of-use TOU
Dec 29, 2025
tokenization
Dec 29, 2025
traits
Dec 29, 2025
trojans
Dec 29, 2025
trusted platform module TPM
Dec 29, 2025
types of vulnerabilities
Dec 29, 2025
typosquatting
Dec 29, 2025
unchanged scope
Dec 29, 2025
unified extensible firmware interface UEFI
Dec 29, 2025
unskilled attackers
Dec 29, 2025
unvalidated redirects
Dec 29, 2025
use cases of automation and scripting
Dec 29, 2025
user interaction score
Dec 29, 2025
site resilience
Dec 29, 2025
smishing
Dec 29, 2025
social engineering key principles
Dec 29, 2025
social engineering techniques
Dec 29, 2025
software development lifecycle SDLC
Dec 29, 2025
software diversity
Dec 29, 2025
something you are authentication
Dec 29, 2025
something you have authentication
Dec 29, 2025
something you know authentication
Dec 29, 2025
something you know
Dec 29, 2025
somewhere you are authentication
Dec 29, 2025
source code comments best practices
Dec 29, 2025
spyware
Dec 29, 2025
standardized security languages
Dec 29, 2025
static code analysis
Dec 29, 2025
steganography
Dec 29, 2025
storage and destruction of symmetric keys
Dec 29, 2025
stored or persistent XSS
Dec 29, 2025
strategic risk
Dec 29, 2025
stream ciphers
Dec 29, 2025
supervisory control and data acquisition SCADA
Dec 29, 2025
symmetric encryption management
Dec 29, 2025
symmetric encryption
Dec 29, 2025
system and process audit
Dec 29, 2025
tabletop exercises
Dec 29, 2025
target of evaluation TOE
Dec 29, 2025
technical security control category
Dec 29, 2025
technology capacity planning
Dec 29, 2025
request forgery
Dec 29, 2025
resource exhaustion
Dec 29, 2025
responsibility matrix
important
Dec 29, 2025
restoration to last-known good configuration
Dec 29, 2025
retina scan
Dec 29, 2025
risk identification
Dec 29, 2025
rootkit
Dec 29, 2025
sandboxing
Dec 29, 2025
scalability
Dec 29, 2025
scan perspectives
Dec 29, 2025
sealing
Dec 29, 2025
secretes management
Dec 29, 2025
secure boot
Dec 29, 2025
secure coding practices
Dec 29, 2025
secure cookies
Dec 29, 2025
secure web gateways SWG
Dec 29, 2025
securing APIs
Dec 29, 2025
security cameras
Dec 29, 2025
security control categories
Dec 29, 2025
security control types
Dec 29, 2025
security controls
Dec 29, 2025
security enclave
Dec 29, 2025
security tools
Dec 29, 2025
segmentation
Dec 29, 2025
session attacks
Dec 29, 2025
session replay attack
Dec 29, 2025
shadow IT
Dec 29, 2025
signature based detection
Dec 29, 2025
simulation
Dec 29, 2025
people capacity planning
Dec 29, 2025
permission access restriction
Dec 29, 2025
permissions management
Dec 29, 2025
phishing
Dec 29, 2025
physical attack
Dec 29, 2025
physical security control category
Dec 29, 2025
pointer dereferencing
Dec 29, 2025
policies
Dec 29, 2025
policy engine
Dec 29, 2025
power
Dec 29, 2025
pretexting
Dec 29, 2025
preventive security control type
Dec 29, 2025
principle of least access
Dec 29, 2025
privilege escalation attack
Dec 29, 2025
privileges required score
Dec 29, 2025
proprietary closed source intelligence
Dec 29, 2025
protecting endpoints
important
Dec 29, 2025
protection of power
Dec 29, 2025
proving hacking ability
Dec 29, 2025
public cloud
Dec 29, 2025
public key infrastructure PKI
Dec 29, 2025
race conditions
Dec 29, 2025
rainbow table attack
Dec 29, 2025
ransomware
Dec 29, 2025
redundancy
Dec 29, 2025
redundant network devices
Dec 29, 2025
registration authorities
Dec 29, 2025
related key attack
Dec 29, 2025
replay attack
Dec 29, 2025
replication
Dec 29, 2025
reporting on vulnerabilities
Dec 29, 2025
reputational risk
Dec 29, 2025
memory leak
Dec 29, 2025
memory management best practices
Dec 29, 2025
message-based threat vectors
Dec 29, 2025
methods to secure data
Dec 29, 2025
misinformation
Dec 29, 2025
multipath
Dec 29, 2025
nation-state attackers
Dec 29, 2025
nearline backups
Dec 29, 2025
network hardening
Dec 29, 2025
network vulnerability scanner
Dec 29, 2025
non-persistance
Dec 29, 2025
non-repudiation
Dec 29, 2025
obfuscation
Dec 29, 2025
open worldwide application security project OWASP
Dec 29, 2025
operating system hardening
Dec 29, 2025
operating system vulnerabilities
important
Dec 29, 2025
operational risk
Dec 29, 2025
operational security control category
Dec 29, 2025
organised crime
Dec 29, 2025
other considerations of automation and scripting
Dec 29, 2025
package monitoring
Dec 29, 2025
parallel processing
Dec 29, 2025
parameterized queries
Dec 29, 2025
partial redactions
Dec 29, 2025
password attacks
Dec 29, 2025
password guidelines
Dec 29, 2025
password spraying
Dec 29, 2025
password vulnerabilities
Dec 29, 2025
penetration testing environments
Dec 29, 2025
penetration testing
Dec 29, 2025
impact score
Dec 29, 2025
impact sub-score
Dec 29, 2025
impact
Dec 29, 2025
impersonation
Dec 29, 2025
industrial control systems ICS
Dec 29, 2025
infrastructure capacity planning
Dec 29, 2025
injection attacks
Dec 29, 2025
injection vulnerabilities
Dec 29, 2025
input validation
Dec 29, 2025
insecure direct object references
Dec 29, 2025
insider threats
Dec 29, 2025
integrity score
Dec 29, 2025
integrity
Dec 29, 2025
interactive testing vulnerability scan
Dec 29, 2025
internal audit or assessment
Dec 29, 2025
inventory enumeration
Dec 29, 2025
iris recognition
Dec 29, 2025
isolation
Dec 29, 2025
journaling
Dec 29, 2025
key escrow
Dec 29, 2025
key exchange
Dec 29, 2025
key stretching
Dec 29, 2025
keyloggers
Dec 29, 2025
live-boot media
Dec 29, 2025
load balancing
Dec 29, 2025
logic bomb
Dec 29, 2025
malinformation
Dec 29, 2025
malware types
Dec 29, 2025
malware
Dec 29, 2025
managerial security control category
Dec 29, 2025
measured boot
Dec 29, 2025
fingerprint scan
Dec 29, 2025
firmware
Dec 29, 2025
frequency analysis
Dec 29, 2025
fuzzing
Dec 29, 2025
gait analysis
Dec 29, 2025
gap analysis
Dec 29, 2025
general data considerations
Dec 29, 2025
geographic access restriction
Dec 29, 2025
geolocation
Dec 29, 2025
governance and auditing of third-party vendors
Dec 29, 2025
grey hat hackers
Dec 29, 2025
guard rails
Dec 29, 2025
hackers hats
Dec 29, 2025
hacktivists
definition
Dec 29, 2025
handling secrets
Dec 29, 2025
hardening cloud infrastructure
Dec 29, 2025
hardening targets
Dec 29, 2025
hardening techniques
Dec 29, 2025
hardware root of trust
Dec 29, 2025
hardware vulnerabilities
important
Dec 29, 2025
hash
Dec 29, 2025
heuristic
Dec 29, 2025
host-based intrusion prevention system HIPS
Dec 29, 2025
hot site
Dec 29, 2025
human vectors and social engineering
Dec 29, 2025
human vectors
Dec 29, 2025
hypervisor
Dec 29, 2025
identification methods
Dec 29, 2025
identity proofing
Dec 29, 2025
devops
Dec 29, 2025
devsecops
Dec 29, 2025
dictionary attacks
Dec 29, 2025
digital rights management (DRM)
Dec 29, 2025
digital signature
Dec 29, 2025
directive security control type
Dec 29, 2025
directory traversal attack
Dec 29, 2025
disclosure
Dec 29, 2025
disinformation
Dec 29, 2025
downgrade attack
Dec 29, 2025
dynamic testing vulnerability scan
Dec 29, 2025
elasticity
Dec 29, 2025
embedded systems
Dec 29, 2025
endpoint protection
Dec 29, 2025
environmental attacks
Dec 29, 2025
error handling best practices
Dec 29, 2025
escalation
Dec 29, 2025
espionage
Dec 29, 2025
exploitability score
Dec 29, 2025
exploitability
Dec 29, 2025
extended detection and response XDR
Dec 29, 2025
external audit and assessments
Dec 29, 2025
facial recognition
Dec 29, 2025
federation
Dec 29, 2025
file inclusion attack
Dec 29, 2025
fileless virus
Dec 29, 2025
filesystem permissions
Dec 29, 2025
financial risk
Dec 29, 2025
cryptography goals
Dec 29, 2025
cryptography
Dec 29, 2025
cybersecurity objectives
Dec 29, 2025
cybersecurity professionals
Dec 29, 2025
cybersecurity risk categories
Dec 29, 2025
cybersecurity risk type impacts
Dec 29, 2025
cybersecurity risk types
Dec 29, 2025
cybersecurity risks
Dec 29, 2025
cybersecurity threat classifications
Dec 29, 2025
cybersecurity threats
Dec 29, 2025
cybersecurity
Dec 29, 2025
data breach risks
Dec 29, 2025
data encryption level
Dec 29, 2025
data encryption
Dec 29, 2025
data exfiltration
Dec 29, 2025
data loss prevention DLP
Dec 29, 2025
data loss prevention
Dec 29, 2025
data masking
Dec 29, 2025
data minimisation
Dec 29, 2025
data plane
Dec 29, 2025
data protection
Dec 29, 2025
data sovereignty
Dec 29, 2025
deception and disruption technology
Dec 29, 2025
decommissioning
Dec 29, 2025
defence-in-depth
Dec 29, 2025
denial
Dec 29, 2025
deny-listing
Dec 29, 2025
desired security state
Dec 29, 2025
detective security control type
definition
Dec 29, 2025
deterrent security control type
Dec 29, 2025
cloud controls matrix
Dec 29, 2025
cloud deployment models
Dec 29, 2025
cloud networking
Dec 29, 2025
cloud roles
Dec 29, 2025
cloud security architecture
Dec 29, 2025
cloud security issues
Dec 29, 2025
cloud storage resources
Dec 29, 2025
cloud
Dec 29, 2025
clustering
Dec 29, 2025
code injection attacks
Dec 29, 2025
code repositories
Dec 29, 2025
code reuse
Dec 29, 2025
code security
Dec 29, 2025
code signing
Dec 29, 2025
cold site
Dec 29, 2025
command injection attacks
Dec 29, 2025
compensating security control type
Dec 29, 2025
competitors
Dec 29, 2025
compliance risk
Dec 29, 2025
confidentiality score
Dec 29, 2025
confidentiality
Dec 29, 2025
configuration management tools
Dec 29, 2025
containerization
Dec 29, 2025
continuity of operations
Dec 29, 2025
control objectives
Dec 29, 2025
cookie stealing and manipulation
Dec 29, 2025
corrective security control type
Dec 29, 2025
creation and distribution of symmetric keys
Dec 29, 2025
cryptanalysis
Dec 29, 2025
cryptographic attacks
Dec 29, 2025
cryptographic tools
Dec 29, 2025
binding
Dec 29, 2025
biometric authentication
Dec 29, 2025
birthday attack
Dec 29, 2025
black hat hackers
Dec 29, 2025
blind content-based SQL injection
Dec 29, 2025
blind timing-based SQL injection
Dec 29, 2025
bloatware
Dec 29, 2025
block ciphers
Dec 29, 2025
block or deny lists
Dec 29, 2025
brand impersonation
Dec 29, 2025
breach impact types
Dec 29, 2025
brute-force
Dec 29, 2025
buffer overflow
Dec 29, 2025
business email compromise
Dec 29, 2025
capacity planning
Dec 29, 2025
certificate authorities
Dec 29, 2025
certificate enrolment
Dec 29, 2025
certificate formats
Dec 29, 2025
certificate pinning
Dec 29, 2025
certificate revocation
Dec 29, 2025
certificate stapling
Dec 29, 2025
certificate verification
Dec 29, 2025
certificates
Dec 29, 2025
changed scope
Dec 29, 2025
chosen plain text attack
Dec 29, 2025
ciphers
Dec 29, 2025
claims to identity
Dec 29, 2025
closed source intelligence
Dec 29, 2025
cloud access security brokers CASB
Dec 29, 2025
cloud backup considerations
Dec 29, 2025
application attacks
Dec 29, 2025
application firewalls
Dec 29, 2025
application resilience
Dec 29, 2025
application security controls
Dec 29, 2025
application security
Dec 29, 2025
application testing vulnerability scanners
Dec 29, 2025
application vulnerabilities
Dec 29, 2025
architecture and infrastructure concepts
Dec 29, 2025
architecture model considerations
Dec 29, 2025
artificial intelligence AI
Dec 29, 2025
assessing threat intelligence
Dec 29, 2025
asset management
Dec 29, 2025
assignment and accounting
Dec 29, 2025
asymmetric encryption
Dec 29, 2025
attack complexity score
Dec 29, 2025
attack complexity
Dec 29, 2025
attack surfaces
Dec 29, 2025
attack vector score
Dec 29, 2025
attacker motivations
Dec 29, 2025
attestation
Dec 29, 2025
attributes
Dec 29, 2025
authentication interoperability
Dec 29, 2025
authentication, authorization and accounting (AAA)
Dec 29, 2025
automation and orchestration
Dec 29, 2025
availability score
Dec 29, 2025
availability
Dec 29, 2025
backups
Dec 29, 2025
baselines
Dec 29, 2025
benefits of automation and scripting
Dec 29, 2025
Relying Party RP
Dec 29, 2025
Remote Dial-In User Service RADIUS
Dec 29, 2025
Reputational damage risk
Dec 29, 2025
Role-Based Access Control RBAC
Dec 29, 2025
Rule-Based Access Control RuBAC
Dec 29, 2025
SQL injections SQLI
Dec 29, 2025
SSL stripping
Dec 29, 2025
STIX
Dec 29, 2025
Security Assertions Markup Language SAML
Dec 29, 2025
Sensors
Dec 29, 2025
Server-Side Request Forgery SSRF
Dec 29, 2025
Single Sign-On SSO
Dec 29, 2025
Site considerations
Dec 29, 2025
TRUST Model
Dec 29, 2025
Terminal Access Controller Access Control System Plus TACACS+
Dec 29, 2025
To review
Dec 29, 2025
Uninterruptable Power Supply UPS
Dec 29, 2025
Untitled
Dec 29, 2025
XSS Cross (X) Site-Scripting
Dec 29, 2025
[buffer overflow
Dec 29, 2025
access control scheme
Dec 29, 2025
access control
Dec 29, 2025
access restrictions
Dec 29, 2025
account deprovisioning
Dec 29, 2025
account provisioning
Dec 29, 2025
accounts
Dec 29, 2025
agent-based DLP
Dec 29, 2025
agentless-DLP
Dec 29, 2025
allow-listing
Dec 29, 2025
allows lists
Dec 29, 2025
alteration
Dec 29, 2025
anti-malware
Dec 29, 2025
anti-virus
Dec 29, 2025
Challenge Handshake Authentication Protocol CHAP
Dec 29, 2025
Closed Circuit Television CCTV
Dec 29, 2025
Cross-Site Request Forgery XSRF
Dec 29, 2025
DAD triad
Dec 29, 2025
Discretionary Access Control DAC
Dec 29, 2025
Distinguished Encoding Rules DER format
Dec 29, 2025
Endpoint Detection and Response (EDR)
Dec 29, 2025
Extensible Authentication Protocol EAP
Dec 29, 2025
False Acceptance Rate FAR type 2 error
Dec 29, 2025
False Rate Rejection FFR type 1 error
Dec 29, 2025
Financial data breach risk
Dec 29, 2025
Hardware Security Modules HSM
Dec 29, 2025
Hash Message Authentication Code HMAC
Dec 29, 2025
ISACS
Dec 29, 2025
Identity Provider IdP
Dec 29, 2025
Identity and Access Management IAM
Dec 29, 2025
Internet Relay Chart (IRC)
Dec 29, 2025
Internet of things IoT
Dec 29, 2025
Kerberos instance
Dec 29, 2025
Kerberos primary
Dec 29, 2025
Kerberos realm
Dec 29, 2025
Kerberos
Dec 29, 2025
Lightweight Directory Access Protocol LDAP
Dec 29, 2025
Mandatory Access Control MAC
Dec 29, 2025
Multi-Factor Authentication MFA
Dec 29, 2025
OASIS
Dec 29, 2025
OSINT data sources
Dec 29, 2025
Online Certificate Status Protocol OCSP
Dec 29, 2025
Open Authorization OAuth
Dec 29, 2025
OpenID
Dec 29, 2025
Password vaulting
Dec 29, 2025
Privileged Access Management PAM
Dec 29, 2025
Receiver Operating Characteristic ROC
Dec 29, 2025
Recovery Point Objectives RPO
Dec 29, 2025
Recovery Time Objectives RTO
Dec 29, 2025
Redundant Array of Inexpensive Disks RAID
Dec 29, 2025
2.5 Explain the purpose of mitigation techniques used to secure the enterprise.
Dec 29, 2025
3.3 Compare and contrast concepts and strategies to protect data.
Dec 29, 2025
3.4 Explain the importance of resilience and recovery in security architecture
Dec 29, 2025
4.1 Given a scenario, apply common security techniques to computing resources.
Dec 29, 2025
4.2 Explain the security implications of proper hardware, software, and data asset management.
Dec 29, 2025
4.5 Given a scenario, modify enterprise capabilities to enhance security.
Dec 29, 2025
4.6 Given a scenario, implement and maintain identity and access management.
Dec 29, 2025
4.7 Explain the importance of automation and orchestration related to secure operations.
Dec 29, 2025
5.1 Summarize elements of effective security governance.
Dec 29, 2025
802.1X
Dec 29, 2025
API inspection
Dec 29, 2025
Access control vestibule
Dec 29, 2025
Attribute-Based Access Control ABAC
Dec 29, 2025
Authority
Dec 29, 2025
CIA triad
Dec 29, 2025
CVSS