My Certification Notes
Search
Search
Dark mode
Light mode
Explorer
Comptia Security+ Certification
1.0 General Security Concepts 12%
1.1 Compare and contrast various types of security controls.
1.2 Summarize fundamental security concepts.
1.4 Explain the importance of using appropriate cryptographic solutions.
2.0 Threats, Vulnerabilities, and Mitigations 22%
2.1 Compare and contrast common threat actors and motivations.
2.2 Explain common threat vectors and attack surfaces.
2.3 Explain various types of vulnerabilities.
2.4 Given a scenario, analyze indicators of malicious activity
3.0 Security Architecture 18%
3.1 Compare and contrast security implications of different architecture models.
3.3 Compare and contrast concepts and strategies to protect data.
4.0 Security Operations 28%
4.3 Explain various activities associated with vulnerability management.
4.4 Explain security alerting and monitoring concepts and tools.
4.8 Explain appropriate incident response activities.
5.0 Security Program Management and Oversight 20%
5.2 Explain elements of the risk management process.
5.3 Explain the processes associated with third-party risk assessment and management.
5.5 Explain types and purposes of audits and assessments.
Comptia Security+
Comptia Security+ Chapter 1
Comptia Security+ Chapter 1, Review 1
Comptia Security+ Chapter 1, Review 2
Comptia Security+ Chapter 2
Comptia Security+ Chapter 2, Review 1
Comptia Security+ Chapter 3
Comptia Security+ Chapter 4
Comptia Security+ Chapter 5
Comptia Security+ Chapter 6
Comptia Security+ Chapter 7
Comptia Security+ Chapter 8
Comptia Security+ Chapter 9
Comptia Security+ Chapter 10
Comptia Security+ Chapter 11
Comptia Security+ Exam
Comptia Security+ Plan
Comptia Security+ Pre-Assessment Reflection
Comptia Security+ study guide book
Review of content
Definitions
2.5 Explain the purpose of mitigation techniques used to secure the enterprise.
3.3 Compare and contrast concepts and strategies to protect data.
3.4 Explain the importance of resilience and recovery in security architecture
4.1 Given a scenario, apply common security techniques to computing resources.
4.2 Explain the security implications of proper hardware, software, and data asset management.
4.5 Given a scenario, modify enterprise capabilities to enhance security.
4.6 Given a scenario, implement and maintain identity and access management.
4.7 Explain the importance of automation and orchestration related to secure operations.
5.1 Summarize elements of effective security governance.
802.1X
access control
access control scheme
Access control vestibule
access restrictions
account deprovisioning
account provisioning
accounts
agent-based DLP
agent-based scans
agentless-DLP
allow-listing
allows lists
alteration
anti-malware
anti-virus
API inspection
application attacks
application firewalls
application resilience
application security
application security controls
application testing vulnerability scanners
application vulnerabilities
architecture and infrastructure concepts
architecture model considerations
artificial intelligence AI
assessing threat intelligence
asset inventory
asset management
assignment and accounting
asymmetric encryption
attack complexity
attack complexity score
attack surfaces
attack vector score
attacker motivations
attestation
Attribute-Based Access Control ABAC
attributes
authentication interoperability
authentication, authorization and accounting (AAA)
Authority
automation and orchestration
availability
availability score
backups
baselines
benefits of automation and scripting
binding
biometric authentication
birthday attack
black hat hackers
blind content-based SQL injection
blind timing-based SQL injection
bloatware
block ciphers
block or deny lists
brand impersonation
breach impact types
brute-force
buffer overflow
business email compromise
capacity planning
certificate authorities
certificate enrolment
certificate formats
certificate pinning
certificate revocation
certificate stapling
certificate verification
certificates
Challenge Handshake Authentication Protocol CHAP
changed scope
chosen plain text attack
CIA triad
ciphers
claims to identity
Closed Circuit Television CCTV
closed source intelligence
cloud
cloud access security brokers CASB
cloud backup considerations
cloud controls matrix
cloud deployment models
cloud networking
cloud roles
cloud security architecture
cloud security issues
cloud storage resources
clustering
code injection attacks
code repositories
code reuse
code security
code signing
cold site
command injection attacks
compensating security control type
competitors
compliance risk
confidentiality
confidentiality score
configuration management tools
containerization
continuity of operations
control objectives
cookie stealing and manipulation
corrective security control type
countermeasures
creation and distribution of symmetric keys
Cross-Site Request Forgery XSRF
cryptanalysis
cryptographic attacks
cryptographic tools
cryptography
cryptography goals
CVSS
cybersecurity
cybersecurity objectives
cybersecurity professionals
cybersecurity risk categories
cybersecurity risk type impacts
cybersecurity risk types
cybersecurity risks
cybersecurity threat classifications
cybersecurity threats
DAD triad
data breach risks
data encryption
data encryption level
data exfiltration
data loss prevention
data loss prevention DLP
data masking
data minimisation
data plane
data protection
data sovereignty
deception and disruption technology
decommissioning
defence-in-depth
denial
deny-listing
desired security state
detective security control type
deterrent security control type
devops
devsecops
dictionary attacks
digital rights management (DRM)
digital signature
directive security control type
directory traversal attack
disclosure
Discretionary Access Control DAC
disinformation
Distinguished Encoding Rules DER format
downgrade attack
dynamic testing vulnerability scan
elasticity
embedded systems
Endpoint Detection and Response (EDR)
endpoint protection
environmental attacks
error handling best practices
escalation
espionage
exploitability
exploitability score
extended detection and response XDR
Extensible Authentication Protocol EAP
external audit and assessments
facial recognition
False Acceptance Rate FAR type 2 error
False Rate Rejection FFR type 1 error
federation
file inclusion attack
fileless virus
filesystem permissions
Financial data breach risk
financial risk
fine-tune security controls
fingerprint scan
firmware
frequency analysis
fuzzing
gait analysis
gap analysis
general data considerations
geographic access restriction
geolocation
governance and auditing of third-party vendors
grey hat hackers
guard rails
hackers hats
hacktivists
handling secrets
hardening cloud infrastructure
hardening targets
hardening techniques
hardware root of trust
Hardware Security Modules HSM
hardware vulnerabilities
hash
Hash Message Authentication Code HMAC
heuristic
host-based intrusion prevention system HIPS
hot site
human vectors
human vectors and social engineering
hypervisor
identification methods
Identity and Access Management IAM
identity proofing
Identity Provider IdP
impact
impact score
impact sub-score
impersonation
industrial control systems ICS
infrastructure capacity planning
injection attacks
injection vulnerabilities
input validation
insecure direct object references
insider threats
integrity
integrity score
interactive testing vulnerability scan
internal audit or assessment
Internet of things IoT
Internet Relay Chart (IRC)
inventory enumeration
iris recognition
ISACS
isolation
journaling
Kerberos
Kerberos instance
Kerberos primary
Kerberos realm
key escrow
key exchange
key stretching
keyloggers
Lightweight Directory Access Protocol LDAP
live-boot media
load balancing
logic bomb
malinformation
malware
malware types
managerial security control category
Mandatory Access Control MAC
measured boot
memory leak
memory management best practices
message-based threat vectors
methods to secure data
misinformation
Multi-Factor Authentication MFA
multipath
nation-state attackers
nearline backups
network based vulnerability scans
network hardening
non-persistance
non-repudiation
OASIS
obfuscation
Online Certificate Status Protocol OCSP
Open Authorization OAuth
open worldwide application security project OWASP
OpenID
operating system hardening
operating system vulnerabilities
operational risk
operational security control category
organised crime
OSINT data sources
other considerations of automation and scripting
package monitoring
parallel processing
parameterized queries
partial redactions
password attacks
password guidelines
password spraying
Password vaulting
password vulnerabilities
PCI DSS
penetration testing
penetration testing environments
people capacity planning
permission access restriction
permissions management
phishing
physical attack
physical security control category
pointer dereferencing
policies
policy engine
power
pretexting
preventive security control type
principle of least access
privilege escalation attack
Privileged Access Management PAM
privileges required score
proprietary closed source intelligence
protecting endpoints
protection of power
proving hacking ability
public cloud
public key infrastructure PKI
race conditions
rainbow table attack
ransomware
Receiver Operating Characteristic ROC
Recovery Point Objectives RPO
Recovery Time Objectives RTO
redundancy
Redundant Array of Inexpensive Disks RAID
redundant network devices
registration authorities
related key attack
Relying Party RP
Remote Dial-In User Service RADIUS
replay attack
replication
reporting on vulnerabilities
Reputational damage risk
reputational risk
request forgery
resource exhaustion
responsibility matrix
restoration to last-known good configuration
retina scan
risk identification
Role-Based Access Control RBAC
rootkit
Rule-Based Access Control RuBAC
sandboxing
scalability
scan perspectives
SCAP
sealing
secretes management
secure boot
secure coding practices
secure cookies
secure web gateways SWG
securing APIs
Security Assertions Markup Language SAML
security cameras
security control baselines
security control categories
security control types
security controls
security enclave
security tools
segmentation
Sensors
Server-Side Request Forgery SSRF
session attacks
session replay attack
shadow IT
signature based detection
simulation
Single Sign-On SSO
Site considerations
site resilience
smishing
social engineering key principles
social engineering techniques
software development lifecycle SDLC
software diversity
something you are authentication
something you have authentication
something you know
something you know authentication
somewhere you are authentication
source code comments best practices
spyware
SQL injections SQLI
SSL stripping
standardized security languages
static code analysis
steganography
STIX
storage and destruction of symmetric keys
stored or persistent XSS
strategic risk
stream ciphers
supervisory control and data acquisition SCADA
symmetric encryption
symmetric encryption management
system and process audit
tabletop exercises
target of evaluation TOE
technical security control category
technology capacity planning
Terminal Access Controller Access Control System Plus TACACS+
testing
testing resilience and recovery control designs
threat actor attributes
threat actor motivations
threat actor types
threat actors
threat confidence score
threat data and intelligence systems
threat feed
threat indicator exchange
threat indicator management
threat intelligence
threat maps
threat vectors
time-of-check TOC
time-of-use TOU
To review
tokenization
traits
trojans
TRUST Model
trusted platform module TPM
typosquatting
unchanged scope
unified extensible firmware interface UEFI
Uninterruptable Power Supply UPS
unskilled attackers
Untitled
unvalidated redirects
use cases of automation and scripting
user interaction score
user provisioning
validation of vulnerability remediation
virtual private cloud VPC
virtualisation
virtualisation security
virtualisation vulnerabilities
virus
virus variates
vishing
vulnerability analysis
vulnerability database
vulnerability management
vulnerability response and remediation
vulnerability scan configuration
vulnerability scan frequency
vulnerability scanners
vulnerability scans
vulnerable software
warm site
watering hole attack
web application scanner
web-based vulnerabilities
when malware runs
white hat hackers
why threat actors are categorized
wired network as a threat vector
worms
XSS Cross (X) Site-Scripting
zero trust
Templates
0. Default
Definition Template
Study Chapter Template
Test Reflection Template
Home
❯
Definitions
Folder: Definitions
473 items under this folder.
Feb 08, 2026
vulnerability scan configuration
Feb 08, 2026
vulnerability scan frequency
Feb 08, 2026
vulnerability scanners
Feb 08, 2026
vulnerability scans
Feb 08, 2026
vulnerable software
Feb 08, 2026
warm site
Feb 08, 2026
watering hole attack
Feb 08, 2026
web application scanner
Feb 08, 2026
web-based vulnerabilities
Feb 08, 2026
when malware runs
Feb 08, 2026
white hat hackers
Feb 08, 2026
why threat actors are categorized
concept
Feb 08, 2026
wired network as a threat vector
Feb 08, 2026
worms
Feb 08, 2026
zero trust
Feb 08, 2026
threat maps
Feb 08, 2026
threat vectors
Feb 08, 2026
time-of-check TOC
Feb 08, 2026
time-of-use TOU
Feb 08, 2026
tokenization
Feb 08, 2026
traits
Feb 08, 2026
trojans
Feb 08, 2026
trusted platform module TPM
Feb 08, 2026
typosquatting
Feb 08, 2026
unchanged scope
Feb 08, 2026
unified extensible firmware interface UEFI
Feb 08, 2026
unskilled attackers
Feb 08, 2026
unvalidated redirects
Feb 08, 2026
use cases of automation and scripting
Feb 08, 2026
user interaction score
Feb 08, 2026
user provisioning
Feb 08, 2026
validation of vulnerability remediation
Feb 08, 2026
virtual private cloud VPC
Feb 08, 2026
virtualisation security
Feb 08, 2026
virtualisation vulnerabilities
Feb 08, 2026
virtualisation
Feb 08, 2026
virus variates
Feb 08, 2026
virus
Feb 08, 2026
vishing
Feb 08, 2026
vulnerability analysis
Feb 08, 2026
vulnerability database
Feb 08, 2026
vulnerability management
Feb 08, 2026
vulnerability response and remediation
Feb 08, 2026
source code comments best practices
Feb 08, 2026
spyware
Feb 08, 2026
standardized security languages
Feb 08, 2026
static code analysis
Feb 08, 2026
steganography
Feb 08, 2026
storage and destruction of symmetric keys
Feb 08, 2026
stored or persistent XSS
Feb 08, 2026
strategic risk
Feb 08, 2026
stream ciphers
Feb 08, 2026
supervisory control and data acquisition SCADA
Feb 08, 2026
symmetric encryption management
Feb 08, 2026
symmetric encryption
Feb 08, 2026
system and process audit
Feb 08, 2026
tabletop exercises
Feb 08, 2026
target of evaluation TOE
Feb 08, 2026
technical security control category
Feb 08, 2026
technology capacity planning
Feb 08, 2026
testing resilience and recovery control designs
Feb 08, 2026
testing
Feb 08, 2026
threat actor attributes
Feb 08, 2026
threat actor motivations
Feb 08, 2026
threat actor types
Feb 08, 2026
threat actors
Feb 08, 2026
threat confidence score
Feb 08, 2026
threat data and intelligence systems
Feb 08, 2026
threat feed
Feb 08, 2026
threat indicator exchange
Feb 08, 2026
threat indicator management
Feb 08, 2026
threat intelligence
Feb 08, 2026
secretes management
Feb 08, 2026
secure boot
Feb 08, 2026
secure coding practices
Feb 08, 2026
secure cookies
Feb 08, 2026
secure web gateways SWG
Feb 08, 2026
securing APIs
Feb 08, 2026
security cameras
Feb 08, 2026
security control baselines
Feb 08, 2026
security control categories
Feb 08, 2026
security control types
Feb 08, 2026
security controls
Feb 08, 2026
security enclave
Feb 08, 2026
security tools
Feb 08, 2026
segmentation
Feb 08, 2026
session attacks
Feb 08, 2026
session replay attack
Feb 08, 2026
shadow IT
Feb 08, 2026
signature based detection
Feb 08, 2026
simulation
Feb 08, 2026
site resilience
Feb 08, 2026
smishing
Feb 08, 2026
social engineering key principles
Feb 08, 2026
social engineering techniques
Feb 08, 2026
software development lifecycle SDLC
Feb 08, 2026
software diversity
Feb 08, 2026
something you are authentication
Feb 08, 2026
something you have authentication
Feb 08, 2026
something you know authentication
Feb 08, 2026
something you know
Feb 08, 2026
somewhere you are authentication
Feb 08, 2026
privilege escalation attack
Feb 08, 2026
privileges required score
Feb 08, 2026
proprietary closed source intelligence
Feb 08, 2026
protecting endpoints
important
Feb 08, 2026
protection of power
Feb 08, 2026
proving hacking ability
Feb 08, 2026
public cloud
Feb 08, 2026
public key infrastructure PKI
Feb 08, 2026
race conditions
Feb 08, 2026
rainbow table attack
Feb 08, 2026
ransomware
Feb 08, 2026
redundancy
Feb 08, 2026
redundant network devices
Feb 08, 2026
registration authorities
Feb 08, 2026
related key attack
Feb 08, 2026
replay attack
Feb 08, 2026
replication
Feb 08, 2026
reporting on vulnerabilities
Feb 08, 2026
reputational risk
Feb 08, 2026
request forgery
Feb 08, 2026
resource exhaustion
Feb 08, 2026
responsibility matrix
important
Feb 08, 2026
restoration to last-known good configuration
Feb 08, 2026
retina scan
Feb 08, 2026
risk identification
Feb 08, 2026
rootkit
Feb 08, 2026
sandboxing
Feb 08, 2026
scalability
Feb 08, 2026
scan perspectives
Feb 08, 2026
sealing
Feb 08, 2026
obfuscation
Feb 08, 2026
open worldwide application security project OWASP
Feb 08, 2026
operating system hardening
Feb 08, 2026
operating system vulnerabilities
important
Feb 08, 2026
operational risk
Feb 08, 2026
operational security control category
Feb 08, 2026
organised crime
Feb 08, 2026
other considerations of automation and scripting
Feb 08, 2026
package monitoring
Feb 08, 2026
parallel processing
Feb 08, 2026
parameterized queries
Feb 08, 2026
partial redactions
Feb 08, 2026
password attacks
Feb 08, 2026
password guidelines
Feb 08, 2026
password spraying
Feb 08, 2026
password vulnerabilities
Feb 08, 2026
penetration testing environments
Feb 08, 2026
penetration testing
Feb 08, 2026
people capacity planning
Feb 08, 2026
permission access restriction
Feb 08, 2026
permissions management
Feb 08, 2026
phishing
Feb 08, 2026
physical attack
Feb 08, 2026
physical security control category
Feb 08, 2026
pointer dereferencing
Feb 08, 2026
policies
Feb 08, 2026
policy engine
Feb 08, 2026
power
Feb 08, 2026
pretexting
Feb 08, 2026
preventive security control type
Feb 08, 2026
principle of least access
Feb 08, 2026
interactive testing vulnerability scan
Feb 08, 2026
internal audit or assessment
Feb 08, 2026
inventory enumeration
Feb 08, 2026
iris recognition
Feb 08, 2026
isolation
Feb 08, 2026
journaling
Feb 08, 2026
key escrow
Feb 08, 2026
key exchange
Feb 08, 2026
key stretching
Feb 08, 2026
keyloggers
Feb 08, 2026
live-boot media
Feb 08, 2026
load balancing
Feb 08, 2026
logic bomb
Feb 08, 2026
malinformation
Feb 08, 2026
malware types
Feb 08, 2026
malware
Feb 08, 2026
managerial security control category
Feb 08, 2026
measured boot
Feb 08, 2026
memory leak
Feb 08, 2026
memory management best practices
Feb 08, 2026
message-based threat vectors
Feb 08, 2026
methods to secure data
Feb 08, 2026
misinformation
Feb 08, 2026
multipath
Feb 08, 2026
nation-state attackers
Feb 08, 2026
nearline backups
Feb 08, 2026
network based vulnerability scans
Feb 08, 2026
network hardening
Feb 08, 2026
non-persistance
Feb 08, 2026
non-repudiation
Feb 08, 2026
grey hat hackers
Feb 08, 2026
guard rails
Feb 08, 2026
hackers hats
Feb 08, 2026
hacktivists
definition
Feb 08, 2026
handling secrets
Feb 08, 2026
hardening cloud infrastructure
Feb 08, 2026
hardening targets
Feb 08, 2026
hardening techniques
Feb 08, 2026
hardware root of trust
Feb 08, 2026
hardware vulnerabilities
important
Feb 08, 2026
hash
Feb 08, 2026
heuristic
Feb 08, 2026
host-based intrusion prevention system HIPS
Feb 08, 2026
hot site
Feb 08, 2026
human vectors and social engineering
Feb 08, 2026
human vectors
Feb 08, 2026
hypervisor
Feb 08, 2026
identification methods
Feb 08, 2026
identity proofing
Feb 08, 2026
impact score
Feb 08, 2026
impact sub-score
Feb 08, 2026
impact
Feb 08, 2026
impersonation
Feb 08, 2026
industrial control systems ICS
Feb 08, 2026
infrastructure capacity planning
Feb 08, 2026
injection attacks
Feb 08, 2026
injection vulnerabilities
Feb 08, 2026
input validation
Feb 08, 2026
insecure direct object references
Feb 08, 2026
insider threats
Feb 08, 2026
integrity score
Feb 08, 2026
integrity
Feb 08, 2026
elasticity
Feb 08, 2026
embedded systems
Feb 08, 2026
endpoint protection
Feb 08, 2026
environmental attacks
Feb 08, 2026
error handling best practices
Feb 08, 2026
escalation
Feb 08, 2026
espionage
Feb 08, 2026
exploitability score
Feb 08, 2026
exploitability
Feb 08, 2026
extended detection and response XDR
Feb 08, 2026
external audit and assessments
Feb 08, 2026
facial recognition
Feb 08, 2026
federation
Feb 08, 2026
file inclusion attack
Feb 08, 2026
fileless virus
Feb 08, 2026
filesystem permissions
Feb 08, 2026
financial risk
Feb 08, 2026
fine-tune security controls
Feb 08, 2026
fingerprint scan
Feb 08, 2026
firmware
Feb 08, 2026
frequency analysis
Feb 08, 2026
fuzzing
Feb 08, 2026
gait analysis
Feb 08, 2026
gap analysis
Feb 08, 2026
general data considerations
Feb 08, 2026
geographic access restriction
Feb 08, 2026
geolocation
Feb 08, 2026
governance and auditing of third-party vendors
Feb 08, 2026
data encryption level
Feb 08, 2026
data encryption
Feb 08, 2026
data exfiltration
Feb 08, 2026
data loss prevention DLP
Feb 08, 2026
data loss prevention
Feb 08, 2026
data masking
Feb 08, 2026
data minimisation
Feb 08, 2026
data plane
Feb 08, 2026
data protection
Feb 08, 2026
data sovereignty
Feb 08, 2026
deception and disruption technology
Feb 08, 2026
decommissioning
Feb 08, 2026
defence-in-depth
Feb 08, 2026
denial
Feb 08, 2026
deny-listing
Feb 08, 2026
desired security state
Feb 08, 2026
detective security control type
definition
Feb 08, 2026
deterrent security control type
Feb 08, 2026
devops
Feb 08, 2026
devsecops
Feb 08, 2026
dictionary attacks
Feb 08, 2026
digital rights management (DRM)
Feb 08, 2026
digital signature
Feb 08, 2026
directive security control type
Feb 08, 2026
directory traversal attack
Feb 08, 2026
disclosure
Feb 08, 2026
disinformation
Feb 08, 2026
downgrade attack
Feb 08, 2026
dynamic testing vulnerability scan
Feb 08, 2026
cold site
Feb 08, 2026
command injection attacks
Feb 08, 2026
compensating security control type
Feb 08, 2026
competitors
Feb 08, 2026
compliance risk
Feb 08, 2026
confidentiality score
Feb 08, 2026
confidentiality
Feb 08, 2026
configuration management tools
Feb 08, 2026
containerization
Feb 08, 2026
continuity of operations
Feb 08, 2026
control objectives
Feb 08, 2026
cookie stealing and manipulation
Feb 08, 2026
corrective security control type
Feb 08, 2026
countermeasures
Feb 08, 2026
creation and distribution of symmetric keys
Feb 08, 2026
cryptanalysis
Feb 08, 2026
cryptographic attacks
Feb 08, 2026
cryptographic tools
Feb 08, 2026
cryptography goals
Feb 08, 2026
cryptography
Feb 08, 2026
cybersecurity objectives
Feb 08, 2026
cybersecurity professionals
Feb 08, 2026
cybersecurity risk categories
Feb 08, 2026
cybersecurity risk type impacts
Feb 08, 2026
cybersecurity risk types
Feb 08, 2026
cybersecurity risks
Feb 08, 2026
cybersecurity threat classifications
Feb 08, 2026
cybersecurity threats
Feb 08, 2026
cybersecurity
Feb 08, 2026
data breach risks
Feb 08, 2026
business email compromise
Feb 08, 2026
capacity planning
Feb 08, 2026
certificate authorities
Feb 08, 2026
certificate enrolment
Feb 08, 2026
certificate formats
Feb 08, 2026
certificate pinning
Feb 08, 2026
certificate revocation
Feb 08, 2026
certificate stapling
Feb 08, 2026
certificate verification
Feb 08, 2026
certificates
Feb 08, 2026
changed scope
Feb 08, 2026
chosen plain text attack
Feb 08, 2026
ciphers
Feb 08, 2026
claims to identity
Feb 08, 2026
closed source intelligence
Feb 08, 2026
cloud access security brokers CASB
Feb 08, 2026
cloud backup considerations
Feb 08, 2026
cloud controls matrix
Feb 08, 2026
cloud deployment models
Feb 08, 2026
cloud networking
Feb 08, 2026
cloud roles
Feb 08, 2026
cloud security architecture
Feb 08, 2026
cloud security issues
Feb 08, 2026
cloud storage resources
Feb 08, 2026
cloud
Feb 08, 2026
clustering
Feb 08, 2026
code injection attacks
Feb 08, 2026
code repositories
Feb 08, 2026
code reuse
Feb 08, 2026
code security
Feb 08, 2026
code signing
Feb 08, 2026
assignment and accounting
Feb 08, 2026
asymmetric encryption
Feb 08, 2026
attack complexity score
Feb 08, 2026
attack complexity
Feb 08, 2026
attack surfaces
Feb 08, 2026
attack vector score
Feb 08, 2026
attacker motivations
Feb 08, 2026
attestation
Feb 08, 2026
attributes
Feb 08, 2026
authentication interoperability
Feb 08, 2026
authentication, authorization and accounting (AAA)
Feb 08, 2026
automation and orchestration
Feb 08, 2026
availability score
Feb 08, 2026
availability
Feb 08, 2026
backups
Feb 08, 2026
baselines
Feb 08, 2026
benefits of automation and scripting
Feb 08, 2026
binding
Feb 08, 2026
biometric authentication
Feb 08, 2026
birthday attack
Feb 08, 2026
black hat hackers
Feb 08, 2026
blind content-based SQL injection
Feb 08, 2026
blind timing-based SQL injection
Feb 08, 2026
bloatware
Feb 08, 2026
block ciphers
Feb 08, 2026
block or deny lists
Feb 08, 2026
brand impersonation
Feb 08, 2026
breach impact types
Feb 08, 2026
brute-force
Feb 08, 2026
buffer overflow
Feb 08, 2026
Terminal Access Controller Access Control System Plus TACACS+
Feb 08, 2026
To review
Feb 08, 2026
Uninterruptable Power Supply UPS
Feb 08, 2026
Untitled
Feb 08, 2026
XSS Cross (X) Site-Scripting
Feb 08, 2026
access control scheme
Feb 08, 2026
access control
Feb 08, 2026
access restrictions
Feb 08, 2026
account deprovisioning
Feb 08, 2026
account provisioning
Feb 08, 2026
accounts
Feb 08, 2026
agent-based DLP
Feb 08, 2026
agent-based scans
Feb 08, 2026
agentless-DLP
Feb 08, 2026
allow-listing
Feb 08, 2026
allows lists
Feb 08, 2026
alteration
Feb 08, 2026
anti-malware
Feb 08, 2026
anti-virus
Feb 08, 2026
application attacks
Feb 08, 2026
application firewalls
Feb 08, 2026
application resilience
Feb 08, 2026
application security controls
Feb 08, 2026
application security
Feb 08, 2026
application testing vulnerability scanners
Feb 08, 2026
application vulnerabilities
Feb 08, 2026
architecture and infrastructure concepts
Feb 08, 2026
architecture model considerations
Feb 08, 2026
artificial intelligence AI
Feb 08, 2026
assessing threat intelligence
Feb 08, 2026
asset inventory
Feb 08, 2026
asset management
Feb 08, 2026
OSINT data sources
Feb 08, 2026
Online Certificate Status Protocol OCSP
Feb 08, 2026
Open Authorization OAuth
Feb 08, 2026
OpenID
Feb 08, 2026
PCI DSS
Feb 08, 2026
Password vaulting
Feb 08, 2026
Privileged Access Management PAM
Feb 08, 2026
Receiver Operating Characteristic ROC
Feb 08, 2026
Recovery Point Objectives RPO
Feb 08, 2026
Recovery Time Objectives RTO
Feb 08, 2026
Redundant Array of Inexpensive Disks RAID
Feb 08, 2026
Relying Party RP
Feb 08, 2026
Remote Dial-In User Service RADIUS
Feb 08, 2026
Reputational damage risk
Feb 08, 2026
Role-Based Access Control RBAC
Feb 08, 2026
Rule-Based Access Control RuBAC
Feb 08, 2026
SCAP
Feb 08, 2026
SQL injections SQLI
Feb 08, 2026
SSL stripping
Feb 08, 2026
STIX
Feb 08, 2026
Security Assertions Markup Language SAML
Feb 08, 2026
Sensors
Feb 08, 2026
Server-Side Request Forgery SSRF
Feb 08, 2026
Single Sign-On SSO
Feb 08, 2026
Site considerations
Feb 08, 2026
TRUST Model
Feb 08, 2026
4.5 Given a scenario, modify enterprise capabilities to enhance security.
Feb 08, 2026
4.6 Given a scenario, implement and maintain identity and access management.
Feb 08, 2026
4.7 Explain the importance of automation and orchestration related to secure operations.
Feb 08, 2026
5.1 Summarize elements of effective security governance.
Feb 08, 2026
802.1X
Feb 08, 2026
API inspection
Feb 08, 2026
Access control vestibule
Feb 08, 2026
Attribute-Based Access Control ABAC
Feb 08, 2026
Authority
Feb 08, 2026
CIA triad
Feb 08, 2026
CVSS
Feb 08, 2026
Challenge Handshake Authentication Protocol CHAP
Feb 08, 2026
Closed Circuit Television CCTV
Feb 08, 2026
Cross-Site Request Forgery XSRF
Feb 08, 2026
DAD triad
Feb 08, 2026
Discretionary Access Control DAC
Feb 08, 2026
Distinguished Encoding Rules DER format
Feb 08, 2026
Endpoint Detection and Response (EDR)
Feb 08, 2026
Extensible Authentication Protocol EAP
Feb 08, 2026
False Acceptance Rate FAR type 2 error
Feb 08, 2026
False Rate Rejection FFR type 1 error
Feb 08, 2026
Financial data breach risk
Feb 08, 2026
Hardware Security Modules HSM
Feb 08, 2026
Hash Message Authentication Code HMAC
Feb 08, 2026
ISACS
Feb 08, 2026
Identity Provider IdP
Feb 08, 2026
Identity and Access Management IAM
Feb 08, 2026
Internet Relay Chart (IRC)
Feb 08, 2026
Internet of things IoT
Feb 08, 2026
Kerberos instance
Feb 08, 2026
Kerberos primary
Feb 08, 2026
Kerberos realm
Feb 08, 2026
Kerberos
Feb 08, 2026
Lightweight Directory Access Protocol LDAP
Feb 08, 2026
Mandatory Access Control MAC
Feb 08, 2026
Multi-Factor Authentication MFA
Feb 08, 2026
OASIS
Feb 08, 2026
2.5 Explain the purpose of mitigation techniques used to secure the enterprise.
Feb 08, 2026
3.3 Compare and contrast concepts and strategies to protect data.
Feb 08, 2026
3.4 Explain the importance of resilience and recovery in security architecture
Feb 08, 2026
4.1 Given a scenario, apply common security techniques to computing resources.
Feb 08, 2026
4.2 Explain the security implications of proper hardware, software, and data asset management.