My Certification Notes
Search
Search
Dark mode
Light mode
Explorer
Home
❯
Definitions
Folder: Definitions
455 items under this folder.
Mar 08, 2026
4.2 Explain the security implications of proper hardware, software, and data asset management.
Mar 08, 2026
Endpoint Detection and Response (EDR)
Mar 08, 2026
Internet of things IoT
Mar 08, 2026
To review
Mar 08, 2026
allows lists
Mar 08, 2026
anti-malware
Mar 08, 2026
asset management
Mar 08, 2026
block or deny lists
Mar 08, 2026
configuration management tools
Mar 08, 2026
data loss prevention DLP
Mar 08, 2026
embedded systems
Mar 08, 2026
endpoint protection
Mar 08, 2026
extended detection and response XDR
Mar 08, 2026
hardening techniques
Mar 08, 2026
host-based intrusion prevention system HIPS
Mar 08, 2026
industrial control systems ICS
Mar 08, 2026
inventory enumeration
Mar 08, 2026
network hardening
Mar 08, 2026
operating system hardening
Mar 08, 2026
protecting endpoints
important
Mar 08, 2026
supervisory control and data acquisition SCADA
Mar 08, 2026
2.5 Explain the purpose of mitigation techniques used to secure the enterprise.
Mar 08, 2026
3.3 Compare and contrast concepts and strategies to protect data.
Mar 08, 2026
4.1 Given a scenario, apply common security techniques to computing resources.
Mar 08, 2026
4.5 Given a scenario, modify enterprise capabilities to enhance security.
Mar 08, 2026
API inspection
Mar 08, 2026
agent-based DLP
Mar 08, 2026
agentless-DLP
Mar 08, 2026
anti-virus
Mar 08, 2026
architecture and infrastructure concepts
Mar 08, 2026
artificial intelligence AI
Mar 08, 2026
assignment and accounting
Mar 08, 2026
baselines
Mar 08, 2026
binding
Mar 08, 2026
cloud access security brokers CASB
Mar 08, 2026
cloud controls matrix
Mar 08, 2026
cloud deployment models
Mar 08, 2026
cloud networking
Mar 08, 2026
cloud roles
Mar 08, 2026
cloud security architecture
Mar 08, 2026
cloud security issues
Mar 08, 2026
cloud storage resources
Mar 08, 2026
cloud
Mar 08, 2026
containerization
Mar 08, 2026
cryptographic tools
Mar 08, 2026
data protection
Mar 08, 2026
decommissioning
Mar 08, 2026
devops
Mar 08, 2026
elasticity
Mar 08, 2026
firmware
Mar 08, 2026
general data considerations
Mar 08, 2026
governance and auditing of third-party vendors
Mar 08, 2026
hardening cloud infrastructure
Mar 08, 2026
hardening targets
Mar 08, 2026
hardware root of trust
Mar 08, 2026
hardware vulnerabilities
important
Mar 08, 2026
heuristic
Mar 08, 2026
hypervisor
Mar 08, 2026
measured boot
Mar 08, 2026
operating system vulnerabilities
important
Mar 08, 2026
public cloud
Mar 08, 2026
responsibility matrix
important
Mar 08, 2026
sealing
Mar 08, 2026
secretes management
Mar 08, 2026
secure boot
Mar 08, 2026
secure web gateways SWG
Mar 08, 2026
security enclave
Mar 08, 2026
security tools
Mar 08, 2026
signature based detection
Mar 08, 2026
trusted platform module TPM
Mar 08, 2026
unified extensible firmware interface UEFI
Mar 08, 2026
virtual private cloud VPC
Mar 08, 2026
virtualisation security
Mar 08, 2026
virtualisation vulnerabilities
Mar 08, 2026
virtualisation
Mar 08, 2026
3.4 Explain the importance of resilience and recovery in security architecture
Mar 08, 2026
Access control vestibule
Mar 08, 2026
Closed Circuit Television CCTV
Mar 08, 2026
Recovery Point Objectives RPO
Mar 08, 2026
Recovery Time Objectives RTO
Mar 08, 2026
Sensors
Mar 08, 2026
Uninterruptable Power Supply UPS
Mar 08, 2026
capacity planning
Mar 08, 2026
clustering
Mar 08, 2026
cold site
Mar 08, 2026
environmental attacks
Mar 08, 2026
hot site
Mar 08, 2026
infrastructure capacity planning
Mar 08, 2026
load balancing
Mar 08, 2026
non-persistance
Mar 08, 2026
parallel processing
Mar 08, 2026
people capacity planning
Mar 08, 2026
physical attack
Mar 08, 2026
restoration to last-known good configuration
Mar 08, 2026
scalability
Mar 08, 2026
security cameras
Mar 08, 2026
simulation
Mar 08, 2026
site resilience
Mar 08, 2026
tabletop exercises
Mar 08, 2026
technology capacity planning
Mar 08, 2026
testing resilience and recovery control designs
Mar 08, 2026
warm site
Mar 08, 2026
4.6 Given a scenario, implement and maintain identity and access management.
Mar 08, 2026
Attribute-Based Access Control ABAC
Mar 08, 2026
Discretionary Access Control DAC
Mar 08, 2026
False Acceptance Rate FAR type 2 error
Mar 08, 2026
False Rate Rejection FFR type 1 error
Mar 08, 2026
Identity and Access Management IAM
Mar 08, 2026
Mandatory Access Control MAC
Mar 08, 2026
Multi-Factor Authentication MFA
Mar 08, 2026
Open Authorization OAuth
Mar 08, 2026
Password vaulting
Mar 08, 2026
Privileged Access Management PAM
Mar 08, 2026
Receiver Operating Characteristic ROC
Mar 08, 2026
Redundant Array of Inexpensive Disks RAID
Mar 08, 2026
Relying Party RP
Mar 08, 2026
Role-Based Access Control RBAC
Mar 08, 2026
Rule-Based Access Control RuBAC
Mar 08, 2026
Single Sign-On SSO
Mar 08, 2026
Site considerations
Mar 08, 2026
access control scheme
Mar 08, 2026
access control
Mar 08, 2026
account deprovisioning
Mar 08, 2026
account provisioning
Mar 08, 2026
accounts
Mar 08, 2026
architecture model considerations
Mar 08, 2026
attestation
Mar 08, 2026
authentication interoperability
Mar 08, 2026
backups
Mar 08, 2026
biometric authentication
Mar 08, 2026
cloud backup considerations
Mar 08, 2026
continuity of operations
Mar 08, 2026
facial recognition
Mar 08, 2026
federation
Mar 08, 2026
filesystem permissions
Mar 08, 2026
fingerprint scan
Mar 08, 2026
gait analysis
Mar 08, 2026
identity proofing
Mar 08, 2026
iris recognition
Mar 08, 2026
journaling
Mar 08, 2026
live-boot media
Mar 08, 2026
multipath
Mar 08, 2026
nearline backups
Mar 08, 2026
password guidelines
Mar 08, 2026
permissions management
Mar 08, 2026
physical security control category
Mar 08, 2026
power
Mar 08, 2026
principle of least access
Mar 08, 2026
protection of power
Mar 08, 2026
redundancy
Mar 08, 2026
redundant network devices
Mar 08, 2026
replication
Mar 08, 2026
retina scan
Mar 08, 2026
something you are authentication
Mar 08, 2026
something you have authentication
Mar 08, 2026
something you know authentication
Mar 08, 2026
something you know
Mar 08, 2026
somewhere you are authentication
Mar 08, 2026
testing
Mar 08, 2026
802.1X
Mar 08, 2026
Challenge Handshake Authentication Protocol CHAP
Mar 08, 2026
Distinguished Encoding Rules DER format
Mar 08, 2026
Extensible Authentication Protocol EAP
Mar 08, 2026
Hardware Security Modules HSM
Mar 08, 2026
Hash Message Authentication Code HMAC
Mar 08, 2026
Identity Provider IdP
Mar 08, 2026
Kerberos instance
Mar 08, 2026
Kerberos primary
Mar 08, 2026
Kerberos realm
Mar 08, 2026
Kerberos
Mar 08, 2026
Lightweight Directory Access Protocol LDAP
Mar 08, 2026
Online Certificate Status Protocol OCSP
Mar 08, 2026
OpenID
Mar 08, 2026
Remote Dial-In User Service RADIUS
Mar 08, 2026
SSL stripping
Mar 08, 2026
Security Assertions Markup Language SAML
Mar 08, 2026
Terminal Access Controller Access Control System Plus TACACS+
Mar 08, 2026
attributes
Mar 08, 2026
birthday attack
Mar 08, 2026
certificate authorities
Mar 08, 2026
certificate enrolment
Mar 08, 2026
certificate formats
Mar 08, 2026
certificate pinning
Mar 08, 2026
certificate revocation
Mar 08, 2026
certificate stapling
Mar 08, 2026
certificate verification
Mar 08, 2026
certificates
Mar 08, 2026
chosen plain text attack
Mar 08, 2026
claims to identity
Mar 08, 2026
cryptographic attacks
Mar 08, 2026
digital signature
Mar 08, 2026
downgrade attack
Mar 08, 2026
frequency analysis
Mar 08, 2026
hash
Mar 08, 2026
key escrow
Mar 08, 2026
key exchange
Mar 08, 2026
key stretching
Mar 08, 2026
public key infrastructure PKI
Mar 08, 2026
rainbow table attack
Mar 08, 2026
registration authorities
Mar 08, 2026
related key attack
Mar 08, 2026
traits
Mar 08, 2026
user provisioning
Mar 08, 2026
4.7 Explain the importance of automation and orchestration related to secure operations.
Mar 08, 2026
Cross-Site Request Forgery XSRF
Mar 08, 2026
Server-Side Request Forgery SSRF
Mar 08, 2026
XSS Cross (X) Site-Scripting
Mar 08, 2026
allow-listing
Mar 08, 2026
application attacks
Mar 08, 2026
application firewalls
Mar 08, 2026
application resilience
Mar 08, 2026
application security controls
Mar 08, 2026
asymmetric encryption
Mar 08, 2026
automation and orchestration
Mar 08, 2026
block ciphers
Mar 08, 2026
buffer overflow
Mar 08, 2026
ciphers
Mar 08, 2026
code repositories
Mar 08, 2026
code reuse
Mar 08, 2026
code security
Mar 08, 2026
code signing
Mar 08, 2026
creation and distribution of symmetric keys
Mar 08, 2026
cryptanalysis
Mar 08, 2026
cryptography goals
Mar 08, 2026
cryptography
Mar 08, 2026
data encryption level
Mar 08, 2026
data encryption
Mar 08, 2026
defence-in-depth
Mar 08, 2026
deny-listing
Mar 08, 2026
error handling best practices
Mar 08, 2026
escalation
Mar 08, 2026
guard rails
Mar 08, 2026
handling secrets
Mar 08, 2026
input validation
Mar 08, 2026
memory leak
Mar 08, 2026
memory management best practices
Mar 08, 2026
non-repudiation
Mar 08, 2026
obfuscation
Mar 08, 2026
package monitoring
Mar 08, 2026
parameterized queries
Mar 08, 2026
pointer dereferencing
Mar 08, 2026
privilege escalation attack
Mar 08, 2026
race conditions
Mar 08, 2026
replay attack
Mar 08, 2026
request forgery
Mar 08, 2026
resource exhaustion
Mar 08, 2026
sandboxing
Mar 08, 2026
secure coding practices
Mar 08, 2026
securing APIs
Mar 08, 2026
software diversity
Mar 08, 2026
source code comments best practices
Mar 08, 2026
storage and destruction of symmetric keys
Mar 08, 2026
stream ciphers
Mar 08, 2026
symmetric encryption management
Mar 08, 2026
symmetric encryption
Mar 08, 2026
target of evaluation TOE
Mar 08, 2026
time-of-check TOC
Mar 08, 2026
time-of-use TOU
Mar 08, 2026
5.1 Summarize elements of effective security governance.
Mar 08, 2026
SQL injections SQLI
Mar 08, 2026
application security
Mar 08, 2026
application testing vulnerability scanners
Mar 08, 2026
application vulnerabilities
Mar 08, 2026
benefits of automation and scripting
Mar 08, 2026
blind content-based SQL injection
Mar 08, 2026
blind timing-based SQL injection
Mar 08, 2026
code injection attacks
Mar 08, 2026
command injection attacks
Mar 08, 2026
cookie stealing and manipulation
Mar 08, 2026
devsecops
Mar 08, 2026
directory traversal attack
Mar 08, 2026
dynamic testing vulnerability scan
Mar 08, 2026
file inclusion attack
Mar 08, 2026
fuzzing
Mar 08, 2026
identification methods
Mar 08, 2026
injection attacks
Mar 08, 2026
injection vulnerabilities
Mar 08, 2026
insecure direct object references
Mar 08, 2026
interactive testing vulnerability scan
Mar 08, 2026
network vulnerability scanner
Mar 08, 2026
open worldwide application security project OWASP
Mar 08, 2026
other considerations of automation and scripting
Mar 08, 2026
password vulnerabilities
Mar 08, 2026
policies
Mar 08, 2026
scan perspectives
Mar 08, 2026
secure cookies
Mar 08, 2026
session attacks
Mar 08, 2026
session replay attack
Mar 08, 2026
software development lifecycle SDLC
Mar 08, 2026
static code analysis
Mar 08, 2026
stored or persistent XSS
Mar 08, 2026
system and process audit
Mar 08, 2026
threat feed
Mar 08, 2026
unvalidated redirects
Mar 08, 2026
use cases of automation and scripting
Mar 08, 2026
vulnerability scanners
Mar 08, 2026
vulnerability scans
Mar 08, 2026
web application scanner
Mar 08, 2026
web-based vulnerabilities
Mar 08, 2026
CIA triad
Mar 08, 2026
DAD triad
Mar 08, 2026
ISACS
Mar 08, 2026
OASIS
Mar 08, 2026
OSINT data sources
Mar 08, 2026
STIX
Mar 08, 2026
access restrictions
Mar 08, 2026
alteration
Mar 08, 2026
assessing threat intelligence
Mar 08, 2026
attack surfaces
Mar 08, 2026
attacker motivations
Mar 08, 2026
authentication, authorization and accounting (AAA)
Mar 08, 2026
availability
Mar 08, 2026
black hat hackers
Mar 08, 2026
bloatware
Mar 08, 2026
compensating security control type
Mar 08, 2026
competitors
Mar 08, 2026
compliance risk
Mar 08, 2026
confidentiality
Mar 08, 2026
corrective security control type
Mar 08, 2026
cybersecurity objectives
Mar 08, 2026
cybersecurity professionals
Mar 08, 2026
cybersecurity risk categories
Mar 08, 2026
cybersecurity risks
Mar 08, 2026
cybersecurity threat classifications
Mar 08, 2026
cybersecurity threats
Mar 08, 2026
cybersecurity
Mar 08, 2026
data breach risks
Mar 08, 2026
data exfiltration
Mar 08, 2026
data masking
Mar 08, 2026
data minimisation
Mar 08, 2026
data plane
Mar 08, 2026
data sovereignty
Mar 08, 2026
deception and disruption technology
Mar 08, 2026
denial
Mar 08, 2026
detective security control type
definition
Mar 08, 2026
deterrent security control type
Mar 08, 2026
digital rights management (DRM)
Mar 08, 2026
directive security control type
Mar 08, 2026
disclosure
Mar 08, 2026
espionage
Mar 08, 2026
external audit and assessments
Mar 08, 2026
fileless virus
Mar 08, 2026
financial risk
Mar 08, 2026
gap analysis
Mar 08, 2026
geographic access restriction
Mar 08, 2026
geolocation
Mar 08, 2026
grey hat hackers
Mar 08, 2026
hackers hats
Mar 08, 2026
hacktivists
definition
Mar 08, 2026
human vectors and social engineering
Mar 08, 2026
impacts
Mar 08, 2026
insider threats
Mar 08, 2026
integrity
Mar 08, 2026
internal audit or assessment
Mar 08, 2026
isolation
Mar 08, 2026
keyloggers
Mar 08, 2026
logic bomb
Mar 08, 2026
malware types
Mar 08, 2026
malware
Mar 08, 2026
managerial security control category
Mar 08, 2026
message-based threat vectors
Mar 08, 2026
methods to secure data
Mar 08, 2026
nation-state attackers
Mar 08, 2026
operational risk
Mar 08, 2026
operational security control category
Mar 08, 2026
organised crime
Mar 08, 2026
penetration testing environments
Mar 08, 2026
penetration testing
Mar 08, 2026
permission access restriction
Mar 08, 2026
policy engine
Mar 08, 2026
preventive security control type
Mar 08, 2026
proprietary closed source intelligence
Mar 08, 2026
proving hacking ability
Mar 08, 2026
ransomware
Mar 08, 2026
reporting on vulnerabilities
Mar 08, 2026
reputational risk
Mar 08, 2026
risk identification
Mar 08, 2026
rootkit
Mar 08, 2026
security control categories
Mar 08, 2026
security control types
Mar 08, 2026
security controls
Mar 08, 2026
segmentation
Mar 08, 2026
shadow IT
Mar 08, 2026
spyware
Mar 08, 2026
standardized security languages
Mar 08, 2026
steganography
Mar 08, 2026
strategic risk
Mar 08, 2026
technical security control category
Mar 08, 2026
threat actor attributes
Mar 08, 2026
threat actor motivations
Mar 08, 2026
threat actor types
Mar 08, 2026
threat actors
Mar 08, 2026
threat confidence score
Mar 08, 2026
threat data and intelligence systems
Mar 08, 2026
threat indicator exchange
Mar 08, 2026
threat indicator management
Mar 08, 2026
threat intelligence
Mar 08, 2026
threat maps
Mar 08, 2026
threat vectors
Mar 08, 2026
tokenization
Mar 08, 2026
trojans
Mar 08, 2026
types of vulnerabilities
Mar 08, 2026
unskilled attackers
Mar 08, 2026
validation of vulnerability remediation
Mar 08, 2026
virus variates
Mar 08, 2026
virus
Mar 08, 2026
vishing
Mar 08, 2026
vulnerability analysis
Mar 08, 2026
vulnerability database
Mar 08, 2026
vulnerability management
Mar 08, 2026
vulnerability response and remediation
Mar 08, 2026
vulnerable software
Mar 08, 2026
white hat hackers
Mar 08, 2026
why threat actors are categorized
concept
Mar 08, 2026
wired network as a threat vector
Mar 08, 2026
worms
Mar 08, 2026
zero trust
Mar 08, 2026
CVSS
Mar 08, 2026
attack complexity score
Mar 08, 2026
attack complexity
Mar 08, 2026
attack vector score
Mar 08, 2026
availability score
Mar 08, 2026
changed scope
Mar 08, 2026
confidentiality score
Mar 08, 2026
exploitability score
Mar 08, 2026
exploitability
Mar 08, 2026
impact score
Mar 08, 2026
impact sub-score
Mar 08, 2026
impact
Mar 08, 2026
integrity score
Mar 08, 2026
privileges required score
Mar 08, 2026
unchanged scope
Mar 08, 2026
user interaction score
Mar 08, 2026
Authority
Mar 08, 2026
TRUST Model
Mar 08, 2026
brand impersonation
Mar 08, 2026
brute-force
Mar 08, 2026
business email compromise
Mar 08, 2026
dictionary attacks
Mar 08, 2026
disinformation
Mar 08, 2026
impersonation
Mar 08, 2026
malinformation
Mar 08, 2026
misinformation
Mar 08, 2026
password attacks
Mar 08, 2026
password spraying
Mar 08, 2026
pretexting
Mar 08, 2026
smishing
Mar 08, 2026
social engineering key principles
Mar 08, 2026
social engineering techniques
Mar 08, 2026
typosquatting
Mar 08, 2026
watering hole attack
Mar 08, 2026
Internet Relay Chart (IRC)
Mar 08, 2026
breach impact types
Mar 08, 2026
phishing
Mar 08, 2026
when malware runs