My Certification Notes
Search
Search
Dark mode
Light mode
Explorer
Comptia Security+ Certification
1.0 General Security Concepts 12%
1.1 Compare and contrast various types of security controls.
1.2 Summarize fundamental security concepts.
1.4 Explain the importance of using appropriate cryptographic solutions.
2.0 Threats, Vulnerabilities, and Mitigations 22%
2.1 Compare and contrast common threat actors and motivations.
2.2 Explain common threat vectors and attack surfaces.
2.3 Explain various types of vulnerabilities.
2.4 Given a scenario, analyze indicators of malicious activity
3.0 Security Architecture 18%
3.1 Compare and contrast security implications of different architecture models.
3.3 Compare and contrast concepts and strategies to protect data.
4.0 Security Operations 28%
4.3 Explain various activities associated with vulnerability management.
4.4 Explain security alerting and monitoring concepts and tools.
4.8 Explain appropriate incident response activities.
5.0 Security Program Management and Oversight 20%
5.2 Explain elements of the risk management process.
5.3 Explain the processes associated with third-party risk assessment and management.
5.5 Explain types and purposes of audits and assessments.
Comptia Security+
Comptia Security+ Chapter 1
Comptia Security+ Chapter 1, Review 1
Comptia Security+ Chapter 1, Review 2
Comptia Security+ Chapter 2
Comptia Security+ Chapter 2, Review 1
Comptia Security+ Chapter 3
Comptia Security+ Chapter 4
Comptia Security+ Chapter 5
Comptia Security+ Chapter 6
Comptia Security+ Chapter 7
Comptia Security+ Chapter 8
Comptia Security+ Chapter 9
Comptia Security+ Chapter 10
Comptia Security+ Chapter 11
Comptia Security+ Exam
Comptia Security+ Plan
Comptia Security+ Pre-Assessment Reflection
Comptia Security+ study guide book
Review of content
Definitions
[buffer overflow
2.5 Explain the purpose of mitigation techniques used to secure the enterprise.
3.3 Compare and contrast concepts and strategies to protect data.
3.4 Explain the importance of resilience and recovery in security architecture
4.1 Given a scenario, apply common security techniques to computing resources.
4.2 Explain the security implications of proper hardware, software, and data asset management.
4.5 Given a scenario, modify enterprise capabilities to enhance security.
4.6 Given a scenario, implement and maintain identity and access management.
4.7 Explain the importance of automation and orchestration related to secure operations.
5.1 Summarize elements of effective security governance.
802.1X
access control
access control scheme
Access control vestibule
access restrictions
account deprovisioning
account provisioning
accounts
agent-based DLP
agentless-DLP
allow-listing
allows lists
alteration
anti-malware
anti-virus
API inspection
application attacks
application firewalls
application resilience
application security
application security controls
application testing vulnerability scanners
application vulnerabilities
architecture and infrastructure concepts
architecture model considerations
artificial intelligence AI
assessing threat intelligence
asset management
assignment and accounting
asymmetric encryption
attack complexity
attack complexity score
attack surfaces
attack vector score
attacker motivations
attestation
Attribute-Based Access Control ABAC
attributes
authentication interoperability
authentication, authorization and accounting (AAA)
Authority
automation and orchestration
availability
availability score
backups
baselines
benefits of automation and scripting
binding
biometric authentication
birthday attack
black hat hackers
blind content-based SQL injection
blind timing-based SQL injection
bloatware
block ciphers
block or deny lists
brand impersonation
breach impact types
brute-force
buffer overflow
business email compromise
capacity planning
certificate authorities
certificate enrolment
certificate formats
certificate pinning
certificate revocation
certificate stapling
certificate verification
certificates
Challenge Handshake Authentication Protocol CHAP
changed scope
chosen plain text attack
CIA triad
ciphers
claims to identity
Closed Circuit Television CCTV
closed source intelligence
cloud
cloud access security brokers CASB
cloud backup considerations
cloud controls matrix
cloud deployment models
cloud networking
cloud roles
cloud security architecture
cloud security issues
cloud storage resources
clustering
code injection attacks
code repositories
code reuse
code security
code signing
cold site
command injection attacks
compensating security control type
competitors
compliance risk
confidentiality
confidentiality score
configuration management tools
containerization
continuity of operations
control objectives
cookie stealing and manipulation
corrective security control type
creation and distribution of symmetric keys
Cross-Site Request Forgery XSRF
cryptanalysis
cryptographic attacks
cryptographic tools
cryptography
cryptography goals
CVSS
cybersecurity
cybersecurity objectives
cybersecurity professionals
cybersecurity risk categories
cybersecurity risk type impacts
cybersecurity risk types
cybersecurity risks
cybersecurity threat classifications
cybersecurity threats
DAD triad
data breach risks
data encryption
data encryption level
data exfiltration
data loss prevention
data loss prevention DLP
data masking
data minimisation
data plane
data protection
data sovereignty
deception and disruption technology
decommissioning
defence-in-depth
denial
deny-listing
desired security state
detective security control type
deterrent security control type
devops
devsecops
dictionary attacks
digital rights management (DRM)
digital signature
directive security control type
directory traversal attack
disclosure
Discretionary Access Control DAC
disinformation
Distinguished Encoding Rules DER format
downgrade attack
dynamic testing vulnerability scan
elasticity
embedded systems
Endpoint Detection and Response (EDR)
endpoint protection
environmental attacks
error handling best practices
escalation
espionage
exploitability
exploitability score
extended detection and response XDR
Extensible Authentication Protocol EAP
external audit and assessments
facial recognition
False Acceptance Rate FAR type 2 error
False Rate Rejection FFR type 1 error
federation
file inclusion attack
fileless virus
filesystem permissions
Financial data breach risk
financial risk
fingerprint scan
firmware
frequency analysis
fuzzing
gait analysis
gap analysis
general data considerations
geographic access restriction
geolocation
governance and auditing of third-party vendors
grey hat hackers
guard rails
hackers hats
hacktivists
handling secrets
hardening cloud infrastructure
hardening targets
hardening techniques
hardware root of trust
Hardware Security Modules HSM
hardware vulnerabilities
hash
Hash Message Authentication Code HMAC
heuristic
host-based intrusion prevention system HIPS
hot site
human vectors
human vectors and social engineering
hypervisor
identification methods
Identity and Access Management IAM
identity proofing
Identity Provider IdP
impact
impact score
impact sub-score
impersonation
industrial control systems ICS
infrastructure capacity planning
injection attacks
injection vulnerabilities
input validation
insecure direct object references
insider threats
integrity
integrity score
interactive testing vulnerability scan
internal audit or assessment
Internet of things IoT
Internet Relay Chart (IRC)
inventory enumeration
iris recognition
ISACS
isolation
journaling
Kerberos
Kerberos instance
Kerberos primary
Kerberos realm
key escrow
key exchange
key stretching
keyloggers
Lightweight Directory Access Protocol LDAP
live-boot media
load balancing
logic bomb
malinformation
malware
malware types
managerial security control category
Mandatory Access Control MAC
measured boot
memory leak
memory management best practices
message-based threat vectors
methods to secure data
misinformation
Multi-Factor Authentication MFA
multipath
nation-state attackers
nearline backups
network hardening
network vulnerability scanner
non-persistance
non-repudiation
OASIS
obfuscation
Online Certificate Status Protocol OCSP
Open Authorization OAuth
open worldwide application security project OWASP
OpenID
operating system hardening
operating system vulnerabilities
operational risk
operational security control category
organised crime
OSINT data sources
other considerations of automation and scripting
package monitoring
parallel processing
parameterized queries
partial redactions
password attacks
password guidelines
password spraying
Password vaulting
password vulnerabilities
penetration testing
penetration testing environments
people capacity planning
permission access restriction
permissions management
phishing
physical attack
physical security control category
pointer dereferencing
policies
policy engine
power
pretexting
preventive security control type
principle of least access
privilege escalation attack
Privileged Access Management PAM
privileges required score
proprietary closed source intelligence
protecting endpoints
protection of power
proving hacking ability
public cloud
public key infrastructure PKI
race conditions
rainbow table attack
ransomware
Receiver Operating Characteristic ROC
Recovery Point Objectives RPO
Recovery Time Objectives RTO
redundancy
Redundant Array of Inexpensive Disks RAID
redundant network devices
registration authorities
related key attack
Relying Party RP
Remote Dial-In User Service RADIUS
replay attack
replication
reporting on vulnerabilities
Reputational damage risk
reputational risk
request forgery
resource exhaustion
responsibility matrix
restoration to last-known good configuration
retina scan
risk identification
Role-Based Access Control RBAC
rootkit
Rule-Based Access Control RuBAC
sandboxing
scalability
scan perspectives
sealing
secretes management
secure boot
secure coding practices
secure cookies
secure web gateways SWG
securing APIs
Security Assertions Markup Language SAML
security cameras
security control categories
security control types
security controls
security enclave
security tools
segmentation
Sensors
Server-Side Request Forgery SSRF
session attacks
session replay attack
shadow IT
signature based detection
simulation
Single Sign-On SSO
Site considerations
site resilience
smishing
social engineering key principles
social engineering techniques
software development lifecycle SDLC
software diversity
something you are authentication
something you have authentication
something you know
something you know authentication
somewhere you are authentication
source code comments best practices
spyware
SQL injections SQLI
SSL stripping
standardized security languages
static code analysis
steganography
STIX
storage and destruction of symmetric keys
stored or persistent XSS
strategic risk
stream ciphers
supervisory control and data acquisition SCADA
symmetric encryption
symmetric encryption management
system and process audit
tabletop exercises
target of evaluation TOE
technical security control category
technology capacity planning
Terminal Access Controller Access Control System Plus TACACS+
testing
testing resilience and recovery control designs
threat actor attributes
threat actor motivations
threat actor types
threat actors
threat confidence score
threat data and intelligence systems
threat feed
threat indicator exchange
threat indicator management
threat intelligence
threat maps
threat vectors
time-of-check TOC
time-of-use TOU
To review
tokenization
traits
trojans
TRUST Model
trusted platform module TPM
types of vulnerabilities
typosquatting
unchanged scope
unified extensible firmware interface UEFI
Uninterruptable Power Supply UPS
unskilled attackers
Untitled
unvalidated redirects
use cases of automation and scripting
user interaction score
user provisioning
validation of vulnerability remediation
virtual private cloud VPC
virtualisation
virtualisation security
virtualisation vulnerabilities
virus
virus variates
vishing
vulnerability analysis
vulnerability database
vulnerability management
vulnerability response and remediation
vulnerability scanners
vulnerability scans
vulnerable software
warm site
watering hole attack
web application scanner
web-based vulnerabilities
when malware runs
white hat hackers
why threat actors are categorized
wired network as a threat vector
worms
XSS Cross (X) Site-Scripting
zero trust
Templates
0. Default
Definition Template
Study Chapter Template
Test Reflection Template
Home
❯
Definitions
❯
session attacks
session attacks
Dec 29, 2025
1 min read
hijacking an already authenticated session to impersonate a user
Graph View
Backlinks
Comptia Security+ Chapter 6
session replay attack