Acronym w. Definition . Flashcards Preview

CompTIA Sec+ SY0-501 > Acronym w. Definition . > Flashcards

Flashcards in Acronym w. Definition . Deck (508)
Loading flashcards...
1

3DES

Triple Digital Encryption Standard

A symmetric algorithm used to encrypt data & provide confidentiality.

2

AAA

A group of technologies used in remote access systems.

- Authentication verifies a user’s identification.
- Authorization determines if a user should have access.
- Accounting tracks a user’s access with logs.

3

ABAC

Attribute-Based Access Control

An access control model that grants access to resources based on attributes assigned to subjects and objects.

4

AUP

Acceptable Use Policy

A policy defining proper system usage and the rules of behavior for employees.

It often describes the purpose of computer systems and networks, how users can access them, and the responsibilities of users when accessing the systems.

5

AP

Access Point

A device that connects wireless clients to wireless networks. Sometimes called wireless access point (WAP).

6

Accounting

The process of tracking the activity of users and recording this activity in logs. One method of accounting is audit logs that create an audit trail.

7

ACLs

Access control lists. Lists of rules used by routers and stateless firewalls. These devices use the ACL to control traffic based on networks, subnets, IP addresses, ports, and some protocols.

8

Active Reconnaissance

A penetration testing method used to collect information. It sends data to systems and analyzes responses to gain information on the target.

9

Ad Hoc

A connection mode used by wireless devices without an AP.

10

Administrative controls

Security controls implemented via administrative or management methods.

11

Advanced Encryption Standard (AES)

A strong symmetric block cipher that encrypts data in 128-bit blocks.

12

Affinity

A scheduling method used with load balancers. It used the client’s IP address to ensure the client is redirected to the same server during session.

13

Aggregation switch

A switch used to connect multiple switches together into a network. Switches connect to the aggregation switch and it connects to a router.

14

Agile

A software development life cycle model that focuses on interaction and integrity.

15

Authentication Header (AH)

Only used in Tunneling mode, to encrypt the message headers.

- An option within IPSec to provide authentication and integrity.

16

Airgap

A physical security control that provides physical isolation. Systems separated by an airgap don’t typically have any physical connections to other systems.

17

Annual Loss Expectancy (ALE)

The expected loss for a year.

Used to measure risk with ARO and SLE in a quantitative risk assessment.

SLE x ARO = ALE

18

Amplification attack

An attack that increased the amount of bandwidth sent to a victim.

19

Anomaly

A type of monitoring on intrusion detection and intrusion prevention systems.

Detects attacks by comparing operations against a baseline.

Aka Heuristic detection

20

ANT

A proprietary wireless protocol used by some mobile devices.

(Not an acronym)

21

Antispoofing

A method used on some routers to protect against spoofing attacks.

22

Antivirus

Software that protects systems from malware.

23

Application blacklist

A list of applications that a system blocks.

Users are unable to install or run any applications on the list.

24

Application cell

A virtualization technology that runs services or applications within isolated application cells (containers).

Aka application containers

25

Application whitelist

A list of applications that a system allows.

26

Advanced Persistent Threat (APT)

A group that has both the capability and intent to launch sophisticated and targeted attacks.

27

Annual Rate of Occurrence (ARO)

The number of times a loss is expected to occur in a year.

28

arp

A command-line tool used to show and manipulate the Address Resolution Protocol cache.

29

ARP Poisoning

An attack that misleads systems about the actual MAC address of a system.

30

Asset Value

An element of a risk assessment. It identifies the value of an asset and can include any product, system, resource, or process.