Acroynms Flashcards

Question

What does PKI stand for?

Answer 1

Public Key Infrastructure

Answer 2

Redundant Array of Inexpensive Disks

Answer 3

Remote Desktop Protocol

Answer 4

Software as a Service

Answer 5

Security Information and Event Management

Answer 6

Service-level Agreement

Answer 7

Security Operations Center

Answer 8

Secure Sockets Layer SSL (Secure Sockets Layer) is a cryptographic protocol designed to provide secure communication over a computer network, especially the internet. It works by encrypting the data that is transmitted between a client (like a web browser) and a server, ensuring confidentiality, data integrity, and authentication. SSL uses both symmetric and asymmetric encryption: • Asymmetric encryption is used during the initial handshake to securely exchange keys. • Symmetric encryption is used after the handshake for fast, secure data transmission. SSL certificates, issued by Certificate Authorities (CAs), authenticate the server and initiate the encrypted session. Note: SSL has been deprecated in favor of TLS (Transport Layer Security), which is more secure. However, the term “SSL” is still commonly used when referring to secure connections (like “SSL certificates”), even when TLS is technically in use. ⸻ 2. What You Need to Know for the Security+ Exam: • SSL is deprecated—know that TLS is the modern replacement. • Understand the purpose of SSL/TLS: to provide secure communication via encryption and authentication. • Be familiar with where it’s used: • HTTPS (SSL/TLS over HTTP) • Email protocols like SMTPS, IMAPS, POP3S • Know the difference between SSL/TLS and other encryption protocols (e.g., IPsec, SSH). • You may be asked to: • Identify SSL as an outdated protocol still used in naming (e.g., “SSL certificate”) • Choose TLS over SSL when asked about best practices • Recognize ports commonly associated with SSL/TLS: • HTTPS (Port 443) • SMTPS (Port 465) • Know how the SSL/TLS handshake works at a high level (asymmetric key exchange, then symmetric encryption).

Answer 9

Tactics, Techniques, and Procedures

Answer 10

User Datagram Protocol

Answer 11

Virtual Private Network

Answer 12

Web Application Firewall

Answer 13

Extensible Markup Language

Answer 14

Access Control List General Overview of the Concept: ACL (Access Control List) is a security mechanism that defines which users or system processes are granted access to objects, as well as what operations are allowed on those objects. Think of it like a permissions list tied to a resource (e.g., file, folder, network device). There are two main types: • File system ACLs – Determine permissions for files and directories (e.g., read, write, execute). • Network ACLs – Used in firewalls and routers to filter traffic based on criteria like IP addresses, ports, or protocols. ACLs operate based on a top-down evaluation—rules are processed in order, and the first match determines the action (allow or deny). ⸻ 2. What You Need to Know for the Security+ Exam: • Definition: ACL is a list that controls who can access what and how. • Know the difference between: • Discretionary Access Control (DAC) where users can modify ACLs • Mandatory Access Control (MAC) where ACLs are fixed by policy • In network security, understand how ACLs are used to permit or deny traffic based on: • Source/destination IP address • Port number • Protocol • Recognize how ACLs are implemented in: • Routers • Firewalls • Operating systems • You might be asked to: • Interpret basic ACL rules • Identify use cases for ACLs in securing a network • Compare ACLs with other access control mechanisms (e.g., RBAC, ABAC)

Answer 15

Advanced Encryption Standard

Answer 16

Advanced Encryption Standards 256-bit

Answer 17

Advanced Persistent Threat

Answer 18

Business Continuity Planning GDPR (General Data Protection Regulation) is a data protection law enacted by the European Union (EU) that went into effect on May 25, 2018. It is designed to protect the privacy and personal data of individuals within the EU and the European Economic Area (EEA). Key principles of GDPR include: • Lawfulness, fairness, and transparency • Purpose limitation (data collected for a specific reason) • Data minimization (collect only what’s necessary) • Accuracy • Storage limitation • Integrity and confidentiality (security) • Accountability It gives individuals (called data subjects) rights over their personal data, such as: • Right to be informed • Right of access • Right to rectification • Right to erasure (also known as the “right to be forgotten”) • Right to data portability Organizations that fail to comply can face heavy fines—up to €20 million or 4% of global annual turnover, whichever is greater.

Answer 19

Bring Your Own Device

Answer 20

Certificate Authority

Answer 21

Confidentiality, Integrity, Availability

Answer 22

Computer Incident Response Team

Answer 23

Content Management System

Answer 24

Distributed Denial of Service DDoS stands for Distributed Denial of Service. It’s a type of cyberattack where multiple compromised systems (often part of a botnet) flood a target (like a server, website, or network) with massive amounts of traffic, overwhelming its resources and making it unavailable to legitimate users. Unlike a regular DoS (Denial of Service) attack that comes from one source, DDoS attacks come from many sources simultaneously, making them much harder to block. Common types of DDoS attacks include: • Volumetric Attacks (e.g., UDP floods, ICMP floods) – Consume bandwidth. • Protocol Attacks (e.g., SYN floods) – Exploit weaknesses in layer 3 and 4 protocols. • Application Layer Attacks (e.g., HTTP floods) – Target specific web apps/services. ⸻ 2. What You Need to Know for the Security+ Exam • DDoS = multiple sources; DoS = single source. • Common DDoS techniques: • Botnets – A network of infected devices controlled by an attacker. • Amplification – Exploiting protocols (like DNS or NTP) to increase the size of traffic directed at the target. • Reflection – Spoofing the victim’s IP so that third-party servers send traffic to the victim. • Indicators of DDoS: • Unusually high traffic. • Service slowdowns or outages. • Logs showing massive connections from multiple IPs. • Mitigation Techniques: • Rate limiting – Throttling the number of requests. • Geo-blocking or IP blacklisting. • Web Application Firewalls (WAF). • Content Delivery Networks (CDNs) – Can help absorb attack traffic. • DDoS mitigation services – e.g., Cloudflare, Akamai. • Exam Tip: • If a question mentions flooding a system, traffic from many locations, or botnets, it’s likely referring to a DDoS attack. • Know the difference between volumetric, protocol, and application-level attack

Answer 25

Dynamic Host Configuration Protocol

Answer 26

Domain Message Authentication Reporting and Conformance

Answer 27

Domain Name System

Answer 28

Extensible Authentication Protocol

Answer 29

General Data Protection Regulation

Answer 30

Host-based Intrusion Detection System

Answer 31

Identity and Access Management

Answer 32

Intrusion Prevention System

Answer 33

Internet of Things

Answer 34

Multifactor Authentication

Answer 35

Network Address Translation

Answer 36

Open-source Intelligence

Answer 37

Platform as a Service

Answer 38