Who are the main types of threat actors?

Script kiddies, Hacktivists, Insiders, Nation-state actors, Organized crime, APTs (Advanced Persistent Threats).

What are the common attack vectors used by threat actors?

Phishing, Social engineering, Malware, Ransomware, Zero-day exploits, Insider threats, Credential stuffing.

What does the CIA Triad stand for?

Confidentiality, Integrity, Availability.

What is the Zero Trust security model?

"Never trust, always verify" – every request must be authenticated and verified, even inside the network.

What is the Principle of Least Privilege (PoLP)?

Users should have only the minimum permissions needed to perform their job.

What are the three main authentication factors?

Something you know (password), Something you have (smart card), Something you are (fingerprint).

Name three types of social engineering attacks.

Phishing, Pretexting, Baiting, Tailgating, Vishing, Smishing.

What are the main types of malware?

Virus, Worm, Trojan, Ransomware, Spyware, Rootkit, Adware.

What is the Defense-in-Depth approach?

A layered security strategy that includes multiple controls to protect assets.

What is the difference between IDS and IPS?

IDS (Intrusion Detection System) alerts on threats, IPS (Intrusion Prevention System) blocks them.

What’s the difference between symmetric and asymmetric encryption?

Symmetric: Uses one key for encryption & decryption (e.g., AES). Asymmetric: Uses two keys—public & private (e.g., RSA).

What are the main steps of risk management?

Identify, Assess, Mitigate, Monitor, Review.

What are the three main types of backups?

Full, Incremental, Differential.

Name four common access control models.

DAC (Discretionary), MAC (Mandatory), RBAC (Role-Based), ABAC (Attribute-Based).

What are the three main types of security policies?

Organizational, System-Specific, Issue-Specific.

What is the purpose of a VPN?

Encrypts data to create a secure connection over an untrusted network.

Why is patch management important?

Fixes security vulnerabilities and improves system stability.

What does PKI provide?

Secure key management using digital certificates and encryption.

What is the purpose of SIEM?

Centralized logging, event correlation, and real-time monitoring for security incidents.

Help

Options

focusNode

Didn't know it?
click below

Knew it?
click below

Don't Know

Remaining cards (0)

Know

retry

shuffle

restart

0:00

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

Normal Size Small Size show me how

Sec+ Domain 1

Security+ Domain 1: General Security Concepts study material

Question	Answer
Who are the main types of threat actors?	Script kiddies, Hacktivists, Insiders, Nation-state actors, Organized crime, APTs (Advanced Persistent Threats).
What are the common attack vectors used by threat actors?	Phishing, Social engineering, Malware, Ransomware, Zero-day exploits, Insider threats, Credential stuffing.
What does the CIA Triad stand for?	Confidentiality, Integrity, Availability.
What is the Zero Trust security model?	"Never trust, always verify" – every request must be authenticated and verified, even inside the network.
What is the Principle of Least Privilege (PoLP)?	Users should have only the minimum permissions needed to perform their job.
What are the three main authentication factors?	Something you know (password), Something you have (smart card), Something you are (fingerprint).
Name three types of social engineering attacks.	Phishing, Pretexting, Baiting, Tailgating, Vishing, Smishing.
What are the main types of malware?	Virus, Worm, Trojan, Ransomware, Spyware, Rootkit, Adware.
What is the Defense-in-Depth approach?	A layered security strategy that includes multiple controls to protect assets.
What is the difference between IDS and IPS?	IDS (Intrusion Detection System) alerts on threats, IPS (Intrusion Prevention System) blocks them.
What’s the difference between symmetric and asymmetric encryption?	Symmetric: Uses one key for encryption & decryption (e.g., AES). Asymmetric: Uses two keys—public & private (e.g., RSA).
Name three common hashing algorithms.	MD5, SHA-256, HMAC.
What are the main steps of risk management?	Identify, Assess, Mitigate, Monitor, Review.
What are the three main types of backups?	Full, Incremental, Differential.
Name four common access control models.	DAC (Discretionary), MAC (Mandatory), RBAC (Role-Based), ABAC (Attribute-Based).
What are the three main types of security policies?	Organizational, System-Specific, Issue-Specific.
What is the purpose of a VPN?	Encrypts data to create a secure connection over an untrusted network.
Why is patch management important?	Fixes security vulnerabilities and improves system stability.
What does PKI provide?	Secure key management using digital certificates and encryption.
What is the purpose of SIEM?	Centralized logging, event correlation, and real-time monitoring for security incidents.

Created by: anapaulaseidel

Popular Computers sets

Definitions for Word Processing and the main parts of the MS Word 2010 window

WP Page Formatting

WP Paragraph Formatting terms

Review business letter parts

Review the three paragraph formats (block, indented, hanging indent)

WP font formatting features in Word 2010

Arkansas CBA unit 1 Hardware

"Know" box contains:
Time elapsed:
Retries: