Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Security+ - Domain 1
Domain 1 Vocabulary
| Question | Answer |
|---|---|
| What does confidentiality ensure? | Data is accessible only to authorized users. |
| What does integrity ensure? | Data is accurate and has not been altered. |
| What does availability ensure? | Systems and data are accessible when needed. |
| What is non-repudiation? | Proof that an action occurred and cannot be denied. |
| What is authentication? | Verifying a user’s identity. |
| What is authorization? | Determining what actions a user is allowed to perform. |
| What is accounting (auditing)? | Tracking and logging user actions. |
| What is the principle of least privilege? | Granting users only the access they need. |
| What are administrative controls? | Policies, procedures, and training. |
| What are technical (logical) controls? | Technology-based protections like firewalls and encryption. |
| What are physical controls? | Measures that protect physical assets such as locks and guards. |
| What is a threat? | Anything that can exploit a vulnerability. |
| What is a vulnerability? | A weakness in a system. |
| What is risk? | The likelihood of a threat exploiting a vulnerability. |
| What is risk mitigation? | Reducing risk through security controls. |
| What is risk transference? | Shifting risk to another party such as insurance. |
| What is a script kiddie? | An unskilled attacker using existing tools. |
| What is a hacktivist? | An attacker motivated by political or social causes. |
| What is an insider threat? | A trusted user who misuses access. |
| What is a nation-state actor? | A government-backed attacker. |
| What is phishing? | Fraudulent emails designed to trick users. |
| What is spear phishing? | Targeted phishing aimed at specific individuals. |
| What is whaling? | Phishing attacks targeting executives. |
| What is vishing? | Voice-based social engineering. |
| What is tailgating? | Gaining unauthorized physical access by following someone. |
| What is defense in depth? | Using multiple layers of security controls. |
| What is Zero Trust? | Never trust and always verify. |
| What is separation of duties? | Splitting responsibilities to reduce fraud. |
| What is fail-secure? | A system that blocks access when it fails. |
| What is a security policy? | A high-level management directive. |
| What is a standard? | A mandatory requirement that supports a policy. |
| What is a procedure? | Step-by-step instructions to perform a task. |
| What is a guideline? | Recommended but not mandatory practices. |
| What is data at rest? | Stored data. |
| What is data in transit? | Data being transmitted. |
| What is data in use? | Data actively being processed. |
| What is due care? | Taking reasonable security precautions. |
| What is due diligence? | Ongoing efforts to maintain security. |
Created by:
jlgentry
Popular Computers sets