Authentication vs Authorization

Authentication verifies identity; authorization determines what actions are allowed

Confidentiality vs Integrity

Confidentiality prevents unauthorized disclosure; integrity prevents unauthorized modification

Integrity vs Availability

Integrity ensures data accuracy; availability ensures systems are accessible

Threat vs Vulnerability

A threat is a potential danger; a vulnerability is a weakness that can be exploited

Risk is the likelihood of loss; a threat is the cause of that potential loss

Risk Mitigation vs Risk Transference

Mitigation reduces risk; transference shifts risk to another party

Administrative vs Technical Controls

Administrative controls are policies and training; technical controls are technology-based safeguards

Technical vs Physical Controls

Technical controls use technology; physical controls protect facilities and hardware

A policy is a high-level rule; a standard is a mandatory requirement

Standard vs Procedure

A standard defines what must be done; a procedure explains how to do it

Procedure vs Guideline

Procedures are mandatory steps; guidelines are recommended practices

Due Care vs Due Diligence

Due care is taking reasonable precautions; due diligence is ongoing maintenance of security

Least Privilege vs Separation of Duties

Least privilege limits access; separation of duties divides responsibilities

Defense in Depth vs Zero Trust

Defense in depth uses multiple layers; Zero Trust continuously verifies users

Fail-Open vs Fail-Secure

Fail-open allows access on failure; fail-secure blocks access on failure

Phishing vs Spear Phishing

Phishing is broad; spear phishing is targeted

Spear Phishing vs Whaling

Spear phishing targets individuals; whaling targets executives

Vishing uses voice calls; smishing uses SMS messages

Insider Threat vs External Threat

Insider threats come from trusted users; external threats come from outside the organization

Data at Rest vs Data in Transit

Data at rest is stored; data in transit is being transmitted

Help

Options

focusNode

Didn't know it?
click below

Knew it?
click below

Don't Know

Remaining cards (0)

Know

retry

shuffle

restart

0:00

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

Normal Size Small Size show me how

Sec+ D1 - HARD

Commonly Confused terms for Security+ Domain 1

Question	Answer
Authentication vs Authorization	Authentication verifies identity; authorization determines what actions are allowed
Confidentiality vs Integrity	Confidentiality prevents unauthorized disclosure; integrity prevents unauthorized modification
Integrity vs Availability	Integrity ensures data accuracy; availability ensures systems are accessible
Threat vs Vulnerability	A threat is a potential danger; a vulnerability is a weakness that can be exploited
Risk vs Threat	Risk is the likelihood of loss; a threat is the cause of that potential loss
Risk Mitigation vs Risk Transference	Mitigation reduces risk; transference shifts risk to another party
Administrative vs Technical Controls	Administrative controls are policies and training; technical controls are technology-based safeguards
Technical vs Physical Controls	Technical controls use technology; physical controls protect facilities and hardware
Policy vs Standard	A policy is a high-level rule; a standard is a mandatory requirement
Standard vs Procedure	A standard defines what must be done; a procedure explains how to do it
Procedure vs Guideline	Procedures are mandatory steps; guidelines are recommended practices
Due Care vs Due Diligence	Due care is taking reasonable precautions; due diligence is ongoing maintenance of security
Least Privilege vs Separation of Duties	Least privilege limits access; separation of duties divides responsibilities
Defense in Depth vs Zero Trust	Defense in depth uses multiple layers; Zero Trust continuously verifies users
Fail-Open vs Fail-Secure	Fail-open allows access on failure; fail-secure blocks access on failure
Phishing vs Spear Phishing	Phishing is broad; spear phishing is targeted
Spear Phishing vs Whaling	Spear phishing targets individuals; whaling targets executives
Vishing vs Smishing	Vishing uses voice calls; smishing uses SMS messages
Insider Threat vs External Threat	Insider threats come from trusted users; external threats come from outside the organization
Data at Rest vs Data in Transit	Data at rest is stored; data in transit is being transmitted

Created by: jlgentry

Popular Computers sets

Definitions for Word Processing and the main parts of the MS Word 2010 window

WP Page Formatting

WP Paragraph Formatting terms

Review business letter parts

Review the three paragraph formats (block, indented, hanging indent)

WP font formatting features in Word 2010

Arkansas CBA unit 1 Hardware

"Know" box contains:
Time elapsed:
Retries: