CompTIA Security+ Fundamentals

The process of verifying the identity of a user or device.

"The system requires authentication before granting access to sensitive data."

The process of converting information or data into a code to prevent unauthorized access.

"All sensitive data should be stored with strong encryption to ensure security."

A network security device that monitors and filters incoming and outgoing network traffic.

"A firewall can block unauthorized access while permitting outward communication."

Malicious software designed to harm, exploit, or otherwise compromise computer systems.

"Anti-malware software is crucial for protecting your computer from malware."

A method of attempting to acquire sensitive information by masquerading as a trustworthy entity.

"Phishing attacks often come in the form of fraudulent emails."

A weakness in a system that can be exploited by a threat.

"Regular updates are necessary to fix software vulnerabilities."

Any circumstance or event with the potential to cause harm to an information system.

"Scanning for threats is an integral part of maintaining cybersecurity."

A device or software application that monitors a network for malicious activity or policy violations.

"An IDS can alert administrators to potential security breaches."

A set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.

"PKI underpins secure communications on the web using encrypted certificates."

A security system that requires more than one method of authentication from independent categories of credentials.

"MFA enhances security by combining passwords with additional verification methods like mobile apps."

The selective restriction of access to a place or other resource.

"Access control systems help ensure that only authorized users can enter restricted areas."

An incident where information is stolen or taken from a system without the knowledge or authorization of the system's owner.

"A data breach can lead to financial loss and damage to an organization's reputation."

The use of deception to manipulate individuals into divulging confidential or personal information.

"Attacks involving social engineering prey on human psychology rather than technological weaknesses."

An attack meant to shut down a machine or network, making it inaccessible to its intended users.

"A DoS attack can overwhelm a server by flooding it with traffic."

A simulated cyber attack against your computer system to check for exploitable vulnerabilities.

"Penetration testing helps organizations identify and fix security weaknesses."

A vulnerability in software that is unknown to the vendor and can be exploited by attackers.

"Zero-day exploits are particularly dangerous because they are unpatched and can cause significant damage."

A planned approach to addressing and managing the aftermath of a security breach or cyberattack.

"An efficient incident response plan can mitigate the damage caused by security incidents."

The process of distributing and applying updates to software.

"Effective patch management can prevent exploitation of software vulnerabilities."

The special access or abilities above and beyond that of a standard user.

"Privileged access must be carefully managed to prevent unauthorized activities."

A set of criteria for the provision of security services.

"Developing a comprehensive security policy is crucial for organizational protection."