Comptia Security+ (SY0-601)
CIA Triad - Confidentially, Integrity and Availability.
Least privilege /Need-to-know basis - Giving someone the most limited access required to so they can
perform their job.
Defence in Depth - Protecting a company's data with a series of protective layers.
Annual Risk Assessment - A risk register where the financial director will look at all of the risks associated
with money and the IT manager will look at all of the risks posed.
Annual Security Awareness Training - Where you are reminded about what you should be doing on a
daily basis to keep the company safe.
Change Advisory Board (CAB) - Assists with the prioritisation of changes.
Business Continuity Plan (BCP) - Contingency planning to keep the business up and running when a
disaster occurs, by identifying single points of failure.
Firewall Rule - A rule in the firewall specifying if a connection is allowed or denied.
Antivirus/Antimalware - Software or hardware that protects against or removes malicious software.
Screen Saver - A feature that logs computers off when they are idle.
Screen Filter - A device which prevents people from viewing your screen, while they are walking past.
,Closed Circuit Television (CCTV) - Equipment used to record events through cameras and or sensors.
Log Files - Text files that record events and times that occur.
Write-Once Read-Many Drive (WORM) - A hard drive that can only be written to once, but read many
times.
Fire Suppression System - An oxygen suppressant system that starves a fire to prevent damage to
equipment.
Disable User Accounts - When someones leaves a company, their account is disabled and password
changed immediately.
Operating System Hardening - The operating system is fully patched, all unused features and services are
disabled.
Identification (Access Controls) - An identifying piece of information such as a number or list of
characters.
Security Identifier (SID) - An identifier, that is tied to an account.
Authentication (Access Controls) - The person making the request, is who they say they are.
Authorisation (Access Controls) - The amount of access given to a user.
New Technology File System (NTFS) - A proprietary file system created by Microsoft.
,Discretionary Access Control (DAC) - A control system, that the user is only given access, that they need
to perform their job.
Full Control (DAC) - The user has full control.
Modify (DAC) - The user can change, read and execute data.
Read and Execute (DAC) - The user can read the data or run the program.
List Folder Contents (DAC) - The user can see the directory and its subdirectories.
Read (DAC) - The user can read the data.
Write (DAC) - The user can write to the file.
Special Permissions (DAC) - The user has granular access.
Data Creator/Owner (DAC) - The user has permission to get permissions for other users.
Mandatory Access Control (MAC) - A classification of data based on how much damage it could cause.
Top Secret (MAC) - The highest level of damage.
Secret (MAC) - Causes serious damage.
, Confidential (MAC) - Causes damage.
Restricted (MAC) - Has an undesirable effect.
Owner (MAC) - The user who writes data and determines classification.
Steward (MAC) - The user who labels the data.
Custodian (MAC) - The user who stores and manages classified data.
Security Administrator (MAC) - The user who gives access to classified data, once approved.
Role-Based Access Control (RBAC) - An access control system, which uses roles to determine access.
Rule Based Access Control (RBAC) - An access control system, which uses rules to determine access.
Attribute-Based Access Controls (ABAC) - An access control system, which uses account attributes to
determine access.
Group-Based Access Control (GBAC) - An access control system, which uses account groups to determine
access.
Linux-Based Access Control (LBAC) - An access control system, which is used by Linux to determine
access and uses a numeric or alpha format.
Owner (LBAC) - The first number listed in the LBAC permissions.
CIA Triad - Confidentially, Integrity and Availability.
Least privilege /Need-to-know basis - Giving someone the most limited access required to so they can
perform their job.
Defence in Depth - Protecting a company's data with a series of protective layers.
Annual Risk Assessment - A risk register where the financial director will look at all of the risks associated
with money and the IT manager will look at all of the risks posed.
Annual Security Awareness Training - Where you are reminded about what you should be doing on a
daily basis to keep the company safe.
Change Advisory Board (CAB) - Assists with the prioritisation of changes.
Business Continuity Plan (BCP) - Contingency planning to keep the business up and running when a
disaster occurs, by identifying single points of failure.
Firewall Rule - A rule in the firewall specifying if a connection is allowed or denied.
Antivirus/Antimalware - Software or hardware that protects against or removes malicious software.
Screen Saver - A feature that logs computers off when they are idle.
Screen Filter - A device which prevents people from viewing your screen, while they are walking past.
,Closed Circuit Television (CCTV) - Equipment used to record events through cameras and or sensors.
Log Files - Text files that record events and times that occur.
Write-Once Read-Many Drive (WORM) - A hard drive that can only be written to once, but read many
times.
Fire Suppression System - An oxygen suppressant system that starves a fire to prevent damage to
equipment.
Disable User Accounts - When someones leaves a company, their account is disabled and password
changed immediately.
Operating System Hardening - The operating system is fully patched, all unused features and services are
disabled.
Identification (Access Controls) - An identifying piece of information such as a number or list of
characters.
Security Identifier (SID) - An identifier, that is tied to an account.
Authentication (Access Controls) - The person making the request, is who they say they are.
Authorisation (Access Controls) - The amount of access given to a user.
New Technology File System (NTFS) - A proprietary file system created by Microsoft.
,Discretionary Access Control (DAC) - A control system, that the user is only given access, that they need
to perform their job.
Full Control (DAC) - The user has full control.
Modify (DAC) - The user can change, read and execute data.
Read and Execute (DAC) - The user can read the data or run the program.
List Folder Contents (DAC) - The user can see the directory and its subdirectories.
Read (DAC) - The user can read the data.
Write (DAC) - The user can write to the file.
Special Permissions (DAC) - The user has granular access.
Data Creator/Owner (DAC) - The user has permission to get permissions for other users.
Mandatory Access Control (MAC) - A classification of data based on how much damage it could cause.
Top Secret (MAC) - The highest level of damage.
Secret (MAC) - Causes serious damage.
, Confidential (MAC) - Causes damage.
Restricted (MAC) - Has an undesirable effect.
Owner (MAC) - The user who writes data and determines classification.
Steward (MAC) - The user who labels the data.
Custodian (MAC) - The user who stores and manages classified data.
Security Administrator (MAC) - The user who gives access to classified data, once approved.
Role-Based Access Control (RBAC) - An access control system, which uses roles to determine access.
Rule Based Access Control (RBAC) - An access control system, which uses rules to determine access.
Attribute-Based Access Controls (ABAC) - An access control system, which uses account attributes to
determine access.
Group-Based Access Control (GBAC) - An access control system, which uses account groups to determine
access.
Linux-Based Access Control (LBAC) - An access control system, which is used by Linux to determine
access and uses a numeric or alpha format.
Owner (LBAC) - The first number listed in the LBAC permissions.
