Security+ Flashcards: Security Acronyms, Key Terms, Exam Strategy, Common Traps

Critical acronyms include CIA for confidentiality, integrity, availability; AAA for authentication, authorization, accounting; MFA for multi-factor authentication; PKI for public key infrastructure; IDS and IPS for intrusion detection and prevention systems; SIEM for security information and event management; DLP for data loss prevention; RBAC for role-based access control; NGFW for next-generation firewall; EDR for endpoint detection and response; CASB for cloud access security broker; SOAR for security orchestration, automation, and response; BCP and DRP for business continuity and disa

Symmetric encryption uses one shared key for both encryption and decryption, making it fast for large data but requiring secure key exchange. AES is the standard with 128, 192, or 256-bit keys. Asymmetric encryption uses a key pair, public and private, solving the key distribution problem but running much slower. RSA and Elliptic Curve Cryptography are common. In practice, asymmetric encryption exchanges a symmetric session key, then symmetric encryption handles the data. The exam tests this hybrid approach frequently.

Key port numbers include HTTP on port 80, HTTPS on port 443, FTP on ports 20 and 21, SSH and SFTP on port 22, Telnet on port 23, SMTP on port 25, DNS on port 53, DHCP on ports 67 and 68, TFTP on port 69, POP3 on port 110, IMAP on port 143, SNMP on ports 161 and 162, LDAP on port 389, LDAPS on port 636, FTPS on port 990, RADIUS on ports 1812 and 1813, and RDP on port 3389. The exam expects you to identify insecure protocols and their secure alternatives. For example, replace Telnet port 23 with SSH port 22, and HTTP port 80 with HTTPS port 443.

A vulnerability is a weakness in a system, configuration, or process that could be taken advantage of, such as an unpatched server or a misconfigured firewall. An exploit is the actual code, tool, or technique used to take advantage of a vulnerability, such as a script that targets a specific software bug. A threat is any potential danger that could exploit a vulnerability, including threat actors, natural disasters, and accidents. Risk combines all three: a vulnerability with an available exploit and a motivated threat actor creates risk.

Performance-based questions, or PBQs, require you to perform a task in a simulated environment rather than choosing from multiple-choice options. Common PBQ types include configuring firewall rules to allow or block specific traffic, matching attack types to descriptions or scenarios, analyzing log files to identify security events, configuring wireless security settings, setting up access controls or permissions, and identifying components in a network diagram. PBQs appear at the beginning of the exam and can be flagged and returned to later.

Many Security+ questions present multiple technically correct answers but ask for the best or most appropriate response. To identify the best answer, consider the specific context of the scenario, apply the principle of least privilege choosing the most restrictive adequate option, prefer preventive controls over detective or corrective ones, choose the most cost-effective solution that adequately addresses the risk, implement technical controls before administrative ones when both are available, and address the root cause rather than symptoms.