đ Welcome to Your Security+ Study Quiz!
Choose your quiz type and test your knowledge!
đ Abbreviations Reference (Click to expand)
đ Security Controls & Concepts
CIAConfidentiality, Integrity, Availability
ACLAccess Control List
RBACRole-Based Access Control
MFAMultifactor Authentication
EDREndpoint Detection and Response
NACNetwork Access Control
DEPData Execution Prevention
EFSEncrypted File System
FDEFull Disk Encryption
đ Network & Protocols
DNSDomain Name System
LDAPLightweight Directory Access Protocol
HTTPSHypertext Transfer Protocol Secure
ARPAddress Resolution Protocol
DAIDynamic ARP Inspection
OSIOpen Systems Interconnect
CAMContent-Addressable Memory
VoIPVoice over IP
PSTNPublic-Switched Telephone Network
VLANVirtual Local Area Network
SNMPSimple Network Management Protocol
IPFIXIP Flow Information Export
802.1XPort-Based Network Access Control
đ Security Roles
CIOChief Information Officer
CTOChief Technology Officer
CSOChief Security Officer
ISSOInformation Systems Security Officer
đĄī¸ Security Devices & Tools
ASAAdaptive Security Appliance
IDSIntrusion Detection System
IPSIntrusion Prevention System
HIPSHost-based Intrusion Prevention System
SIEMSecurity Information and Event Management
SOARSecurity Orchestration, Automation, and Response
XDRExtended Detection and Response
DLPData Loss Prevention
WAFWeb Application Firewall
NGFWNext Generation Firewall
VFAVirtual Firewall Appliance
UTMUnified Threat Management
đ Cryptography & Authentication
PSKPre Shared Key
SHASecure Hashing Algorithm
AESAdvanced Encryption Standard
CRLCertificate Revocation List
OCSPOnline Certificate Status Protocol
PKIPublic Key Infrastructure
TPMTrusted Platform Module
HSMHardware Security Module
EAPExtended Authentication Protocol
RADIUSRemote Authentication Dial-In User Service
SAMLSecurity Assertion Markup Language
OAuthOpen Authorization
CHAPChallenge Handshake Authentication Protocol
LSASSLocal Security Authority Subsystem Service
CPSCertificate Practice Statement
đ¤ Identity & Access Management
IAMIdentity and Access Management
SSOSingle Sign-On
ISEIdentity Services Engine
UEMUnified Endpoint Management
KDCKey Distribution Center
TGSTicket Granting Service
ASAuthentication Server
đ VPN & Secure Protocols
AHAuthentication Header
ESPEncapsulating Security Payload
FTPSFTP Secure (FTP over SSL/TLS)
IKEInternet Key Exchange
IPSecInternet Protocol Security
SD-WANSoftware-Defined Wide Area Network
SCPSecure Copy Protocol
SFTPSSH File Transfer Protocol
WPA3Wi-Fi Protected Access 3
đ Industrial Control Systems
SCADASupervisory Control and Data Acquisition
ICSIndustrial Control Systems
IoTInternet of Things
FPGAField-Programmable Gate Array
RTOSReal-Time Operating System
SoCSystem on a Chip
đģ Software & Application Security
SBOMSoftware Bill of Materials
SCASoftware Composition Analysis
PUPPotentially Unwanted Program
XSSCross-Site Scripting
CSRFCross-Site Request Forgery
SQLStructured Query Language
đ Compliance & Standards
STIGSecurity Technical Implementation Guide
FIPSFederal Information Processing Standards
PCI DSSPayment Card Industry Data Security Standard
ISO/IEC 27001Information Security Management System
ISO/IEC 27018Protection of PII in Public Clouds
MOAMemorandum of Agreement
NDANon-Disclosure Agreement
SLAService Level Agreement
SOWStatement of Work
đ Threat Intelligence & Response
APTAdvanced Persistent Threat
NVDNational Vulnerability Database
TTPTactics, Techniques, and Procedures
IoCIndicators of Compromise
CVSSCommon Vulnerability Scoring System
SCAPSecurity Content Automation Protocol
đą Mobile Device Management
VDIVirtual Desktop Infrastructure
COPECorporate Owned, Personally Enabled
BYODBring Your Own Device
CYODChoose Your Own Device
MAMMobile Application Management
MDMMobile Device Management
EMMEnterprise Mobility Management
âī¸ Cloud & Virtualization
IaaSInfrastructure as a Service
PaaSPlatform as a Service
SaaSSoftware as a Service
SDNSoftware Defined Networking
CASBCloud-Access Security Broker
SASESecure Access Service Edge
IaCInfrastructure as Code
VPCVirtual Private Cloud
MSPManaged Service Provider
MSSPManaged Security Service Provider
⥠High Availability & Infrastructure
CARPCommon Address Redundancy Protocol
MTBFMean Time Between Failures
MTTRMean Time To Repair
RTORecovery Time Objective
RPORecovery Point Objective
đ Terms & Definitions Reference (Click to expand)
đ¯ Social Engineering Attacks
Phishing
Fraudulent emails or messages designed to trick individuals into revealing sensitive information or performing actions.
Smishing
SMS phishing - sending deceptive text messages to trick individuals into revealing information or downloading malware.
Vishing
Voice phishing - using phone calls to deceive individuals into divulging sensitive information.
Whaling
Targeted phishing attacks aimed at high-profile individuals like executives or senior management.
Pretexting
Creating a fabricated scenario (pretext) to manipulate individuals into divulging information or performing actions.
Typosquatting
Registering domain names similar to legitimate websites with common typos to deceive users and steal information.
đ Data Protection & Cryptography
Tokenization
Substituting sensitive data with non-sensitive equivalents (tokens) that retain format but have no exploitable value.
Cryptography
The practice of securing information by transforming it into an unreadable format using mathematical algorithms.
Steganography
The practice of concealing messages or information within other non-secret text, images, or files.
Hashing
Converting data into a fixed-size string of characters (hash) that uniquely represents the original data, used for integrity verification.
Salting
Adding random data to passwords before hashing to prevent rainbow table attacks and ensure unique hashes.
đ Compliance & Frameworks
SOC 2
Service Organization Control 2 - an auditing framework for service providers storing customer data in the cloud, focusing on security, availability, processing integrity, confidentiality, and privacy.
GDPR
General Data Protection Regulation - EU regulation on data protection and privacy for individuals in the European Union.
HIPAA
Health Insurance Portability and Accountability Act - US legislation providing data privacy and security provisions for safeguarding medical information.
CIS Controls
Center for Internet Security Controls - prioritized set of actions to protect organizations from known cyber attack vectors.
đĄī¸ Security Concepts
Zero Trust
Security model that requires strict identity verification for every person and device trying to access resources, regardless of location.
Defense in Depth
Layered security approach using multiple security controls to protect assets, ensuring that if one layer fails, others remain.
Least Privilege
Security principle that users should only have the minimum access rights necessary to perform their job functions.
Air Gap
Physical isolation of a computer or network from unsecured networks, including the internet, to prevent unauthorized access.
đĻ Malware Types
Ransomware
Malicious software that encrypts files or systems and demands payment for decryption.
Rootkit
Malware that grants unauthorized root/administrative access to a system and conceals its presence from detection.
Trojan
Malware disguised as legitimate software that tricks users into installing it to perform malicious actions.
Spyware
Software that secretly monitors and collects information about users' activities without their knowledge.
đ Network Attacks
DDoS Attack
Distributed Denial of Service - overwhelming a system with traffic from multiple sources to make it unavailable.
Man-in-the-Middle
Attack where an attacker secretly intercepts and relays communications between two parties to eavesdrop or manipulate data.
DNS Poisoning
Corrupting a DNS resolver's cache with false information to redirect users to malicious websites.
ARP Spoofing
Sending fake ARP messages to link an attacker's MAC address with a legitimate IP address for traffic interception.
Select Quiz Type:
Enter 5 - 195