Security+ Glossary

Term

AAA

Authentication, Authorization, and Accounting. A security framework for controlling access to resources. Authentication verifies identity, Authorization grants permissions, Accounting tracks actions.

RADIUS TACACS+

Term

Access Control List (ACL)

A list of permissions attached to an object specifying which users or system processes can access it and what operations they can perform.

DACL Firewall

Term

Active Directory (AD)

Microsoft's directory service for Windows domain networks. Stores information about network resources and enables centralized management of users, computers, and policies.

LDAP Kerberos

Term

Advanced Encryption Standard (AES)

Symmetric block cipher adopted as an encryption standard. Uses key sizes of 128, 192, or 256 bits. The current standard for symmetric encryption.

Symmetric Encryption Block Cipher

Term

Advanced Persistent Threat (APT)

A sophisticated, long-term cyberattack where an intruder gains access to a network and remains undetected for an extended period. Often state-sponsored.

Nation-state Threat Actor

Term

Annualized Loss Expectancy (ALE)

The expected monetary loss for an asset due to a risk over a one-year period. Calculated as ALE = SLE × ARO.

SLE ARO Risk Assessment

Term

Annualized Rate of Occurrence (ARO)

The estimated frequency with which a threat is expected to occur within a year. Used in quantitative risk analysis.

ALE SLE

Term

Asymmetric Encryption

Encryption using a pair of mathematically related keys: a public key for encryption and a private key for decryption. Examples: RSA, ECC, Diffie-Hellman.

RSA Public Key PKI

Term

Attack Surface

The sum of all possible security risk exposures. Includes all endpoints, services, protocols, and interfaces that could be exploited.

Vulnerability Threat

Term

Authentication

The process of verifying the identity of a user, device, or system. Common methods include passwords, biometrics, tokens, and certificates.

MFA Authorization

Term

Backdoor

A hidden method for bypassing normal authentication or encryption. Can be intentionally built in or installed by malware.

Trojan RAT

Term

Backup Types

Full: Complete copy of all data. Incremental: Only changes since last backup. Differential: Changes since last full backup.

RPO Disaster Recovery

Term

Biometrics

Authentication based on unique physical characteristics such as fingerprints, facial recognition, iris patterns, or voice patterns.

Authentication MFA

Term

Block Cipher

Encryption method that operates on fixed-size groups of bits (blocks). Examples: AES, DES, 3DES. Contrast with stream ciphers.

AES Symmetric Encryption

Term

Bluejacking

Sending unsolicited messages to Bluetooth-enabled devices. Generally harmless but can be annoying.

Bluesnarfing Bluetooth

Term

Bluesnarfing

Unauthorized access to information from a Bluetooth device such as contacts, calendars, and messages.

Bluejacking Bluetooth

Term

Botnet

A network of compromised computers (bots/zombies) controlled remotely by an attacker. Used for DDoS attacks, spam, and cryptomining.

DDoS Malware C2

Term

Brute Force Attack

An attack method that tries every possible combination until the correct one is found. Mitigated by account lockouts, rate limiting, and strong passwords.

Dictionary Attack Password Attack

Term

Buffer Overflow

A vulnerability where a program writes more data to a buffer than it can hold, potentially allowing code execution. Mitigated by ASLR, DEP, and input validation.

Memory Attack Exploit

Term

Business Continuity Plan (BCP)

Documentation of procedures to ensure critical business functions continue during and after a disaster. Includes RTO and RPO objectives.

Disaster Recovery RTO RPO

Term

Certificate Authority (CA)

A trusted entity that issues digital certificates, verifying the identity of certificate holders and binding public keys to identities.

PKI Digital Certificate

Term

Chain of Custody

Documentation tracking evidence from collection to presentation in court. Records who handled evidence, when, where, and why.

Digital Forensics Evidence

Term

CIA Triad

The three core principles of information security: Confidentiality (data privacy), Integrity (data accuracy), Availability (data accessibility).

Security Principles

Term

CISO

Chief Information Security Officer. Executive responsible for an organization's information and data security strategy, policies, and operations.

Security Governance

Term

Cloud Access Security Broker (CASB)

Security policy enforcement point between cloud service consumers and providers. Provides visibility, compliance, data security, and threat protection.

Cloud Security SaaS

Term

Command and Control (C2)

Infrastructure used by attackers to communicate with and control compromised systems. Also called C&C.

Botnet APT

Term

Container

Lightweight, isolated environment for running applications with their dependencies. Docker is the most common platform. Kubernetes orchestrates containers.

Docker Virtualization

Term

Credential Stuffing

Using stolen username/password pairs from one breach to attempt login on other sites. Exploits password reuse.

Brute Force Password Spray

Term

Cross-Site Request Forgery (CSRF)

Attack that tricks a user's browser into executing unwanted actions on a site where they're authenticated.

XSS Web Attack

Term

Cross-Site Scripting (XSS)

Injecting malicious scripts into web pages viewed by others. Types: Stored (persistent), Reflected (non-persistent), DOM-based.

Web Attack Input Validation

Term

Cryptographic Hash

One-way function producing a fixed-length output (digest) from input data. Used for integrity verification and password storage. Examples: SHA-256, SHA-3.

SHA MD5 Integrity

Term

Data at Rest

Data stored on devices or media (hard drives, SSDs, backups). Should be encrypted using full-disk encryption or file-level encryption.

Encryption Data in Transit

Term

Data in Transit

Data being transmitted over a network. Should be protected using TLS, VPN, or other encryption protocols.

TLS VPN Data at Rest

Term

Data Loss Prevention (DLP)

Technology and processes to prevent unauthorized data exfiltration. Can be network-based, endpoint-based, or cloud-based.

Data Classification Exfiltration

Term

Defense in Depth

Layered security strategy using multiple controls at different levels. If one layer fails, others continue to protect. Also called layered security.

Security Controls Layered Security

Term

Demilitarized Zone (DMZ)

Network segment between internal and external networks. Hosts public-facing services while protecting internal resources.

Firewall Network Segmentation

Term

Denial of Service (DoS)

Attack designed to make a system or network unavailable to legitimate users by overwhelming it with traffic or requests.

DDoS Availability

Term

Dictionary Attack

Password attack using a list of common words and phrases. Faster than brute force but limited to dictionary entries.

Brute Force Password Attack

Term

Digital Certificate

Electronic document binding a public key to an identity. Issued by a Certificate Authority. Contains subject, issuer, validity period, and public key.

CA PKI X.509

Term

Digital Signature

Cryptographic mechanism proving authenticity and integrity. Created by hashing data and encrypting the hash with the sender's private key.

Non-repudiation PKI

Term

Distributed Denial of Service (DDoS)

DoS attack using multiple compromised systems (botnet) to flood the target. Types: Volumetric, Protocol, Application layer.

DoS Botnet

Term

DNS Poisoning

Corrupting DNS cache to redirect users to malicious sites. Mitigated by DNSSEC, using trusted DNS servers.

DNS DNSSEC

Term

Due Care

Taking reasonable steps to protect assets and act responsibly. Implementing controls, following policies, acting prudently.

Due Diligence Liability

Term

Due Diligence

Research and investigation before taking action. Understanding risks, evaluating vendors, planning security measures.

Due Care Risk Assessment

Term

Elliptic Curve Cryptography (ECC)

Asymmetric encryption using elliptic curves. Provides equivalent security to RSA with smaller key sizes. Used in TLS, SSH, cryptocurrency.

Asymmetric Encryption RSA

Term

Endpoint Detection and Response (EDR)

Advanced endpoint security providing continuous monitoring, threat detection, and automated response. Collects and analyzes endpoint data.

Endpoint Security SIEM

Term

Evil Twin

Rogue wireless access point mimicking a legitimate one. Victims connect thinking it's the real network, allowing traffic interception.

Rogue AP Wireless Attack

Term

Exploit

Code or technique that takes advantage of a vulnerability. Zero-day exploits target unknown vulnerabilities.

Vulnerability Zero-Day

Term

Extended Detection and Response (XDR)

Security solution integrating multiple security products for unified threat detection, investigation, and response across the enterprise.

EDR SIEM

Term

False Positive

Security alert triggered when no actual threat exists. High false positive rates lead to alert fatigue.

False Negative IDS

Term

False Negative

Failure to detect an actual threat. More dangerous than false positives as attacks go unnoticed.

False Positive IDS

Term

Federated Identity

Linking a user's identity across multiple identity management systems. Enables SSO across organizational boundaries.

SSO SAML

Term

Firewall

Network security device monitoring and filtering traffic based on rules. Types: Packet filtering, Stateful, Application/Proxy, Next-Gen (NGFW).

NGFW ACL

Term

Full Disk Encryption (FDE)

Encrypting entire storage device including OS and data. Examples: BitLocker (Windows), FileVault (macOS), LUKS (Linux).

Encryption Data at Rest

Term

Gap Analysis

Comparison between current security state and desired state. Identifies deficiencies and prioritizes remediation efforts.

Risk Assessment Security Audit

Term

GDPR

General Data Protection Regulation. EU law on data privacy applying to any organization handling EU citizen data. Fines up to 4% of global revenue.

Privacy Compliance

Term

Group Policy

Windows feature for centralized management of user and computer settings across a domain. Configured through Group Policy Objects (GPOs).

Active Directory Windows

Term

Hardware Security Module (HSM)

Physical device for secure cryptographic key storage and operations. Tamper-resistant, used for high-security applications.

Key Management TPM

Term

Hash

Fixed-length output from a cryptographic hash function. Used for integrity verification, password storage, digital signatures.

SHA MD5 Integrity

Term

HIPAA

Health Insurance Portability and Accountability Act. US law protecting health information (PHI). Requires security and privacy safeguards.

PHI Compliance

Term

Honeypot

Decoy system designed to attract and detect attackers. Provides early warning and intelligence about attack methods.

Honeynet Deception

Term

HTTPS

HTTP Secure. HTTP over TLS providing encrypted web communication. Uses port 443. Certificate verifies server identity.

TLS Port 443

Term

Identity and Access Management (IAM)

Framework of policies and technologies ensuring the right individuals access the right resources. Includes identity lifecycle management.

Authentication Authorization

Term

Incident Response

Organized approach to handling security incidents. Phases: Preparation, Detection, Containment, Eradication, Recovery, Lessons Learned.

CSIRT Forensics

Term

Indicators of Attack (IoA)

Signs of an attack in progress. Focus on attacker behavior and techniques. More proactive than IoCs.

IoC Threat Intelligence

Term

Indicators of Compromise (IoC)

Forensic evidence that an attack has occurred. Examples: malicious IPs, file hashes, domain names, registry changes.

IoA Threat Intelligence

Term

Infrastructure as Code (IaC)

Managing infrastructure through code and automation. Enables version control, consistency, and rapid deployment. Examples: Terraform, Ansible.

DevSecOps Automation

Term

Input Validation

Verifying that user input meets expected criteria before processing. Critical for preventing injection attacks.

SQL Injection XSS

Term

Intrusion Detection System (IDS)

System that monitors for suspicious activity and alerts security personnel. Passive monitoring, doesn't block traffic.

IPS HIDS NIDS

Term

Intrusion Prevention System (IPS)

System that monitors and actively blocks detected threats. Inline deployment, can drop malicious packets.

IDS NGFW

Term

IPsec

Internet Protocol Security. Protocol suite for securing IP communications through authentication and encryption. Used in VPNs.

VPN AH ESP

Term

Jump Server

Hardened server used as an intermediary for accessing secure networks. Also called jump box or bastion host. Provides access control and logging.

Bastion Host PAM

Term

Kerberos

Network authentication protocol using tickets granted by a Key Distribution Center (KDC). Used in Active Directory. Provides SSO capability.

KDC TGT Active Directory

Term

Key Distribution Center (KDC)

Kerberos component that authenticates users and issues tickets. Contains Authentication Server (AS) and Ticket Granting Server (TGS).

Kerberos TGT

Term

Key Escrow

Storing copies of encryption keys with a trusted third party. Enables key recovery but creates additional security risks.

Key Management Recovery

Term

Keylogger

Software or hardware that records keystrokes. Used to capture passwords and sensitive information. Can be malware or legitimate monitoring.

Spyware Malware

Term

LDAP

Lightweight Directory Access Protocol. Protocol for accessing and maintaining directory services. Port 389 (LDAP), Port 636 (LDAPS).

Active Directory Directory Service

Term

Least Privilege

Security principle that users should have only the minimum permissions necessary for their job function. Reduces attack surface.

Need to Know Access Control

Term

Load Balancer

Device distributing network traffic across multiple servers. Improves availability, performance, and can provide SSL offloading.

High Availability Redundancy

Term

Log Management

Collecting, storing, analyzing, and retaining log data from various sources. Essential for security monitoring and compliance.

SIEM Audit Trail

Term

Logic Bomb

Malicious code that executes when specific conditions are met (date, event, user action). Often planted by insiders.

Malware Insider Threat

Term

Malware

Malicious software designed to harm systems. Types include viruses, worms, trojans, ransomware, spyware, rootkits, and adware.

Virus Ransomware Trojan

Term

Man-in-the-Middle (MITM)

Attack where attacker secretly intercepts and possibly alters communication between two parties. Mitigated by encryption and certificate validation.

Eavesdropping ARP Poisoning

Term

Mean Time Between Failures (MTBF)

Average time between system failures. Higher MTBF indicates greater reliability. Used in availability calculations.

MTTR Availability

Term

Mean Time to Repair (MTTR)

Average time to repair a failed system. Lower MTTR means faster recovery. Critical for availability planning.

MTBF RTO

Term

Microsegmentation

Granular network segmentation at the workload level. Limits lateral movement within data centers and cloud environments.

Zero Trust Segmentation

Term

Multi-Factor Authentication (MFA)

Authentication requiring two or more different factor types: something you know, have, are, somewhere you are, or something you do.

2FA Authentication

Term

Network Access Control (NAC)

Solution controlling device access to networks based on compliance with security policies. Uses 802.1X for port-based authentication.

802.1X Posture Assessment

Term

Next-Generation Firewall (NGFW)

Advanced firewall with deep packet inspection, intrusion prevention, application awareness, and threat intelligence integration.

Firewall IPS UTM

Term

NIST

National Institute of Standards and Technology. US agency developing security standards and frameworks including NIST CSF and SP 800 series.

Compliance Framework

Term

Non-repudiation

Assurance that someone cannot deny their actions. Achieved through digital signatures, logging, and audit trails.

Digital Signature Accountability

Term

OAuth 2.0

Authorization framework allowing third-party applications limited access to user resources without sharing credentials. Not authentication (use OIDC for that).

OIDC Authorization

Term

OCSP

Online Certificate Status Protocol. Method for checking certificate revocation status in real-time. Alternative to CRL.

CRL PKI

Term

OpenID Connect (OIDC)

Identity layer on top of OAuth 2.0 providing authentication. Returns ID tokens with user identity information.

OAuth SSO

Term

Order of Volatility

Sequence for collecting digital evidence based on data persistence. Most volatile first: CPU registers, RAM, swap, disk, remote logs, archived media.

Forensics Evidence

Term

Password Spray

Attack trying a few common passwords against many accounts. Avoids account lockout by limiting attempts per account.

Brute Force Credential Stuffing

Term

Patch Management

Process of acquiring, testing, and installing software updates. Critical for maintaining security and fixing vulnerabilities.

Vulnerability Management Change Management

Term

PCI DSS

Payment Card Industry Data Security Standard. Requirements for organizations handling credit card data. 12 security requirements.

Compliance Credit Card

Term

Penetration Testing

Authorized simulated attack to evaluate security. Types: Black box (no knowledge), White box (full knowledge), Gray box (partial).

Ethical Hacking Vulnerability Assessment

Term

Perfect Forward Secrecy (PFS)

Property ensuring session keys cannot be compromised if long-term keys are exposed. Uses ephemeral Diffie-Hellman (DHE/ECDHE).

TLS Key Exchange

Term

Pharming

Redirecting website traffic to fraudulent sites by compromising DNS or hosts file. Doesn't require user to click a link.

DNS Poisoning Phishing

Term

Phishing

Social engineering attack using fraudulent emails to trick users. Variants: Spear phishing (targeted), Whaling (executives), Vishing (voice), Smishing (SMS).

Social Engineering Spear Phishing

Term

PKI

Public Key Infrastructure. Framework for managing digital certificates and public-key encryption. Components: CA, RA, certificates, CRL/OCSP.

CA Digital Certificate

Term

Privilege Escalation

Exploiting vulnerabilities to gain elevated access. Vertical: user to admin. Horizontal: accessing another user's resources.

Exploit Access Control

Term

Proxy Server

Intermediary server between clients and resources. Forward proxy: hides clients. Reverse proxy: hides servers, provides load balancing.

WAF Load Balancer

Term

Quantitative Risk Analysis

Risk assessment using numerical values and financial calculations. Uses ALE, SLE, ARO. More objective but requires accurate data.

ALE Qualitative Risk

Term

Qualitative Risk Analysis

Risk assessment using categories (High/Medium/Low) and risk matrices. Faster than quantitative but more subjective.

Risk Matrix Quantitative Risk

Term

RADIUS

Remote Authentication Dial-In User Service. AAA protocol for network access. Uses UDP ports 1812/1813. Encrypts only password.

AAA TACACS+

Term

RAID

Redundant Array of Independent Disks. Storage technology combining multiple disks. RAID 0 (striping), 1 (mirroring), 5 (striping with parity), 10 (1+0).

Redundancy Storage

Term

Rainbow Table

Precomputed table of hash values for password cracking. Mitigated by using salted hashes.

Hash Salt Password Cracking

Term

Ransomware

Malware encrypting files and demanding payment for decryption. Prevention: backups, user training, endpoint protection.

Malware Encryption

Term

Recovery Point Objective (RPO)

Maximum acceptable data loss measured in time. Determines backup frequency. RPO of 1 hour means you can lose up to 1 hour of data.

RTO Backup BCP

Term

Recovery Time Objective (RTO)

Maximum acceptable downtime after a disaster. Determines recovery strategy and resources needed.

RPO BCP MTTR

Term

Risk

Potential for loss or damage. Risk = Threat × Vulnerability × Impact. Can be accepted, mitigated, transferred, or avoided.

Threat Vulnerability Risk Assessment

Term

Role-Based Access Control (RBAC)

Access control based on user roles within an organization. Users are assigned roles, roles have permissions.

Access Control DAC MAC

Term

Rootkit

Malware designed to hide its presence and maintain privileged access. Operates at kernel level. May require complete reinstall to remove.

Malware Kernel

Term

RSA

Asymmetric encryption algorithm based on factoring large prime numbers. Used for encryption, digital signatures, and key exchange.

Asymmetric Encryption Public Key

Term

Salt

Random data added to passwords before hashing. Makes rainbow table attacks ineffective. Each password should have unique salt.

Hash Rainbow Table

Term

SAML

Security Assertion Markup Language. XML-based SSO standard for web browsers. Identity Provider authenticates, Service Provider trusts assertions.

SSO Federation

Term

Sandboxing

Isolating programs in a restricted environment to limit potential damage. Used for testing untrusted code and malware analysis.

Isolation Malware Analysis

Term

Security Information and Event Management (SIEM)

Platform collecting, correlating, and analyzing security logs from multiple sources. Provides alerting, dashboards, and compliance reporting.

Log Management SOAR

Term

Separation of Duties

Dividing critical tasks among multiple people to prevent fraud and errors. No single person controls all aspects of sensitive processes.

Least Privilege Access Control

Term

Single Loss Expectancy (SLE)

Expected monetary loss from a single occurrence of a risk. Calculated as SLE = Asset Value × Exposure Factor.

ALE ARO

Term

Single Sign-On (SSO)

Authentication allowing users to access multiple applications with one set of credentials. Improves user experience but creates single point of failure.

SAML OAuth Federation

Term

SOAR

Security Orchestration, Automation, and Response. Platform automating security operations through playbooks and integration with security tools.

SIEM Incident Response

Term

Social Engineering

Manipulating people into divulging information or performing actions. Techniques: pretexting, baiting, quid pro quo, tailgating, shoulder surfing.

Phishing Human Factor

Term

SQL Injection

Attack inserting malicious SQL into application queries. Can read, modify, or delete database data. Prevention: parameterized queries, input validation.

Injection Attack Web Security

Term

Symmetric Encryption

Encryption using the same key for encryption and decryption. Fast and efficient but has key distribution challenges. Examples: AES, DES, 3DES.

AES Key Exchange

Term

Supply Chain Attack

Targeting less-secure elements in the supply chain to compromise the target. Examples: software updates, hardware implants, third-party vendors.

Third-Party Risk SolarWinds

Term

TACACS+

Terminal Access Controller Access-Control System Plus. Cisco AAA protocol using TCP port 49. Encrypts entire payload, separates AAA functions.

AAA RADIUS

Term

Threat

Potential cause of an unwanted incident. Can be natural (disaster), human (attacker), or environmental (power failure).

Vulnerability Risk

Term

Threat Actor

Entity responsible for security incidents. Types: nation-state, organized crime, hacktivists, insiders, script kiddies.

APT Attacker

Term

Threat Intelligence

Evidence-based knowledge about threats. Types: Strategic (trends), Tactical (TTPs), Operational (campaigns), Technical (IoCs).

IoC STIX/TAXII

Term

TLS

Transport Layer Security. Protocol for encrypted communication over networks. Successor to SSL. Current versions: TLS 1.2 and TLS 1.3.

SSL HTTPS Encryption

Term

TPM

Trusted Platform Module. Hardware chip for secure cryptographic operations and key storage. Used for disk encryption, secure boot.

HSM Secure Boot

Term

Trojan

Malware disguised as legitimate software. Unlike viruses, doesn't self-replicate. Types: RAT, banking trojan, backdoor.

Malware RAT

Term

Unified Threat Management (UTM)

All-in-one security appliance combining firewall, IPS, antivirus, content filtering, VPN, and other security features.

NGFW Firewall

Term

User and Entity Behavior Analytics (UEBA)

Security solution using machine learning to detect anomalous user and entity behavior that may indicate threats.

SIEM Insider Threat

Term

Virtual Private Network (VPN)

Encrypted tunnel over public networks. Types: Site-to-site (network to network), Remote access (user to network). Protocols: IPsec, SSL/TLS, WireGuard.

IPsec Tunnel

Term

VLAN

Virtual Local Area Network. Logical network segmentation at Layer 2. Improves security by isolating traffic. Uses 802.1Q tagging.

Network Segmentation Switch

Term

Vulnerability

Weakness that could be exploited by a threat. Can be in software, hardware, processes, or people. Identified through scanning and assessments.

Threat Exploit CVE

Term

Vulnerability Scanning

Automated process identifying security weaknesses. Types: Credentialed (with login), Non-credentialed (external view). Tools: Nessus, Qualys.

Penetration Testing CVE

Term

WAF

Web Application Firewall. Protects web applications by filtering HTTP traffic. Blocks SQL injection, XSS, and other web attacks.

Firewall Web Security

Term

Watering Hole Attack

Compromising websites frequently visited by target group. Attackers infect the site and wait for victims to visit.

Drive-by Download Targeted Attack

Term

WPA3

Wi-Fi Protected Access 3. Latest wireless security protocol. Uses SAE (Simultaneous Authentication of Equals), 192-bit security in enterprise mode.

WPA2 Wireless Security

Term

Worm

Self-replicating malware that spreads without user interaction. Can consume bandwidth and cause widespread damage.

Malware Virus

Term

X.509

Standard format for digital certificates. Contains subject, issuer, public key, validity period, and signature.

PKI Digital Certificate

Term

XDR

Extended Detection and Response. Unified security platform integrating data from endpoints, network, cloud, and email for holistic threat detection.

EDR SIEM

Term

XSS

Cross-Site Scripting. Injecting malicious scripts into web pages. Types: Stored (persistent), Reflected (non-persistent), DOM-based.

Web Attack Input Validation

Term

YARA

Pattern matching tool for malware identification. Uses rules to describe malware characteristics for detection and classification.

Malware Analysis Threat Intelligence

Term

Zero Day

Vulnerability unknown to vendor with no available patch. Called "zero day" because developers have had zero days to fix it.

Vulnerability Exploit

Term

Zero Trust

Security model based on "Never trust, always verify." Every access request must be authenticated and authorized regardless of location.

Microsegmentation Least Privilege

Term

Zone Transfer

Replication of DNS zone data between servers. AXFR (full) and IXFR (incremental). Should be restricted to prevent information disclosure.

DNS Information Disclosure