Comptia Security+ (Exam Sy0-301)

Only available on StudyMode
  • Download(s) : 46
  • Published : February 10, 2013
Open Document
Text Preview
CompTIA Security+ (Exam SY0-301)

quick reference sheet
Table of Contents
.............................................................................. Fundamentals.............................................................................Page 1 Threats and Vulnerabilities.....................................................Page 1 Network Security.......................................................................Page 3 Application, Data, and Host Security...................................Page 4 Access Control and Authentication Services.....................Page 5 Cryptography Basics................................................................Page 5 Compliance and Operational Security.................................Page 6 Risk Management.....................................................................Page 7 Managing Security Incidents..................................................Page 8 Business Continuity and Disaster Recovery Planning......Page 8

Fundamentals
Information Security

Information security refers to the protection of available information or information resources from unauthorized access, attacks, thefts, or data damage. The three primary goals of information security are prevention, detection, and recovery.

Confidentiality

The CIA Triad

Integrity

Availability

Principle

Description

Confidentiality

The fundamental principle of keeping information
and communications private and protecting them
from unauthorized access.

Integrity

The property of keeping information accurate, free
of errors, and without unauthorized modifications.

Availability

The fundamental principle of ensuring that systems operate continuously and that authorized persons can access the data that they need.

Vulnerabilities, Threats and Attacks

A vulnerability is any condition that leaves a system open to attack, and a threat is any event or action that could potentially result in a

violation of a security requirement, policy, or procedure. An attack is a technique that is used to exploit a vulnerability in any application on a computer system without the authorization to do so.

Risk

Risk is a concept that indicates exposure to the chance of damage or loss. It signifies the likelihood of a hazard or dangerous threat occurring.

Controls

Controls are countermeasures that you need to put in place to avoid, mitigate, or counteract security risks due to threats or attacks. The three types of controls are prevention, detection, and correction.

Security Policy

A security policy is a formalized statement that defines how security will be implemented within a particular organization. It describes the means the organization will take to protect the confidentiality, availability, and integrity of sensitive data and resources, including the network infrastructure, physical and electronic data, applications, and the physical environment.

Threats and Vulnerabilities
Social Engineering
Type

Description

Spoofing

A human-based or software-based attack where the
goal is to pretend to be someone else.

Impersonation

A human-based attack where an attacker pretends
to be someone he is not.

1

Type

Description

Type

Description

Hoax

An email-based or web-based attack that is
intended to trick the user into performing
undesired actions, such as deleting important
system files.

ARP
poisoning

Phishing

An email-based attack where an attacker sends an
email that seems to come from a respected bank or
other financial institution.

Address Resolution Protocol (ARP) poisoning is an
attack that occurs when an attacker with access to the
target network redirects an IP address to the Media
Access Control (MAC) address of a computer that is
not the intended recipient.

Transitive
access

An attack that takes advantage of the transitive access
granted to employees within an organization so they
can access systems...
tracking img