CompTIA CASP+ Acronyms

Looking for CYSA+ acronyms? https://certification.tips/2020/02/18/comptia-cysa-acronyms

2FA Two-Factor Authentication

3DES Triple Digital Encryption Standard

AAA Authentication, Authorization and Accounting

AAR After Action Report

ACL Access Control List

AD Active Directory

AES Advanced Encryption Standard

AH Authentication Header

AJAX Asynchronous JavaScript and XML

ALE Annualized Loss Expectancy

AP Access Point

API Application Programming Interface

APT Advanced Persistent Threat

ARO Annualized Rate of Occurrence

ARP Address Resolution Protocol

ASLR Address Space Layout Randomization

AUP Acceptable Use Policy

AV Antivirus

B2B Business-to-Business

BCP Business Continuity Planning

BGP Border Gateway Protocol

BIA Business Impact Analysis

BIOS Basic Input/Output System

BPA Business Partnership Agreement

BPM Business Process Management

BYOD Bring Your Own Device

CA Certificate Authority

CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart

CASB Cloud Access Security Broker

CBC Cipher Block Chaining

CCMP Counter-Mode/CBC-Mac Protocol

CCTV Closed-Circuit Television

CERT Computer Emergency Response Team

CFB Cipher Feedback

CHAP Challenge Handshake Authentication Protocol

CIA Confidentiality, Integrity and Availability

CIFS Common Internet File System

CIRT Computer Incident Response Team

CISO Chief Information Security Officer

CLI Command Line Interface

CMDB Configuration Management Database

CMS Content Management System

COOP Continuity of Operations

COPE Corporate Owned, Personally Enabled

COTS Commercial Off-the-Shelf

CRC Cyclical Redundancy Check

CredSSP Credential Security Support Provider

CRL Certification Revocation List

CRM Customer Resource Management

CSP Cloud Service Provider

CSP Cryptographic Service Provider

CSRF Cross-Site Request Forgery

CTR Counter Mode

CVE Collaborative Virtual Environment

CYOD Choose Your Own Device

DAC Discretionary Access Control

DAM Database Activity Monitoring

DAR Data at Rest

DDoS Distributed Denial of Service

DEP Data Execution Prevention

DES Digital Encryption Standard

DHCP Dynamic Host Configuration Protocol

DKIM Domain Keys Identified Mail

DLL Dynamic Link Library

DLP Data Loss Prevention

DMZ Demilitarized Zone

DNS Domain Name Service

DOM Document Object Model

DoS Denial of Service

DRP Disaster Recovery Plan

DSA Digital Signature Algorithm

EAP Extensible Authentication Protocol

ECB Event Control Block

ECC Elliptic Curve Cryptography

EDR Endpoint Detection Response

EFS Encrypted File System

EMI Electromagnetic Interference

ERP Enterprise Resource Planning

ESA Enterprise Security Architecture

ESB Enterprise Service Bus

ESP Encapsulated Security Payload

EV Extended Validation (Certificate)

FDE Full Disk Encryption

FIM File Integrity Monitoring

FTP File Transfer Protocol

GPG GNU Privacy Guard

GPO Group Policy Object

GPU Graphic Processing Unit

GRC Governance, Risk and Compliance

GRE Generic Routing Encapsulation

GUI Graphical User Interface

HDD Hard Disk Drive

HIDS Host-based Intrusion Detection System

HIPS Host-based Intrusion Prevention System

HMAC Hashed Message Authentication Code

HOTP HMAC-based One-Time Password HSM Hardware Security Module

HSTS HTTP Strict Transport Security

HVAC Heating, Ventilation and Air Conditioning

IaaS Infrastructure as a Service

ICMP Internet Control Message Protocol

ICS Industrial Control System

IDE Integrated Development Environment

IdM Identity Management

IdP Identity Provider

IDS Intrusion Detection System

IETF Internet Engineering Task Force

IKE Internet Key Exchange

IM Instant Messaging

IMAP Internet Message Access Protocol

INE Inline Network Encryptor

IOC Indicator of Compromise

IoT Internet of Things

IP Internet Protocol

IPMI Internet Protocol Multicast Initiative

IPS Intrusion Prevention Systems

IPSec Internet Protocol Security

IR Incident Response

IRC Internet Relay Chat

IS-IS Intermediate System to Intermediate System

ISA Interconnection Security Agreement

ISAC Information Sharing Analysis Center

ISMS Information Security Management System

ISP Internet Service Provider

IV Initialization Vector

JSON JavaScript Object Notation

KDC Key Distribution Center

KPI Key Performance Indicator

KRI Key Risk Indicator

KVM Keyboard, Video, Mouse

LAN Local Area Network

L2TP Layer 2 Tunneling Protocol

LDAP Lightweight Directory Access Protocol

LEAP Lightweight Extensible Authentication Protocol

LTE Long-Term Evolution

LUN Logical Unit Number

MAC Mandatory Access Control

MAC Media Access Control

MAC Message Authentication Code

MAM Mobile Application Management

MAN Metropolitan Area Network

MBR Master Boot Record

MD5 Message Digest 5

MDM Mobile Device Management

MEAP Mobile Enterprise Application Platform

MFA Multifactor Authentication

MFD Multifunction Device

MITM Man in the Middle

MOA Memorandum of Agreement

MOU Memorandum of Understanding

MPLS Multiprotocol Label Switching

MSA Master Service Agreement

MSCHAP Microsoft Challenge Handshake Authentication Protocol

MSS Managed Security Service

MSSP Managed Security Service Provider

MTA Message Transfer Agent

MTBF Mean Time Between Failure

MTD Maximum Tolerable Downtime

MTP Media Transfer Protocol

MTTR Mean Time to Recovery

MTU Maximum Transmission Unit

NAC Network Access Control

NAS Network Attached Storage

NAT Network Address Translation

NDA Non-Disclosure Agreement

NFC Near Field Communication

NFS Network File System

NGFW Next Generation Firewall

NIDS Network Intrusion Detection System

NIPS Network Intrusion Prevention System

NIST National Institute of Standards and Technology

NLA Network-Level Authentication

NOS Network Operating System

NSP Network Service Provider

NTFS New Technology File System

NTLM New Technology LAN Manager

NTP Network Time Protocol

OCSP Online Certificate Status Protocol

OLA Operating-Level Agreement

OOB Out-of-Band

OS Operating System

OSI Open Systems Interconnection

OSPF Open Shortest Path First

OTP One-Time Password

OVAL Open Vulnerability Assessment Language

OWASP Open Web Application Security Project

P2P Peer-to-Peer

PaaS Platform as a Service

PAP Password Authentication Protocol

PAT Port Address Translation

PBKDF2 Password-Based Key Derivation Function 2

PBX Private Branch Exchange

PCI-DSS Payment Card Industry Data Security Standard

PDP Policy Distribution Point

PEAP Protected Extensible Authentication Protocol

PEP Policy Enforcement Point

PFS Perfect Forward Secrecy

PGP Pretty Good Privacy

PII Personal Identifiable Information

PIP Policy Information Point

PIR Post Incident Report

PKI Public Key Infrastructure

PLC Programmable Logic Controller

POC Proof of Concept

POTS Plain Old Telephone Service

PPP Point-to-Point Protocol

PPTP Point-to-Point Tunneling Protocol

PSK Pre-Shared Key QA Quality Assurance

QoS Quality of Service

R&D Research and Development

RA Recovery Agent

RA Registration Authority

RADIUS Remote Authentication Dial-in User Server

RAID Redundant Array of Inexpensive/Independent Disks

RAS Remote Access Server

RBAC Role-Based Access Control

RBAC Rule-Based Access Control

RDP Remote Desktop Protocol

REST Representational State Transfer

RFC Request for Comments

RFI Request for Information

RFID Radio Frequency Identification

RFP Request for Proposal

RFQ Request for Quote

ROI Return on Investment

RPO Recovery Point Objective

RSA Rivest, Shamir and Adleman

RTBH Remotely Triggered Black Hole

RTO Recovery Time Objective

RTP Real-time Transport Protocol

S/MIME Secure/Multipurpose Internet Mail Extensions

SaaS Software as a Service

SAML Security Assertions Markup Language

SAN Subject Alternative Name

SAN Storage Area Network

SAS Statement on Auditing Standards

SATCOM Satellite Communications

SCADA Supervisory Control and Data Acquisition

SCAP Security Content Automation Protocol

SCEP Simple Certificate Enrollment Protocol

SCP Secure Copy SCSI Small Computer System Interface

SDL Security Development Life Cycle

SDLC Software Development Life Cycle

SED Self-Encrypting Drive

SELinux Security Enhanced Linux

SFTP Secure File Transfer Protocol

SHA Secure Hashing Algorithm

SIEM Security Information Event Management

SIM Subscriber Identity Module

SIP Session Initiation Protocol

SLA Service-Level Agreement

SLE Single Loss Expectancy

SMB Server Message Block

SMS Short Message Service

SMTP Simple Mail Transfer Protocol

SNAT Source Network Address Translation

SNMP Simple Network Management Protocol

SOA Service-Oriented Architecture

SOA Start of Authority

SOA Statement of Applicability

SOAP Simple Object Access Protocol

SOC Security Operations Center

SOC Service Organization Controls

SOE Standard Operating Environment

SOP Standard Operating Procedure

SOW Statement of Work

SOX Sarbanes-Oxley Act of 2002

SP Service Provider

SPIM Spam over Internet Messaging

SPML Service Provisioning Markup Language

SRTM Security Requirements Traceability Matrix

SRTP Secure Real-Time Protocol

SRV Service Records

SSD Solid State Drive

SSDLC Security System Development Life Cycle

SSH Secure Shell

SSID Service Set Identifier

SSL Secure Sockets Layer

SSO Single Sign-On

SSP Storage Service Provider

TACACS Terminal Access Controller Access Control System

TCO Total Cost of Ownership

TCP/IP Transmission Control Protocol/Internet Protocol

TKIP Temporal Key Integrity Protocol

TLS Transport Layer Security

TOC/TOU Time of Check/Time of Use

TOS Type of Service

TOTP Time-based One-Time Password

TPM Trusted Platform Module

TSIG Transaction Signature Interoperability Group

TTR Time to Restore

UAC User Access Control

UAT User Acceptance Testing

UDP User Datagram Protocol

UEFI Unified Extensible Firmware Interface

UPS Uninterruptable Power Supply

URL Universal Resource Locator

USB Universal Serial Bus

UTM Unified Threat Management

VDI Virtual Desktop Infrastructure

VLAN Virtual Local Area Network

VM Virtual Machine

VMFS VMware File System

VNC Virtual Network Connection

VoIP Voice over IP

VPN Virtual Private Network

VRRP Virtual Router Redundancy Protocol

vSAN Virtual Storage Area Network

VTC Video Teleconferencing

vTPM Virtual Trusted Platform Module

WAF Web Application Firewall

WAP Wireless Access Point

WAYF Where Are You From

WEP Wired Equivalent Privacy

WIDS Wireless Intrusion Detection System

WIPS Wireless Intrusion Prevention System

WMI Windows Management Interface

WPA Wireless Protected Access

WRT Work Recovery Time

WSDL Web Services Description Language

XACML eXtensible Access Control Markup Language

XHR XMLHttpRequest

XMPP eXtensible Messaging and Presence Protocol

XSS Cross-Site Scripting

Looking for online I.T. training? Visit itmasterkey.com

Advertisements

HIGHEST PAYING I.T. CERTIFICATIONS 2020

This are all averages. Depending on location you may make less and in some cases you may make more

10. CISSP

Awesome video by Jon Good

CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL

This certification is meant for senior level security professionals. For individuals looking to obtain CISSP you’ll need to have several years of security experience to be successful.

National Average Salary

120,000$

9. AWS Certified Solutions Architect

AWESOME VIDEO BY I.T. CAREER QUESTIONS

AMAZON WEB SERVICES

With many organizations moving towards cloud computing there’s no wonder this certification is in the Top 10. With Amazon being an absolute behemoth in the tech space, getting AWS certified will definitely make you stand out.

National Average Salary

110,000$

8. Google Certified Professional Cloud Architect

AWESOME VIDEO BY DANIEL BOURKE

With google becoming a verb, it’s also become one of the top 100 best places to work.

National Average Salary

105,000$

7. Big Data Certification

AWESOME VIDEO BY EDUREKA

Big data analysts understand the volume, velocity, and variety of data.

National Average Salary

130,000$

6. Data Science Certification

AWESOME VIDEO BY 365 DATA SCIENCE

Data scientists are extremely proficient at dissecting data

National Average Salary

118,000$

5. Certified In Risk And Information Systems Control

AWESOME VIDEO BY ISACA

This certification validates the testers knowledge about industry leading knowledge and practices when it comes to information Systems.

NATIONAL AVERAGE SALARY

107,000$

4. Certified Information Security Manager

AWESOME VIDEO BY SMART IT INFO TECH

The CISM covers topics such as incident management , program development, risk management, and security governance.

National Average Salary

130,000$

3. Project Management Professional

AWESOME VIDEO BY CHRIS DANIEL

PMP is not an I.T. specific certification. The PMP demonstrates your project knowledge and experience.

National Average Salary

113,00$

2. Certified Scrum Master

AWESOME VIDEO BY EDUREKA

The CSM mostly revolves around software development.

National Average Salary

118,000$

1. Certified Ethical Hacker

AWESOME VIDEO BY FREECODECAMP

An ethical hacker makes organizations aware of vulnerabilities and exploits.

Looking for a study group? Join ours here https://bit.ly/2pk8p3Y

CompTIA Security+ Objectives

The CompTIA exam has six domains with several objectives within each domain.

1.0 Threats, Attacks and Vulnerabilities 21%

2.0 Technologies and Tools 22%

3.0 Architecture and Design 15%

4.0 Identity and Access Management 16%

5.0 Risk Management 14%

6.0 Cryptography and PKI 12% Total 100%

1.0 Threats, Attacks and Vulnerabilities

*Given a scenario, analyze indicators of compromise and determine the type of malware.

* Compare and contrast types of attacks.

Social engineering • Application/service attacks • Wireless attacks Cryptographic attacks

*Explain threat actor types and attributes

• Types of actors • Attributes of actors Use of open-source intelligence

* Explain penetration testing concepts.

* Explain vulnerability scanning concepts.

*Explain the impact associated with types of vulnerabilities

• Memory/buffer vulnerability • System sprawl/undocumented assets s • Architecture/design weaknesses • New threats/zero day Improper certificate and key management

2.0 Technologies and Tools

*Install and configure network components, both hardwareand software-based, to support organizational security.

• Firewall • VPN concentrator • NIPS/NIDS • Router Switch • Proxy • Load balancer • Access point • SIEM • DLP • NAC • Mail gateway

*Given a scenario, use appropriate software tools to assess the security posture of an organization.

• Protocol analyzer • Network scanners – Rogue system detection – Network mapping • Wireless scanners/cracker • Password cracker • Vulnerability scanner • Configuration compliance scanner • Exploitation frameworks • Data sanitization tools • Steganography tools • Honeypot • Backup utilities • Banner grabbing • Passive vs. active • Command line tools

*Given a scenario, troubleshoot common security issues.

• Unencrypted credentials/clear text • Logs and events anomalies • Permission issues • Access violations • Certificate issues • Data exfiltration • Misconfigured devices

* Given a scenario, analyze and interpret output from security technologies.

• HIDS/HIPS • Antivirus • File integrity check • Host-based firewall • Application whitelisting • Removable media control • Advanced malware tools • Patch management tools • UTM • DLP • Data execution prevention • Web application firewall

*Given a scenario, deploy mobile devices securely.

• Connection methods • Mobile device management concepts • Enforcement and monitoring • Deployment models

*Given a scenario, implement secure protocols.

• Protocols • Use cases

3.0 Architecture and Design

*Explain use cases and purpose for frameworks, best practices and secure configuration guides.

• Industry-standard frameworks and reference architectures • Benchmarks/secure configuration guides • Defense-in-depth/layered security

*Given a scenario, implement secure network architecture concepts.

• Zones/topologies • Segregation/segmentation/isolation • Tunneling/VPN • Security device/technology placement

*Given a scenario, implement secure systems design.

• Hardware/firmware security • Operating systems • Peripherals

*Explain the importance of secure staging deployment concepts.

* Explain the security implications of embedded systems.

* Summarize secure application development and deployment concepts.

• Development life-cycle models • Secure DevOps • Provisioning and deprovisioning • Secure coding techniques • Code quality and testing

*Summarize cloud and virtualization concepts.

• Hypervisor • VM sprawl avoidance • Cloud storage • Cloud deployment models

*Explain how resiliency and automation strategies reduce risk.

• Automation/scripting • Templates • Non-persistence • Elasticity

*Explain the importance of physical security controls.

4.0 Identity and Access Management

* Compare and contrast identity and access management concepts

• Multifactor authentication • Federation • Single sign-on

*Given a scenario, install and configure identity and access services.

* Given a scenario, implement identity and access management controls.

• Access control models • Physical access control • Biometric factors • Tokens • Certificate-based authentication

*Given a scenario, differentiate common account management practices.

• Account types • General Concepts • Account policy enforcement

5.0 Risk Management

* Explain the importance of policies, plans and procedures related to organizational security.

• Standard operating procedure • Agreement types Personnel management • General security policies

*Summarize business impact analysis concepts.

* Explain risk management processes and concepts.

• Threat assessment • Risk assessment • Change management

*Given a scenario, follow incident response procedures.

• Incident response plan • Incident response process

*Summarize basic concepts of forensics.

• Data acquisition • Preservation • Track man-hours

*Explain disaster recovery and continuity of operation concepts.

• Recovery sites • Order of restoration • Backup concepts • Geographic considerations • Continuity of operation planning

*Compare and contrast various types of controls.

*Given a scenario, carry out data security and privacy practices.

• Data destruction and media sanitization • Data sensitivity labeling and handling • Data roles

6.0 Cryptography

*Compare and contrast basic concepts of cryptography.

*Explain cryptography algorithms and their basic characteristics.

• Symmetric algorithms • Cipher modes • Asymmetric algorithms • Hashing algorithms • Key stretching algorithms • Obfuscation

Looking for security+ training? Try out a course here https://itmasterkey.com/p/comptia-security-certification-course

HOW TO PASS A COMPTIA TEST |THREE EASY STEPS | STUDY TIPS & TRICKS

Quick Summary

1. Go thru over all objectives 👀

2. Come up with a study plan 📚

3. Take a lot of practice tests ✔

1. Objectives

Be sure to go through all objectives covered on the exam. CompTIA has a comprehensive list of all the topics to be covered on the exam. Visit comptia.org to find the objectives for your chosen exam. Once you’ve found your objectives it’s time to come up with a study plan.

2. Study Plan

Having a solid study plan is pivotal to your success. You need to dedicate a predetermined amount of hours a week to studying. This can be made easier by studying with partners or in online groups such as this certification group. Creating a study plan will increase your chancing of passing tremendously.

3. PRACTICE TESTS

Taking practice exams will prepare you for the real thing. You can take practice tests at a college, online or even create your own. Make sure the practice tests your going over covers all topics on the exam. Ensure to put extra emphasis on your weak areas.

Looking for online I.T. training? Visit Master I.T.

The Six Steps Of Troubleshooting

  1. Identify the problem.
  2. Establish a theory of probable cause.
  3. Test theory to determine cause
  4. Establish an action plan and implement it
  5. Verify full system functionality.
  6. Document your findings

1. Identify The Problem

In the first step of the troubleshooting process you identify the problem. Display won’t turn on? , printer won’t print ? , internet isn’t working? This step is the foundation the rest of the troubleshooting steps are built upon.

2. ESTABLISH A THEORY OF PROBABLE CAUSE

This step is used to make an educated guess as to why the problem stated in step one is occurring. Display not turning on? Maybe the power isn’t on. Printer wont print? Maybe the printer is out of paper. Internet not working? Maybe the router needs to be restarted.

3. Test Theory To Determine Cause

In this step you test the theory you came up with in step 2 to ensure that’s what’s causing the issue. No internet connectivity? See if the router has any status lights illuminated.. Printer not printing? Check paper tray to see if it’s filled. Display not turning on? Verify that the monitor is unplugged.

4. Establish An Action Plan And Implement It

In this step you come up with a plan to fix the issue you identified. Display not on? Plug the PC into power. Printer not printing? Refill paper tray. No internet connectivity? Power cycle your router.

5. Verify Full System Functionality

In this step you ensure that you’ve fixed your problem and everything is functioning as it’s suppose to.

6. Document Findings

In the final steps you document the steps you took to solve your problem. This allows you or someone else to reference the documentation in case the issue arises again.

Looking for online I.T. training? Visit Master I.T.