CramX
RegisterLog in
Back to AI Flashcard MakerInformation Technology /CompTIA Security+ (SY0-601): Security Applications & Devices

CompTIA Security+ (SY0-601): Security Applications & Devices

Information Technology11 CardsCreated 3 months ago

This section outlines methods for detecting and preventing unauthorized activity, including Intrusion Detection Systems (IDS) and Data Loss Prevention (DLP) solutions. It also covers best practices for securing BIOS configurations and protecting network and storage systems like NAS/SAN from unauthorized access and data breaches.

PrintEmbedImportReport

IDS & IDS Alerts

Intrusion Detection System:
Passively monitors network and alerts/identifies attacks
HIDS = Host-based | NIDS = Network-based
Signature, Policy, Anomaly-based

True Positive: Malicious activity is identified as an attack
False Positive: Legitimate activity is identified as an attack
True Negative: Legitimate activity is identified as legitimate traffic
False Negative: Malicious activity is identified as legitimate traffic

Tap or swipe ↕ to flip
Swipe ←→Navigate
1/11

Key Terms

Term
Definition

IDS & IDS Alerts

Intrusion Detection System:
Passively monitors network and alerts/identifies attacks
HIDS = Host-based | NIDS = Ne...

DLP & 3 Types of DLPs

Data Loss Prevention (Software or Hardware):
Monitors the data of a system while in use, in transit, or at rest to de...

Securing BIOS

  1. Flash the BIOS

  2. Use a BIOS password

  3. Securing NAS/SAN

    1. Use data encryption

    2. Use proper authentication

    3. SED

      Self-Encrypting Drive:

      Storage device that performs whole disk encryption by using embe...

    Disk Encryption Software

    Apple: FileVault
    Windows: BitLocker

    Log in to view all terms

Related Flashcard Decks

Information Technology

Operating System Theory and Structures

This deck covers key concepts of operating systems, including their functions, structures, services, and design methodologies. It explores the components, system calls, and different architectural approaches to OS design.

10 cards
View Deck
Information Technology

Operating System Typologies and Architectures

This deck covers the typologies of operating systems, focusing on mono-processor and multi-processor systems, including clustered and real-time embedded systems.

10 cards
View Deck
Information Technology

A Level Computer Science Paper 1: 1.3.4 Web Technologies Part 2

Web indexing involves recording and organizing information about online resources. Web crawlers automatically scan and catalogue web pages, while meta tags within HTML help describe page content to improve search visibility.

21 cards
View Deck
Information Technology

A Level Computer Science Paper 1: 1.3.4 Web Technologies

HTML is the standard language used to build and structure web pages. It uses tagged elements to define content, with headers indicating importance and paragraphs used to separate blocks of text.

29 cards
View Deck
Information Technology

A Level Computer Science Paper 1: 1.3.2 Databases Part 2

Normalisation is the process of structuring a database to reduce redundancy and improve data integrity. It involves organizing data into tables that meet specific rules—starting with First Normal Form (1NF) and Second Normal Form (2NF)—to ensure each field depends fully on the primary key and that data is stored efficiently.

21 cards
View Deck
Information Technology

A Level Computer Science Paper 1: 1.3.2 Databases

A database is an organised system for storing and managing data efficiently. It ensures data accuracy, accessibility, and security, with information structured in tables containing fields that define specific data attributes.

33 cards
View Deck

Study Tips

  • Press F to enter focus mode for distraction-free studying
  • Review cards regularly to improve retention
  • Try to recall the answer before flipping the card
  • Share this deck with friends to study together
CompTIA Security+ (SY0-601): Security Applications & Devices
TermDefinition

IDS & IDS Alerts

Intrusion Detection System:
Passively monitors network and alerts/identifies attacks
HIDS = Host-based | NIDS = Network-based
Signature, Policy, Anomaly-based

True Positive: Malicious activity is identified as an attack
False Positive: Legitimate activity is identified as an attack
True Negative: Legitimate activity is identified as legitimate traffic
False Negative: Malicious activity is identified as legitimate traffic

DLP & 3 Types of DLPs

Data Loss Prevention (Software or Hardware):
Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data

Also called Information Leak Protection (ILP) or Extrusion Prevention Systems (EPS)

Network DLP System
Software or hardware-based solution that is installed on the perimeter of the network to detect data in transit

Storage DLP System
Software installed on servers in the datacenter to inspect the data at rest

Cloud DLP System
Cloud software as a service that protects data being stored in cloud services

Securing BIOS

  1. Flash the BIOS

  2. Use a BIOS password

  3. Configure the BIOS boot order

  4. Disable the external ports and devices

  5. Enable the secure boot option

Securing NAS/SAN

  1. Use data encryption

  2. Use proper authentication

  3. Log NAS access

SED

Self-Encrypting Drive:

Storage device that performs whole disk encryption by using embedded hardware

Disk Encryption Software

Apple: FileVault
Windows: BitLocker

TPM

Trusted Platform Module:
Chip residing on the motherboard that contains an encryption key

If your motherboard doesn’t have TPM, you can use an external USB drive as a key

HSM

Hardware Security Module:

Physical devices that act as a secure cryptoprocessor during the encryption process

EPP

Endpoint Protection Platform:
A software agent and monitoring system that performs multiple security tasks such as anti-virus, HIDS/HIPS, firewall, DLP, and file encryption

EDR

Endpoint Detection & Response:
A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats

Doesn’t use signature-based protection
Behavioral analysis, ML, process monitoring
Lightweight agent on the endpoint
Root cause analysis

UEBA

User & Entity Behavior Analytics:
A system that can provide automated identification of suspicious activity by user accounts and computer hosts

UEBA solutions are heavily dependent on advanced computing techniques like artificial intelligence (AI) and machine learning

Many companies are now marketing advanced threat protection (ATP), advanced endpoint protection (AEP), and NextGen AV (NGAV) which is a hybrid of EPP, EDR, and UEBA