Common Knowledge Points of CompTIA Security+ [Part 4]

CER: It is the certificate file extension of an SSL certificate, which is used by the webserver to help confirm the identity and security of the site the user is visiting.


RA: It is used for certificate verification request and forwarding the request to CA.

Hashtags: #CompTIA #SecurityPlus #firewall #VPN #VLAN

EAP-FAST: It is designed to increase the speed of re-authentication when a user roams from one AP to another. It authenticates users through an encrypted TLS channel but also a pre-shared key.


HMAC: It is well-known as a message verification code and is used for integrity verification.


CBC: CBC mode uses feedback information to ensure that even if the same data is encrypted, the current block password is different from other blocks.


PFX files are often used in Windows operating systems, including digital certificates, to design the verification process that determines whether users or devices can access specific hies.


PEM (Privacy Enhanced Email): It is a certificate format that is used to use public-key encryption to enhance email security.


CCMP: An AES block cipher-based encryption protocol used in WPA2.


TKIP: A security protocol created by the IEEE 802.11i task group to replace WEP.


.pl2 and .Pfx are the file extensions of PKCS #12 files, and .key is used for PKCS #8 public and private keys. p7b is a PKCS #7 file extension.


PGP and GPG use a trusted network to establish a reliable binding between the public key and the owner.


AES-256: It can encrypt data to USB flash memory quickly and safely.


WiFi Alliance: A non-profit organization that promotes WiFi technology. It is recommended that the password be at least 8 characters, including uppercase and lowercase letters and symbols.


DES and 3DES are symmetric group encryption algorithms and use a 64-bit block size.


ECC: It is an asymmetric algorithm that uses a smaller key and has the same strength compared to asymmetric algorithms with longer key lengths.


ECC (Elliptic Curve Cryptography): It is based on the elliptic curve theory that uses points on the curve to determine more effective public and private keys.


ECC (Elliptic Curve Cryptography): It uses less processing energy and works better on, for example, wireless devices and mobile phones.


PEAP: It is an encapsulation protocol that uses the certificate on the authentication server and the client's certificate. It supports password-based authentication.


EAP-TLS: It requires the client and server to have certificates. Authentication is mutual, the server authenticates the client, and the client authenticates the server.


MD5: It is a hash algorithm to create a 128-bit digest.


SHA-1: It is a hash algorithm that creates a 160-bit digest.


PBKDF2: It is a key expansion algorithm. The key expansion allows potentially weak keys, such as a password or phrase, to be more secure against brute force attacks by increasing the time to test each possible key.


OCSP (Online Certificate Status Protocol): It is a protocol that can be used to query the revocation status of a given CA certificate. OCSP can pre-package the list of revocation certificates and update it through the browser. If the Internet is disconnected, it can be used to check the certificate.


TPM (Trusted Platform Module): It includes a plan for using cryptographic processors to create a secure computing environment.


SDN (Software Defined Network): It is an attempt to simplify the network management process by separating the system that controls the sending of traffic and the system that forwards the traffic to the destination.


Hypervisor: It is an intermediate software layer that runs between the basic physical server and the operating system, allowing multiple operating systems and applications to share hardware. It can also be called VMM (virtual machine monitor), that is, virtual machine monitor.


NIST 800-82 (Safety Guidelines for Industrial Control Systems): It is specifically used for industrial control systems.


ISO27017: It is an international standard for cloud security.


NIST 800-14: It describes general security guidelines that should be addressed by security policies.


NIST 800-53: It organizes security measures into a set of controls, such as security assessment, access control, incident response, etc.


HSM (Hardware Security Module): It is a physical device that can provide the root of the trust function.


RTOS (Real-Time Operating System): It is a dedicated operating system that uses a more continuous processor scheduler than standard operating systems.


SCADA (Supervisory Control and Data Acquisition): It is an industrial control system that monitors and controls industrial processes such as processing and manufacturing, infrastructure processes such as power transmission and distribution, and facility processes such as energy consumption and HVAC systems.


TKIP (Temporary Key Integrity Protocol):It is a security protocol created by the IEER 802.11i task group to replace WEP.


CCMP (Counter Mode Cipher Block Chain Message Authentication Code Protocol): It is an AES block cipher-based encryption protocol used in WPA2.


SSID Service Set Identifier (Service Set Identifier): SSID technology can divide a wireless LAN into several sub-networks that require different authentications. Each sub-network requires independent authentication, and only users who pass the authentication can enter the corresponding. This can prevent unauthorized users from entering this network.


SaaS (Software as a Service): It is a computing method that uses the cloud to provide users with application services.


PaaS (Platform as a Service): It is a computing method that uses the cloud to provide services of any platform type.


IaaS (Infrastructure as a Service): It is a computing method that uses the cloud to provide any or all infrastructure requirements.


RAID (Redundant Array of Independent Disks): It is a set of vendor-independent rules that can support redundancy and fault tolerance configured on a multi-device storage system.


SED (Self-Encrypting Disk): A storage device that can be encrypted at the hardware level, avoiding relying on software solutions.


VDE (Virtual Desktop Environment): It is a virtual machine running on a desktop operating system.


IaC (Infrastructure as Code): It manages computer data centers and provides material supplies through machine-readable definition files instead of physical hardware configuration or interactive configuration tools.


CHAP (Challenge Handshake Authentication Protocol): This protocol can periodically verify the identity of the opposite end through a three-way handshake, which can be repeated when the initial link is established, upon completion, and after the link is established. By incrementally changing identifiers and variable query values, replay attacks from endpoints can be prevented and the time exposed to a single attack can be limited.


RAID 1+0: It is a mirrored disk stripe.


RAID 3: It is a special parity disk strip, which can only withstand the damage of one hard disk.


RAID 5: It uses disk strips with distributed parity bits and can only withstand damage to one hard disk.


RAID 6: It is a parity disk stripe, using at least four hard disks with parity bits distributed. It can withstand the damage of up to two hard drives.


RSH: It is the abbreviation of a remote shell (the shell is a command interface of the operating system). The background program running on the remote computer accepts RSH commands, verifies the user name and hostname information, and executes the command.


Check out the previous parts of this article:

Common Knowledge Points of CompTIA Security+ [Part 1]

Common Knowledge Points of CompTIA Security+ [Part 2]

Common Knowledge Points of CompTIA Security+ [Part 3]

About

Launched in 2016 as 591Lab International and locally in China known as “WUQIUYAO Tech. Ltd” we are committed to offering our clients excellent experience on ISACA, PMI, Cisco and Huawei examination preparatory services. We focus strongly on popular exams, and exam preparations services. We provide our customers with the complete training needed to earn the best scores for their respective Management and IT career certifications. We have a huge list of satisfied customers with top grades to back up all the claims we make.

Quick Links

Contact

This material is not sponsored by, endorsed by, or affiliated with Cisco Systems, Inc & Huawei Technologies Co., Ltd. Cisco Certified Internetworking Engineer, the Cisco Systems logo and the CCIE™ logo are trademarks or registered trademarks of Cisco Systems, Inc. in the United States and certain other countries.Huawei Certified Internetwork Expert, the Huawei logo and the HCIE™ logo are trademarks or registered trademarks of Huawei Technologies Co., Ltd . in China and certain other countries All other trademarks are trademarks of their respective owners. 

© Copyright 591Lab 2020. All Rights Reserved.