CompTIA Security+ (SY0-701) Glossary
Security+ glossary for high-confusion SY0-701 terms across IAM, crypto, resilience, incident response, risk, and control categories.
On this page
Use this glossary when Security+ terms start sounding close enough to cause missed questions. The exam often turns on small distinctions such as detective versus preventive, federation versus delegation, or containment versus eradication.
CIA: Confidentiality, integrity, and availability, the core security objectives behind many Security+ control questions.
AAA: Authentication, authorization, and accounting, the identity-control sequence that appears across many admin and access scenarios.
PKI: Public key infrastructure, the certificate and trust-chain system behind many authentication and encryption questions.
Best way to use the glossary
| If you keep missing… | Reopen… |
|---|---|
| control categories, CIA, AAA, zero trust, crypto language | 1. General Security Concepts |
| actor, vector, vulnerability, and attack-pattern distinctions | 2. Threats, Vulnerabilities & Mitigations |
| architecture, classification, resilience, and site-model language | 3. Security Architecture |
| hardening, monitoring, IAM operations, response, and evidence terms | 4. Security Operations |
| governance, risk, privacy, audit, and awareness terms | 5. Security Program Management & Oversight |
Core terms
| Term | Fast meaning |
|---|---|
| CASB | Cloud access security broker for policy enforcement and visibility between users and cloud services |
| AAA | Authentication, authorization, and accounting |
| ABAC | Access decisions based on attributes such as department, time, or device state |
| BIA | Business impact analysis used to identify critical functions and recovery targets |
| CIA triad | Confidentiality, integrity, and availability |
| CSPM | Cloud security posture management for finding misconfiguration and policy drift in cloud environments |
| DLP | Data loss prevention controls for monitoring or blocking sensitive data movement |
| DMARC | Email-authentication policy layer that works with SPF and DKIM to control spoofing handling |
| EDR | Endpoint detection and response tooling focused on endpoint visibility and containment |
| HMAC | Hash-based message authentication code for integrity and authenticity |
| HSM | Hardware security module used to protect cryptographic keys |
| MDM | Mobile device management for policy, inventory, and control on managed devices |
| NAC | Network access control that checks identity or posture before network access |
| OCSP | Online Certificate Status Protocol for certificate revocation checking |
| PBQ | Performance-based question that simulates tasks or workflows on the exam |
| PKI | Public key infrastructure for certificates, trust chains, and lifecycle management |
| RBAC | Access based on role assignment |
| RPO | Recovery point objective, the tolerated data-loss window |
| RTO | Recovery time objective, the target restoration time |
| SIEM | Security information and event management platform for log collection and correlation |
| SOAR | Security orchestration, automation, and response for repeatable workflows |
| SSP | System security plan describing implemented controls and responsibilities |
| Zero Trust | Verify explicitly, apply least privilege, and assume breach |
Commonly confused pairs
| Pair | The difference that matters |
|---|---|
| Authentication vs authorization | Authentication proves identity. Authorization decides allowed actions. |
| Corrective vs compensating control | Corrective fixes after an issue. Compensating substitutes when the ideal control is not possible. |
| DAC vs MAC vs RBAC vs ABAC | DAC is owner-driven, MAC is label-driven, RBAC is role-driven, ABAC is attribute-and-policy-driven. |
| Encryption vs hashing vs encoding | Encryption protects confidentiality, hashing supports integrity, encoding just changes representation. |
| Federation vs delegation | Federation lets a trusted identity provider handle sign-in. Delegation lets an app act on a user’s behalf with limited scope. |
| Hot site vs warm site vs cold site | Hot is fastest and most expensive, warm is partly ready, cold needs the most setup after failure. |
| Incident containment vs eradication | Containment limits damage. Eradication removes the root cause or malicious presence. |
| Managerial vs operational control | Managerial sets policy and oversight. Operational applies security through people and process. |
| Preventive vs detective control | Preventive tries to stop the event. Detective tries to notice it quickly. |
| Risk appetite vs risk tolerance | Appetite is overall willingness to accept risk. Tolerance is the acceptable variation around specific objectives. |
| SAML vs OAuth 2.0 vs OIDC | SAML is web SSO, OAuth 2.0 is delegated authorization, OIDC adds authentication to OAuth. |
| Vulnerability scan vs penetration test | A scan finds likely weaknesses. A penetration test proves impact through authorized exploitation. |
Common triads and anchors
| Term group | Fast recall |
|---|---|
| IR phases | Preparation -> Identification -> Containment -> Eradication -> Recovery -> Lessons learned |
| Risk treatments | Accept, avoid, transfer, mitigate |
| Access models | DAC, MAC, RBAC, ABAC |
| Zero Trust core | Verify explicitly, least privilege, assume breach |
Quick reminders tied to Security+
- Base64 is not encryption.
- Root cause analysis comes after the incident is stabilized, not before containment.
- A stronger control is not automatically the better answer if it breaks the requirement.
- Least privilege and auditability usually beat convenience in access-control questions.
- Evidence handling and documentation matter whenever the scenario mentions legal, audit, or forensics requirements.
Quiz
Loading quiz…
If your misses are clustering around terminology rather than workflow, reread the related chapter page and then return to the lesson page that introduced the term in context.