We offer a compact glossary that turns exam terms into practical ideas. This introduction maps core concepts like CIA (confidentiality, integrity, availability) and AAA (authentication, authorization, accounting) to real controls.

Our goal is to show how each protocol and access model fits into a network or systems design. We link terms such as AES, IPSec (AH and ESP), DHCP, DNS, and EAP to how they protect data and service availability.

We explain why tools like SIEM and SOAR matter, and how business continuity plans and regulations (GDPR, HIPAA, FISMA) shape policy. We also share a simple study tip: read acronyms as words to boost recall under exam time and in real work.

By grouping identity, cryptography, and detection topics, we give a clear map for users and analysts to find the right control fast. This keeps information actionable and relevant to present exam blueprints and modern deployments.

Key Takeaways

• Understand CIA and AAA as the foundation for secure design.
• Map protocols to their network layer and protection role.
• Replace acronyms with words to improve memory under time pressure.
• Link tools like SIEM/SOAR to incident detection and response.
• Focus on how rules, access models, and authentication protect users and data.

Overview and How to Use This Security+ Acronyms Glossary

This glossary is built to convert shorthand into clear, usable definitions for exam prep and on-the-job tasks. We align entries to current exam objectives so your study time targets exact domains and control families.

Present-time study context and exam objective alignment

We recommend scanning an objective, expanding each short label into full terms, and rehearsing how each applies to realistic network or systems scenarios.

Linking items to real controls helps you see how policies protect data and users. Use spaced review over time to lock concepts into long-term memory.

Tip: Replace acronyms with words to boost retention

Read acronyms as words. For example, say “business impact analysis” for BIA and “mean time to repair” for MTTR. This reduces confusion under time pressure and improves recall.

Quick examples:

CompTIA Security+ SY0-701 All Acronyms

This snapshot gathers the exam favorites so you can spot patterns across access, crypto, and network controls.

We group high-frequency items by function for fast study. Identity and authentication: AAA, MFA, RBAC, ABAC, DAC, MAC, EAP-TLS. Each maps to how users and devices gain or lose access.

Cryptography and protocols: AES, HMAC, SHA, IKE, IPSec (AH/ESP). Remember that AES protects confidentiality while HMAC and SHA provide integrity and authentication.

Network services and controls: DHCP, DNS/DNSSEC, NAC, IDS/IPS. These govern address resolution, policy enforcement, and threat detection at the edge of the network.

Risk and continuity: BIA, BCP, DRP, MTTR, ALE, SLE, ARO. These terms link math to recovery plans and expected data loss or downtime.

PKI flow: CSR → CA → certificate status via CRL or OCSP. Finally, SIEM and SOAR collect information and cut time to detect and respond.

Core Security Foundations: CIA, AAA, Access, and Control

Core principles anchor how teams design controls to protect information and services.

CIA triad and protecting sensitive data

Confidentiality keeps sensitive data private. Integrity ensures data is accurate. Availability keeps systems and services running when users need them.

AAA for remote access and accounting

Authentication verifies identity. Authorization grants appropriate access. Accounting logs actions so audits and investigations can trace events in production.

Access control models: DAC, MAC, ABAC, RBAC

DAC lets owners set permissions. MAC uses labels to restrict by sensitivity. RBAC assigns permissions by role. ABAC evaluates attributes like time, location, and device.

Practical notes: AUPs translate policy into enforcement. Biometric metrics (FAR, FRR, CER) guide authentication choices. Regular access reviews detect permission drift and restore least-privilege.

Identity, Authentication, and Privileged Access

Controlling who gets into systems and how they prove it stops many breaches before they start. We cover practical steps to make authentication stronger and access more precise.

MFA, CHAP, IAM, PAM essentials

IAM centralizes identity so users receive only the access they need across applications and systems.

MFA combines factors — something you know, have, and are — to raise authentication strength for remote access and high-risk devices.

CHAP uses a challenge-response protocol so passwords are not sent in clear text. That reduces exposure over untrusted links.

PAM secures privileged accounts with vaulting, session monitoring, and just-in-time elevation to limit admin risk.

Time-based and one-time passwords: HOTP

HOTP issues HMAC-based, counter-synced one-time codes. TOTP is its time-synced sibling and uses short windows to limit replay.

Map high-risk services and devices to stronger methods and prefer phishing-resistant authenticators where possible.

• Account lifecycle: provision, modify, deprovision to remove unnecessary access.
• Logging and approval workflows for elevated sessions aid audits and incident response.
• Use hardware-backed authenticators for key administrators to protect data and reduce attack surface.

Cryptography and Hashing: AES, 3DES, HMAC, SHA

We look at core encryption tools and hashing to show when each suits storage, transport, or key exchange.

AES is a symmetric block cipher with 128-bit blocks and keys of 128/192/256 bits. It handles bulk data fast and is the modern default. 3DES is a legacy option with 64-bit blocks and slower performance; it appears only where old systems force compatibility.

Symmetric vs. asymmetric and key exchange

Symmetric ciphers excel at speed for large data. Asymmetric methods handle public key tasks: key exchange and digital signatures.

DH and ECDHE let two parties derive a shared secret over an insecure network. ECDHE uses elliptic curves and ephemeral keys for better performance and forward secrecy.

Modes and integrity

CBC is a classic mode that needs careful IV handling. GCM pairs counter mode with Galois authentication to give confidentiality plus integrity.

HMAC is a keyed hash that provides message integrity and authentication and is used by many protocol stacks like TLS and IPSec.

Data at rest vs. in transit

FDE protects whole disks; EFS encrypts files on NTFS. For transport, ESP (protocol 50) offers confidentiality, integrity, and authentication. AH (protocol 51) provides integrity and authentication only.

Practical note: Choose algorithms and key lengths to balance security, compliance, and device performance. Protect private keys in HSMs and tie cryptography to access control so information and users stay safe.

Certificates, Public Key, and PKI Trust

We describe how a certificate authority anchors trust so networks can verify identities and encrypt traffic.

A certificate authority issues and signs certificates that bind an identity to a public key. A CSR contains the newly created public key and identifying info and typically follows PKCS #10 before the CA signs it.

Formats and revocation

Certificates often come in CER (text/ASCII) or DER (binary) encodings. Some server platforms require one format when importing, so conversion matters during deployment.

Revocation is handled with CRL lists and OCSP checks. CRL publishes revoked items; OCSP gives near real-time status to stop use of compromised certs.

Use cases and lifecycle

Certificates enable TLS for servers, client authentication for users and devices, EAP-TLS for Wi‑Fi, and code signing for software integrity.

“A well-maintained PKI keeps authentication reliable and reduces outages from expired or revoked credentials.”

• Chain of trust and intermediate CAs help troubleshoot validation errors.
• Subject Alternative Names and key usage extensions control intended access and protocol use.
• Protect private keys—use HSMs for high-value services.

Network Fundamentals: IP Addressing, Protocols, and Services

We explain core network building blocks so you can design reliable addressing and predictable traffic. This short guide ties IP basics to link-layer services and common controls.

IP, IPv4, IPv6, ICMP, ARP

IP routes packets between networks. IPv4 uses 32-bit addresses; IPv6 uses 128-bit addresses to solve exhaustion and add operational benefits.

ICMP diagnoses reachability and latency. Filtering ICMP may reduce visibility for troubleshooting.

ARP maps an IPv4 address to a MAC. Without ARP protections, ARP poisoning can misdirect traffic and disrupt devices.

DHCP basics and DHCP snooping control

DHCP assigns IP, mask, gateway, and DNS dynamically. Good lease policies prevent conflicts and speed user access.

DHCP snooping enforces trusted ports on switches and blocks rogue DHCP servers at Layer 2.

OSI vs. IEEE layers: where protocols live

The OSI model shows where each protocol operates and which devices handle it on a local area network.

IEEE 802 standards (802.3, 802.11) define frames and signaling for LAN links. VLANs and routing reduce broadcast traffic and improve overall control.

“Accurate addressing and clear layer placement are prerequisites for strong policy and effective troubleshooting.”

Domain Name System and Name Resolution Security

A reliable name system keeps users connected by mapping human-friendly names to numeric addresses. DNS resolves hostnames to IPv4 and IPv6 addresses so clients find the right server.

Core records include A (IPv4), AAAA (IPv6), and MX for mail routing. Resolvers, authoritative servers, and caches work together to answer queries quickly.

DNS records, BIND, and operations

BIND is common on Unix-like servers and often controls zone files, logging, and ACLs. Administrators must harden configuration, monitor logs, and limit management access to reduce risk.

Remember: queries use UDP port 53; TCP port 53 is used for zone transfers and large responses. Securing inter‑server transfers prevents unauthorized replication of zone data.

DNS attacks, poisoning, and DNSSEC defenses

DNS poisoning and cache corruption let attackers redirect traffic by returning bogus addresses. Unsigned records are vulnerable in a distributed cache model.

DNSSEC signs records to guarantee integrity and authenticity. Validation reduces successful redirection, but it adds operational trade-offs: larger responses, extra CPU for signatures, and potential validation failures that can block legitimate access.

• Keep MX records accurate and tie mail delivery to TLS and valid certificates to prevent interception.
• Monitor query patterns and log spikes to spot anomalies early.
• Apply least‑privilege on management interfaces and enforce change control for zone edits.

“Protecting name resolution is protecting the first step of every network connection.”

Virtual Private Network and Secure Remote Access

Creating an encrypted tunnel is the practical way to extend a private network to remote endpoints without exposing internal services. A virtual private network protects data and enforces policy when users connect over public links.

IKE negotiates IPSec security associations that set keys, algorithms, and lifetime for tunnel protection. Proper IKE configuration prevents mismatched parameters and weak ciphers.

AH (protocol 51) gives authentication and integrity using HMAC. ESP (protocol 50) adds encryption—commonly AES—plus integrity via HMAC so payloads remain confidential.

GRE encapsulates packets to build overlays and route between sites. GRE does not encrypt traffic, so combine it with IPSec when confidentiality is needed.

• Decide split‑tunnel vs. full‑tunnel by policy: bandwidth, inspection, and privacy tradeoffs.
• Use certificates, EAP methods, and MFA for strong endpoint authentication.
• Log connections and run posture checks to block unmanaged devices.

“Prefer per‑application access and strict authentication to reduce broad network exposure.”

Measure latency and throughput to set baselines and preserve the user experience while supporting zero‑trust controls.

Detection and Prevention Systems to Stop Attacks

Layered detection and active blocking form the frontline that stops many attacks before they reach critical systems. An intrusion detection system alerts analysts. An intrusion prevention system sits inline and can drop malicious traffic.

IDS vs. IPS and placement

NIDS and NIPS watch network choke points for suspicious flows. HIDS and HIPS run on endpoints to catch host-level changes.

Deploy both to improve visibility across devices and systems. Choke-point sensors see lateral moves; host agents spot local compromises.

Methods, tuning, and encrypted traffic

Detection uses signatures, anomaly baselines, and behavior models. Tuning reduces false positives and avoids missing real attack patterns.

Encrypted traffic hides content. Use decryption zones or analyze metadata to keep detection coverage without breaking privacy rules.

NAC and Layer 2 policy

Network access control enforces posture checks before and after admission. BPDU guard and DHCP snooping protect campus links from simple layer 2 misuse.

Operational tips: Stream alerts to logs and response workflows. Track dwell time, time to detect, and time to respond. Test controls with simulated traffic and red-team drills, and manage policy changes to avoid unintended outages.

Wireless, 802.1X, and EAP-based Authentication

Wireless authentication ties device identity to network policy so devices gain only the access they need.

802.1X is a port-based framework that uses EAP methods to vet users and devices on wired and Wi‑Fi links. A RADIUS server usually makes the centralized decision and returns an authorization profile for network access.

EAP, EAP-TLS, EAP-TTLS, and EAP-FAST

EAP is the outer framework. EAP-TLS requires certificates on both client and server for mutual authentication. EAP-TTLS needs only a server certificate and protects inner credentials inside a tunnel. EAP-FAST uses a protected tunnel with optional certificates and offers easier deployment where PKI is limited.

Trade-offs: EAP-TLS gives the strongest mutual assurance but needs certificate lifecycle work. EAP-TTLS and EAP-FAST reduce certificate burden at the cost of slightly weaker mutual proof.

HSTS and HTTPS for secure web services

HSTS forces browsers to use HTTPS and prevents downgrade attacks and cookie hijacking. HTTPS runs TLS over port 443 and is essential for login pages and payment flows.

“Force HTTPS end-to-end to protect credit card and other sensitive data during entry and processing.”

• Keep certificate revocation checks and hygiene up to date to preserve trust between client and server.
• Segment guest and corporate SSIDs and apply per-role authorization to limit lateral movement after join.
• Collect telemetry — EAP failure codes, RADIUS logs, and TLS alerts — to speed troubleshooting of authentication issues.

Operational note: Choose strong cipher suites and current TLS versions to protect traffic and data in motion. Combine EAP-TLS and strict network access control to give users and devices robust protection without degrading experience.

Email, Messaging, and Server Protocol Security

We secure mail and messaging by standardizing protocols and locking down servers that handle sensitive traffic.

SMTP sends mail; IMAP retrieves it (default port 143). Enabling SMTPS (TLS) on the mail server protects credentials and message content in transit.

Deploy certificates correctly and prefer modern TLS versions. Use strong ciphers and automate renewals to avoid outages.

Anti‑spoofing and unwanted messaging

Publish SPF records in DNS to reduce domain spoofing. Pair SPF with DKIM and DMARC for fuller protection.

Watch for SPIM — unsolicited chat messages — and train users to report suspicious links.

Secure file transfer

SFTP runs over SSH (port 22). FTPS adds TLS (often ports 989/990). Choose by partner needs and restrict allowed methods on the server.

• Harden mail servers: minimal services, patches, AV, and strict authentication.
• Log events to a SIEM for alerts on anomalous logins, relay misuse, and message spikes.
• Apply DLP for attachments with sensitive data or credit card information.

“Protect mail flows with TLS, anti‑spoofing DNS records, and continuous logging to detect abuse early.”

Cloud and Service Models with Security Controls

Different cloud offerings split responsibilities for compute, storage, and platform management. We map who must run and who must protect services when workloads move offsite.

For IaaS the provider supplies compute and storage while customers secure operating systems and apps. With PaaS, the provider manages runtime and some platform updates, and we focus on application and configuration hardening.

MCSPs manage cloud operations while MSSPs offer monitored security services. Outsourcing can improve coverage and reduce time to respond for distributed systems.

CASB acts as a policy point between users and cloud; it enforces access control, prevents data loss, and gives visibility on sanctioned and unsanctioned use.

• SDN separates control and forwarding planes so networks adapt policies and route traffic securely.
• API-first logging and protocol integrations keep configurations consistent across services and tools.
• Identity federation, least-privilege roles, microsegmentation, and encryption of data in transit and at rest reduce blast radius.

“Combine CASB, SDN controllers, and SIEM/SOAR integrations to keep control while traffic patterns evolve.”

Risk, Metrics, and Business Continuity

A focused continuity plan turns risk numbers into practical steps that keep critical services running. We use a BIA to find which processes, data, and dependencies matter most. That discovery drives RTO and RPO choices so recovery matches user and business tolerance.

BIA, BCP, and DRP planning

The BIA lists critical functions and the information they need. A BCP sets strategy to maintain service delivery. A DRP defines restoration steps and a testing cadence to prove the plan works.

Risk math and time metrics

Use the formula SLE × ARO = ALE to quantify expected loss and guide control investments. Track MTBF for reliability, MTTD for detection, and MTTR for repair to improve operational resilience over time.

RTO/RPO alignment and suppliers

Set RTO and RPO per application, balancing cost and acceptable data loss. Include supplier SLAs when those providers affect achievable recovery for systems and pipelines.

• Test: tabletop and technical drills to validate assumptions.
• Protect: versioning, backups, geo‑redundancy, and strict access rules during recovery.
• Improve: capture lessons learned to reduce future recovery time.

“Align communications and escalation so users know when to expect updates and when to use alternates.”

Governance, Compliance, and Standards

Clear roles and documented processes turn regulatory requirements into repeatable tasks for IT and legal teams. Good governance ties policy to operations so teams know who acts on risk, who approves changes, and who reports results.

GDPR, HIPAA, and FISMA roles

GDPR protects personal data and sets privacy duties for processors and controllers. HIPAA secures protected health information and defines covered entities and business associates.

FISMA requires federal programs to implement an information program with defined roles for risk and continuous monitoring.

NIST, ISO, and security information management

NIST frameworks guide control selection and assessment. ISO standards provide a management baseline for policies, evidence collection, and audits.

Map controls to requirements and collect evidence so audits can verify both policy and technical enforcement.

Policies and agreements

• AUP and NDA set user behavior and confidentiality expectations.
• BPA, ISA, and SOW formalize obligations between parties and servers.
• SLA declares service performance and resilience targets that affect support and recovery.

Practical advice: enforce privacy by design, manage certificate lifecycle, and integrate policy checks into pipelines so protocol configs and deployments remain compliant.

Operations Monitoring and Response

Operations visibility ties logs and alerts into a single pane for smarter response.

SIEM collects logs from systems, network devices, and endpoints. It correlates events to reduce noise and raises alerts when patterns match risky behavior.

SOAR uses playbooks to automate containment steps, enrich context, and speed analyst workflows. Playbooks turn repeatable tasks into consistent actions and cut manual toil.

Threat intelligence and standards

AIS feeds, like CISA indicators, push machine-readable signals into tools so detections update quickly. We map CVE entries to CVSS scores to rank fixes by severity and impact.

The NIST CSF gives a practical lifecycle: identify, protect, detect, respond, recover. Tie event management to those functions so processes stay measurable.

• Tune detections for intrusion detection system and intrusion prevention system use cases.
• Map alerts to protocol-aware runbooks that reference firewalls, IDS/IPS, and EDR actions.
• Measure MTTD and MTTR to confirm automations lower operational risk.

“Integrate tools, tune content, and review incidents so each response improves the next.”

Operational advice: keep permissions tight so response actions cannot degrade service. After each incident, run a post‑incident review and fold lessons into new detections and playbooks.

Endpoint, Storage, and Hardware Security

Modern systems blend chips, keys, and storage—so we harden each layer to reduce overall risk.

BIOS/UEFI, HSM, and SoC

UEFI replaces legacy BIOS and gives richer firmware controls. We lock boot order, enable secure boot, require firmware passwords, and apply signed updates via a controlled protocol.

HSMs keep private keys isolated and perform crypto operations so keys never leave the module. This improves certificate and token protection for high-value servers.

SoC designs put CPU, memory, and controllers on one chip. That reduces latency but changes update cadence and the attack surface for embedded firmware.

SED vs. FDE and protecting data and devices

Self-encrypting drives use hardware encryption with on-chip key storage. Software-based full-disk encryption protects at rest but relies on OS key management.

We weigh recovery, key escrow, and forensic needs when choosing SED or FDE. Protect backups and ensure mobile devices encrypt data and enforce remote wipe for lost users.

EMI/EMP and physical controls

EMI and EMP can disable electronics. Shielding, grounding, and facility controls preserve availability. Combine physical locks, inventory, and verified decommission wipes so devices leave service clean.

• Harden endpoints: minimal services, application allow-listing, and secure boot.
• Send endpoint telemetry to SIEM and SOAR for coordinated response.
• Connect hardware protections to identity and network layers so controls reinforce each other.

Conclusion

To wrap up, treat each term as an action you can apply to protect systems and users.

We recommend reading acronyms as full phrases and practicing them in real configs. This turns shorthand into clear steps for access control and quick decisions.

Match protocol choices to the network role they serve. Use strong crypto, PKI hygiene, and certificates so data and service flows stay trustworthy.

Measure outcomes with risk math and time metrics. Track MTTD and MTTR so security work proves its value and improves over time.

We thank you for investing attention and time. Revisit related entries, build playbooks, and update firmware, configs, and policy to keep protections current.