WGU D488 - CASP+

WGU D488 - CASP+

Leave the first rating Students also studied Terms in this set (38) Science Computer Science Computer Security and Reliability Save Nutanix NCSE Level 1 Exam Rated A...Teacher 60 terms emmansantoa320 Preview Associate Google Workspace Admi...Teacher 60 terms MORRIS_LANDO Preview AWS Cloud Practitioner Teacher 279 terms collyrazPreview WGU D Teacher Clif Design Secure Network Architecture - 25%Section 1 Identity and Access ManagementA framework of policies and technologies used to manage digital identities and control user access to a resource within an organization Password PolicyRules set to enforce strong password creation and management, including requirements for length, history, complexity, and more.Privileged Access ManagementA security practice that monitors and controls access to critical systems and data by users with elevated access (e.g. admin accounts) Password ComplexityA set of rules designed to make a password stronger and more difficult to crack or guess.KerberosA network authentication protocol that uses symmetric key cryptography to securely authenticate users and services over the network.Mandatory Access Control (MAC)A security model where access to resources is determined by system-enforced policies. Access is granted based on labels or classifications. (e.g. "Top Secret") Attribute-Based Access Control (ABAC)A security model where access to resources is determined by attributes such as user role, location, time of access, etc...In-band authenticationA security method where authentication occurs within the same communication channel used to access the service or system. An example will include receiving a verification token on the same device you are using to login.

Out-of-Band authenticationA security method where authentication occurs using a separate communication channel from the primary one. An example includes receiving a verification email with a code to confirm your identity.Challenge Handshake Authentication Protocol (CHAP) A secure authentication protocol used to verify the identity of a user or device over the network by sending them a "challenge" (random value) from the server to the client.JSON Web TokenA compact, URL-safe token format used for securely transmitting information between two parties as a JSON object.Trusted Platform Module (TPM)a hardware based security device used to store cryptographic keys, passwords, and other sensitive data securely. This security device ensures that the system hardware and software hasn't been tampered with.Single Sign On (SSO)An authentication process that allows users to access multiple applications or systems using single set of credentials.Internet Protocol Security (IPSec)A suite of protocols used to secure IP communications by encrypting and authenticating data packets transmitted over a network. Commonly used in VPN's.Simple Network Management Protocol (SNMP) A protocol used for managing and monitoring network devices in an IP network.Allows administrators to collect performance data, configure devices, and receive alerts about issues or failures.Extensible authentication protocol (EAP)An authentication framework used to provide various methods of user authentication over a network. It is commonly used in wireless networks and VPN's to support different forms of authentication like passwords, certificates, and tokens.Open Authentication (OAuth)A simple authentication method where access is granted without requiring credentials or any form of authentication. Typically used in unsecured networks such as public wi-fi.Secure Socket Layer (SSL)A cryptographic protocol designed to provide secure communication over a computer network. SSL encrypts the data exchanged between a client and server, ensuring confidentiality and integrity. SSL is now deprecated and has been replaced with the Transport Layer Security (TLS) protocol.Virtual Private Network (VPN)A technology that creates a secure, encrypted connection over a public network (like the internet) to allow remote users or sites the ability to access a private network safely.Security Information and Event Management (SIEM) A security solution that collects, analyzes, and correlates log and event data from across an organization's IT environment in real time.Web Application Firewall (WAF)A security solution that monitors, filters, and blocks malicious traffic to and from web applications.Secure Socket Shell (SSH)A cryptographic network protocol used to securely access and manage remote systems over an unsecured network.

Demilitarized Zone (DMZ)A network segment that separates an organization's internal network from external-facing services. It acts as a buffer zone to limit access between the internet and the internal network.Hardware Security Module (HSM)A physical device designed to securely generate, store, and manage cryptographic keys.Port SecurityA network security feature that restricts access to a switch port based on MAC addresses.Software FirewallA security application installed on individual devices that monitors and controls incoming and outgoing network traffic based on predefined rules. Helps block unauthorized access, detect threats, and enforce security policies at the host level.Anti-spam gatewayA security solution that filters and blocks unwanted or malicious email (spam) before it reaches the recipient's inbox.Proxy serverAn intermediary server that sits between a user's device and that internet. It forwards user requests to the website and returns the responses. Often used to improve security, control web access, cache content, and anonymize user activity.Unified Threat Management (UTM) ApplianceAn all-in-one security device that integrates multiple security functions--such as firewall, intrusion detection/prevention (IDS/IPS), antivirus, content filtering, and VPN--into a single platform. It simplifies network security management and provides centralized protection against a wide range of threats.Intrusion Detection System (IDS)A security solution that monitors network or system activity for malicious actions or policy violations. It detects threats like unauthorized access, malware, or abnormal behavior and alerts administrators but does not take direct action to stop the threat Intrusion Prevention System (IPS)A security solution that actively monitors network traffic for malicious activity and automatically blocks or prevents detected threats in real time.Deep Packet Inspection (DPI)An advanced method of analyzing network traffic by inspecting the data portion (not just headers) of packets.Signature Based DetectionA threat detection method that identifies known malware or attacks by comparing activity or files against a database of known signatures. It's fast and effective but can't identify new or unknown malware. Commonly used in antivirus and IDS/IPS systems Virtual Desktop Infrastructure (VDI)A technology that hosts desktop environments on a centralized server, allowing users to access virtual desktops remotely over a network.Remote Desktop Protocol (RDP)A Microsoft protocol that allows users to remotely access and control another computer over a network. RDP uses encryption and is considered a secure method of remote access.

Digital Rights Management (DRM)A set of technologies used to protect and control access to digital content (like software, music, videos, and documents). DRM enforces licensing, prevents unauthorized copying or distribution, and ensures only authorized can use the content as intended.WatermarkingA method used to embed visible or invisible markers (like logos, text, or metadata) into digital contents.