Cheat Sheet
Complete CompTIA Security+ Cheat Sheet: Acronyms, Ports, and Key Concepts
A comprehensive cheat sheet for the CompTIA Security+ SY0-701 exam. Covers all acronyms, port numbers, key concepts, formulas, and exam tips organized by domain.
Key Acronyms You Must Know
AAA — Authentication, Authorization, Accounting. AES — Advanced Encryption Standard (symmetric, 128/192/256-bit). ALE — Annualized Loss Expectancy (SLE × ARO). ARO — Annualized Rate of Occurrence. BIA — Business Impact Analysis. CA — Certificate Authority. CASB — Cloud Access Security Broker. CIA — Confidentiality, Integrity, Availability. CRL — Certificate Revocation List. CSP — Content Security Policy / Cloud Service Provider. CSRF — Cross-Site Request Forgery. DAC — Discretionary Access Control. DLP — Data Loss Prevention. DMZ — Demilitarized Zone. EDR — Endpoint Detection and Response. EAP — Extensible Authentication Protocol. ESP — Encapsulating Security Payload (IPSec). HSM — Hardware Security Module. IAM — Identity and Access Management. IdP — Identity Provider. IDS — Intrusion Detection System. IPS — Intrusion Prevention System. IPSec — Internet Protocol Security. KDC — Key Distribution Center (Kerberos). MAC — Mandatory Access Control / Message Authentication Code (context-dependent). MFA — Multi-Factor Authentication. NAC — Network Access Control. NGFW — Next-Generation Firewall. OCSP — Online Certificate Status Protocol. PAM — Privileged Access Management. PBKDF2 — Password-Based Key Derivation Function 2. PCI DSS — Payment Card Industry Data Security Standard. PII — Personally Identifiable Information. PKI — Public Key Infrastructure. RPO — Recovery Point Objective. RTO — Recovery Time Objective. RBAC — Role-Based Access Control. SIEM — Security Information and Event Management. SLE — Single Loss Expectancy. SOAR — Security Orchestration, Automation and Response. SOC — Security Operations Center / Service Organization Control. SPF — Sender Policy Framework. SSO — Single Sign-On. TACACS+ — Terminal Access Controller Access-Control System Plus. TGT — Ticket Granting Ticket (Kerberos). TOTP — Time-Based One-Time Password. UTM — Unified Threat Management. VPN — Virtual Private Network. WAF — Web Application Firewall. XDR — Extended Detection and Response. XSS — Cross-Site Scripting.
Essential Port Numbers
20/21 — FTP (20 data, 21 control). 22 — SSH. 23 — Telnet (unencrypted). 25 — SMTP. 53 — DNS. 67/68 — DHCP. 80 — HTTP. 110 — POP3. 123 — NTP. 137-139 — NetBIOS. 143 — IMAP. 161/162 — SNMP. 389 — LDAP. 443 — HTTPS (TLS). 445 — SMB. 514 — Syslog. 636 — LDAPS (LDAP over SSL). 993 — IMAPS. 995 — POP3S. 1433 — Microsoft SQL Server. 1521 — Oracle DB. 1701 — L2TP (VPN). 1723 — PPTP (VPN, deprecated). 1812/1813 — RADIUS (auth/accounting). 3306 — MySQL. 3389 — RDP. 5004/5005 — SIP (VoIP). 5060/5061 — SIP. 8080 — HTTP alternate.
Key Formulas and Calculations
SLE (Single Loss Expectancy) = Asset Value × Exposure Factor. Example: server worth $50,000 with 40% exposure = $20,000 SLE. ARO (Annualized Rate of Occurrence) = expected frequency per year. Example: phishing attack expected 4 times per year = ARO of 4. ALE (Annualized Loss Expectancy) = SLE × ARO. Example: $20,000 × 4 = $80,000 ALE. RTO (Recovery Time Objective) = maximum acceptable downtime (time to restore). RPO (Recovery Point Objective) = maximum acceptable data loss (time between backups).
Domain-by-Domain Quick Reference
Domain 1 (General Security Concepts): CIA Triad (Confidentiality=encryption, Integrity=hashing, Availability=redundancy). AAA (Auth=who you are, Authz=what you can do, Accounting=what you did). Zero Trust (never trust, always verify). Change management steps: Request, Review, Approve, Implement, Document.
Domain 2 (Threats & Vulnerabilities): Social engineering types — phishing (mass email), spear (targeted), whaling (executives), vishing (voice), smishing (SMS). Malware — virus (needs host), worm (self-replicating), ransomware (encrypts files), trojan (disguised), rootkit (hides in OS).
Domain 3 (Security Architecture): Firewalls — packet filter (stateless, IP/port), stateful (tracks connections), NGFW (app-aware + IPS). IDS (alerts) vs IPS (blocks). VPN — IPSec (Layer 3, site-to-site) vs SSL (Layer 4-7, remote access). Cloud — IaaS (most control), PaaS, SaaS (least control). DR — Hot site (fast, expensive) vs Cold site (slow, cheap).
Domain 4 (Security Operations): Incident response phases — Preparation, Detection & Analysis, Containment/Eradication/Recovery, Post-Incident. SIEM (detects) vs SOAR (responds). Access control — MAC (labels), DAC (owner), RBAC (roles), ABAC (attributes). IAM — authentication (who) vs authorization (what). MFA factors: something you know, have, are.
Domain 5 (Security Program Management): Risk responses — Mitigation (reduce), Transfer (insurance), Acceptance (acknowledge), Avoidance (eliminate). Compliance — GDPR (EU privacy), HIPAA (US healthcare), PCI DSS (payment cards). NIST CSF: Identify, Protect, Detect, Respond, Recover.