All guides

Security+ Cheat Sheet: SY0-701 Acronyms & Ports

If you want a single, scannable Security+ cheat sheet for the SY0-701 exam, this is it: the highest-yield acronyms grouped by theme, plus the ports CompTIA loves to test. Skim it on the train, screenshot it, and use it to find the gaps in your recall before exam day.

How to use this cheat sheet

This is a review tool, not a substitute for understanding. The SY0-701 acronym appendix lists 334 acronyms, and the exam writes most concepts in their short form. You don't need to spell all 334 perfectly — you need to recognize them on sight and know what each one does. Below are the acronyms and ports that carry the most questions, organized so you can self-quiz: cover the right column, recall it, then check.

Core security concepts

The foundational vocabulary. These underpin almost every domain.

AcronymStands for
CIAConfidentiality, Integrity, Availability
AAAAuthentication, Authorization, Accounting
MFAMulti-Factor Authentication
SSOSingle Sign-On
PKIPublic Key Infrastructure
CACertificate Authority
CSRCertificate Signing Request
RBACRole-Based Access Control
ABACAttribute-Based Access Control
MAC / DACMandatory / Discretionary Access Control
PoLPPrinciple of Least Privilege
ZTAZero Trust Architecture

Note that MAC is overloaded: it can mean Mandatory Access Control, Media Access Control (the hardware address), or Message Authentication Code in crypto. The exam expects you to read it in context.

Cryptography

Algorithms, protocols, and the properties they provide.

AcronymStands for
AESAdvanced Encryption Standard (symmetric)
RSARivest-Shamir-Adleman (asymmetric)
ECCElliptic Curve Cryptography
SHASecure Hash Algorithm
HMACHashed Message Authentication Code
TLSTransport Layer Security
PFSPerfect Forward Secrecy
HSMHardware Security Module
TPMTrusted Platform Module
PGPPretty Good Privacy

Quick mental model: AES is symmetric (one shared key, fast, used for bulk data), while RSA and ECC are asymmetric (a public/private key pair, used for key exchange and signatures). SHA hashes for integrity; it does not encrypt.

Threats, attacks & vulnerabilities

AcronymStands for
DoS / DDoSDenial of Service / Distributed Denial of Service
MITMMan-in-the-Middle (on-path attack)
XSSCross-Site Scripting
CSRFCross-Site Request Forgery
SQLiSQL Injection
RATRemote Access Trojan
APTAdvanced Persistent Threat
IoCIndicators of Compromise
TTPTactics, Techniques, and Procedures
CVECommon Vulnerabilities and Exposures
CVSSCommon Vulnerability Scoring System

Security operations & monitoring

The "blue team" tooling that dominates the Security Operations domain.

AcronymStands for
SIEMSecurity Information and Event Management
SOARSecurity Orchestration, Automation, and Response
IDS / IPSIntrusion Detection / Prevention System
DLPData Loss Prevention
EDR / XDREndpoint / Extended Detection and Response
NACNetwork Access Control
WAFWeb Application Firewall
UTMUnified Threat Management
CASBCloud Access Security Broker
MDMMobile Device Management
VPNVirtual Private Network

Watch the pairs: IDS only alerts, IPS can block. EDR is endpoint-focused; XDR correlates across endpoints, network, and cloud.

Identity & authentication protocols

AcronymStands for
LDAPLightweight Directory Access Protocol
SAMLSecurity Assertion Markup Language
RADIUSRemote Authentication Dial-In User Service
TACACS+Terminal Access Controller Access-Control System Plus
OTPOne-Time Password (TOTP = Time-based, HOTP = HMAC-based)
FIDOFast Identity Online

Exam favorite: RADIUS encrypts only the password and uses UDP; TACACS+ encrypts the entire payload and uses TCP. SAML handles web SSO via assertions.

Governance, risk & compliance

AcronymStands for
GRCGovernance, Risk, and Compliance
RTORecovery Time Objective
RPORecovery Point Objective
MTTRMean Time to Recover
MTBFMean Time Between Failures
BIABusiness Impact Analysis
BCP / DRPBusiness Continuity Plan / Disaster Recovery Plan
SLAService Level Agreement
MOU / MSAMemorandum of Understanding / Master Service Agreement
SoDSeparation of Duties

A classic trap: RTO is how fast you must be back up; RPO is how much data you can afford to lose (how far back your last good backup is). They are different axes — don't swap them.

Common ports you must know

Port questions are some of the easiest marks on the exam — pure recall. Memorize these, and pay special attention to the secure vs. insecure pairs.

PortProtocolTransportSecure?
20 / 21FTPTCPNo (use FTPS/SFTP)
22SSH, SCP, SFTPTCPYes
23TelnetTCPNo
25SMTPTCPNo
53DNSUDP/TCPNo (DNSSEC adds integrity)
67 / 68DHCPUDPNo
69TFTPUDPNo
80HTTPTCPNo
88KerberosUDP/TCPYes
110POP3TCPNo
123NTPUDPNo
143IMAPTCPNo
161 / 162SNMPUDPv3 only
389LDAPTCP/UDPNo
443HTTPSTCPYes
445SMBTCPNo
514SyslogUDPNo
636LDAPSTCPYes
993IMAPSTCPYes
995POP3STCPYes
1433Microsoft SQL ServerTCPNo
1812 / 1813RADIUS (auth / accounting)UDPPassword only
3389RDPTCPYes

The pattern to internalize: the secure twin usually sits at a different port — HTTP 80 vs. HTTPS 443, LDAP 389 vs. LDAPS 636, IMAP 143 vs. IMAPS 993, POP3 110 vs. POP3S 995. If a question hands you the plaintext protocol and asks for the hardened equivalent, it's testing exactly this.

Don't try to read this once and stop

A cheat sheet only works if you actively test yourself against it. Reading it cover-to-cover feels productive but fades within a day — that's the recall gap that costs people the exam.

Lock it in

This page is the map; recall is the muscle. The acronyms and ports above stick only after you've pulled them from memory a few times under pressure, not after a single read-through. That's where CompTIA Acronyms+ comes in: it ships the full SY0-701 acronym set with definitions, drills each card with spaced repetition (an SM-2 scheduler that resurfaces the ones you keep missing and fades the ones you've mastered), and has an exam mode to simulate test-day recall. Use this cheat sheet to spot your weak themes, then turn them into permanent memory in the app.

Get the App