Security+ Cheat Sheet: SY0-701 Acronyms & Ports
If you want a single, scannable Security+ cheat sheet for the SY0-701 exam, this is it: the highest-yield acronyms grouped by theme, plus the ports CompTIA loves to test. Skim it on the train, screenshot it, and use it to find the gaps in your recall before exam day.
How to use this cheat sheet
This is a review tool, not a substitute for understanding. The SY0-701 acronym appendix lists 334 acronyms, and the exam writes most concepts in their short form. You don't need to spell all 334 perfectly — you need to recognize them on sight and know what each one does. Below are the acronyms and ports that carry the most questions, organized so you can self-quiz: cover the right column, recall it, then check.
Core security concepts
The foundational vocabulary. These underpin almost every domain.
| Acronym | Stands for |
|---|---|
| CIA | Confidentiality, Integrity, Availability |
| AAA | Authentication, Authorization, Accounting |
| MFA | Multi-Factor Authentication |
| SSO | Single Sign-On |
| PKI | Public Key Infrastructure |
| CA | Certificate Authority |
| CSR | Certificate Signing Request |
| RBAC | Role-Based Access Control |
| ABAC | Attribute-Based Access Control |
| MAC / DAC | Mandatory / Discretionary Access Control |
| PoLP | Principle of Least Privilege |
| ZTA | Zero Trust Architecture |
Note that MAC is overloaded: it can mean Mandatory Access Control, Media Access Control (the hardware address), or Message Authentication Code in crypto. The exam expects you to read it in context.
Cryptography
Algorithms, protocols, and the properties they provide.
| Acronym | Stands for |
|---|---|
| AES | Advanced Encryption Standard (symmetric) |
| RSA | Rivest-Shamir-Adleman (asymmetric) |
| ECC | Elliptic Curve Cryptography |
| SHA | Secure Hash Algorithm |
| HMAC | Hashed Message Authentication Code |
| TLS | Transport Layer Security |
| PFS | Perfect Forward Secrecy |
| HSM | Hardware Security Module |
| TPM | Trusted Platform Module |
| PGP | Pretty Good Privacy |
Quick mental model: AES is symmetric (one shared key, fast, used for bulk data), while RSA and ECC are asymmetric (a public/private key pair, used for key exchange and signatures). SHA hashes for integrity; it does not encrypt.
Threats, attacks & vulnerabilities
| Acronym | Stands for |
|---|---|
| DoS / DDoS | Denial of Service / Distributed Denial of Service |
| MITM | Man-in-the-Middle (on-path attack) |
| XSS | Cross-Site Scripting |
| CSRF | Cross-Site Request Forgery |
| SQLi | SQL Injection |
| RAT | Remote Access Trojan |
| APT | Advanced Persistent Threat |
| IoC | Indicators of Compromise |
| TTP | Tactics, Techniques, and Procedures |
| CVE | Common Vulnerabilities and Exposures |
| CVSS | Common Vulnerability Scoring System |
Security operations & monitoring
The "blue team" tooling that dominates the Security Operations domain.
| Acronym | Stands for |
|---|---|
| SIEM | Security Information and Event Management |
| SOAR | Security Orchestration, Automation, and Response |
| IDS / IPS | Intrusion Detection / Prevention System |
| DLP | Data Loss Prevention |
| EDR / XDR | Endpoint / Extended Detection and Response |
| NAC | Network Access Control |
| WAF | Web Application Firewall |
| UTM | Unified Threat Management |
| CASB | Cloud Access Security Broker |
| MDM | Mobile Device Management |
| VPN | Virtual Private Network |
Watch the pairs: IDS only alerts, IPS can block. EDR is endpoint-focused; XDR correlates across endpoints, network, and cloud.
Identity & authentication protocols
| Acronym | Stands for |
|---|---|
| LDAP | Lightweight Directory Access Protocol |
| SAML | Security Assertion Markup Language |
| RADIUS | Remote Authentication Dial-In User Service |
| TACACS+ | Terminal Access Controller Access-Control System Plus |
| OTP | One-Time Password (TOTP = Time-based, HOTP = HMAC-based) |
| FIDO | Fast Identity Online |
Exam favorite: RADIUS encrypts only the password and uses UDP; TACACS+ encrypts the entire payload and uses TCP. SAML handles web SSO via assertions.
Governance, risk & compliance
| Acronym | Stands for |
|---|---|
| GRC | Governance, Risk, and Compliance |
| RTO | Recovery Time Objective |
| RPO | Recovery Point Objective |
| MTTR | Mean Time to Recover |
| MTBF | Mean Time Between Failures |
| BIA | Business Impact Analysis |
| BCP / DRP | Business Continuity Plan / Disaster Recovery Plan |
| SLA | Service Level Agreement |
| MOU / MSA | Memorandum of Understanding / Master Service Agreement |
| SoD | Separation of Duties |
A classic trap: RTO is how fast you must be back up; RPO is how much data you can afford to lose (how far back your last good backup is). They are different axes — don't swap them.
Common ports you must know
Port questions are some of the easiest marks on the exam — pure recall. Memorize these, and pay special attention to the secure vs. insecure pairs.
| Port | Protocol | Transport | Secure? |
|---|---|---|---|
| 20 / 21 | FTP | TCP | No (use FTPS/SFTP) |
| 22 | SSH, SCP, SFTP | TCP | Yes |
| 23 | Telnet | TCP | No |
| 25 | SMTP | TCP | No |
| 53 | DNS | UDP/TCP | No (DNSSEC adds integrity) |
| 67 / 68 | DHCP | UDP | No |
| 69 | TFTP | UDP | No |
| 80 | HTTP | TCP | No |
| 88 | Kerberos | UDP/TCP | Yes |
| 110 | POP3 | TCP | No |
| 123 | NTP | UDP | No |
| 143 | IMAP | TCP | No |
| 161 / 162 | SNMP | UDP | v3 only |
| 389 | LDAP | TCP/UDP | No |
| 443 | HTTPS | TCP | Yes |
| 445 | SMB | TCP | No |
| 514 | Syslog | UDP | No |
| 636 | LDAPS | TCP | Yes |
| 993 | IMAPS | TCP | Yes |
| 995 | POP3S | TCP | Yes |
| 1433 | Microsoft SQL Server | TCP | No |
| 1812 / 1813 | RADIUS (auth / accounting) | UDP | Password only |
| 3389 | RDP | TCP | Yes |
The pattern to internalize: the secure twin usually sits at a different port — HTTP 80 vs. HTTPS 443, LDAP 389 vs. LDAPS 636, IMAP 143 vs. IMAPS 993, POP3 110 vs. POP3S 995. If a question hands you the plaintext protocol and asks for the hardened equivalent, it's testing exactly this.
Don't try to read this once and stop
A cheat sheet only works if you actively test yourself against it. Reading it cover-to-cover feels productive but fades within a day — that's the recall gap that costs people the exam.
Lock it in
This page is the map; recall is the muscle. The acronyms and ports above stick only after you've pulled them from memory a few times under pressure, not after a single read-through. That's where CompTIA Acronyms+ comes in: it ships the full SY0-701 acronym set with definitions, drills each card with spaced repetition (an SM-2 scheduler that resurfaces the ones you keep missing and fades the ones you've mastered), and has an exam mode to simulate test-day recall. Use this cheat sheet to spot your weak themes, then turn them into permanent memory in the app.