DEV Community

TiltedLunar123
TiltedLunar123

Posted on

MAC means three different things on Security+, so I stopped sorting acronyms alphabetically

#cybersecurity #comptia #security #studytips

the SY0-701 objectives ship with an acronym list at the back. it's alphabetical. i figured i'd just go down it, make flashcards, done.

didn't work. i kept missing the same handful.

the problem is some of these acronyms are overloaded. MAC is the worst one. on this exam MAC can be:

  • Mandatory Access Control (the access model with security labels)
  • Media Access Control (the address burned into a NIC)
  • Message Authentication Code (the crypto thing, like in HMAC)

three completely different topics, one three-letter string. and when your flashcards are alphabetical, all three end up basically next to each other, and your brain just answers with whichever one it saw last. i'd get the question right in isolation and blow it the second the context shifted.

MAC isn't the only one. CER is both a certificate file extension and the crossover error rate in biometrics. CA is a certificate authority. those collisions are exactly the cards that wouldn't stick.

what i tried first

brute force. read the list top to bottom, write each one out longhand, quiz myself the next morning. i got maybe 70% sticking. the 30% that didn't were almost all the overloaded ones, plus the crypto alphabet soup. DES, 3DES, AES, RSA, DSA, ECC, DHE, ECDHE. scattered across the alphabet, they blur together fast, because alphabetical order puts AES nowhere near DES even though the whole point of knowing them is telling them apart.

the one thing that changed

i stopped sorting A to Z and grouped every acronym by the exam topic it actually belongs to.

that's the whole trick. here's what a group looks like:

Cryptography & PKI (36)
  AES     Advanced Encryption Standard
  DES     Data Encryption Standard
  3DES    Triple DES
  RSA     Rivest-Shamir-Adleman
  ECC     Elliptic Curve Cryptography
  DSA     Digital Signature Algorithm
  DHE     Diffie-Hellman Ephemeral
  ECDHE   Elliptic Curve Diffie-Hellman Ephemeral
  HMAC    Hash-based Message Authentication Code
  ...
Enter fullscreen mode Exit fullscreen mode

the acronyms you confuse are almost always in the same topic. so when they're sitting next to each other you're learning the contrasts instead of memorizing in isolation. RSA vs ECC stops being two random cards and becomes one comparison. that's the part that finally stuck for me.

for the overloaded ones i gave up on a single home. MAC gets listed under access control, under networking, and under crypto. felt wrong at first (the same entry three times), but it matches how the exam actually uses the word, so i left it.

the distribution surprised me

ended up with 302 acronyms across 12 topics. the spread is lopsided:

Network & Infrastructure         63
Cryptography & PKI               36
Endpoint / Host / Application    34
Governance, Risk, Compliance     34
Security Operations & Monitoring 29
Identity & Access Management     28
Wireless & Mobile                24
Threats / Attacks / Malware      15
Email & Messaging                11
Cloud & Virtualization           10
Data Protection & Privacy        10
Physical & Environmental          8
Enter fullscreen mode Exit fullscreen mode

networking alone is more than a fifth of every acronym on the exam. if you're short on time, that's where the acronym points are. physical is 8. early on i spent way too long drilling physical security terms that barely show up, because the alphabetical list gave me no sense of weight. a grouped list does. you can see at a glance which buckets are worth your evening.

why no signup

every free Security+ resource i found wanted an email first. i get why people do it, but i didn't want a drip campaign for a one-page reference. so it's just a 3-page PDF, print-friendly, no gate, CC BY 4.0 so you can reuse or remix it. i print it and keep it next to the keyboard, and that's honestly the highest praise i can give a study resource. it earns its spot on the desk instead of getting lost in a browser tab i never reopen.

what's broken / what i'd do differently

honest list of the rough edges:

  • it's a static PDF. if CompTIA tweaks the objectives, i have to redo the whole thing by hand. i should have built it from a structured source (a yaml or json file rendered to pdf) so an update is a rebuild, not a retype. that's the real miss and i knew better.
  • 302 is my own count off the objectives. i might have missed one or double-counted an overloaded acronym. there's no automated check, which is exactly the kind of thing the structured source would have given me for free.
  • no anki deck yet. a couple people asked. that's next, and if i build it from a json source i fix the first problem at the same time.

so it works, and it's the thing that actually got the acronyms to stick, but the build is dumber than it should be.

repo: https://github.com/TiltedLunar123/security-plus-acronyms-cheat-sheet

if you're studying for this exam and you're grinding the acronym list alphabetically, try grouping it by topic instead. the overloaded ones will stop eating you alive.

Top comments (0)