CompTIA Security+ (SY0-601)

Document Content and Description Below

Phishing - ANSWER A type of social engineering attack often used to steal user data, including login credentials and credit card numbers. Smishing - ANSWER The act of committing text message fraud ... to try to lure victims into revealing account information or installing malware. Vishing - ANSWER An electronic fraud tactic in which individuals are tricked into revealing critical financial or personal information to unauthorized entities. Spam - ANSWER An unsolicited bulk message sent to multiple recipients who did not ask for them. Spam over instant messaging (SPIM) - ANSWER Refers to unsolicited instant messages. Spear phishing - ANSWER An email or electronic communications scam targeted towards a specific individual, organization or business. Dumpster diving - ANSWER A technique used to retrieve information that could be used to carry out an attack on a computer network. Shoulder surfing - ANSWER A direct observation techniques, such as looking over someone's shoulder, to get information. Pharming - ANSWER A form of online fraud involving malicious code and fraudulent websites. Tailgating - ANSWER A physical security breach in which an unauthorized person follows an authorized individual to enter a secured premise. Eliciting information - ANSWER A reporting format designed to elicit as much information as possible about individuals involved in a group or network. Whaling - ANSWER A method used by cybercriminals to masquerade as a senior player at an organization and directly target senior individuals, with the aim of stealing or gaining access to their computer systems for criminal purposes. Prepending - ANSWER A technique used to deprioritize a route in a netork. Identity fraud - ANSWER A crime in which an imposter obtains key pieces of personally identifiable information (PII) to impersonate someone else. Invoice scams - ANSWER A fraudulent way of receiving money or by prompting a victim to put their credentials into a fake login screen. Credential harvesting - ANSWER The process of gathering valid usernames, passwords, private emails, and email addresses through infrastructure breaches. Reconnaissance - ANSWER A term for testing for potential vulnerabilities in a computer network. Hoax - ANSWER A message warning the recipients of a non-existent computer virus threat. Impersonation - ANSWER A form of fraud in which attackers pose as a known or trusted person to dupe an employee into transferring money to a fraudulent account, sharing sensitive information or revealing login credentials. Watering hole attack - ANSWER A targeted attack designed to compromise users within a specific industry by infecting websites they typically visit and luring them to a malicious site. Typosquatting - ANSWER A form of cybersquatting which relies on mistakes such as typos made by Internet users when inputting a website address into a web browser. Pretexting - ANSWER A form of social engineering in which an individual lies to obtain privileged data. Social media - ANSWER A computer-based technology that allows the sharing of ideas, thoughts, and information through the building of virtual networks. Authority - ANSWER The power to enforce rules or give orders. Consensus - ANSWER Allows anyone in the network to join dynamically and participate without prior permission. Ransomware - ANSWER A malicious software that infects your computer and displays messages demanding a fee to be paid in order for your system to work again. Trojans - ANSWER A type of malware that is often disguised as legitimate software. Worms Potentially unwanted programs (PUPs) - ANSWER A program that may be unwanted, despite the possibility that users consented to download it Fileless virus - ANSWER A type of malicious software that uses legitimate programs to infect a computer. Command and Control - ANSWER A computer controlled by a cybercriminal to send commands to systems compromised by malware and receive stolen data from a target network. Bots - ANSWER A network of computers infected by malware that are under the control of a single attacking party, known as the "bot-herder." Cryptomalware - ANSWER A type of ransomware that encrypts user's files, and demands ransom. Logic bomb - ANSWER A string of malicious code used to cause harm to a network when the programmed conditions are met. Spyware - ANSWER A type of malware that collects and shares information about a computer or network without the user's consent. Keyloggers - ANSWER A type of monitoring software designed to record keystrokes made by a user. Remote access Trojan (RAT) - ANSWER A malware program that allows hackers to assume remote control over a device via covert surveillance. Rootkit - ANSWER Asoftware used by a hacker to gain constant administrator-level access to a computer or network. Backdoor - ANSWER A means to access a computer system or encrypted data that bypasses the system's customary security. Brute force - ANSWER A brute-force technique where attackers run through common words and phrases, such as those from a dictionary, to guess passwords. Rainbow table - ANSWER A listing of all possible plaintext permutations of encrypted passwords specific to a given hash algorithm. Plaintext - ANSWER A message before encryption or after decryption. Card cloning - ANSWER The practice of making an unauthorized copy of a credit card. Skimming - ANSWER Cybercriminals' strategies for capturing and stealing cardholder's personal payment information. Supply-chain attacks - ANSWER A cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply chain. Birthday - ANSWER A type of cryptographic attack, which exploits the mathematics behind the birthday problem in probability theory. Collision Attack - ANSWER An attack on a cryptographic hash to find two inputs producing the same hash value, i.e. a hash collision. Downgrade - ANSWER A form of cyber attack in which an attacker forces a network channel to switch to an unprotected or less secure data transmission standard. Privilege escalation - ANSWER A type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker an access to the network. Cross-site scripting - ANSWER A web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. Structured query language (SQL) - ANSWER A programming language designed to get information out of and put it into a relational database. Dynamic-link library (DLL) - ANSWER A collection of small programs that can be loaded when needed by larger programs and used at the same time. LDAP (Lightweight Directory Access Protocol) - ANSWER A software protocol for [Show More]

Last updated: 3 years ago

Preview 1 out of 16 pages