Are you preparing for the Security+ certification exam

Are-you-preparing-for-the-Security-certification-exam

Given a scenario, analyze indicators of compromise and determine the type of malware.

  1. Viruses: An unsolicited and unwanted malicious program.
  2. Crypto-malware: A malicious program that encrypts programs and files on the computer in order to extort money from the user.
  3. Ransomware: Denies access to a computer system or data until a ransom is paid. Can be spread through a phishing email or unknowingly infected website.
  4. Worm: A self-contained infection that can spread itself through networks, emails, and messages.
  5. Trojan: A form of malware that pretends to be a harmless application.
  6. Rootkit: A backdoor program that allows full remote access to a system.
  7. Keylogger: A malicious program that saves all of the keystrokes of the infected machine.
  8. Adware: A program that produces ads and pop ups using your browser, may replace the original browser and produce fake ads to remove the adware in order to download more malware.
  9. Spyware: Software that installs itself to spy on the infected machine, sends the stolen information over the internet back to the host machine.
  10. Bots: AI that when inside an infected machine performs specific actions as a part of a larger entity known as a botnet.
  11. RAT (Remote Access Trojan): A remotely operated Trojan.
  12. Logic bomb: A malicious program that lies dormant until a specific date or event occurs.
  13. Backdoor: Allows for full access to a system remotely.

Compare and contrast types of attacks

  1. Social engineering: Gathering information on an attack by exploiting the weakest part of security, people.
  2. Phishing: Sending a false email pretending to be legitimate to steal valuable information from the user.
  3. Spear phishing: Attacks that target specific users.
  4. Whaling: An attack on a powerful or wealthy individual.
  5. Vishing: An attack through a phone or voice communications.
  6. Tailgating: Closely following individuals with keys to get access to secure areas.
  7. Impersonation: Taking on the identity of an individual to get access into the system or communications protocol.
  8. Dumpster diving: Going through a business’s or person’s trash to find thrown away valuable information or possessions.
  9. Shoulder surfing: Watching as a person enters information.
  10. Hoax: False information that deceives the user into compromising security by making them believe they are at risk.
  11. Watering hole attack: A security attack that targets a specific highly secured group by infecting a commonly visited website by the group’s members.
  12. Principles (reasons for effectiveness):
  • Authority: The actor acts as an individual of authority.
  • Intimidation: Frightening or threatening the victim.
  • Consensus: Influenced by what others do, everyone else does it.
  • Scarcity: Limited resources and time to act.
  • Familiarity: The victim is well known.
  • Trust: Gain their confidence, be their friend.
  • Urgency: Limited time to act, rush the victim.
Are-you-preparing-for-the-Security-certification-examDownload
Facebook
Twitter
LinkedIn
Pinterest
Constanza Rodriguez

Constanza Rodriguez

All Posts »

Leave a Reply

Your email address will not be published. Required fields are marked *

Top Recommended Posts

10 WAYS ASSET VISIBILITY BUILDS THE FOUNDATION FOR OT CYBERSECURITY – KNOWING THE DATA YOU NEED TO COLLECT ISN’T ENOUGH IF YOU DON’T HAVE FULL ASSET VISIBILITY by DRAGOS
10 WAYS ASSET VISIBILITY BUILDS THE FOUNDATION FOR OT CYBERSECURITY – KNOWING THE DATA YOU...
THIRD-PARTY SECURITY – RISK MANAGEMENT PLAYBOOK – A study of common , emerging, and pioneering capabilities and practices by riskrecon Mastercard
THIRD-PARTY SECURITY – RISK MANAGEMENT PLAYBOOK – A study of common , emerging, and pioneering...
Phishing By Industry Benchmarking Report 2023
Phishing By Industry Benchmarking Report 2023
2023 Global Mobile Threat Report is now available
2023 Global Mobile Threat Report is now available
Orange Cyberdefense Security Navigator 2023 – Research-driven insights to build a safer digital society
Orange Cyberdefense Security Navigator 2023 – Research-driven insights to build a safer digital society
Guia de Implementacion y Estrategia de Azure cuarta edicion by Packt
Guia de Implementacion y Estrategia de Azure cuarta edicion by Packt
SECURING THE SOFTWARE SUPPLY CHAIN – RECOMMENDED PRACTICES GUIDE FOR DEVELOPERS
SECURING THE SOFTWARE SUPPLY CHAIN – RECOMMENDED PRACTICES GUIDE FOR DEVELOPERS
OSINT cheat Sheet
OSINT cheat Sheet
CISO Guidance Free Book by CRC Press
CISO Guidance Free Book by CRC Press
ciso2ciso notepad series – new Released: new MITRE ATT&CK v10
ciso2ciso notepad series – new Released: new MITRE ATT&CK v10