Security+ Certification Exam Objectives: Definitions and Examples, Exams of Computer Security

A comprehensive list of security+ certification exam objectives, offering definitions and examples for each concept. It covers a wide range of cybersecurity topics, including social engineering, malware, password attacks, and network security vulnerabilities. Valuable for students preparing for the security+ exam, as it helps them understand key concepts and terminology.

Typology: Exams

2024/2025

Available from 01/15/2025

khalif-jay
khalif-jay 🇺🇸

2

(3)

2.7K documents

1 / 36

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Security+ Cert Exam Objectives questions and correct answers
Phishing - Correct Answer fraudulent attempt to obtain sensitive information or data, by disguising oneself as a trustworthy entity in
an electronic communication.
Smishing - Correct Answer When someone tries to trick you into giving them your private information via a text or SMS message.
Vishing - Correct Answer Using social engineering over the telephone system to gain access to private personal and financial
information for the purpose of financial reward
Spam - Correct Answer irrelevant or unsolicited messages sent to a large number of Internet users, for illegitimate advertising, and
other activities such as phishing, and spreading malware
SPIM - Correct Answer Spam delivered through instant messaging (IM) instead of through e-mail messaging
Spear Phishing - Correct Answer the act of sending emails to specific and well-researched targets while pretending to be a trusted
sender
Dumpster Diving - Correct Answer exploration of a system's trash bin for the purpose of finding details in order for a hacker to
have a successful online assault.
Shoulder Surfing - Correct Answer When someone watches over your shoulder to nab valuable information as you key it into an
electronic device.
Pharming - Correct Answer cyberattack intended to redirect a website's traffic to another, fake site.
Tailgating - Correct Answer Social engineering attempt by cyber threat actors in which they trick employees into helping them gain
unauthorized access into the company premises.
Eliciting Information - Correct Answer Procedures or techniques involving interacting with and communicating with others that is
designed to gather knowledge or inform
Whaling - Correct Answer Spear phishing that focuses on one specific high level executive or influencer
Prepending - Correct Answer Prepend is a word that means to attach content as a prefix. For example, a prepend command could
be used in a scripting language that a programmer would enter into a certain function or code module. It would add certain
characters of text to the beginning of some variable or object.
Identity Fraud - Correct Answer identity fraud is the use of stolen information such as making fake ID's and fake bank accounts
Invoice Scams - Correct Answer using fraudulent invoices to steal from a company
Credential Harvesting - Correct Answer the use of MITM attacks, DNS poisoning, phishing, etc. to amass large numbers of
credentials (username / password combinations) for reuse.
Reconnaissance - Correct Answer - Information gathering about a target network
Hoax - Correct Answer Cyber hoax scams are attacks that exploit unsuspecting users to provide valuable information, such as
login credentials or money.
Impersonation - Correct Answer typically involves an email that seems to come from a trusted source.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24

Partial preview of the text

Download Security+ Certification Exam Objectives: Definitions and Examples and more Exams Computer Security in PDF only on Docsity!

Security+ Cert Exam Objectives questions and correct answers

Phishing - Correct Answer fraudulent attempt to obtain sensitive information or data, by disguising oneself as a trustworthy entity in an electronic communication.

Smishing - Correct Answer When someone tries to trick you into giving them your private information via a text or SMS message.

Vishing - Correct Answer Using social engineering over the telephone system to gain access to private personal and financial information for the purpose of financial reward

Spam - Correct Answer irrelevant or unsolicited messages sent to a large number of Internet users, for illegitimate advertising, and other activities such as phishing, and spreading malware

SPIM - Correct Answer Spam delivered through instant messaging (IM) instead of through e-mail messaging

Spear Phishing - Correct Answer the act of sending emails to specific and well-researched targets while pretending to be a trusted sender

Dumpster Diving - Correct Answer exploration of a system's trash bin for the purpose of finding details in order for a hacker to have a successful online assault.

Shoulder Surfing - Correct Answer When someone watches over your shoulder to nab valuable information as you key it into an electronic device.

Pharming - Correct Answer cyberattack intended to redirect a website's traffic to another, fake site.

Tailgating - Correct Answer Social engineering attempt by cyber threat actors in which they trick employees into helping them gain unauthorized access into the company premises.

Eliciting Information - Correct Answer Procedures or techniques involving interacting with and communicating with others that is designed to gather knowledge or inform

Whaling - Correct Answer Spear phishing that focuses on one specific high level executive or influencer

Prepending - Correct Answer Prepend is a word that means to attach content as a prefix. For example, a prepend command could be used in a scripting language that a programmer would enter into a certain function or code module. It would add certain characters of text to the beginning of some variable or object.

Identity Fraud - Correct Answer identity fraud is the use of stolen information such as making fake ID's and fake bank accounts

Invoice Scams - Correct Answer using fraudulent invoices to steal from a company

Credential Harvesting - Correct Answer the use of MITM attacks, DNS poisoning, phishing, etc. to amass large numbers of credentials (username / password combinations) for reuse.

Reconnaissance - Correct Answer - Information gathering about a target network

Hoax - Correct Answer Cyber hoax scams are attacks that exploit unsuspecting users to provide valuable information, such as login credentials or money.

Impersonation - Correct Answer typically involves an email that seems to come from a trusted source.

Watering hole attack - Correct Answer security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit. The goal is to infect a targeted user's computer and gain access to the network at the target's place of employment.

Typo squatting - Correct Answer type of cybersquatting used by imposters that involve registering domains with intentionally misspelled names of popular web addresses to install malware on the user's system

Pretexting - Correct Answer the practice of presenting oneself as someone else in order to obtain private information.

Influence campaigns - Correct Answer

Hybrid warfare - Correct Answer - Combining conventional warfare with cyberwarfare

Social Media Campaign - Correct Answer Planned, coordinated marketing efforts using one or more social media platforms.

Principles: - Correct Answer Authority: an attacker may try to appear to have a certain level authority. Intimidation: may try to make the victim think that something terrible is going to happen if they don't comply with the attacker's wishes. Consensus: An attacker may try to sway the mind of a victim using names they are familiar with, saying that such ones provided them information (they are fishing for) in the past and you should be able to do the same. Scarcity: An attacker may try to set a time limit on a victim so that they can comply with their wishes by a certain deadline. Familiarity: they make you familiar with them on the phone and make you want to do things for them. Trust: The attacker in this case can claim to be a friend or close associate of someone you may know very well and that's trusted. Urgency: When attackers want you to act and not think, they want you to do what they want as quickly as possible so that there's no time to spot all the red flags.

Malware - Correct Answer a program or file designed to be disruptive, invasive and harmful to your computer.

Ransomware - Correct Answer Software that encrypts programs and data until a ransom is paid to remove it.

Worms - Correct Answer Independent computer programs that copy themselves from one computer to other computers over a network

potentially unwanted program (PUP) - Correct Answer program that installs itself on a computer, typically without the user's informed consent

Fileless virus - Correct Answer Software that uses legitimate programs to infect a computer. It does not rely on files and leaves no footprint, making it challenging to detect and remove.

command and control - Correct Answer A computer controlled by an attacker or cybercriminal which is used to send commands to systems compromised by malware and receive stolen data from a target network

Bots - Correct Answer self-propagating malware that infects its host and connects back to a central server(s).

Cryptomalware - Correct Answer Malware to remain in place for as long as possible, quietly mining in the background.

logic bomb - Correct Answer A computer program or part of a program that lies dormant until it is triggered by a specific logical event.

  1. Collision:
  2. Downgrade:

Privilege escalation - Correct Answer

Cross-site scripting - Correct Answer

Injections - Correct Answer

Structured query language (SQL) - Correct Answer

Dynamic link library - Correct Answer

Lightweight directory access protocol (LDAP) - Correct Answer

Extensible markup language (XML) - Correct Answer

Pointer/object dereference - Correct Answer

Directory traversal - Correct Answer

Buffer overflows - Correct Answer

Race conditions(Time of check/time of use) - Correct Answer

Error handling - Correct Answer

Improper input handling - Correct Answer

Replay attack (session replays) - Correct Answer

Integer overflow - Correct Answer

Request forgeries - Correct Answer 1. Server-side

  1. Cross-site

Application programming interface (API) attacks - Correct Answer

Resource exhaustion - Correct Answer

Memory leak - Correct Answer

Secure sockets layer (SSL) stripping - Correct Answer

Driver manipulation - Correct Answer

Shimming - Correct Answer

Refactoring - Correct Answer

Pass the hash - Correct Answer

Wireless Evil Twin - Correct Answer

Rogue access point - Correct Answer

Bluesnarfing - Correct Answer

Bluejacking - Correct Answer Some users with Bluetooth-enabled mobiles use this technology to send anonymous text messages to strangers.

Disassociation - Correct Answer

Jamming - Correct Answer

Radio frequency identifier (RFID) - Correct Answer

Near Field Communication (NFC) - Correct Answer A set of standards primarily for smartphones and smart cards that can be used to establish communication between devices in close proximity.

Initialization Vector (IV) - Correct Answer A 24-bit value used in WEP that changes each time a packet is encrypted.

On-path attack(Man-in-the-middle) - Correct Answer

Layer 2 attacks - Correct Answer

Address resolution protocol poisoning - Correct Answer

Media access control flooding - Correct Answer

MAC Cloning - Correct Answer

Domain Name System (DNS) - Correct Answer A hierarchical system for naming resources on the Internet.

Domain jacking - Correct Answer

DNS poisoning - Correct Answer Technique used by criminals to alter DNS records and drive users to fake sites, to committing phishing.

Universal resource locator redirection - Correct Answer

Domain reputation - Correct Answer

Distributed Denial of Service (DDoS) - Correct Answer An attack that uses many computers to perform a DoS attack.

DDOS network - Correct Answer

Intent/motivation (attributes of actors) - Correct Answer This can be simple or multifold in nature. A script kiddie is just trying to make a technique work. A more skilled threat actor is usually pursuing a specific objective, such as trying to make a point as a hacktivist. At the top of the intent pyramid is the APT threat actor, whose intent or motivation is at least threefold.

Vectors direct access - Correct Answer

Wireless Vectors - Correct Answer

Vector Email - Correct Answer

Vector Supply Chain - Correct Answer

Vector Social Media - Correct Answer

Vector Removable Media - Correct Answer

Vector Cloud - Correct Answer

Threat intelligence sources - Correct Answer

Open-Source Intelligence (OSINT) - Correct Answer Information from media (newspapers, television), public government reports, professional and academic publications, and other openly available.

Closed/proprietary threat intelligence source - Correct Answer

Vulnerability databases - Correct Answer

Public/private information-sharing centers - Correct Answer

Dark Web - Correct Answer

Indicators of compromise - Correct Answer - unusual outbound traffic

  • anomalies in privileged account
  • geographic irregularities
  • login failures
  • swells in database read volume
  • large html responses
  • many requests for one file
  • mismatched port-applications
  • suspicious registry changes
  • spikes in dns requests from one host

Automated Indicator Sharing (AIS) - Correct Answer system that enables the sharing of attack indicators between the US government and the private sector as soon as the treat is verified

Structured Threat Information eXpression (STIX) - Correct Answer

Trusted Automated eXchange of Indicator Information (TAXII) - Correct Answer

Predictive analysis - Correct Answer the use of data warehouses and complex algorithms to forecast future events, based on historical trends and calculated probabilities

Threat maps - Correct Answer

File/code repositories - Correct Answer

Vendor websites - Correct Answer

Vulnerability feeds - Correct Answer

Conferences - Correct Answer

Academic journals - Correct Answer

Request for Comments (RFC) - Correct Answer A document published by the IETF that details information about standardized Internet protocols and those in various development stages.

Local industry groups - Correct Answer

Social media research source - Correct Answer

Threat feed research source - Correct Answer

Adversary tactics, techniques, and procedures (TTP) - Correct Answer

Cloud-based vs. on-premises vulnerabilities - Correct Answer

Zero-day - Correct Answer

Weak configurations - Correct Answer

Open permissions - Correct Answer

Unsecure root accounts - Correct Answer

Errors in weak configurations - Correct Answer

Weak encryption in weak configurations - Correct Answer

Unsecure protocols in weak configurations - Correct Answer

Default setting in weak configurations - Correct Answer

False negatives - Correct Answer

Log reviews - Correct Answer

credentialed vs. non-credentialed (vulnerability scanning) - Correct Answer

Intrusive vs. non-intrusive (scans) - Correct Answer

Application vulnerability scanner - Correct Answer Technology used to scan applications for potential vulnerabilities and weaknesses.

Web application vulnerability scan - Correct Answer

Network vulnerability scanner - Correct Answer The application of vulnerability scanning to network devices to search for vulnerabilities at the network level.

Common Vulnerabilities and Exposures (CVE) - Correct Answer

Common Vulnerability Scoring System (CVSS) - Correct Answer

Configuration review - Correct Answer

Syslog/security information and event management (SIEM) - Correct Answer

Review reports - Correct Answer

Packet capture - Correct Answer

Data inputs - Correct Answer

User behavior analysis - Correct Answer

Sentiment analysis - Correct Answer

Security monitoring - Correct Answer

Log aggregation - Correct Answer

Log Collectors - Correct Answer

Security orchestration, automation, and response (SOAR) - Correct Answer

Known environment - Correct Answer

Unknown Environment - Correct Answer

Partially known environment - Correct Answer

rules of engagement - Correct Answer

Lateral movement - Correct Answer

Privilege escalation - Correct Answer

Persistence (Penetration testing) - Correct Answer

Cleanup (Penetration testing) - Correct Answer

Bug bounty (Penetration testing) - Correct Answer

Pivoting(Penetration Testing) - Correct Answer

Passive and active reconnaissance - Correct Answer

Drones (reconnaissance) - Correct Answer

War flying - Correct Answer

War driving - Correct Answer

Footprinting - Correct Answer

OSINT - Correct Answer

Exercise types - Correct Answer Red-Team: Blue-Team: White-Team: Purple-Team: Configuration management - Correct Answer

Diagrams for Configuration management - Correct Answer

Baseline configuration - Correct Answer

Standard naming conventions - Correct Answer

Internet protocol (IP) schema - Correct Answer

Data sovereignty - Correct Answer

Data protection - Correct Answer

Data loss prevention (DLP) - Correct Answer

Platform as a Service (PaaS) - Correct Answer

Software as a Service (SaaS) - Correct Answer

Anything as a Service (XaaS) - Correct Answer

Public cloud model - Correct Answer

Community Cloud Model - Correct Answer

Private cloud model - Correct Answer

Hybrid Cloud model - Correct Answer

Cloud service providers - Correct Answer

Managed service provider (MSP) - Correct Answer

Managed security service provider (MSSP) - Correct Answer

On-premises vs. off-premises - Correct Answer

Fog Computing - Correct Answer

Edge Computing - Correct Answer

Thin Client - Correct Answer

Containers - Correct Answer

Microservices/API - Correct Answer

Infrastructure as code - Correct Answer

Software Defined Networking (SDN) - Correct Answer using a central control program separate from network devices to manage the flow of data on a network

Software-defined visibility - Correct Answer

Serverless architecture - Correct Answer

Services integration - Correct Answer

Resource policies - Correct Answer

Transit gateway - Correct Answer

Virtualization - Correct Answer

Virtual machine (VM) sprawl avoidance - Correct Answer

VM Escape Protection - Correct Answer

Environment development - Correct Answer

Environment Test - Correct Answer

Environment Staging - Correct Answer

Environment production - Correct Answer

Environment Quality assurance (QA) - Correct Answer

Provisioning and Deprovisioning - Correct Answer Commission/Decommission of assets from the time it is installed, until the time it is decommissioned and disposed.

Integrity measurement - Correct Answer

Secure Coding Techniques - Correct Answer Techniques used while coding to provide as much security as possible.

Normalization - Correct Answer

Stored procedures - Correct Answer

Obfuscation/camouflage - Correct Answer

Code reuse/dead code - Correct Answer

Server-Side vs. Client-Side Execution and Validation - Correct Answer

Memory management - Correct Answer

Use of third-party libraries and software development kits (SDKS) - Correct Answer

Open Web Application Security Project (OWASP) - Correct Answer An open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.

Software diversity - Correct Answer

Compiler - Correct Answer

Binary - Correct Answer

Automation/Scripting - Correct Answer

Iris Biometrics - Correct Answer

Facial Biometrics - Correct Answer

Voice Biometrics - Correct Answer

Vein Biometrics - Correct Answer

Gait analysis Biometrics - Correct Answer

Efficacy rates Biometrics - Correct Answer

False acceptance Biometrics - Correct Answer

False rejection Biometrics - Correct Answer

False rejection Biometrics - Correct Answer

Crossover error rate Biometrics - Correct Answer

multifactor authentication (MFA) factors and attributes - Correct Answer

Factors:

  • Something you know
  • Something you have
  • Something you are - Correct Answer

Attributes:

  • Somewhere you are
  • Something you can do
  • Someone you know - Correct Answer
  • Authorization, authorization, and accounting (AAA) - Correct Answer

Cloud vs. on-premises requirements - Correct Answer

Redundancy - Correct Answer

Geographic dispersal - Correct Answer

Disk - Redundant array of inexpensive disks (RAID) levels - Correct Answer

Multipath - Correct Answer

Network: Load balancers - Correct Answer

Network interface card teaming - Correct Answer

Power: Uninterruptible power supply (UPS) - Correct Answer

Power: Generator - Correct Answer

Power: Dual supply - Correct Answer

Managed power distribution units (PDUS) - Correct Answer

Replication - Correct Answer

Storage area network - Correct Answer

VM - Correct Answer

On-premises vs. cloud - Correct Answer

Backup types - Correct Answer

Backup types: Full - Correct Answer

Backup types: Incremental - Correct Answer

Backup types: Snapshot - Correct Answer

Backup types: Differential - Correct Answer

Backup types: Tape - Correct Answer

Backup types: Disk - Correct Answer

Backup types: Copy - Correct Answer

Backup types: Network-attached storage (NAS) - Correct Answer

Backup types: Storage area network - Correct Answer

Backup types: Cloud - Correct Answer

Backup types: Image - Correct Answer

Backup types: Online vs. offline - Correct Answer

Backup types: Offsite storage- Distance considerations - Correct Answer

Non-persistence - Correct Answer

Weak defaults - Correct Answer

Specialized Medical systems - Correct Answer

Specialized Vehicles - Correct Answer

Specialized Aircraft - Correct Answer

Specialized smart meters - Correct Answer

Voice over IP (VoIP) - Correct Answer

Heating, ventilation, air conditioning (HVAC) - Correct Answer

Drones - Correct Answer

Multifunction printer (MFP) - Correct Answer

Real-time operating system (RTOS) - Correct Answer

Surveillance systems - Correct Answer

System on chip (SoC) - Correct Answer

Communication considerations: 5G - Correct Answer

Communication considerations: Narrow-band - Correct Answer

Communication considerations: Baseband radio - Correct Answer

Subscriber identity module (SIM) cards - Correct Answer

Zigbee - Correct Answer

Constraints: Power - Correct Answer

Constraints: Compute - Correct Answer

Constraints: Network - Correct Answer

Constraints: Crypto - Correct Answer

Constraints: Inability to patch - Correct Answer

Constraints: Authentication - Correct Answer

Constraints: Range - Correct Answer

Constraints: Cost - Correct Answer

Constraints: Implied trust - Correct Answer

Bollards/barricades - Correct Answer

Access control vestibules - Correct Answer

Badges - Correct Answer

Alarms - Correct Answer

Signage - Correct Answer

Cameras - Correct Answer

Motion recognition and object detection - Correct Answer

closed circuit television (CCTV) - Correct Answer Video cameras and receivers used for surveillance in areas that require security monitoring.

Industrial camouflage - Correct Answer

Personnel - Correct Answer Guards: Robot sentries: Reception: Two-person integrity/control

Locks - Correct Answer Biometrics: Electronic: Physical: Cable Locks:

USB data blocker - Correct Answer

Lighting and fencing - Correct Answer

Fire suppression - Correct Answer

Sensors: Motion detection - Correct Answer

Sensors: Noise detection - Correct Answer

Sensors: Proximity Reader - Correct Answer