Comptia Sec+ 701 Domain 2: Threats, Vulnerabilities, and Mitigations

Name common threat actors.

Nation-state, Hacktivist, Insider, Organized crime, Unskilled attackers

What is Shadow IT?

Unauthorized systems or services used without IT approval

What is phishing?

Fraudulent email attempt to trick users into revealing data

What is spear phishing?

Targeted phishing at a specific individual or organization

What is whaling?

Phishing attack targeting executives or high-value individuals

What is smishing?

Phishing using SMS/text messages

What is vishing?

Phishing using voice calls

What is pharming?

Redirecting users to a fake website without their knowledge

What is pretexting?

Social engineering where attacker pretends to need info under false pretenses

What is tailgating?

Gaining physical access by following someone into a secure area

What is shoulder surfing?

Observing someone’s screen/keyboard to steal data

What is dumpster diving?

Retrieving confidential information from discarded materials

What is a watering hole attack?

Compromising websites that a specific group frequently visits

What is a supply chain attack?

Compromising software, hardware, or vendors in the supply chain

What is ransomware?

Malware that encrypts data and demands payment for decryption

What is a logic bomb?

Malicious code triggered by a specific event or time

What is a worm?

Self-replicating malware spreading without human action

What is a trojan?

Malware disguised as legitimate software

What is spyware?

Malware that secretly gathers user activity and data

What is adware?

Software that delivers unwanted ads and may collect data

What is a rootkit?

Malware that hides system modifications and maintains privileged access

What is a botnet?

A network of compromised devices controlled remotely by an attacker

What is a DDoS attack?

Distributed Denial of Service — multiple systems overwhelming a target

What is an amplification attack?

Using a protocol/service to increase attack traffic volume (e.g., DNS amplification)

What is SQL injection?

Code injection into SQL queries to manipulate a database

What is XSS?

Cross-Site Scripting — injecting malicious scripts into web applications

What is CSRF?

Cross-Site Request Forgery — tricking a user into executing unwanted actions

What is buffer overflow?

Writing more data into memory than allocated, leading to code execution

What is privilege escalation?

Gaining higher-level access than intended

What is session hijacking?

Taking over an active user session

What is man-in-the-middle?

Intercepting and altering communication between two parties

What is DNS poisoning?

Corrupting DNS records to redirect traffic to malicious sites

What is ARP poisoning?

Sending fake ARP messages to redirect traffic within a LAN

What is a vulnerability scan?

Automated process to identify security weaknesses

What is a penetration test?

Simulated attack to exploit vulnerabilities and test defenses

What is patch management?

Regularly applying updates to fix vulnerabilities

What is hardening?

Reducing attack surface by disabling unnecessary services and accounts

What is segmentation?

Splitting networks to limit attacker movement

What is isolation?

Separating critical assets from general access