Security+ SY0-701 - Chapter 4

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/38

flashcard set

Earn XP

Description and Tags

CompTIA Security+ Study Guide Exam SY0-701

Computer Information System

CompTIA

Security+

SY0-701

Sybex

Graduate

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

39 Terms

1
New cards

Social Engineering

The practice of manipulating people through a variety of strategies to accomplish desired actions.

2
New cards

Human Error

The vulnerability social engineering seeks to exploit.

3
New cards

Key Principles of Social Engineering

Authority, Intimtidation, Consensus-based, Scarcity, Familiarity-based, Trust, and Urgency

4
New cards

Authority

The principle of social engineering that relies on the fact that most people will obey someone who appears to be in charge or knowledgeable.

5
New cards

Intimidation

The principle of social engineering that relies on bullying an individual into taking a desired action.

6
New cards

Consensus-based

The principle of social engineering that relies on the fact that people tend to want to do what others are doing.

7
New cards

Scarcity

The principle of social engineering that uses the idea of missing out on something to persuade action.

8
New cards

Familiarity-based

The principle of social engineering that relies on amiable relations between the threat actor and target to persuade action.

9
New cards

Trust

The principle of social engineering in which the threat actor builds a connection with their target so that they will take the actions they want them to take.

10
New cards

Urgency

The principle of social engineering that relies on creating a feeling that action must be taken quickly.

11
New cards

Phishing

The fraudulent acquisition of information including, but not limited to: usernames, passwords, and credit card numbers; by means of email.

12
New cards

Spear Phishing

A type of phishing in which a specific individual is targeted in an attempt to gather desired information or access.

13
New cards

Whaling

A type of phishing in which an important person in an organization (usually someone in a C-Suite position) is targeted for the information or access they possess.

14
New cards

Awareness

What is one of the most common defenses against all types of phishing attacks?

15
New cards

Vishing

The fraudulent acquisition of information including, but not limited to: usernames, passwords, and credit card numbers; by means of phone calls.

16
New cards

Smishing

The fraudulent acquisition of information including, but not limited to: usernames, passwords, and credit card numbers; by means of text messages.

17
New cards

Misinformation

Incorrect information, often resulting from getting the facts wrong.

18
New cards

Disinformation

Incorrect, inaccurate, or outright false information that is intentionally provided to serve an individual or organization’s goals.

19
New cards

Malinformation

Information which is based on fact, but removed from its original context in order to mislead, harm, or manipulate.

20
New cards

Acronym: MDM

Misinformation, Disinformation, and Malinformation

21
New cards

  1. Tell your story

  2. Ready your team

  3. Understand and assess MDM

  4. Strategize response

  5. Track outcomes

The five-step process to counter MDM campaigns.

22
New cards

TRUST

The acronym for the five-step process to counter MDM campaigns.

23
New cards

Impersonation

Pretending to be someone else.

24
New cards

Identity Fraud/Theft

The use of someone else’s identity.

25
New cards

Acronym: BEC

Business Email Compromise

26
New cards

Business Email Compromise

The use of apparently legitimate email addresses to conduct scams and other attacks.

27
New cards

Multifactor authentication, Awareness training, and Policies that support appropriate use and behaviors.

Mitigation methods for business email compromise.

28
New cards

Pretexting

The process of using a made-up scenario to justify why approaching an individual is warranted.

29
New cards

Watering Hole Attack

Using websites that targets frequent to attack them.

30
New cards

Brand Impersonation/Spoofing

An attack that uses emails or other correspondence that intentionally appear to be from a legitimate brand to prompt action.

31
New cards

Typosquatting

An attack that uses misspelled and slightly off, but similar to legitimate URLs to direct victims to sites they did not intend to go to.

32
New cards

Pharming

An attack that hijacks a system’s DNS configuration to redirect victims to sites they did not intend to go to.

33
New cards

Brute-force, Password praying, and Dictionary

Types of password attacks.

34
New cards

Brute-force

A type of password attack that iterates through a large bank of passwords until a correct one is found.

35
New cards

Password Spraying

A type of brute-force password attack that attempts to use a single password or a small set of passwords against many accounts.

36
New cards

Dictionary

A type of brute-force password attack that uses a word bank to guess passwords.

37
New cards

Rainbow Table

A bank of precomputed hashes used to decode hashed password stores.

38
New cards

Hash

A one-way cryptographic function that takes an input and creates a unique and repeatable output.

39
New cards

Password Hash

Best practice for storing passwords to verify at login.