comptia+ secuirty

studied byStudied by 0 people
0.0(0)
Get a hint
Hint

Phishing

1 / 199

200 Terms

1

Phishing

A type of social engineering attack often used to steal user data, including login credentials and credit card numbers.

New cards
2

Smishing

The act of committing text message fraud to try to lure victims into revealing account information or installing malware.

New cards
3

Vishing

An electronic fraud tactic in which individuals are tricked into revealing critical financial or personal information to unauthorized entities.

New cards
4

Spam

An unsolicited bulk messages sent to multiple recipients who did not ask for them.

New cards
5

Spam over instant messaging (SPIM)

Refers to unsolicited instant messages.

New cards
6

Spear phishing

An email or electronic communications scam targeted towards a specific individual, organization or business.

New cards
7

Dumpster diving

A technique used to retrieve information that could be used to carry out an attack on a computer network.

New cards
8

Shoulder surfing

A direct observation techniques, such as looking over someone's shoulder, to get information.

New cards
9

Pharming

A form of online fraud involving malicious code and fraudulent websites.

New cards
10

Tailgating

A physical security breach in which an unauthorized person follows an authorized individual to enter a secured premise.

New cards
11

Eliciting information

A reporting format designed to elicit as much information as possible about individuals involved in a group or network.

New cards
12

Whaling

A method used by cybercriminals to masquerade as a senior player at an organization and directly target senior individuals, with the aim of stealing or gaining access to their computer systems for criminal purposes.

New cards
13

Prepending

A technique used to deprioritize a route in a netork.

New cards
14

Identity fraud

A crime in which an imposter obtains key pieces of personally identifiable information (PII) to impersonate someone else.

New cards
15

Invoice scams

A fraudulent way of receiving money or by prompting a victim to put their credentials into a fake login screen.

New cards
16

Credential harvesting

The process of gathering valid usernames, passwords, private emails, and email addresses through infrastructure breaches.

New cards
17

Reconnaissance

A term for testing for potential vulnerabilities in a computer network.

New cards
18

Hoax

A message warning the recipients of a non-existent computer virus threat.

New cards
19

Impersonation

A form of fraud in which attackers pose as a known or trusted person to dupe an employee into transferring money to a fraudulent account, sharing sensitive information or revealing login credentials.

New cards
20

Watering hole attack

A targeted attack designed to compromise users within a specific industry by infecting websites they typically visit and luring them to a malicious site.

New cards
21

Typosquatting

A form of cybersquatting which relies on mistakes such as typos made by Internet users when inputting a website address into a web browser.

New cards
22

Pretexting

A form of social engineering in which an individual lies to obtain privileged data.

New cards
23

Social media

A computer-based technology that allows the sharing of ideas, thoughts, and information through the building of virtual networks.

New cards
24

Authority

The power to enforce rules or give orders.

New cards
25

Consensus

Allows anyone in the network to join dynamically and participate without prior permission.

New cards
26

Ransomware

A malicious software that infects your computer and displays messages demanding a fee to be paid in order for your system to work again.

New cards
27

Trojans

A type of malware that is often disguised as legitimate software.

New cards
28

Worms Potentially unwanted programs (PUPs)

A program that may be unwanted, despite the possibility that users consented to download it

New cards
29

Fileless virus

A type of malicious software that uses legitimate programs to infect a computer.

New cards
30

Command and Control

A computer controlled by a cybercriminal to send commands to systems compromised by malware and receive stolen data from a target network.

New cards
31

Bots

A network of computers infected by malware that are under the control of a single attacking party, known as the "bot-herder."

New cards
32

Cryptomalware

A type of ransomware that encrypts user's files, and demands ransom.

New cards
33

Logic bomb

A string of malicious code used to cause harm to a network when the programmed conditions are met.

New cards
34

Spyware

A type of malware that collects and shares information about a computer or network without the user's consent.

New cards
35

Keyloggers

A type of monitoring software designed to record keystrokes made by a user.

New cards
36

Remote access Trojan (RAT)

A malware program that allows hackers to assume remote control over a device via covert surveillance.

New cards
37

Rootkit

Asoftware used by a hacker to gain constant administrator-level access to a computer or network.

New cards
38

Backdoor

A means to access a computer system or encrypted data that bypasses the system's customary security.

New cards
39

Brute force

A brute-force technique where attackers run through common words and phrases, such as those from a dictionary, to guess passwords.

New cards
40

Rainbow table

A listing of all possible plaintext permutations of encrypted passwords specific to a given hash algorithm.

New cards
41

Plaintext

A message before encryption or after decryption.

New cards
42

Card cloning

The practice of making an unauthorized copy of a credit card.

New cards
43

Skimming

Cybercriminals' strategies for capturing and stealing cardholder's personal payment information.

New cards
44

Supply-chain attacks

A cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply chain.

New cards
45

Birthday

A type of cryptographic attack, which exploits the mathematics behind the birthday problem in probability theory.

New cards
46

Collision Attack

An attack on a cryptographic hash to find two inputs producing the same hash value, i.e. a hash collision.

New cards
47

Downgrade

A form of cyber attack in which an attacker forces a network channel to switch to an unprotected or less secure data transmission standard.

New cards
48

Privilege escalation

A type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker an access to the network.

New cards
49

Cross-site scripting

A web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application.

New cards
50

Structured query language (SQL)

A programming language designed to get information out of and put it into a relational database.

New cards
51

Dynamic-link library (DLL)

A collection of small programs that can be loaded when needed by larger programs and used at the same time.

New cards
52

LDAP (Lightweight Directory Access Protocol)

A software protocol for enabling anyone to locate data about organizations, individuals and other resources such as files and devices in a network

New cards
53

Access Protocol (LDAP)

A software protocol that enables an entity to look up data stored in a server.

New cards
54

Directory traversal

A web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application.

New cards
55

Buffer overflows

When the volume of data exceeds the storage capacity of the memory buffer.

New cards
56

Replay attack

A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed.

New cards
57

Integer overflow

A type of an arithmetic overflow error when the result of an integer operation does not fit within the allocated memory

New cards
58

Request forgeries

An attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated.

New cards
59

Resource exhaustion

Computer security exploits that crash, hang, or otherwise interfere with the targeted program or system.

New cards
60

Memory leak

A resource leak that occurs when a computer program incorrectly manages memory allocations.

New cards
61

Shimming

This involves creating or modifying an API to bypass a driver in order toperform a different function.

New cards
62

Refactoring

It is the name given to a set of techniques used to identify the flow and then modify the internal structure of code without changing the code's visible behavior.

New cards
63

Evil twin

A fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications.

New cards
64

Rogue access point

An access point installed on a network without the network owner's permission.

New cards
65

Bluesnarfing

The unauthorized access of information from a wireless device through a Bluetooth connection.

New cards
66

Bluejacking

The sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices.

New cards
67

Disassociation attack

A type of DoS attack in which the attacker breaks the wireless connection between the victim device and the access point.

New cards
68

Jamming

The transmission of radio signals that disrupt communications by decreasing the Signal-to-Inference-plus-Noise ratio (SINR).

New cards
69

Initialization vector (IV)

A fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom.

New cards
70

Near-field communication (NFC)

A technology which can be used for wireless exchange of data over short distances.

New cards
71

Address Resolution Protocol (ARP)

A communication protocol used for finding the link layer address, such as a MAC address, associated with a given internet layer address.

New cards
72

Protocol (ARP) poisoning

A technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network.

New cards
73

Media access control (MAC) flooding

A technique employed to compromise the security of network switches by flooding the network with fake MAC Addresses.

New cards
74

MAC cloning

Setting the MAC address of your PC or any other MAC address as your device WAN port

New cards
75

Domain hijacking

An attack whereby an organization's domain is stolen by changing the registration of a domain name.

New cards
76

DNS poisoning

The act of placing false information in a DNS resolver cache.

New cards
77

Domain reputation

The overall "health" of your branded domain as interpreted by mailbox providers.

New cards
78

Distributed denial-of-service (DDoS)

An attempt to crash a web server or online system by overwhelming it with data.

New cards
79

PowerShell

A cross-platform task automation and configuration management framework, consisting of a command-line shell and scripting language.

New cards
80

Advanced persistent threat (APT)

An attack in which an unauthorized user gains access to a system or network and remains there for an extended period of time without being detected.

New cards
81

Insider threats

A security risk that originates within the targeted organization.

New cards
82

State actors

An individual with a 'Licence to Hack'. They work for a government to target governments, organisations or individuals to gain access to valuable data or intelligence.

New cards
83

Hacktivists

Groups of criminals who unite to carry out cyber attacks in support of political causes.

New cards
84

Script kiddies

An unskilled individual who uses scripts or programs, developed by others to attack computer systems and networks and deface websites.

New cards
85

Shadow IT

The use of information technology systems, devices, software, applications, and services without explicit IT department approval.

New cards
86

Hacker

A person who finds and exploits the weakness in computer systems and/or networks to gain access.

New cards
87

Direct access attack

Gaining physical access to the computer or its part and performing various functions or installing various types of devices to compromise security.

New cards
88

Wireless attack

A penetration and intrusion acts that target wireless networks and pose serious threats.

New cards
89

Open-source intelligence (OSINT)

The practice of collecting information from published or otherwise publicly available sources.

New cards
90

Dark web

An ungoverned and seemingly ungovernable area of the internet where you can browse and communicate with complete anonymity.

New cards
91

Automated Indicator Sharing (AIS)

Enables the exchange of cyber threat indicators, at machine speed, among the Federal Government.

New cards
92

Predictive analysis

The use of data, statistical algorithms and machine learning techniques to identify the likelihood of future outcomes based on historical data.

New cards
93

Threat maps

A real-time map of the computer security attacks that are going on at any given time.

New cards
94

Weak encryption

An encryption algorithm which can be broken within a time frame that would enable the breaker to take advantage of the information that has been encrypted.

New cards
95

Zero-day

A computer-software vulnerability that is unknown to those who should be interested in mitigating the vulnerability.

New cards
96

Firmware

A small piece of software that makes hardware work and do what its manufacturer intended it to do.

New cards
97

Data breach

An incident wherein information is stolen or taken from a system without the knowledge or authorization of the system's owner.

New cards
98

Data Exfiltration

A technique used by malicious actors to target, copy, and transfer sensitive data.

New cards
99

Identity theft

The use of another person's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes.

New cards
100

Threat hunting

The practice of proactively searching for cyber threats that are lurking undetected in a network.

New cards

Explore top notes

note Note
studied byStudied by 243 people
... ago
5.0(1)
note Note
studied byStudied by 11 people
... ago
5.0(1)
note Note
studied byStudied by 3 people
... ago
5.0(1)
note Note
studied byStudied by 21 people
... ago
5.0(1)
note Note
studied byStudied by 252 people
... ago
5.0(6)
note Note
studied byStudied by 12 people
... ago
4.0(1)
note Note
studied byStudied by 86 people
... ago
5.0(1)
note Note
studied byStudied by 23409 people
... ago
4.5(104)

Explore top flashcards

flashcards Flashcard (81)
studied byStudied by 5 people
... ago
5.0(1)
flashcards Flashcard (180)
studied byStudied by 24 people
... ago
5.0(1)
flashcards Flashcard (115)
studied byStudied by 12 people
... ago
5.0(1)
flashcards Flashcard (54)
studied byStudied by 69 people
... ago
5.0(1)
flashcards Flashcard (61)
studied byStudied by 15 people
... ago
5.0(1)
flashcards Flashcard (34)
studied byStudied by 5 people
... ago
5.0(1)
flashcards Flashcard (38)
studied byStudied by 15 people
... ago
5.0(1)
flashcards Flashcard (342)
studied byStudied by 25956 people
... ago
4.5(122)
robot