CompTIA Security plus

0.0(0)
studied byStudied by 37 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/450

flashcard set

Earn XP

Description and Tags

Studying guide for Sec+. It is still being updated daily

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

451 Terms

1
New cards

Information Systems Security

Act of protecting the systems that hold and process our critical data

2
New cards

CIA Triad

Confidentiality, Integrity, Availability

3
New cards

What is confidentiality?

Information not disclosed to unauthorized people.

4
New cards

What is integrity?

Information not modified without proper authorization.

5
New cards

Example of CIA Traid

Bank

password - confidentiality

bank cant just make numbers up - integrity

Access the banks website - availability

6
New cards

Three A's (AAA) of Security

Authentication, Authorization, and Accounting

7
New cards

Authentication

person's identity is established with proof and confirmed by a system.

something you know

something you are

something you have

something you do

somewhere you are

8
New cards

Authorization

A user is given access to a piece of data or areas of a building

9
New cards

Accounting

Tracking of data, computer usage, and network resources

10
New cards

What is Weaponization?

Coupling payload code (gain access) with exploit code (vulnerability).

11
New cards

What is Installation?

Enabling weaponized code to run a remote access tool and achieve persistence on the target system.

12
New cards

What is the Diamond Model of Intrusion Analysis?

A framework for analyzing cybersecurity incidents and intrusions.

13
New cards

Information Security

Act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, corruption, and destruction

14
New cards

What is availability?

Information able to be stored, accessed, or protected at all times.

15
New cards

When you hear encryption what comes to mind?

confidentiality

16
New cards

What are administrative (managerial) controls?

Policies, procedures, security awareness training, contingency planning, and disaster recovery plans.

17
New cards

What are White Hats?

Non-malicious hackers who attempt to break into a company's systems at their request.

18
New cards

What are Black Hats?

Malicious hackers who break into computer systems and networks without authorization or permission.

19
New cards

What are Threat Actors? What types are there?

Individuals or groups who engage in malicious activities.

from most skilled to least

APTs > Organized Crime > Hacktivists > Script Kiddies

20
New cards

What are Advanced Persistent Threats (APTs)?

Highly trained and funded hacker groups, often backed by nation states, with access to covert and open-source intelligence.

21
New cards

What is the purpose of the pre-ATT&CK tactics matrix?

To align with the reconnaissance and weaponization phases of the kill chain.

22
New cards

What is malware?

Software designed to infiltrate and damage computer systems without user consent.

23
New cards

What is a multipartite virus?

Virus that combines boot and program viruses to first attach itself to the boot sector and system files before attacking other files on the computer

24
New cards

What is a polymorphic virus?

Virus that changes itself to avoid detection (advanced encrypted virus).

25
New cards

What can worms cause?

Disruption to network traffic and computing activities.

26
New cards

What is the most commonly used type of Trojan?

Remote Access Trojan (RAT).

27
New cards

Can you provide an example of ransomware attack?

SamSam cost the City of Atlanta $17 million.

28
New cards

What is DLL injection?

Malicious code is inserted into a running process on a Windows machine by taking advantage of Dynamic Link Libraries that are loaded at runtime.

29
New cards

What is driver manipulation?

An attack that relies on compromising the kernel-mode device drivers that operate at a privileged or system level.

30
New cards

Non-repudiation

The security principle of providing proof that a transaction occurred between identified parties. Repudiation occurs when one party in a transaction denies that the transaction took place.

31
New cards

What is malware?

Malicious software

32
New cards

Define unauthorized access.

Accessing computer resources and data without consent

33
New cards

What is system failure?

Computer crash or application failure

34
New cards

What is social engineering?

Manipulating users into revealing confidential information or preforming other detrimental actions

35
New cards

What are physical controls?

Alarm systems, locks, surveillance cameras, identification cards, and security guards.

36
New cards

What are technical controls?

Smart cards, encryption, access control lists (ACLs), intrusion detection systems, and network authentication.

37
New cards

What is the most cost-effective security control?

User training.

38
New cards

5 types of hackers

White Hat, Black Hat, Gray Hat, Blue Hat, Elite

39
New cards

What are Gray Hats?

Hackers without affiliation who attempt to break into a company's network.

40
New cards

What are Blue Hats?

Hackers who attempt to hack into a network with permission but are not employed by the company.

41
New cards

What are Elite hackers?

Hackers who find and exploit vulnerabilities before anyone else. 1 in 10,000 hackers

42
New cards

What are Script Kiddies?

Hackers with limited skills who use other people's exploits and tools.

43
New cards

Who are Hacktivists?

Hackers driven by causes like social change , political agendas, or terrorism.

44
New cards

Who are Organized Crime hackers?

Hackers who are part of well-funded and sophisticated crime groups.

45
New cards

What is timeliness?

Property of an intelligence source that ensures it is up-to-date.

46
New cards

What is relevancy?

Property of an intelligence source that ensures it matches the use cases intended for it.

47
New cards

What is accuracy?

Property of an intelligence source that ensures it produces effective results. (Is it valid and true)

48
New cards

What are confidence levels?

Property of an intelligence source that ensures it produces qualified statements about reliability.

49
New cards

What is proprietary?

Threat intelligence provided as a commercial service with a subscription fee.

50
New cards

What is closed-source?

Data derived from the provider's own research and analysis efforts. (Think honeypots)

51
New cards

What is open-source?

Data available without subscription, including threat feeds and reputation lists.

52
New cards

What is US-CERT?

United States Computer Emergency Readiness Team.

53
New cards

What is UK's NCSC?

United Kingdom's National Cyber Security Centre.

54
New cards

What is AT&T Security (OTX)?

AT&T Security Open Threat Exchange.

55
New cards

What is MISP?

Malware Information Sharing Platform.

56
New cards

What is VirusTotal?

Online service for analyzing files and URLs for potential threats.

57
New cards

What is Spamhaus?

Organization that tracks and lists spam sources and provides real-time threat intelligence.

58
New cards

What is SANS ISC Suspicious Domains?

List of suspicious domains maintained by the SANS Internet Storm Center.

59
New cards

What is open-source intelligence (OSINT)?

Methods of obtaining information through public records, websites, and social media.

60
New cards

What is threat hunting?

A technique to detect undiscovered threats.

61
New cards

How is threat hunting different from penetration testing?

Potentially less disruptive.

62
New cards

What is the first step in threat hunting?

Establishing a hypothesis based on threat modeling, based on potential events with higher likelihood and higher impact.

63
New cards

What is involved in profiling threat actors and activities?

Creating scenarios of potential intrusion attempts and objectives.

64
New cards

What tools are used in threat hunting?

Network traffic analysis, executable process list analysis, analysis of other infected hosts, identification of malicious process execution.

65
New cards

What are the benefits of threat hunting?

Improved detection capabilities, integration of intelligence, reduced attack surface, blocked attack vectors, identification of critical assets.

66
New cards

What does threat hunting rely on?

The usage of the tools developed for regular security monitoring and incident response

67
New cards

What do you need to assume while threat hunting?

Existing rules have failed.

68
New cards

Threat hunting consumes

a lot of resources and time to conduct, but can yield a lot of benefits

69
New cards

What is Kill Chain?

A model developed by Lockheed Martin that describes the stages by which a threat actor progresses a network intrusion

70
New cards

What is Reconnaissance?

The stage where the attacker determines attack methods.

71
New cards

What is Delivery?

Identifying a vector to transmit weaponized code to the target.

72
New cards

What is Exploitation?

Executing weaponized code on the target system.

73
New cards

What is Command & Control (C2)?

The weaponized code establishes an outbound channel to a remote server that can then be used to control the remote access tool and possibly download additional tools to progress the attack

74
New cards

What are Actions on Objectives?

Covertly collecting information or achieving other goals. and/or enable kill chain.

75
New cards

How can Kill Chain analysis be used?

To identify defensive actions at each stage of an attack.

76
New cards

What is Data Exfiltration?

Covertly transferring information to a remote system.

77
New cards

Who developed the Kill Chain model?

Lockheed Martin.

78
New cards

What is the MITRE ATT&CK Framework?

A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and common knowledge or procedures (attack.mitre.org)

79
New cards

What does the MITRE ATT&CK Framework list and explain?

Specific adversary tactics, techniques, and common knowledge or procedures.

80
New cards

What are the four core features of the Diamond Model?

Adversary, capability, infrastructure, and victim.

81
New cards

Steps of Kill Chain

Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control (C2), Actions on Objectives

82
New cards

Types of Malware

● Viruses ● Worms ● Trojan horses ● Ransomware ● Spyware ● Rootkits ● Spam

83
New cards

What is a virus?

Malicious code that infects a computer.

84
New cards

How do viruses reproduce and spread?

They require user action.

85
New cards

What is a boot sector virus?

Virus stored in the first sector of a hard drive and are loaded into memory upon boot up.

86
New cards

What is a macro virus?

Virus embedded in a document and is executed when the document is opened by the user. (excel, word ect)

87
New cards

What do program viruses infect?

Executables or applications.

88
New cards

What is an encrypted virus?

Virus that is encrypted to avoid detection.

89
New cards

What is a metamorphic virus?

Virus that rewrites itself entirely before infecting a file. (advanced polymorphic virus)

90
New cards

What is a stealth virus?

Virus that hides itself from detection.

91
New cards

What is an armored virus?

Virus with a layer of protection to confuse analysis.

92
New cards

What is a hoax virus?

A false virus warning or threat. (not a virus itself but don't install or call to get rid of it.)

93
New cards

Name all virus forms

Hoax, Armored, Stealth, Metamorphic, Polymorphic, Encrypted, Multipartite, Program, Macro, Boot Sector

94
New cards

What is a worm?

Malicious software that replicates without user interaction.

95
New cards

How do worms spread?

Worms self-replicate and spread without user consent or action.

96
New cards

Can you provide an example of a worm?

Conficker infected 9-15 million computers in 2009.

97
New cards

What is a Trojan Horse?

Malicious software disguised as harmless software.

98
New cards

What are the functions of a Trojan?

Perform desired and malicious functions.

99
New cards

What is a Remote Access Trojan (RAT)?

Trojan that provides remote control of a victim computer.

100
New cards

What is ransomware?

Malware that restricts access until ransom is paid.