1202 Comptia Practice

On-path attack

An attacker intercepts or alters communication between two parties without their knowledge

IP Spoofing

Modifying the source address in a packet header to impersonate a trusted system

Cross-site scripting

Injecting malicious scripts into a trusted website that execute in the victim's browser

ARP Poisoning

Sending fake ARP messages to link an attacker’s MAC address with a legitimate IP address

Social Engineering

Manipulating individuals into divulging confidential information or performing actions

WEP

A legacy wireless security protocol considered highly insecure because it uses a weak 24-bit Initialization Vector (IV) that is easily cracked.

WPA

An interim security standard designed to fix WEP flaws; it introduced TKIP for per-packet encryption keys but is now considered weak.

WPA2

The industry standard for wireless security that uses AES (Advanced Encryption Standard) and CCMP for strong data protection.

WPA3

The newest wireless security standard that replaces Pre-Shared Keys with SAE (Simultaneous Authentication of Equals) to prevent brute-force attacks.

WPS

A feature designed for easy device pairing via an 8-digit PIN that is a major security risk because the PIN can be brute-forced.

3-2-1 Backup

A data protection strategy requiring 3 total copies of data, stored on 2 different types of media, with 1 copy kept off-site.

Grandfather-father-son (GFS)

A backup rotation scheme that uses daily (son), weekly (father), and monthly (grandfather) backup sets for long-term history.

Incremental Backup

Backs up only the files that have changed since the last full or incremental backup and clears the archive bit.

Differential Backup

Backs up all files that have changed since the last full backup but does not clear the archive bit.

PCI-DSS

Security standards for any organization that handles credit, debit, and prepaid card information.

GDPR

An EU law that regulates how the personal data of individuals in the European Union is protected.

PII

Information that can be used on its own or with other info to identify, contact, or locate a single person.

PHI

Medical or health-related data that is protected under privacy laws like HIPAA.

Whaling

A highly targeted phishing attack aimed specifically at high-level executives like the CEO, CFO, or CIO.

Vishing

A form of phishing that takes place over voice calls or VoIP to trick victims into giving up personal information.

Spear phishing

A targeted phishing attack directed at a specific individual, group, or organization to increase the chance of success.

Phishing

A broad, non-targeted attack using fraudulent emails to trick a large number of users into revealing sensitive data.

Smishing

A phishing attack conducted via SMS (text messaging) to lure victims into clicking malicious links.

Rainbow Table

An attack that uses a precomputed table of hashed passwords to quickly find a match for a stolen password hash.

Dictionary

An attack that uses a predefined list of common words and phrases to attempt to guess a password.

Brute-force

An attack that attempts every possible combination of characters until the correct password is found.