Nyberg - Study guides, Class notes & Summaries

social enginerring Sometimes referred to as hacking people. The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. Phishing The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. Smishing Phishing attacks committed using text messages (SMS). Vishing Phishing attacks...

Privilege Escalation - An attack that exploits a vulnerability in software to gain access to resources that the user normally would be restricted from accessing. Cross-Site Scripting (XSS) - An attack that injects scripts into a Web application server to direct attacks at clients. SQL Injection - A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy. DLL (Dynamic Link Library) - A comp...

Malware - Malicious software Ransomeware - A type of malicious software designed to block access to a computer system until a sum of money is paid. Trojan - A program disguised as a harmless application that actually produces harmful results. Worm - Software program capable of reproducing itself that can spread from one computer to the next over a network. PUPs (Potentially Unwanted Programs) - Software commonly installed during the process of installing desired software. While not i...

Malware - CORRECT ANS Malicious software Ransomeware - CORRECT ANS A type of malicious software designed to block access to a computer system until a sum of money is paid. Trojan - CORRECT ANS A program disguised as a harmless application that actually produces harmful results. Worm - CORRECT ANS Software program capable of reproducing itself that can spread from one computer to the next over a network. PUPs (Potentially Unwanted Programs) - CORRECT ANS Sof...

Privilege Escalation - CORRECT ANS An attack that exploits a vulnerability in software to gain access to resources that the user normally would be restricted from accessing. Cross-Site Scripting (XSS) - CORRECT ANS An attack that injects scripts into a Web application server to direct attacks at clients. SQL Injection - CORRECT ANS A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the secur...

Penetration Testing (PenTest) - CORRECT ANS A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers. White Box Testing - CORRECT ANS Testing based on an analysis of the internal structure of the component or system. Black Box Testing - CORRECT ANS Testing, either functional or non-functional, without reference to the internal structure of the component or system. Gray Box Testing - CORRECT ANS Security testing that...

CompTIA Security+ SY0-601 - 1.2 Nyberg Test With Complete Solutions

CompTIA Security+ SY0-601 - 1.2 Nyberg Malware - ANS Malicious software Ransomeware - ANS A type of malicious software designed to block access to a computer system until a sum of money is paid. Trojan - ANS A program disguised as a harmless application that actually produces harmful results. Worm - ANS Software program capable of reproducing itself that can spread from one computer to the next over a network. PUPs (Potentially Unwanted Programs) - ANS Software commonly ...

Penetration Testing (PenTest) - A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers. White Box Testing - Testing based on an analysis of the internal structure of the component or system. Black Box Testing - Testing, either functional or non-functional, without reference to the internal structure of the component or system. Gray Box Testing - Security testing that is based on limited knowledge of an application's design. Rules o...

Threat hunting - The process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions. Intelligence Fusion - Collects and examines info from all available sources and intel disciplines to derive as complete of an assessment as possible of detected activity. Threat feeds - Record and track IP addresses and URLs that are associated with phishing scams, malware, bots, trojans, adware, spyware, ransomware and more. ...