Security+ Exam Objectives SYO-601 Study Questions And Answers With Verified Solutions Graded A

Phishing - Fraudulent attempt to obtain sensitive information or data, by disguising oneself as a trustworthy entity in an electronic communication. Smishing - When someone tries to trick you into giving them your private information via a text or SMS message. Vishing - Using social engineering over the telephone system to gain access to private personal and financial information for the purpose of financial reward Spam - Irrelevant or unsolicited messages sent to a large number of Internet users, for illegitimate advertising, and other activities such as phishing, and spreading malware SPIM - Spam delivered through instant messaging (IM) instead of through e-mail messaging Spear Phishing - The act of sending emails to specific and well-researched targets while pretending to be a trusted sender Dumpster Diving - Exploration of a system's trash bin for the purpose of finding details in order for a hacker to have a successful online assault. Shoulder Surfing - When someone watches over your shoulder to nab valuable information as you key it into an electronic device. Pharming - Cyberattack intended to redirect a website's traffic to another, fake site. Tailgating - Social engineering attempt by cyber threat actors in which they trick employees into helping them gain unauthorized access into the company premises. Eliciting Information - Procedures or techniques involving interacting with and communicating with others that is designed to gather knowledge or inform Whaling - Spear phishing that focuses on one specific high level executive or influencer Prepending - Prepend is a word that means to attach content as a prefix. For example, a prepend command could be used in a scripting language that a programmer would enter into a certain function or code module. It would add certain characters of text to the beginning of some variable or object. Identity Fraud - Identity fraud is the use of stolen information such as making fake ID's and fake bank accounts Invoice Scams - Using fraudulent invoices to steal from a company Credential Harvesting - The use of MITM attacks, DNS poisoning, phishing, etc. to amass large numbers of credentials (username / password combinations) for reuse. Reconnaissance - Information gathering about a target network Hoax - Cyber hoax scams are attacks that exploit unsuspecting users to provide valuable information, such as login credentials or money. Impersonation - Typically involves an email that seems to come from a trusted source. Watering hole attack - Security exploit in which the attacker seeks to compromise a specific group of end-users by infecting websites that members of the group are known to visit. The goal is to infect a targeted user's computer and gain access to the network at the target's place of employment. Typo squatting - Type of cybersquatting used by imposters that involve registering domains with intentionally misspelled names of popular web addresses to install malware on the user's system Pretexting - The practice of presenting oneself as someone else in order to obtain private information. Influence campaigns - Sway public opinion on political and social issues. Example, using fake accounts to sway legitimate accounts Hybrid warfare - Wage war non-traditionally - with cyberwarfare/influencing foreign elections Social Media Campaign - Planned, coordinated marketing efforts using one or more social media platforms. Principles: - Authority: an attacker may try to appear to have a certain level authority. Intimidation: may try to make the victim think that something terrible is going to happen if they don't comply with the attacker's wishes. Consensus: An attacker may try to sway the mind of a victim using names they are familiar with, saying that such ones provided them information (they are fishing for) in the past and you should be able to do the same. Scarcity: An attacker may try to set a time limit on a victim so that they can comply with their wishes by a certain deadline. Familiarity: they make you familiar with them on the phone and make you want to do things for them. Trust: The attacker in this case can claim to be a friend or close associate of someone you may know very well and that's trusted. Urgency: When attackers want you to act and not think, they want you to do what they want as quickly as possible so that there's no time to spot all the red flags. Malware - A program or file designed to be disruptive, invasive, and harmful to your computer. Ransomware - Software that encrypts programs and data until a ransom is paid to remove it. Worms - Independent computer programs that copy themselves from one computer to other computers over a network. Potentially Unwanted Program (PUP) - Program that installs itself on a computer, typically without the user's informed consent Fileless virus - Software that uses legitimate programs to infect a computer. It does not rely on files and leaves no footprint, making it challenging to detect and remove. Command and Control - A computer controlled by an attacker or cybercriminal which is used to send commands to systems compromised by malware and receive stolen data from a target network Bots - self-propagating malware that infects its host and connects back to a central server(s). Cryptomalware - Malware to remain in place for as long as possible, quietly mining in the background. Logic Bomb - A computer program or part of a program that lies dormant until it is triggered by a specific logical event. Spyware - Type of malware that infects your PC or mobile device and gathers information about you, including the sites you visit, the things you download, your usernames and passwords, payment information, and the emails you send and receive.