CompTIA SECURITY+ SY0 601 Study guides, Class notes & Summaries

CompTIA Security+ SY0-601 - 1.8 Nyberg

CompTIA Security+ SY0-601 - 1.4 Nyberg Questions and Answers

The user installed Trojan horse malware. - A user used an administrator account to download and install a software application. After the user launched the .exe extension installer file, the user experienced frequent crashes, slow computer performance, and strange services running when turning on the computer. What most likely happened to cause these issues? A worm - A security operations center (SOC) analyst investigates the propagation of a memory-resident virus across the network and notic...

Threat hunting - The process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions. Intelligence Fusion - Collects and examines info from all available sources and intel disciplines to derive as complete of an assessment as possible of detected activity. Threat feeds - Record and track IP addresses and URLs that are associated with phishing scams, malware, bots, trojans, adware, spyware, ransomware and more. ...

Threat hunting - The process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions. Intelligence Fusion - Collects and examines info from all available sources and intel disciplines to derive as complete of an assessment as possible of detected activity. Threat feeds - Record and track IP addresses and URLs that are associated with phishing scams, malware, bots, trojans, adware, spyware, ransomware and more. ...

Vulnerability - A flaw or weakness that allows a threat agent to bypass security. Zero-day attack - Attack that exploits previously unknown vulnerabilities, so victims have no time (zero days) to prepare for or defend against the attack. Weak configuration - Configuration options that provide limited security capability. Open permissions - A condition where least-privilege is not implemented are users and system have more rights/permissions than are required to do their jobs. root ac...

Vulnerability - A flaw or weakness that allows a threat agent to bypass security. Zero-day attack - Attack that exploits previously unknown vulnerabilities, so victims have no time (zero days) to prepare for or defend against the attack. Weak configuration - Configuration options that provide limited security capability. Open permissions - A condition where least-privilege is not implemented are users and system have more rights/permissions than are required to do their jobs. root ac...

Penetration Testing (PenTest) - A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers. White Box Testing - Testing based on an analysis of the internal structure of the component or system. Black Box Testing - Testing, either functional or non-functional, without reference to the internal structure of the component or system. Gray Box Testing - Security testing that is based on limited knowledge of an application's design. Rules o...

Penetration Testing (PenTest) - A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers. White Box Testing - Testing based on an analysis of the internal structure of the component or system. Black Box Testing - Testing, either functional or non-functional, without reference to the internal structure of the component or system. Gray Box Testing - Security testing that is based on limited knowledge of an application's design. Rules o...

Privilege Escalation - An attack that exploits a vulnerability in software to gain access to resources that the user normally would be restricted from accessing. Cross-Site Scripting (XSS) - An attack that injects scripts into a Web application server to direct attacks at clients. SQL Injection - A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy. DLL (Dynamic Link Library) - A c...