The first domain in CompTIA’s Security + exam (SYO-501) covers threats, attacks and vulnerabilities. This domain contributes 21 percent of the exam score. The exam’s objectives are covered through knowledge, application and comprehension, and the exam has both multiple-choice and performance-based questions. The performance-based questions are designed to test the candidate’s ability to troubleshoot problems in a simulated environment.
The objective of the treats, attacks and vulnerabilities module is to ensure you can understand and explain different types of security compromises, the types of actors involved, and the concepts of penetration testing and vulnerability scanning. The module covers the following six sections.
Malware is malicious software designed to gain access to or damage a computer or system without the user’s knowledge or consent. It’s usually delivered via an email attachment, or link to a malicious site or a legitimate site that’s been infected. Common malware includes:
Viruses: This malware inserts itself into another program and then propagates from one computer to another, causing detriment on the infected systems.
Ransomware: Designed to block access to a computer system, often for a financial payout, ransomware can also destroy files.
Trojans: Typically disguised as legitimate software, Trojans can be used for a variety of tasks, from accessing data to inserting other malware.
Bots: Derived from “robot,” this automated process can be used for malicious purposes to automate tasks such as opening a back door or stealing data.
Spyware: Like the name implies, spyware can be used to monitor and transmit information without the user’s authorization.
RATs: RATs, or remote access Trojans, are typically designed to gain complete control over a computer remotely, using techniques that make them particularly difficult to detect.
Malicious actors employ a variety of attacks to compromise information systems, (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Rodika Tollefson. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/3xAkTItWJCg/
Digital+ Partners Leads Continuation Funding Round in Growing Automated Threat Analysis & Detection Provider, Closing its Series B Round at…
It’s time to say a final “Goodbye” to Flash. (Or should that be “Good riddance”?) With earlier this week seeing…
This is the second in a series of blog posts that discuss how smart DNS resolvers can enhance ongoing network…
Security researchers detected a new spear-phishing attack that’s using an exact domain spoofing tactic in order to impersonate Microsoft. On…
Welcome back to the last part of our three-part blog series on how to leverage analytics to deliver an exceptional…
In 2021, organizations will be more willing to hedge against having all computing eggs in one vendor basket. The post…