Comptia Security + 501

Course Overview
Welcome to the CompTIA Security+ Course
Topics Covered in this Course
1.0: Threats, Attacks, and Vulnerabilities
1.1 Given a scenario analyze indicators of compromise and determine the type of malware.
12 Topics | 1 Quiz
1.1.1 Virus
1.1.2 Crypto-malware/Ransomware
1.1.3 Worm
1.1.4 Trojan Horse
1.1.5 Rootkit
1.1.6 Keylogger
1.1.7 Adware
1.1.8 Spyware
1.1.9 Bots
1.1.10 RAT
1.1.11 Logic Bomb
1.1.12 Backdoor
Quiz: Threats, Attacks, and Vulnerabilities
1.2 Compare and contrast types of attacks (Important Study Focus!)
6 Topics | 1 Quiz
1.2.1 Social Engineering
1.2.2 Social Engineering (Important Study Focus – Simulation Answers!)
1.2.3 Principles (Reasons for Effectiveness)
1.2.4: Application/Service Attacks
1.2.5 Wireless Attacks
1.2.6 Cryptographic Attacks
Quiz: Compare and contrast types of attacks
1.3 Explain threat actor types and attributes
3 Topics | 1 Quiz
1.3.1 Types of Actors
1.3.2 Attributes of Actors
1.3.3 Use of Open-Source Intelligence
Quiz: Explain threat actor types and attributes
1.4 Explain penetration testing concepts
10 Topics | 1 Quiz
1.4.1 Active Reconnaissance
1.4.2 Passive Reconnaissance
1.4.3 Pivot
1.4.4 Initial Exploitation
1.4.5 Persistence
1.4.6 Escalation of privilege
1.4.7 Black Box
1.4.8 White Box
1.4.9 Gray Box
1.4.10 Pen Testing vs. Vulnerability Scanning
Quiz: Explain penetration testing concepts
1.5 Explain vulnerability scanning concepts
7 Topics | 1 Quiz
1.5.1 Passively test security controls
1.5.2 Identify vulnerability
1.5.3 Identify lack of security controls
1.5.4 Identify common misconfigurations
1.5.5 Intrusive vs. non-intrusive
1.5.6 Credentialed vs. non-credentialed
1.5.7 False Positive
Quiz: Explain vulnerability scanning concepts
1.6 Explain the impact associated with types of vulnerabilities
15 Topics | 1 Quiz
1.6.1 Race Conditions
1.6.2 Vulnerabilities to due:
1.6.3 Improper error/input handling
1.6.4 Misconfiguration/Weak Configuration
1.6.5 Default Configuration
1.6.6 Resource Exhaustion
1.6.7 Untrained Users
1.6.8 Improperly Configured Accounts
1.6.9 Vulnerable Business Processes
1.6.10 Weak Cipher Suites and Implementations
1.6.11 Memory/Buffer Vulnerability
1.6.12 System sprawl/Undocumented Assets
1.6.13 Architecture/Design Weaknesses
1.6.14 New Threats/Zero Day
1.6.15 Improper Certificate and Key Management
Quiz: Explain the impact associated with types of vulnerabilities
Section 1.0: Test Your Knowledge
Section 1: Test Preparation
3 Topics
Section 1 – Flash Cards Game
Section 1 – Mix & Match Game
Section 1 – Familiarize Game
Section 1.0: Identifying Scenario & Questions
Section 1: Performance Based Questions
2.0: Technologies and Tools
2.1 Install and configure network components, both hardware- and software-based, to support organizational security.
17 Topics | 1 Quiz
2.1.1 Firewall
2.1.2 VPN Concentrator
2.1.3 NIPS/NIDS
2.1.4 Router
2.1.5 Switch
2.1.6 Proxy
2.1.7 Load Balancer
2.1.8 Access Point
2.1.9 SIEM
2.1.10 DLP
2.1.11 NAC
2.1.12 Mail Gateway
2.1.13 Bridge
2.1.14 SSL/TLS Accelerators
2.1.15 SSL Decryptors
2.1.16 Media Gateway
2.1.17 Hardware Security Module
Quiz: Install and configure network components
2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization.
14 Topics | 1 Quiz
2.2.1 Protocol Analyzer
2.2.2 Network Scanners
2.2.3 Wireless Scanner/Cracker
2.2.4 Password Cracker
2.2.5 Vulnerability Scanner
2.2.6 Configuration Compliance Scanner
2.2.7 Exploitation Frameworks
2.2.8 Data Sanitization Tools
2.2.9 Steganography Tools
2.2.10 Honeypot
2.2.11 Backup Utilities
2.2.12 Banner Grabbing
2.2.13 Passive vs. Active
2.2.14 Command Line Tools
Quiz: Using appropriate software tools to assess the security posture of an organization.
2.3 Given a scenario, troubleshoot common security issues.
14 Topics | 1 Quiz
2.3.1 Unencrypted Credentials/Clear Text
2.3.2 Logs and Events Anomalies
2.3.3 Permissions Issues
2.3.4 Access Violations
2.3.5 Certificate Issues
2.3.6 Data Exfiltration
2.3.7 Misconfigured Devices
2.3.8 Weak Security Configurations
2.3.9 Personnel Issues
2.3.10 Unauthorized Software
2.3.11 Baseline Deviation
2.3.12 License Compliance Violation (availability/integrity)
2.3.13 Asset Management
2.3.14 Authentication Issues
Quiz: Troubleshoot common security issues.
2.4 Given a scenario, analyze and interpret output from security technologies.
12 Topics | 1 Quiz
2.4.1 HIDS/HIPS
2.4.2 Antivirus
2.4.3 File Integrity Check
2.4.4 Host-based Firewall
2.4.5 Application Whitelisting
2.4.6 Removable Media Control
2.4.7 Advanced Malware Tools
2.4.8 Patch Management Tools
2.4.9 UTM
2.4.10 DLP
2.4.11 Data Execution Prevention
2.4.12 Web Application Firewall
Quiz: Analyze and interpret output from security technologies.
2.5 Given a scenario, deploy mobile devices securely.
5 Topics | 1 Quiz
2.5.1 Connection Methods
2.5.2 Mobile Device Management Concepts
Mobile Device Management Concepts (Important Study Focus – Simulation Answers!)
2.5.3 Enforcement and Monitoring for:
2.5.4 Deployment Models
Quiz: Deploy mobile devices securely.
2.6 Given a Scenario, implement secure protocols.
4 Topics | 1 Quiz
2.6.1 Protocols
Protocols (Important Study Focus – Simulation Answers!)
2.6.2 Use Cases
Configure the firewall (Important Study Focus – Simulation Answers!)
Quiz: Implement secure protocols.
Section 2.0: Test Your Knowledge
Section 2: Test Preparation
3 Topics
Section 2 – Flash Cards Game
Section 2 – Mix & Match Game
Section 2 – Familiarize Game
Section 2.0: Identifying Scenario & Questions
Section 2: Performance Based Questions
3.0: Architecture and Design
3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides.
3 Topics | 1 Quiz
3.1.1 Industry-Standard Frameworks and Reference Architectures
3.1.2 Benchmarks/Secure Configuration Guides
3.1.3 Defense-in-depth/Layered Security
Quiz: Best practices and secure configuration guides.
3.2 Given a scenario, implement secure network architecture concepts.
5 Topics | 1 Quiz
3.2.1 Zones/Topologies
3.2.2 Segregation/Segmentation/Isolation
3.2.3 Tunneling/VPN
3.2.4 Security Device/Technology Placement
3.2.5 SDN
Quiz: Implement secure network architecture concepts.
1 of 3
Previous Topic
Next Topic

1.2.4: Application/Service Attacks

Comptia Security + 501 1.2 Compare and contrast types of attacks (Important Study Focus!) 1.2.4: Application/Service Attacks
Lesson Progress
0% Complete

WORDS

TERM

LAYMAN'S TERM

DoS

DeniaI-of-service. An attack from a single source that attempts to disrupt the services provided by the attacked system. 

This attack can disrupt services such as your computers internet, microphone and or speaker outputs. 

DDoS

Distributed denial-of-service. An attack on a system launched from multiple sources intended to make a computer’s resources or services unavailable to users.

This type of attack is designed to come from more than one source whether it’s from a computer in Japan vs a computer in the USA, both make attempts to hit the same target.

Man-in-the-middle

An attack using active interception or eavesdropping. It uses a third computer to capture traffic sent between two other systems.

This attack name is self-explanatory. There is a computer system in the middle of two other systems gathering data that the two computer systems send to one another. 

Buffer overflow

An error that occurs when an application receives more input, or different input, than it expects. It exposes system memory that is normally inaccessible.

This attack happens when an application for an example like your Facebook gets more information than it asks for you to put like your username and password but the attack would also something like your First Name.

Injection

An attack that injects code or commands. Common injection attacks are DLL injection, command injection, and SQL injection attacks.

An example of this attack is if you pressed the letter “A” the injection attack would run a command or code to run the next letter after the letter “A”.

Cross-site scripting

A web application vulnerability. Attackers embed malicious HTML or JavaScript code into a web site’s code, which executes when a user visits the site.

This type of attack happens from the back-end of things. Usually an attacker has access to a developer’s server and places cross-site scripting to it, which in return the code executes when a user visits the site and do what the attacker intended for it to do. 

Cross-site request forgery

A web application attack. XSRF attacks trick users into performing actions on web sites, such as making purchases, without their knowledge.

This attack it similar to cross-site scripting but instead re-route the user from the original page they landed on to pages for things like making purchases even if the site isn’t an e-commerce site. 

Privilege escalation

The process of gaining elevated rights and permissions. Malware typically uses a variety of techniques to gain elevated privileges.

This allows an attacker to get admin like access to data a basic user couldn’t get using different hacking methods.  

ARP poisoning

An attack that misleads systems about the actual MAC address of a system.

This attack makes a system MAC address number seem different than what it actually is. 

Amplification Attack

DNS amplification is a type of reflection attack which manipulates publicly-accessible domain name systems, making them flood a target with large quantities of UDP packets.

This attack uses a spoof IP address to send UDP packets to overwhelm the target system.

DNS poisoning

An attack that modifies or corrupts DNS results. DNSSEC helps prevent DNS poisoning.

This attack enters false information into a DNS cache, so that queries return an incorrect response and users are directed to the wrong website.

Domain hijacking

An attack that changes the registration of a domain name without permission from the owner.

This attack changes the name, address, and so on of the original person who bought and registered the domain for themselves. 

Man-in-the-browser

An attack that infects vulnerable web browsers. It can allow the attacker to capture browser session data, including keystrokes.

This attack targets web browsers like google and allow attackers to gather data and keystrokes of targeted users. 

Zero day

A vulnerability or bug that is unknown to trusted sources but can be exploited by attackers. Zero-day attacks take advantage of zero-day vulnerabilities.

This attack happens when a developer (programmer) has created an application but are unknown of the errors that the program holds. 

Replay Attack

Data like credentials such as user names and passwords, is intercepted, and replayed back on the network to an unsuspecting host. 

This attack happens by the attacker making the user think they have successfully completed the data transmission. So, if you put all the required information asked to pay your phone bill, this attack would make it seem as if you successfully submitted the information.

Pass the hash

A password attack that captures and uses the hash of a password. It attempts to log on as the user with the hash and is commonly associated with the Microsoft NTLM protocol.

This attack uses an algorithm like method. A key known to the site and the user’s password are both used. The “hash” value is made from both the user password and key site. 

Remember: A hash is a string of random-looking characters that uniquely identifies that data in question, similar to how our fingerprint identifies us.

IP spoofing

IP spoofing is the creation of Internet Protocol (IP) packets which have a modified source address in order to either hide the identity of the sender, to impersonate another computer system or both.

A type of spoofing whereby an intruder uses another site’s IP address as if it were that other site.

MAC spoofing

An attack that changes the source Mac address.

This attack changes the MAC address of the original system to match another targeted system.

Hijacking and Related Attacks

Clickjacking

An attack that tricks users into clicking something other than what they think they’re clicking.

This attack makes you think your clicking for an example would be the homepage of a website but in reality, your clicking something the intended attacker wants you to click.

Session hijacking

An attack that attempts to impersonate a user by capturing and using a session ID. Session IDs are stored in cookies.

This attack takes your session information like if you logged into walmart.com. The attacker could act as you and if you had a credit card on file make purchases.

URL hijacking

The purchase of a domain name that is close to a legitimate domain name. Attackers often try to trick users who inadvertently use the wrong domain name. Also called typo squatting.

This attack happens by attackers purchasing domain names close to familiar site names in an attempt to trick users who mistakenly type the wrong domain name in the address bar. For an example if you were to type “facebok.com” instead of “facebook.com”, the attack site would look exactly like the original site and possibly capture your username and password if you entered it. 

Driver Manipulation

Shimming

A driver manipulation method. It uses additional code to modify the behavior of a driver.

This attack is created using programming code that tells a driver on a device or system what to do. 

Refactoring

Reprogramming devices drivers’ internals so that the device driver responds to all of the normal inputs and generates all the regular outputs, but also generates malicious outputs. 

This attack allows drivers to run normally but only difference is when regular outputs from the driver generates, the attacker make sure malicious outputs are generated as well. 

Previous Topic
Back to Lesson
Next Topic