site_logo

Previous Next


  1. A+ Core 2 Practice Tests
  2. A+ Lab Simulator
  3. A+ LabSim w/ ExamSim
  4. A+ Core2 Cram Notes

A+ Core 2 Certification Cram Notes : Security

2.4 Explain the following social-engineering attacks

Social engineering: It is a type of attack that relies on human interaction to manipulate individuals into divulging sensitive information, performing an action, or providing access to a restricted area.

Phishing: It is a type of attack where an attacker sends an email or message that appears to be legitimate and trustworthy, but it is actually a fraudulent attempt to obtain sensitive information, such as login credentials or financial information.

Vishing: It is a type of phishing attack where an attacker uses voice communication, such as phone calls or voice messages, to trick individuals into providing sensitive information.

Shoulder surfing: It is a type of attack where an attacker watches or records an individual's keystrokes or screen activity to obtain sensitive information, such as passwords or credit card numbers.

Whaling: It is a type of phishing attack that targets high-profile or senior individuals, such as executives or celebrities, to obtain sensitive information or gain access to restricted areas.

Tailgating: It is a type of attack where an attacker gains physical access to a restricted area by following an authorized person without authorization.

Impersonation: It is a type of attack where an attacker pretends to be someone else, such as an authority figure or a trusted individual, to gain access to restricted areas or sensitive information.

Dumpster diving: It is a type of attack where an attacker searches through trash or discarded materials to obtain sensitive information, such as passwords or account numbers.

Evil twin: It is a type of attack where an attacker creates a fake wireless access point that appears legitimate to users, but actually captures sensitive information, such as login credentials or credit card numbers.

Explain the following threats

Distributed denial of service (DDoS): It is an attack in which multiple systems flood the network or server with traffic, making it unavailable to users. The traffic comes from different sources, making it difficult to identify the attacker.

Denial of service (DoS): It is an attack in which a single system sends traffic to a network or server to overload it and make it unavailable to users. The traffic comes from a single source, making it easier to identify the attacker.

Zero-day attack: It is an attack that exploits a vulnerability in a system or software before the developer is aware of it and has released a patch to fix it. Since there is no fix available, the attacker can take advantage of the vulnerability to compromise the system.

Spoofing: It is a technique used by attackers to disguise their identity or to impersonate a legitimate user or system to gain access to a network or system.

On-path attack: It is an attack in which the attacker intercepts the communication between two systems and modifies or steals the data being transmitted.

Brute-force attack: It is an attack in which the attacker tries all possible combinations of usernames and passwords to gain access to a system or network.

Dictionary attack: It is an attack in which the attacker uses a list of common words or phrases to guess a password.

Insider threat: It is a threat posed by individuals who have authorized access to a network or system but use their access for malicious purposes.

Structured Query Language (SQL) injection: It is an attack in which the attacker injects malicious SQL code into a database query to gain unauthorized access to the database or to manipulate the data in it.

Cross-site scripting (XSS): It is an attack in which the attacker injects malicious code into a web page viewed by other users, allowing the attacker to steal user data or take control of the user's browser.

Explain the Vulnerabilities

1. Non-compliant systems: Non-compliant systems refer to systems that are not in compliance with industry standards or regulations. Such systems can pose a risk to the organization's security as they might be missing critical security measures.

2. Unpatched systems: Unpatched systems are systems that are not updated with the latest security patches and updates. Such systems can be exploited by attackers who are aware of the vulnerabilities present in the system.

3. Unprotected systems (missing antivirus/missing firewall): Unprotected systems refer to systems that do not have adequate security measures in place. For example, systems that do not have antivirus or firewalls installed can be easily compromised by attackers.

4. EOL OSs: End-of-life (EOL) operating systems are those that are no longer supported by the manufacturer. Such operating systems do not receive security updates and can be vulnerable to known security vulnerabilities.

5. Bring your own device (BYOD): BYOD refers to the practice of allowing employees to use their personal devices for work-related purposes. Such devices may not have the same level of security as company-owned devices, which can pose a risk to the organization's security.


Previous Next



simulationexams.com ad

certexams.com ad