CompTIA Security+ (2010 Edition)
Exam Number: SY0-301
|
HOME
|
Resources
A+ Resources
Network+ Resources
Security+ Resources
Cisco Resources
CIW Resources
Exam Vouchers
Web Resources
Hardware Resources
3.0 Threats and Vulnerabilities
3.1 Analyze and differentiate among types of malware
Adware
Virus
Worms
Spyware
Trojan
Rootkits
Backdoors
Logic bomb
Botnets
3.2 Analyze and differentiate among types of attacks
Man-in-the-middle
DDoS
DoS
Replay
Smurf attack
Spoofing
Spam
Phishing
Spim
Vishing
Spear phishing
Xmas attack
Pharming
Privilege escalation
Malicious insider threat
DNS poisoning and ARP poisoning
Transitive access
Client-side attacks
3.3 Analyze and differentiate among types of social engineering attacks
Shoulder surfing
Dumpster diving
Tailgating
Impersonation
Hoaxes
Whaling
Vishing
3.4 Analyze and differentiate among types of wireless attacks
Rogue access points
Interference
Evil twin
War driving
Bluejacking
Bluesnarfing
War chalking
IV attack
Packet sniffing
3.5 Analyze and differentiate among types of application attacks
Cross-site scripting
SQL injection
LDAP injection
XML injection
Directory traversal/command injection
Buffer overflow
Zero day
Cookies and attachments
Malicious add-ons
Session hijacking
Header manipulation
3.6 Analyze and differentiate among types of mitigation and deterrent techniques
Manual bypassing of electronic controls
Failsafe/secure vs. failopen
Monitoring system logs
Event logs
Audit logs
Security logs
Access logs
Physical security
Hardware locks
Mantraps
Video surveillance
Fencing
Proximity readers
Access list
Hardening
Disabling unnecessary services
Protecting management interfaces and applications
Password protection
Disabling unnecessary accounts
Port security
MAC limiting and filtering
802.1x
Disabling unused ports
Security posture
Initial baseline configuration
Continuous security monitoring
Remediation
Reporting
Alarms
Alerts
Trends
Detection controls vs. prevention controls
IDS vs. IPS
Camera vs. guard
3.7 Implement assessment tools and techniques to discover security threats and vulnerabilities
Vulnerability scanning and interpret results
Tools
Protocol analyzer
Sniffer
Vulnerability scanner
Honeypots
Honeynets
Port scanner
Risk calculations
Threat vs. likelihood
Assessment types
Risk
Threat
Vulnerability
Assessment technique
Baseline reporting
Code review
Determine attack surface
Architecture
Design reviews
Penetration testing
Verify a threat exists
Bypass security controls
Actively test security controls
Exploiting vulnerabilities
Vulnerability scanning
Passively testing security controls
Identify vulnerability
Identify lack of security controls
Identify common misconfiguration
Black box
White box
Gray box
Recommended
Associates
