Are you threatening me?
This threat has legitimate access to resources, can pose a significant risk for any organization, but may be intentional or accidental.
What is an Insider Threat?
This kind of attack focuses on vendors to achieve a long term end goal with another target
What is Supply Chain attack?
This is a method in which a VM gains access to a host system's resources to access local resources or other VMs on the hypervisor
What is VM Escape?
This malware is typified by files being encrypted and the key being held until conditions are met
What is Ransomware?
This mitigation works by putting networks into logically or physically distinct regions
What is Segmentation?
This motivation of a threat actor focuses on obtaining information, one of the most common motivations that has affected you in relation to cyber security
What is Data Exfiltration?
This is the most vulnerable attack vector in any scenario
What is Human or User?
This vulnerability comes from a previously unknown flaw in software or hardware, particularly dangerous because there may be no known way to defend against an attack
What is a Zero-Day Vulnerability?
This malware records user inputs and may remotely transmit them back to the attacker that delivered it to your system
What is a Keylogger?
This mitigation works by translating content into code words so that unauthorized parties cannot read the original information
What is Encryption?
This threat actor is well funded, highly skilled, and motivated by political, military, or economic advantage
What is a Nation State actor?
This kind of attack uses fraudulent text messages sent to a mobile device
What is Smishing?
This vulnerability leverages a lack of input validation and improper error handling to allow code to be run on a database through a web application
What is an SQL Injection/SQLi?
This type of attack uses collisions to be faster than using a brute force attack, relies on the limited nature of the length of a checksum
What is a Birthday Attack?
Installing end point protection, disabling unused ports and protocols, changing default passwords, and other similar measures are known as this
What are Hardening Techniques?
This threat actor is driven by ideological or political goals
What is a Hacktivist?
This attack vector relies on misspellings to bring users to domains other than what they intended to go to, this can be mitigated by owning common misspellings of their domain
What is Typosquatting?
This vulnerability is commonly found to be using scripts hidden within social media comment sections, where an attack is stored on the server but runs within the user's browsers
What is a Cross-Site Scripting XSS attack?
Mary went to Starbucks and used the public WiFi without a VPN to build a new website for her butterfly breeding business and the next day all of her accounts had been compromised because she was a victim of this kind of attack
What is an On-Path attack (also Man in the Middle, but that term will not appear on a CompTIA exam anymore)?
This principle states that access for a user should be restricted to what a user needs to perform their job role
What is the Principle of Least Privilege?
This specific threat causes an often accidental increase in attack surface within a network that can be exploited by threat actors
What is Rogue or Shadow IT?
This attack vector involves using well known user names and passwords to attempt to break in to a network
What is Default Credentials?
This vulnerability writes more data to a buffer than it can handle, causing adjacent memory locations to be overwritten
What is a Buffer Overflow attack?
A user reporting that they are unable to log in without a system administrator unlocking their account is an indicator of what kind of attack on the user's account?
What is Brute Force attack?
This process ensures that data cannot be accessed from systems once they are no longer in production use before device disposal
What is decommissioning?