Save
Busy. Please wait.
Log in with Clever
or

show password
Forgot Password?

Don't have an account?  Sign up 
Sign up using Clever
or

Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't know
Remaining cards (0)
Know
0:00
share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Security + CompTIA

Domain 1

TermDefinition
NTPsec This is the secure network time protocol, and the effort to make this more secure started around June of 2015. The code base of NTP has been updated in NTPsec.
SRTP Secure Real-time Transport Protocol (VOIP) adds encryption using AES to make sure that all the video and audio is confidential. Includes authentication integrity and replay protection by including HMAC-SHA1 as a hashing function.
Privilege Escalation programming errors can result in system compromise, allowing someone to gain unauthorized privileges
Viruses infect systems and spread copies of themselves, don't execute on their own
Worms Similar to viruses, but do not require host to replicate or execute
Trojans disguised malicious code within apparently useful applicaitons
logic bombs Trigger a malware action at a particular time/at particular event
Rootkit can be installed and hidden on a computer mainly for the purpose of compromising the system
Ransomware Usually demands money in return for the release of data, which may have also been encrypted using crypto malware
spyware may monitor browser activity, log keystrokes and impact computer performance
Adware & Spyware often result in computer running slow and generating popups
Armored viruses kind of virus that seeks to make it difficult to analyze functions by creating a metaphorical layer of armor around the virus
Phishing social engineering attack commonly done through email across a large audience
Spear phishing social engineering attack commonly done through email that targets an individual or group
Whaling similar to phishing, but affects big targets, such as CEO
Vishing attacker uses a fake caller ID to appear as a trusted org & attempt individual to enter account details via phone
Pharming based on farming & phishing; does not require the user to be tricked into clicking on a link. Instead it redirects victims to a bogus website, even if they correctly entered the intended site
Dos & DDoS attacks that involve the disruption of normal network services and include attacks based on the ICMP echo reply called a smurf attack
Spoofing process of masking data to look as if it came from a truste or legitimate origin
Man in the Middle MiTM
Replay Attack involve reposting captured data
Zero Day Vulnerabilities vulnerabilities not yet detected by antimalware software
DNS poisioning attack that allows perpetrator to redirect traffic by changing the IP record for a specific domain (thus permitting attackers to send legit traffic anywhere they choose)
ARP poisoning attack deceives a device on network, poisoning its table associations of other devices
XSS Cross-Site Scripting, vulnerabiltites can be used to hijack the user's session
NullPointerException occurs when an application tries to use an object with reference to the null value
Evil Twin rogue access points, MiTM attacks
Bluejacking attackers generate messages that appear to come from the device itself, leading users to follow obvious prompts and establish an open bluetooth connection to attacker's device
bluesnarfing more aggressive than bluejacking, data on victim's device becomes available for unauthorized access, modification or access
Threat Actor Attributes Actor's relationship to organization , motive, intent and capability
Kinds of threat actors Script kiddies, insiders, hacktivists, organized crime, competitors, nation states etc...
OSINT open sourced intelligence describes information for collection from publicaly available sources
Black Box Test test conducted with assessor having no information or knowledge about the inner workings of the system
Phase 1 of Pen Test Planning
Phase 2 of Pen test discovery
Phase 3 of Pen test attack
Phase 4 of pen test reporting
white box testing test to see if programming constructs are placed correctly and carry out required actions, assessor has knowledge of the inner system workings & code
Gray Box Testing uses a combination of both white and black box techniques. Tester has some understanding of or limited knowledge of inner workings
Attack phase of Pen Test steps Initial exploitation, escalation of privilege, pivot, persistence.
Vulnerability scan identifies misconfigurations & lack of security controls
Race Condition results in system malfunction & unexpected results. Resulting errors can cause crashes and allow attackers to gain control of a system or remotely execute commands
Salt in password this prevents a rainbow attack on password hashes
Popular Standardized Tests sets

 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards