Save
Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account. Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Sec+ Domain 2

Security+ Domain 2: Threats, Vulnerabilities, and Mitigations Study Material

QuestionAnswer
What is the difference between a threat and a vulnerability? A threat is a potential danger that could exploit a vulnerability, while a vulnerability is a weakness that can be exploited.
What are the three main types of social engineering attacks? Phishing, pretexting, and baiting.
What is a watering hole attack? A targeted attack where hackers infect a website frequently visited by their target.
How does a business email compromise (BEC) attack work? An attacker impersonates an executive or vendor to trick employees into transferring money or sensitive data.
What is the primary purpose of credential stuffing? To use stolen username/password combinations on multiple sites, exploiting users who reuse passwords.
How does ransomware typically spread? Through phishing emails, malicious ads, or exploit kits.
What is the main difference between a Trojan and a worm? A Trojan disguises itself as legitimate software, while a worm self-replicates without user intervention.
What is a rootkit? A type of malware that hides itself in a system, often modifying OS components to gain persistent access.
How can you mitigate ransomware attacks? Regular backups, endpoint detection, user training, and email filtering.
What is fileless malware? Malware that operates in memory without writing files to disk, making detection harder.
What is the main security risk of default credentials? Attackers can easily guess or find them to gain unauthorized access.
What is the difference between SQL injection and XSS? SQL injection manipulates databases, while XSS injects scripts into web pages to attack users.
What does an SSRF (Server-Side Request Forgery) attack do? It tricks a server into making requests to internal resources, potentially exposing sensitive data.
How does an attacker exploit an insecure API? By bypassing authentication, injecting malicious data, or abusing weak rate limits.
What is the best way to prevent SQL injection attacks? Use parameterized queries and input validation.
What is the primary risk associated with shadow IT? Unapproved devices or software introduce security risks outside of IT control.
How does misconfigured cloud storage pose a threat? Data can be publicly exposed due to improper access controls.
Why are IoT devices commonly targeted by attackers? They often have weak default credentials, lack updates, and run on insecure networks.
What is a common method to secure IoT devices? Change default passwords, apply firmware updates, and segment IoT devices on a separate network.
What security control helps protect against unauthorized access to cloud resources? Multi-factor authentication (MFA).
What is the difference between vulnerability scanning and penetration testing? Scanning identifies weaknesses, while pen testing actively exploits them to assess security posture.
What is the importance of a CVE (Common Vulnerabilities and Exposures)? It provides a standardized reference for known security vulnerabilities.
What are the three main phases of a vulnerability management lifecycle? Identification, assessment, and remediation.
How does an organization prioritize vulnerabilities? By using risk-based assessment models like CVSS (Common Vulnerability Scoring System).
What is a zero-day vulnerability? A vulnerability that is unknown to vendors and has no available patch.
How does supply chain compromise occur? Attackers infiltrate a trusted vendor or software provider to deliver malicious code to customers.
What is a common security risk of using open-source software? Unpatched vulnerabilities and dependencies with security flaws.
How can organizations protect against supply chain attacks? Vendor risk assessments, software integrity checks, and least privilege access.
What is the purpose of SBOM (Software Bill of Materials)? It provides a detailed list of components in software to track vulnerabilities.
How does an organization mitigate risks from third-party vendors? By conducting security audits, implementing access controls, and requiring compliance with security policies.
Created by: anapaulaseidel
Popular Computers sets

 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards