CompTIA Security+ SY0-701 Notas de estudio - Udemy

Questions and Answers

What typically motivates insider threats that engage in data theft?

Compliance with regulations

Desire for recognition

Personal growth

Financial gain (correct)

Which of the following methods can help mitigate insider threats?

Limiting user access completely

Increasing employee workloads

Encouraging a relaxed security environment

Implementing zero-trust architecture (correct)

What is an example of Shadow IT?

Consulting IT before any software changes

Employees using unauthorized applications (correct)

IT managing all technology projects

Using company-approved software

What is a primary motivation for individuals who commit sabotage as an insider threat?

Revenge for perceived wrongs

Which factor contributes to the unchecked existence of Shadow IT within organizations?

Organizational lack of awareness

Why are regular audits important in preventing insider threats?

To identify security weaknesses

Which is a common unintentional cause of insider threats?

Carelessness or lack of awareness

What role do robust access controls play in cybersecurity?

They secure permissions and limit data exposure.

What is one effective method to ensure data integrity in the face of cybersecurity threats?

Conduct regular backups

Why is paying the ransom during a ransomware attack discouraged?

It can lead to further attacks

What should you do first if you suspect ransomware has infected your machine?

Disconnect it from the network

Which of the following is NOT a good practice for maintaining availability in an organization?

Ignore software maintenance

What is the primary role of Multi-Factor Authentication (MFA) in access controls?

Enhance security by requiring multiple forms of verification

Which term describes a computer that has been compromised and is used in a botnet?

Zombie

What should be done once data and systems have been restored from backups after a ransomware incident?

Notify authorities and analyze the attack

Which strategy is vital for preventing data loss and ensuring business continuity?

Implement a redundant storage strategy

What is the primary goal of adjusting sensitivity in authentication systems?

To balance the False Acceptance Rate (FAR) and FRR

Which method increases security in electronic door locks?

Implementing multiple authentication factors

What type of lock is commonly used in high-security areas like server rooms?

Cipher Locks

Which technologies are primarily used in contactless authentication?

RFID and NFC

What is the process of copying data from an RFID or NFC card to another device called?

Access Badge Cloning

What is a primary characteristic of redundancy strategies in cybersecurity?

To eliminate single points of failure

Which of the following best describes non-repudiation in cybersecurity?

The guarantee that a sender cannot deny sending a message

What role do access controls play in cybersecurity?

They determine user permissions and access levels

Which of the following is NOT a method used to mitigate impersonation attacks?

Ignore unsolicited communication

What motivates individuals to comply with social engineering demands under the principle of authority?

Perceived expertise and trustworthiness of the requester

Which type of phishing specifically targets high-profile individuals for potentially greater rewards?

Whaling

Which of the following describes a key indicator of a phishing attack?

Request for immediate action with an urgent tone

What is the key difference between identity fraud and identity theft?

Identity theft is a broader term that encompasses identity fraud as a specific type of crime.

What is the best way to prevent baiting attacks?

Train users not to use unverified devices that are found

Which attack method involves an adversary manipulating a distraction to steal items?

Diversion Theft

Which of the following is a common method to combat typosquatting?

Registering common misspellings of domain names

Which of the following methods is most effective in ensuring data integrity in card-based authentication systems?

Implementing advanced encryption

What redundancy strategy can help prevent access control failures?

Implementing Multi-Factor Authentication (MFA)

What is the most critical aspect of maintaining availability in information systems?

Monitoring and auditing access logs

Which access control method is most effective against impersonation attacks?

User education and awareness

What is a key characteristic of non-repudiation in cybersecurity?

Proof of the origin and integrity of data

Which of the following is an example of a social engineering tactic that targets user behavior?

Creating urgency through phishing emails

Which approach is most effective for combating business email compromise?

Educating users about phishing techniques

In the context of social engineering, what is the purpose of creating a pretext?

To establish an identity to gain trust

The CompTIA Security+ (SY0-701) exam consists of five domains of knowledge, with Security Operations constituting the highest percentage.

True

Adjusting sensitivity can decrease the Crossover Error Rate (CER) in authentication systems.

False

Cipher locks require a biometric scan for access.

False

Access badge cloning involves copying data from an RFID or NFC card onto unauthorized devices.

True

The utilization of multiple factors in electronic door locks hinders security.

False

Radio Frequency Identification (RFID) technology is mainly used for wired connections in authentication.

False

Mechanical cipher locks are commonly utilized in everyday home security systems.

False

Hacktivists primarily seek financial gain from their activities.

False

DDoS attacks involve the overwhelming of a victim's systems to prevent access for legitimate users.

True

The technique known as doxing is aimed at protecting an individual's private information.

False

Nation-state actors conduct cyber operations primarily for social change.

False

Anonymous is a well-known group of hacktivists that targets organizations perceived as unethical.

True

Organized cybercrime groups aim to promote social justice through their activities.

False

Advanced persistent threats (APTs) are characterized by their inability to remain undetected for long periods.

False

Custom malware is less sophisticated than common phishing campaigns.

False

False flag attacks are designed to mislead investigators about the true origin of the attack.

True

Hacktivism includes activities that are generally accepted as ethical and lawful.

False

A security posture that is too complex can negatively impact business operations.

True

The attack surface refers to the various points where unauthorized users can gain access to a system.

True

Vhishing is a type of phishing specifically conducted through email communications.

False

Honeypots are real systems set up to attract potential attackers for the purpose of defense.

False

MAC address cloning is a method used to enhance network security by altering MAC addresses.

False

Baiting refers to leaving a malware-infected USB drive in a location where a target might find it.

True

Unsecure networks are significantly safer than secured networks when it comes to preventing attacks.

False

Bluetoothe-based exploits like BlueBorne allow attackers to take over devices without any user interaction.

True

Surveillance systems can only include video surveillance methods.

False

Access Control Vestibules are designed to allow both doors to open simultaneously.

False

Baiting involves leaving a malware-infected physical device in a place where it will not be found by a victim.

False

Typosquatting is a type of cyber attack that exploits common typographical errors in web addresses.

True

Whaling refers to phishing attacks targeting average employees within an organization.

False

Shoulder surfing can include using high-powered cameras to gather personal information from a distance.

True

Pretexting is a method where an attacker divulges personal information to manipulate the victim into providing more information.

True

Fear is not a motivational trigger used by social engineers to persuade individuals to comply with their requests.

False

Eavesdropping involves listening to private conversations without the consent of the involved parties.

True

Diversion theft involves creating a distraction to steal information rather than physical objects.

False

The primary difference between identity fraud and identity theft is that identity fraud solely involves the use of stolen credit card information.

False

Cleaning desks and desktops can help prevent dumpster diving attacks.

True

Study Notes

Backup and Ransomware Response

• Conduct regular backups of data to ensure recovery in case of incidents.
• Install software updates consistently to address security vulnerabilities.
• Provide security awareness training to users to enhance overall cybersecurity.
• Implement Multi-Factor Authentication (MFA) to add an extra layer of security.
• In case of a ransomware attack, never pay the ransom as it doesn’t ensure data recovery.
• Disconnect infected machines from the network to prevent further spread.
• Immediately notify authorities regarding the ransomware incident.
• Restore data from verified good backups to recover from the attack.

Zombies and Botnets

• A botnet is a network of compromised computers or devices controlled remotely by malicious actors.
• A "zombie" refers to an infected device that operates under the attacker's command without user consent.
• Nation-state actors pursue long-term strategic goals rather than financial profit.

Insider Threats

• Insider threats arise from individuals within the organization who misuse access to sensitive information.
• Types of insider threats include data theft, sabotage, and misuse of access privileges.
• Motivations for insider threats vary: financial gain, revenge, or carelessness.
• Mitigation strategies include:
  • Implementing zero-trust architecture.
  • Employing robust access controls.
  • Conducting regular audits.
  • Providing effective employee security awareness programs.

Shadow IT

• Shadow IT refers to the use of IT systems and services without explicit organizational approval.
• IT-related projects conducted outside of the IT department can create security vulnerabilities.
• Reasons for the existence of Shadow IT include employee convenience and a lack of awareness of policies.

Social Engineering

• Social engineering involves manipulative strategies that exploit human psychology for unauthorized system access.
• Common motivational triggers include familiarity, authority, scarcity, and urgency.
• Techniques used in social engineering:
  • Impersonation: Pretending to be someone else to gain access (e.g., brand impersonation).
  • Pretexting: Crafting a fake scenario to manipulate targets, often by mimicking trusted figures.

Types of Phishing Attacks

• Phishing: General attempts to obtain sensitive information through deceptive emails or communications.
• Vishing: Voice phishing typically conducted over the phone.
• Smishing: SMS phishing targeting mobile devices.
• Spear Phishing: Targeted phishing aimed at specific individuals or organizations.
• Whaling: Phishing attacks specifically targeting high-profile individuals (e.g., executives).
• Business Email Compromise (BEC): Fraudulent schemes targeting companies through compromised email accounts.

Frauds and Scams

• Frauds and scams involve deceptive practices aimed at tricking individuals into giving up money or valuable information.
• Training and awareness programs can help identify and reduce risks associated with frauds and scams.

Influence Campaigns

• Influence campaigns involve disseminating misinformation to impact public opinion, political decisions, or economic situations.### Other Social Engineering Attacks
• Diversion Theft: Manipulating situations or creating distractions to steal items or information.
• Hoaxes: Malicious deception spread through various communication channels; often paired with impersonation and phishing.
• Shoulder Surfing: Gathering personal information by looking over someone's shoulder, including using cameras for distant observation.
• Dumpster Diving: Searching through trash to find valuable information like discarded documents; mitigated by clean desk and desktop policies.
• Eavesdropping: Secretly listening to private conversations; prevention through data encryption in transit.
• Baiting: Leaving malware-infected devices (e.g., USB drives) for unsuspecting victims to use and inadvertently install malware.
• Piggybacking: An authorized person unknowingly allowing an unauthorized person into a secure area.
• Tailgating: An unauthorized individual follows an authorized person through a secure access point without detection.

Motivational Triggers

• Authority: People comply more with requests from those perceived as authority figures.
• Urgency: A sense of immediacy that prompts swift action or prioritization.
• Social Proof: Individuals look to others' behaviors to guide their own actions.
• Scarcity: Pressure arising from perceived limited availability of a product or opportunity.
• Likability: Attraction or common interests that encourage compliance.
• Fear: Threat-focused tactics warning victims of possible negative outcomes if they do not comply.

Impersonation

• General Impersonation: Adversaries assume another's identity to access unauthorized resources; relies on gathered personal information to establish trust.
• Brand Impersonation: Attackers impersonate legitimate brands using recognizable logos and language; mitigated by educating users and monitoring online presence.

Typosquatting

• Registration of domain names with common typographical errors to mislead users; countered by registering misspelled domains and user education.

Watering Hole Attacks

• Targeted attacks compromising websites frequented by specific targets; mitigated by regular updates, threat intelligence services, and advanced malware prevention.

Pretexting

• Providing seemingly credible information to extract more details from victims; mitigated through employee training on information sharing.

Phishing Attacks

• Phishing: Fraudulent emails impersonating reputable sources to steal sensitive information.
• Spear Phishing: Targeted phishing campaigns focused on specific individuals or organizations.
• Whaling: Spear phishing targeting high-profile individuals for greater potential rewards.
• Business Email Compromise (BEC): Using internal email accounts to deceive employees into malicious actions.
• Vishing: Voice phishing to extract personal information over the phone.
• Smishing: SMS phishing using text messages for deception.

Preventing Phishing Attacks

• Implementing training and awareness strategies to recognize phishing signs, including urgency, unusual requests, mismatched URLs, and strange email addresses.
• Key indicators include poor grammar, spelling errors, and the need for investigation if phishing emails are opened.

Fraud and Scams

• Fraud: Deceptive actions for financial gain, including identity fraud (using personal info without permission) and identity theft (assuming someone else's identity).
• Scams: Deceptive acts like invoice scams, where individuals are tricked into paying fake invoices.

Influence Campaigns

• Coordinated efforts to sway public perception or behavior; can spread misinformation (false information without harmful intent) and disinformation (deliberate deception).
• Both can undermine trust in institutions and influence social and political outcomes.### Authentication and Security Measures
• Adjusting sensitivity settings can enhance the False Rejection Rate (FRR).
• The Crossover Error Rate (CER) indicates an optimal balance between False Acceptance Rate (FAR) and FRR for effective authentication.

Electronic Lock Systems

• Some electronic door locks combine multiple factors, such as an identification number and fingerprint, to bolster security.
• Cipher locks are mechanical locking systems with numbered push buttons, requiring a specific sequence to unlock.
• Typically utilized in high-security environments, such as server rooms, to prevent unauthorized access.

Office Building Security

• Secure entry areas in office buildings frequently implement electronic access systems that employ badges and Personal Identification Numbers (PINs) for authentication.

Access Badge Cloning

• RFID (Radio Frequency Identification) and NFC (Near Field Communication) are widely used technologies for contactless authentication in various services.
• Access badge cloning involves copying data from an RFID or NFC card to another card or device.
• Attackers typically clone access badges by intercepting communication signals or using specialized equipment to extract data from the original badge.

CompTIA Security+ (SY0-701) Overview

• Intermediate-level IT certification focused on assessing enterprise security posture.
• Designed for IT professionals and those in cybersecurity, typically with A+ and Network+ certifications recommended.
• Course suitable for individuals with 1-2 years of hardware, software, and network experience.
• The certification exam covers five domains:
  • General Security Concepts (12%)
  • Threats, Vulnerabilities, and Mitigations (22%)
  • Security Architecture (18%)
  • Security Operations (28%)
  • Security Program Management and Oversight (20%)
• Exam format includes up to 90 questions to be answered in 90 minutes, applicable to multiple-choice and performance-based questions.
• Requires a passing score of 750 out of 900, with an exam fee covered by purchasing an exam voucher.

Cyber Threat Actors

Hacktivists

• Use technical skills to promote social causes instead of personal gain.
• Engaged in hacktivism, which involves hacking to advance political or social agendas.
• Utilize various techniques such as:
  • Website Defacement: An act of vandalism through electronic graffiti.
  • DDoS Attacks: Overwhelming networks to disrupt service for legitimate users.
  • Doxing: Publicly releasing personal information to harm individuals or organizations.
  • Data Leaks: Publishing sensitive information online.
• Motivated primarily by ideological beliefs; not financially driven.
• Prominent group: Anonymous, known for high-profile attacks against perceived unethical organizations.

Organized Crime

• Composed of syndicates conducting criminal activities in the digital landscape.
• Characterized by sophisticated structures and technical capabilities.
• Employ advanced techniques such as:
  • Custom Malware
  • Ransomware
  • Advanced Phishing Campaigns
• Engage in activities like data breaches, identity theft, online fraud, and ransomware attacks.
• Unlike hacktivists, motivation is profit-driven, potentially conducting operations for governments.

Nation-State Actors

• Sponsored by governments to execute cyber operations against other nations or entities.
• May conduct false flag attacks to mislead investigators and obscure true attribution.
• Possess advanced skills and resources for coordinated efforts, employing:
  • Custom malware
  • Zero-day exploits
  • Advanced persistent threats (APTs)
• APTs involve long-term stealthy operations to gain unauthorized access for data theft or monitoring without immediate damage.
• Motivation stems from national interests, potentially utilizing tactics similar to organized cybercrime for geopolitical objectives.### Security Posture and BYOD
• High or overly complex security postures can hinder business operations.
• Bring Your Own Devices (BYOD) allows employees to use personal devices for work tasks.

Threat Vectors and Attack Surfaces

• Threat Vector: The method used by attackers to access computers or networks.
• Attack Surface: All points where unauthorized users can enter or extract data.
  • Minimize through restricted access, removing unnecessary software, disabling unused protocols.
• Distinction: Threat vector is the "how" of an attack; attack surface is the "where."

Types of Threat Vectors

• Messages: Includes threats via email, SMS, or instant messaging, often through phishing to trick victims.
• Images: Malware can be hidden in image files.
• Files: Malicious documents disguised as legitimate files shared through email or file-sharing platforms.
• Voice Calls: Vishing uses voice calls to manipulate victims into revealing sensitive information.

Removable Devices

• Baiting: Leaving malware-infected USB drives in public places for targets to find.

Unsecure Networks

• Unsecured networks include vulnerable wireless, wired, and Bluetooth systems.
• Wireless networks can allow unauthorized access if not properly secured.
• Wired networks, while generally more secure, are still susceptible to physical attacks.
  • Notable vulnerabilities: MAC address cloning and VLAN hopping.
• Bluetooth Vulnerabilities:
  • BlueBorne: Exploits allowing malware spread without user interaction.
  • BlueSmack: Denial of Service attack targeting Bluetooth-enabled devices.

Deception and Disruption Technologies

• Employ technologies to mislead and divert attackers from valuable assets.
• Tactics, Techniques, and Procedures (TTPs): Patterns and behaviors associated with threat actors.
• Various methods include:
  • Honeypots: Decoys to attract hackers.
  • Honeynets: Networks of honeypots simulating entire systems.
  • Honeyfiles and Honeytokens: Decoy materials to lure or monitor attackers.

Security Strategies

• Disruption techniques:
  • Bogus DNS entries and decoy directories fool attackers.
  • Dynamic page generation counters scraping tools.
  • Port triggering hides network services until specific outbound traffic occurs.
  • Countering network scans with fake telemetry responses.

Physical Security

• Focuses on protecting physical assets - buildings, equipment, and personnel.
• Security Controls:
  • Fencing and Bollards: Physical barriers to control access and provide visual deterrence.
  • Bollards guard against vehicular access.
• Brute Force Attacks: Gaining access through forceful methods like ramming barriers and tampering.

Surveillance Systems

• Comprehensive strategy for monitoring and reporting incidents.
  • Components include video surveillance (motion detection, night vision), security guards, and environmental sensors.
• Categories of Sensors:
  • Infrared, pressure, microwave, and ultrasonic sensors detect environmental changes.

Bypassing Surveillance Systems

• Attackers may obstruct camera views or jam sensors.
• Techniques include visual obstruction (spraying cameras), blinding sensors with light, and exploiting environmental weaknesses.

Access Control Vestibules

• Double-door systems prevent tailgating and piggybacking.
• Differences:
  • Piggybacking involves consent; tailgating does not.### Sensitivity Adjustments and Error Rates
• Adjusting sensitivity settings in authentication systems can lead to an increase in False Rejection Rate (FRR).
• Crossover Error Rate (CER) represents the point where the False Acceptance Rate (FAR) equals the FRR, crucial for optimizing authentication effectiveness.

Security Measures in Electronic Locks

• Some electronic door locks enhance security by employing multiple factors, such as a combination of identification numbers and fingerprints.
• Cipher locks are mechanical locks utilizing numbered push buttons and a required combination to unlock, commonly found in secure areas like server rooms.
• Secure entry systems in office buildings often utilize electronic access with badges and Personal Identification Numbers (PINs) for verification.

Access Badge Cloning Techniques

• RFID (Radio Frequency Identification) and NFC (Near Field Communication) are leading technologies for contactless authentication used in a variety of applications.
• Access badge cloning involves duplicating the data from an RFID or NFC card onto another device or card.
• An attacker can clone an access badge by capturing the data stored on the original card, potentially compromising security.

Description

This quiz focuses on the concepts of sensitivity adjustment in relation to false rejection rate (FRR) and crossover error rate (CER) within the CompTIA Security+ framework. Evaluate your understanding of how these metrics affect authentication effectiveness.