CompTIA+Security++(SY0-701)+Study+GuideCourseUdemy.pdf

Full Transcript

CompTIA Security+
(SY0-701) (Study Notes)

CompTIA Security+ (SY0-701)
Study Notes

Introduction

Introduction
○ CompTIA Security+ (SY0-701) certification is considered an intermediate level
information technology certification and an entry level cyber security certification that
focuses on your ability to assess the security posture of an enterprise environment
○ This certification is designed for information technology professionals or aspiring
cybersecurity professionals who have already earned their CompTIA A+ and Network+
certifications, but this is a recommendation from CompTIA and not a strict requirement
If you have the equivalent of 1-2 years of working with hardware, software, and
networks, then you will do fine in this course
○ This course is designed as a full textbook replacement, but if you would like to get a
textbook to study from as well, we recommend the official CompTIA Security+ Student
Guide available directly from CompTIA
○ CompTIA Security+ (SY0-701) certification exam consists of five domains or areas of
knowledge
12% of General Security Concepts
22% of Threats, Vulnerabilities, and Mitigations
18% of Security Architecture
28% of Security Operations

1
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

20% of Security Program Management and Oversight
○ When taking the CompTIA Security+ certification exam at the testing center or online
using the web proctoring service, you are going to have 90 minutes to answer up to 90
questions
You’re going to be answering multiple-choice questions, but you may get a few
multiple-select questions where they ask you to pick 2 or 3 correct answers for a
single question
You will also get a handful of performance-based questions
○ To pass the Security+ certification exam, you must score at least 750 points out of 900
on their 100 to 900 point scale
○ To take the exam, you do have to pay an exam fee to cover the cost of testing, and you
do that by buying an exam voucher
How do you sign up and schedule your exam?
CompTIA Store
○ You can do this by going to store.comptia.org and buying it from
their web store
○ The price does vary depending on which country you will be
taking your exam from since CompTIA uses region based pricing
Dion Training
○ You can go to diontraining.com/vouchers and purchase your
voucher directly from us, because we are a certified Platinum
Level CompTIA Delivery Partner
○ You’ll save an extra 10% or so off the regular CompTIA price
○ We’ll give you free access to our searchable video library as a
bonus for buying your voucher from us

2
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

○ 4 tips for success in this course
Turn on closed captioning
Control the playback speed
Join our FB or Discord group
facebook.com/groups/diontraining
diontraining.com/discord
Download and print the study guide

Exam Tips
○ There will be no trick questions
Always be on the lookout for distractors or red herrings
At least one of the four listed possible answer choices that are written to try and
distract you from the correct answer
○ Pay close attention to words in bold, italics, or all uppercase
○ Answer the questions based on CompTIA Security+ knowledge
In cybersecurity, there really is no 100% correct answers in the real world
because everything is situational
When in doubt, choose the answer that is correct for the highest number of
situations
○ Understand the key concepts of the test questions
○ Do not memorize the terms word for word, try to understand them instead

○ During the exam, the answers will be from multiple-choice style questions

3
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Fundamentals of Security
Objectives:
1.1 - Compare and contrast various types of security controls
1.2 - Summarize fundamental security concepts

Fundamentals of Security
○ Information Security
Protecting data and information from unauthorized access, modification,
disruption, disclosure, and destruction
○ Information Systems Security
Protecting the systems (e.g., computers, servers, network devices) that hold and
process critical data
○ CIA Triad
Confidentiality
Ensures information is accessible only to authorized personnel (e.g.,
encryption)
Integrity
Ensures data remains accurate and unaltered (e.g., checksums)
Availability
Ensures information and resources are accessible when needed (e.g.,
redundancy measures)
○ Non-Repudiation
Guarantees that an action or event cannot be denied by the involved parties
(e.g., digital signatures)

4
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

○ CIANA Pentagon
An extension of the CIA triad with the addition of non-repudiation and
authentication
○ Triple A’s of Security
Authentication
Verifying the identity of a user or system (e.g., password checks)
Authorization
Determining actions or resources an authenticated user can access (e.g.,
permissions)
Accounting
Tracking user activities and resource usage for audit or billing purposes
○ Security Control Categories
Technical
Managerial
Operational
Physical
○ Security Control Types
Preventative
Deterrent
Detective
Corrective
Compensating
Directive
○ Zero Trust Model
Operates on the principle that no one should be trusted by default

5
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

To achieve zero trust, we use the control plane and the data plane
Control Plane
○ Adaptive identity, threat scope reduction, policy-driven access
control, and secured zones
Data Plane
○ Subject/system, policy engine, policy administrator, and
establishing policy enforcement points

Threats and Vulnerabilities
○ Threat
Anything that could cause harm, loss, damage, or compromise to our information
technology systems
Can come from the following
Natural disasters
Cyber-attacks
Data integrity breaches
Disclosure of confidential information
○ Vulnerability
Any weakness in the system design or implementation
Come from internal factors like the following
Software bugs
Misconfigured software
Improperly protected network devices
Missing security patches
Lack of physical security

6
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

○ Where threats and vulnerabilities intersect, that is where the risk to your enterprise
systems and networks lies
If you have a threat, but there is no matching vulnerability to it, then you have no
risk
The same holds true that if you have a vulnerability but there’s no threat against
it, there would be no risk
○ Risk Management
Finding different ways to minimize the likelihood of an outcome and achieve the
desired outcome

Confidentiality
○ Confidentiality
Refers to the protection of information from unauthorized access and disclosure
Ensure that private or sensitive information is not available or disclosed to
unauthorized individuals, entities, or processes
○ Confidentiality is important for 3 main reasons
To protect personal privacy
To maintain a business advantage
To achieve regulatory compliance
○ To ensure confidentiality, we use five basic methods
Encryption
Process of converting data into a code to prevent unauthorized access
Access Controls
By setting up strong user permissions, you ensure that only authorized
personnel can access certain types data

7
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Data Masking
Method that involves obscuring specific data within a database to make it
inaccessible for unauthorized users while retaining the real data's
authenticity and use for authorized users
Physical Security Measures
Ensure confidentiality for both physical types of data, such as paper
records stored in a filing cabinet, and for digital information contained on
servers and workstations
Training and Awareness
Conduct regular training on the security awareness best practices that
employees can use to protect their organization’s sensitive data

Integrity
○ Integrity
Helps ensure that information and data remain accurate and unchanged from its
original state unless intentionally modified by an authorized individual
Verifies the accuracy and trustworthiness of data over the entire lifecycle
○ Integrity is important for three main reasons
To ensure data accuracy
To maintain trust
To ensure system operability
○ To help us maintain the integrity of our data, systems, and networks, we usually utilize
five methods
Hashing
Process of converting data into a fixed-size value

8
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Digital Signatures
Ensure both integrity and authenticity
Checksums
Method to verify the integrity of data during transmission

Access Controls
Ensure that only authorized individuals can modify data and this reduces
the risk of unintentional or malicious alterations
Regular Audits
Involve systematically reviewing logs and operations to ensure that only
authorized changes have been made, and any discrepancies are
immediately addressed

Availability
○ Availability
Ensure that information, systems, and resources are accessible and operational
when needed by authorized users
○ As cybersecurity professionals, we value availability since it can help us with the
following
Ensuring Business Continuity
Maintaining Customer Trust
Upholding an Organization's Reputation
○ To overcome the challenges associated with maintaining availability, the best strategy is
to use redundancy in your systems and network designs
Redundancy
Duplication of critical components or functions of a system with the

9
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

intention of enhancing its reliability
○ There are various types of redundancy you need to consider when designing your
systems and networks
Server Redundancy
Involves using multiple servers in a load balanced or failover configuration
so that if one is overloaded or fails, the other servers can take over the
load to continue supporting your end users
Data Redundancy
Involves storing data in multiple places
Network Redundancy
Ensures that if one network path fails, the data can travel through
another route
Power Redundancy
Involves using backup power sources, like generators and UPS systems

Non-repudiation
○ Non-repudiation
Focused on providing undeniable proof in the world of digital transactions
Security measure that ensures individuals or entities involved in a
communication or transaction cannot deny their participation or the authenticity
of their actions
○ Digital Signatures
Considered to be unique to each user who is operating within the digital domain
Created by first hashing a particular message or communication that you want to
digitally sign, and then it encrypts that hash digest with the user’s private key
using asymmetric encryption

10
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

○ Non-repudiation is important for three main reasons
To confirm the authenticity of digital transactions
To ensure the integrity of critical communications
To provide accountability in digital processes

Authentication
○ Authentication
Security measure that ensures individuals or entities are who they claim to be
during a communication or transaction
○ 5 commonly used authentication methods
Something you know (Knowledge Factor)
Relies on information that a user can recall
Something you have (Possession Factor)
Relies on the user presenting a physical item to authenticate themselves
Something you are (Inherence Factor)
Relies on the user providing a unique physical or behavioral characteristic
of the person to validate that they are who they claim to be
Something you do (Action Factor)
Relies on the user conducting a unique action to prove who they are
Somewhere you are (Location Factor)
Relies on the user being in a certain geographic location before access is
granted
○ Multi-Factor Authentication System (MFA)
Security process that requires users to provide multiple methods of identification
to verify their identity

11
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

○ Authentication is critical to understand because of the following
To prevent unauthorized access
To protect user data and privacy
To ensure that resources are accessed by valid users only

Authorization
○ Authorization
Pertains to the permissions and privileges granted to users or entities after they
have been authenticated
○ Authorization mechanisms are important to help us with the following
To protect sensitive data
To maintain the system integrity in our organizations
To create a more streamlined user experience

Accounting
○ Accounting
Security measure that ensures all user activities during a communication or
transaction are properly tracked and recorded
○ Your organization should use a robust accounting system so that you can create the
following
Create an audit trail
Provides a chronological record of all user activities that can be used to
trace changes, unauthorized access, or anomalies back to a source or
point in time
Maintain regulatory compliance
Maintains a comprehensive record of all users’ activities

12
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Conduct forensic analysis
Uses detailed accounting and event logs that can help cybersecurity
experts understand what happened, how it happened, and how to
prevent similar incidents from occurring again

Perform resource optimization
Organizations can optimize system performance and minimize costs by
tracking resource utilization and allocation decisions
Achieve user accountability
Thorough accounting system ensures users’ actions are monitored and
logged , deterring potential misuse and promoting adherence to the
organization’s policies
○ To perform accounting, we usually use different technologies like the following
Syslog Servers
Used to aggregate logs from various network devices and systems so that
system administrators can analyze them to detect patterns or anomalies
in the organization’s systems
Network Analysis Tools
Used to capture and analyze network traffic so that network
administrators can gain detailed insights into all the data moving within a
network
Security Information and Event Management (SIEM) Systems
Provides us with a real-time analysis of security alerts generated by
various hardware and software infrastructure in an organization

13
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Security Control Categories
○ 4 Broad Categories of Security Controls
Technical Controls
Technologies, hardware, and software mechanisms that are implemented
to manage and reduce risks

Managerial Controls
Sometimes also referred to as administrative controls
Involve the strategic planning and governance side of security
Operational Controls
Procedures and measures that are designed to protect data on a
day-to-day basis
Are mainly governed by internal processes and human actions
Physical Controls
Tangible, real-world measures taken to protect assets

Security Control Types
○ 6 Basic Types of Security Controls
Preventive Controls
Proactive measures implemented to thwart potential security threats or
breaches
Deterrent Controls
Discourage potential attackers by making the effort seem less appealing
or more challenging
Detective Controls
Monitor and alert organizations to malicious activities as they occur or

14
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

shortly thereafter
Corrective Controls
Mitigate any potential damage and restore our systems to their normal
state
Compensating Controls
Alternative measures that are implemented when primary security
controls are not feasible or effective
Directive Controls
Guide, inform, or mandate actions
Often rooted in policy or documentation and set the standards for
behavior within an organization

Gap Analysis
○ Gap Analysis
Process of evaluating the differences between an organization's current
performance and its desired performance
○ Conducting a gap analysis can be a valuable tool for organizations looking to improve
their operations, processes, performance, or overall security posture
○ There are several steps involved in conducting a gap analysis
Define the scope of the analysis
Gather data on the current state of the organization
Analyze the data to identify any areas where the organization's current
performance falls short of its desired performance
Develop a plan to bridge the gap

15
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

○ 2 Basic Types of Gap Analysis
Technical Gap Analysis
Involves evaluating an organization's current technical infrastructure
identifying any areas where it falls short of the technical capabilities
required to fully utilize their security solutions
Business Gap Analysis
Involves evaluating an organization's current business processes
Identifying any areas where they fall short of the capabilities required to
fully utilize cloud-based solutions
Plan of Action and Milestones (POA&M)
Outlines the specific measures to address each vulnerability
Allocate resources
Set up timelines for each remediation task that is needed

Zero Trust
○ Zero Trust demands verification for every device, user, and transaction within the
network, regardless of its origin
○ To create a zero trust architecture, we need to use two different planes
Control Plane
Refers to the overarching framework and set of components responsible
for defining, managing, and enforcing the policies related to user and
system access within an organization
Control Plane typically encompasses several key elements
○ Adaptive Identity
Relies on real-time validation that takes into account the
user's behavior, device, location, and more

16
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

○ Threat Scope Reduction
Limits the users’ access to only what they need for their
work tasks because this reduces the network’s potential
attack surface
Focused on minimizing the "blast radius" that could occur
in the event of a breach
○ Policy-Driven Access Control
Entails developing, managing, and enforcing user access
policies based on their roles and responsibilities
○ Secured Zones
Isolated environments within a network that are designed
to house sensitive data
Data Plane
Ensures the policies are properly executed
Data plane consists of the following
○ Subject/System
Refers to the individual or entity attempting to gain access
○ Policy Engine
Cross-references the access request with its predefined
policies
○ Policy Administrator
Used to establish and manage the access policies
○ Policy Enforcement Point
Where the decision to grant or deny access is actually
execute

17
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Threat Actors
Objectives:
1.2 - Summarize fundamental security concepts
2.1 - Compare and contrast common threat actors and motivations
2.2 - Explain common threat vectors and attack surfaces

Threat Actors
○ Threat Actor Motivations
Data Exfiltration
Blackmail
Espionage
Service Disruption
Financial Gain,
Philosophical/Political Beliefs
Ethical Reasons
Revenge
Disruption/Chaos
War
○ Threat Actor Attributes
Internal vs. External Threat Actors
Differences in resources and funding
Level of sophistication
○ Types of Threat Actors
Unskilled Attackers
Limited technical expertise, use readily available tools

18
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Hacktivists
Driven by political, social, or environmental ideologies
Organized Crime
Execute cyberattacks for financial gain (e.g., ransomware, identity theft)
Nation-state Actor
Highly skilled attackers sponsored by governments for cyber espionage or
warfare
Insider Threats
Security threats originating from within the organization
○ Shadow IT
IT systems, devices, software, or services managed without explicit organizational
approval
○ Threat Vectors and Attack Surfaces
Message-based
Image-based
File-based
Voice Calls
Removable Devices
Unsecured Networks
○ Deception and Disruption Technologies
Honeypots
Decoy systems to attract and deceive attackers
Honeynets
Network of decoy systems for observing complex attacks
Honeyfiles
Decoy files to detect unauthorized access or data breaches

19
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Honeytokens
Fake data to alert administrators when accessed or used

Threat Actor Motivations
○ There is a difference between the intent of the attack and the motivation that fuels that
attack
Threat Actors Intent
Specific objective or goal that a threat actor is aiming to achieve through
their attack
Threat Actors Motivation
Underlying reasons or driving forces that pushes a threat actor to carry
out their attack
○ Different motivations behind threat actors
Data Exfiltration
Unauthorized transfer of data from a computer
Financial Gain
Achieved through various means, such as ransomware attacks, or through
banking trojans that allow them to steal financial information in order to
gain unauthorized access into the victims' bank accounts
Blackmail
Attacker obtains sensitive or compromising information about an
individual or an organization and threatens to release this information to
the public unless certain demands are met
Service Disruption
Some threat actors aim to disrupt the services of various organizations,
either to cause chaos, make a political statement, or to demand a ransom

20
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Philosophical or Political Beliefs
Attacks that are conducted due to the philosophical or political beliefs of
the attackers is known as hacktivism
Common motivation for a specific type of threat actor known as a
hacktivist
Ethical Reasons
Contrary to malicious threat actors, ethical hackers, also known as
Authorized hackers, are motivated by a desire to improve security
Revenge
It can also be a motivation for a threat actor that wants to target an entity
that they believe has wronged them in some way
Disruption or Chaos
Creating and spreading malware to launching sophisticated cyberattacks
against the critical infrastructure in a populated city
Espionage
Spying on individuals, organizations, or nations to gather sensitive or
classified information
War
Cyber warfare can be used to disrupt a country's infrastructure,
compromise its national security, and to cause economic damage

Threat Actor Attributes
○ 2 Most Basic Attributes of a Threat Actor
Internal Threat Actors
Individuals or entities within an organization who pose a threat to its
security

21
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

External Threat Actors
Individuals or groups outside an organization who attempt to breach its
cybersecurity defenses
○ Resources and funding available to the specific threat actor
Tools, skills, and personnel at the disposal of a given threat actor
○ Level of sophistication and capability of the specific threat actor
Refers to their technical skill, the complexity of the tools and techniques they
use, and their ability to evade detection and countermeasures
In the world of cybersecurity, we usually classify the lowest skilled threat actors
as "script kiddies"
Script Kiddie
○ Individual with limited technical knowledge
○ use pre-made software or scripts to exploit computer systems and
networks
Nation-state actors, Advanced Persistent Threats and others have high levels of
sophistication and capabilities and possess advanced technical skills
Use sophisticated tools and techniques

Unskilled Attackers
○ Unskilled Attacker (Script Kiddie)
Individual who lacks the technical knowledge to develop their own hacking tools
or exploits
These low-skilled threat actors need to rely on scripts and programs that have
been developed by others
○ How do these unskilled attackers cause damage?
One way is to launch a DDoS attack

22
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

An unskilled attacker can simply enter in the IP address of the system they want
to target, and then click a button to launch an attacker against that target

Hacktivists
○ Hacktivists
Individuals or groups that use their technical skills to promote a cause or drive
social change instead of for personal gain
○ Hacktivism
Activities in which the use of hacking and other cyber techniques is used to
promote or advance a political or social cause
○ To accomplish their objectives, hacktivists use a wide range of techniques to achieve
their goals
Website Defacement
Form of electronic graffiti and is usually treated as an act of vandalism
Distributed Denial of Service (DDoS) Attacks
Attempting to overwhelm the victim's systems or networks so that they
cannot be accessed by the organization's legitimate users
Doxing
Involves the public release of private information about an individual or
organization

Leaking of Sensitive Data
Releasing sensitive data to the public at large over the internet
○ Hacktivists are primarily motivated by their ideological beliefs rather than trying to
achieve financial gains

23
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

○ Most well-known hacktivist groups is known as “Anonymous”
Anonymous
Loosely affiliated collective that has been involved in numerous
high-profile attacks over the years for targeting organizations that they
perceive as acting unethically or against the public interest at large

Organized Crime
○ Organized cybercrime groups are groups or syndicates that have banded together to
conduct criminal activities in the digital world
Sophisticated and well structured
Use resources and technical skills for illicit gain
○ In terms of their technical capabilities, organized crime groups possess a very high level
of technical capability and they often employ advanced hacking techniques and tools
Custom Malware
Ransomware
Sophisticated Phishing Campaigns
○ These criminal groups will engage in a variety of illicit activities to generate revenue for
their members
Data Breaches
Identity Theft
Online Fraud
Ransomware Attacks
○ Unlike hacktivists or nation state actors, organized cybercrime groups are not typically
driven by ideological or political objectives
These groups may be hired by other entities, including governments, to conduct
cyber operations and attacks on their behalf

24
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Money, not other motivations is the objective of their attacks even if the attack
takes place in the political sphere

Nation-state Actor
○ Nation-state Actor
Groups or individuals that are sponsored by a government to conduct cyber
operations against other nations, organizations, or individuals
○ Sometimes, these threat actors attempt what is known as a false flag attack
False Flag Attack
Attack that is orchestrated in such a way that it appears to originate from
a different source or group than the actual perpetrators, with the intent
to mislead investigators and attribute the attack to someone else
○ Nation-state actors possess advanced technical skills and extensive resources, and they
are capable of conducting complex, coordinated cyber operations that employ a variety
of techniques such as
Creating custom malware
Using zero-day exploits
Becoming an advanced persistent threats
○ Advanced Persistent Threat (APT)
Term that used to be used synonymously with a nation-state actor because of
their long-term persistence and stealth
A prolonged and targeted cyberattack in which an intruder gains unauthorized
access to a network and remains undetected for an extended period while trying
to steal data or monitor network activities rather than cause immediate damage
These advanced persistent threats are often sponsored by a nation-state or its
proxies, like organized cybercrime groups

25
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

○ What motivates a nation-state actor?
Nation-state actors are motivated to achieve their long-term strategic goals, and
they are not seeking financial gain

Insider Threats
○ Insider Threats
Cybersecurity threats that originate from within the organization
Will have varying levels of capabilities
○ Insider threats can take various forms
Data Theft
Sabotage
Misuse of access privileges
○ Each insider threat is driven by different motivations
Some are driven by financial gain and they want to profit from the sale of
sensitive organizational data to others
Some may be motivated by revenge and are aiming to harm the organization due
to some kind of perceived wrong levied against the insider
Some may take actions as a result of carelessness or a lack of awareness of
cybersecurity best practices
○ Remember
Insider threat refers to the potential risk posed by individuals within an
organization who have access to sensitive information and systems, and who may
misuse this access for malicious or unintended purposes
To mitigate the risk of an insider threat being successful, organizations should
implement the following
Zero-trust architecture

26
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Employ robust access controls
Conduct regular audits
Provide effective employee security awareness programs

Shadow IT
○ Shadow IT
Use of information technology systems, devices, software, applications, and
services without explicit organizational approval
IT-related projects that are managed outside of, and without the knowledge of,
the IT department
○ Why does Shadow IT exist?
An organization's security posture is actually set too high or is too complex for
business operations to occur without be negatively affected
○ Bring Your Own Devices (BYOD)
Involves the use of personal devices for work purposes

Threat Vectors and Attack Surfaces
○ Threat Vector
Means or pathway by which an attacker can gain unauthorized access to a
computer or network to deliver a malicious payload or carry out an unwanted
action
○ Attack Surface
Encompasses all the various points where an unauthorized user can try to enter
data to or extract data from an environment
Can be minimized by
Restricting Access

27
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Removing unnecessary software
Disabling unused protocols
○ Think of threat vector as the "how" of an attack, whereas the attack surface is the
"where" of the attack
○ Several different threat vectors that could be used to attack your enterprise networks
Messages
Message-based threat vectors include threats delivered via email, simple
message service (SMS text messaging), or other forms of instant
messaging
Phishing campaigns are commonly used as part of a message-based
threat vector when an attacker impersonates a trusted entity to trick its
victims into revealing their sensitive information to the attacker
Images
Image-based threat vectors involve the embedding of malicious code
inside of an image file by the threat actor
Files
The files, often disguised as legitimate documents or software, can be
transferred as email attachments, through file-sharing services, or hosted
on a malicious website
Voice Calls
Vhishing
○ Use of voice calls to trick victims into revealing their sensitive
information to an attacker

28
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Removable Devices
One common technique used with removable devices is known as baiting
○ Baiting
Attacker might leave a malware-infected USB drive in a
location where their target might find it, such as in the
parking lot or the lobby of the targeted organization
Unsecure Networks
Unsecure networks includes wireless, wired, and Bluetooth networks that
lack the appropriate security measures to protect these networks
If wireless networks are not properly secured, unauthorized individuals
can intercept the wireless communications or gain access to the network
Wired networks tend to be more secure than their wireless networks, but
they are still not immune to threats
○ Physical access to the network infrastructure can lead to various
attacks
MAC Address Cloning
VLAN Hopping
By exploiting vulnerabilities in the Bluetooth protocol, an attacker can
carry out their attacks using techniques like the BlueBorne or BlueSmack
exploits
○ BlueBorne
Set of vulnerabilities in Bluetooth technology that can
allow an attacker to take over devices, spread malware, or
even establish an on-path attack to intercept
communications without any user interaction

29
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

○ BlueSmack
Type of Denial of Service attack that targets
Bluetooth-enabled devices by sending a specially crafted
Logical Link Control and Adaptation Protocol packet to a
target device

Outsmarting Threat Actors
○ One of the most effective ways to learn from the different threat actors that are
attacking your network is to set up and utilize deception and disruption technologies
○ Tactics, Techniques, and Procedures (TTPs)
Specific methods and patterns of activities or behaviors associated with a
particular threat actor or group of threat actors
○ Deceptive and Disruption Technologies
Technologies designed to mislead, confuse, and divert attackers from critical
assets while simultaneously detecting and neutralizing threats
Honeypots
Decoy system or network set up to attract potential hackers
Honeynets
Network of honeypots to create a more complex system that is designed
to mimic an entire network of systems
○ Servers
○ Routers
○ Switches
Honeyfiles
Decoy file placed within a system to lure in potential attackers

30
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Honeytokens
Piece of data or a resource that has no legitimate value or use but is
monitored for access or use
○ Some disruption technologies and strategies to help secure our enterprise networks
Bogus DNS entries
Fake Domain Name System entries introduced into your system's DNS
server
Creating decoy directories
Fake folders and files placed within a system's storage
Dynamic page generation
Effective against automated scraping tools or bots trying to index or steal
content from your organization's website
Use of port triggering to hide services
Port Triggering
○ Security mechanism where specific services or ports on a network
device remain closed until a specific outbound traffic pattern is
detected
Spoofing fake telemetry data
When a system detects a network scan is being attempted by an attacker,
it can be configured to respond by sending out fake telemetry or network
data

31
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Physical Security
Objectives:
1.2 - Summarize fundamental security concepts
2.4 - Analyze indicators of malicious activity

Physical Security
○ Physical Security
Measures to protect tangible assets (buildings, equipment, people) from harm or
unauthorized access
○ Security Controls
Fencing and Bollards
Bollards
○ Short, sturdy vertical posts controlling or preventing vehicle access
Fences
○ Barriers made of posts and wire or boards to enclose or separate
areas
Brute Force Attacks
Forcible entry
Tampering with security devices
Confronting security personnel
Ramming a barrier with a vehicle
Surveillance Systems
An organized strategy to observe and report activities
Components
○ Video surveillance

32
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

○ Security guards
○ Lighting
○ Sensors
Access Control Vestibules
Double-door system electronically controlled to allow only one door open
at a time
Prevents piggybacking and tailgating
Door Locks
Padlocks
Pin and tumbler locks
Numeric locks
Wireless locks
Biometric locks
Cipher locks
Electronic access control systems
Access Badges
Use of Radio Frequency Identification (RFID) or Near Field
Communication (NFC) for access

Fencing and Bollards
○ Fencing and bollards stand out as some of the most primitive tools that are employed to
safeguard assets and people
○ Fence
Structure that encloses an area using interconnected panels or posts
In terms of physical security, fences serve several purposes
Provides a visual deterrent by defining a boundary that should not be

33
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

violated by unauthorized personnel
Establish a physical barrier against unauthorized entry
Effectively delay intruders which helps provide our security personnel a
longer window of time to react
○ Bollards
Robust, short vertical posts, typically made of steel or concrete, that are
designed to manage or redirect vehicular traffic
○ Fencing is considered to be more adaptable and well-suited for safeguarding large
perimeters around the entire building
○ Bollards are really designed to counter vehicular threats in a specific area instead

Attacking with Brute Force
○ Brute Force
Type of attack where access to a system is gained by simply trying all of the
possibilities until you break through
○ In terms of physically security, brute force focuses on the following
Forcible Entry
Act of gaining unauthorized access to a space by physically breaking or
bypassing its barriers, such as windows, doors, or fences
Use high-strength doors with deadbolt locks, metal frames, or a solid core
Tampering with security devices
Involves manipulating security devices to create new vulnerabilities that
can be exploited
To protect against tampering with security devices, have redundancy in
physical security measures

34
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Confronting security personnel
Involves the direct confrontation or attack of your organization's security
personnel
Security personnel should undergo rigorous conflict resolution and
self-defense training to mitigate risks
Ramming barriers with vehicles
Uses a car, truck, or other motorized vehicle to ram into the
organization's physical security barriers, such as a fence, a gate, or even
the side of your building
Install bollards or reinforced barriers to prevent vehicles from driving into
your facilities

Surveillance Systems
○ Surveillance System
Organized strategy or setup designed to observe and report activities in a given
area
○ Surveillance is often comprised of four main categories
Video Surveillance
Can include the following
○ Motion detection
○ Night vision
○ Facial recognition
Remote access
Provides real-time visual feedback
A wired solution security camera is physically cabled from the device back
to the central monitoring station

35
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

A wireless solution relies on Wi-Fi to send its signal back to the central
monitoring station
Pan-Tilt-Zoom (PTZ) System
○ Can move the camera or its angle to better detect issues during an
intrusion
Best places to have cameras
○ Data center
○ Telecommunications closets
○ Entrance or exit areas
Cameras should be configured to record what they’re observing
Security Guards
Flexible and adaptable forms of surveillance that organizations use
Helps to reassure your staff or your customers that they are safe
Lighting
Proper lighting is crucial for conducting effective surveillance using both
video and security guards
If you create well-lit areas, this can deter criminals, reduce shadows and
hiding spots, and enhance the quality of your video recordings
Sensors
Devices that detect and respond to external stimuli or changes in the
environment
There are four categories of sensors
○ Infrared Sensors
Detect changes in infrared radiation that is often emitted
by warm bodies like humans or animals

36
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

○ Pressure Sensors
Activated whenever a specified minimum amount of
weight is detected on the sensor that is embedded into the
floor or a mat
○ Microwave Sensors
Detect movement in an area by emitting microwave pulses
and measuring their reflection off moving objects
○ Ultrasonic Sensors
Measures the reflection of ultrasonic waves off moving
objects

Bypassing Surveillance Systems
○ Some of the different methods used by attackers to bypass your organization's
surveillance systems
Visual Obstruction
Blocking the camera’s line of sight
Can involve the following
○ spraying paint or foam onto the camera lens
○ placing a sticker or tape over the lens
○ positioning objects like balloons or umbrellas in front of the
camera to block its view
Blinding Sensors and Cameras
Involves overwhelming the sensor or camera with a sudden burst of light
to render it ineffective for a limited period of time
Interfering with Acoustics
Acoustic systems are designed to listen to the environment to detect if

37
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

someone is in the area or to eavesdrop on their conversations
Jamming or playing loud music to disrupt the microphone’s functionality
Interfering with Electromagnetic
Electromagnetic Interference (EMI)
○ Involves jamming the signals that surveillance system relies on to
monitor the environment
Attacking the Physical Environment
Exploit the environment around the surveillance equipment to
compromise their functionality
○ Physical tampering, like cutting wires or physically disabling devices, is an effective
strategy to bypass surveillance systems
○ Modern systems are equipped with countermeasures to help protect surveillance
systems

Access Control Vestibules
○ Access Control Vestibules
Double-door system that is designed with two doors that are electronically
controlled to ensure that only one door can be open at a given time
○ These access control vestibules can also help prevent piggybacking and tailgating
Piggybacking
Involves two people working together with one person who has
legitimate access intentionally allows another person who doesn't have
proper authorization to enter a secure area with them
Tailgating
Occurs whenever an unauthorized person closely follows someone
through the access control vestibule who has legitimate access into the

38
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

secure space without their knowledge or consent
The key difference between Piggybacking and Tailgating
Piggybacking uses social engineering to gain consent of the person with
legitimate access
Tailgating doesn’t use or obtain the consent of the person with legitimate
access.
○ Access control vestibules are usually integrated with electronic badges and operated by
a security guard at the entrance to a secure facility or office building
Badges contain
RFID (Radio-Frequency Identification)
NFC (Near-field Communication)
Magnetic strips
○ Security guards are often at access control vestibules because they provide
Visual deterrent
Assistance
Check identity
Response

Door Locks
○ Door Locks
Critical physical security control measure designed to restrict and regulate access
to specific spaces or properties, preventing unauthorized intrusions and
safeguarding sensitive data and individuals
○ Types of Door Locks
Traditional Padlocks
Easily defeated and offer minimal protection

39
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Basic Door Locks
Vulnerable to simple techniques like lock picking
Modern Electronic Door Locks
Utilize various authentication methods for enhanced security
Authentication Methods
○ Identification Numbers
Require entry of a unique code, providing a balance of
security and convenience
○ Wireless Signals
Utilize technologies like NFC, Wi-Fi, Bluetooth, or RFID for
unlocking
○ Biometrics
Rely on physical characteristics like fingerprints, retinal
scans, or facial recognition for authentication
Biometric Challenges
False Acceptance Rate (FAR)
○ Occurs when the system erroneously
authenticates an unauthorized user
○ Lower FAR by increasing scanner sensitivity
False Rejection Rate (FRR)
○ Denies access to an authorized user.
Adjusting sensitivity can increase FRR
Crossover Error Rate (CER)
○ A balance between FAR and FRR for optimal
authentication effectiveness

40
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

○ Some electronic door locks use multiple factors, such as an identification number and
fingerprint, to increase security
○ Cipher Locks
Mechanical locks with numbered push buttons, requiring a correct combination
to open
Commonly used in high-security areas like server rooms
○ Secure entry areas in office buildings, often using electronic access systems with badges
and PINs for authentication

Access Badge Cloning
○ Radio Frequency Identification (RFID) and Near Field Communication (NFC) are popular
technologies used for contactless authentication in various applications
○ Access Badge Cloning
Copying the data from an RFID or NFC card or badge onto another card or device
○ How does an attacker clone an access badge?
Step 1: Scanning
Scanning or reading the targeted individual’s access badge
Step 2: Data Extraction
Attackers extract the relevant authentication credentials from the card,
such as a unique identifier or a set of encrypted data
Step 3: Writing to a new card or device
Attacker will then transfers the extracted data onto a blank RFID or NFC
card or another compatible device
Step 4: Using the cloned access badge
Attackers gain unauthorized access to buildings, computer systems, or
even make payments using a cloned NFC-enabled credit card

41
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

○ Access badge cloning is common because of its
Ease of execution
Ability to be stealthy when conducting the attack
Potentially widespread use in compromising physical security
○ How can you stop access badge cloning?
Implement advanced encryption in your card-based authentication systems
Implement Multi-Factor Authentication (MFA)
Regularly update your security protocols
Educate your users
Implement the use of shielded wallets or sleeves with your RFID access badges

Monitor and audit your access logs

42
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Social Engineering

Objectives:
2.2 - Explain common threat vectors and attack surfaces
5.6 - Given a scenario, you must be able to implement security awareness practices

Social Engineering
○ Social Engineering
Manipulative strategy exploiting human psychology for unauthorized access to
systems, data, or physical spaces
○ Motivational Triggers
Used by Social Engineers
Familiarity and Likability
Consensus and Social Proof
Authority and Intimidation
Scarcity and Urgency
○ Social Engineering Techniques
Impersonation
Pretending to be someone else
Includes brand impersonation, typo-squatting, and watering hole attacks
Pretexting
Creating a fabricated scenario to manipulate targets
Impersonating trusted figures to gain trust

43
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

○ Types of Phishing Attacks
Phishing
Vishing
Smishing
Spear Phishing
Whaling
Business Email Compromise
○ Frauds and Scams
Deceptive practices to deceive people into parting with money or valuable
information
Identifying and training against frauds and scams
○ Influence Campaigns
Spreading misinformation and disinformation, impacting politics, economics, etc.
○ Other Social Engineering Attacks
Diversion Theft
Hoaxes
Shoulder Surfing
Dumpster Diving
Eavesdropping
Baiting
Piggybacking
Tailgating

44
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Motivational Triggers
○ Six main types of motivational triggers that social engineers use
Authority
Most people are willing to comply and do what you tell them to do if they
believe it is coming from somebody who is in a position of authority to
make that request
Urgency
Compelling sense of immediacy or time-sensitivity that drives individuals
to act swiftly or prioritize certain actions
Social Proof
Psychological phenomenon where individuals look to the behaviors and
actions of others to determine their own decisions or actions in similar
situations
Scarcity
Psychological pressure people feel when they believe a product,
opportunity, or resource is limited or in short supply
Likability
Most people want to interact with people they like, and social engineers
realize this
Can be
○ Sexual attraction
○ Pretending to be a friend
○ Common interest
Fear
These types of attacks generally are focused on "if you don't do what I tell
you, then this bad thing is going to happen to you”

45
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Impersonation
○ Four main forms of impersonation used by attackers
Impersonation
Attack where an adversary assumes the identity of another person to gain
unauthorized access to resources or steal sensitive data
Requires the attacker to collect information about the organization so
that they can more easily earn the trust of their targeted users
Attackers provide details to help make the lies and the impersonation
more believable to a potential victim
Consequences
○ Unauthorized access
○ Disruption of services
○ Complete system takeover
To mitigate against these types of attacks, organizations must provide
security awareness training to their employees on a regular basis so that
they remain vigilant against future attacks
Brand Impersonation
More specific form of impersonation where an attacker pretends to
represent a legitimate company or brand
Attackers use the brand’s logos, language, and information to create
deceptive communications or website
To protect against brand impersonation, organizations should do the
following
○ Educate their users about these types of threats
○ Use secure email gateways to filter out phishing emails

46
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

○ Regularly monitor their brand's online presence to detect any
fraudulent activities as soon as they occur
Typosquatting
Also known as URL hijacking or cybersquatting
Form of cyber attack where an attacker will register a domain name that
is similar to a popular website but contain some kind of common
typographical errors
To combat typosquatting, organizations will often do the following
○ Register common misspellings of their own domain names
○ Use services that monitor for similar domain registrations
○ Conduct user security awareness training to educate users about
the risks of typosquatting
Watering Hole Attacks
Targeted form of cyber attack where attackers compromise a specific
website or service that their target is known to use
The term is a metaphor for a naturally occurring phenomenon
○ In the world of cybersecurity, the "watering hole" the attacker
chooses to utilize will usually be a trusted website or online
service
To mitigate watering hole attacks, organizations should do the following
○ Keep their systems and software updated
○ Use threat intelligence services to stay informed about new
threats
○ Employ advanced malware detection and prevention tools

47
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Pretexting
○ Pretexting
Gives some amount of information that seems true so that the victim will give
more information
○ Mitigation involves training the employees not to fall for pretext and not to fill in the
gaps for people when they are calling

Phishing Attacks
○ Different Types of Phishing Attacks
Phishing
Sending fraudulent emails that appear to be from reputable sources with
the aim of convincing individuals to reveal personal information, such as
passwords and credit card numbers
Spear Phishing
More targeted form of phishing that is used by cybercriminals who are
more tightly focused on a specific group of individuals or organizations
Has a higher success rate
Whaling
Form of spear phishing that targets high-profile individuals, like CEOs or
CFOs
Attacker isn't trying to catch the little fish in an organization, but instead
they want to catch one of the executives, board members, or higher level
managers in the company since the rewards are potentially much greater
Often used as an initial step to compromise an executive’s account for
subsequent attacks within their organization

48
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Business Email Compromise (BEC)
Sophisticated type of phishing attack that usually targets businesses by
using one of their internal email accounts to get other employees to
perform some kind of malicious actions on behalf of the attacker
Taking over a legitimate business email accounts through social
engineering or cyber intrusion techniques to conduct unauthorized fund
transfers, redirect payments, or steal sensitive information
Vishing (Voice Phishing)
Attacker tricks their victims into sharing personal or financial information
over the phone
Smishing (SMS Phishing)
Involves the use of text messages to trick individuals into providing their
personal information

Preventing Phishing Attacks
○ By implementing the right strategies and providing user security awareness training, the
threat of a successful phishing campaign against your organization can be mitigated
effectively
○ Anti-phishing Campaign
Essential user security awareness training tool that can be used to educate
individuals about the risks of phishing and how to best identify potential phishing
attempts
Should offer remedial training for users who fell victim to simulated phishing
emails

49
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

○ To help prevent phishing your organization should regularly conduct user security
awareness training that contains coverage of the various phishing techniques
Phishing
Spear Phishing
Whaling
Business Email Compromise
Vishing
Smishing
Along with other relevant cyber threats and attacks that may affect your
organization
○ There are some commonly used key indicators that are associated with phishing attacks
Urgency
Phishing emails often create a sense of urgency by prompting the
recipient to act immediately
Unusual Requests
If your receive an email requesting sensitive information, such as
passwords or credit card numbers, you should treat these emails with a
lot of suspicion
Mismatched URLs
When you are looking at an HTML-based email, the words you are
reading are called the display text, but the underlying URL of the weblink
could be set to anything you want
To check if the text-based link matches the underlying URL, you should
always hover your mouse over the link in the email for a few seconds and
this will reveal the actual URL that the link is connected to

50
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Strange Email Addresses
If the real email address and the displayed email address don't match,
then the email should be treated as suspicious and possibly part of a
phishing campaign
Poor Spelling or Grammar
If an email has a lot of "broken English", poor grammar, or numerous
spelling errors, it is likely to be part of a phishing campaign
○ Mitigation
Training
Report suspicious messages to protect your organization from potential phishing
attacks
Analyze the threat
Inform all users about the threat
If the phishing email was opened, conduct a quick investigation and triage
the user’s system
An organization should revise its security measures for every success phishing
attack

Frauds and Scams
○ Fraud
Wrongful or criminal deception that is intended to result in financial or personal
gain for the attacker
One of the most common types of fraud that you will see online is known as
identity fraud or identity theft
Identity Fraud and Identity Theft
○ Involves the use of another person's personal information without

51
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

their authorization to commit a crime or to deceive or defraud
that other person or some other third party
Difference between identity fraud and identity theft
○ In identity fraud, the attacker takes the victim’s credit card
number and charges items to the card
○ In identity theft, the attacker tries to fully assume the identity of
their victim
○ Scams
Fraudulent or deceptive act or operation
Most common scam is called the invoice scam
Invoice Scam
○ In which a person is tricked into paying for a fake invoice for a
product or service that they did not actually order

Influence Campaigns
○ Influence Campaigns
Coordinated efforts to affect public perception or behavior towards a particular
cause, individual, or group
Are a powerful tool for shaping public opinion and behavior
Foster misinformation and disinformation
○ Misinformation
False or inaccurate information shared without harmful intent
○ Disinformation
Involves the deliberate creation and sharing of false information with the intent
to deceive or mislead
○ Remember, misinformation and disinformation can have serious consequences because

52
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

they can undermine public trust in institutions, fuel social divisions, and even influence
the outcomes of elections

Other Social Engineering Attacks
○ Some of the common other social engineering attacks
Diversion Theft
Involves manipulating a situation or creating a distraction to steal
valuable items or information
Hoaxes
Malicious deception that is often spread through social media, email, or
other communication channels
Often paired with phishing attacks and impersonation attacks
To prevent hoaxes people must fact check and use good critical thinking
skills
Shoulder Surfing
Involves looking over someone's shoulder to gather personal information
Includes the use of high powered cameras or closed-circuit television
cameras to steal information from a distance
To prevent shoulder surfing, users must be aware of their surroundings
when providing any sensitive information
Dumpster Diving
Involves searching through trash to find valuable information
Commonly used to find discarded documents containing personal or
corporate information
Use clean desk and clean desktop policies

53
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Eavesdropping
Involves the process of secretly listening to private conversations
perpetrator intercepts the communication of parties without their
knowledge
Prevent this by encrypting data in transit
Baiting
Involves leaving a malware-infected physical device, like a USB drive, in a
place where it will be found by a victim, who will then hopefully use the
device to unknowingly install malware on their organization's computer
system
To prevent baiting, train users to not use devices they find
Piggybacking and Tailgating
Involve an unauthorized person following an authorized person into a
secure area
Tailgating
○ Attacker attempts to follow an employee through an access
control vestibule or access control point without their knowledge
Piggybacking
○ Involves an attacker convincing an authorized employee to let
them into the facility by getting the authorized employee to swipe
their own access badge and allow the attacker inside the facility

54
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Malware
Objective 2.4: Given a scenario, analyze indicators of malicious activity

Malware
○ Malware
Malicious software designed to infiltrate computer systems and potentially
damage them without user consent
○ Categories
Viruses
Worms
Trojans
Ransomware
Spyware
Rootkits
Spam
○ Threat Vector vs. Attack Vector
Threat Vector
Method used to infiltrate a victim's machine
Examples
○ Unpatched software
○ USB drive installation
○ Phishing campaigns
Attack Vector
Means by which the attacker gains access and infects the system
Combines both infiltration method and infection process

55
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

○ Types of Malware Attacks
Viruses
Attach to clean files, spread, and corrupt host files
Worms
Standalone programs replicating and spreading to other computers
Trojans
Disguise as legitimate software, grant unauthorized access
Ransomware
Encrypts user data, demands ransom for decryption
Zombies and Botnets
Compromised computers remotely controlled in a network for malicious
purposes
Rootkits
Hide presence and activities on a computer, operate at the OS level
Backdoors and Logic Bombs
Backdoors allow unauthorized access, logic bombs execute malicious
actions
Keyloggers
Record keystrokes, capture passwords or sensitive information
Spyware and Bloatware
Spyware monitors and gathers user/system information, bloatware
consumes resources without value
○ Malware Techniques and Infection Vectors
Evolving from file-based tactics to modern fileless techniques
Multi-stage deployment, leveraging system tools, and obfuscation techniques

56
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

○ Indications of Malware Attack
Recognizing signs like the following
Account lockouts
Concurrent session utilization
Blocked content
Impossible travel
Resource consumption
Inaccessibility
Out-of-cycle logging
Missing logs
Documented attacks

Viruses
○ Computer Virus
Made up of malicious code that's run on a machine without the user's
knowledge and this allows the code to infect the computer whenever it has been
run
○ 10 Different Types of Viruses
Boot Sector
One that is stored in the first sector of a hard drive and is then loaded
into memory whenever the computer boots up
Macro
Form of code that allows a virus to be embedded inside another
document so that when that document is opened by the user, the virus is
executed

57
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

Program
Try to find executables or application files to infect with their malicious
code
Multipartite
Combination of a boot sector type virus and a program virus
Able to place itself in the boot sector and be loaded every time the
computer boots
It can install itself in a program where it can be run every time the
computer starts up
Encrypted
Designed to hide itself from being detected by encrypting its malicious
code or payloads to avoid detection by any antivirus software
Polymorphic
Advanced version of an encrypted virus, but instead of just encrypting the
contents it will actually change the viruses code each time it is executed
by altering the decryption module in order for it to evade detection
Metamorphic
Able to rewrite themselves entirely before it attempts to infect a given file
Stealth
Technique used to prevent the virus from being detected by the anti-virus
software
Armored
Have a layer of protection to confuse a program or a person who's trying
to analyze it
Hoax
Form of technical social engineering that attempts to scare our end users

58
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

into taking some kind of undesirable action on their system

Worms
○ Worm
Piece of malicious software, much like a virus, but it can replicate itself without
any user interaction
Able to self-replicate and spread throughout your network without a user's
consent or their action

○ Worms are dangerous for two reasons
Infect your workstation and other computing assets
Cause disruptions to your normal network traffic since they are constantly trying
to replicate and spread themselves across the network
○ Worms are best known for spreading far and wide over the internet in a relative short
amount of time

Trojans
○ Trojan
Piece of malicious software that is disguised as a piece of harmless or desirable
software
Claims that it will perform some needed or desired function for you
○ Remote Access Trojan (RAT)
Widely used by modern attackers because it provides the attacker with remote
control of a victim machine
○ Trojans are commonly used today by attackers to exploit a vulnerability in your
workstation and then conducting data exfiltration to steal your sensitive documents,

59
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

creating backdoors to maintain persistence on your systems, and other malicious
activities

Ransomware
○ Ransomware
Type of malicious software that is designed to block access to a computer system
or its data by encrypting it until a ransom is paid to the attacker
○ How can we protect ourselves and our organizations against ransomware?
Always conduct regular backups
Install software updates regularly
Provide security awareness training to your users
Implement Multi-Factor Authentication (MFA)
○ What should you do if you find yourself or your organization as the victim of a
ransomware attack?
Never pay the ransom
Paying the ransom doesn't actually guarantee that you will ever get your
data back
If you suspect ransomware has infected your machine, you should disconnect it
from the network
Notify the authorities
Restore your data and systems from known good backups

Zombies and Botnets
○ Botnet
Network of compromised computers or devices controlled remotely by malicious
actors

60
https://www.DionTraining.com
 CompTIA Security+
(SY0-701) (Study Notes)

○ Zombie
Name of a compromised computer or device that is part of a botnet
Used to perform tasks using remote commands from the attacker without the
user's knowl