100%(2)2 out of 2 people found this document helpful
This preview shows page 8 - 11 out of 23 pages.
The CompTIA Security+ Certification Exam Objectives are subject to change without notice. 2.8 Summarize risk management best practices. •Business continuity concepts oBusiness impact analysis oIdentification of critical systems and components oRemoving single points of failure oBusiness continuity planning and testing oRisk assessment oContinuity of operations oDisaster recovery oIT contingency planning oSuccession planning oHigh availability oRedundancy oTabletop exercises •Fault toleranceoHardwareoRAIDoClusteringoLoad balancingoServers•Disaster recovery conceptsoBackup plans/policiesoBackup execution/frequencyoCold siteoHot siteoWarm site2.9 Given a scenario, select the appropriate control to meet the goals of security. •Confidentiality oEncryption oAccess controls oSteganography •Integrity oHashing oDigital signatures oCertificates oNon-repudiation •Availability oRedundancy oFault tolerance oPatching •Safety oFencing oLighting oLocks oCCTV oEscape plans oDrills oEscape routes oTesting controls3.0 Threats and Vulnerabilities 3.1 Explain types of malware.
CompTIA Security+ Certification Exam Objectives v. 6 9 of 23Copyright 2013 by the Computing Technology Industry Association. All rights reserved. The CompTIA Security+ Certification Exam Objectives are subject to change without notice. •Adware •Virus •Spyware •Trojan •Rootkits •Backdoors •Logic bomb •Botnets •Ransomware •Polymorphic malware •Armored virus 3.2 Summarize various types of attacks. •Man-in-the-middle •DDoS •DoS •Replay •Smurf attack •Spoofing •Spam •Phishing •Spim •Vishing •Spear phishing •Xmas attack •Pharming •Privilege escalation •Malicious insider threat •DNS poisoning and ARP poisoning •Transitive access •Client-side attacks •Password attacks oBrute force oDictionary attacks oHybrid oBirthday attacks oRainbow tables •Typo squatting/URL hijacking •Watering hole attack 3.3 Summarize social engineering attacks and the associated effectiveness with each attack. •Shoulder surfing•Dumpster diving •Tailgating •Impersonation •Hoaxes •Whaling •Vishing •Principles (reasons for effectiveness) oAuthority oIntimidation oConsensus/Social proof
CompTIA Security+ Certification Exam Objectives v. 6 10 of 23Copyright 2013 by the Computing Technology Industry Association. All rights reserved. The CompTIA Security+ Certification Exam Objectives are subject to change without notice. oScarcity oUrgency oFamiliarity/liking oTrust 3.4 Explain types of wireless attacks. •Rogue access points •Jamming/Interference •Evil twin •War driving •Bluejacking •Bluesnarfing •War chalking •IV attack •Packet sniffing •Near field communication •Replay attacks •WEP/WPA attacks •WPS attacks 3.5 Explain types of application attacks.