Security+ Certification/Threats and Vulnerabilities

= Threats and Vulnerabilities=

Analyze and differentiate among types of malware

 * Adware
 * Virus
 * Worms
 * Spyware


 * Trojan
 * Rootkits
 * Backdoors
 * Logic bomb
 * Botnets

Analyze and differentiate among types of attacks

 * Man-in-the-middle
 * DDoS
 * DoS
 * Replay
 * Smurf attack
 * Spoofing
 * Spam
 * Phishing
 * Spim


 * Vishing
 * Spear phishing
 * Xmas attack
 * Pharming
 * Privilege escalation
 * Malicious insider threat
 * DNS poisoning and ARP poisoning
 * Transitive access (video Transitive and Client Side Attacks)
 * Client-side attacks
 * Whaling

Analyze and differentiate among types of social engineering attacks

 * Shoulder surfing
 * Dumpster diving
 * Tailgating
 * Impersonation (video Impersonation)


 * Hoaxes
 * Whaling (video Whaling)
 * Vishing

Analyze and differentiate among types of wireless attacks

 * Rogue access points
 * Interference (video Wireless Interference)
 * Evil twin
 * War driving
 * Bluejacking


 * Bluesnarfing
 * War chalking
 * IV attack
 * Packet sniffing (video Wireless Packet Analysis)

Analyze and differentiate among types of application attacks

 * Cross-site scripting
 * SQL injection (video SQL, XML and LDAP Injection)
 * LDAP injection
 * XML injection
 * Directory traversal/Command injection (video Directory Traversal and Command Injection)
 * Buffer overflow


 * Zero day
 * Cookies and attachments (video Cookies, Header Manipulation and Session Hijacking)
 * Malicious add-ons (video Malicious add-ons)
 * Session hijacking
 * Header manipulation