Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CompTIA Security+ (SY0-501) Terms, Concepts, & Acronyms > Threats, Vulnerabilities & Attacks > Flashcards

Threats, Vulnerabilities & Attacks Flashcards

1
Q

ARP spoofing

A

A hacker sends fake ARP packets that link an attacker’s MAC address with an IP of a computer already on the LAN.

Common source of MitM attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

brute force attack

A

A type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack encrypted passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

fraggle attack

A

A DoS attack where the attacker sends spoofed UDP traffic to a router’s broadcast address intending for a large amount of UDP traffic to be returned to the target computer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

wireless disassociation attack

A

Attack where an attacker spoofs the MAC address of a wireless access point to force a target device to try and re­ associate with the WAP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

replay attack

A
  • Attacker replays data that was already part of an earlier communication session.
  • Third party captures data from a session between 2 parties with the intent of using it to impersonate one of the parties.
  • Attackers typically modifies the data before replaying it
  • Timestamps or sequence numbers thwart replay attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

web application attack

A

An application attack that focuses on those applications that run in web browsers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Trojan horse

A

A type of malware that hides itself on an infected system and can cause damage to a system or give an attacker a platform for monitoring and/or controlling a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

IM

A

Instant Messaging

A type of communication service which involves a private dialogue between two persons via instant text-based messages over the Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

armored virus

A

A virus that can conceal its location or otherwise render itself harder to detect by anti-malware programs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

session hijacking

A

A type of hijacking attack where the attacker exploits a legitimate computer session to obtain unauthorized access to an organization’s network or services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

evil twin

A

A wireless access point that deceives users into believing that it is a legitimate network access point

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

pass the hash attack

A

A network-based attack where the attacker steals hashed user credentials and uses them as­ is to try to authenticate to the same network the hashed credentials originated on

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

attack surface

A

The portion of a system or application that is exposed and available to attackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

rootkit

A

Type of malware that has system-level access to a computer

Often able to hide themselves from users and AV software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

amplification attack

A

A network-based attack where the attacker dramatically increases the bandwidth sent to a victim.

Used during a DDoS attack by implementing an amplification factor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

NTFS

A

New Technology File System

A proprietary journaling file system developed by Microsoft. Windows operating systems use NTFS for storing organizing and finding files on a hard disk efficiently.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

DDoS

A

Distributed Denial of Service

A network-based attack where an attacker hijacks or manipulates multiple computers (through the use of zombies or drones) on disparate networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

IV

A

Initialization Vector; A technique used in cryptography to generate random numbers to be used along with a secret key to provide data encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

SQL

A

Structured Query Language

A programming and query language common to many large scale database systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

race condition

A

A software vulnerability that can occur when the outcome from execution processes is directly dependent on the order and timing of certain events and those events fail to execute in the order and timing intended by the developer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

side-channel attack

A

An attack in which an attacker gleans information from the physical implementation of a cryptographic technique and uses that information to analyze and potentially break the implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

zero day vulnerability

A

A software vulnerability that a malicious user is able to exploit before the vulnerability is publicly known or known to the developers and before those developers have a chance to issue a fix

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

adaptive chosen ciphertext attack

A

A cryptographic attack where the attacker repeatedly encrypts a selected cipher text message and tries to find the matching plain text.

Each subsequent attack is based on the results of the previous attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

PTZ

A

Pan-Tilt-Zoom

A type of internet camera where the user can control the movement and position of the lens from a remote location using controls on an Internet browser or software application. Panning refers to horizontal movement of the lens where tilting describes vertical movement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
IDF
Intermediate Distribution Frame * A distribution frame in a central office or customer premises which cross connects the user cable media to individual user line circuits. * May serve as a distribution point for multipair cables from the main distribution frame (MDF) or combined distribution frame (CDF) to individual cables connected to equipment in areas remote from these frames.
26
chosen ciphertext attack
A cryptographic attack where the attacker analyzes a selected cipher text message and tries to find the matching plain text.
27
dictionary attack
A type of password attack that compares encrypted passwords against a predetermined list of possible password values
28
IR
Infrared Radiation Electromagnetic radiation (EMR) with wavelengths longer than those of visible light and is therefore invisible to the human eye.
29
POTS
Plain Old Telephone Service A voice-grade telephone service employing analog signal transmission over copper loops. It was the standard service offered until 1988 when it was replaced by ISDN (Integrated Services Digital Network).
30
social engineering
Any activity where the goal is to use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines
31
NFC
Near Field Communications A mobile device communication standard that operates at very short range often through physical contact
32
RFID
Radio Frequency Identifier * Technology that uses electromagnetic fields to automatically identify and track tags or chips * These are attached to objects and store information about those objects
33
GPU
Graphics Processing Unit A specialized processor originally designed to accelerate graphics rendering. GPUs can process many pieces of data simultaneously, making them useful for machine learning, video editing, and gaming applications.
34
OS
Operating System System software that manages computer hardware and software resources and provides common services for computer programs.
35
malicious actor
Sn entity that is partially or wholly responsible for an incident that affects or has the potential to affect an organization's security
36
XSS
Cross-Site Scripting A web application attack where the attacker takes advantage of scripting and input validation vulnerabilities in an interactive website to attack legitimate users.
37
DNS hijacking
A hijacking attack where an attacker sets up a rogue DNS server This rogue DNS server responds to legitimate requests with IP addresses for malicious or non-existent websites
38
clickjacking
A type of hijacking attack that forces a user to unintentionally click a link that is embedded in or hidden by other web page elements
39
black hat
A hacker who exposes vulnerabilities without organizational consent for financial gain or for some malicious purpose.
40
threat actor
An entity that is partially or wholly responsible for an incident that affects or has the potential to affec organization's security
41
shoulder surfing
A human-based attack where the goal is to look over the shoulder of an individual as he or she enters password information or a PIN
42
IP address spoofing
An attack in which an attacker sends IP packets from a false (or spoofed) source address to communicate with targets
43
IEEE
Institute of Electrical and Electronic Engineers A professional association of electrical and electronics engineers that develops industry standards for a variety of technologies.
44
DEP
Data Execution Prevention A security feature that prevents code from executing in memory regions marked as nonexecutable. It helps prevent damage from malware.
45
MFD
Multi-Function Device An office machine which incorporates the functionality of multiple devices in one so as to have a smaller footprint.
46
logging
The act of recording data about activity on a computer
47
backdoor attack
Attack where hackers install malware to bypass normal network security requirements Attack is designed to be subtle, and can be hidden within another type of software like a file converter, software update, or suggested download. Once installed, it’s common for backdoor attackers to remain undetected for as long as possible to spread throughout the network. Once detected, it can be hard to know if you truly have patched all of the areas a backdoor may have reached.
48
SDK
Software Development Kit Collection of software development tools in one installable package
49
hardware attack
An attack that targets a computer's physical components and peripherals including its hard disk motherboard keyboard network cabling or smart card reader and is designed to destroy hardware or acquire sensitive information stored on the hardware
50
driver manipulation
A software attack where the attacker rewrites or replaces the legitimate device driver or application programming interface (API) to enable malicious activity to be performed
51
passive reconnaissance
The process of collecting information about an intended target of a malicious hack without the target knowing what is occurring. This can include: * physical observation of an enterprise’s building * sorting through discarded computer equipment in an attempt to find equipment that contains data * dumpster diving for discarded paper with usernames and passwords * eavesdropping on employee conversations * researching the target through common Internet tools such as Whois * impersonating an employee in an attempt to collect information * packet sniffing Compare with **active reconaissance**.
52
spyware
Surreptitiously installed malware that is intended to track and report the usage of a target system or collect other data the attacker wishes to obtain
53
smishing
A human-based attack where the attacker extracts personal information by using SMS text messages
54
wardriving
* Act of searching for Wi-Fi networks, usually from a moving vehicle, using a laptop or smartphone * Software for wardriving is freely available on the internet * Warbiking, warcycling, warwalking and similar use the same approach but with other modes of transportation
55
watering hole attack
Attack in which an attacker targets a specific group discovers which websites that group frequents then injects those sites with malware so that visitors to the sites will become infected
56
hacker
Someone who excels at programming or managing and configucing computer systems or has the skills to gain access to computer systems through unauthorized or unapproved means
57
SEH
Structured Exception Handler * Extension built into code to handle any kind of errors that come up during the course of running the program * SEHs are part of a chain of error handling in a program * If exception gets through the chain without being handled, program typically crashes * SEH exploit overwrites the SEH and causes a buffer overflow
58
USB
Universal Serial Bus Industry standard that establishes specifications for cables and connectors and protocols for connection, communication and power supply (interfacing) between computers, peripherals and other computers.
59
backdoor
Type of malware that negates or bypasses normal authentication procedures to access a system. Can grant remote access to resources within an application, such as databases and file servers, giving perpetrators the ability to remotely issue system commands and update malware.
60
APT
Advanced Persistent Threat A stealthly threat actor that gains unauthorized access to a computer network and remains undetected for an extended period of time. Typically uses multiple attack vectors.
61
man-in-the-middle attack
A form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently
62
buffer overflow attack
Attack that exploits fixed data buffer sizes in a target piece of software by sending data that is too large for the buffer.
63
online brute force attack
A Cryptographic attack where the attacker tries to enter a succession of passwords using the same interface as the target user application
64
MOTD
Message of the Day A file on Unix-like systems that contains a message of the day used to send a common message to all users in a more efficient manner than sending them all an email message.
65
script kiddie
An inexperienced hacker with limited technical knowledge who relies on automated tools to hack
66
CSRF
Cross Site Request Forgery A web application attack that takes advantage of the trust established between an authorized user of a website and the website itself. AKA XSRF.
67
OSINT
Open Source Intelligence A methodology for collecting analyzing and making decisions about data from public sources such as media, public records, social media, industry publications. Threat actors often use OSINT to find a way in the door.
68
reconnaissance
A penetration testing technique where the tester tries to gather as much information as possible about the target(s)
69
SSD
Solid State Drive
70
DHE
Data-Handling Electronics Data Handling refers to the process of gathering, recording and presenting information in a way that is helpful to others - for instance, in graphs or charts.
71
UTP
Unshielded Twisted Pair A type of nework cable unshielded from electromagnetic interference.
72
privilege escalation
The practice of exploiting flaws in an operating system or other application to gain a greater level of access than was intended for the user or application
73
hijacking
A group of network-based attacks where an attacker gains control of the communication between two systems often masquerading as one of the entities
74
attacker
A term for users who gain unauthorized access or cause damage to computers and networks for malicious purposes.
75
OVAL
Open Vulnerability Assessment Language International information security community standard that: * Promotes open and publicly available security content * Standardizes the transfer of this information across the entire spectrum of security tools and services
76
cracker
A user who breaks encryption codes defeats software copy protections or specializes in breaking into systems
77
PBX
Private Branch Exchange A telephone exchange or switching system that serves a private organization Permits sharing of central office trunks between internally installed telephones Provides intercommunication between internal telephones within the organization without the use of external lines.
78
eavesdropping attack
Eavesdropping, also known as a network eavesdropping attack, sniffing attack, or snooping attack, is a method that retrieves user information through the internet. Targets electronic devices like computers and smartphones. Typically occurs when using unsecured networks, such as public wifi connections or shared electronic devices. Methods: * Keystroke logging * MitM attacks * Network sniffers
79
insider
Present and past employees contractors partners and any entity that has access to proprietary confidential information and whose actions result in compromised security
80
DNS poisoning
A network-based attack where an attacker exploits the traditionally open nature of the DNS system to redirect a domain name to an IP address of the attacker's choosing
81
spear phishing
An email-based or web-based form of phishing that targets a specific individual or organization
82
SQL injection
An attack that injects a database query into the input data directed at a server by accessing the client side of the application
83
DLL injection
An attack where malicious code is inserted into a running process on a Windows machine by taking advantage of Dynamic Link Libraries (DLL) that are loaded at runtime.
84
hacktivist
A hacker who gains unauthorized access to and causes disruption in a computer system in an attempt to achieve political or social change
85
attack
Any technique used to exploit a vulnerability in an application or physical computer system without the authorization to do so.
86
keylogger
A hardware device or software application that recognizes and records every keystroke made by a user
87
STP
Shielded Twisted Pair A type of nework cable shielded from electromagnetic interference.
88
source code
Collection of code, with or without comments, written using a programming language Access to source code enables a someone to change how a piece of software functions
89
ASLR
Address Space Layout Randomization A memory-protection process for operating systems that guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory.
90
warchalking
Attacker uses symbols to mark up a sidewalk or wall to indicate the presence and status of a nearby wireless network
91
LDAP injection attack
An application attack that targets web-based applications by fabricating LDAP statements that are typically created by user input
92
adaptive chosen plaintext attack
A cryptographic attack where the attacker repeatedly encrypts a selected plain text message and analyzes the resulting cipher-text to crack the cipher. Each subsequent attack is based on the results of the previous attack.
93
software attack
Any attack that targets software resources including operating systems applications services protocols and files
94
ransomware
Software that enables an attacker to take control of a user's system or data and to demand payment for return of that control
95
zombie
A computer that has been infected with malware and is being used by an attacker to mount an attack. Also called a bot
96
spoofing
A network-based attack where the goal is to pretend to be someone else for the purpose of identity concealment
97
downgrade attack
A cryptographic attack where the attacker exploits the need for backward compatibility to force a computer system to abandon the use of encrypted messages in favor of plaintext messages
98
memory leak
A software vulnerability that can occur when software does not release allocated memory when it is done using it potentially leading to system instability
99
ARP poisoning
After a successful ARP spoofing, the hacker changes the target's ARP table, so it contains falsified MAC entries, spreading the contagion.
100
P2P
Peer to Peer A distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged equipotent participants in the application. Vulnerable to drive-by software downloads and identity theft.
101
EMP
Electromagnetic Pulse A short burst of electrical interference caused by an abrupt and rapid acceleration of charged particles which can short-circuit and damage electronic components.
102
MAC address spoofing
An attack in which an attacker falsifies the factory-assigned MAC address of a device's network interface card (NIC) Attacker takes advantage of flawed h/w drivers or configuration changes to make the MAC address for a router or laptop match one already verified on a network Related: MAC flooding attacke
103
MTU
Maximum Transmission Unit Largest packet or frame size that can be sent in a packet- or frame-based network such as the internet. The internet's transmission control protocol (TCP) uses the MTU to determine the maximum size of each packet in any transmission.
104
known plaintext attack
Attack where the attacker has access to plaintext and the corresponding cipher-text and tries to derive the correlation between them
105
rainbow table attack
A type of password attack where an attacker uses a set of related plaintext passwords and their hashes to crack passwords
106
chosen plaintext attack
A cryptographic attack where the attacker encrypts a selected plain text message and analyzes the resulting cipher text to crack the cipher.
107
DNS spoofing
A network-based attack where an attacker exploits the traditionally open nature of the DNS system to redirect a domain name to an IP address of the attacker's choosing
108
SPIM
Spam over Internet Messaging May be more harmful that email Spam: * User is more likely to click on the link because it is real-time * Bypasses the enterprise AV and firewalls
109
banner grabbing
The act of collecting information about network hosts by examining text-based welcome screens or MOTDs that are displayed by some hosts.
110
dumpster diving
A human-based attack where the goal is to reclaim important information by inspecting the contents of trash containers\
111
sniffing attack
A network attack that uses a protocol analyzer to gain access to private communications on the network wire or across a wireless network
112
rogue access point
An unauthorized wireless access point on a corporate or private network that allows unauthorized individuals to connect to the network
113
jailbreaking
The process of removing software restrictions on an iOS device allowing the user to run apps not downloaded from the official App Store
114
malware
Malicious code such as viruses Trojans or worms which is designed to gain unauthorized access to make unauthorized use of or damage computer systems and networks
115
USB OTG
USB On-The-Go A cable used to connect mobile devices to other devices in a master/slave role. It is one of many methods that can be used to connect a mobile device to external media.
116
crypto-malware
A form of ransomware that uses encryption to render the victim's data inaccessible
117
EMI
Electromagnetic Interference A disruption of electrical current that occurs when a magnetic field around one electrical circuit interferes with the signal being carried on an adjacent circuit.
118
cookie manipulation
An application attack where an attacker injects a meta tag in an HTTP header making it possible to modify a cookie stored in a browser
119
malicious code
Undesired or unauthorized software that is placed into a target system to disrupt operations or to redirect system resources for the attacker's benefit
120
bluesnarfing
Unauthorized access to, or theft of information from a bluetooth device. Can access info like email, contact lists, calendars, and text messages Attackers use tools like: * hcitool * obexftp
121
cryptographic attack
A software attack that exploits weaknesses in cryptographic system elements such as code ciphers protocols and key management systems
122
XSRF (CSRF)
Cross-Site Request Forgery A web application attack that takes advantage of the trust established between an authorized user of a website and the website itself.
123
ANT
Proprietary open access multicast wireless sensor network technology similar to Bluetooth but consumes less energy Developed by ANT Wireless a division of Garmin Primarily used in sports and fitness sensors
124
pharming
An attack in which a request for a website typically an e-commerce site is redirected to a similar-looking but fake website
125
RAT
Remote Access Trojan Specialized Trojan horse that specifically aims to provide an attacker with unauthorized remote access to or control of a target computer
126
man-in-the-browser attack
A type of network-based attack that combines a man-in-the-middle attack with the use of a Trojan horse to intercept and modify web transactions in real time
127
RTBH
Remotely Triggered Black Hole * Filtering technique that provides the ability to drop undesirable traffic before it enters a protected network * Helps combat DDoS attacks
128
POODLE
Padding Oracle on Downgrade Legacy Encryption * A man-in-the-middle exploit which takes advantage of Internet and security software clients' fallback to SSL 3.0. * Another variant exploits cipher block chaining (CBC) encryption in TLS.
129
takeover attack
A type of software attack where an attacker gains access to a remote host and takes control of the system
130
domain hijacking
A type of hijacking attack where the attack.er steals a domain name by altering its registration information and then transferring the domain name to another entity. Sometimes referred to as brandjacking
131
MDF
Main Distribution Frame A signal distribution frame or cable rack used in telephony to interconnect and manage telecommunication wiring between itself and any number of intermediate distribution frames and cabling from the telephony network it supports.
132
typosquatting
An attack in which an attacker registers a domain name with a common misspelling of an existing domain so that a user who misspells a URL they enter into a browser is taken to the attacker's website
133
MBR
Master Boot Record Information in the first sector of any hard disk or diskette that identifies how and where an operating system is located so that it can be booted (loaded) into the computer's main storage or RAM.
134
port scanning attack
A network-based attack where an attacker scans computers and other devices to see which ports are listening in an attempt to find a way to gain unauthorized access
135
virus
A self-replicating piece of malicious code that spreads from computer to computer by attaching itself to different files
136
polymorphic malware
Malicious code that is designed to avoid detection by altering its decryption module each time it infects a new file
137
DoS
Denial of Service; A network-based attack where the attacker disables systems that provide network services by consuming a network link's available bandwidth consuming a single system's available resources or exploiting programming flaws in an application or operating system
138
data exfiltration
The process by which an attacker takes data that is stored inside of a private network and moves it to an external network
139
hybrid password attack
An attack that uses multiple attack methods including dictionary rainbow table and brute force attacks when trying to crack a password
140
adware
Software that automatically displays or downloads advertisements when it is used.
141
offline brute force attack
A cryptographic attack where the attacker steals the password and then tries to decode it by systematically guessing possible keystroke combinations that match the encrypted password
142
logic bomb
A piece of code that sits dormant on a target computer until it is triggered by the occurrence of specific conditions such as a specific date and time
143
URL hijacking
An attack in which an attacker registers a domain name with a common misspelling of an existing domain so that a user who misspells a URL they enter into a browser is taken to the attacker's website
144
vishing
A human-based attack where the attacker extracts information while speaking over the phone or leveraging IP­ based voice messaging services (VoIP).
145
threat
Any event or action that could potentially cause damage to an asset
146
brandjacking
An activity whereby someone acquires or assumes the online identity of another entity for to acquire their brand equity. Often targets politicians, celebrities or businesses
147
rogue system
An unknown or unrecognized device that is connected to a network often with malicious intent
148
ciphertext-only attack
A cryptographic attack where the attacker has access to the cipher text and tries to use frequency analysis or other methods to break the cipher
149
XML
Extensible Markup Language A widely adopted markup language used in many documents websites and web applications
150
bluejacking
Practice of sending unsolicited messages to nearby bluetooth devices. Messages are typically text but can also be images or sounds.
151
hoax
An email-based IM-based or web-based attack that is intended to trick the user into performing unnecessary or undesired actions such as deleting important system files in an attempt to remove a virus or sending money or important information via email or online forms
152
DLL
Dynamic Link Library Microsoft's implementation of the shared library concept in the Microsoft Windows and OS/2 operating systems. The files are executable like an .exe file.
153
tailgating
A human-based attack where an attacker enters a secure area by following a legitimate employee without the employee's knowledge or permission
154
worm
A self-replicating piece of malicious code that travels through a network Does not need user interaction to execute
155
Vector
The method that malware uses to propagate itself or infect a computer.
156
botnet
A group of infected computers that act as software robots and function together in a network, usually the internet, for malicious purposes.
157
active reconnaissance
Hacking or pentesting method used to collect information about a computer system or network Uses tools such as network and vulnerability scanners to gather information Engages targets and is almost always illegal
158
birthday attack
A birthday attack is a type of cryptographic attack that exploits the mathematics behind the birthday problem in probability theory. Attacker is able to create the same hash as a user's actual password (e.g., hash collision) Defense: increase number of bits used in hash
159
jamming
In wireless networking the phenomenon by which radio waves from other devices interfere with the 802.11 wireless signals used by computing devices and other network devices
160
client-side attack
Occurs when a user downloads malicious content
161
XML injection
Attack that injects corrupted XML query data so that an attacker can gain access to the XML data structure and input malicious code or read private data
162
network tap
A security control on network devices that creates a copy of network traffic to forward to a sensor or monitor like an IDS
163
phishing
A type of email-based social engineering attack in which the attacker sends email from a supposedly reputable source such as a bank to tty to elicit private information from the victim
164
OTA
Over the Air Refers to various methods of distributing new software configuration settings and even updating encryption keys to devices like mobile phones set-top boxes electric cars or secure voice communication equipment.
165
pivoting
A penetration testing technique where the tester compromises one central host (the pivot) that allows the tester to access other hosts that would otherwise be inaccessible
166
password attack
Any attack where the attacker tries to gain unauthorized access to and use of passwords
167
whaling
A form of spear phishing that targets particularly wealthy individuals or organizations
168
NIST
National Institute of Standards & Technology NIST is part of the U.S. Department of Commerce NIST includes the Information Technology Laboratory (ITL) that publishes monthly bulletins focusing on ITL’s research and collaborative activities in cybersecurity.
169
piggy backing
A human-based attack where an attacker enters a secure area by following a legitimate employee with the employee's knowledge or permission
170
frequency analysis
A cryptographic analysis technique where an attacker identifies repeated letters or groups of letters and compares them to how often they occur in plain-text in an attempt to fully or partially reveal the plain-text message

CompTIA Security+ (SY0-501) Terms, Concepts, & Acronyms (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions