CompTIA Security+ (SY0-701): Understanding Threats, Vulnerabilities, and Mitigations Literacy (Beginner Level)

  • 30m
  • 30 questions
The Understanding Threats, Vulnerabilities, and Mitigations Literacy (Beginner Level) benchmark measures your comprehensive understanding of the various types of threats and vulnerabilities that can compromise information security. You will be evaluated on your recognition of threat actors and vectors, types of malicious attacks, mitigation techniques, and vulnerability management methods. A learner who scores high on this benchmark demonstrates literacy in many areas of this domain with the knowledge and insights needed for conducting surveys of malicious activities and the corresponding mitigation techniques to prevent, detect, and respond to security incidents.

Topics covered

  • compare access controls, including access control lists (ACLs), network access control lists (NACLs), permissions, allow-lists, and cloud solution provider (CSP) security groups
  • compare application vulnerabilities including memory injection, buffer overflow, race conditions, time-of-check (TOC)/time-of-use (TOU), malicious updates, and zero days
  • compare cryptographic attacks like downgrade, collision, birthday, brute force, and side-channel
  • compare decommissioning and offboarding
  • compare malware attacks, including ransomware, trojan horses, remote access trojans (RATs), worms, viruses, spyware and bloatware, keyloggers, logic bombs, and rootkits
  • compare monitoring and visibility techniques for access controls
  • define configuration management and patch management
  • define mobile device vulnerabilities like side loading, jailbreaking, and rooting
  • define password attacks, including spraying, brute force, and wordlists
  • define physical attacks, such as brute force, radio-frequency identification (RFID) cloning, and environmental
  • define the least privilege and separation of duties principles
  • define threat actor motivations such as data exfiltration, espionage, service disruption, blackmail, financial gain, political beliefs, ethical, revenge, disruption/chaos, and war
  • describe hardening through encryption, endpoint detection and response (EDR), host intrusion detection system (HIDS)/host intrusion prevention system (HIPS), disabling ports/protocols, default password changes, and removal of unnecessary software
  • describe how encryption contributes to access control
  • describe network attacks, including denial-of-service (DoS)/distributed denial-of-service (DDoS), domain name system (DNS) attacks, wireless, on-path, credential replay, and malicious code
  • describe penetration testing and the penetration testing life cycle
  • describe segmentation and isolation techniques
  • describe various indicators of compromise like account lockout, concurrent session usage, blocked content, impossible travel, resource consumption, out-of-cycle logging, and missing logs
  • outline application vulnerability assessments, including static analysis, dynamic analysis, and package monitoring
  • outline common attack surfaces like removable devices, vulnerable software, client-based vs. agentless, unsupported systems and applications, unsecure networks, open service ports, and default credentials
  • outline concepts of vulnerability scanning, including accuracy confirmation
  • outline human vectors and social engineering including phishing, business email compromise, vishing, smishing, disinformation, impersonation, hoaxing, pretexting, brand impersonation, typosquatting, and watering hole
  • outline OS-based and web-based vulnerabilities such as misconfiguration, unpatched, outdated, SQLi, cross-site scripting (XSS), and request forgeries
  • outline supply chain vulnerabilities including managed service providers, vendors, suppliers, service providers, and hardware and software providers
  • outline the CSA list of cloud vulnerabilities
  • provide an overview of different application attacks, such as injection, buffer overflow, replay, privilege escalation, forgery, and directory traversal
  • provide an overview of various threat feeds, including open-source intelligence (OSINT), proprietary/third-party, information-sharing organizations, dark web, Common Vulnerability Scoring System (CVSS), and Common Vulnerability Enumeration (CVE)
  • provide an overview of vulnerability response and remediation, including topics like patching, insurance, segmentation, compensating controls, and exceptions and exemptions
  • recognize hardware and virtualization vulnerabilities including firmware, end-of-life, legacy issues, virtual machine escape, sprawl, and resource reuse
  • validate and report on remediation processes and procedures