Welcome to Cyber Very Video, Siri's and Comedy A Security Plus 5 +01 Certification and example.
I'm your Instructor, Rahm Warner.
Please visit Cyberia Diet For more information on the security plus certification and many others,
this is the introductory video for domain one on threats, attacks and vulnerabilities.
This domain is worth 21% on the security plus exam.
The first domain deals with basic need of every information security professional, being able to recognize and understand the different sources of threats, types of attacks and vulnerabilities that maybe seeing on systems. And that may be exploited.
For instance, given a scenario which will here quite often throughout security Plus,
given a scenario, candidates must be ableto to analyze indicators of compromise
IOC and determine the types of malware.
Is it a virus is a Trojan? Is it a were? Is it ransomware ready to encrypt company data and asked for Bitcoin?
Or maybe it's an insider that created a logic bomb designed to wipe out files of here. She is terminated from the company.
Or did the employees or seven malicious insider deploy a rat remote Access Trojan so here she could still have access to the corporate network. Even after termination,
you must also know how to compare and contrast types of attacks from the many different tactics of social engineering, fishing, spear, phishing, whaling, vision, tailgating and person nation.
The application serviced attacks such as Dawson DDOS, denial of service
men and middle attacks, buffer overflows, injection, cross site scripting or common Web attacks. You may also encounter privilege escalation, wireless attacks like replay evil, twin rogue access point jamming
and cryptographic attacks such as birthday, no plain text, safer tax, rainbow tables, dictionary, brute force, collision replay and weak implementations.
It is also necessary to be able to explain concepts such as threat actor types and attributes. What is the difference between organized crime and activism?
How can nation state be a threat?
Other questions include what level of sophistication should you expect from and what are the differences in motivations behind insiders and external attacks? You are also expected to know the key concepts of penetration testing, including various approaches. Black box gray box, white box
tactics, active reconnaissance, passive reconnaissance, escalation of privilege and so forth associated with pen testing. Other concepts in this domain, including explaining vulnerability scanning types of vulnerabilities, such as race conditions improper and put an error handling
untrained users. Memory, buffer overflows, architecture, design weaknesses,
new threats, euro day threats, improper certificates and key management.
There are six sections in domain one, but you see listed on your screen.
We'll have multiple videos to discuss each of these sections.
Use your study material as you're watching these videos to further learn about each of these concepts. Get as much hands on practice as you can as well. This wall help you as you study for the security plus exam and as you work to become a security professional.