Master ComptiaSecurity+ Threats Vulnerabilities Mitigations with our interactive study cards designed for effective learning. These flashcards use proven spaced repetition techniques to help you memorize key concepts, definitions, and facts. Perfect for students, professionals, and lifelong learners seeking to improve knowledge retention and ace exams through active recall practice.
Click any card to reveal the answer
Malicious software designed to damage disrupt or gain unauthorized access to systems
Malware that attaches to files and requires user action to execute and spread
Self-replicating malware that spreads automatically without user interaction
Malware disguised as legitimate software that creates backdoors for attackers
Malware that encrypts files and demands payment for decryption
Malware that secretly monitors and collects user information
Malware that provides privileged access while hiding its presence
Malicious code that executes when specific conditions are met
Hidden method for bypassing normal authentication to access a system
Remote Access Trojan - allows attackers to control systems remotely
Social engineering attack using fraudulent emails to steal credentials or information
Targeted phishing attack directed at specific individuals or organizations
Phishing attack specifically targeting high-level executives
Voice phishing using phone calls to trick victims
SMS/text message phishing attacks
Creating fabricated scenarios to manipulate victims into divulging information
Offering something enticing to lure victims into a trap
Following authorized personnel through secure doors without proper authentication
Observing someone's screen or keyboard to steal information
Searching through trash to find sensitive information
Distributed Denial of Service - overwhelming a system with traffic from multiple sources
Denial of Service - making a system unavailable to legitimate users
DoS attack exploiting TCP three-way handshake by sending multiple SYN requests
Corrupting DNS cache to redirect users to malicious sites
Sending fake ARP messages to associate attacker's MAC with legitimate IP address
Forging source IP addresses to hide identity or impersonate another system
Stealing or predicting session tokens to impersonate authenticated users
Intercepting communication between two parties without their knowledge
Inserting malicious SQL code into input fields to manipulate databases
Injecting malicious scripts into web pages viewed by other users
Forcing authenticated users to execute unwanted actions on web applications
Exploiting program by writing more data than buffer can hold
Gaining higher access rights than originally authorized
Previously unknown vulnerability with no available patch or fix
Attempting all possible password combinations until finding the correct one
Using list of common passwords and words to crack credentials
Trying common passwords against many accounts to avoid lockouts
Using stolen username/password pairs from one breach on other services
Capturing and retransmitting valid data to gain unauthorized access
Registering domains similar to legitimate sites to exploit typing errors
Compromising websites frequently visited by target victims
Security risk from people within the organization with legitimate access
Advanced Persistent Threat - sophisticated long-term targeted attack
Nation-state organized crime hacktivists script kiddies insider threats
Inexperienced attacker using existing tools without deep technical knowledge
Attacker motivated by political or social causes
Automated process of identifying security weaknesses in systems
Simulated attack to identify and exploit vulnerabilities in controlled manner
Process of acquiring testing and installing software updates to fix vulnerabilities
Layered security approach using multiple controls to protect assets
Users should have minimum access rights needed to perform their jobs
Remember: Use all available resources to study. Flearn alone cannot guarantee success in any exams—make sure to supplement your learning!