Get Certified Get Ahead

Search Site

Our goal is to help you Get Certified and Get Ahead in your career and your life. If you want to get certified, you’ll find that many of the free blog posts on this site can help you.

 

List of recent posts.

Security+ SY0-501 Study Guide Now Availalbe

Security+ SY0-401 Study Guide

Number1

Key Security+ blog posts

A listing of over 100 blog posts on the Security+exam. Posts are organized into categories such as:

 

Get Certified Get Ahead

Network+

Key Network+ blog posts

Links to blog posts on the Network+ exam organized by topic similar to the Security+ blog link page.

Network+ N10-006 Practice Test Questions

Pass the Network+ Exam (N10-006) The First Time You Take It

At  $277, this exam is expensive.

Make sure you're ready before exam day!

Full bank of at least 293* realistic multiple choice practice test questions with in-depth explanations to help you pass the Network+ exam the first time you take it. This set also includes several performance-based questions.

 Network+ Study Materials

30 Day Package60 Day Package
Full bank of more than 293* N10-006 Network+ practice test questions.All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.CheckCheck
Performance-based QuestionsSeveral sets of performance-based questions. Question types include drag and drop, matching, and sorting type questions. See a demo here.checksmchecksm

Bonus #1

Flashcard Set
  • 200 Network+ Flashcards to reinforce key testable concepts
  • View in random and non-random modes.
checksm

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet
checksm

Get the Network+ Study Materials Here

All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect. This way no matter how CompTIA words the questions, you'll be able to answer them correctly.Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation.
  • Test mode. In test mode, you can only see the correct answers and explanations after you complete the test.
This package allows you to go through the practice test questions in multiple ways based on how you learn best.
  • Domain 1 through 5** using Learn Mode
  • Domain 1 through 5 using Test Mode (Randomized)
  • The full bank of test questions using Learn Mode
  • The full bank of questions using Test Mode (Randomized)

Test your readiness with these quality questions

Understand the important important concepts using the explanations

 Network+ Study Materials

30 Day Package60 Day Package
Full bank of more than 293* N10-006 Network+ practice test questions.All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.CheckCheck
Performance-based QuestionsSeveral sets of performance-based questions. Question types include drag and drop, matching, and sorting type questions. See a demo here.checksmchecksm

Bonus #1

Flashcard Set
  • 200 Network+ Flashcards to reinforce key testable concepts
  • View in random and non-random modes.
checksm

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet
checksm

Get the Network+ Study Materials Here

Package includes several sets of performance-based questions.Two sets are simulated performance-based questions.Another set includes multiple performance-based questions using drag and drop capabilities. I love the way these new questions work. Check out a demo here.

You don't need to spend a fortune to get quality practice test questions

If you're like most people, you've already spent money on one or more Network+ books or courses. Now you need to ensure you understand the concepts and how they are tested. You can pay $100 or more for practice test questions, but you don't need to.

The set of practice test questions will give you a view of typical multiple choice questions you can expect to see on the live exam.

Get Certified Get Ahead with Network+ Practice Test Questions

 Network+ Study Materials

30 Day Package60 Day Package
Full bank of more than 293* N10-006 Network+ practice test questions.All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.CheckCheck
Performance-based QuestionsSeveral sets of performance-based questions. Question types include drag and drop, matching, and sorting type questions. See a demo here.checksmchecksm

Bonus #1

Flashcard Set
  • 200 Network+ Flashcards to reinforce key testable concepts
  • View in random and non-random modes.
checksm

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet
checksm

Get the Network+ Study Materials Here

Beware of questions that do not include explanations - many people have identified errors in these and even when there aren't errors, these types of questions encourage you to memorize answers instead of understanding the underlying concepts.* Don't you hate those little asterisks. Normally they mean "forget what you just read, it's not really true." Not so here though. The bank starts with 293 multiple choice practice test questions, but I'm still adding to them. There will be more.** CompTIA identified five domains of objectives for the CompTIA Network+ exam. They are:
  • 1.0 Networking Architecture
  • 2.0 Network Operations
  • 3.0 Network Security
  • 4.0 Troubleshooting
  • 5.0 Industry Standards, Practices, and Network Theory



Security+ Full Access Package

Get Certified Get Ahead Security+

Pass the First Time!

Up-to-date Content

New multiple-choice and performance-based questions added regularly

Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.

Buy The Full Access Study Package Today

60 Days Access For Only $55.98

Need more time? You can easily renew for another 60 days at a significantly reduced price.

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. They can also be used to help ensure you're ready no matter what study guide you're using.

This exam is expensive.

Make sure you're ready before exam day. 

Here's what you'll get:
  • All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. See a demo here. All questions have full explanations so you'll know why the correct answers are correct and why the incorrect answers are incorrect.
  • Over 35 new multiple-choice questions we've added after publishing the study guide.
  • Over 70 performance-based questions. See a demo here.
  • All of the flashcards from the study guide. View them in any Web browser.
  • All of the audio from the study guide. Listen to a sample here.
  • A subnetting mini-tutorial to help you answer key question types in the Security+ exam.
  • Access to a free discount code for 10% off your Security+ voucher. Save $31.10 off the US retail cost for this voucher.

Buy The Full Access Study Package Today

60 Days Access For Only $55.98

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Recent Posts

  • Understanding Email Attacks

    Understanding Email Attacks

    If you’re planning to take the  SY0-401 version or the SY0-501 version of the Security+ exam, you should have a basic understanding of various attacks including email attacks. For example, can you answer this question? Q. The CEO of a company recently received …
  • How to Interpret Security+ Questions

    How to Interpret Security+ Questions

    If you’re planning to take the SY0-401 or the SY0-501 Security+ exam, you probably want to know how to interpret Security+ questions. Especially if you want to pass. As an example, see if you can answer this question. A coffee shop recently …
  • Understanding Database Concepts

    Understanding Database Concepts

    If you’re planning to take the SY0-501 Security+ exam, you should have a basic understanding of database concepts and several of the secure coding techniques and attacks that apply directly to databases. For example, can you answer this question? Q. Database administrators …
  • Understanding IDSs and IPSs

    Understanding IDSs and IPSs

    If you’re planning to take the SY0-401 or the SY0-501 Security+ exam, you should have a basic understanding of how to analyze and interpret output from security technologies such as IDSs and IPSs. For example, can you answer this question? Q. A …
  • CompTIA Stackable Certifications

    CompTIA Stackable Certifications

    Have you heard about CompTIAs new stackable certifications? If you’ve earned more than a couple of CompTIA certifications, you may already have one of them. As an example, if you an A+ and Network+ certification, you now also have the …
  • Switch Security and Security+

    Switch Security and Security+

    If you’re planning to take the  SY0-401 version or the SY0-501 version of the Security+ exam, you should have a basic understanding of secure network administration principles, including deploying switches securely. For example, can you answer this question? Q. Your organization has several …
  • CompTIA Recertification Exam (RC0-501)

    CompTIA Recertification Exam (RC0-501)

    Have you heard about CompTIAs recertification exams* (such as the RC0-501 for the Security+ certification). Not many people have. It is similar to the older “bridge” exam that CompTIA implemented for some certifications. The objectives PDF* includes this paragraph: “The …
  • Tax Season Brings Heightened Phishing Risk

    Tax Season Brings Heightened Phishing Risk

    Tax scammers are ready to pounce. Are you ready? The Internal Revenue Service (IRS) and United States Computer Emergency Readiness Team (US-CERT) have recently published some posts about some common tax-related scams. These five pages were published during the National …
  • Testing Security Controls

    Testing Security Controls

    If you’re planning to take the SY0-401 or the SY0-501 Security+ exam, you should have a basic understanding of technologies available for testing security controls. For example, can you answer this question? Q. You want to test new security controls before deploying …
  • Using Biometrics for Authentication

    Using Biometrics for Authentication

    If you’re planning to take the SY0-401 version or the SY0-501 version of the Security+ exam, you should have a basic understanding of how systems and users provide credentials to verify their identity. This includes using biometrics for authentication. For …
  • Holiday Scams and Malware Campaigns

    Holiday Scams and Malware Campaigns

    I love the holiday season from Thanksgiving to New Years. For me, it’s a time of relaxation, rejuvenation, and recreation with family and friends. Unfortunately, the criminals love the holiday season too. You can fully expect them to continue to …
  • Identifying Malware

    Identifying Malware

    Malware is one of the greatest threats to an organization. It’s common for an advanced persistent threat to use malware to gain a foothold in a single computer and then pivot to other computers in a network. Because of this, …
  • Should I Take 401 or 501 Security+ Exam?

    Should I Take 401 or 501 Security+ Exam?

    If you’re planning to take the Security+ exam, you might be wondering if you should take the SY0-401 or SY0-501 Security+ exam. I’m starting to get queries asking which one to take. As an example, here’s a snippet of a …
  • Protecting Management Interfaces & Applications

    Protecting Management Interfaces & Applications

    If you’re planning to take the Security+ exam, you should have a good understanding of appropriate solutions to establish host security. This includes operating system and application hardening that protects management interfaces and applications. For example, can you answer this question? …
  • Recognizing Email Attacks

    Recognizing Email Attacks

    If you’re planning to take the SY0-401 or the SY0-501 Security+ exam, you should have a basic understanding of various types of attacks. This includes attacks such as phishing, spear phishing, whaling, and vishing. For example, can you answer this question? Q. A …

Now Available
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Number1Amazon

Understanding Email Attacks

Posted by on January 22 in Security+ | 0 comments

If you’re planning to take the  SY0-401 version or the SY0-501 version of the Security+ exam, you should have a basic understanding of various attacks including email attacks.

For example, can you answer this question?

Q. The CEO of a company recently received an email. The email indicates that her company is being sued and names her specifically as a defendant in the lawsuit. It includes an attachment and the email describes the attachment as a subpoena. Which of the following BEST describes the social engineering principle used by the sender in this scenario?

A. Whaling

B. Phishing

C. Consensus

D. Authority

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

Attackers have been increasingly using email to launch attacks. One of the reasons is because they’ve been so successful. Many people don’t understand how dangerous a simple email can be for the entire organization. Without understanding the danger, they often click a link within a malicious email, which gives attackers access to an entire network. Email attacks include spam, phishing, spear phishing, and whaling.

Security+ Practice Test Questions

SYO-501 Practice Test Questions Now Available

SYO-401 Practice Test Questions

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

 SYO-401 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SYO-501 Practice Test Questions

One Click Lets Them In

It’s worth stressing that it only takes one click by an uneducated user to give an attacker almost unlimited access to an organization’s network. Consider the figure. It outlines the process APTs have used to launch attacks.

Understanding Email Attacks

Steps in an attack

Note that the attacker (located in the attacker space) can be located anywhere in the world, and only needs access to the Internet. The neutral space might be servers owned and operated by the attackers. They might be in the same country as attackers, or they might be in another country. In some cases, the attackers use servers owned by others, but controlled by the attackers, such as servers in a botnet. The victim space is the internal network of the target. Refer to figure as you read the following steps in an attack:

1. The attacker uses open-source intelligence to identify a target. Some typical sources are social media sites and news outlets. Other times, attackers use social engineering tactics via phone calls and emails to get information on the organization or individuals employed by the organization.

2. Next, the attacker crafts a spear phishing email with a malicious link. The email might include links to malware hosted on another site and encourage the user to click the link. In some cases, this link can activate a drive-by download that installs itself on the user’s computer without the user’s knowledge. Cozy Bear (APT 29) used this technique and at least one targeted individual clicked the link. Similarly, criminals commonly use this technique to download ransomware onto a user’s computer. In other cases, the email might indicate that the user’s password has expired and the user needs to change the password or all access will be suspended.  Fancy Bear (APT 28) used a similar technique.

3. The attacker sends the spear phishing email to the recipient from a server in the neutral space. This email includes a malicious link and uses words designed to trick the user into clicking it.

4. If the user clicks on the link, it takes the user to a web site that looks legitimate. This web site might attempt a drive-by download, or it might mimic a legitimate web site and encourage the user to enter a username and password.

5. If the malicious link tricked the user into entering credentials, the web site sends the information back to the attacker. If the malicious link installed malware on the user’s system, such as a RAT, the attacker uses it to collect information on the user’s computer (including the user’s credentials, once discovered) and sends it back to the attacker.

CompTIA Security+ Study Guide

The 401 Version of the Study Guide

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

Are you looking for SYO-501 Study Guide?

The 501 Version of the Study Guide is Now Available. Click Here.

6. The attacker uses the credentials to access targeted systems. In many cases, the attacker uses the infected computer to scan the network for vulnerabilities.

7. The attacker installs malware on the targeted systems.

8. This malware examines all the available data on these systems, such as emails and files on computers and servers.

9. The malware gathers all data of interest and typically divides it into encrypted chunks.

10. These encrypted chunks are exfiltrated out of the network and back to the attacker. Privilege escalation occurs when a user or process accesses elevated rights and permissions. Combined, rights and permissions are privileges. When attackers first compromise a system, they often have minimal privileges. However, privilege escalation tactics allow them to get more and more privileges. The recipient shown in Figure 6.1 might have minimal privileges, but malware will use various privilege escalation techniques to gain more and more privileges on the user’s computer and within the user’s network.

Get Certified Get Ahead

If users are logged on with administrative privileges, it makes it much easier for the malware to gain control of the user’s system and within the network. This is one of the reasons organizations require administrators to have two accounts. Administrators use one account for regular use and one for administrative use. The only time they would log on with the administrator account is when they are performing administrative work. This reduces the time the administrative account is in use, and makes it more difficult for the malware to use privilege escalation techniques.

Insider Threats

Do you know what many experts are referring to as the biggest cybersecurity threat?

Insiders.

This isn’t insiders intentionally stealing data.

Instead, it’s insiders making the same mistakes over and over such as clicking on links that install malware on their systems, or providing their passwords via fake pages that prompt them to change their password.

Do users in your organization know the best security practices and comply with them?


Full Security+ (SY0-401) Course

Full Security+ Course Now Available

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the Full Security+ Course Here

 Full Security+ Course Now Available


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the Full Security+ Course Here

Q. The CEO of a company recently received an email. The email indicates that her company is being sued and names her specifically as a defendant in the lawsuit. It includes an attachment and the email describes the attachment as a Which of the following BEST describes the social engineering principle used by the sender in this scenario?

A. Whaling

B. Phishing

C. Consensus

D. Authority

Answer is D. The sender is using the social engineering principle of authority in this A chief executive officer (CEO) would respect legal authorities and might be more inclined to open an attachment from such an authority.

While the scenario describes whaling, a specific type of phishing attack, whaling and phishing are attacks, not social engineering principles.

The social engineering principle of consensus attempts to show that other people like a product, but this is unrelated to this scenario.

See Chapter 6 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide for more information on threats, vulnerabilities, and common attacks.

 


If you’re studying for the SY0-501 version of the exam, check out the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide.

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2015 Get Certified Get Ahead. All Rights Reserved.