Understanding malware classification
Understanding this isn’t required for the CompTIA Security+ exam, meaning that we’re going beyond the scope of this exam for a few minutes, but I…
Tag: CompTIA Security+
Incident response process
There’s been a security incident in your organization. What do you do? Panic? No ;)! You follow an incident response process. In this article, we’re…
Network Access Control (NAC)
In our course, we talk about Zero Trust and how it’s an approach that believes in continuously checking access and policy violations, even within internal…
Modes of operation
We talked about ciphers and block ciphers in the prior post. A block cipher on its own would only ever encrypt a single block of…
Cipher Suites
When you’re using symmetric encryption you can use what’s known as either a stream cipher or a block cipher. They both ultimately encrypt your data,…
Request forgeries (CSRF, XSRF, SSRF)
In 2020, CheckPoint Research announced multiple vulnerabilities in the popular social media application named TikTok. One of the found vulnerabilities allowed an attacker to delete…
Directory / Path Traversal
Just like you have directories on your PC, laptop, and mobile phones, web servers also have directories. For example, if you were to purchase web…
Answers to Performance-Based Questions (PBQs) | Security+ 601
This post contains the answers and explanations to our free Performance-Based Questions (PBQs) that we specifically designed to prepare you to take and pass the…
Exercise types (red/blue/white/purple teams)
We’ve talked about how we can use vulnerability scans, penetration tests, and bug bounties to find vulnerabilities in our systems. Another approach you may have…
Disaster Recovery with BCP, COOP, and DRP
For the CompTIA Security+ exam, you need to be familiar with three terms that are related to disaster recovery: What do each of these terms…