1.0 Threats, Attacks, and Vulnerabilities-4

Social Engineering, Physical, and Password
Attacks  dives into the human side of information
security. Social engineering focuses on how individuals respond
to various techniques like authority, intimidation, and trust, and
how those responses can be leveraged by both attackers and
penetration testers. You'll explore seven foundational principles
of social engineering and a variety of social engineering and
influence campaign techniques. Next, you'll dig into password
attacks such as brute-force attacks, dictionary attacks, and
password spraying. Finally, you'll learn how physical attacks are
conducted and how they can impact an organization

Domain 1.0: Threats, Attacks, and Vulnerabilities
1.6. Explain the security concerns associated with various
types of vulnerabilities.

 IT-ACS-4
Demonstrate how to analyze and react to various threats and vulnerabilities.
4.1 Analyze and differentiate among types of network attacks (e.g., virus, worms,
trojans, unpatched software, password cracking, advanced persistent threats, etc.).
4.2 Distinguish between different social engineering attacks (e.g., baiting, phishing/spear
phishing, pretexting/ blagging, tailgating, quid pro quo, etc.).
4.3 Distinguish between reconnaissance/footprinting, infiltration, network breach, network
exploitation, and attack for effects (e.g., deceive, disrupt, degrade, and destroy).
4.4 Demonstrate an understanding of DoS/DDoS, session hijacking, HTTP spoofing,
DNS attacks, switch attacks, man-in-the-middle (MITM) attacks, and cross site
scripting, and drive-by-attacks.