CompTIA Security+ Types of Attacks: Free Practice Questions + Study Guide
In This Guide
Malware Types
Malware (malicious software) is any software intentionally designed to cause damage, gain unauthorized access, or disrupt systems. Understanding the distinctions between malware types is critical for the Security+ exam, as questions often present a scenario and ask you to identify the type of malware involved.
| Malware Type | Self-Replicating? | User Interaction? | Key Characteristic |
|---|---|---|---|
| Virus | Yes | Required (host file) | Attaches to legitimate files; activates when file is executed |
| Worm | Yes | Not required | Spreads autonomously across networks by exploiting vulnerabilities |
| Trojan | No | Required | Disguises itself as legitimate software; creates backdoors |
| Ransomware | Varies | Varies | Encrypts files and demands payment for decryption key |
| Rootkit | No | Required | Hides deep in the OS to maintain persistent, undetected access |
| Spyware | No | Varies | Secretly monitors user activity and collects data |
| Keylogger | No | Varies | Records keystrokes to capture credentials and sensitive input |
| Fileless malware | No | Varies | Operates entirely in memory; leaves no files on disk |
| RAT | No | Required | Remote Access Trojan; provides attacker full remote control |
Network Attacks
Network attacks target the infrastructure that connects systems. Understanding these attacks and their indicators is essential for both the Security+ exam and real-world security operations.
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks aim to make a service unavailable by overwhelming it with traffic or exploiting resource limitations:
- SYN flood - sends thousands of TCP SYN packets without completing the three-way handshake, exhausting the server's connection table
- Amplification attacks - exploits protocols like DNS or NTP where a small request generates a much larger response, directed at the victim via IP spoofing
- DDoS - coordinates DoS attacks from many compromised systems (botnet), making them far harder to mitigate
On-path attacks (formerly known as man-in-the-middle) involve an attacker positioning themselves between two communicating parties to intercept or alter traffic:
- ARP spoofing/poisoning - sends falsified ARP messages to associate the attacker's MAC address with a legitimate IP address on the local network
- DNS poisoning - corrupts the DNS cache to redirect domain name lookups to malicious IP addresses
- Evil twin - a rogue wireless access point configured to mimic a legitimate network, tricking users into connecting through the attacker's AP
Application Attacks
Application-layer attacks exploit vulnerabilities in software - particularly web applications. These attacks target flaws in how applications process user input, making secure coding practices and input validation critical defenses.
Injection attacks insert malicious code or commands into application inputs:
- SQL injection (SQLi) - inserts malicious SQL statements into input fields to manipulate database queries, potentially exposing or modifying all stored data
- Command injection - injects operating system commands through application inputs to execute arbitrary commands on the server
Cross-site scripting (XSS) injects malicious scripts into web pages viewed by other users. Three main types exist:
- Stored (persistent) XSS - malicious script is permanently stored on the target server (e.g., in a database) and served to every user who views the affected page
- Reflected XSS - malicious script is embedded in a URL and reflected off the server in error messages or search results; requires the victim to click a crafted link
- DOM-based XSS - exploits client-side JavaScript to modify the page's DOM, executing the attack entirely in the browser without server involvement
Other critical application attacks include:
- Cross-site request forgery (CSRF) - forces an authenticated user's browser to send forged requests to a vulnerable application, performing actions without the user's knowledge
- Buffer overflow - sends more data than a buffer can hold, overwriting adjacent memory and potentially executing arbitrary code
- Directory traversal - uses sequences like
../to access files outside the intended directory, potentially exposing sensitive system files
Password Attacks
Password attacks attempt to recover or bypass authentication credentials. As the Security+ exam emphasizes, understanding these attack methods is essential for implementing proper defenses like account lockout policies, MFA, and strong hashing algorithms.
- Brute force - systematically tries every possible character combination until the correct password is found; effective against short or simple passwords but extremely time-consuming for complex ones
- Dictionary attack - uses a precompiled list of common passwords and words rather than trying all combinations; faster than brute force but limited to known passwords
- Rainbow table attack - uses precomputed hash-to-password lookup tables to quickly reverse password hashes; defeated by salting (adding random data to each password before hashing)
- Credential stuffing - takes username/password pairs leaked from one data breach and tries them against other services, exploiting password reuse across sites
- Password spraying - tries a small number of commonly used passwords (e.g., "Password1!", "Summer2026!") against many accounts simultaneously, avoiding account lockout thresholds
Get the Complete Security+ Study Guide
When you purchase a Security+ practice exam, you get full access to our comprehensive study guides covering every exam topic in depth - not just the free samples here.
Want to go deeper?
CompTIA Security+ Attack Types Practice Questions
Test your understanding with these 5 expert-created questions. Each includes a detailed explanation to reinforce your learning.
Ready for More?
You've just covered Types of Attacks. Here's how to keep preparing for your CompTIA Security+:
Frequently Asked Questions
Are attack types heavily tested on the Security+ exam?
Yes, attack types are among the most heavily tested topics on the CompTIA Security+ SY0-701 exam. Domain 2 (Threats, Vulnerabilities, and Mitigations) accounts for 22% of the exam and directly covers attack types. Additionally, Domain 1 (General Security Concepts) at 12% and Domain 4 (Security Operations) at 28% also include scenario-based questions involving attack identification and response. Expect a significant number of performance-based and multiple-choice questions requiring you to identify, classify, and mitigate various attacks.
What is the difference between a virus and a worm?
The key difference is how they spread. A virus requires user interaction to propagate - it attaches itself to a legitimate file or program and only executes when the host file is opened or run. A worm, on the other hand, is self-replicating and can spread across networks automatically without any user interaction, typically by exploiting software vulnerabilities. Worms tend to cause more widespread damage more quickly because they don't depend on human action to propagate.
How can I protect against phishing attacks?
Protecting against phishing requires a layered approach: implement email filtering and anti-spam solutions, deploy DMARC/DKIM/SPF email authentication protocols, conduct regular security awareness training for employees, use multi-factor authentication (MFA) so stolen credentials alone are insufficient, enable URL filtering and web proxies to block known malicious domains, and establish clear procedures for verifying unusual requests (especially financial ones). No single control is sufficient - defense in depth is essential.
What Security+ domains cover attacks and threats?
Attacks and threats are primarily covered in Domain 2: Threats, Vulnerabilities, and Mitigations (22% of the SY0-701 exam). This domain explicitly covers threat actors, attack vectors, social engineering, malware types, network attacks, application attacks, and indicator analysis. However, attacks also appear across Domain 1: General Security Concepts (12%), Domain 3: Security Architecture (18%), and Domain 4: Security Operations (28%), particularly in scenario-based questions where you must identify and respond to attacks in context.
Social Engineering Attacks
Social engineering is the art of manipulating people into divulging confidential information or performing actions that compromise security. Rather than exploiting technical vulnerabilities, social engineering targets the human element - often the weakest link in any security chain. These attacks are heavily tested on the Security+ SY0-701 exam because they remain one of the most effective attack vectors in real-world breaches.
Phishing is the most common social engineering attack. It uses fraudulent emails, messages, or websites to trick victims into revealing credentials or installing malware. Several specialized variants exist:
Beyond phishing, other social engineering techniques include: