Chapter 6

Understanding the Security Concerns Associated with Various Types of Vulnerabilities

This chapter covers the following topics related to Objective 1.6 (Explain the security concerns associated with various types of vulnerabilities) of the CompTIA Security+ SY0-601 certification exam:

  • Cloud-based vs. on-premises vulnerabilities

  • Zero-day

  • Weak configurations

    • Open permissions

    • Unsecure root accounts

    • Errors

    • Weak encryption

    • Unsecure protocols

    • Default settings

    • Open ports and services

  • Third-party risks

    • Vendor management

      • System integration

      • Lack of vendor support

    • Supply chain

    • Outsourced code development

    • Data storage

    • Improper or weak patch management

      • Firmware

      • Operating system (OS)

      • Applications

    • Legacy platforms

    • Impacts

      • Data loss

      • Data breaches ...

Get CompTIA Security+ SY0-601 Cert Guide, 5th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.