Free CompTIA Security+ Training (SY0-701)
Lesson 2 — Threats, Attacks, and Vulnerabilities
Understand core threat types, common attack techniques, and the vulnerabilities they exploit.
1) What are Threats?
A threat is any potential danger that could exploit a weakness in a system. Threats can come from:
- External attackers (cybercriminals, hacktivists, nation-states)
- Internal threats (malicious insiders, careless employees)
- Environmental factors (power outage, fire, flood)
NordVPN — up to 75% off
Encrypt traffic and reduce MITM risk on public Wi-Fi.
2) Common Attack Types
Attackers use many methods to break into systems. Key ones for Security+:
- Phishing: Fake emails/sites to steal credentials.
- Denial of Service (DoS): Flood a target until it’s unavailable.
- Malware: Damage/spy/steal data (viruses, worms, Trojans).
- SQL Injection: Malicious input to access/modify databases.
- Man-in-the-Middle (MITM): Intercept and alter communications.
NordPass — up to 70% off
Kill weak/reused passwords; generate and autofill strong ones.
3) What are Vulnerabilities?
A vulnerability is a weakness that can be exploited. Examples:
- Unpatched software with known bugs
- Weak or reused passwords
- Misconfigured firewalls or servers
- Lack of encryption
- Poor employee awareness and training
4) Real-Life Example
Equifax (2017) — Attackers exploited a known Apache Struts vulnerability that wasn’t patched, exposing data of 147M people.
Surfshark VPN — up to 82% off
Unlimited devices, strong privacy, helpful for safe remote work.