Topic: Security+ Domain 2 — Vulnerabilities, Exploits, Network Attacks & Application Attacks

❓ Essential Question

How do attackers take advantage of system and application vulnerabilities, and what clues help defenders recognize these attacks?

⭐ Key Ideas

• Vulnerabilities come from bad configurations, missing patches, or weak code.
• Exploits take advantage of those weaknesses.
• Network attacks focus on traffic, ports, protocols, and access.
• Application attacks target input validation, sessions, and data handling.
• The exam tests your ability to match symptom → vulnerability → attack type.

🔑 Vocabulary

Vulnerability — A weakness that can be exploited.

Exploit — Code or action that uses a vulnerability to attack a system.

Buffer Overflow — More data than memory can handle.

Injection Attack — Attacker inserts malicious code (SQL, command, script).

XSS (Cross-Site Scripting) — Malware inside the browser.

CSRF — Forcing a user to unknowingly perform an action.

Privilege Escalation — Gaining higher permissions than allowed.