Skip to main content
VVMExam

Threats, Vulnerabilities, and Mitigations (SY0-701)

This domain covers identifying threat actors, understanding common attack types, recognizing vulnerabilities, and applying appropriate mitigation strategies. It is one of the largest weighted domains on the Security+ exam.

2 min read

Threats are any circumstance or event with the potential to cause harm. The exam expects you to categorize threat actors by their attributes:

  • Nation-state actors – highly sophisticated, well-funded, often conduct espionage or sabotage
  • Hacktivists – motivated by ideology; use defacement, DDoS, and data leaks
  • Insider threats – employees or contractors with legitimate access who misuse it (malicious or unintentional)
  • Script kiddies – low skill, rely on existing tools; opportunistic
  • Organized crime – financially motivated; common source of ransomware and fraud

Vulnerabilities are weaknesses that can be exploited. Key categories include:

  • Application vulnerabilities – buffer overflows, SQL injection, cross-site scripting (XSS), improper input validation
  • Operating system vulnerabilities – unpatched software, misconfigured services
  • Hardware vulnerabilities – firmware weaknesses, end-of-life devices
  • Zero-day vulnerabilities – unknown to the vendor; no patch exists yet
  • Misconfiguration – default credentials, open ports, overly permissive access controls

Common attack types tested on the exam include:

  • Malware – ransomware, trojans, spyware, worms, rootkits, logic bombs
  • Social engineering – phishing, vishing, smishing, pretexting, tailgating, watering hole attacks
  • Password attacks – brute force, dictionary, credential stuffing, pass-the-hash
  • Man-in-the-middle (MitM) – intercepting communications between two parties
  • Denial of Service (DoS/DDoS) – overwhelming resources to disrupt availability
  • Supply chain attacks – compromising a vendor or software update to reach downstream targets

Mitigations reduce the likelihood or impact of threats and vulnerabilities:

  • Patching and updates – closes known vulnerabilities promptly
  • Network segmentation – limits lateral movement after a breach
  • Least privilege – users receive only the access required for their role
  • Multi-factor authentication (MFA) – reduces risk from stolen credentials
  • Endpoint detection and response (EDR) – monitors endpoints for malicious behavior
  • Security awareness training – addresses the human element of social engineering
  • Intrusion Detection/Prevention Systems (IDS/IPS) – detect or block known attack patterns

The exam often presents scenario-based questions requiring you to match a described attack or vulnerability to the correct mitigation. Focus on understanding why each control works, not just memorizing definitions.

Ready to practice this topic?