What is CertGuide.ai?

CertGuide.ai is an AI-powered certification prep platform that helps you pass CompTIA exams like Security+, Network+, and A+. It maps all exam concepts, diagnoses your weak areas, and creates personalized study plans.

How does CertGuide compare to CertMaster?

CertGuide.ai offers AI-powered diagnostics that map your knowledge across all 183 Security+ concepts, personalized study plans, and an AI tutor. Unlike traditional prep tools, CertGuide shows you exactly which concepts need work and tracks your progress to exam readiness.

What is the pass rate for CertGuide users?

99% of CertGuide users who reach 95% concept mastery pass their certification exam on the first attempt.

How much does CertGuide cost?

CertGuide offers a free baseline assessment to diagnose your current knowledge. Full course access is $79 per certification exam.

Which CompTIA certifications does CertGuide support?

CertGuide currently supports CompTIA Security+ (SY0-701), with Network+ and A+ (Core 1 & Core 2) launching soon.

Objective 2.2High Priority9 min read

File and Media Vectors

Attack delivery through files, images, voice calls, and removable devices. Includes malicious documents, image-based exploits, vishing (voice phishing), and USB/removable media attacks like baiting.

Understanding File and Media Vectors

File and media vectors deliver attacks through various content types that users interact with daily. Unlike message-based vectors that focus on the delivery channel, file and media vectors focus on the payload itself.

Key vectors include: • Malicious files — Documents, executables, archives containing malware • Image-based attacks — Malicious content hidden in or disguised as images • Voice calls (Vishing) — Social engineering via phone • Removable devices — USB drives, external media with malware

These vectors exploit user trust in familiar file types and the physical handling of media devices.

Why This Matters for the Exam

SY0-701 tests understanding of how different file types and media can carry threats. Exam questions often ask about specific file-based attack techniques or appropriate controls for removable media.

File-based attacks bypass network security when introduced physically (USB drops). Voice attacks exploit the trust people place in phone conversations. Understanding these vectors helps design comprehensive security that addresses both digital and physical pathways.

Removable media policies and user training are common exam topics directly related to these vectors.

Deep Dive

Malicious Files

Files designed to execute malicious code or exploit vulnerabilities.

Document-Based Attacks:

File Type	Attack Method
Word (.docx)	Macro malware, embedded objects
Excel (.xlsx)	Macro malware, DDE attacks
PDF	JavaScript, embedded files, exploits
PowerPoint	Macros, action scripts

Executable Files:

•Direct executables (.exe, .com, .scr)
•Script files (.bat, .ps1, .vbs, .js)
•Installer packages (.msi)
•Dynamic libraries (.dll)

Archive Files:

•ZIP, RAR, 7z containing malware
•Password-protected archives (bypass scanning)
•Nested archives (evade detection)

Macro Malware:

•Embedded in Office documents
•Requires user to "Enable Content"
•Downloads additional payloads
•Very common attack vector

Defense Strategies:

•Disable macros by default
•Block executable attachments
•Sandbox suspicious files
•Antivirus scanning
•User training on file risks

Image-Based Attacks

Attacks using image files as vectors.

Steganography:

•Hiding malicious code within images
•Image appears normal
•Payload extracted by malware
•Evades content inspection

Exploit Images:

•Malformed images exploiting parser vulnerabilities
•Opening image triggers exploit
•Targets image processing software
•Buffer overflow in image readers

Executable Disguised as Image:

•File named "photo.jpg.exe"
•Icon replaced with image icon
•User thinks it's an image
•Double extension trick

QR Code Attacks:

•Malicious URLs embedded in QR codes
•Physical QR codes in public places
•Phishing sites or malware downloads
•Users can't preview destination

Voice Calls (Vishing)

Voice-based social engineering attacks.

How Vishing Works:

1.Attacker calls victim
2.Impersonates trusted entity (bank, IT support, government)
3.Creates urgency or fear
4.Extracts information or directs actions
5.May combine with other attacks (callback phishing)

Common Vishing Scenarios:

•"Your bank account has been compromised"
•"This is IT support, we need your password"
•"You owe back taxes, pay immediately"
•"Your computer is infected, let us help"

Vishing Techniques:

•Caller ID spoofing (appears legitimate)
•VoIP makes calls cheap and untraceable
•Background sounds (fake call center)
•Pressure tactics and urgency

Callback Phishing:

•Email says "Call this number to verify"
•Victim initiates call (bypasses suspicion)
•Attacker answers as legitimate entity

Removable Devices

Physical media used to deliver malware or exfiltrate data.

USB-Based Attacks:

Baiting/USB Drop:

•Infected USB left in parking lot, lobby
•Labels like "Confidential" or "Salary Info"
•Curiosity drives users to plug it in
•Malware executes on connection

Malicious USB Devices:

•USB Rubber Ducky (keystroke injection)
•USB Killer (electrical damage)
•Modified devices appearing normal
•Auto-run malware

Removable Media Risks:

•Bypass network security entirely
•Introduce malware directly to endpoints
•Data exfiltration (copying data out)
•Lost/stolen media exposure

Removable Media Controls:

Control	Purpose
USB blocking	Prevent unauthorized devices
Device encryption	Protect data on lost media
DLP	Prevent data exfiltration
Autorun disable	Prevent automatic execution
Endpoint detection	Scan connected devices
Policy/training	Awareness of USB risks

How CompTIA Tests This

Example Analysis

Scenario: An employee finds a USB drive in the company parking lot labeled "Employee Salary Data Q4." They plug it into their work computer to see if they can identify the owner. Shortly after, the security team detects suspicious network traffic from that workstation.

Analysis - USB Baiting Attack:

What Happened: • Attacker planted USB drive (baiting) • Label designed to exploit curiosity • User plugged in infected device • Malware executed on connection • Compromised workstation contacting C2 server

Why It Worked: • Human curiosity exploited • "Salary Data" label irresistible • Desire to be helpful (return to owner) • No technical controls to prevent USB usage • Autorun or social engineering triggered execution

Should Have Happened: • User should report found USB to security • USB should never be plugged into corporate device • Technical controls should block unknown USB devices • If analysis needed, use isolated analysis workstation

Key insight: Baiting exploits human nature—curiosity and helpfulness. Technical controls (USB blocking) plus training are both needed.

Key Terms to Know

file-based attacksmalicious filesUSB attacksremovable mediaimage attacksvishingbaitingmacro malware

Common Mistakes to Avoid

Thinking antivirus catches all malicious files—sophisticated malware evades signature-based detection. Sandboxing and behavioral analysis are also needed.

Ignoring voice as an attack vector—vishing is highly effective because voice communication feels trustworthy and urgent.

Assuming USB ports should always be available—USB devices are a major attack vector. Blocking or controlling USB access is a valid security measure.

Trusting file extensions alone—attackers use double extensions (.doc.exe) and icon replacement to disguise malicious files.

Exam Tips

Vishing = Voice + Phishing. Social engineering via phone calls.

USB baiting = Leaving infected USB drives for victims to find and use.

Macro malware requires user to "Enable Content" in Office documents.

Steganography hides data in images—image appears normal but contains payload.

Double extension trick: "file.pdf.exe" appears as PDF but is executable.

Disable USB autorun and consider blocking unauthorized USB devices.

Memory Trick

"FIVE" File and Media Vectors

•Files (documents, executables, archives)
•Images (steganography, exploit images)
•Voice (vishing, callback phishing)
•External media (USB, removable devices)

Vishing Memory: V = Voice = Vishing (Voice Phishing)

•USB Attack Types:
•Baiting = Bait left for victim
•Rubber Ducky = Rapid keystrokes
•Killer = Kills hardware

•Macro Defense:
•"Don't Enable Macros" = DEM
•Disable by default
•Educate users
•Monitor for attempts

File Extension Check: Look for DOUBLE extensions → .doc.exe

Test Your Knowledge

Q1.An attacker leaves USB drives labeled "Executive Bonus Info" in a company lobby. This technique is called:

Q2.An employee receives a phone call from someone claiming to be IT support, requesting their password to fix a system issue. This is an example of:

Q3.What is the PRIMARY purpose of disabling autorun for removable media?

Want more practice with instant AI feedback?

Practice with AI

Continue Learning

Message-Based Vectors Social Engineering Techniques

Ready to test your knowledge?

Practice questions on file and media vectors and other Objective 2.2 concepts.

Start Practice

Message-Based Vectors Vulnerable Software