Explore Exams
Login Signup
Sign in Open App
CompTIA A+ Exam  >  CompTIA A+ Notes  >   Core 2  >  Security

Security

Overview

Security is the most heavily weighted domain on the CompTIA A+ Core 2 exam, covering approximately 26% of all questions. You must know how to configure OS security settings, implement authentication methods, apply security best practices, detect malware, use encryption, manage user permissions, recognize social engineering attacks, and respond to security incidents. This chapter focuses on physical security, logical security controls, data protection methods, and common security threats you'll encounter in IT support roles.

Core Concepts

Physical Security Controls

Badge readers use RFID or magnetic stripe cards to control building and room access. They create audit trails showing who entered where and when.

Biometric authentication uses fingerprints, retinal scans, facial recognition, or voice patterns to verify identity. These systems have false acceptance rate (FAR) and false rejection rate (FRR) metrics that measure accuracy.

Video surveillance deters theft and provides evidence for investigations. CCTV cameras should cover entrances, server rooms, and equipment storage areas.

Door locks and access control vestibules (formerly called mantraps) prevent tailgating by requiring one person to authenticate before the next person can enter.

Cable locks secure laptops and portable equipment using Kensington lock slots. USB locks physically block USB ports to prevent data theft.

Server locks and locking cabinets protect critical hardware. Server rooms should have separate access controls from general office areas.

Equipment destruction methods:

  • Shredding - physically destroys hard drives and paper documents into small pieces
  • Drilling - creates holes through hard drive platters rendering them unreadable
  • Degaussing - uses powerful magnets to destroy magnetic media (HDDs, tapes) but doesn't work on SSDs
  • Incineration - burns media completely for highest security classification data
  • Certificate of destruction - third-party documentation proving proper disposal occurred

Logical Security Controls

Active Directory (AD) is Microsoft's centralized authentication and authorization system for Windows networks. AD uses domains to organize users, computers, and resources.

Login scripts run automatically when users authenticate. They map network drives, configure printers, and apply user-specific settings.

Domain policies enforce security settings across multiple computers from a central location using Group Policy Objects (GPOs).

Group Policy / Updates controls Windows configurations including password requirements, software restrictions, update schedules, and desktop lockdowns.

Organizational Units (OUs) are containers within Active Directory that organize users and computers. You apply different GPOs to different OUs.

Home folders are personal network storage locations assigned to each user, typically redirected to a file server for backup.

Folder redirection moves user profile folders (Desktop, Documents, AppData) from local drives to network locations for centralized backup and roaming access.

Security groups simplify permission management by assigning rights to groups rather than individual users. Users inherit permissions from their group memberships.

Access Control Models

Principle of least privilege means users get only the minimum permissions needed to perform their jobs. This limits damage from compromised accounts.

Access Control List (ACL) specifies which users or groups can access a resource and what actions they can perform (read, write, execute, delete).

Mandatory Access Control (MAC) uses security labels and clearances assigned by administrators. Users cannot change permissions. Used in military and government environments.

Discretionary Access Control (DAC) allows resource owners to control who accesses their files. This is the Windows default model using NTFS permissions.

Role-Based Access Control (RBAC) assigns permissions based on job roles rather than individual users. When someone changes positions, you simply change their role membership.

User Authentication Methods

Usernames and passwords are the most common authentication method. Strong passwords use length (minimum 8-12 characters), complexity (uppercase, lowercase, numbers, symbols), and expiration policies.

Multifactor authentication (MFA) requires two or more verification methods from different categories:

  • Something you know - password, PIN, security questions
  • Something you have - smart card, token, phone, badge
  • Something you are - fingerprint, retina, facial recognition

Single sign-on (SSO) allows users to authenticate once and access multiple applications without re-entering credentials. Reduces password fatigue but creates a single point of failure.

RADIUS (Remote Authentication Dial-In User Service) centralizes authentication for network devices, VPNs, and wireless access points. Uses UDP ports 1812 (authentication) and 1813 (accounting).

TACACS+ (Terminal Access Controller Access-Control System Plus) is Cisco's alternative to RADIUS, offering more granular command authorization and full packet encryption.

Kerberos is the authentication protocol used by Active Directory. It issues time-stamped tickets to authenticate users without repeatedly sending passwords over the network.

Password Security Best Practices

  • Password length - minimum 8 characters for users, 14+ for administrators, longer is stronger than complexity
  • Password complexity - mix uppercase, lowercase, numbers, and symbols
  • Password expiration - force changes every 30-90 days (though NIST now recommends against forced regular changes unless compromise is suspected)
  • Password history - remember last 12-24 passwords to prevent reuse
  • Account lockout threshold - lock accounts after 3-5 failed attempts to prevent brute force attacks
  • Account lockout duration - automatically unlock after 15-30 minutes or require administrator reset
  • Password managers - generate and store complex unique passwords for each account

Mobile Device Security

Screen locks require PIN, password, pattern, or biometric authentication after inactivity timeout (typically 5-15 minutes).

Remote wipe erases all data on lost or stolen devices. Can be triggered through mobile device management (MDM) software or cloud services like Find My iPhone.

Locator applications track device GPS coordinates to help recover lost equipment or trigger remote actions.

MDM (Mobile Device Management) software centrally manages corporate mobile devices, enforcing security policies, distributing apps, and tracking inventory.

Full device encryption protects data even if someone removes the storage chip. iOS devices encrypt by default when you set a passcode; Android has encryption enabled by default on modern versions.

Authenticator applications like Google Authenticator or Microsoft Authenticator generate time-based one-time passwords (TOTP) for MFA without requiring SMS.

Trusted Platform Module (TPM) is a chip on the motherboard that stores encryption keys and provides hardware-based security. Required for BitLocker and measured boot.

Data Encryption

BitLocker is Windows full-disk encryption that requires TPM 1.2 or higher (or can use USB key on systems without TPM). Available on Windows Pro, Enterprise, and Education editions only.

BitLocker To Go encrypts removable drives like USB flash drives and external hard drives.

FileVault is macOS full-disk encryption using XTS-AES-128 with a 256-bit key. Recovery keys are stored in iCloud or provided during setup.

EFS (Encrypting File System) is Windows file-level encryption integrated with NTFS. It encrypts individual files and folders rather than entire drives. Uses user certificates, so losing the user profile means losing access unless recovery agent is configured.

Wireless Security

WEP (Wired Equivalent Privacy) is obsolete and easily cracked within minutes. Never use WEP on any network.

WPA (Wi-Fi Protected Access) improved on WEP but is also deprecated. Uses TKIP encryption which has known vulnerabilities.

WPA2 uses AES encryption and is the minimum acceptable standard for wireless networks. Supports personal mode (PSK with shared password) and enterprise mode (802.1X with RADIUS authentication).

WPA3 is the newest standard, adding simultaneous authentication of equals (SAE) to protect against offline dictionary attacks and providing forward secrecy.

Disabling SSID broadcast hides network name from casual users but doesn't provide real security since the SSID is still transmitted in probe requests.

MAC filtering only allows pre-approved device addresses to connect. Provides minimal security since MAC addresses are easily spoofed.

Antenna placement and power levels should minimize signal outside the building to reduce unauthorized access opportunities.

Malware Types

Viruses attach to executable files and spread when users run infected programs. Require user action to propagate.

Worms self-replicate across networks without user interaction. They exploit vulnerabilities to spread automatically.

Trojans disguise themselves as legitimate software while performing malicious actions. They don't self-replicate.

Ransomware encrypts user files and demands payment for the decryption key. Modern variants also threaten to publish stolen data.

Spyware monitors user activity and sends information to attackers. Includes keyloggers that record keystrokes to steal passwords.

Rootkits hide deep in the operating system (kernel level) and conceal their presence from antivirus software. Often require clean OS reinstall to remove.

Adware displays unwanted advertisements, often bundled with free software. Less malicious than other types but degrades performance.

Cryptominers use system resources to mine cryptocurrency without permission, causing high CPU usage and heat.

Botnet is a network of compromised computers controlled remotely to launch DDoS attacks, send spam, or spread malware.

Malware Removal Process

  1. Identify malware symptoms - slow performance, pop-ups, browser redirects, missing files, high network activity
  2. Quarantine infected system - disconnect from network to prevent spreading; disable System Restore to remove infected restore points
  3. Disable System Restore - malware often hides in restore points in Windows
  4. Remediate - update antivirus definitions and run full scans; boot to Safe Mode if necessary; use bootable antivirus media for severe infections
  5. Schedule automatic scans and updates - configure daily definition updates and weekly full scans
  6. Enable System Restore and create restore point - re-enable after cleaning to create new clean baseline
  7. Educate end user - explain how infection occurred and how to avoid future infections

Social Engineering Attacks

Phishing uses fake emails pretending to be from legitimate sources to steal credentials or install malware. Look for spelling errors, generic greetings, suspicious links, and urgent threats.

Spear phishing targets specific individuals using personalized information to appear more convincing.

Whaling targets high-level executives (the "big fish") with sophisticated attacks.

Vishing (voice phishing) uses phone calls to trick victims into revealing sensitive information or making fraudulent transfers.

Smishing (SMS phishing) sends text messages with malicious links or requests for personal information.

Shoulder surfing involves watching someone enter passwords or view sensitive information on their screen.

Tailgating follows authorized personnel through secure doors without proper authentication.

Impersonation pretends to be someone with authority (IT support, manager, vendor) to gain access or information.

Dumpster diving searches trash for discarded documents containing passwords, account numbers, or confidential information.

Evil twin sets up rogue wireless access points with legitimate-looking names to intercept traffic from unsuspecting users.

Security Best Practices

Patch management keeps operating systems and applications updated to fix security vulnerabilities. Enable automatic updates for workstations; test patches on development systems before deploying to production servers.

Acceptable Use Policy (AUP) defines how employees can use company IT resources, including internet access, email, and equipment. Violations can result in disciplinary action.

Data classification labels information by sensitivity level (public, internal, confidential, secret) to determine appropriate handling and access controls.

Compliance requirements like HIPAA (healthcare), PCI DSS (credit cards), and GDPR (EU privacy) mandate specific security controls and data handling procedures.

Incident response procedures define how to detect, report, contain, eradicate, and recover from security incidents. Document everything for post-incident analysis.

Change management requires approval, documentation, and rollback plans before modifying production systems. Prevents unauthorized changes that could create vulnerabilities.

Asset management and inventory tracks all hardware and software to identify outdated systems needing replacement and detect unauthorized devices.

Network Security

Firewalls filter network traffic based on rules. Host-based firewalls run on individual computers (Windows Defender Firewall); network firewalls protect entire network segments.

Port security involves closing unused ports and restricting which ports applications can use. Common ports to know:

  • 21 - FTP (insecure file transfer)
  • 22 - SSH (secure remote access)
  • 23 - Telnet (insecure remote access, deprecated)
  • 25 - SMTP (sending email)
  • 53 - DNS (name resolution)
  • 80 - HTTP (unsecured web)
  • 110 - POP3 (receiving email)
  • 143 - IMAP (receiving email)
  • 443 - HTTPS (secured web)
  • 3389 - RDP (Remote Desktop Protocol)

VPN (Virtual Private Network) creates encrypted tunnels over public networks for secure remote access. Common protocols include IPsec, L2TP, and SSL/TLS.

Email security includes spam filters, attachment scanning, SPF/DKIM/DMARC authentication, and user training to recognize phishing.

DNS filtering blocks access to known malicious domains, preventing malware downloads and phishing sites.

Windows Security Settings

User Account Control (UAC) prompts for administrator credentials when programs try to make system changes. Prevents malware from silently gaining elevated privileges.

Windows Defender Antivirus is built into Windows 10/11 and provides real-time protection, scheduled scans, and automatic definition updates.

Windows Defender Firewall has separate profiles for domain, private, and public networks. Configure inbound and outbound rules to control traffic.

NTFS permissions control file and folder access. Key permissions include:

  • Full Control - all permissions including changing ownership and permissions
  • Modify - read, write, delete files but cannot change permissions
  • Read & Execute - view files and run programs
  • Read - view files only
  • Write - create files and folders

Share permissions apply when accessing files over the network. NTFS and share permissions combine with the most restrictive taking effect.

Permission inheritance means child folders automatically receive parent folder permissions unless explicitly blocked.

Run as administrator right-click option executes programs with elevated privileges on standard user accounts.

Linux and macOS Security

chmod changes file permissions in Linux/macOS using numeric (755) or symbolic (rwxr-xr-x) notation. Read=4, Write=2, Execute=1.

sudo executes commands with root privileges. Requires user to be in sudoers file and authenticate with their own password.

Gatekeeper (macOS) prevents unsigned applications from running unless you explicitly approve them in System Preferences.

XProtect (macOS) is Apple's built-in antivirus that automatically scans downloads and updates malware definitions.

Troubleshooting

1. Symptom: User receives constant browser pop-ups advertising software even with pop-up blocker enabled. Browser homepage changed to unfamiliar search engine. New toolbars appeared that user didn't install.

Likely Cause: Adware infection from bundled software installation or malicious browser extension.

Fix: Boot to Safe Mode with networking. Uninstall suspicious programs from Control Panel. Reset browser settings to default. Run full antivirus scan with updated definitions. Remove malicious extensions from browser. Clear browser cache and cookies. Install reputable ad blocker extension.

2. Symptom: Windows displays "Access Denied" error when user tries to open folder on shared network drive. Same user could access this folder yesterday. Other users can still access the folder normally.

Likely Cause: User's group membership changed or NTFS permissions were modified removing their access rights.

Fix: Check user's Active Directory group memberships to verify they're still in the appropriate security group. Right-click the folder, select Properties, Security tab, verify user or their group has at least Read permissions. If using share permissions, check both share and NTFS permissions apply correctly. Re-add user to appropriate group or explicitly grant NTFS permissions if needed.

3. Symptom: All files on user's desktop and Documents folder now have .encrypted extension and cannot be opened. Text file appeared named "READ_ME_NOW.txt" demanding Bitcoin payment. User clicked email attachment earlier today.

Likely Cause: Ransomware infection from malicious email attachment.

Fix: Immediately disconnect computer from network to prevent spreading to network shares. Do NOT pay ransom. Identify ransomware variant using ID Ransomware website. Check if free decryption tools exist from No More Ransom project. If no decryption available, wipe system completely and reinstall Windows from scratch. Restore user files from clean backup created before infection date. If no clean backups exist, data may be permanently lost. Update antivirus and train user on email attachment dangers.

Step-by-Step Procedures

Task: Configure BitLocker Drive Encryption on Windows 10/11 Pro

  1. Verify computer has TPM chip by running tpm.msc from Run dialog or Command Prompt
  2. Open Control Panel and navigate to System and Security then BitLocker Drive Encryption
  3. Click Turn on BitLocker next to the drive you want to encrypt (typically C: drive)
  4. Choose how to unlock the drive at startup: Use TPM (automatic) or Enter a password (manual unlock)
  5. Choose how to back up your recovery key: Save to your Microsoft account, Save to a USB flash drive, Save to a file, or Print the recovery key
  6. Store recovery key in secure location separate from the encrypted computer
  7. Choose encryption option: Encrypt used disk space only (faster, for new drives) or Encrypt entire drive (more secure, for drives already in use)
  8. Select encryption mode: New encryption mode (for fixed drives on this device only) or Compatible mode (for removable drives used on older Windows versions)
  9. Check Run BitLocker system check to verify TPM can read the key during startup
  10. Click Start encrypting and restart computer when prompted
  11. Computer will perform system check on restart, then begin encryption process (visible in BitLocker control panel)
  12. Encryption continues in background and computer remains usable during process

Practice Questions

Q1: A user reports their computer is running extremely slowly and the CPU fan is constantly loud. Task Manager shows 98% CPU usage by an unknown process called "miner.exe" that restarts even after being ended. What type of malware is MOST likely present?
(a) Ransomware
(b) Trojan
(c) Cryptominer
(d) Rootkit

Ans: (c)
Cryptominers use system CPU/GPU resources to mine cryptocurrency, causing high resource usage, heat, and performance degradation with persistent processes that restart automatically.

Q2: Which of the following authentication methods provide multifactor authentication? (Select TWO)
(a) Username and password
(b) Fingerprint scan and smart card
(c) Password and security question
(d) PIN and authenticator app code
(e) Two different passwords

Ans: (b) and (d)
Multifactor authentication requires factors from different categories; fingerprint (something you are) plus smart card (something you have) and PIN (something you know) plus authenticator app (something you have) both qualify, while multiple passwords or security questions are single-factor.

Q3: A technician needs to prevent users from installing unauthorized software while still allowing them to run approved applications and access their documents. Which Windows security feature should be configured?
(a) Windows Defender Firewall
(b) BitLocker encryption
(c) User Account Control
(d) Group Policy Software Restriction Policies

Ans: (d)
Group Policy Software Restriction Policies or AppLocker can whitelist approved applications and block all others, preventing unauthorized software installation while allowing normal application usage.

Q4: You are configuring NTFS permissions for a shared folder. The Marketing group needs to create and edit files but not delete them. The Managers group needs full access including deletion. Which permissions should you assign?
(a) Marketing: Read; Managers: Modify
(b) Marketing: Write; Managers: Full Control
(c) Marketing: Modify; Managers: Full Control
(d) Marketing: Read & Execute; Managers: Modify

Ans: (b)
Write permission allows creating files but not deleting them, while Full Control provides all permissions including deletion; however, the better answer is (c) because Modify includes write and delete of own files, though the question specifically states no deletion capability which makes Write technically more accurate despite being unusual in practice.

Ans: (c)
Marketing needs Modify to create and edit files, and Managers need Full Control for complete access including deletion and permission changes.

Q5: An employee receives an email appearing to be from the IT department requesting they click a link to verify their account credentials within 24 hours or access will be suspended. The link goes to a site that looks like the company portal but has a slightly different URL. What type of attack is this?
(a) Vishing
(b) Smishing
(c) Phishing
(d) Shoulder surfing

Ans: (c)
Phishing uses fraudulent emails with fake links to steal credentials by impersonating legitimate organizations and creating urgency to bypass critical thinking.

Q6: Performance-based task: You need to configure Windows Defender Firewall to block all incoming Remote Desktop connections on a Windows 10 computer.

Expected steps:

  1. Open Control Panel and navigate to System and Security then Windows Defender Firewall
  2. Click "Advanced settings" in left panel to open Windows Defender Firewall with Advanced Security
  3. Select "Inbound Rules" in left pane
  4. Locate rules named "Remote Desktop - User Mode (TCP-In)" and "Remote Desktop - User Mode (UDP-In)"
  5. Right-click each rule and select "Disable Rule" or change Action to "Block the connection"
  6. Verify Domain, Private, and Public profiles are all configured to block
  7. Alternatively, create new inbound rule blocking TCP port 3389 for all profiles

Q7: Which of the following is the BEST practice for protecting sensitive data on mobile devices used by employees who frequently work in public locations?
(a) Disable SSID broadcast on company Wi-Fi
(b) Enable full device encryption and require strong authentication
(c) Install antivirus software on the devices
(d) Configure MAC address filtering on network equipment

Ans: (b)
Full device encryption protects data if the device is lost or stolen, and strong authentication prevents unauthorized access, addressing the primary mobile security risks for devices used in public.

Quick Review

  • Malware removal order: Identify symptoms, quarantine system, disable System Restore, remediate, schedule scans, re-enable System Restore, educate user
  • BitLocker requires TPM chip and Windows Pro/Enterprise/Education; FileVault is macOS full-disk encryption; EFS encrypts individual files on NTFS
  • WPA2 with AES is minimum wireless security; WPA3 is newest standard; WEP and WPA are obsolete and insecure
  • Multifactor authentication combines something you know, something you have, and something you are from different categories
  • NTFS permissions include Full Control, Modify, Read & Execute, Read, Write; most restrictive permission applies when combining share and NTFS
  • UAC prompts prevent unauthorized system changes; standard users need admin credentials for elevated tasks
  • Principle of least privilege grants minimum permissions necessary; RBAC assigns permissions by job role not individual users
  • Common ports: SSH 22, HTTP 80, HTTPS 443, RDP 3389, DNS 53, SMTP 25
  • chmod uses numeric notation (read=4, write=2, execute=1) or symbolic (rwx); sudo runs commands with root privileges in Linux
  • Phishing uses fake emails; spear phishing targets specific individuals; vishing uses phone calls; smishing uses SMS text messages
The document Security is a part of the CompTIA A+ Course CompTIA A+ Core 2.
All you need of CompTIA A+ at this link: CompTIA A+
Join Course for Free
About this Document
Apr 20, 2026 Last updated
Related Exams
Document Description: Security for CompTIA A+ 2026 is part of CompTIA A+ Core 2 preparation. The notes and questions for Security have been prepared according to the CompTIA A+ exam syllabus. Information about Security covers topics like and Security Example, for CompTIA A+ 2026 Exam. Find important definitions, questions, notes, meanings, examples, exercises and tests below for Security.
Introduction of Security in English is available as part of our CompTIA A+ Core 2 for CompTIA A+ & Security in Hindi for CompTIA A+ Core 2 course. Download more important topics related with notes, lectures and mock test series for CompTIA A+ Exam by signing up for free. CompTIA A+: Security
Description
Security of CompTIA A+ Core 2 covers all the important topics, helping you prepare for the CompTIA A+ exam on EduRev. Start for free!
Information about Security
In this doc you can find the meaning of Security defined & explained in the simplest way possible. Besides explaining types of Security theory, EduRev gives you an ample number of questions to practice Security tests, examples and also practice CompTIA A+ tests
Explore Courses for CompTIA A+ exam
Get EduRev Notes directly in your Google search
Related Searches
Previous Year Questions with Solutions, video lectures, pdf , Sample Paper, Summary, mock tests for examination, past year papers, MCQs, Viva Questions, practice quizzes, Security, Free, ppt, shortcuts and tricks, Extra Questions, Exam, study material, Objective type Questions, Important questions, Semester Notes, Security, Security;
;
Additional Information about Security for CompTIA A+ Preparation

Security Free PDF Download

The Security is an invaluable resource that delves deep into the core of the CompTIA A+ exam. These study notes are curated by experts and cover all the essential topics and concepts, making your preparation more efficient and effective. With the help of these notes, you can grasp complex subjects quickly, revise important points easily, and reinforce your understanding of key concepts. The study notes are presented in a concise and easy-to-understand manner, allowing you to optimize your learning process. Whether you're looking for best-recommended books, sample papers, study material, or toppers' notes, this PDF has got you covered. Download the Security now and kickstart your journey towards success in the CompTIA A+ exam.

Importance of Security

The importance of Security cannot be overstated, especially for CompTIA A+ aspirants. This document holds the key to success in the CompTIA A+ exam. It offers a detailed understanding of the concept, providing invaluable insights into the topic. By knowing the concepts well in advance, students can plan their preparation effectively. Utilize this indispensable guide for a well-rounded preparation and achieve your desired results.

Security Notes

Security Notes offer in-depth insights into the specific topic to help you master it with ease. This comprehensive document covers all aspects related to Security. It includes detailed information about the exam syllabus, recommended books, and study materials for a well-rounded preparation. Practice papers and question papers enable you to assess your progress effectively. Additionally, the paper analysis provides valuable tips for tackling the exam strategically. Access to Toppers' notes gives you an edge in understanding complex concepts. Whether you're a beginner or aiming for advanced proficiency, Security Notes on EduRev are your ultimate resource for success.

Security CompTIA A+ Questions

The "Security CompTIA A+ Questions" guide is a valuable resource for all aspiring students preparing for the CompTIA A+ exam. It focuses on providing a wide range of practice questions to help students gauge their understanding of the exam topics. These questions cover the entire syllabus, ensuring comprehensive preparation. The guide includes previous years' question papers for students to familiarize themselves with the exam's format and difficulty level. Additionally, it offers subject-specific question banks, allowing students to focus on weak areas and improve their performance.

Study Security on the App

Students of CompTIA A+ can study Security alongwith tests & analysis from the EduRev app, which will help them while preparing for their exam. Apart from the Security, students can also utilize the EduRev App for other study materials such as previous year question papers, syllabus, important questions, etc. The EduRev App will make your learning easier as you can access it from anywhere you want. The content of Security is prepared as per the latest CompTIA A+ syllabus.
Signup to see your scores go up
within 7 days!
Takes less than 10 seconds to signup