CompTIA A+ Core 2 | Domain 7: Security (28%) | Reading
7.1 Security Fundamentals
What is Security?
Security protects:
- Systems
- Networks
- Data
from unauthorized access, damage, or theft.
CIA Triad (FOUNDATIONAL CONCEPT)
|
Principle |
Description |
|
Confidentiality |
Data is private |
|
Integrity |
Data is not altered |
|
Availability |
Data is accessible |
7.2 Types of Threats & Malware
Malware Types (MEMORIZE)
Virus
- Attaches to files
- Spreads when executed
Worm
- Self-replicates across networks
- No user action needed
Trojan
- Disguised as legitimate software
Ransomware
- Locks data until payment
Spyware
- Tracks user activity
Keylogger
- Records keystrokes
Rootkit
- Hides deep in OS
7.3 Social Engineering Attacks
Common Attacks
Phishing
- Fake emails to steal data
Spear Phishing
- Targeted phishing attack
Impersonation
- Pretending to be trusted person
Vishing
- Voice phishing (phone calls)
Smishing
- SMS phishing
Baiting
- Leaving infected USB drives
Prevention:
- Verify identity
- Avoid suspicious links
- User education
7.4 Authentication & Access Control
Authentication Factors
|
Type |
Example |
|
Something you know |
Password |
|
Something you have |
Token |
|
Something you are |
Fingerprint |
MFA (Multi-Factor Authentication)
- Uses 2+ factors
- Stronger security
Access Control Models
|
Model |
Description |
|
Least Privilege |
Minimum access needed |
|
Role-Based (RBAC) |
Based on job role |
7.5 Wireless Security
Encryption Types
|
Type |
Security Level |
|
WEP |
Weak ❌ |
|
WPA |
Better |
|
WPA2 |
Strong ✅ |
|
WPA3 |
Strongest ✅ |
Best Practices:
- Change default SSID
- Use strong passwords
- Disable SSID broadcast (optional)
7.6 Mobile Device Security
Key Features:
- Screen lock
- Biometrics
- Remote wipe
Mobile Risks:
- Lost/stolen devices
- Unsecured apps
Protection:
- Enable encryption
- Use MDM (Mobile Device Management)
7.7 Physical Security
Controls:
- Locks
- Security cameras
- Badge systems
- Biometrics
Threats:
- Tailgating
- Theft
7.8 Data Security
Encryption
- Protects data from unauthorized access
Data Types:
- Data at rest
- Data in transit
- Data in use
Backup Methods:
|
Type |
Description |
|
Full |
All data |
|
Incremental |
Changes since last backup |
|
Differential |
Changes since last full backup |
7.9 Security Tools
Common Tools
|
Tool |
Function |
|
Antivirus |
Detect/remove malware |
|
Firewall |
Filter traffic |
|
Anti-malware |
Advanced protection |
OS Security Tools:
- Windows Defender
- BitLocker (encryption)
7.10 Password Security
Strong Password Rules:
- 12+ characters
- Mix of:
- Uppercase
- Lowercase
- Numbers
- Symbols
Weak Practices:
- Reusing passwords
- Sharing credentials
Best Practices:
- Use password manager
- Enable MFA
7.11 Security Best Practices
✔ Keep systems updated
✔ Install antivirus
✔ Use strong passwords
✔ Backup data regularly
✔ Educate users
7.12 Incident Response (EXAM IMPORTANT)
Steps:
- Identify incident
- Contain threat
- Eradicate threat
- Recover systems
- Document
7.13 Malware Removal Process
Steps:
- Identify malware
2. Quarantine system
3. Remove malware
4. Update system
5. Educate user
7.14 Security Troubleshooting
Common Issues
Slow System
- Malware infection
Locked Account
- Too many login attempts
Unauthorized Access
- Weak password
Infected System
- Pop-ups, unknown apps
Videos: Security
2.1 – Security Measures
Information technology includes important physical security controls. In this video, you’ll learn about barricades, access control vestibules, badge readers, video surveillance, and more.
Most organizations will use many different methods of providing physical access. In this video, you’ll learn about key fobs, smart cards, mobile digital keys, biometrics, and more.
We rely on many different logical security methods to protect our systems. In this video, you’ll learn about least privilege, access control lists (ACLs), zero trust, multifactor authentication, and more.
The authentication process is critical for maintaining the security of our data. In this video, you’ll learn about security assertion markup language (SAML), single sign-on (SSO), just-in-time access, mobile device management (MDM), and more.
2.2 – Windows Security
Defender Antivirus is a fully-featured anti-virus application included with the Windows operating system. In this video, you’ll learn how to activate and deactivate Defender and how to keep the Defender signatures updated.
The Windows Firewall provides built-in security technology to prevent any unwanted connections. In this video, you’ll learn how to enable and disable Windows Firewall, important configuration options, and additional firewall settings.
Windows includes a number of important security features. In this video, you’ll learn about Windows authentication, users and groups, login options, passwordless authentication, NTFS vs. Share permissions, and more.
Active Directory is the foundation of most business networks. In this video, you’ll learn about Active Directory services, adding a device to a Windows Domain, adding Group Policies, configuring folder redirection, and more.
2.3 – Wireless Security
Our 802.11 wireless network standards include numerous security features. In this video, you’ll learn about wireless authentication, WPA2, WPA3, and AES encryption.
Our enterprise networks can choose from many different authentication standards. In this video, you’ll learn about RADIUS (Remote Authentication Dial-in User Service), TACACS (Terminal Access Controller Access-Control System), and Kerberos.
2.4 – Malware
Malware can be a significant security issue for any network. In this video, you’ll learn about trojan horses, rootkits, spyware, keyloggers, ransomware, and more.
Security professionals have many tools available to combat malware. In this video, you’ll learn about the Windows Recovery Environment (WinRE), Endpoint Detection and Response (EDR), email gateways, software firewalls, and more.
2.5 – Social Engineering
Social Engineering can take many different forms. In this video, you’ll learn about phishing, shoulder surfing, tailgating, impersonation, and more.
A denial of service can cause significant outages and downtime. In this video, you’ll learn about denial of service attacks and distributed denial of service attacks.
Attackers have many different techniques to gain unauthorized access to information. In this video, you’ll learn about on-path attacks, ARP poisoning, and wireless evil twins.
A zero-day attack takes advantage of a previously-unknown vulnerability. In this video, you’ll learn about zero-day attacks and how organizations can react to a zero-day vulnerability.
Our passwords are often the only protection our applications have from an attacker. In this video, you’ll learn about password hashing, brute force attacks, and dictionary attacks.
Internal employees and contractors can be a significant threat to an organization’s security. In this video, you’ll learn how attackers take advantage of insider threats and ways to protect against this attack type.
A SQL injection can provide an attacker with access to everything in your database. In this video, you’ll learn how a SQL injection is constructed and you’ll see a live demonstration of a SQL injection on a vulnerable application.
A cross-site scripting attack takes advantage of the trust associated with our browser. In this video, you’ll learn how a cross-site scripting attack can be carried out and you’ll see a live demonstration of an XSS attack against a vulnerable application.
A business email compromise is a challenging social engineering attack to protect against. In this video, you’ll learn how a BEC attack can be carried out and how to prevent a compromise from occurring.
A supply chain attack takes advantage of the trust we have for our vendors and partners. In this video, you’ll learn about identifying and preventing supply chain attacks from our service providers, hardware providers, and software providers.
Protecting against vulnerabilities is a constant challenge. In this video, you’ll learn about standard operating environments (SOE), unpatched systems, end of service life (EOSL), and more.
2.6 – Malware Removal
There are times when removing malware may be the best option available. In this video, you’ll learn about identifying malware, quarantining systems, remediating the malware, and other malware removal options.
2.7 – Security Best Practices
It’s important to always follow best practices when securing a network. In this video, you’ll learn about data encryption options, password complexity, account disabling, locking the desktop, and much more.
2.8 – Mobile Device Security
Mobile device security includes a number of best practices specific to these unique platforms. In this video, you’ll learn about full device encryption, screen locks, configuration profiles, remote wipe, and more.
2.9 – Data Destruction
There may be circumstances where the destruction of a storage device is the best way to keep the data safe. In this video, you’ll learn about physical destruction options, formatting best practices, and the importance of a certificate of destruction.
2.10 – SOHO Networks
The security concerns of a SOHO (small office home office) network are very similar to those of a large corporate network. In this video, you’ll learn about default passwords, IP filtering, firmware updates, content filtering, and much more.
2.11 – Browser Security
A browser is one of the most important application environments. In this video, you’ll learn about hash verification, browser patching, secure extensions, password managers, and more.
7.15 Exam Tips (CRITICAL)
✔ Memorize malware types
✔ Know social engineering attacks
✔ Understand MFA & authentication
✔ Know encryption basics
✔ Practice incident response steps
Quick Knowledge Check
- What does ransomware do?
A. Speeds up PC
B. Locks data
C. Deletes OS
D. Tracks location - Phishing is what type of attack?
A. Hardware
B. Social engineering
C. Physical
D. Network - Strongest wireless security?
A. WEP
B. WPA
C. WPA2
D. WPA3 - What is MFA?
A. Multiple files
B. Multi-factor authentication
C. Memory function
D. Firewall type - What does firewall do?
A. Store data
B. Filter traffic
C. Encrypt files
D. Run apps
Answers: 1-B, 2-B, 3-D, 4-B, 5-B




























