Page 1 1002 Security Study Guide for the CompTIA A+ Core Series Exam
How to Prepare for Questions about Security on the CompTIA A+ Core Series 1002 Test
Both the previous and current (2019) versions of the CompTIA A+ Core Series 1002 test devote an entire section of the study outline to this topic. There’s a lot to know and study because around one-fourth (24%) of the questions are security-related. Half of these questions will probably begin with a scenario. This is designated by the note (scenario) beside the affected headings, below.
When thinking about cybersecurity, it’s sometimes easy to forget what an important role physical security plays in keeping digital data safe. Physical security is important because no matter how many security measures you put in place on a device itself, physical security is the only thing that will stop a criminal from walking away with the entire device.
Mantrap— A mantrap is exactly what it sounds like. It’s a trap used to prevent infiltration methods such as tailgating and piggybacking. A mantrap is a small area with a set of two locked doors which separates the outside world from a secured area. When entering, an individual will enter through the first door, but that door must then be closed behind them before the second door may be opened.
Badge reader— Badge readers can be implemented to help prevent unauthorized access. In this type of environment, employees are given badges such as proximity cards or smart cards. When the employee scans the badge, he or she is allowed entry to the area.
Smart card— Smart cards are cards which are typically the size of your driver’s license or credit card. The embedded memory and chipset in these cards can store identification and authentication information. A smart card can also be programmed to use as a cash card which is seen in many organizations where employees may use their employee badge to purchase lunch in an onsite cafeteria.
Security guard— Security guards are one of the few security controls which are considered not only preventative controls, but also deterrent controls and detective controls. This is because organizations with onsite security staff are less likely to be targeted for attacks than those with no security guards.
Door lock— Door locks should always be utilized whenever possible. Aside from locks preventing unauthorized entrance to the building, locks should also be utilized to protect rooms containing sensitive equipment (such as the server room or network closet).
Biometric locks— Biometric locks can add an additional layer of protection to an organization’s physical security. Smart cards and proximity badges can be lost and possibly wind up in the wrong hands. Biometric locks use an individual’s features, such as their retina or fingerprints, to authenticate them.
Hardware tokens— A hardware token is a physical device that stores authentication information. One example of a hardware token is an RSA key fob. These hardware tokens randomly generate numbers that can be paired with usernames and passwords for added security.
Cable locks— Cable locks can be used to help prevent a thief from walking off with laptops. A cable lock is used by looping the cable around a heavy (preferably immovable) object and then securing the lock to a small security hole on the side of the laptop.
Server locks— Due to their important role within organizations, servers should never be left vulnerable to a physical attack. Not only should the server room be locked when not in use, but the rack in which the servers are located should also be locked.
USB locks— Many attacks can be delivered via an unsecured USB port on a server, laptop, or desktop. USB locks are small locks that plug directly into open USB ports and prevent unauthorized access.
Privacy screen— Privacy screens are screen covers that go on your phone, tablet, monitor, or laptop screen. These screens make it very hard to see what is happening on the screen unless you are sitting directly in front of it. This prevents shoulder-surfing which is the act of spying on another person’s screen to collect information.
Key fobs— Key fobs are small security devices that store authentication information.
Entry control roster— An entry control roster is a document kept by a security guard that has a record of all the individuals who have entered and left the building. This is often used in conjunction with mantraps.
Logical Security Measures
Unlike physical security controls which you can see and touch, logical security controls are items such as security policies and software safeguards that are used to protect our systems. You should be able to explain these.
Active Directory (AD) is the Microsoft® directory used to manage users, applications, computers, and much more. AD can be used to help implement security measures across your organization.
A login script can be thought of as a series of instructions given for a device to perform upon login. Login scripts can be set on the profile tab of a user in AD. Login scripts can be used to map network drives, log computer access, gather information from a computer, and much more.
Ensuring that all computers in an environment are in your domain helps to ensure that they will be given the proper security policies. When a computer is in your domain, you’ll be able to see it and manage it within AD.
Group policies can be extremely useful in securing an organization. Group policies can be used to set password policies, block unwanted applications, and even block access to the internet entirely in some cases. They can also be used to push out security updates which are important to keep an organization safe.
Organization units (often referred to as OUs) are subdivisions of your domain within active directory. For example, if the organization ACME Corp had three separate locations, they may choose to have three organizational units within their domain.
A home folder can be set for each user in AD. If the home folder doesn’t exist when it’s added in AD, then AD will create the folder and set the permissions for you. By default, this folder can be accessed only by the user and the domain administrators. Home folders should be used by folders to store their files on the server. Because computers can be lost or stolen, it’s best for users to store their documents on the server in this way rather than store them locally on their own machines.
Folder redirection allows administrators (and in some cases users) to redirect the path of a specific folder to a new location. One popular implementation of this is to redirect a user’s Documents folder (that is stored locally on his or her machine) to a network location, such as the Home folder.
There are other methods to ensure security. Here are some of them.
Software tokens are similar to hardware tokens, except they come in the form of either a piece of software on your laptop or an app on your mobile device.
Mobile device management (MDM) policies are used to enforce security measures on mobile devices such as cell phones and tablets. Many organizations require that their users access email or other business related apps on their phone, but this can present security risks to the organization. MDM policies can help offset some of the risk. An example of an MDM policy would be an organization requiring anyone accessing business email or business apps to have a lock screen on their phone with a PIN.
To prevent unauthorized devices from forwarding traffic, port security should be used. There are a number of different options when implementing port security. For example, you can define the maximum number of MAC addresses that can be used on the port.
MAC Address Filtering
MAC address filtering, or simply MAC filtering, is a method in which only devices with specific MAC addresses are able to send data on the network. If a device tries to connect to a network and it doesn’t have one of the agreed up on MAC addresses, it will not be permitted to join the network.
Digital certificates help users know when they are accessing a trusted website. Digital certificates are signed by a trusted certificate authority (CA). The CA can ensure that the public key you are getting from a website is actually from the web server and not an attacker.
Users should never be allowed to browse the internet without an antivirus/anti-malware program. While it’s important to note that antivirus and anti-malware programs are not able to prevent all malware, they do prevent a large number of attacks.
Firewalls should be used by organizations as a first layer of defense for their networks. Firewalls come in many different types including packet filtering firewalls, proxy firewalls, and stateful inspection firewalls. At the most basic level, firewalls allow for the creation of rules, known as access control lists, which specify the types of packets which are allowed and disallowed. Firewalls come as both hardware and software devices. They can be standalone or part of another network device such as a router or a switch.
User authentication is the cornerstone of any organization’s security. Physical security and firewalls won’t help you if a user’s password is Password123. Security policies should be created which enforce users to choose strong passwords. Many organizations now require users to choose passwords that are at least 12 characters and contain both symbols, numbers and multi-case letters.
Even the strongest passwords can be compromised. This is where multi-factor authentication comes in. Multi-factor authentication (commonly referred to simply as MFA) requires two or more different authentication types. Authentication types are typically broken down into categories such as something you know (password, PIN, security question), something you have (authenticator, token), and something you are (biometrics). Because MFA requires two or more different types of authentication, a user would not be able to use just a PIN and a password since they both fall into the category of something you know. Rather, the user would need a combination such as a password and a token.
Not all users within an organization should be given access to all data that the organization has stored. For example, a customer service representative will most likely not require the same level of access as the Chief Information Security Office (CISO). In order to restrict users from accessing data they should not see, directory permissions should be used. Directory permissions allow administrators to control what level of access a user should be given on a per directory level. Some of the permissions types include full control, modify, and read.
Virtual private networks (VPN) are extremely useful for organizations that allow users to work remotely and also multi-location organization. For organizations where employees work remotely, it can be set up so that a user is able to connect securely to the organization’s network via a client VPN. For organizations that have multiple locations, site-to-site VPN tunnels can be configured to expand the network across all of these locations.
Data loss prevention (DLP) is the practice of preventing unauthorized data from leaving an organization. Sensitive data can be leaked either intentionally or unintentionally. Regardless of the cause, the ramifications can be severe. DLP methods can’t prevent data loss entirely, but they are used to reduce the chances of data leakage wherever possible. .
Access Control Lists
Access control lists are used to specify which traffic should be allowed through a firewall and which traffic should be blocked. Using access control lists, traffic can be blocked or allowed based upon a number of items including source or destination port as well as source or destination IP address.
Smart cards are cards which are typically the size of your driver’s license or credit card. The embedded memory and chipset in these cards can store identification and authentication information. Smart cards can also be programmed to use as a cash card which is seen in many organizations where employees may use their employee badge to purchase lunch in an onsite cafeteria.
Spam is a common way to spread malware. Even when spam doesn’t contain malicious links and attachments, it still clutters up user inboxes, making them less productive. Organizations can reduce the amount of spam received by implementing an email filter. Email filters can review messages both inbound and outbound. In some cases, email filtering can also check outgoing emails for sensitive data therefore helping with DLP.
Trusted and Untrusted Software Sources
Because end users may not be as well-versed in what programs are legitimate and which are not, software installations should always be reviewed by an administrator. A user may believe they are downloading a trusted program, but it could turn out to be malware. By disallowing user installations and requiring administrator approval, this scenario is less likely to occur.
Principle of Least Privilege
Permissions should only be given to a user if they absolutely need them to complete their job. This idea is known as the principle of least privilege. The fewer users who have access to sensitive files, the less likelihood that something will happen to those files.