Page 1 902 Security Study Guide for the CompTIA® A+ exam
How to Prepare for the Security Questions on the CompTIA A+ 902 Test
This study guide may be used as an outline as you prepare for the questions about security on the CompTIA A+ 902 test. Please refer to your textbook and other current, reliable sources to supplement your review of this material.
Identify Security Threats
The security domain accounts for 22% of the material covered in the 902 section of the exam. Make sure you can identify the following security threats and vulnerabilities.
The following threats are all grouped together in a category referred to as Malware. Become familiar with the threats listed here.
Spyware: any software that enables unauthorized entities to obtain information about individual and corporate system activities, as well as Internet usage and browsing activities
Virus: a small piece of system code, unknown to the user, that is capable of copying and spreading (replicating) itself to other programs, boot sectors, and/or documents.
Worm: a standalone program that replicates and spreads itself to other computers, often using a network. Worms, unlike viruses, do not need to attach to existing software.
Trojan (Trojan Horse): a program that disguises itself as useful software that actually contains malicious software; commonly infiltrate systems when unsuspecting users download a game on the Internet
Rootkit: a collection of malicious software designed to provide unauthorized access to an otherwise secure system; used to disguise the presence of other malicious software and are often introduced to a system through unauthorized patches to the operating system
Ransomware: prevents users from accessing data on their system until they pay to have the virus removed; has encrypted partitions, in some cases, making the data totally unavailable until the user pays a fee
Phishing is an attempt to obtain information fraudulently, either by e-mail messages that appear to be legitimate, or a phone call to obtain sensitive information such as usernames, passwords, account numbers, and credit card numbers
Spear phishing is a scam sent as an e-mail, text message, or other electronic communication, appearing to be from a business, or known individual who seeks access to unauthorized data.
Spoofing is the act of faking the identity of another user on the Internet, or creating false e-mail headers, attempting to appear to be a known user. It is often used to disseminate spam by fooling users into opening e-mail messages.
Manipulating someone through human interaction to cause them to give up security information is referred to as social engineering. An example would be to call a hotline and attempt to convince them you have forgotten your password.
Attempting to acquire someone’s password by watching them log in to a secure system is an example of shoulder surfing.
If a hacker learns of a software vulnerability and is able to exploit it before the vendor becomes aware, this is one example of a zero-day attack. Another method is to acquire recent security patches released by the vendor and use that information to create software to exploit systems, knowing that many people fail to update patches regularly. This is one reason that the timely maintaining of patches is so important.
A botnet is a network of privately owned infected computers that are controlled by a hacker. These individual computers are referred to as zombies and, unknown to the owners, they can be used to perform malicious attacks.
A brute force attack is a method used to acquire user information such as passwords by unrelenting automated attempts to log in to a system.
This is an automated method used to break into password-protected devices using every word in a dictionary as a password.
For a system to be considered compliant, it must have all necessary updates, security patches, and antivirus definition files up to date. Any system lacking these requirements is considered a non-compliant system. A system that has been out of service for a number of months and is put into service, without the necessary security patches, is an example of a non-compliant system..
Best Practice Violations
Depending on company policies that outline security practices, systems with security issues are violating security best practices. Such violations include: not updating security patches, using a weak password, failure to utilize and/or update antivirus protection, and failure to use SSL or other website security.
Following an authorized user through a secure entrance is an example of tailgating.
This is the term for an attacker who secretly intercepts messages between two parties who believe they are communicating only between each other on a network. Message content can be modified by the attacker to obtain information from either user.
Be prepared to compare and contrast various methods used to secure data using the various methods listed below.
Physical security is one of the most important ways to provide security. Here are some of the more common security devices.
Doors: Doors to secure areas are the first line of defense and must remain locked at all times, using conventional key and lock, or a physical bolt in the door.
Mantrap: In addition to securing doors with locks, a mantrap offers greater security to a secure area. Mantraps are small rooms with two doors leading to a secure area. Only one can be opened at a time allowing only a single person access at any one time.
Cable locks: Cable locks are used to secure devices such as laptops. Laptops have a small reinforced attachment that facilitates locking the device to a secure object such as a desk. Cable locks are not foolproof and should not be the only means of securing devices.
Documents: Documents that are electronically stored should be encrypted with strong passwords to ensure data integrity. Printed documents that are no longer needed should be shredded to prevent theft.
Biometrics: Be familiar with the various biometric security methods such as iris scans, hand, and fingerprint scanners. Biometrics are typically used with other security devices to enhance security.
ID badges: In large environments, utilizing locked doors may not be an appropriate method to secure particular areas. Typically, security guards are used to verify ID badges to allow access to these areas.
Key fobs: Key fobs can also be used to grant keyless access to secure areas. Each individual fob has individual ID information.
RFID badge: Like key fobs, RFID badges can be used to allow keyless entry into secure areas.
Smart card: Used to access secure areas, a smart card can identify a user and allow access. It is similar to a credit card in shape and design.
Tokens: Token-based devices can control access to areas. These are made up of magnetic swipe cards or key fobs.
Privacy filters: A privacy filter, when fitted over a laptop screen, helps prevent anyone from viewing the screen unless it is directly in front of them.
Entry control roster: This is a simple list of individuals that are allowed access to a secure area and is usually managed by a security guard.
Digital security is essential if your system accesses resources from the Internet.
Antivirus/Anti-malware: One of the basic requirements of digital security is to ensure good antivirus prevention. Constant updating is required to keep up with new threats.
Firewalls: A personal firewall is host-based software that helps prevent unauthorized access to systems. Firewalls that are built into systems are referred to as stateful firewalls, in that they track conversation initiated from one system and allow a response from the other system.
User authentication: This is a digital technique that provides security by requiring the user to enter a password. When authenticated, users have access to whatever resources allowed. Users need to change passwords periodically and are required to use strong passwords that cannot be easily guessed.
Multi-factor authentication: Multi-factor authentication adds a third layer to the login/password process. This third layer might incorporate something like requesting your mother’s maiden name, your first grade teacher’s name, or possibly your cell phone number. In the latter case, it can send an authorization code you would be required to enter.
Directory permissions: Depending on your authorization, you may or may not have access to certain directories. Directory permissions are set up by the system administrator and can be granted to a single user or possibly a group of which you are a member.
VPN (virtual private network): A VPN allows users to establish secure connections between two devices across the Internet. VPNs can be set up using dedicated hardware or software concentrators at the main location and software that is typically included in the operating system for the client device.
DLP (data loss prevention): DLP is used when sensitive data is normally transmitted in an encrypted format to protect the data. However, if an individual, knowingly or unknowingly, attempts to send data that hasn’t been encrypted, DLP will notify you of this attempt.
Disabling ports: In nearly any office building, there are unused data ports available that would allow access to the corporate network. These unused ports need to be identified and disabled by the system administrator to prevent unauthorized access.
Access control lists: Network devices can be modified with ACLs to control permissions associated with the device. An example would be an access control list applied to a router to deny access to parts of a network based on protocols, or to deny Internet traffic through a router port.
Smart card: A smart card can be configured with a digital certificate so, when inserted into the card reader of a laptop, it would grant user access to the device.
E-mail filtering: To help prevent unsolicited e-mail (spam), e-mail filtering can be applied to a network at the mail server or utilizing a cloud-based service.
Software sources: Care must be taken when selecting software to be used. Generally, a trusted source is one that you have used and with which you are familiar. Use only software acquired from a trusted vendor. Untrusted software may have come from an unknown, untried source or may have been acquired from an unknown Internet source.
One of the best ways to prevent security issues is to have a written acceptable use policy (AUP) that outlines responsible use of systems and networks (including the Internet) and explain this to users. Teach users acceptable use policies, such as not opening suspicious e-mails and only opening files that come from a known source.
Principle of Least Privilege
The principle of least privilege focuses on creating user accounts that grant users only enough privileges to perform their jobs and no more access than that.