Home > Articles

Understanding the New A+ Security Objectives

📄 Contents

  1. Security Objectives on the Essentials (220-701) Exam
  2. Security Objectives on the 220-702 Exam
  3. Conclusion
  • Print
  • + Share This
One of the most significant changes in the new 2009 CompTIA A+ Certification exams is the addition of security objectives to the two 2009 A+ Certification exams (220-701 and 220-702). In this article, A+ Certification expert Mark Edward Soper provides you with a useful overview of the Security objectives in both exams. Mark is co-author of the new book CompTIA A+ 220-701 and 220-702 Cert Guide, which is his third book on A+ Certification.
From the author of

More than ever, the newest CompTIA A+ Certification exams reflect current concerns for computer users and managers. So, it's probably not surprising that one of the biggest changes from the previous 2006 exams to the new 2009 exams was the addition of Security objectives.

What are the objectives, and how can you best brush up your skills to do well on Security-oriented questions on the Essentials (220-701) and 220-702 exams? This article helps you with both questions.

Security Objectives on the Essentials (220-701) Exam

The CompTIA A+ Certification Essentials exam (also known as 220-701) is designed to test the knowledge of an entry-level IT professional with at least 500 hours of hands-on experience in lab or field work.

The Essentials exam tends to stress conceptual knowledge, and 8% of the examination deals with questions from Domain 5.0 (Security). So, what are the Security objectives that might be included in your exam?

Security 5.1—Basic Principles of Security Concepts and Technologies

For this subobjective, you should understand the following:

  • Encryption technologies
  • Data wiping/hard drive destruction/hard drive recycling
  • How to configure a software firewall, including topics such as port security and exceptions
  • The major features of authentication technologies such as user name and password, biometrics, and smart cards
  • The basics of data sensitivity and data security, such as compliance, classifications, and social engineering

What can you do to better understand these objectives? Try the following exercises on a computer you use specifically for testing.

  • If your version of Windows supports EFS (encrypted file system), encrypt a file and note how Windows displays encrypted files (Figure 1).

Figure 1 Windows lists files encrypted with EFS in green.

  • Take a no-longer-in service hard disk that still functions and contains information you do not need, install it as the only drive in a system, and use a data-wiping program to overwrite all files on the drive, such as Drive Scrubber, Active Kill Disk Hard Drive Eraser, or others. Use a data-wiping program that can be run from a bootable CD, or boot with your Windows XP or Vista CD or DVD and run the program from a command prompt after booting the system.
  • Experiment with the different settings in the Windows Firewall (Figure 2) after disabling any other software firewall program you might be using. See how different settings enable or prevent you from connecting to other computers on a network or running a particular program that uses the network or the Internet. To learn more about Windows Firewall for Windows XP SP2 and Vista, see Microsoft Knowledge Base article 843090 for details.

Figure 2 Using the Exceptions tab in Windows Firewall

Security 5.2—Methods for Protecting Your Hardware, Operating System, and Network

For this subobjective, you should understand the following:

  • How to configure wireless network encryption standards such as WEP, WPA, and WPA2.
  • How to configure a Windows XP or Windows Vista client to connect to a wireless network (SSID), including connections to a non-broadcasting network.
  • Types of malicious software (viruses, trojans, worms, spam, spyware, adware, and grayware).
  • Methods used to prevent infections from malicious software.
  • Methods used to remove malicious software.
  • Understanding how to secure a system at the BIOS level, such as drive lock, passwords, intrusion-detection settings, and trusted program module (TPM) use.
  • Understanding how to secure a system at a hardware level, such as workstation locks.
  • Understanding how to secure a system at the operating system level, such as password-protecting a screen saver.
  • Understanding how to secure a system using biometrics devices such as fingerprint scanners.

What can you do to better understand these objectives? Try the following exercises on a computer you use specifically for testing:

  • Set up a wireless network using WEP, WPA, and WPA2 encryption standards. If you use Windows XP SP2 or greater, use the Wireless Network Setup Wizard (Figure 3) to generate settings.
  • Figure 3 Setting up a wireless network with the Windows XP SP2 Wireless Network Setup Wizard

  • Set up your router to use a non-standard SSID and configure your workstations to connect to it using WEP, WPA, and WPA2 encryption standards. To learn more about wireless configuration in Windows Vista, see How Vista Makes Home Networking Better. To learn more about wireless configuration in Windows XP, see Windows XP Wireless Configuration.
  • Learn more about different types of malware by visiting malware information centers such as Microsoft Malware Protection Center; Trend Micro Threat Encyclopedia; Malware Information; and others (Figure 4).
  • Figure 4 Researching Conficker-C at Microsoft Malware Protection Center

  • Learn about removing malware by reading Malware Troubles? Get a Second Opinion.
  • Use the resources available in the previous exercises to scan your system for malware—and remove any malware discovered in the scan process.
  • Access your system BIOS setup program and look for options such as drive lock, startup, and setup passwords (Figure 5), intrusion detection, and TPM. If possible, check other systems to see how different systems and different BIOS versions list this information.
  • Figure 5 Preparing to set a supervisor password in the system BIOS setup program to prevent unauthorized access to the BIOS

  • If your system is not configured to require a password when you resume your system from sleep, enable the On Resume, Password Protect setting in the Screen Saver tab of Display properties (XP) or the Personalization menu's Screen Saver submenu (Vista).
  • If your system includes a fingerprint reader, check out the documentation and learn how to enable/disable it.
  • + Share This
  • 🔖 Save To Your Account