← CompTIA A+ Security Threats & Tools

CompTIA A+ Certification Study Guide

Key concepts, definitions, and exam tips organized by topic.

28 cards covered

CompTIA A+ Security Threats & Tools Study Guide


Overview

This study guide covers the essential security concepts tested on the CompTIA A+ exam, including malware classifications, common attack vectors, social engineering tactics, and defensive tools and best practices. Understanding how threats work — and how to counter them — is critical for any IT support professional. Mastery of these topics demonstrates your ability to identify, respond to, and prevent security incidents in real-world environments.


---


Malware Types


Summary

Malware (malicious software) refers to any program designed to damage, disrupt, or gain unauthorized access to systems. Each type has a distinct mechanism of action, and the exam frequently tests your ability to distinguish between them based on behavioral characteristics.


Key Malware Types


  • Virus — Attaches to a legitimate host file and activates when that file is executed; requires user action to spread
  • Worm — Self-replicates and spreads across networks without a host file or user interaction
  • Trojan Horse — Disguises itself as legitimate software; does not self-replicate; relies entirely on user deception to execute
  • Ransomware — Encrypts victim's files and demands payment for the decryption key; primary goal is financial extortion
  • Rootkit — Gains administrator/root-level access and hides its presence from the operating system; extremely difficult to detect and remove
  • Spyware — Secretly monitors user activity and harvests data (passwords, browsing habits); commonly bundled with free software
  • Keylogger — Records every keystroke to capture sensitive data like passwords, credit card numbers, and messages; can be software or hardware-based
  • Botnet — A network of infected machines ("bots") controlled remotely by an attacker; used for DDoS attacks, spam campaigns, and malware distribution
  • Cryptojacking (Cryptomining Malware) — Hijacks system CPU/GPU resources to mine cryptocurrency for the attacker without the victim's knowledge

    • Key Terms

    | Term | Definition |

    |---|---|

    | Payload | The malicious action a piece of malware carries out |

    | Bot/Zombie | An individual infected machine within a botnet |

    | Command & Control (C2) | The server used by an attacker to communicate with and control bots |

    | Propagation | The method by which malware spreads |


    Watch Out For

    > ⚠️ Virus vs. Worm vs. Trojan is a classic exam trap. Remember: Viruses need a host file, Worms need nothing (they spread alone), and Trojans need you to run them willingly.


    > ⚠️ Rootkits don't always destroy data — their danger is stealth. They are designed to persist undetected, often surviving reboots.


    > ⚠️ Keyloggers can be hardware devices (plugged between a keyboard and computer) — this is a physical security concern, not just a software one.


    ---


    Attack Types


    Summary

    Attack types describe the methods adversaries use to compromise systems, steal data, or disrupt services. The CompTIA A+ exam expects you to recognize what each attack looks like and understand why it works.


    Network-Based Attacks


  • Denial of Service (DoS) — Floods a target system with traffic or requests, rendering it unavailable to legitimate users
  • Distributed DoS (DDoS) — Same goal as DoS, but uses multiple systems (often a botnet) to amplify the attack; much harder to block
  • Man-in-the-Middle (MitM) — Attacker secretly positions themselves between two communicating parties to intercept, read, or alter communications
  • SQL Injection — Malicious SQL code inserted into an input field (like a login form) to manipulate a backend database; can expose, modify, or delete data

    • Credential & Password Attacks


  • Brute Force Attack — Systematically tries every possible character combination until the correct password is found; slow but thorough
  • Dictionary Attack — A more efficient form of brute force that tries common words and known passwords from a predefined list
  • Zero-Day Attack — Exploits a previously unknown vulnerability for which no vendor patch yet exists; especially dangerous because there is no immediate defense

    • Phishing-Based Attacks


  • Phishing — Deceptive emails or fake websites designed to trick users into surrendering credentials or financial data
  • Spear PhishingTargeted phishing aimed at a specific individual or organization, using personalized details to appear highly credible

    • Key Terms

    | Term | Definition |

    |---|---|

    | Vulnerability | A weakness in software, hardware, or processes |

    | Exploit | Code or technique that takes advantage of a vulnerability |

    | Zero-Day | A vulnerability unknown to the vendor at the time of exploitation |

    | Injection Attack | Inserting malicious input into a system to manipulate its behavior |


    Watch Out For

    > ⚠️ DoS vs. DDoS: The key difference is scale and source. DoS = one attacker, one source. DDoS = many sources (botnet), much harder to mitigate.


    > ⚠️ Brute Force vs. Dictionary Attack: Brute force tries everything; dictionary attacks are smarter and faster because they use likely candidates first.


    > ⚠️ Zero-day attacks are dangerous precisely because no patch exists yet. This is why layered security (not just patching) is essential.


    > ⚠️ SQL Injection is not just a developer problem — IT support professionals need to recognize it as a major data breach vector.


    ---


    Social Engineering


    Summary

    Social engineering attacks target the human element of security rather than technical vulnerabilities. These attacks manipulate psychology — trust, fear, urgency, or authority — to bypass security controls. No amount of technical security can fully protect against a well-executed social engineering attack without user education.


    Social Engineering Techniques


  • Phishing — Mass deceptive emails impersonating trusted entities to steal credentials or install malware
  • Spear Phishing — Targeted, personalized phishing against a specific individual or organization
  • Vishing (Voice Phishing) — Social engineering conducted via phone calls or voice messages; attacker often impersonates IT support, banks, or government agencies
  • Pretexting — Attacker fabricates a believable scenario (pretext) — e.g., "I'm from IT and need your password to fix your account" — to manipulate the victim
  • Tailgating / Piggybacking — Unauthorized person physically follows an authorized person through a secured access point without using their own credentials
  • Shoulder Surfing — Attacker physically observes a victim to capture sensitive information like PINs, passwords, or screen content
  • Dumpster Diving — Searching through discarded materials (physical trash) for sensitive information like printed documents, old hard drives, or handwritten passwords

    • Key Terms

    | Term | Definition |

    |---|---|

    | Social Engineering | Psychological manipulation of people into performing actions or divulging information |

    | Pretext | A fabricated scenario used to justify a request for information |

    | Vishing | Voice-based phishing attack |

    | Tailgating | Unauthorized physical entry by following an authorized person |


    Watch Out For

    > ⚠️ Phishing vs. Vishing vs. Spear Phishing: Know the medium — Phishing = email, Vishing = voice/phone, Spear Phishing = targeted email. All are social engineering.


    > ⚠️ Tailgating is a physical security threat, not a digital one. Common exam scenarios describe someone holding the door open — this is tailgating, not a network attack.


    > ⚠️ Dumpster diving is surprisingly effective in real life — it's why shredding documents and properly disposing of hardware matters.


    > ⚠️ Pretexting often precedes other attacks — attackers may pretext to gather information used later in spear phishing.


    ---


    Security Tools & Best Practices


    Summary

    Defensive security relies on a combination of tools, policies, and practices working in layers — a concept known as defense in depth. No single tool or practice is sufficient on its own. The A+ exam tests your knowledge of what each tool does and why each practice matters.


    Security Tools


  • Antivirus / Anti-Malware Software

    • - Detects and removes malicious software

    - Signature-based detection: Matches files against a database of known malware signatures

    - Heuristic/Behavioral detection: Identifies suspicious behavior patterns, even for unknown threats

  • Firewall

    • - Software Firewall: Runs on a single host; protects only that device; typically controls application-level traffic

    - Hardware Firewall: A dedicated physical appliance protecting an entire network; filters traffic at the network perimeter


  • SIEM (Security Information and Event Management)

    • - Aggregates and analyzes log data from multiple sources in real time

    - Detects security threats, generates alerts, and supports incident response and forensics

    - Think of it as a central security dashboard for an entire organization


    Security Best Practices


  • Multi-Factor Authentication (MFA)

    • - Requires two or more independent verification factors

    - Three factor categories:

    1. Something you know — password, PIN

    2. Something you have — token, smartphone, smart card

    3. Something you are — fingerprint, retina scan (biometric)


  • Principle of Least Privilege (PoLP)

    • - Users and processes receive only the minimum permissions necessary to do their job

    - Limits the blast radius of a compromised account or insider threat


  • Patch Management

    • - Regular application of software updates and security patches

    - Mitigates exploitation of known vulnerabilities; directly counters zero-day risks once patches are released


  • End-to-End Encryption

    • - Data is encrypted on the sender's device and can only be decrypted by the intended recipient

    - Prevents interception by third parties — including ISPs and service providers


    Key Terms

    | Term | Definition |

    |---|---|

    | Signature-based Detection | Identifying malware by matching it to a known pattern database |

    | Heuristic Detection | Identifying malware by analyzing behavior rather than known signatures |

    | MFA | Authentication requiring two or more independent verification factors |

    | Least Privilege | Granting only the minimum access rights necessary |

    | SIEM | Centralized system for collecting, analyzing, and responding to security events |

    | Patch Management | Systematic process of deploying software updates to fix vulnerabilities |

    | End-to-End Encryption | Encryption scheme where only communicating endpoints can read the messages |


    Watch Out For

    > ⚠️ Software vs. Hardware Firewall: A software firewall protects one machine. A hardware firewall protects the entire network. Enterprises use both.


    > ⚠️ Signature-based detection cannot catch new/unknown malware — this is exactly why heuristic/behavioral detection is also needed.


    > ⚠️ MFA factor categories matter: A PIN and a password are both "something you know" — using both is not true MFA. True MFA requires factors from different categories.


    > ⚠️ Patch management doesn't protect against zero-day attacks at the time of the attack, only after a vendor releases a patch. This is why other security layers are necessary.


    > ⚠️ SIEM does not prevent attacks — it detects and alerts. It is a monitoring and response tool, not a blocking tool.


    ---


    Quick Review Checklist


    Use this checklist to confirm your readiness before the exam:


    Malware Types

  • • [ ] Can you distinguish a virus (needs host file) from a worm (self-propagating) from a Trojan (user-executed, no replication)?
  • • [ ] Can you explain how ransomware works and what its end goal is?
  • • [ ] Do you understand why rootkits are especially dangerous (stealth + elevated access)?
  • • [ ] Can you describe keyloggers, including that they can be hardware devices?
  • • [ ] Can you explain how a botnet is built and used (DDoS, spam, malware distribution)?
  • • [ ] Can you define cryptojacking and identify which resource it exploits (CPU/GPU)?

    • Attack Types

  • • [ ] Can you compare DoS and DDoS and explain why DDoS is harder to stop?
  • • [ ] Can you describe a MitM attack and its goal?
  • • [ ] Can you explain SQL injection and why it's a serious database threat?
  • • [ ] Can you differentiate brute force from dictionary attacks?
  • • [ ] Can you explain what makes a zero-day attack uniquely dangerous?

    • Social Engineering

  • • [ ] Can you distinguish phishing (email) from vishing (voice) from spear phishing (targeted)?
  • • [ ] Can you define pretexting and give an example scenario?
  • • [ ] Can you identify tailgating as a physical security threat?
  • • [ ] Can you explain shoulder surfing and dumpster diving as information-gathering techniques?

    • Security Tools & Best Practices

  • • [ ] Can you explain both signature-based and heuristic antivirus detection and their limitations?
  • • [ ] Can you differentiate software firewalls (host-level) from hardware firewalls (network-level)?
  • • [ ] Do you know all three MFA factor categories and can you identify which category a given factor belongs to?
  • • [ ] Can you explain the principle of least privilege and why it limits damage?
  • • [ ] Can you describe what a SIEM does and clarify that it monitors/alerts rather than prevents?
  • • [ ] Can you explain why patch management is critical and what risk it directly addresses?
  • • [ ] Can you describe end-to-end encryption and who it protects against?

    • ---


    Focus your review on the "Watch Out For" sections — these represent the most commonly tested distinctions on the CompTIA A+ exam. Good luck!

    📝

    Take a Practice Test

    Test yourself with multiple choice questions
    📇

    Study with Flashcards

    Flip through all 28 cards

    Want more study tools?

    Subscribe for $7.99/mo and turn your own notes into personalized flashcards and study guides.

    View Pricing