[email protected]
0
[email protected]

Shopping cart

Subtotal:

$0.00
View cartCheckout

220-1102 Security

Security

Detailed list of 220-1102 knowledge points

Security Detailed Explanation

2.1 Network Security

Firewalls

  • What is a Firewall?

    • A firewall acts as a barrier between your device or network and external threats. It monitors and controls incoming and outgoing network traffic based on predefined security rules.

  • Types of Firewalls:

    1. Hardware Firewalls:
      • Standalone devices designed to protect an entire network.
      • Found in routers or dedicated firewall appliances.
      • Example: Firewalls built into enterprise-grade routers.
    2. Software Firewalls:
      • Installed on individual devices, such as laptops or desktops.
      • Example: Windows Defender Firewall.

  • Configuring Rules:

    • Inbound Rules: Determine what types of traffic are allowed to enter your device or network.
    • Outbound Rules: Control what traffic is allowed to leave your device or network.
    • Example: Allow only specific applications, like browsers, to access the internet.

Wireless Security

  • Encryption Protocols:

    • WPA2 (Wi-Fi Protected Access 2): Secure and widely used encryption standard for wireless networks.
    • WPA3: An updated version of WPA2 with stronger encryption and better protection against brute-force attacks.

  • Security Measures:

    • Hiding SSID: Prevents your network name from being broadcasted. Though not foolproof, it adds an extra layer of security.
    • MAC Address Filtering: Allows only specific devices with pre-approved MAC addresses to connect to your network.

Virtual Private Network (VPN)

  • What is a VPN?

    • A VPN creates a secure and encrypted connection between your device and a remote server, protecting your data from being intercepted.

  • Types of VPN Protocols:

    1. PPTP (Point-to-Point Tunneling Protocol): An older protocol with basic encryption, not very secure.
    2. L2TP/IPsec (Layer 2 Tunneling Protocol with IP Security): Provides strong encryption and is widely used.
    3. OpenVPN: A popular open-source protocol offering robust security and flexibility.

2.2 Authentication and Access Control

User Management

  • Local Accounts:

    • Created and managed on individual devices.
    • Example: A standard Windows user account on a home computer.

  • Domain Accounts:

    • Managed by a centralized server, often used in corporate environments.
    • Allows users to log into any device within the domain using the same credentials.

  • Multi-Factor Authentication (MFA):

    • Adds an extra layer of security by requiring two or more forms of verification:
      1. Something you know (password).
      2. Something you have (phone or security token).
      3. Something you are (fingerprint or facial recognition).

Access Permissions

  • File and Folder Permissions:

    • Control who can read, write, or execute files and directories.
    • Example:
      • Read: View the file but not modify it.
      • Write: Modify or delete the file.
      • Execute: Run a program or script.

  • Group Permissions:

    • Manage access for multiple users by assigning permissions to a group instead of individual accounts.
    • Example: An “HR” group might have access to payroll files.

  • User Account Control (UAC):

    • A Windows feature that prevents unauthorized changes by prompting for administrator permission when needed.

2.3 Data Security

Encryption Techniques

  • Disk Encryption:

    • Protects data stored on a device by encrypting the entire drive.
    • Examples:
      • BitLocker: Built into Windows, used for full-disk encryption.
      • Veracrypt: A free, open-source encryption tool.

  • Data Encryption During Transmission:

    • Protects data sent over the internet.
    • Examples:
      • TLS (Transport Layer Security): Encrypts data between web browsers and servers.
      • SSL (Secure Sockets Layer): An older protocol replaced by TLS.

Data Backup

  • Types of Backups:

    1. Full Backup: Copies all data. Requires more time and storage but simplifies recovery.
    2. Differential Backup: Copies only the data changed since the last full backup. Faster than a full backup.
    3. Incremental Backup: Copies only the data changed since the last backup of any type. Requires less storage but longer recovery time.

  • Backup Tools:

    • Windows Backup: Built-in tool for scheduling backups.
    • Third-Party Tools: Software like Acronis or Backblaze for more advanced backup options.

2.4 Security Threats

Malware Types

  1. Viruses:
    • Attach to files and spread when the file is executed.
    • Often cause damage or slow down systems.
  2. Worms:
    • Self-replicating and spread without user intervention.
  3. Spyware:
    • Secretly collects user information.
  4. Adware:
    • Displays unwanted advertisements and may slow down systems.
  5. Ransomware:
    • Locks access to files and demands payment for unlocking them.

Social Engineering Attacks

  • Phishing:
    • Attackers pose as legitimate entities to trick users into sharing sensitive information, like passwords or credit card numbers.
  • Impersonation:
    • Pretending to be someone trustworthy (e.g., IT support) to gain access to resources.

Network Attacks

  • DDoS (Distributed Denial of Service):
    • Overwhelms a server with excessive traffic, making it unavailable to legitimate users.
  • Zero-Day Vulnerabilities:
    • Exploiting unknown security flaws in software before they can be patched.

2.5 Best Practices for Security

  1. Regular Patch Updates:

    • Keep operating systems, applications, and firmware up-to-date to fix vulnerabilities.

  2. Installing and Using Antivirus Software:

    • Protects against malware by scanning and removing threats.

  3. Configuring Account Lockout Policies:

    • Locks a user account after a set number of failed login attempts to prevent brute-force attacks.

Final Thoughts

This section focuses on securing systems and data. As a beginner, start by learning to configure a firewall, set up a VPN, and understand how permissions work. Regularly practice identifying and responding to threats in a safe, controlled environment to build confidence and expertise.

Security (Additional Content)

1. Network Security: Port Control and Default Deny Principle

Port-Based Filtering

  • Network firewalls and host-based firewalls can allow or block traffic based on port numbers.

  • Example:

    • Allow TCP 80 (HTTP) and TCP 443 (HTTPS) for web browsing.

    • Block all other unnecessary ports like TCP 21 (FTP) or UDP 137–139 (NetBIOS) to reduce risk.

Default Deny Policy

  • This security model blocks all traffic by default, and only allows explicitly permitted connections.

  • Often described as "deny all unless permitted".

  • Used in high-security environments (e.g., financial systems, healthcare).

  • Must be carefully managed to avoid accidentally blocking legitimate services.

Exam Tip: Know that most firewalls can work on an "allow list" model and that a "default deny" strategy is considered more secure than "default allow".

2. Authentication and Access Control

Permission Inheritance

  • In systems like Windows NTFS, child objects inherit permissions from parent folders.

  • Inherited permissions flow automatically unless explicitly overridden.

Common Use Case:

  • Admins may disable inheritance for a sensitive subfolder to apply custom access rules.

Note: Overriding inherited permissions can introduce complexity, so documentation is important.

Windows Account Types Overview

  • Administrator Account:

    • Full system control.

    • Can install/remove software, manage user accounts, and modify system settings.

  • Standard User:

    • Can run applications and modify their own settings.

    • Requires admin credentials to install software or make system changes.

  • Guest Account:

    • Very limited access.

    • Typically used for temporary logins.

    • Disabled by default in most recent Windows versions due to security concerns.

3. Data Security: Offsite and Cloud Backups

Offsite Backup

  • Refers to storing data in a physically separate location to protect against local disasters.

  • Often used in combination with on-site backups.

Cloud Backup

  • Uses online services to back up files automatically.

  • Provides:

    • Redundancy

    • Version control

    • Remote access

  • Examples: Google Drive, OneDrive, iCloud, Dropbox, Backblaze.

Security Consideration:

  • Cloud backups should be encrypted both in transit and at rest.

  • Multi-factor authentication (MFA) should be used for account access.

4. Security Threats: Additional Threat Types

Rootkits

  • A type of stealth malware that hides its existence while granting privileged access.

  • Difficult to detect with standard antivirus software because it loads before the OS or masks its processes.

Detection/Removal:

  • Specialized rootkit scanners or full system reinstall may be required.

Keyloggers

  • Software or hardware that records keystrokes to capture login credentials, financial information, or other sensitive data.

  • Often delivered via phishing emails, drive-by downloads, or trojanized apps.

Detection:

  • Anti-malware tools, behavior analysis, or endpoint monitoring software.

Email Spoofing

  • Involves forging the sender address of an email to make it appear as if it came from a trusted source.

  • Common in phishing and social engineering attacks.

Indicators of Spoofing:

  • Unusual sender address or domain

  • Mismatched headers (e.g., “From” and “Reply-To” don’t match)

  • Suspicious grammar or urgency

Preventive Tools:

  • SPF, DKIM, and DMARC records for domain validation

  • Email filtering and anti-spam software

5. Best Practices for Security

Principle of Least Privilege

  • Definition: Users and applications should have only the minimum access rights required to perform their tasks.

  • Helps reduce the attack surface and limit damage from compromised accounts.

Examples:

  • HR staff should not have admin rights on their PCs.

  • A software app should not run with root/administrator access unless necessary.

Disabling Unnecessary Services and Ports

  • Unused network features and services should be disabled or removed to reduce vulnerabilities.

  • Examples:

    • Disable SMBv1, which is outdated and vulnerable.

    • Turn off file and printer sharing if not needed.

    • Close open ports using firewall rules or service settings.

Regular audits and vulnerability scans help identify unneeded services and ensure proper configuration.

Frequently Asked Questions

Which wireless security protocol is considered the most secure for modern Wi-Fi networks?

Answer:

WPA3.

Explanation:

WPA3 is the newest Wi-Fi security protocol and improves upon WPA2 with stronger authentication and encryption mechanisms. One of the major improvements is Simultaneous Authentication of Equals (SAE), which replaces the WPA2 Pre-Shared Key authentication method. SAE helps prevent offline dictionary attacks that attempt to guess Wi-Fi passwords from captured traffic.

Another improvement is forward secrecy, which ensures that previously captured wireless traffic cannot be decrypted even if the network password becomes known later. WPA3 also strengthens encryption for open networks using Opportunistic Wireless Encryption (OWE).

When configuring wireless networks, technicians should prioritize WPA3 when both access points and client devices support it. If compatibility issues exist, WPA2 may still be used but is gradually being phased out as WPA3 adoption increases.

Demand Score: 81

Exam Relevance Score: 88

What type of malware disguises itself as legitimate software to trick users into installing it?

Answer:

Trojan.

Explanation:

A Trojan is malware that appears to be legitimate software but contains hidden malicious code. It relies on social engineering rather than automatic spreading to infect systems. Users may install a Trojan believing it is a useful program, such as a free utility or software update.

Once installed, the Trojan may create a backdoor, allowing attackers remote access to the system. It may also download additional malware, steal credentials, or monitor user activity.

Unlike viruses and worms, Trojans typically do not replicate themselves automatically. The infection usually occurs because the user intentionally runs the malicious program. For technicians troubleshooting compromised systems, examining recently installed programs and unexpected system behavior is an important step in identifying Trojan infections.

Demand Score: 74

Exam Relevance Score: 84

Which Windows feature allows administrators to encrypt files so that only authorized users can access them?

Answer:

Encrypting File System (EFS).

Explanation:

Encrypting File System (EFS) is a Windows feature that allows users to encrypt individual files and folders on NTFS volumes. Once encrypted, the files can only be accessed by the user account that performed the encryption or by authorized recovery agents.

EFS uses public-key encryption tied to the user's certificate. Even if another user logs into the same computer or accesses the disk from another operating system, they cannot read the encrypted files without the correct key.

A common mistake is confusing EFS with BitLocker. BitLocker encrypts the entire drive, protecting data if the device is stolen, while EFS protects specific files within the operating system environment.

Demand Score: 70

Exam Relevance Score: 86

Which authentication factor category does a fingerprint scanner belong to?

Answer:

Something you are.

Explanation:

Authentication factors are commonly grouped into three categories: something you know, something you have, and something you are. A fingerprint scanner is a biometric authentication method and therefore belongs to the “something you are” category.

Biometric authentication verifies physical characteristics unique to an individual, such as fingerprints, facial recognition, or iris scans. These factors are difficult to replicate and are often used in multi-factor authentication systems to increase security.

Combining biometrics with other factors, such as a password or security token, significantly strengthens authentication security. In enterprise environments, biometric authentication is commonly used for device login or secure facility access.

Demand Score: 72

Exam Relevance Score: 85

Which type of attack attempts to guess a password by systematically trying many combinations?

Answer:

Brute-force attack.

Explanation:

A brute-force attack is a method used by attackers to gain unauthorized access by systematically trying many password combinations until the correct one is found. Automated tools can attempt thousands or millions of guesses rapidly.

Weak passwords, short passwords, and common dictionary words make brute-force attacks significantly easier. Attackers often combine brute-force techniques with password dictionaries to accelerate the guessing process.

Security controls such as account lockout policies, multi-factor authentication, and strong password complexity requirements help reduce the effectiveness of brute-force attacks. Monitoring authentication logs for repeated failed login attempts is also an important defensive practice.

Demand Score: 76

Exam Relevance Score: 87

 220-1102 Study Plan 220-1102 Study Methods And Exam Tips 220-1102 Training Details
220-1102 Training Course
$68$29.99
Related Products
220-1102 Training Course