The New A+ 900 Series: What’s New (Part 5 of 5)

May 20, 2016 at 3:09 pm | Posted in Uncategorized | Leave a comment

Welcome back to my series of posts on the new A+ exam. Did you think I was NEVER going to finish this blog series? Me too! But I have been really snowed in working on some new products that I think will really please our customers. One of those is a practice test for (ISC)2’s SSCP exam. And there are a few more exciting security titles are coming soon! Watch our website for more information.

The old A+ 220-801 and 220-802 exams are still available, but they will retire on June 30, 2016 in the United States. CompTIA released a new version of the A+ certification by rolling out the 220-901 and 220-902 exams on December 15, 2015.

  • In my first post, I went over the timeline and what to expect from the exam changes as a whole.
  • In my second post, I went into detail regarding the first two objectives for 220-901, Hardware and Networking.
  • In my third post, I went into detail regarding the last two objectives for 220-901, Mobile Devices and Hardware & Network Troubleshooting.
  • In my fourth post, I covered the first two objectives for 220-902, Windows Operating Systems and Other Operating Systems and Technologies.

In this post, I will cover the rest of 220-902, a total of three objectives: Security, Software Troubleshooting, and Operational Procedures. I’ll give you the entire overview of each objective, list each subobjective, tell you where each topic fell in the old A+ 800-series (if applicable), and put all changes or additions in RED ITALICS.

I will not call out any deleted topics, although CompTIA has removed some topics. This is because I am not really sure if those topics were actually removed from the exam, or if they are just so insignificant that they aren’t called out in the objective listing, but are still floating around in some test questions. Remember that CompTIA’s objective listing contains a disclaimer that says,

“The lists of examples provided in bulleted format below each objective are not exhaustive lists. Other examples of technologies, processes or tasks pertaining to each objective may also be included on the exam although not listed or covered in this objectives document.”

For this reason, I didn’t want to focus on what was removed. My exam experience has shown that the bullet lists are not exhaustive. Spending time focusing on what was removed may give you a false sense of security by making you think you don’t need to study those topics. So I am just ignoring any topic removals.

First, a note about “Bloom’s Levels”

You’ll see me refer to topics changing their Bloom’s level. In the instructional design world, Bloom’s taxonomy is used to describe the depth or complexity of a learning outcome, just as the OSI model describes the level at which a network component operates. Level 1 is basic memorization (what is a router?), where level 6 is complete mastery of a concept (designing a network from scratch).

If I mention here that a Bloom’s level has changed, it generally means that CompTIA is asking for something more complex than memorization. While these changes shouldn’t scare you, there is a bit more “rubber meeting the road” to the higher Bloom’s levels. For example, instead of recognizing various LCD technologies from a list, you may be asked to evaluate which LCD is the best choice for a given scenario. Instead of answering a question about how CIDR notation behaves in the abstract, you may be asked to configure a subnet mask.

220-902 Objective 3: Security

A+ 220-802 covered Security in its own domain. It included prevention methods, security threats, securing a workstation, data destruction/disposal, and wired/wireless network security. The biggest change in this objective is the new topics that are covered (obviously because new security threats have emerged) and the inclusion of Windows OS security settings and securing mobile devices.

What’s changed? In A+ 220-902, Security now includes OS security settings. No big surprise: Windows is widely used, and securing it should be the top priority of anyone using it daily. This objective also includes mobile device security, which should also not be a surprise with the popularity of these devices increasing, particularly in enterprises.

3.1 Identify common security threats and vulnerabilities. – From Objective 3, subobjective 2 in the old 220-802. The wording changed to “Identity” from “Compare and contrast,” which affected the Bloom’s level by moving up to the application level.  New topics were added:

  • Malware – Revised to include spyware, viruses, worms, trojans, and rootkits under a single bullet with ransomware being a new entry.
  • Spear Phishing – added
  • Spoofing – added
  • Zero day attack – added
  • Zombie/botnet – added
  • Brute forcing – added
  • Dictionary attacks – added
  • Non-compliant systems – added
  • Violations of security best practices – added
  • Tailgating – added
  • Man-in-the-middle – added

3.2 Compare and contrast common prevention methods. – From Objective 3, subobjective 1 in 220-802. The wording changed to “Compare and contrast” from “Apply and use,” which affected the Bloom’s level  by moving down the comprehension level. These new topics were added:

  • Physical security 
    • Mantrap – changed from Tailgating in the 220-802 to more accurately reflect the actual preventive control
    • Cable locks – added to the Physical security section
    • ID badges – changed from Badges in the 220-802 to more accurately reflect the preventive control
    • Smart card – added to the Physical security section
    • Tokens – changed from RSA tokens in the 220-802 to more accurately reflect the preventive control
    • Entry control roster – added to the Physical security section
  • Digital security
    • Antivirus/Antimalware – added Antimalware to the Digital security section
    • Multifactor authentication – added to the Digital security section
    • VPN – added to the Digital security section
    • DLP – added Data loss prevention (DLP) to the Digital security section
    • Disabling ports – added to the Digital security section
    • Access control lists – added to the Digital security section
    • Smart card – added to the Digital security section
    • Email filtering – added to the Digital security section
    • Trusted/untrusted software sources – added to the Digital security section
  • User education/AUP – Acceptable Use Policy (AUP) added

3.3 Compare and contrast differences of basic Windows OS security settings. – This is a completely new subobjective in 220-902. The following topics are covered in this subobjective:

  • User and groups
  • Administrator
  • Power user
  • Guest
  • Standard user
  • NTFS vs. Share permissions
    • Allow vs. deny
    • Moving vs. copying folders and files
    • File attributes
  • Shared files and folders
    • Administrative shares vs. local shares
    • Permission propagation
    • Inheritance
  • System files and folders
  • User authentication
    • Single sign-on
  • Run as administrator vs. standard user
  • Bitlocker
  • Bitlocker-To-Go
  • EFS

3.4 Given a scenario, deploy and enforce security best practices to secure a workstation. – From Objective 2, subobjective 3 in 220-802. The Bloom’s level has increased. “Given a scenario, deploy and enforce” requires applying your knowledge, rather than the old wording of “Implement” (demonstrating knowledge without application). This subobjective has been divided into sections. These new topics were added:

  • Password best practices – section added
    • Password expiration – added to Password best practices section
    • Changing default user names/passwords – added passwords 
    • BIOS/UEFI passwords – add to Password best practices section
  • Account management – section added
    • Login time restrictions – added to Account management section
    • Failed attempts lockout – added to Account management section
    • Timeout/screen lock – added to Account management section
  • Data encryption – added
  • Patch/update management – added

3.5 Compare and contrast various methods for securing mobile devices. – This is a completely new subobjective in 220-902. The following topics are covered in this subobjective:

  • Screen locks
    • Fingerprint lock
    • Face lock
    • Swipe lock
    • Passcode lock
  • Remote wipes
  • Locator applications
  • Remote backup applications
  • Failed login attempts restrictions
  • Antivirus/Antimalware
  • Patching/OS updates
  • Biometric authentication
  • Full device encryption
  • Multifactor authentication
  • Authenticator applications
  • Trusted sources vs. untrusted sources
  • Firewalls
  • Policies and procedures
    • BYOD vs. corporate owned
    • Profile security requirements

3.6 Given a scenario, use appropriate data destruction and disposal methods. – From objective 2, subobjective 4 in 220-802. These new topics were added:

  • Physical destruction
    • Drill / Hammer – added Hammer to this point
    • Incineration – added to Physical destruction section
    • Certificate of destruction – added to Physical destruction section
  • Recycling or repurposing best practices – reworded and reorganized this section

3.7 Given a scenario, secure SOHO wireless and wired networks.. – From objective 2, subobjectives 5 and 5 in 220-802. These new topics were added:

  • Wireless specific
    • Changing default SSID – default was added to this point.
    • WPS – added to Wireless specific section
  • Firewall settings – added
  • Port forwarding/mapping – added
  • Content filtering / parental controls – added
  • Update firmware – added
220-902 Objective 4: Software Troubleshooting

This is a mixture of new topics and some subobjectives from objective 4 of 220-802. It includes troubleshooting operating systems issues, security issues, mobile OS and application issues, and mobile OS and application security issues.

What’s changed? In A+ 220-902, Security now includes OS security settings. No big surprise: Windows is widely used and securing it should be the top priority of anyone using it daily. It also includes mobile device security, which should also not be a surprise with the popularity of these devices increasing, particularly in enterprises.

4.1 Given a scenario, troubleshoot PC operating system problems with appropriate tools. – From objective 4, subobjective 6 in 220-802. It’s important to note that this subobjective now includes coverage for Mac OS and Linux, while it only covered Windows in the past. So each problem/tool should be understood from every OS that it affects. These new topics were added:

  • Common symptoms
    • Proprietary crash screens (BSOD/pin wheel) – added to address crashes that occur on other OSs besides Windows
    • Device fails to start/detected – added detected to address other OSs
    • Missing GRUB/LILO – added
    • Kernel panic – added
    • Multiple monitor misalignment/orientation – added
  • Tools
    • BIOS/UEFI – added
    • Logs – added
    • Uninstall/reinstall/repair – added

4.2 Given a scenario, troubleshoot common PC security issues with appropriate tools and best practices. – From Objective 4, subobjective 7 in 220-802. However, as with obj 4.1, keep in mind that you need to look at these issues and tools as they pertain to Mac OS and Linux, as well as to Windows. These new topics were added:

  • Common symptoms
    • Application crash – added
    • Hijacked email – This is not new, but the points within the topic are.
      • Responses from users regarding email – added to Hijacked email section
      • Automated replies from unknown sent email  – added to Hijacked email section
    • Invalid certificate (trusted root CA) – added
  • Tools
    • Terminal – added
    • System restore/Snapshot – added Snapshot to this topic
    • Refresh/restore – added
    • MSCONFIG/Safe boot – added

4.3 Given a scenario, troubleshoot common mobile OS and application issues with appropriate tools. – This is a completely new subobjective in 220-902. The following topics are covered in this subobjective:

  • Common symptoms
    • Dim display
    • Intermittent wireless
    • No wireless connectivity
    • No bluetooth connectivity
    • Cannot broadcast to external monitor
    • Touchscreen non-responsive
    • Apps not loading
    • Slow performance
    • Unable to decrypt email
    • Extremely short battery life
    • Overheating
    • Frozen system
    • No sound from speakers
    • Inaccurate touch screen response
    • System lockout
  •  Tools
    • Hard reset
    • Soft reset
    • Close running applications
    • Reset to factory default
    • Adjust configurations/settings
    • Uninstall/reinstall apps
    • Force stop

4.4 Given a scenario, troubleshoot common mobile OS and application security issues with appropriate tools. – This is a completely new objective. The following topics are covered in this subobjective:

  • Common symptoms
    • Signal drop/weak signal
    • Power drain
    • Slow data speeds
    • Unintended WiFi connection
    • Unintended Bluetooth pairing
    • Leaked personal files/data
    • Data transmission overlimit
    • Unauthorized account access
    • Unauthorized root access
    • Unauthorized location tracking
    • Unauthorized camera/microphone activation
    • High resource utilization
  • Tools
    • Antimalware
    • App scanner
    • Factory reset/Clean install
    • Uninstall/reinstall apps
    • WiFi analyzer
    • Force stop
    • Cell tower analyzer
    • Backup/restore
      • iTunes/iCloud/Apple Configurator
      • Google sync
      • One Drive
220-902 Objective 5: Operational Procedures

This is a mixture of topics from objective 5 of 220-801 and objective 4 of 220-802. It includes safety procedures, environmental controls, prohibited content and privacy, communication and professionalism, and the troubleshooting theory.

5.1 Given a scenario, use appropriate safety procedures. – From objective 5, subobjective 1 in 220-801. These new topics were added:

  • Proper component handling and storage – added as a section to help organize topics
    • Antistatic bags – added to Proper component handling and storage section
  • Toxic waste handling – added
    • Batteries – added to Toxic waste handling
    • Toner – added to Toxic waste handling
    • CRT – added to Toxic waste handling
  • Personal safety
    • Safety goggles – added
    • Air filter mask – added

5.2 Given a scenario with potential environmental impacts, apply the appropriate controls. – From Objective 5, subobjective 2 in 220-801. The Bloom’s level has increased. “Given a scenario” requires applying your knowledge, rather than the old wording of “Explain” (demonstrating knowledge without application). This new topic was added:

  • Protection from airborne particles
    • Air filters/Mask – added Mask to this topic

5.3 Summarize the process of addressing prohibited content/activity, and explain privacy, licensing, and policy concepts. – From Objective 5, subobjective 4 in 220-801. This is a wording change that does not change the Bloom’s level, but does add a few topics. These new topics were added:

  • Licensing / DRM / EULA – added
    • Open source vs. commercial license – added
    • Personal license vs. enterprise licenses – added
  • Personally Identifiable Information – added
  • Follow corporate end-user policies and security best practices – added

5.4 Demonstrate proper communication techniques and professionalism. – From Objective 5, subobjective 3 in 220-801. The wording changed to remove “Given a scenario,” which affected the Bloom’s level  by moving down to the comprehension level. These new topics were added:

  • Maintain a positive attitude / Project confidence – added Project confidence to this topic
  • Actively listen (taking notes) and avoid interrupting the customer – added Actively listen to this topic
  • Be culturally sensitive
    • Use appropriate professional titles, when applicable – added to Be culturally sensitive section
  • Avoid distractions
    • Texting / Social media sites – added to Avoid distractions section
  • Dealing with difficult customer or situation
    • Avoid dismissing customer problems – added to Dealing with difficult customer or situation section
    • Do not disclose experiences via social media outlets – added to Dealing with difficult customer or situation section

5.5 Given a scenario, explain the troubleshooting theory. – From Objective 4, subobjective 1 in 200-802. These are the new topics:

  • Always consider corporate policies, procedures and impacts before implementing changes. – added
  • 2. Establish a theory of probable cause (question the obvious) – substep was added to this step
    • If necessary, conduct external or internal research based on symptoms – added to the Establish a theory of probably cause step

As you can see, I am just covering the high points and not delving too deeply into these topics. My point here is to help those who already know the A+ understand exactly what new topics they need to study. CompTIA has started a series of Webinars called Deep Dive: A Look Inside the A+ 900 Series Objectives that cover these topics much more deeply than I do. You can access these Webinars  by joining the CompTIA Instructor Network at http://bit.ly/1Sxj3h9.

Remember, this post is the final entry in my series. Here are the previous posts:

To help you start your A+ 900-series study schedule off right, we have launched our 220-901 practice test and 220-902 practice test! They include performance-based questions and cover all the 220-901 and 220-902 topics.

cert-220-901  220-902

Finally, we have an all-in-one multipak that includes both exams, with a total of 666 practice exam questions and 1073 Transcender Flashcards. Also, watch soon for an update to both these practice tests to add new questions! We didn’t really need anything for topic coverage. But we felt like our small update will be an extra something to help our customers!

Thanks again for reading!

-Robin Abernathy

Leave a Comment »

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: