CompTIA A+

CompTIA A+ domain 7: Security — What you need to know for the exam

Howard Poston
June 22, 2022 by
Howard Poston

The CompTIA A+ certification is an entry-level certification for IT technicians. Intended to follow the CompTIA IT Fundamentals certification, it is also the second certification in CompTIA's Core certification route. Candidates can continue their learning journey by pursuing the Network+ and Security+ certifications after earning an A+ certificate.

Earn your A+ certification, guaranteed!

Earn your A+ certification, guaranteed!

Enroll in a CompTIA A+ Boot Camp and earn one of the most popular entry-level certifications — guaranteed.

While CompTIA offers a standalone Security+ certification that provides a deep dive into the topic, security is essential to the role of an entry-level IT technician. IT personnel commonly receive trouble tickets dealing with malware infections, phishing attacks and other security threats. Maintaining the productivity of the workforce and the security of the corporate IT environment requires knowledge and expertise in properly identifying, diagnosing, and remediating various security threats. The security domain of the CompTIA A+ certification tests knowledge of security concepts, how to remediate various cyber threats and security best practices.


Unlike most certifications, the CompTIA A+ certification requires applicants to sit two exams.  Only after completing the Core 1 and Core 2 exams will the candidate be awarded the A+ certification.

The CompTIA A+ Core 1 exam includes the following domains:

1. Mobile devices

2. Networking

3. Hardware

4. Virtualization and cloud computing

5. Hardware and network troubleshooting

Security is a concept covered by the CompTIA Core 2 exam, which includes these domains:

6. Operating systems

7. Security

8. Software troubleshooting

9. Operational procedures

Security knowledge and expertise are vital for an IT technician. This domain is the second-largest in the Core 2 exam (behind operating systems), accounting for 25% of the questions.

What's new in CompTIA A+ domain 7?

The security domain received additional focus in the updated version of the Core 2 exam, increasing from 24% to 25% of the questions. Its ten sub-domains also experienced some changes, including:

  • Consolidation of logical and physical security measure concepts into a single subdomain
  • Transition to scenario-based questions for Windows security settings
  • Move from scenario-based to explanation-focused questions for mobile and embedded device security
  • Addition of a subdomain discussing web browser installation and security

Security exam outline

The security domain in the updated version of the CompTIA A+ Core 2 exam includes ten sub-domains. The CompTIA A+ Certification Exam Core 2 Objectives offers a complete exam outline.  Some of the major topics covered by these ten subdomains include: 

2.1. Summarize various security measures and their purposes. This subdomain discusses physical and logical security concepts and methods of implementing them.

2.2. Compare and contrast wireless security protocols and authentication methods. This subdomain tests knowledge of the various wireless encryption protocols (WPA2, WPA3, TKIP and AES) and authentication mechanisms (RADIUS, TACACS+, Kerberos and MFA).

2.3. Given a scenario, detect, remove and prevent malware using the appropriate tools and methods. This subdomain explores the various types of malware (trojans, rootkits, etc.) and mechanisms for remediating malware infections.

2.4. Explain common social-engineering attacks, threats and vulnerabilities. This subdomain evaluates understanding of various social engineering techniques, types of attacks and common vulnerabilities.

2.5. Given a scenario, manage and configure basic security settings in the Microsoft Windows OS. This subdomain discusses the built-in security tools of the Windows OS, such as Defender, BitLocker, and Login OS.

2.6. Given a scenario, configure a workstation to meet best practices for security. This subdomain covers security best practices such as encryption, password security, account management and end-user best practices.

2.7. Explain common methods for securing mobile and embedded devices. This subdomain discusses mobile and embedded device security concepts, ranging from screen locks to firewalls to backups.

2.8. Given a scenario, use common data destruction and disposal methods. This subdomain explores data disposal methods, including physical destruction, recycling and repurposing and outsourcing disposal.

2.9. Given a scenario, configure appropriate security settings on small office/home office (SOHO) wireless and wired networks. This subdomain tests knowledge of SOHO network security, including home router settings, wireless-specific security practices and firewall settings.

2.10. Given a scenario, install and configure browsers and relevant security settings. This subdomain covers browser security concepts such as installation, extensions, password and connection security and common settings.

Earn your A+ certification, guaranteed!

Earn your A+ certification, guaranteed!

Enroll in a CompTIA A+ Boot Camp and earn one of the most popular entry-level certifications — guaranteed.

Preparing for CompTIA A+ Domain 7

The CompTIA A+ credential is designed to demonstrate that you have the knowledge and skills required for an entry-level role in the IT field. With the growing threat of cyberattacks, understanding security concepts and managing various threats is essential for this role.

To prepare for the CompTIA A+ Core 2 exam, you should extensively review all the topics covered under the security and other three Core 2 domains. For more information about the A+ exam in general and how best to prepare to sit for the Core 2 test, check out Infosec’s CompTIA A+ certification hub.


Howard Poston
Howard Poston

Howard Poston is a copywriter, author, and course developer with experience in cybersecurity and blockchain security, cryptography, and malware analysis. He has an MS in Cyber Operations, a decade of experience in cybersecurity, and over five years of experience as a freelance consultant providing training and content creation for cyber and blockchain security. He is also the creator of over a dozen cybersecurity courses, has authored two books, and has spoken at numerous cybersecurity conferences. He can be reached by email at or via his website at