Study Physical Security Controls for Network+ (N10-009)
Connect locks, cameras, badging, and facility controls to the network assets they are trying to protect.
Physical-security questions are still network-security questions. CompTIA uses them to check whether you can see that closets, racks, branch offices, badge readers, cameras, and visitor controls all protect the devices and links that logical controls depend on. If someone can walk up to the hardware, your perfect ACL may not matter much.
Mantrap: A controlled entry space that restricts tailgating and enforces identity checks at physical boundaries.
Tailgating: An unauthorized person following an authorized person through a controlled entry point.
CCTV: Closed-circuit television, camera coverage used for monitoring and evidence collection in defined spaces.
What CompTIA is really testing
The strongest answers usually depend on whether you can separate:
- access deterrence from access detection
- facility controls from logical network controls
- evidence collection from actual prevention
- public office space from restricted infrastructure space
Match the control to the exposure
| Physical control | Strongest use |
|---|---|
| locks and badge access | restrict who can reach infrastructure areas |
| mantrap or guarded entry | reduce tailgating at sensitive boundaries |
| CCTV | record activity and support investigation |
| cages, racks, and locked closets | protect networking gear from casual or direct tampering |
| motion, door, or environmental alarms | surface unauthorized activity or unsafe conditions quickly |
Physical security supports network security
flowchart LR
A["Facility entry"] --> B["Room or closet boundary"]
B --> C["Rack or cabinet protection"]
C --> D["Device and cable integrity"]
D --> E["Logical controls can still be trusted"]
What to notice:
- physical access sits underneath the logical security stack
- the closer an attacker gets to the hardware, the more other controls can be bypassed
- branch closets and remote cabinets matter just as much as core data-center rooms
Small scenario example
1Branch office network closet:
2- unlocked utility room
3- patch panel exposed
4- firewall and switch on open shelf
5- no camera or access logging
What to notice:
- this is a real security weakness even if the firewall rules are strong
- physical exposure can lead to cable swaps, console access, theft, or simple disruption
- the fix is not only “add another ACL”
Common traps
- answering a physical-exposure question with a logical control only
- assuming cameras prevent attacks by themselves
- forgetting that branch offices, wiring closets, and patch panels are real attack surfaces
- focusing on doors but ignoring racks, consoles, and removable media or cables
What strong answers usually do
- identify when the problem is physical access rather than logical policy
- choose the control that directly limits or records access to the exposed asset
- remember that evidence controls and prevention controls are not the same
- treat network infrastructure spaces as security boundaries, not just facilities space
Quiz
Continue with 4.3 Deception Technologies to keep the domain flow intact.