SecurityNetwork+

Physical Security for CompTIA Network+ N10-009

Physical security protects network infrastructure from physical access, theft, and tampering. CompTIA Network+ N10-009 includes physical security as part of the Network Security domain because digital controls are worthless if an attacker has physical access to devices. Physical access to a network device often means complete compromise — configuration can be accessed via console regardless of authentication settings.

7 min

2 sections · 7 exam key points

1 practice questions

Physical Access Controls

Access control systems: badge/keycard access controls who can enter secure areas (data centers, network closets, server rooms). Smart cards store credentials; proximity cards use RFID. Multi-factor physical access combines badge with PIN or biometric. Access logs record who entered and when — important for forensics and compliance.

Biometric authentication: fingerprint scanners, retina/iris scanners, facial recognition. High assurance — hard to forge. False positive rate (FAR) and false negative rate (FRR) are key metrics. FRR (reject legitimate users) vs FAR (accept unauthorized users) trade off against each other — adjust sensitivity based on security requirements.

Mantrap (airlock): a small room with two interlocking doors. The first door must close and verify the person before the second door opens — prevents tailgating (multiple people entering on one badge). Used at high-security facility entrances. Turnstiles and security guards also prevent tailgating.

Data Center and Network Room Security

Rack security: lockable rack cabinets prevent unauthorized access to equipment. Cage locks for server cages in colocation facilities. Cable locks prevent laptops and small equipment from being physically removed. Secure cable management hides and protects connections.

CCTV (closed-circuit television) / surveillance cameras: monitor physical access, record events for forensics. Camera placement: entrances, server room access points, parking areas, equipment storage. Cameras combined with motion detection enable automated alerting.

Asset tracking: all equipment should be tagged (barcode, RFID, or QR code) and inventoried. Moving or removing equipment should trigger an alert or require authorization. Prevents equipment theft — a stolen switch can be used for network attacks or to extract stored credentials.

Environmental controls: fire suppression (FM-200 clean agent — safe for electronics; not water halon for large systems), HVAC (temperature and humidity control), UPS (Uninterruptible Power Supply) and PDU (Power Distribution Unit), raised floor for cable management and airflow, hot aisle/cold aisle containment for data centers.

Key exam facts — Network+

Physical access = complete device compromise regardless of digital controls
Mantrap: two-door airlock prevents tailgating
Tailgating: following authorized person through a secured door without own authentication
Badge + PIN or biometric = MFA for physical access
CCTV: monitors access, provides forensic evidence
FM-200: clean agent fire suppression safe for electronics
UPS: provides battery backup during power outages; protects equipment from power fluctuations

Common exam traps

Strong passwords make physical security less important

Console access bypasses most logical authentication — an attacker with physical access can boot a device into recovery mode and reset credentials. Physical security is the foundation; digital controls are the next layer

Practice questions — Physical Security

These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.

Q1.An attacker enters a secure facility by following closely behind an authorized employee through the access-controlled door. What is this attack called?

A.Shoulder surfing

B.Tailgating (piggybacking)

C.Badge cloning

D.Social engineering

Explanation: Tailgating (also called piggybacking) is following an authorized person through a secured door without presenting your own credentials. Prevention: mantraps (airlock doors that allow only one person at a time), security guards, staff training to not hold doors for strangers, turnstiles. Social engineering is the broader category — tailgating is a specific physical social engineering technique.

Frequently asked questions — Physical Security

What is the difference between a UPS and a generator?

UPS (Uninterruptible Power Supply): provides immediate battery power during a power outage, keeping equipment running for minutes to hours depending on load and battery size. Protects against brief outages and provides clean power (filtering surges). Generator: provides long-term power from fuel, but takes 10–30 seconds to start. Data centers use UPS to bridge the gap until the generator comes online, then generators for extended outages.

Practice this topic

Network+practice questions

Test yourself on Physical Security

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice test Start 7-Day Free Trial

No credit card · Cancel anytime