Hands-On Home Labs for CompTIA: VirtualBox, Packet Tracer, and Cybersecurity Practice You Can Do This Week

Memorizing ports and acronyms is not what gets you hired. Being able to do the task (build a small network, harden a host, read logs, troubleshoot DNS) is what interviewers probe for and what CompTIA exams reward with scenario-style questions.

This post gives you a home lab blueprint you can set up in one evening, plus lab drills that map cleanly to A+, Network+, and Security+ study goals.

What you actually need (and what you can skip)

You do not need a rack, expensive switches, or a “cyber range” subscription. You need:

• One computer (laptop or desktop)

• Recommended: 16 GB RAM minimum, 50+ GB free disk

• Works with 8 GB RAM too, you will just run fewer VMs at once

• VirtualBox (free) for running VMs

• One network simulator

• Packet Tracer (fast, beginner-friendly)

• GNS3 (more realistic, more setup effort)

• Optional but helpful:

• A cheap second NIC (USB Ethernet) if you want more advanced routing setups

• A spare laptop as a “victim” host (not required)

VirtualBox vs GNS3 vs Packet Tracer (pick based on your goal)

If you are early in your journey: VirtualBox + Packet Tracer is the highest ROI combo.

A simple, safe lab architecture (that will not wreck your home network)

You want a lab that is:

• Isolated (you do not accidentally expose a vulnerable VM to the internet)

• Repeatable (you can reset and re-run drills)

• Inspectable (you can capture traffic and read logs)

Recommended VirtualBox network setup

Use two VirtualBox network types:

1. NAT (for downloading updates/tools)

2. Host-Only Adapter (for lab traffic between your VMs and your host PC)

Practical rule: - Do “attack/defense” practice on Host-Only. - Use NAT only when you need internet access, then turn it off.

The 3-VM starter lab (works for A+, Network+, and Security+)

Build these three VMs first:

1. Windows client VM (Windows 10/11)

2. Purpose: local users/groups, firewall rules, event logs, RDP settings, malware triage practice

3. Linux VM (Ubuntu or Debian)

4. Purpose: networking tools, SSH, logs, file permissions, basic server services

5. Security toolbox VM (Kali Linux or a lightweight Linux + tools)

6. Purpose: scanning in your own lab, packet capture, troubleshooting

Keep it simple: start with 1 Windows VM + 1 Linux VM. Add the toolbox VM once your machine can handle it.

Snapshot workflow (how you turn labs into “infinite practice”)

Before each lab:

• Take a snapshot named like: Before-Lab-03-DNS

• Do the lab

• If you break something, revert snapshot and repeat

This is the home lab superpower. You do not learn faster by being careful. You learn faster by breaking things and resetting.

10 hands-on lab ideas you can do this week

Each lab below includes:

- What to build

- What to measure

- What to write down (so it becomes study material)

Lab 1: Build a “known good” baseline (A+ + Security+)

Goal: Learn what “normal” looks like so you can spot abnormal.

• On Windows VM:

• Create a local admin and a standard user

• Turn on Windows Firewall (all profiles)

• Open Event Viewer and note where Security logs live

• On Linux VM:

• Create a user, add to sudo group

• Identify where auth logs are stored (/var/log/auth.log on many distros)

Write down:

- Where you check logs on each OS

- How to verify a user’s group membership

Lab 2: IP addressing and subnet “muscle memory” (Network+)

Goal: Stop doing subnetting as trivia. Do it as configuration.

• Create Host-Only network 192.168.56.0/24

• Assign:

• Windows: 192.168.56.10/24

• Linux: 192.168.56.11/24

• Confirm:

• Ping both directions

• ARP table entries exist

Write down: - Commands used (ipconfig, Get-NetIPConfiguration, ip a, ip r, arp -a) - What changes when you switch to /25

Lab 3: DNS troubleshooting drill (Network+ + A+)

Goal: Practice the most common real-world outage pattern.

• On Linux VM, set a bad DNS server temporarily

• Try:

• ping google.com (should fail)

• ping 8.8.8.8 (may succeed)

• nslookup google.com (shows DNS failure)

• Fix DNS, re-test

Write down:

- Symptoms that indicate DNS vs routing vs firewall

- The exact command output that helped you decide

Lab 4: DHCP concepts without a router (Network+)

Goal: Understand leases and renewal behavior.

• Simulate DHCP behavior by switching a VM between:

• Static IP

• “Automatic” (even if it cannot get a lease in Host-Only)

• Observe:

• APIPA behavior on Windows when it cannot reach DHCP

• Lease info when DHCP exists (NAT network)

Write down:

- What APIPA range looks like and when it appears

- How to renew/release and where Windows shows lease details

Lab 5: Packet capture for beginners (Network+ + Security+)

Goal: Be able to prove what is happening on the wire.

• Install Wireshark on your host (or use tcpdump on Linux)

• Capture traffic while you:

• Ping by IP

• Ping by name

• SSH from one VM to another

Write down:

- How to filter for DNS, ARP, ICMP

- One screenshot or note of a normal DNS request/response pattern

Lab 6: Firewall rules that break apps (A+ + Security+)

Goal: Practice secure configuration and troubleshooting.

• On Windows:

• Block inbound ICMP (ping)

• Confirm ping fails from Linux

• Re-enable it

• On Linux:

• Use ufw to block port 22

• Confirm SSH fails, then fix it

Write down:

- The rule you changed

- How you verified the port was blocked (don’t guess, prove it)

Lab 7: Build and harden SSH (Network+ + Security+)

Goal: Turn “SSH is port 22” into actual admin skill.

• Install OpenSSH server on Linux

• From Windows:

• Use ssh [email protected]

• Hardening steps:

• Disable password login (use keys)

• Disable root login

• Change default SSH port (optional for learning)

Write down:

- Where SSH config lives

- How you tested access before and after hardening

Lab 8: Local privilege and least privilege (Security+)

Goal: Understand access control by doing it.

• On Windows:

• Create a standard user and test:

• installing software

• opening admin tools

• On Linux:

• Create a user without sudo

• Test commands requiring elevation

Write down:

- One example of a task that fails under least privilege

- One secure way to perform it (run as admin, sudo, just-in-time elevation)

Lab 9: Vulnerability scanning, safely (Security+)

Goal: Learn scanning basics without touching the public internet.

• In Host-Only network only:

• Use nmap from toolbox VM to scan your Windows and Linux VM

• Compare:

• default ports open

• ports open after enabling services (like SSH)

Write down:

- The command you used and what each flag does

- Which ports changed and why

Lab 10: Incident mini-simulation (Security+)

Goal: Practice a realistic “what happened and what do I do” loop.

• Create a “suspicious activity” scenario:

• On Linux, create a new user and add to sudo

• On Windows, create a scheduled task

• Your job:

• Find evidence in logs

• Document:

• timeline

• what changed

• containment step

Write down:

- Where you found the evidence

- One containment action you would take in a real environment

Packet Tracer and GNS3 lab ideas for Network+

If your goal is specifically Network+, spend 30 to 45 minutes a few times a week in Packet Tracer or GNS3 doing short, focused builds.

5 drills that translate directly into exam readiness

• VLAN segmentation practice

• Build 2 VLANs, assign ports, verify hosts cannot talk without routing

• Inter-VLAN routing

• Router-on-a-stick basics: trunk, subinterfaces, default gateways

• ACL logic drills

• Write one permit and one deny rule and prove the impact with ping and HTTP

• NAT concepts

• Inside vs outside, what translation is doing, why it matters

• Redundancy concepts

• Add a second path and discuss STP behavior (even at a high level)

For each drill, force yourself to answer:

- “What is the expected behavior?”

- “What command proves it?”

A 14-day hands-on schedule (30 to 60 minutes/day)

If you only have 30 minutes per day, do fewer labs but still produce the deliverable. The notes are what turn “I tinkered” into “I learned.”

How to turn lab time into higher CompTIA scores

Use this loop:

1. Do the lab (hands-on)

2. Explain the lab (teach-back in your notes)

3. Drill questions on the same objective immediately after

Actionable method:

- After a DNS lab, do 15 to 25 questions on DNS, DHCP, troubleshooting.

- After a firewall lab, do 15 to 25 questions on ACLs, ports, secure configs.

Your brain retains more when you attach facts to an experience.

FAQ

Do I need GNS3 for Network+?

No. Packet Tracer is enough to build your core mental model for routing, switching, VLANs, and ACL logic. Add GNS3 later if you want more realism or you are heading toward CCNA-level depth.

Is it safe to run Kali Linux at home?

Yes if you keep it isolated. Use Host-Only networking for practice targets and do not scan networks you do not own or have explicit permission to test.

What should I do if my computer is slow with VMs?

Run fewer VMs simultaneously, allocate less RAM, and favor lightweight Linux distros. You can also do network drills in Packet Tracer (very low resource use) on days you cannot run multiple VMs.

How do I know if a lab is “worth it” for CompTIA?

If you can write down: (1) what you built, (2) how you verified it, and (3) what common failure looks like, it is worth it. CompTIA loves scenarios where you must choose the next best step.

What should my lab notes look like?

Keep a single running document with sections like: Goal, Topology, Commands, Expected Output, What Broke, How I Fixed It. Add screenshots only when they prove a point.

Your next step: pair labs with targeted practice questions

Hands-on labs build intuition. Practice questions build test timing and pattern recognition. Do both, on purpose.

Start practicing today at study.cyberexamprep.com with unlimited questions across all CompTIA exams.