CompTIA 1102

  • Windows 10 requirements, windows 7 sp1 or windows 8.1. Processor, 1GHx or a faster SoC. RAM, 1 gb for 32 bit 2 gb for 64. hard disk, 16 gb for 32, 20 gb for 64. graphics, directx 9 or later with wddm 1.0 driver, 800x600. 

  • Windows 10 and 11 have 4 basic editions, home, pro, pro for workstations, and enterprise, the two education editions pro education ( based on pro) and education (based on enterprise).  

  • Windows 10 64 home edition only supports 128 gbs of ram. Home edition can rdp into others, but can't be rdp'd to, client only. 

  • Domain accounts, used in enterprise settings, managed  by a server, users are limited to minor changes. Work group accounts are used in small offices, no central mgmt, user has full control 

  • Bit locker encrypts hard drive, uses 128 or 256 bit aes  

  • Group policy editor, gpedit.msc. Creates policies and procedures for local domain. Can be used on non-domain computers 

 

 

Microsoft Command Line Tools 1.2  

  • Get-childItem, lists all files and folders in location 

  • SFC, scans the integrity of all protected system files and replaces incorrect versions with correct ones 

  • CD, change directory. DIR lists files and subdirs of current dir. Md (mkdir) creates a directory, rd (rmdir, deletes a directory. CD .. goes back one folder  

  • MD creates  directory., rd deleted the directory 

  • Chkdsk, used to find and repair physical and logical errors on a storage volume. Common switches are /f to fix detected errors and /r to recover lost data in addition to the /f function 

  • Robocopy, uses mirroring, data copied will replace any outdated data in destination folder. Carries over attributes, ad can be set to run on schedule 

  • Gpupdate, used to update group policy, gpresult displays current group policy settings, gpupdate, commonly used with /force switch to make it update right away 

  • Shutdown /s shutdown /r restart /t sets a time before shutdown /aborts 

  • Sfc, system file checker, verifys protected system file integrity. /scannow switch finds and repairs files, /verifyonly finds but does not replace 

  • Diskpart manages disks, volumes, and partitions, can modify partitions, convert from mbr to gpt change drive letters. 

  • Mbr can only have 4 partitions, gpt can have 128 

  • Winver shows version. 

  • Ipconfig, troubleshoots network issues. Common switches, flushdns clears dns cache, all displays extended network details, release releases dhcp ip address lease, renew requests a new ip address. 

  • Ping tests connectivity, -t the test will run indefinitely and is cancelled using ctrl+ c. 

  • Hostname gives name of computer. Netstat displays in depth info about network connections and traffic –a displays active tcp and udp connections openly listeing, -p allows you to filter by protocol, -r displays the routing table 

  • Nslookup diagnoses dns issues. Tracert trace route, shows each hop taken to reach destination 

  • Path ping gives information back about each stop. Net user is used to add modify or view details for a user account, can be used for local or domain. Net use is used to connect shared resources, mapped drives and printers. /persistent yes/no to make it permanent 

 

Section 1.3 Microsoft Windows 10 Features and Tools  

 

  • Task manager has 5 tabs Processes, Performance, Setuo, Users, and Services. Ways to open it are ctrl alt del, ctrl shift escape, right click on taskbar, win x, search function in start, taskmgr. Services displays background services and their status, stoppng windows critifval services can cause windows to crach, and sometimes a dependent service can be stopped by previous technicians and cause programs not to work.  

  • Microsoft management console MMC, houses tools for mgmt refered to as snap ins. Can be used remotely, and allows a saved set of snap ins. EVENTVWR stores details on errors and warnings, keeps windows logs and filters them. Each event is numbered   

  • DISKMGMT.msc creates disk partitions, formats disks, change drive letters, and init new disks. TASKSCHD.msc task scheduler, creates automated tasks. DEVMGMT.msc view and manage hardware, update or rollback drivers, enable or disable devices. CERTMGR.msc, allows you to view all certifications, add or modify. LUSRMGR.msr create or delete local users and groups, changes passwords, assigns user access rights 

  • PERFMON views real time performance data, view performance logs, and create automated data collection GPEDIT, edits local group. MSINFO32, system information, displays detailed system information, system summery, hardware rersources, hardware devices, and driver info. RESMON displays currant and brief history of resource usage CPU, Memory, Disk, Network. MSCONFIG, system utility used to troubleshoot windows startup issues, boot into safemode, enable/disable services. CLEANMGR, disk cleanup cleans old install or update files, deleete old drivers clears recycklingbin, DFRGUI disk defrag, provides faster access to data because it organizes them, for SSDS it runs trim command. REGEDIT used to view create or edit windows registry events, changing registry entries can cause irreversible damage 

 

Section 1.4 Windows 10 Control Panel 

 

  • Internet options allows you to manage controls of your browser, legacy. IE had a concept of security levels, a slider in internet options. Device and printers handles printers and peripherals, can manage drivers. Programs and features is used to change or remove applications, or un/disable win features and view installed win updates. Network and sharing center ,amages network connectivity, views adapters and active network, file and sharing. System displays basic system info, similar to msinfo.  

  • Windows defender firewall monitors traffic in and out, has sets of rules to allow or disallow depending on private or public network. Mail is usedto manage email accounts on outlook or windows mail app, manage data files .ost or .pst. Sound manages input output devices and default sounds. User accounts is similar to local users, can add or remove users, can change user account control settings, manage user access levels. Indexing options manages locations that windows will index, indexing maintiais file locations making it easier to search for specifics. Administrative tools lists shortcuts to varius admin utils. FILE explorer options, manage basic file explorer settings, can view/hide hidden items, and view file extensions.  

  • Power options manages power plans, advanced options allpws more customization, Sleep saves pc current state into ram and shuts down computer boots very quickly to previous state, hibernate is similar consumes no power, boots slower tha sleep, and saves current state to hdd or ssd. USB selective suspend allows obe port to be dissables without affecting others. Mobile devices can have different power plans for when a lid is closed, when sleep button is hit or when power is. Accessibility is in ease of access, helps people with different sight and heaering abilities.  

 

Sectuib 1.5 Windows settings 

 

  • Settings is Modern iteration of control panel. Time and language allows changes of both, found in settings. Update and security, manages updates, update settings, security srttings, backup and recovery, find my device. Personalization changes background color image themes lockscreen font or taskbar. Apps and features is focused on windows sore apps. Privasy sets settings on what gets sent back to applications.  

  • Workgroup vs domain: Shared resources, in a workgroup user creds must be setup on each device but domain account may access any device within the domain. Printers workgroup printers must be set as shared to be accessed by other workgroup members, domain any printer on the domain may be accessed. File servers, workgroup creds must be created on the file server for each user, domain account may  access any device within the domain . Mapped drives workgroup credentials must be created on the device containing the network for each user. Domain account may access any device within the domain   

  • Network config settings can be found by searching network connections, right click on connection nd select properties. SSO means single sign on. FAT has no concept of attributes and permission used by NTFS 

  • Permissions tab on windows 11 allows you to view where a file or folder is shared to 

 

Section 1.6 

 

  • Linux, used primarily by devs, low to medium application support, free open source. MacOS works on proprietary apple hardware, used primarily by graphics producers, low to medium app support, paid and partial open source. Chrome OS works on most hardware, used primarily in education, lowest app support and very minimal hardware, free open source. IPad OS and IOS are different, iPadOS supports stylus use 

  • File system types, when you setup a drive, you must select a file system. NTFS is default for windows, a max file size of 16 EB and max volume size of 8PB with built in compression. FAT32 works natively on windows and mac, 4gb file size 16tb max volume size with no compression. EXT3 Linux max file 2TB max volume size 32 TB no compression. EXT4 Linux 16TB max file 1EB max volume size no compression. APFS MacOS 8EB max file size no volume size and compression. ExFat is mac or windows 16 EB max file size 64 ZB volume size wih no compression.  

  • OS versions have limited life span, extended life support only puts out security updates. Some software works between OS's,  not all do. 

 

Section 1.7 Installation and configuration process 

 

  • Windows uses WOW64 subsystem in 64 bit os installations to run 32 bit applications, not all 32bit applications work in this environment, 64 bit applis will not run on 32 bit, drivers must be 64 bit to run in 64 bit os 

  • 32 bit, CPU req us 32 or 64, mx ram is 4 gb, speed is slower, app compatability 32 or 16 bit, driver compatability 32 bit. 64 bit OS cpu req 64 bit, Max ram 16 EB, faster, app compatability 64 and most 32 bit, driver compatability 64 bit, 16 exabytes = 17 billion gb 

  • Integrated gpu is built into the cpu on the motherboard, not very robust, inexpensive, common in entry leve pcs and shares system ram. Dedicated gpu is a standalone add in, more robust and expensive, common in high end pcs, higher dedcated vram. 

  • Robocopy, which stands for "Robust File Copy," is a built-in command-line tool in Windows that is used to copy files and folders from one location to another. It provides various options that can be used to customize the copying process, including the ability to resume file transfers if they are interrupted. 

  • Min requirements for windows 10 intel i3 or amd fx 4350 recommended 15 or Ryzen 5. Vido min gtx 660 or Radeon hd 7850, recommended gtx 1060 or Radeon rx 5500 xt. Memory min 8gb recommended 16. 30 gb storage, broadband internet and 1280 x 720 res. 

 

Section 1.9 OS installation and upgrade 

 

  • Boot methods can be through usb, optical media, and network (PXE) PXE boot must be enables in bios, external drive, or internal drive partition. Image deployment installs os from premade customized image, retains files and settings from device image it was from. Repair installation attempts to repair current install, uses install media. Remote network install installs os remotely, can use custom image or one on the server, retains no files from the device 

  • In-place upgrade keeps all apps and files and just upgrade the OS, faster but can bring orphaned files over. A refresh is faster than a clean install, reinstalls windows while keeping personal files intact, but removes installed applications amd settings. Windows automatically creates restore points when system updates, driver installs, application installs, manual creation and task scheduler 

  • Some hardware devices may require special drovers, known as boot start driver, manually installed from external media MBR is a legacy partition manager, stores records at the beginnning of the drive, GPT GUID Partitioning Table is modern, distributes records throughout the drive. MBS is windows 7 and prior, uses BIOS, max partition size of 2 TB and max primary partitions 4. GPT is windows 8 and newer, uses UEFI, has a max partition size of 9.4 ZB and max primary partitions of 128. New OS installations require device formatting, all data is erased ( but recoverable), a suitable fie system type must be selected for the os to be installed, NTFS for windows, APFS for max, ext4 for linux, this is done while OS is being installed. 

  • NTFS is the default file system for windows, but ReFS resilient file system is newer high resiliency  and data integrity, supports large volumes and is optimized for data storage, supported in win server 2012 and later. NTFS supports native encryption so does ReFS and APF4, ext3 does not 4 does. When upgrading consider you must back up all preferences and settings, as well as the OS life cycle 

 

Section 1.10 Common Features of macOS 

 

  • Installing things in mac comes from the App store, or an external source. Three common install file types, .app like .exe which is a application bundle with everything needed to run the application. Or .dmg a macOS disc image that must be mounted. .PKG a complete installation package, contains similar elements to .dmg but requires no mounting. To install a .pkg or dmg you drag the file into the applications folder. Uninstalling can be done by opening launch pad, clicking and holding on app until it jiggles, then delete. Non app store uninstalls you use the finder to locate app, drag app to trash or select the app and clock file > more to trash, empty trash to completely delete 

  • Time machine backs up periodically and continues to save x amount of back ups eventually deleting oldest backups to make room for new ones. Update Xprotect, and os version with automatic updates 

  • Multiple desktops, add manage spaces using mission control, assigns apps to specific spaces. Accessibility aids in people woth sight or hearing issues. Keychain, macs built in credential manager. Spotlight system wide search program, indexes your system. I cloud is apple cloud storage. Gestures, trackpad gestures for common inputs, primary left click – tap one finger, secondary right click – tap 2 fingers, scroll – drag 2 fingers up or down, smart zoom – double tap with two fingers.  

  • Finder, GUI used to interact with file system, windows file explorer. Remote disc, gives ability to use another devices optical drive through the network. Dock, a quick navigation tool, dd favorite apps for quick access and can force quit apps quick. Disk utility manages the storage devices, forats, encrypt, password protect, RAID, create disk image, repair damaged discs 

  • File Vault, full disk encryption program, encrypts startup disk, enable in system preferences > security and privacy, must protect recovery key. LUK linux drive encryption. Terminal, text based access to os, similar function to windows command prompt, PowerShell of mac. Force out is used to terminate unresponsive apps, Option + command + esc or taskbar in the apple dropdown menu 

 

Section 1.11 Common Features of Linux Distrubutions 

 

  • LS lists all, PWD displays current directory, MV moves files and directories to a new location. CD changes directory, cp Copies files or directories, rm removes files and directories. Chmod sets user access rights to a file, uses rwx read write execute, first is owner permissions, 2nd is group, 3rd is others. Also can use numbers in syntax to shorten this, 0 is no perms, 1 execute, 2 write, 4 read, 3 write and execute, 5 read and execute, 6 read and write, 7 read, write and execute. Chown changes ownership of a file. Su / sudo su changes to the super user or admin, sudo runs one command as super user  

  • Apt, package manager for debian based distros. Yum is a package manager for rpm based distros. IP used to configure network interfaces, ip route list, addr, addr add, link show, are all command for ip. DF displays sys info and free and used space –h denotes human readable output. Grep is a search tool, search for a pattern of characters or files, useful switches -I ignores case, -c displays a count of matches, -v displays all lines that do not match, -w matches an entire word. Ps displays active processes, useful switches –e displays all processes, r displays running processes, -p filters by PID, -f displays full formatting, -u filters by username. Man displays user manual for a command, can search for specific section, -f displays sections a command is in  

  • Top displays real time view of processes running, common switches are –n limit the number of refreshes (time), -u filter by user, -b sends output to a file or program. Find looks for files or directories, -newer file filter by files created or modified after x date, -empty searches for empty files/folders, -user name by user, -name by file name. Dig displays dns server info, must be installed. +Short displays only IP address. +Noall can be used to display only specific sections. Cat is short for concatenate, displays file contents, can also copy contents of one file to another. Nano is built in terminal text editor, used to display txt files. Samba allows Linux machines to communicate with windows machines on a network, shares files and printers. 

  •   

Section 2.1 Security Measures 

 

  • Access control vestibule, also known as a mantrap to prevent tailgating 

  • There are now noise and glass breaking sensors.  

  • A cable lock secures a laptop to the desk, similar to a bike lock Bollards prevent unauthorized vehicle access / vehicular damage Magnetometer, detects metal, scans visitors, takes a photo 

  • Principle of least privilege, need to know basis, can reduce complexity of auditing. Access control lists controls access to data at granular level, secures data and networks. 

  • MFA, email, hard token (fortitoken), soft token (software), SMS, authenticator app (stores soft tokens)  

  • MDM, can PUSH software and sec policy's, allows admin to control md, mitigates risk, allows for easy management of byod 

  • Active directory, logon scripts – perform automated functions at user logon, assist with auditing, automatically connect shared drives. Group policy allows centralized user and computer config, set access to specific devices for an entire group. Organizational units, AD container, Org of users and computers/ Home folder, private location on network for user personal diles 

 

Section 2.2 Wireless Security 

 

  • WPA2 and WPA3, WEP is not secure, has 2 verisions. Personal, designed for SOHO, uses user defined password for access, easy and fast to implement, less secure. Enterprise designed for medium and large organizations, uses AAA server for acess, carries stronger encryption methos pptions, more complex to implement, more secure 

  • WPA2 introduced 2004, uses ccmp encryption with AES cipher, may use pre shared key PSK or EAP auth, WIFI protected setup WPS, susceptible to krack and offline dictionary attacks. WPA3, introduced 2018, uses more efficient GCMP encryption with AES cipher, uses simultaneous auth of equals SAE for auth, no known vulnerabilities, intruduced forward secrecy 

  • Encryption protocols, tkip is legacy, rc3 cipher, AES used with CCMP or GCMP with AES cipher, faster, no known breaches   

  • Authentication, Protocols for AAA servers, Radius -  remote auth dial in user service, open source, used for network user auth, only encrypts password, uses UDP. TACACS+ Terminal access controller access-control system plus, Cisco designed protocol, used primarily for administrator access to network devices, encrypts all data, uses TCP. 

  • Kerberos, used solely for auth, contains no auth or auditing service, allows single sign on. Produces a ticket after initial sign in, ticket used to auth to different apps, ticket does not contain creds. Like VIP wristband.   

 

Section 2.3 

 

  • Malware, malicious software, is categorized according to its goal.  

  • Rootkits, remote access, botnet conscription, spying or theft of data, malicious code is introduced art a very low level, bootloader, kernel, firmware, can intercept calls o the OS and lie about their existence  

  • Prevention and mitigation, end user education, email attachments software sources and safe habits. Antimalware. Mitigation, software firewalls blocking inbound attacks (worms) filter outbound traffic (data exfil), host configuration restricting priviledges, softrware restriction policies, OS level mitigations. 

  • Detection and removal, antivirus and antimalware, has built in remediation and quarantine functions, cleaning routines should not be trusted outright. Compromised systems may have other undetected issues, restore from clean backup, windows restore points may work. When starting fresh isn't an option use the recovery console to repair windows, run a full malware scan and remove all traces of infection, examine the system for malicious modifications, DNS configs, new users, scheduled tasks, firewall changes, disabled security features.  

  •  1 Investigate and verify malware symptoms 

2 quarantine infected systems. 

3 disable system restore in windows 

4 Remediate infected systems, (update anti malware and scanning and removal techniques) 

5 Schedule scans and run updates 

6Enable system restore and create a restore point 

7 Educate the end user 

IQ DR SEE 

 

Section 2.4 Social Engineering, Threats, and Vulnerabilities 

 

  • Smishing SMS, Vishing is similar but involves voice calls. 

  • ARP poisoning is a MITM attack, ARP requests are intercepted by an attacker who responds with spoofed arp responses tricking machines into thinking it’s the gateway. DNS poisoning is being redirected to a fake website that looks very similar to the real site via fake dns entry. Prevention is encryption, DNSSEC, or dynamic ARP inspection DAI. SQL injection is very common and affects unprotected databases. Without input sanitation an attacker could input SQL statement into fields and it runs command against database 

  • Cross site scripting XSS uses java script, involves injecting a malicious script into a normally trusted site. Threats are insider threats, zero days, spoofing, brute force, dictionary attacks. Vulnerabilities, a flaw or weakness in a system that can be exploited. Unprotected systems missing a firewall or anti virus, end of life OS, BYOD 

  • Encryption which uses one key, asymmetric, two separate but related keys asymmetric. Algorithm that generates fingerprint of input data is a hash, scheme used to establish trust and validate identities is PKI. 

 

Section 2.5 Basic Security Settings in Microsoft Windows 

 

  • Windows defender antivirus win10, settings >  update and security 

  • Accounts come in 4 types, Standard user – can run most programs but have limited setting changes allowed, Administrator – full access to all data and settings, Power user – have limited administrative powers, Guest user – cannot install programs create or change password, or change settings 

  • Accounts can be made or added  in settings accounts family and other users. Add a family member to include parental controls, or add someone else if parental controls aren't needed. Can select account access typ. Local usrs can also be managed in computer management, local users and groyps, right click or select action drop down and click user. 

  • Windows 10 has numerous different login methods, Single Sign On SSO is an enterprise login methos. Allows connected applications andf services to share one set of credentials, uses a primary refresh token PRT works with azure ad, integrated win apps, domain joined devices, apps with AD 

  • NTFS vs Share perms, these perms determinewho has access to what files and folders, best practice to use it by group. Share permissions are their own set of permissions for a shared folder, applies to remote users not local users, read change or full control. Folder and file permissions trump share perms. 

  • NTFS permissions apply to local and remote, has 6 distinct types for folders, five for files. Full control, modify, read and execute, list folder contents (folder only), read, write. Has inheritance. Both permissions can be found in file/folder properties, both can be used simultaneously, most restrictive polivy takes precedence, inheritance can be toggled on or off at each level in NTFS. Gives parent folder permissions to all sub folders.  

  • Copied items inherit destination permissions. Moved files within the same volume retain original permissions, moved to a different volume the file inherits perms from destination folder 

  • Bitlockers service requires tpm. Drive encryption encryots the entire drive, ntfs does encrypting fule system EFS. EFS allows encryption at a file/folder level, encryption is per user and follows is the file is moved, key is stored in local os 

 

Section 2.6 Security Best Practices for Workstations 

 

  • Password best practices, 8 or more charecters, no repeatign words or charecters, upper case lowercase number, and special charecters, modern guidelines are 14 or more, think passphrase, no repeating, contains upper lower number and special, no expiration req. BIOS/UEFI interfaces should always be password protected. 

  • User practices, screen savers locks should be used, timer should be 15 minutes or less and require password upon waiting. Critical hardware should be secured. All PII and passwords should be encrypted, never write passwords down use a password vault.  

  • User accounts principle of least priveledges, restrict login times to buisness hours. Always disable guest account. Defualt admin account should be disabled or account name and password changed, autoplay and auto run should be disabled 

 

Section 2.7 Mobile and Embedded Device Security 

 

  • BYOD bring your own dev, COBO corp owned business only, COPE corp owned personally enables, CYOD choose your own device. BYOD jail breaking and side loading not allowed, can install organizational apps. COBO often results in having to carry 2 devices. COPE is a hybrid, only 1 device but must be returned. CYOD organization is responsible for maintenance, but you are responsible for AUP acceptable use policy. Screen locks are a most for all, pattern nd swipe not recommended. MDM should allow for remote backups, and failed login restriction. BYOD policies should address security, define what may be used, define what assets can be accessed by mobile devices. IOT poses additional threats with no built in security, lack of standardizarion. Segment IOT devices 

 

 

Section 2.8 Data Destruction and Disposal 

 

  • Best means to destroy data permanently. Drilling (not an NSA approved method) Shredding (down to less than 2 mm pieces). Degaussing applies magnetic field to HDD, has no effect in ssds but leaves no data intact. Incinerating – applying very high heat to melt and destroy drive. Less environmentally friendly, leaves no data intact, NSA requires temps above 670 C 

  • Erasing/wiping leaves the drive usable, just rewrites every bit with a 0. standard high level formatting sets up a new file system on a drive, when installing an os, can be manually performed but leaves data completely intact and easily recoverable. Low level formatting completely factory resets 

 

Section 2.9 Small Office/Home Office Security  

 

  • First step with any router is to change admin password, disable SSID. URL and IP filter based on source/destination IP or url, can block specific addresses. Always update firmware, and content filtering. DHCP reservations, assign a static ip address to a connected device based on MAC address, preferred way of static IP assignment. UPnP and screened subnet, unp allows connected network devices to perform self-setup, many people suggest disabling. Screened subnet splits lan into two or more distinct areas. Physical placement, router should be placed securely. 

  • Change factory SSID and disable broadcast, disable guest access. Home office networks work on channels, use a wifi analyzer to determine what channel has least interference. Disable unused ports on firewall.  

Section 3.1 Troubleshoot Windows OS 

 

  • BSOD uninstall/reinstall/ update applications, System file check, repair windows, boot into safe mode, reimage. First check hardware, un plug peripherals. SFC is system file check, SFC /SCANNOW scans integrity of system files and repair files, /VerifyOnly scans integrity of all protected system files. /SCANFILE scans and repairs a selected file. 

  •  Boot problems, reboot, roll back updates, repair windows, reimage. Services not starting, verify service startup type, troubleshoot in clean boot, system file check, restore, re image. Application crashes, reboot, update/reinstall, update drivers, sfc, verify requirements, add resources.  USB controller resource warning, Plug device into USB 2.0 port, update/reinstall USB drivers, verify USB power draw 

  • System instability, Update OS, update drivers, inspect for malware, disable/uninstall unneeded apps, check disk space and resources. No OS Found, Verify storage connectivity., verify boot options, Repair Windows using installation media, Reimage. Slow profile loading, disable fast startup, update drivers, disable un needed startup applications, Rebuild profile most times in a domain if you connect from a remote location it takes time to transfer information. Time drift, Verify time and date settings, restart windows time service, change time server.  

  • Windows startup settings, Enable debugging starts windows in a troubleshooting mode. Enable boot logging creates a file ntbtlog.txt, that lists all of the drivers installed during startup. Enable low-resolution video. Enable Safe mode, starts windows in a basic state using limited set of files and drivers. Safe mode with networking, adds network drivers and services. Safe mode with command prompt starts safe mode with command prompt window instead of usual interface. Disable driver signature enforcement, allows drivers with improper signatures to be installed. Disable early launch anti malware protection, allows antimalware to start before other things. MSConfig allows for safe mode boot.  

 

Section 3.2 Troubleshooting PC Security Issues 

 

  • Authentication is also encompassed in security. Unable to access network, check network sharing permissions, verify security permissions, check local firewall logs. False anti-virus protection alerts, click nothing on the alert, then perform malware scan and enable ad blocker. Altered system or personal files, perform backup or sys restore, check disk, sfc, DISM, scan for malware. OS update fails, reboot and run, disconnect peripherals, update 3rd party drivers. Browser symptoms, scan/remove malware, reset browser settings, enable pop up blocker. Certificate warnings, try to access from a different device, if problem is isolated clear browser cert store, contact web server admin. Redirection, bad spyware changes homepage. Scan/remove malware, flush dns cache, verify browser add ons, boot safe mode.  

 

Section 3.4 Troubleshooting Mobile OS 

 

  • Apps not launching, restart device, force stop the app, reinstall app, check for os and app updates. Slow to respond, check resource usage, storage space, memory utilization. Os update fails, check for compatibility between device and OS, restart device. Randomly reboots, remove recently installed apps, check storage update apps and OS. Bluetooth issues, disable/re enable, restart both devices, unpair and repair. Air drop connectivity issues, verify air drop settings, check device compatibility, restart device, sign out and back into icloud. 

 

Section 3.5 Troubleshoot Mobile OS Security 

 

  • Developer options allows users to configure back end OS options, only turn dev mode on for development. Root access unlocks full access to all OS features, device Is more vulnerable to malware, can brick a device. Malicious app symptoms slows down device, fake security warnings. High number of ads  

Section 4.1 Documentation and Support System Best Practices 

 

  • Ticketing systems, manage all ticket information and allows for tracking of tasks. Asset management keeps inventory lists with asset IDS, who should have it where it should be vendor etc, procurement life cycle. Acceptable use policy documents how a user may use a computer or a device, typically users agree during onboarding. Network topology diagram outlines how the network is setup, shows connections and path, physical vs logical. Regulatory compliance, legal rules and regulations, HIPPA, PCI-DSS. 

  • Yser checklists, standardized checklists for new or terminated users, speeds up process and prevents unwanted user activity. Incident reports are standard docs after incidents. Standard operating procedures SOP step by step process  that outlines routine procedures, how to image, run updates on network devices etc. Knowledge base articles, a collection of documents used to help diagnose and repair, answers frequent issues. 

 

Section 4.2 Change Management Best Practices 

 

  • Rollback plan, a clear step by step plan to revert recent changes, should be detailed, tested and verified. Sandbox testing tests the change in a close to production environment.  

  • 6 common steps , Request change, review request for change, plan/evaluate the change, change approval, implementation, review and close. 

  • Change request forms, should include in depth information    

 

Section 4.3 Workstation Backup and Recovery 

 

  • Backups come in 4 types, a full – a complete backup of the entire machine/volume, must be performed at least once to begin the backup chain. Incremental – backup data changed since previous backup. Differential backup - backup data changed since last full backup. Synthetic  - a type of full backup created by a backup server. Backups should be tested regularly, confirms successful backup, confirms backup file integrity. Backup data should be kept onsite and offsite, 3 2 1 rule.  

  • Retention policies, Grandfather, father, son GFS, a form of archival storage used primarily with incremental backups, Saves a full back up at various time periods Grandfather yearly father monthly son weekly. 

 

Section 4.4 Common Safety Features 

 

  • Electrostatic discharge ESD, hardware can be ruined by a static discharge, use a ESD strap or mat. Proper power handling, can carry sensitive components in a anti-static bag, data centers and large server racks often have 220v, verify no voltage is present before working with power supply, remove all jewelry, equipment should always be connected to grounded circuit.  

 

Section 4.5 Environmental Controls 

 

  • Material Safety Data Sheet, describes safety or storage practice for things handled, toner cartridge, Familiarize yourself for substances being handled. Dispose of batteries safely and properly, spilled toner should be sealed and brought into hazard waste recycling, CRT monitors recycle at electronics recycler and never strip down, recycle general hardware at electronics recycler.   

  • Consider proper equipment placement, temperature humidity controls and ventilation requirements. Equipment upkeep, keep area dust free, use compressed air, never vacuum electrical equipment because static electric. 

  • Power condition, electronics can be damaged by fluctuating grid power, Surge – a sudden spike in voltage, generally caused by lightning. Brownout – temporary reduction in voltage or frequency, Blackout – loss of power. Data loss or corruption can occur due to these fluctuations. Uninterruptible power supply UPS used for backup power, surge suppressor helps mitigate damage due to power surges. 

 

Section 4.6 Prohibited Content, Privacy, and Licensing 

 

  • Prohibited Content Incident Response, If prohibited content is discovered prepare a copy of the drive to preserve data, utilize a chain of custody form, contact law enforcement or management if necessary, create thorough documentation of incident. Digital rights management DRM protects copyrights for digital content, many types exist Product keys, copy restrictions, specialized hardware, activation limits. Circumvention can lead to DMCS. Licensing outlines use and distribution of a product. Regulated data, credit card transactions, PII Personal gov issued info, health records.  

 

Section 4.8 Basics of Scripting 

 

  •   Scripting is helpful for basic tasks: restarting devices, network drive mapping, automatic updates, installing programs, gathering information. Powershell - .ps1. VBScript – vbs, Batch - .bat > Windows. Bash - .sh, Linux/ Unix. Python - .py, Perl - .pl, Lua .lua OS agnostic. JavaScript - .js browser. AppleScript .scpt, Shell script .command macOS 

  • Javascript comment /. a one liner is typically done in a live shell. 

 

Section 4.9 Remote Access Technologies 

 

  • Remote Access allows connection into remote machines, RDP is a Microsoft protocol. VPN allows remote device or network to securely access local assets, can be site to side – IPsec tunnel common, or remote access – OpenVPN and IKEv2 common, may allow malware to spread from remote device to network. VNC is open source, like rdp. SSH provides an encrypted connection between 2 devices, or modify equipment. RMM is software that include other IT tools, many potential vulnerabilities with third party software. MRSA Microsoft remote assistance tool, can be used to [provide assistance on a local, based on rdp, scammers use commonly. Third party tools provide access like screen sharing, video conferencing, file transfer, desktop management, may have vulnerabilities