Uploaded by gunguy20456

core 2

Professor Messer’s
CompTIA 220-1002 Core 2
A+ Course Notes
James “Professor” Messer
content errors. Therefore, this book should serve only as a
general guide and not as the ulƟmate source of subject informaƟon. The author shall have no liability or
responsibility to any person or enƟty regarding any loss or damage incurred, or alleged to have incurred,
directly or indirectly, by the informaƟon contained in this book.
2.5 - Denial of Service
2.5 - Zero-day AƩacks
2.5 - Man-in-the-Middle
2.5 - Brute Force AƩacks
4.2 - Change Management
4.3 - Disaster Recovery
4.4 - Safety Procedures
4.4 - Managing ElectrostaƟc Discharge
4.5 - Environmental Impacts
4.6 - Privacy, Licensing, and Policies
4.7 - CommunicaƟon
4.7 - Professionalism
4.8 - ScripƟng
4.9 - Remote Access Technologies
of computer hardware, mobile devices, networking, operaƟng systems, security techniques, and much more.
The current series of the A+ cerƟĮcaƟon is based on the successful compleƟon of the 220-1001 and the
220-1002 exams. You must pass both exams to earn your CompTIA A+ cerƟĮcaƟon. This book provides a set
of notes for the 220-1002 Core 2 exam.
The 220-1002 Core 2 exam
The 220-1002 exam objecƟves are focused on operaƟng systems, with over half of the exam detailing
operaƟng systems and the troubleshooƟng of soŌware.
Here’s the breakdown of the four 220-1002 exam domains:
Domain 1.0 - OperaƟng Systems - 27%
Domain 2.0 - Security - 24%
Domain 3.0 - SoŌware TroubleshooƟng - 26%
Domain 4.0 - OperaƟonal Procedures - 23%
But 64-bit OS can run 32-bit apps
• Apps in a 64-bit Windows OS
• 32-bit apps: \Program Files (x86)
• 64-bit apps: \Program Files
Windows on a mobile device
• MicrosoŌ Windows 10
• Fully-featured tablets
• Many diīerent manufacturers
• Touchscreen computer
• Keyboards
• Pen stylus
• Windows Mobile
• No longer in acƟve development
• No support aŌer December 2019
Google Android
• Open Handset Alliance
• Open-source OS, based on Linux
• Supported on many diīerent manufacturer’s devices
• Android Apps
• Apps are developed on Windows, Mac OS X, and Linux
with the Android SDK
• Apps available from Google Play
• Apps also available from third-party sites
• But for the home user
7 Enterprise
Windows 7 Professional
• Same features as Home Premium
• Can connect to a Windows Domain
• Supports Remote Desktop Host and EFS
• Missing enterprise technologies - no BitLocker
• x64 version supports 192 GB of RAM
Windows 7 Enterprise
• Sold only with volume licenses
• Designed for very large organizaƟons
• MulƟlingual User
• Interface packages
se features
• AppLocker
• Windows To Go
• DirectAccess
• BranchCache
Windows 8/8.1 processor requirements
• PAE (Physical Address Extension)
• 32-bit processors can use more than
• 4 GB of physical memory
• NX (NX Processor Bit)
• Protect against malicious soŌware
• SSE2 (Streaming SIMD Extensions 2)
• A standard processor instrucƟon set
• Used by third-party applicaƟons and drivers
• Centralized management
BitLocker and EFS
• Data conĮdenƟality
• Encrypt important informaƟon
• EncrypƟng File System
• Protect individual Įles and folders
• Built-in to the NTFS Įle system
• BitLocker
• Full Disk EncrypƟon (FDE)
• Everything on the drive is encrypted
• Even the operaƟng system
• Home and business use
• Especially on mobile devices
Media Center
• Video, music, and television portal
• Perfect for watching at home
• Record shows from a TV tuner
• Play music
• Watch DVDs
• The center of your home entertainment center
• Cable companies and other technologies
were strong compeƟƟon
• DisconƟnued by MicrosoŌ
• Not oĸcially available in Windows 10
Globally Unique IdenƟĮer
• The latest parƟƟon format standard
• Requires a UEFI BIOS
• Can have up to
• 128 primary parƟƟons
• No need for extended parƟƟons or logical drives
Checks the disk for bad sectors - Time consuming
Other consideraƟons
• Load alternate third party drivers when necessary
• Disk controller drivers, etc.
• Workgroup vs. Domain setup
• Home vs. business
• Time/date/region/language seƫngs
• Where are you?
• Driver installaƟon, soŌware and windows updates
• Load video drivers, install apps, update the OS
• Factory recovery parƟƟon
• This can help you later
p Windows seƫngs,
personal Įles,
and applicaƟons
• Must upgrade
to a similar EdiƟon
• A beƩer Xcopy
• Included with Windows 7, 8.1, and 10
1.5 - Windows AdministraƟve Tools
Computer Management
• A pre-built MicrosoŌ Management Console
• A predeĮned mix of plugins
• Control Panel / AdministraƟve Tools
• mmc.exe
• A handy starƟng point
• Events
• User accounts
• Storage management
• Services
• And more!
Device Manager
• The OS doesn’t know how to talk directly to most
• Device drivers are hardware speciĮc and operaƟng
system speciĮc
• Windows 7 device drivers may not necessarily work in
Windows 10
• Technical Support FAQ
• “Have you updated the drivers?”
• Computer Management or devmgmt.msc
Program, port, predeĮned services, custom
• Custom
• Program, protocol/port, scope, acƟon, proĮle
• What’s happening?
• CPU, memory, etc.
• StaƟsƟcal views
• Historical, real-Ɵme
• Newer versions include CPU, memory, disk,
Bluetooth, and network in the Performance tab
• Network performance
• Separate tab in Windows 7
• Integrated into the Performance tab
in Windows 8/8.1/10
• View uƟlizaƟon, link speeds, and
interface connecƟon state
• Who is connected? What are they doing?
• Windows 7
• User list, disconnect, logoī, send message
• Windows 8/8.1/10
• Separate processes
• Performance staƟsƟcs
services into a single tab
• Easy to view and sort
esses, and
y access to network resources
• Browse and view
• Indexing, search opƟons, searching non-indexed areas
• Computer informaƟon
• Including version and ediƟon
• Performance
• Virtual memory
• Remote seƫngs
• System protecƟon
System ProperƟes
• Computer informaƟon
• Including version and ediƟon
• Performance
• Virtual memory
• Remote seƫngs
• Remote Assistance and Remote Desktop
• System protecƟon
• System Restore, select drives
1.6 - The Windows Control Panel (conƟnued)
here’s no TPM
• Seamless
• Works in the background
• You never know it’s there
Sync Center
• Make Įles available, even when you’re not online
• AutomaƟcally sync when back online
• Built-in sync conŇict management
• Not available in Home ediƟons
• Needs oŋine Įle funcƟonality
• Only available in Pro and higher
• Mark Įles “Always available oŋine”
devices and users
• Deploy soŌware
• Manage the operaƟng system
• Manage in Control Panel / System
Join a domain
• Cannot be a Windows Home ediƟon
• Needs to be Pro or beƩer
• Control Panel / System
• Need proper rights to add a computer
Antenna connecƟons
• USB connected or 802.11 wireless
• Tether, Hotspot
• Requires third-party soŌware
• Each provider is diīerent
Quality of Service (QoS)
• PrioriƟze network traĸc
• ApplicaƟons, VoIP, and Video
• Infrastructure must support QoS
• DiīerenƟated Services Code Points
(DSCP) Įeld in the IP header
• IPv4 - Type of Service (ToS) Įeld
• IPv6 - Traĸc Class octet
• Manage through Local Computer Policy or Group Policy
• Computer ConĮguraƟon / Windows Seƫngs / Policy-based QoS
BIOS seƫngs
• Enable/disable network adapters
• On and oī - Not much nuance
• ConĮgure OS and applicaƟon seƫngs
Screen sharing
• Integrated into the operaƟng system
• Can also be viewed with VNC
(Virtual Network CompuƟng)
• Available devices appear in the Finder
• Or access by IP address or name
Force Quit
• Stop an applicaƟon from execuƟng
• Some applicaƟons are badly wriƩen
• Command-OpƟon-Esc
• List applicaƟon to quit
• Hold the opƟon key when right-clicking
the app icon in the dock
• Choose Force Quit
• Clean up log space
• /var/log
Many pre-made Linux distribuƟons are available
• I’m using Ubuntu in a virtual machine
• Use the man command for help
• An online manual
• > man grep
• List directory contents
• Similar to the dir command in Windows
• Lists Įles, directories
• May support color coding;
• Blue is a directory,
red is an archive Įle, etc.
• For long output, pipe through more:
• > ls -l | more
• (use q or Ctrl-c to exit)
ps -e | more
Your phone
• SMS a code to your phone
Guards and access lists
• Security guard
• Physical protecƟon
• Validates idenƟĮcaƟon of exisƟng employees
• Provides guest access
• ID badge
• Picture, name, other details
• Must be worn at all Ɵmes
• Access list
• Physical list of names
• Enforced by security guard
• The switch monitors the number of unique MAC addresses
• Maintains a list of every source MAC address
• Once you exceed the maximum, port security acƟvates
• Default is to disable the interface
MAC Įltering
• Media Access Control - The “hardware” address
• Limit access through the physical hardware address
• Keeps the neighbors out
• AddiƟonal administraƟon with visitors
• Easy to Įnd MAC addresses through wireless LAN analysis
• MAC addresses can be spoofed
• Security through obscurity
• No separate device to lose
Directory permissions
• NTFS permissions
• Much more granular than FAT
• Lock down access
• Prevent accidental modiĮcaƟon or deleƟon
• Some informaƟon shouldn’t be seen
• User permissions
• Everyone isn’t an Administrator
• Assign proper rights and permissions
• This may be an involved audit
cts against tampering
• TKIP has it’s own set of vulnerabiliƟes
• Deprecated in the 802.11-2012 standard
• WPA2 cerƟĮcaƟon began in 2004
• AES (Advanced EncrypƟon Standard) replaced RC4
• CCMP (Counter Mode with Cipher Block Chaining
Message AuthenƟcaƟon Code Protocol) replaced TKIP
• CCMP block cipher mode
• Uses AES for data conĮdenƟality
• 128-bit key and a 128-bit block size
• Requires addiƟonal compuƟng resources
• CCMP security services
• Data conĮdenƟality (AES), authenƟcaƟon,
and access control
inally a Unix technique
• The “root” in rootkit
• ModiĮes core system Įles - Part of the kernel
• Can be invisible to the operaƟng system
• Won’t see it in Task Manager
• Also invisible to tradiƟonal anƟ-virus uƟliƟes
• If you can’t see it, you can’t stop it
ndows 7 - System Recovery OpƟons /
Command Prompt
• Boot from installaƟon media
• Or select from F8 Advanced Boot Menu
• Windows 8/8.1/10
• Troubleshoot / Advanced OpƟons / Command Prompt
• Boot from installaƟon media
• April 2011 - Oak Ridge NaƟonal Laboratory
• Email from the “Human Resources Department”
• 530 employees targeted, 57 people clicked,
2 were infected
• Data downloaded, servers infected with malware
• Pretend to be someone you aren’t
• Use some of those details you got from the dumpster
• You can trust me, I’m with your help desk
• AƩack the vicƟm as someone higher in rank
• Throw tons of technical details around
• Be a buddy - How about those Cubs?
e next big vulnerability
• The good guys share these with the developer
• Bad guys keep these yet-to-be-discovered
holes to themselves
• They want to use these vulnerabiliƟes
for personal gain
• Zero-day
• The vulnerability has not been detected or published
• Zero-day exploits are increasingly common
• Common VulnerabiliƟes and Exposures (CVE)
• hƩp://cve.mitre.org/
caƟons require a parƟcular MAC address
• It might not be legiƟmate
• Circumvent MAC-based ACLs
• Fake-out a wireless address Įlter
• Very diĸcult to detect
• How do you know it’s not the original device?
local and network connecƟons
• Share permissions only apply to connecƟons
over the network
• A “network share”
• The most restricƟve seƫng wins
• Deny beats allow
• NTFS permissions are inherited from the parent object
• Unless you move to a diīerent folder
on the same volume
No Autorun in Windows 7, 8/8.1, or 10
• Disabled through the registry
• Consider changing AutoPlay
• Get the latest security patches
• Updates to autorun.inf and AutoPlay
Password best pracƟces
• Changing default usernames/passwords
• All devices have defaults
• There are many web sites that document these
• BIOS/UEFI passwords
• Supervisor/Administrator password: Prevent BIOS changes
• User password: Prevent booƟng
• Requiring passwords - Always require passwords
• No blank passwords or automated logins
Backup without wires - Use the exisƟng network
• Restore with one click
• Restores everything
• AuthenƟcate and wait
AnƟ-virus and AnƟ-malware
• Apple iOS
• Closed environment, Ɵghtly regulated
• Malware has to Įnd a vulnerability
• Android
• More open, apps can be installed from anywhere
• Easier for malware to Įnd its way in
• Windows Phone
• Closed environment
• Apps run in a “sandbox”
• You control what data an app can view
ndows Vista and later
• Can’t recover the data
Hard drive security
• 2009 UK university study of 300 hard drives
from eBay and computer fairs
• 34% had personal data, corporate informaƟon,
sensiƟve informaƟon
• Launch procedures for a ground-to-air missile system
• File level overwriƟng - Sdelete – Windows Sysinternals
• Whole drive wipe secure data removal
• DBAN - Darik’s Boot and Nuke
• Physical drive destrucƟon
• One-oī or industrial removal and destroy
Remote support
• Install the latest soŌware
• Update and upgrade the Įrmware
• Firewalls, routers, switches, etc.
Firewall seƫngs
• Inbound traĸc
• Extensive Įltering and Įrewall rules
• Allow only required traĸc
• ConĮgure port forwarding to map TCP/UDP ports
to a device
• Consider building a DMZ
• Outbound traĸc
• Blacklist - Allow all, stop only unwanted traĸc
• Whitelist - Block all, only allow certain traĸc types
e diagnosƟcs
• Provided by the manufacturer
• BIOS may have hardware diagnosƟcs
ProĮles can become corrupted
• The User ProĮle Service failed the logon.
User ProĮle cannot be loaded.
• If a proĮle doesn’t exist, it’s recreated
• We’re going to delete the proĮle and force the
rebuilding process
• It’s not as easy as copying a Įle
• Backups, registry modiĮcaƟons
• Login with domain admin
• Rename the \Users\name folder
• Export the user’s registry
• Delete the registry entry
• Restart the computer
System issues can be a factor
ApplicaƟon crashes
• ApplicaƟon stops working
• May provide an error message
• May just disappear
• Check the Event Log
• OŌen includes useful reconnaissance
• Check the Reliability Monitor
• A history of applicaƟon problems
• Checks for resoluƟons
• Reinstall the applicaƟon
• Contact applicaƟon support
One on one - Personal training
• Posters and signs - High visibility
• Message board posƟng - The real kind
• Login message - These become invisible
• Intranet page - Always available
m any app (no alarm, no music, no
• Load latest soŌware
• Factory reset
Inaccurate touch screen response
• Screen responds incorrectly or is unresponsive
• Close apps - Low memory can cause resource contenƟon
• Perform a soŌ reset, unless a hard reset is required
• May require a hardware Įx
• Replace the digiƟzer / reseat cables
System lockout
• Too many incorrect unlock aƩempts
• iOS: Erases the phone aŌer 10 failed aƩempts
• Android: Locks or wipes the phone aŌer failed aƩempts
App log errors
• Most log informaƟon is hidden
• You’ll need developer tools to view it
• A wealth of informaƟon
• If you can decipher it
• This might take a bit of research
• Viewing logs
• iOS - Xcode
• Android - Logcat
A single change can be far reaching
• MulƟple applicaƟons, Internet connecƟvity,
remote site access, external customer access
• How long will this take?
• No impact, or hours of downƟme
Risk analysis
• Determine a risk value
• i.e., high, medium, low
• The risks can be minor or far-reaching
• The “Įx” doesn’t actually Įx anything
• The Įx breaks something else
• OperaƟng system failures
• Data corrupƟon
• What’s the risk with NOT making the change?
• Security vulnerability, applicaƟon unavailability, or
unexpected downƟme to other services
• Health and safety laws
• Vary widely depending on your locaƟon
• Keep the workplace hazard-free
• Building codes
• Fire prevenƟon, electrical codes
• Environmental regulaƟon
• High-tech waste disposal
• Blackouts, brownouts, surges
• UPS types
• Standby UPS, Line-interacƟve UPS, On-line UPS
• Features
• Auto shutdown, baƩery capacity, outlets,
phone line suppression
Surge suppressor
• Not all power is “clean”
• Self-inŇicted power spikes and noise
• Storms, power grid changes
• Spikes are diverted to ground
• Noise Įlters remove line noise
• Decibel (Db) levels at a speciĮed frequency
• Higher Db is beƩer
Surge suppressor specs
• Joule raƟngs
• Surge absorpƟon
• 200=good, 400=beƩer
• Look for over 600 joules of protecƟon
• Surge amp raƟngs
• Higher is beƩer
• UL 1449 voltage let-through raƟngs
• RaƟngs at 500, 400, and 330 volts
• Lower is beƩer
lder Data
• Maintain a Vulnerability Management Program
• Implement Strong Access Control Measures
• Regularly Monitor and Test Networks
• Maintain an InformaƟon Security Policy
e of
• MicrosoŌ Oĸce applicaƟons
• Commercial soluƟons
• TeamViewer, LogMeIn, etc.
• Screen sharing
• Control the desktop
• File sharing
• Transfer Įles between devices
Security consideraƟons
• MicrosoŌ Remote Desktop
• An open port tcp/3389 is a big tell
• Brute force aƩack is common
• Third-party remote desktops
• OŌen secured with just a username and password
• There’s a LOT of username/password re-use
• Once you’re in, you’re in
• The desktop is all yours
• Easy to jump to other systems
• Obtain personal informaƟon, bank details
• Make purchases from the user’s browser
ents for many operaƟng systems
• Many are open source