Comptia 220-1002
1.1 Compare and contrast common operating system types and their
purposes
Kernel – is one of the core main function. Controls the memory management of what application
is loaded.
Process – an application running.
PID – process ID
Devices Drivers- are software that allow communication between the actual hardware and
operating system.
Domains is a computer that contains a copy of windows server and allows other computers on
the network to sign in once to get access to files
MAC OS





Runs on Apple’s Hardware, easy to use, and less security concern
Higher cost due to Proprietary hardware.
Command Key + Q is used to close application completely. The red button
doesn’t close the application but just the window.
Finder- show folders and application it installed.
System Preferences – basically windows control panel.
Microsoft Windows



Popular OS for computers and offers wide variety of software combability
Different variety of Windows: Windows Home, Windows server, windows
enterprise
If there is a security bug in one Windows System, it may affect millions of others
running the same version.
Linux



Free to use
OS is built and managed by the community rather than a company
Limited Driver support
32Bit vs 64Bit Processor
In CPU there is something called a MCC or Memory Control Chip built in. The CPU and
the MCC has a direct 32 wires or 64 wires connection with eachother. The soul purpose of the
wires inbetween is to allow CPU to communicate with MCC and tell it which memory address it
wants. For a 32bit system it can have up to 2^32 or max 4 GB of ram. While 64Bit system can
support much higher ram support.
X86 = 32bit processor support up to 4GB of Ram
X64 = 64bit processor support up to 17 billion GB of RAM (theoretically)
Windows on Mobile Device
o Used for many tablets screen laptops
o Has touch screen, keyboard and pen stylus
Android on Mobile Device
o The OS is Open-Sourced
o Anyone can create an app and uploaded to Google Play Store or third-party site to
be downloaded
Apple IOS
o
o
o
o
Used for iPhone and iPad
Closed Sourced Software – no access to Source code
Runs only on Apple Hardware
Apps must be approved by Apple to be added on Apple App Store
Chrome OS
o
o
o
o
Created by Google
Most Apps are web based
Used for Chromebook Laptops
Based on the Linux Kernel
End of Life
When will a company stop supporting that particular version of OS/Version
1.2 Compare and contrast features of Microsoft Windows versions
Home Edition – basic edition and cannot join domains
Pro Edition – standard windows edition contains features you would typically get in a windows
system.
Enterprise Editions – design for large cooperation uses
Windows 7 – upgraded version of Windows Vista
Window 7 Starter: built for netbooks (low performance laptops)
o
o
o
o
No Windows Media Center
No disk encryption
No Web Server hosting
Support up to 2GB of ram
Windows 7 Home Premium – used for the average consumer
o
o
o
o
o
Has Windows Media Center
Web Server Support
No domain connectivity
no disk encryption
support up to 16GB ram
Window 7 Ultimate – completely functionality of Windows
o
o
o
o
o
Domain Support
Remote Desktop Support
Disk Encryption
Support 192 GB of RAM
Same features as Windows 7 Enterprise but can bought by home users.
Windows 7 Professional – used for the workplace and was the commonly used
o
o
o
o
o
o
Has Window Media Center
Web Server Support
Can connect to Domain
Support Remote Desktop Host and Encrypted File Sharing
No disk encryption
Support up to 192 GB of Ram
Windows 7 Enterprise – used for large organizations
o Has Windows Media Center
o Web Server Support
o Can connect to Domain
o Support for RDP and Encrypted File Sharing
o Has disk encryption
o Support to 192 GB of Ram
Windows 8 - new Windows released with a new GUI layout. Windows 8.1 was an update to the
previous version
Windows 8/8.1 Core – used for home pc
o
o
o
o
Support x86 and x64 versions
Incorporates user’s own Microsoft account into the OS services
Has Windows Defender - both anti-virus and anti-malware
Has Windows Media Player
Windows 8/8.1 Professional
o
o
o
o
o
o
Has Window Media Center
Web Server Support
Can connect to Domain
Has Full Disk Encryption
Encrypted File Sharing
Support Group Policies
Windows 8/8.1 Enterprise – used for large organizations
Supports: Applocker, Windows To Go, DirectAccess and Branch Cache
Windows 8 – has a tile let interface tries to introduce windows operating system to mobile/tablet
devices. Introduced “Settings” where you can change things in the computer without going to
control panel this can be access by the charms menu at the upper right corner
Windows 10 – mainstream windows edition
Windows 10 Home
o Use for the average consumer home devices
o Has Windows Defender
o Cortana – voice assistant app
Windows 10 Pro
o
o
o
o
Use for business
Support Remote Desktop Host
Bitlocker
Able to join Windows Domain
Windows 10 Education and Enterprise
Applocker- controls what applications can run
BranchCache – remote caching of system
Granular User Experience (UX) control- chose the GUI layout
Encrypting File System (EFS) built in NTFS for windows. Can encrypt specific files or folders.
Disk Based Encryption use Trusted Platform Module – built into the motherboard acts like a
“Key” where the disk/hardrive cannot be read without this key. TPM is turned on in
BIOS/System Setup.
Bitlocker is used for windows system to encrypt disk and thumb drives
1.3 Summarize general OS installation considerations and upgrade
methods.
Boot methods
o
o
o
o
o
External drive : USB, eSata, Flash Drive
Optical Media (CD-ROM)
Network boot (PXE – Preboot eXecuation Environment)
Internal Fixed: Hard drive / SSD
Internal Hard Drive Partition
Types of Installation








Unattended Installation – finish a Windows Installation without physically choosing the
configuration setting for Windows Setup. Has a file called “unattend.xml” is used to
answer all questions for you saves time
In-Place Upgrade – upgrade but maintain the user’s personal data and applications
Clean Install – All user’s data is erased but new installation of Windows is the only thing
available
Image Deployment- creates an image of one computer and sends it to the network where
other computers on the network can copy and have the same image with all the apps and
configurations set.
Repair installation – fixes OS problems but saves the personal data
Multiboot – run two or more operating system
Recovery partition- saved installation files on a hidden partition
Refresh/Restore – uses the recovery partition to get that drive in the previous best state
Partitioning is the process of separating and assignment of different blocks for specific files.
Master Boot Record (MBR) – older partition format

Operating system was stored on LBA 0 on the hard drive as primary partition but can
only have max of 4 primary partition per drive.

Extended Partition is used to increase the number of partitions and those partition is
logical partition that is used to store data/app and not OS.
GUID Partition Table (GPT)-newer partition format
o C
Basic Disk Storage – creates 4 partitions can create/delete primary or 1 extended partition.
Dynamic Disk Storage – uses volume (partition) where the volume can created in RAID format
or deleted and volumes can be extended numerous of times
File Allocation Table (FAT 16) separate into two columns one is for memory address (left) and
the other is for data (right). Memory addressing starts at 0000 to ffff.
Writing data to a memory address also contains the memory address of the next available
block address for that piece of data.
File Systems
o FAT 32: oldest file system and can have up to 4 gigabytes max per file
o NEW Technology File System (NFTS)- can have up to 16EiB storage per
partition. Uses Master File Table, support encryption, compression, security
primarily for Windows
o EXFAT- cut down version of NFTS primarily used for thumb drives can support
more than 4 Gigabytes for a single file but does not have additional features or the
Master File Table.
o CDFS – Compact Disk File System used for optical media drives
o EXT3 -supports 32GiB Partition and max 2GiB Files for Linux
o EXT4 supports 2Eib Partition and 16TiB files for Linux
o NFS (network file system) – use to access file across a network
o HFS + (Hierarchical File System Plus) – used for MacOS supports 8EiB Partition
and Files
o Swap Partition uses Storage device as temporary memory, where the OS moves
some data from memory to the Storage devices temporary and then moves back to
memory when ready. Usually used when OS runs out of memory
Quick Formatting – does not check for bad memory address block and does not delete all
existing data
Full Format – checks for bad memory address and writes zero to all disk making it unrecoverable
1.4 Given a scenario, use appropriate Microsoft command line tools.
Command Line













Dir-shows all the files and folders and how much space they take up.
o Dir -p show all the files and folders one page at a time
CD- Change directory Command.
o Cd \ - sends you to the root directory of command line “C:\ >”
o Cd .. sends you to up the parent folder it is connected to.
To change drive just type the LETTER of the drive and double colons. Ex. D:
Dism – used to modify or repair the Windows Images that are used for drive recovery
[Command name] /? – gives you all the actions you can do with that particular command
Copy Command
o Copy /v “filename.txt” D: verify filename.txt is properly copied to drive D
o Copy /y is a command that automatically say yes when Windows access to
overwrite the same file type.
o Can use asterisks * and then the file type at the end to copy all file that ends with
same filetype. Ex. Copy *.jpg F: . This will copy all jpg in that drive to drive F.
Formatting Disk can be done with command line as well
o /FS:filesystem (FAT, FAT32, NTFS, UDF)
o /Q provides quick formatting
Chkdsk
o /Chkdsk only identifies bad blocks in drive to not be in use.
o /chkdsk /f will identify and fix bad blocks on next reboot if the drive is currently
is in use.
o /chkdsk /r will locate that bad sectors and recover the data on those bad sectors
and move it to a good sector on the drive
System File Checker (SFC)
o Checks the backup files are corrupted or not.
o Sfc /scannow will check if the backup is corrupted or not and will get a new copy
from the original drive to the backup to replace the corrupted file.
o Dism /online /cleanup-image /restorehealth – will check online at Microsoft and
will check the version you are running on windows and see if any corrupted files
are on your system and replace it.
Diskpart used to partition/format disk
Xcopy is used to copy all files from a drive into another drive
o Xcopy c:\backup folder x: (destination folder)
 /s copies all sub directory
 /v verify each copy
 /h no hidden files copy
Robocopy same as xcopy improved version with faster verification and speed
Shutdown command can be use to power off system
o Shutdown /s – turns off system












o Shutdown /r – reboots system
o Shutdown /s /t nn (how many seconds need to pass to shutdown the system)
o Shutdown /a abort the shutdown
Tasklist used to see all applications and programs running.
Taskkill used to end a specific process
o Taskkill /PID 2702 /t end task with a process ID of 2702
Group Policy is used to manage the Active Direct Domain (rules) on series of computers
Gpupdate – group policies update takes the group policies on the domain and put it on the
local machines connected to it and overwrites any local policies
o Gpupdate
Gpresults- display results of group policy updates.
Ping – sends 4 packets to a IP address to check if the particular ip address is available or
working
Tracert (traceroute) determines the route of a packet takes to its destination
Netstat- shows the IP address of the devices the computer is connected to along with the
port number
o -a shows what ports are listening on
o -n show the numerical values only
Nslookup look up information from DNS servers used to look up website’s ip address
using its Fully Qualify Domain Name
Net view – view network resources
Net use command – is used to get access to certain share folders on network
Net user command is used to add/remove users to the computer
1.5 Given a scenario, use Microsoft operating system features and
tools
Administrative













Computer Management – is a way to customize which plugins or services to view for
specific used.
Device Manager – used to update, uninstall or modify the device drivers
Local Group and Users
o Superuser – is a special type of account that control administrative functionality
of the PC itself like deleting hard drive, removing users, etc...
o Groups have certain permission/rights and users can be added to the group
o Users can be part in more than one group.
Local Security Policy – sets of rules managed by the domain. They use the Active
Directory Group policies which can be configure users account setting and their
password, and when it needs to be reset
Performance Monitor – check the status of hard drive like checking the utilization
percentage or temperature
Services – background process that does runs automatically.
Task Scheduler – schedule apps to be open at certain time of day
Component Services – check all the object-oriented applications running on the OS
Data Service – can create a Database Application that will run on anytime of Database
(SQL, Orcale)
Print Management – printer settings, drivers, view printers connected
Windows Memory Diagnostics – check memory problems
Event Viewer – see what is happening for application like errors, warning messages etc..
Windows Firewall controls what connection is allowed in or out of the system. If there is
a rule or a pervious connection already established with the sender IP then connection is
allowed otherwise blocked. Can control what apps are allowed communication in
Windows Defender
System Configuration (MsConfig)





General Tab- decided what services or device drivers are loaded first
Boot Tab- decide what operating system to boot from, and other boot
configurations
Services Tab- decides what services will run during boot
Startup Tab- moved to task manager but controls what application is opened
during login.
Tools Tab – easy access to administrative tools
Task Manager





Applications Tab- shows all the application that are open. Available for Windows 7 but
combine with the processor tab in Windows 8/10.
Processor Tab – shows all the apps running and how much memory utilization for
Windows 7. In Windows 10 it shows the CPU, Memory, Disk and Network Usage of
each processor
Performance Monitor- shows real time usage of CPU and Memory for Windows 7. In
Windows 10 it shows usage for CPU, Memory, Disk, Network
Network Tab- shows the real time network usage and their speed
User Tab- shows the users that are logged onto the computer.
System Utilities








Regedit (Windows Registry) – that is used to make changes on kernel, services or device
drivers.
Services.msc – makes changes to all the services that are running/not running on
windows and can show the dependencies of that particular service.
MMC (Microsoft Management Console) – build a custom management interface that
contains a list of “application or services” the user wishes to use. They can add or remove
the said application or services.
Mstsc (Microsoft Terminal Services Client) used for remote desktop connection.
Msinfo32- shows the computer hardware, software and components connected to the
computer.
Dxdiag – use to troubleshoot DirectX if something is wrong with audio, 3d graphics or
input options
Disk Defragmenter – programs that rearrange the files into a continuous read format to
make it faster to read instead having all the fragmented pieces scattered across the drives
System Restore- reset your computer to the previously save safe point where all OS
system Settings are reset to that saved point.
Disk Management






Drive Status – see if the driver is healthy/at risk/failed
Mounting Drive- add more storage space and assigning them a letter or a folder location
to be used.
Initialization – formatting the drive to be of use
Shrinking – allocate a portion of the total available storage to a partition
Expanding – allocating more storage to a partition
Splitting – dividing the storage available for 2 or more partition
Windows has a local database of all users that logs into the system.
Dynamic Disk – feature exclusive to windows which allow partitions to be expand or shrink for
the drive.
Spanned Drive- feature that allows two or more separate drives to be extended into one partition.
Not recommend for practical use as if one drives fail the entire spanned drive fails and data is
lost.
Stripped Drive- raid 0 drive configuration
Mirror Drive – raid 1 drive configuration
Storage Space is a software in windows that allow Raid Configuration for the hard drive.
Registry- where all the user’s system configurations are stored. It is a binary file and can be only
read with “Registery Editor (regedit.exe)
Registery Editor has 5 main folders for editing
HKey Classes Root- least likely to edit and most complicated
HKey Local Machine – contains all the settings are applied to the PC itself, this includes
drivers, setting, customizations and so on.
Hkey Current Config- is a subset of Hkey Local Machine where it decides what current
configurations are active to that current user.
Hkey Users-list the different User in the system.
HKey Current User – list the current user logged in the system.
Applications are the Programs that actively Run on the computer
Software is programs that runs in the background
Application + Software = Processes
Hotkeys to access Task Manager


Ctrl + Alt + Del
Ctrl +Alt + Esc
Msinfo32.exe used to get a overview of all the hardware your system is running.
System Configuration (msconfig) – used for loading startup application or service.
Safe Boot – only load the minimum basic software and application to load windows.
Performance Monitor is an old windows program that can add performance counters for
hardware. It shows a graph overtime how that system is preforming depending on the type being
test. This includes available memory, how much cpu loaded
Event Viewer
Application
Security
Setup
System
Local Security Policy
Account Policies
Password Policy



Maximum Password Age: Length of time for how long a password can be
used before changing into something new.
Minimum Password Length
Enforce Password history – saves the pervious passwords to whatever
number set to and users cannot use those pervious passwords.
Account Lockout Policy
Account Lockout Threshold- set the number of max numbers of invalid attempts
Account Lockout duration – set how long the lockout timer is.
Task Scheduler- use to open programs at certain time or certain conditions like when booting up
and can repeat as well.
1.6 Given a scenario, use Microsoft Windows Control Panel utilities
Internet Options







General – Basic Display layout
Security- allow different access based on the website
Privacy – controls the cookies, pop-ups blocker, private browsing
Content- certificates and auto complete
Connection -VPN and proxy setting
Programs – default browser plugins
Advance – detailed configuration options
User Account – change local user account, name, password, and certificate information
System



Performance (virtual memory) – transfer data off memory to disk storage temporary
Remote – enable or disable remote connection
System protection – windows defender
Power Options


Hibernate-store all open applications and documents into disk and power off the system
Sleep – application and documents are stored on memory
Credential Manager – stores the website user’s username, password, and certificate.
Virtual Memory / Swap Memory use some storage as memory. But it is not used for practical use
more as last resort or temporary solution until we swap the ram to get it fixed
Folder Options
General Options- allow some configurations when browsing folders, opening files or
privacy settings for Quick Access.
View Options - turn on which folders or visible, either for hidden or non-hidden folders.
4:3 Aspect Ratio




VGA 640p x 480p
SVGA 800p x 600p
SXGA 1280 x 1080
UXGA 1600 x 1200
1280 x 720p
2560 x 1440p QHD/WQHD
3840 x 2160 4k
5120 x 2880 5k
1.8 Given a scenario, configure Microsoft Windows networking on a
client/desktop.
Full Duplex – a network card can send and receive data at the same time
Half Duplex – one way data transmitting or receiving
Wake on Lan – turns on a computer when receiving certain information.
1.9 Given a scenario, use features and tools of the Mac OS and
Linux client/desktop operating systems.
Ubuntu Linux
Sudo apt-get update : command that updates all the ubuntu repository to the latest version.
Sudo apt-get install “name of program” install application of a certain kind
Sudo apt-get upgrade: update version of the program
Sudo apt-get remove: delete remove
Ps aux: show detail process is running for all users.
Ps aux | grep “keyword” – filters all the process containing the keyword and output to the
terminal
Kill processID: end process.
Sudo passwd – change current user password
Chmod enable to change linux file system.
Chown – “own” change ownership for any linux folder or file
2.1 Summarize the importance of physical security measures.
Mantrap- where a person walks into a room and checks if valid credentials, if they don’t the
person is physically trapped in the room and the exit door will not open.
Badge Reader- has RFID chip inside
Biometric locks- fingerprint scanner/eye scanner
Smart Card – contains user credentials and is either swiped or inserted to the reader
Server Lock – used to physically secure the server system to the rack.
2.2 Explain logical security concepts
Organization Units – a way to organize user/groups by separating them into folders
Certificate – used for web browsing. Encrypt connection to web server using a key and that key
is signed off by a third party saying the key is valid.
2.3 Compare and contrast wireless security protocols and
authentication methods.
WEP – Weakest form of encryption
TIKP – older form of encryption used for WPA
AES-newer and primary form of encryption used for WPA2
WPA/WPA2 – standard for wifi encryption and authentication.
WPS automates encryption but easily hackable.
Radius server- separate box that is used to authenticate devices onto the network.
2.4 Given a scenario, detect, remove, and prevent malware using
appropriate tools and methods.
Virus: Old form of malware that replicate on ram and activate its function, usually spread
physically on floppy disk
Worm: Use network to replicate itself
Trojan Horse: Installing Malware that the user not aware of and is disguised as a file
Rootkit – malware that is stored into the bios folder
Randomsomeware – program that locked the computer’s data and must paid the hacker to unlock
system.
Spyware- malware that Is used to “spy” on people’s internet data and see what they are looking
for. Google does this
2.5 Compare and contrast social engineering, threats, and
vulnerabilities
Man in the Middle-some entity that stands in the middle of the receiver and sender that attempts
to steal data being sent between the two.
Spoofing – a computer fakes its location, ip address, mac address of another computer to attempt
to gain access of whatever the target computer has access to
Denial of Service – a bunch of computer sends bad request to a server and the server has trouble
identifying the bad request, causing legitimate user request to be stalled or throw 404 error
Zombie – a computer that has malware and waits for command to send malware request to
another system.
DDOS- where a bunch of Zombies possibly millions sends malware to a server/system
destroying it in the process.
Zero Day- new type of threat either man in middle, spoof, or ddos that hasn’t been solved.
Phishing – trying to get any user’s personal information
Spear Phishing – trying to get a specific person personal information
2.6 Compare and contrast the differences of basic Microsoft
Windows OS security settings
NTFS (New Technology File System) is a file sharing software in Windows Operating System
that allow data in hard drive or SSD to be shared among other computers.
NTFS Permission – allow or deny certain actions/permission of other users.
Standard NTFS Permission of folder
o Full Control- enable any modification to occur
o Modify – enables read, write and delete files along with the subfolders
o Read and execute – allow users to see items in the folders as well as run any
programs in it
o List Folder Content – see the both the folder’s content and subfolder
o Read – view the folder’s content
o Write – write or add items to the folder
Users and Groups – instead of giving permission to individual accounts we can place users in
groups with certain permissions if they are in multiple groups the permission will be additive on
top of each other.
Administer and Standard are the two default Window Account type.
Administer – gives permission to modify the local computer settings and other user
permission
User – gives basic access to the computer use.
Power Users has all functionalities as administer but does not have access to accounts
2.7 Given a scenario, implement security best practices to secure a
workstation
Password best practice
Setting Strong password: using upper, lower cased letters, numbers, special characters or
long password length
Password Expiration – passwords expire after a certain period of time
3.1 Given a scenario, troubleshoot Microsoft Windows OS problems.
Black Screen
Check if pc is turn on
Check boot order
Device Driver Issue
1. boot into safe mode
2. get to device manager
3. roll back drives or update drives.
Corrupt OS
Repair OS with the WinRE from your installation media.
Slow Performance
Check for malware
Check task manager to see what program is eating up the ram.
Most BSOD are caused by hardware.
3.3 Given a scenario, use best practice procedures for malware
removal.
1. Identify and research malware symptoms
2. Quarantine the infected systems
3. Disable System Restore (in Windows).
4. Remediate the infected systems.
a. Update the anti-malware software.
b. Scan and use removal techniques (safe mode, pre-installation environment).
5. Schedule scans and run updates
6. Enable System Restore and create a restore point (in Windows).
7. Educate the end user
3.5 Given a scenario, troubleshoot mobile OS and application
security issues.
Signal/Drop weak signal
Turn of device as people may have compromised the phone
4.1 Compare and contrast best practices associated with types of
documentation.
Network topology/diagrams- diagram of all the computers, switches, router that is connected to
the network
Logical Topology – diagram of computer that is organized by IP address conceptionally
Physical Topology – diagram of computer that is organized by the physical location
Knowledge Base/articles – database of information that is used to help find the solution to a
troubleshoot
Regulatory and compliance policy- rules that must be follow or will cause legal issues
Acceptable Use Policies- defines what you can or cannot do with the company equipment
4.2 Given a scenario, implement basic change management best
practices.
Change Board – group of people that is in charge of approve/deny changes for equipment in the
company.
4.4 Explain common safety procedures.
Equipment Ground-attach a ground connection to the computer and yourself personally to
prevent electrocution
Need a fire extinguisher that is C rated meaning it can deal with electrical fires
Weight limitations: 25 lbs or more need assistance
4.5 Explain environmental impacts and appropriate controls.
Power Supply
Sag: Short term voltage dips
Brownout: intentional or unintentional drops in voltage
Spikes/Surge: Provided more power than intentionally needed.
UPS: Uninterpretable Power Supply protects from Sag and Surge
4.6 Explain the processes for addressing prohibited content/activity,
and privacy, licensing, and policy concepts.
Regulatory Data
Personal Identifiable Information (PII) – Personal data like Social Security Number,
address, phone number
Protected Health Information (PHI) – personal health records
General Data Protection Regulation – How the individual has control of what information
is collected from the Web
PHI
4.7 Given a scenario, use proper communication
techniques and professionalism
Be on time for meetings
Actively Listen – listen to everything the customers says about their issue
Clarify Customers Statement – ask for detailed events leading the problem at hand
Set Expectations or Timeline of when the system will be repaired to the customer.
Be culturally sensitive
Avoid distractions
Avoid being judgmental
Deal Appropriately with customers confidential and private materials
Don’t argue with customers
Follow up on customer after the repair is competed to verify customer’s satisfaction
Offer different repair/replacement options.
4.8 Identify the basics of scripting.
.bat batch files is a text file that contain multiple command line commands and runs it all one by
one.
Environment Variables : are variables that point to a certain directory regardless of who logs on
to the system and applies to all. Ex. C:\%HomePath%\Logs
.vbs: visual basic script text file contain a bunch of commands
4.9 Given a scenario, use remote access technologies.
Telnet used to connect to other computers via Command Line but lacks encryption.
Virtual Network Computing (VNC) third party remote desktop controller.
Maintaining and Optimizing Operating System
Windows Update (Window 7) – update for security patches for operating system,
Can check for hard drive error by selecting the drive -> right click properties -> tools