Uploaded by yqglwqmyflbqmqlnfx

CompTIA A+ Core 2

advertisement
1002
Started
:
4/25/21
•
90 questions 90
,
minutes , 700
systems
1. 0
Operating
2. 0
Security
3. 0
Software
4. 0
Operational
passing
-
(100-900)
score
271
Pg
.
Pg 13-19
-24%
troubleshooting
3-12
-
Procedures
261
-
.
23%
Pg
20-23
Pg
24-28
32 bit
•
•
vs
64 bit
.
think of lanes on
RAM limitations
32
-
=
highway
4GB
up to
depends
-
on
64
,
use version thats
Workstation
Apple
•
same
-
>
more
-
05
bit as
friendly gui
most popular, User
-
not
source , free ,
open
Cellphone / tablet
0s
,
free , not compatible
gui
text based
or
,
•
,
User
friendly
distros
or
•
-
end of
•
•
limitations
life
when
they
come out
Update limitations
soft
32 V5
after
-
concerns
w/
64
.
CPU
between
thats
better
OS
bit
05
Ms
=
windows
versions
requirements
1GHz
,
H D= 16 -20GB , RAM
=
I -2GB
traditional windows style
windows 8 48.1
same
cos
7
minimum
-
new
eoi
Features of
windows
a
/ hardware based
drivers for specific
1. 2
,
,
specific
-
Computability
•
,
,
-
-
•
,
,
-
render
•
hw
Ms windows not really used anymore 32 bit not free 2.5% market
Android google baby , most popular based off linux open source 32464 bit
10s apple , based macos { darwin , not proprietary , 64 bit
Chrome OS google , not open source , web based app based linux 32464
,
•
•
not free
-
•
•
w/ other
diff flavors
,
•
,
share
•
•
more traffic
>
cars
05
Macintosh OS
Linux
•
more lanes
OS
Microsoft Windows
•
,
Over 4GB space
=
software compatibility
•
{ Purposes
Types
Operating
1. 1
min
designed
.
requirements
for touchscreen
better ARM support , not just
for
PCs
,
graphics
-
direct ✗ 9
W/
WDDM
1.0
higher
Windows
same
•
10
min
req
.
.
Cortana
•
edge
•
API
Ink
•
extensions
-
corporate
stylus
us
-
extensions
browser
work in
apps
Personal needs
.
Domain access
domain vs workgroup
•
-
.
•
for security
'
no
longer
Branch cache
-
-
,
encrypts
-
Encrypting
Desktop style / User
•
•
'
Windows
VPN
System
interface
traditional
V1
touchscreen oriented
more
Installation {
05
Upgrade
methods
Methods
modify
boot options
boot from
-
Types
following
:
Optical drive
,
fixed drive ( HDB
internal hard drive (partition)
external drive , network boot internal
,
installations :
unattended installation
of
•
dont need to be
•
need device
In Place
•
'
•
on
-
site
entire time
drive w/
like thumb
answer file
upgrade
-
•
1.
for
File
more
8
10
windows 10 both
Boot
#
7
Windows
1.3
•
data ,
windows
in
corporate needs
EFS
•
•
servers
center
Media
•
•
Dc and
Bit locker
-
•
,
not recommended
7 to
8
or
8.1
keeps all
put
in
to
10
settings
disk
and
and data
run
setup
.
exe
Clean install
•
•
•
"
rebuild system
removes
"
all
if data stored
settings !
on
files
from drive , reinstall
separate drive
works
great
0s
•
installation
Repair
•
Something
-
-
Multi boot
•
•
dont want
Remote
•
•
•
•
•
prep work
image
need server to push an
need a server in place
BOOTP / DHCP
,
MAC
•
'
images
be used
can
addressing
for
IP address
>
use
windows
Use
WIM file
w/
uh
Deployment
locations
/attended
server
,
created and add
installations
windows ADK and
USMT
,
info
own
Recovery
Partition
area of hard drive set aside to hold files that
Used to recover the 0s in event of a failure
•
can
be
Refresh / Restore
•
to
get
box
•
.
the
restore
goes
breaking
Dynamic
•
•
to
back
a
disk in
condition
it
was
when
you
took it out of the
all apps and media
earlier
build
logical
a
of
system
manner ,
create spaces
for
OS ,
data
simple volumes , spanned mirrored , striped volume
,
preform disk { Volume
•
•
up
Can hold
•
back into the
system
Uninstall { reinstall
Partitioning
manage
W/ 0
.
restart
0s
Basic
normal
•
•
hold
Primary
partition
primary
houses
•
tables
/ extended
system
,
basic
storage
partitions logical
,
and boot partition
Extended
extended partition subdivised
•
•
to device
from different
deploy images locally
•
•
your system
Image deployment
•
•
virtualization , multi boot
to use
network installation
most
-
#2.
OS
wrong w/
malware , bad install
went
Logical
•
•
a volume
assigned
created
a
letter
within
but
an
.
-
-
basic disk
drives
W/o this , not
into
hold
0s
4
primary partitions
know
how
to
boot
logical partitions
extended partition
cant
*only have
on
basic disk
properly
GPT
Guid
•
Partition table
•
basic disk
•
File
using
GPT partition
system Types / Formatting
style
can
have
128 partitions
EXFAT
•
extended file allocation table
-
flash drives that hold lots of data
•
FAT 32
•
4GB file
•
OK for flash drive
•
-
NTFS
new
•
Ms 05
system
encryption
4 permissions
put data
CD
on
NFS
network file
•
access
•
files
system
computer network
over
ext 3 , ext 4
linux file system
•
16GB
•
•
•
HFS
•
•
•
file
compact disk file system
-
'
,
CDFS
•
•
for
Compression
•
•
technology
de facto
•
•
limit size
-
16 TB
ext 4 hold
64,000 Subdirectories , ext 3--32.000
IEB
maximum ext 4 file system size
=
file
hierarchical
Old , replaced
Swap
by
system
for apple
HFS& and now
APFS
partition
Swaps from HD to RAM to increase virtual memory
Quick format us full format
full format on volume files youre formatting are removed to
for bad sectors
•
•
.
•
-
-
•
Load
•
format remove files but doesnt
quick format on volume
*
only used if your HD has previously been formatted
=
alternate
when
can
HD
use
third-party
cant be
hardware
drivers
found
,
load
when
driver
scan
scan
necessary
during
install so you
Workgroup
Domain
.
workgroups are
•
Domain
•
•
•
Properly
•
,
systems
centralized
no
systems
,
to
resources
to share
share
node
resources
client-server relationship
partition
install process
of
format
{ system
/ Upgrade path
=/ windows 10
for
partition
compatibility
Windows
•
of
system
Recovery
part
of
grouping
groups
centralized
Factory
setup
networking
peer-to-peer
•
0s
vs
7 RTM
SPI
7
boot
10
=
=/ 10
8
8 RTM =/ 10
8.1514
1. 4
•
-
Cd
Cd
i
everything
back a
go
.
ping
-
netstat
•
connectivity
test
Trace rt
•
trace
-
see
-
NS lookup
•
dism
•
•
Sfc
-
-
-
-
Tcp
first
-
•
taskkill
-
tasklist
•
•
to
run DIISM
diskpart manage
•
connections
shutdown
get
,
then
system
process
more
for
or
take
to
DNS
or
our
system
servers
restart * shutdown ?
.
gives
you
Mount { Service windows
corruptions
logical
processes
options
images
beforedeployme.int#
,
physical
or
need
errors
admin Perm
by image
name
,
doesnt fix
.
or
ID
ID
gp update group policy update be part of domain retrieve latest update
gpresult group policy result Shows Resultant set of policy tells what take
-
-
,
•
details
Sfc / Scan now
disk partitions
ends tasks
-
/ UDP
-
-
for
to remote end
file checker scan for
Chkdsk checks file
•
tall
Use
image servicing { manage
deployment
System
*
authoritative
who
Options
settings
path the packets
the
all
see
-
Shutdown
-
folder
level
-
•
in
Line
Change directory
-
.
*
IP config see network
•
Command
Microsoft
Navigation
dir
directory
•
10
=
-
-
effect
before it takes
effect
format
•
•
•
•
•
•
Copy Copy
MOVE
✗ copy
robo
Moves
-
-
-
net
-
commands
•
and dir ,
add
-
✗
copy w/
,
elevated
for
priv
system
right click start
Device manager
•
see how
.
Local
create
the
,
users and
group policy
preform ance
•
to
comp
.
See
.
vs
admin
.
manipulate
OS
manag
hardware is
security policy
like
•
priv
information
users and Groups
•
subdirectories
shared resources
find any command
available w/
standard
everything
Local
priv
system
Tools
{
in
mmc snap
-
.
doing
groups
but
only
for
this
machine
Monitor
how
services
your system
is
preforming
system
gives a list of running services
system configuration Cms config)
Manage windows startup and boot options
•
on
•
and preform ance
Task
em
use to
computer management
•
rectories
pfromatob pin %
'"
'
a :b : is / e
✗
copy
options
more
Microsoft
1. 5
next
user accounts
remove
sometimes need
•
to
including
connect , remove , config
user
help / ?
location
one
;
files
copy replace
-
C :/ format d :
use
file
Copies
"
•
data from
-
netuse
•
prepares disk for
-
,
troubleshoot
issues
scheduler
preform
•
component
Data
automatically
services
Config
•
routine tasks
and administer
COM
components , Comte , DTC
sources
•
•
applications need connection
manages database drivers
Print Management
•
manages
local
print jobs
to
on
database
system
and
sources
stability
Windows
•
memory diagnostics
defected physical
windows
•
-
BSOD ,
Firewall /defender
filters traffic
coming
Advanced security
set
-
memory
/ out of
,
your system
Windows defender
for
rules
in
crashing freezing
Event viewer
Where
•
user
acc
.
you
logs system /security / application
can see
,
management
Users and domain
•
Ms config
System config Gen
•
,
Task
,
boot , services
manager
app processes preform ance , networking
•
,
Disk
•
.
management
drive status mounting , initializing
assign / change drive letters ,
,
•
•
•
•
•
•
•
•
•
•
disk related
everything
system
-
make
Command
Services
-
.
-
changes
takes
Msc
-
•
extending partitions splitting
adding
do
can
,
drives /arrays storage
,
.
space
Cmd prompt
in elevated
to command
to
prompt
services
MMC
snap
-
in
console
sets up remote desktop connection
notepad built in utility simple word processing
explorer manipulate files 4 folders in Windows environment
-
-
-
Ms info 32
DXDiag
-
-
all
Sys
diagnostic
.
info
tool
current device youre
DirectX function
hardware problems
test
related
Disk
about
and
.
on
troubleshoot video
Defragm enter rearrange fragmented disk
System restore revert to previous software registry
-
windows update
or
-
,
•
part
system registry
management
Microsoft
MSTSC
to
takes you
sound
•
,
,
users
utilities :
reg edit
MMC
,
,
,
and driver
configuration
1. 6 Windows Control
Panel
Internet options
-
Connections
Display / settings
security general privacy programs
,
,
,
,
,
advanced
resolution , refresh rate , color depth
user accounts
•
create local accounts
Folder options
hidden files hide extensions view options general
•
•
,
system
•
pre for Mance , remote
Windows
,
,
settings system protections
,
Firewall
windows defender firewall
-
Power options
hibernate , power plans
•
credential manager
place for
•
Programs
•
Home
•
•
username
,
Slee / suspend ,
standby
/ Passwords
features
What
is
group
only
group
in
of
installed
windows
PC 's
on
on
system
7
home
network
that
Devices and Printers
•
all
peripherals connected
to Pc
Troubleshooting
good
Network
•
place to
and
start
sharing
center
Subnet mask , adapter , VPN
Bitlocker
•
encryption hardware
,
based
encryption
can
share
files { Printers
Application
1. 7
System
•
•
Config
Requirements
Drive space have
enough
-
RAM make sure
have
you
-
05 Requirements
•
{
install
space for partitions
enough
Compatibility
Methods for installation and Deployment
10cal (RD / OSB) all files are local
Network based retrieve files through direct
link
1. 8 Windows
on
•
-
•
-
Home group
•
•
Workgroup
.
Workgroup just
have to be
can
onto
log
domain
need a domain
Network share
set up
map
•
/
desktop
network
on
a
from
across the
controller
to share
network
a
hidden shares
•
client
setup
•
•
browsing
password
home group protected w/
Domain
•
V5
Networking
or
somewhere
by Administrative
pull down every
to
on
infrastructure
data
made
drive
world
shares
time
Printer sharing us Network printer mapping
printer sharing is very popular
you
reboot
.
•
•
connected
network printers
proxy settings
•
•
Working
on
your
config system
Home
get
to use
an invitation
us Work
.
•
Public
Alternative
us
so
Public
.
proxy
you
network
remote
can
•
Full
Auto
desktop
>
any
duplex go both ways
let it decide (both sides need to be
-
on
Use
their PC
Network connections
-
Wake
and
address
-
•
websites
rules
Control panel > Network and Internet
Network card properties
half duplex send / relieve at
time
•
IP & NIC { drivers
server
>
•
w/
network
network has more
IP
to
behalf , filter out questionable
Remote Assistance
•
directly
LAN
-
have
Nlc
wake
comp
.
up
Auto)
1. 9 Features of
Scheduled Backups
Copy files onto EHD
or
•
Patch management
third party apps
•
to
Mac Osh
Linux
network / Cloud { test
help
Anti-virus
•
Restore
•
need anti virus / malware
still
macs
-
snapshot
Migration Assistant
Disk maintinance
On Linux
•
-
du
Utilities
disk space , df
-
multiple desktops
Mac
On
•
Mission control
,
-
CD/DVD
access remote
fsck check { repair disk
-
,
multiple desktop
=
Remote disk
•
see free space
in another
machine
Boot camp
multiboot
•
on
Mac
Quiz questions
hardware
Linux commands
list (dir)
:
subn-et.IS
COPY
workgroups require
MAC
-
grep
•
Cd
•
-
-
Search for
Change directory
•
Shutdown
•
Pwd
MV
•
Cp
•
-
remove
chmod
•
•
-
•
directory
(deletes files
.
-
-
SU / Sudo
apt
Vi
•
another
Change file owner
1W Config / if config network/wireless
settings
PS list of currently running processes
-
•
to
-
-
-
•
and move file
Change file perm
-
Chown
•
off
Changes password
copy
-
system
text g. , ,
in
working directory
rename
-
-
rm
•
Shut
-
print
-
passwd
•
expressions
get
-
starts
Sudo
runs
visual file
from
a
dd copies blocks of data from
-
Stop
a
process
new
user
repository
to
update
editor
-
Kill
a
administrator
as
download files
Stare the
-
shell as
a new
w/ PID #
one
file to
another
Of files
-
same
Time Machine
Physical Security
2. 1
Measures
Mantrap
between 2
•
Badge
house from
Sandy
areas , like
Spongebob
reader
RFID
•
Security
NFC
or
to scan
badge
a
Door lock
card swipe , biometric , proximity lock , punch code
Hardware token
-
•
key
code
,
One time password
that
w/
correlates
server
server lock
lock servers
•
USB
in
rack
a
lock
dont want anyone
•
Privacy
•
USB
use
screen
other ppl
cant see
2. 2 Logical
Active
to
your
screen
Security
Concepts
Directory
windows , directory control
login script Folder redirection Domain Group
software Token
•
policy / updating
•
,
•
,
multi factor authentication ,
MDM Policies
•
•
•
mobile device
Whos
system
management
One stop shop for
responsible for
,
managing
sends
extra
,
code to
organization
Home folder , a ' unit
login
mobile devices
backups , data ownership , device update /Maintinence
Port
Security
switch
netword ad mins control who physically plug into
What happens once violation has occurd shutdown or blocking
MAC Address Filtering
great line of defense for network /System admires
•
•
-
•
•
Who
has access to
network based
on
hardware address
state
Digital
certificate
authenticate
Use to
•
verifies
-
web is
yourself
{ authenticates
secure
Anti-virus / Anti-malware
have this
always
•
helps
•
find and
you
Firewalls
rid of
get
filters traffic coming in /out
Hardware firewall actual device
•
-
viruses
of
-
packet
•
layer
filtering
{
3
Source
.
Stateful
Where
destination
came
it
,
Cor
network
software firewall
Application layer , NGFW
block content
de packet
from
User authentication / Strong
•
,
a
prevents
and
,
)
built
pc
into
OS
WAF
web
combines
all
-
them
against
app
firewall
protects web
3
attack
password
passphrases longer more complex
Change often dont use same
,
•
,
on
diff
"
acc
"
.
Muti factor Authentication
Something
•
Directory
•
•
you know
,
have , are
access
control
list
need permissions
to
access
smthng
allows use private network
Data Loss Prevention ( DLP )
•
how
we
keep
Access control
•
Access
control
Email Filtering
•
UTM
,
do
permissions
VPN
•
,
unauthorized
a
tunnel
data from
.
physically
leaking
or
run
internet
on
backbone
escaping
List
entries
DLP NGFW
,
by
( ACE ) to determine
who
has
access
to
object
2. 3 Wireless
Encryption
Protocols and
WEP
•
.
WPA
•
Wifi protected
-
WPAZ
•
•
•
not rec ,RC4
-
TKIP
•
AES Advanced
,
,
Single
factor , multi factor
Radius server dial in access , auth , centralized
-
Tacacs
-
UDP
Access
TCP ,
3
,
2
Ransome
Trojan
control
Service , more secure ,
ware
-
take
access
-
Rootkit
virus
-
•
-
or
worm
-
-
-
Send commands
package
-
Tools
•
and
Anti
-
•
•
•
manage for
auth config
Tools
all
for
for advertisers
money
legit program
like
everything
file
multiple
to
together
look
,
crawl
to
spy
systems (zombie)
through system
on
you and benefit
from
it
.
evolved
now
capture data
virus
Recovery
-
goes against younger
console / Backup Restore
End user education
Software Firewalls
DNS
to
to
methods
Anti-malware
•
,
kernel level , control
Spyware way
•
Central
Malware
lock data
replicate , attached
Botnet
•
access point
profiles
package
gain
Keylogger -10g Keystrokes
•
talk to
(malicious software )
Malware
•
server
factor
Preventing
2. 4
•
IV attacks , use TKIP
against
access , better
Key Integrity protocol rotation of keys
Encryption standard Sy metrical encryption
-
-
-
IV weakness
,
Temporal
-
-
•
Algorithm
.
current , best system , use CCMP w/ AES
-
Authentication
•
security
{ Auth
-
configuration
-
malware
backups
saved
teach everyone what
filter out
-
-
some
to
look for
traffic
DNS compromised , not
actual website
.
verify
DNS t static ARP
.
Social
2. 5 Engineering
Threats Vulnerabilities
,
,
Social Engineering
phishing trying to get you to click on things
Spear phishing goes after specific individuals
Impersonating pretending to be someone else
Shoulder surfing looking over someones shoulder
-
•
•
-
-
-
-
•
•
-
Tailgating walking
-
in after someone
Diving looking through
Dumpster
trash
-
for
sensitive
info
.
DDOS
attacker
•
DOS
Distributed
-
→
zombies
→
victim
service
system overloading
Zero Day
you dont know about it
system
another
one
-
of
service
command handler → multiple
denial of
-
Denial
-
•
Man
-
in
the
-
-
.
antivirus
stream to
Brute-force
•
tries
every password combination
Dictionary
•
Using
Rainbow
common
words
Comparing hashes
spoofing
as
Using
to
someone else s
users and
,
not
•
.
IP , Mac , DNS
Allow
guest
.
admin
us
give
.
both
deny
shared Files and Folders
•
•
guess
admin
engineer
or
anything
shares
permission
inheritance
vs
.
local shares
propagation
else
pretending
to be
them
digitally
security settings
Standard
Share permissions
have to
•
user ,
standard
beyond
vs
to
Groups
Admin Power
NTFS
get your data that youre sending
password guessing
reverse
2. 6 Windows
•
before
Table
'
•
seen
middle
between communication
'
cant protect , never
user
System
files and folders
hidden for
•
SSO
-
security
single sign on
sign
•
Run
as
on
only
Admin
Standard
•
or
and have
once
vs
until
Bit Locker
•
encryption
-
tied
EES
-
encrypted
to
Password
Strong
pass
-
Platform Module
file system
encrypt
best
everything
token to
need
chip
files
bunch of
a
Secure
2. 7
•
you
to Trusted
Used
•
to
access
Standard
.
user
deletion
,
make
change
a
as
admin
Mb
on
w/
else
NTFS
,
transparent public key
workstation
a
practice
passphrase
expiration
60-120
days
-
more
complex longer expiration
,
Screensaver required password
BIOS / UEFI password
•
'
Account
Management
restrict
•
logon
•
•
•
perm
user
.
time restrictions
-
M F
6am
-
-
disable guest acc
failed attempts lockout Account
-
timeout / screen
•
change
•
7pm
-
from
lockout in
local
admin
user / Pass
-
cant be
Basic Active Directory functions
account creation / deletion /disable
•
password reset /
Disable Auto run
automatically
Encryption
•
Data
•
Unlock account
CD / USB
run
,
rest
data
transit also needs
in
,
on
HD
,
horrible for
needs to
data at
•
Sec
.
policy
lock
default
-
Cmd line
encrypted
be encrypted
be
to
security
locked out
2. 8
Mobile Devices
Securing
Methods
of
securing
mobile
device
Remote wipe
•
Locator Application
Remote backup application
-
•
failed
•
attempts
login
restrictions
Antivirus / Anti-malware
•
patching / 05
•
-
Biometrics authentication
Full device
•
•
encryption
Multi factor authentication
•
•
updates
authenticator applications
Trusted sources vs. Untrusted
-
•
sources
Firewalls
policies { procedures
2.9 Data
Destruction { Disposal
physicaldest-rut.cn
Shredder
-
grinds
•
•
into
particles
Drill / Hammer
WACK
-
WACK
Electromagnetic ( Degaussing)
-
•
move
bits
of data from device
Incineration
•
Hot Hot Hot
•
-
devices
Certificate of destruction
-
Send them off
and get certificate
Recyclingorrepurposing
•
low level format
-
'
•
format
Standard format
.
vs
.
everyday
format
Overwrite
•
•
factory
us
Drive
write
a
bunch of
0 's and
1 's
(binary)
wipe
•
wiping
drive
w/
format
command
but data
could
still be
present
2.10
•
Security
Change
Set
wireless
default SSID
encryption
-
router name
-
WPAZ personal
auth
on
us
.
router
enterprise
doesnt
disable
•
,
server
broadcast
SSID
Antenna and access point placement
Radio
-
pre shared key
have
on
auth
•
Networks
Specific
Wireless
•
wired {
WPS
•
-
power levels
-
broadcasting
protected
Wi fi
-
at
setup dont
100%
use
-
,
very
congested
number to connect devices
-
change default username d. Password
Change to something only you know default easily
,
•
Enable MAC Filtering
black or white list MAC addresses
•
static
'
IP
or
done w/ either
Usually
Port
WAN
Content
•
can
Update
-
built into
Forwarding
run
•
web server
LAN
or
private
WAN
on
devices
most
from
,
might
overwrite
monitor
or
filter
.
forwards
to
it
questions
specific port inside
*
Set time of
Firmware
software
day
minecraft
✗
Permission propagation
*
patching and updates
can
you to
come
from
in
restrict
various
windows
=
FALSE
permissions
renders
_-
system
server
for specific device that tells it how to
from parent folders
allows
Java
restrictions
:
✗ YOU cannot block inheritance
you
white / blacklist
,
IP ,
ISP
the
Filtering /Parent controls
little peice of
Quiz
spoofing
w/ DHCP ?
static
Firewall settings
•
w/
tricked
be
Addresses
dynamic
•
,
hackable
on
TRUE
child
objects
=
FALSE
function
3. I Troubleshoot
Windows
OS
com-monsympt-ms.SI
Preform once
0W
malware , not
-
too many
•
enough system
resources , disk
highly fragmented
processes , hard drive too full , update
background
in
,
background
Limited connectivity
far from AP or atenna interference power issues
Failure to Boot / no 05 found
hardware issue no 0s bad driver HD not prop formatted wrong
master boot record or Boot config data corrupt or missing
Application crash
Bad update new install hardware , poor app creation malware
•
,
•
,
•
,
,
,
,
.
Boot device
•
-
•
•
blue
-
•
,
overheating
screen
hardware monitor / mb , driver
not
Services
•
•
hardware , driver
overheat,
labeling
,
power
not
installed wrong driver, permissions , Cabe / ing jamed
failed to start
set to
start
auto
,
driver
,
malware ,
Slow Bootup
too many start processes Hardware ,
Slow profile load
,
•
loading roaming
profile
dependencies
•
•
from domain , too
many
Hard drive
everything
Reboot
•
•
puts
the
in
one
Always
Kill task
•
Kill
Specific
process
arent
malware , boot time scan ,
commo-E-ins.DE
fragment
offline
,
,
-
•
,
printer issues
•
•
,
,
CBSOD)
screen
black
•
•
,
place to
run
faster
starting
update install
logon
scripts
through
active
AD
directory
Restart
•
services
.sc
-
update network settings
IP Config / release :/ renew
-
'
Reim age / Reload 05
-
•
Use
recovery
partition
Rollback updates /device drivers
-
•
Cmd
in
bad update , paused
Apply
poor wifi
or
updates
patch bug { vulnerabilities
•
Repair Application
if
•
•
Update
-
crashing
keeps
boot order
05
no
Disable
plugged in
make sure cables
,
windows services
/ applications
disable starting at boot
Disable Application Startup
•
•
'
•
Task
Manager disable
Safe Boot
Change
•
•
Rebuild
,
windows
Manager
app from starting
up
@
boot
profile
corrupt
& Resolve
TS
3. 2
Task
Driver , F8 function
something
-
,
PC
Sec
.
Issues
COMMptrns
•
Pop
-
•
-
w/
an
ad
that
lets you
know
gets you
youre
or
anti-malware
malware , botnet / Zombie
Internet
-
rogue
leaving
the
alerts
anti virus
-
that
Slow preform once
-
•
window
Security
•
•
a
to
click
Browser Redirection
•
•
ups
connectivity
issues
DHCP / DNS
Mi TM
,
alerts
webpage
on
something
-
Rogue
•
,
legit copy
-
•
system
•
Invalid
the
while
anti
-
Update
out
regarding
users
missing
email
domain
Disable
dont
network
,
its
safe
spoofing
name
on
Cert
infected
missing objects
system
cable
first , unplug
spread
that has malware
it
on
system
update anti-malware , scan and remove
Schedule scans and runs updates
-
6.
Enable
7.
put
Educate
sure
system
malware ?
Restore
state
save
Make
wrong
Removal
files , slow ,
malware doesnt
System
Remediate
files , renamed
infected
make sure
•
you
USB
,
Researching malware symptoms
going on to make you think you have
Take off
•
didnt push
and
Whats
-
telling
is
virus
compromised infected
Malware
•
5.
admin
w/o admin control , malware , rootkit
incorrect,
Quarantine
•
4.
ramprd
certificate trusted Root CA)
-
3.
from
Identify
•
.
Email
3. 3
2.
Sec
Files
credentials
-
,
Files
responses
•
1.
run
Malware , rootkit, login
Hijacked
-
properly
,
doesnt happen
Disappearing
'
Windows OS didnt update
of
Anti-virus
Renamed
•
files
deletion of
letting things
•
•
Malware
crash
Update Failure
-05
•
lockup / application
PC /OS
•
doesnt
come
Restore
and
back
,
run
create
,
scans
restore
install
scanner
in safe mode
daily AYAM updated daily
,
point
date and time incase
end
user
What to do , what
not
to
do
,
not
IT
people
,
what to
look for
3. 4
Mobile
App
05
issues
Ctmmonsymptoms
Wireless
•
•
connectivity
battery too low
Cant
•
wireless int
•
Apps
-
ext
broadcast
05
,
,
monitor
graphics
card , cable , extended
or
duplicate
screen in
settings
loading
not
need network connectivity , malware
Unable to decrypt email
-
-
•
•
NO
-
Overheated
driver
,
Malware, bad update, app
issue , bluetooth
paired ?
computer, stored
on
/ weak
Wifi
cellular tower
•
,
battery
access
,
,
over
bluetooth / wifi
limit
rogue app malware
Unauthorize location app
•
,
•
•
•
High
•
rogue
app malware
,
resource
malware
,
utilization
rogue
Quiz questions
Cmd
line tool
airplane
mode
level
point AP 's that ISP
physical security , pass compromised Unintended
Data transmission
issues
connection
dont connect to any open
Leaked
personal files / data
-
security
signal
interference , too far from
Unintended
phone
App
-
•
hanging
errors
Signal drop
•
•
Overuse
Mobile 0s
3.5
•
,
connect to
•
algorithm
from speakers
water ,
App log
•
certificate , wrong
,
system
sound
•
key bad
incorrect
Frozen
•
restarted phone
app havent
,
in
a
while
:
allows
will
to
keep
pause
,
stop
bluetooth
or
start
from
service
pairing
=
SC exe
.
control
=
bad
4. 1
Types
Topology diagram
Network
network
Logical
Knowle de
-
base
Self serve
triage
Regulatory
What
password
•
from
how
-
steps
,
/ first responder
use
can
,
who
etc
reported , when
.
noticed , who took
steps taken , resolution lesson learned
,
to
should
age , pass
,
control
be
history complexity
management
tags barcodes track inventory
,
follow
and cant do , administrative
policy
the password
length min pass
asset
,
policy
,
•
product , topic
and compliance policy
you
Inventory
abt
beginning date / time
different regulations you need
Acceptable
-
of info
library
documentation
document
•
topology
/ articles
online
-
Incident
'
Documentation
of
,
,
Max
passage
report
4.2 Basic Change Management
Documented Business Processes
a business
•
purpose
of
.
and
scope
Risk
ensure
big
CM team
steps that
of
of the
how
is
change management
Sequence
•
interrelated processes
of
group
a
Companies have repeatable processes , documentation
•
•
is
project
intended
meets
follow
crucial
to drive
apply
guide
for employees
individual trans
outcomes
change
is
Analysis
change
,
will
what
it
affect , who
involved , snowball ?
BAD
"
something happening is it worth it does change intro
how are we handling risk? mitigation transfer acceptance avoid
Plan for change
of
probability
•
,
,
-
•
Who and
•
•
,
,
extra
,
impacted
to stakeholders
what
communicate
End-user Acceptance
-
communication
change
•
is
Board
that
A board
key training important
,
approve
or
reject
the
change
Back out Plan
help
•
bad
in
event , make
a
plan
Document changes
Document everything
•
4. 3 Disaster Prevention d. Recovery
Backup
and
image
•
.
,
Make sure
backup is
Uninterruptible
Cloud
•
storage
us
something
power
local
.
Active
,
data
your
business
has to
supply
storage
backups
backup
best if
physical damage
options
directory
,
off
have
working
local backups quick , Cloud
Account Recovery
•
and
testing
UPS
•
,
up , 0s files , Applications
backed
backup just files
Critical application
Backup
•
Recovery
everything
level
File level
•
.
site
domain
controller
synced
up
risk
Safety Procedures
4. 4
Equipment Grounding
electricity grounded
•
bag
antistatic
•
Toxic waste
,
ESD
battery toner
Personal safety
•
,
,
fire
elec
shock
Straps / mats , self
CRT , cell phone, tablet
safety
Compliance W/
grounding
center
disconnect power before
•
no
handling
Take to recycle
•
so
,
opening
cable
jewellery lift
up , remove
,
management safety goggles
,
tech , weight limit ,
air filter
,
mask
Regulations
Government
OSHA
•
Environmental
4.5
document
MSDS
•
Material
Impacts
for handel ing
Safety
Data Sheet basic info
,
chemical
on
product
HOW to handle it safely
Temp , humid level awareness
•
have
•
Power
proper
surges
have
•
,
ventilation
brownouts
,
humid
.
low
45 -55%
ESD
not
encouraging
blackouts
UPS / surge protector Backup services
.
.
Generators
Stuff
Addressing
4. 6
but
Incident Response
First
•
•
Chain
Open
identify
,
report
Regulated
of
custody tracking
-
source us
.
Commercial
,
license
End User
,
changes
documenting
Personal license
License
process
us
.
enterprise
Agreement
Data
-
-
-
•
evidence /
preservation
personally Identifiable info Stuff abt you
Pcl / Dss
payment card industry how youu protect credit
GDPR General Data protection regulation if you resell data
PHI protected health info HIPPA but w/
payment
PII
•
data /device
,
documentation / documentation
Digital Rights Management
•
•
-
/ DRM / EULA
Licensing
•
response
of
Use
'
•
-
-
-
-
-
cards
license
low
4. 7 Professional communication
Use
•
proper
language
Dont talk above them
•
Try
•
to
not
dont
•
slang
use
have
•
actively
•
•
-
•
listen , no
be
culturally
be
on
time
interruption
sensitive
-
let them
-
Avoid distractions dont
Dealing
-
w/ difficult
dont
argue
clarify
Set and
-
•
deal
-
PSI
Sh
•
-
powershell script
JS
-
'
,
Object
-
basic
Visual
dont talk w/ coworker
,
-
judgemental
questions , dont disclose exp
open ended
status
communicate
sensitive
be
material
Scripting
execute
Comm
at
(Cmd
cmd
Management scripting
.
)
exe
tool
linux
oriented
javascript functions
environment
•
files
,
Vbs
-
-
-
,
situations
or
Of
dos
w/
convo
dont be dismissive dont
customer
Types
Py Python
•
w/
batch file
-
.
expectations /timeline {
Shell executable for
-
,
their statements
meet
File
bat
•
customers
Basics
Script
Sir dr
phone , have
look at
be defensive
appropriately
4. 8
-
,
titles
use
know
,
>
acronyms
positive attitude
confidence
maintain
•
bunch of
use
to open
script
,
close
AD folders
windows
move
copy files
variables
Variables defined
pass info
into
for
current shell
inherited
,
child shells
by
processes
comment syntax
add
•
comments
Python
•
Basic
-
#
•
•
script
•
-
-
Batch files
-
rem
constructs
Variables
Integers
Strings
why
Javascript -11
Basic 100ps
•
for
-
-
if then
loop
,
do while
defining temporary
Whole # 's
Sequence
,
+
of
or
-
,
loop
holders
start
characters
for data
✗=
"
hello world
at 0
as
constant
or
variable
"
,
on social
media
Remote Access
4. 9
Technologies
RDP
-
•
remote
desktop protocol ,
looks
like
were
3389
sitting
at
another
Telnet
•
•
remote
23
-
connectivity
to
config
switches
,
routers
,
plain text , txt based
un secure
SSH
•
•
secure
22
,
authentication
Third
•
shell secure
party
quiz
21
tools
screen share
4.x
=
telnet
feature
,
file share
,
PUTTY
:
chain of
custody
PCI , Sox , HIPAA
=
to
regulatory
document evidence
policies
system
Download