A+ CORE 2 (220-1102)
Friday, April 7, 2023
2:43 PM
220-1002 OBJECTIVES (90 Questions Max/ 90 minutes / 700 to Pass)
1.0 - Operating Systems (31%)
1.1 Identify basic features of Microsoft Windows editions
○ Windows 10 editions
• Home: Designed for home users, with basic features like Cortana and the Edge web browser, but lacks
some business-oriented features like domain access, Remote Desktop Protocol (RDP), and BitLocker.
• Pro: Designed for small businesses, with added features like domain access, Remote Desktop Protocol
(RDP), and BitLocker.
• Pro for Workstations: Designed for power users and professionals with high-end hardware, with
features like support for up to 6TB of RAM, ReFS file system, and support for non-volatile memory
express (NVMe) and persistent memory.
• Enterprise: Designed for large organizations with advanced security features, including Windows
Defender Application Guard and Credential Guard.
○ Feature differences
• Domain access vs. workgroup: Home and Pro editions can only join a workgroup, while Enterprise
edition can join a domain.
• Desktop styles/user interface: The Home edition does not support the ability to change the desktop
wallpaper, and it does not include the Group Policy Editor (gpedit.msc) tool.
• Availability of Remote Desktop Protocol (RDP): Only the Pro, Pro for Workstations, and Enterprise
editions support RDP.
• RAM support limitations: Home and Pro editions have limitations on the amount of RAM they support,
while Pro for Workstations and Enterprise editions support larger amounts.
• BitLocker: Only the Pro, Pro for Workstations, and Enterprise editions support BitLocker drive
encryption.
• gpedit.msc: Only the Pro and Enterprise editions include the Group Policy Editor (gpedit.msc) tool.
○ Upgrade paths: All editions of Windows 10 can be upgraded to a higher edition through an in-place upgrade,
except for the Enterprise edition, which requires a clean install.
1.2 Given a scenario, use the appropriate Microsoft command-line tool
○ Navigation
• cd: Changes the current directory to another directory.
• dir: Displays a list of files and folders in the current directory.
• md: Creates a new directory.
• rmdir: Deletes a directory.
• Drive navigation inputs of C: or D: or x:: Changes the current drive to the specified drive.
○ Command-line tools
• ipconfig: Displays information about the network configuration, including IP addresses, subnet masks,
and default gateways.
• ping: Tests network connectivity by sending an ICMP echo request to a destination IP address or
hostname.
• hostname: Displays the name of the current computer.
• netstat: Shows active network connections, protocol statistics, and network interface information.
• nslookup: Queries the DNS server to obtain domain name or IP address mapping information.
• chkdsk: Checks a disk for errors and repairs them if possible.
• net user: Manages user accounts on the local computer or a remote computer.
• net use: Connects to or disconnects from shared resources, such as network drives and printers.
• tracert: Traces the path that a packet takes from the local computer to a remote destination.
•
•
•
•
•
•
•
•
•
•
•
•
format: Formats a disk drive or a partition.
xcopy: Copies files and directories, including subdirectories and files that match specified file types.
copy: Copies one or more files from one location to another.
robocopy: Copies files and directories with advanced options, including the ability to resume
interrupted transfers and copy permissions and attributes.
gpupdate: Updates group policy settings on the local computer or a remote computer.
gpresult: Displays the applied group policy settings on the local computer or a remote computer.
shutdown: Shuts down or restarts the local computer or a remote computer.
sfc: Scans and repairs system files.
[command name] /?: Displays help for the specified command.
diskpart: Manages disk partitions and volumes.
pathping: Traces the path that a packet takes from the local computer to a remote destination,
showing the round-trip times for each router along the way.
winver: Displays the version of Windows installed on the computer.
1.3 Given a scenario, use features and tools of the Microsoft Windows 10 operating system (OS)
○ Task Manager
• Services: This tab displays the list of services that are currently running on the computer, along with
their status, startup type, and description. You can start, stop, or restart services from this tab.
• Startup: This tab displays the list of applications and processes that are configured to start
automatically when the computer boots up. You can enable or disable startup items from this tab.
• Performance: This tab displays real-time information about the computer's hardware usage, including
CPU, memory, disk, and network usage. You can use this tab to monitor the performance of the
computer and identify any bottlenecks.
• Processes: This tab displays the list of running processes on the computer, including their names, CPU
and memory usage, and status. You can use this tab to end processes that are consuming too many
resources or causing problems.
• Users: This tab displays the list of users who are currently logged on to the computer, along with their
session ID and status. You can use this tab to log off or disconnect users, or to view the processes and
resource usage of each user.
○ Microsoft Management Console (MMC) snap-in
• Event Viewer (eventvwr.msc): It is a tool to view and manage system event logs.
• Disk Management (diskmgmt.msc): It is a tool to manage disks, partitions, and volumes.
• Task Scheduler (taskschd.msc): It is a tool to create and manage automated tasks or scripts.
• Device Manager (devmgmt.msc): It is a tool to manage system devices and drivers.
• Certificate Manager (certmgr.msc): It is a tool to manage digital certificates.
• Local Users and Groups (lusrmgr.msc): It is a tool to manage local user and group accounts.
• Performance Monitor (perfmon.msc): It is a tool to monitor and analyze system performance.
• Group Policy Editor (gpedit.msc): It is a tool to manage system policies and configurations.
○ Additional tools:
• System Information (msinfo32.exe): It is a tool to view detailed system information, including
hardware and software components.
• Resource Monitor (resmon.exe): It is a tool to monitor system resources such as CPU, memory, disk,
and network usage.
• System Configuration (msconfig.exe): It is a tool to manage system startup settings, services, and boot
options.
• Disk Cleanup (cleanmgr.exe): It is a tool to free up disk space by removing unnecessary files.
• Disk Defragment (dfrgui.exe): It is a tool to optimize disk performance by rearranging fragmented files.
• Registry Editor (regedit.exe): It is a tool to view and manage the system registry, which contains
configuration settings for the system and installed applications.
1.4 Given a scenario, use the appropriate Microsoft Windows 10 Control Panel utility
○ Internet Options - allows you to manage various Internet settings, such as security, privacy, content, and
connections.
○ Devices and Printers - allows you to view and manage the devices connected to your computer, including
printers, cameras, and smartphones.
○ Programs and Features - allows you to view and manage the installed programs and features on your
computer, including uninstalling programs.
○ Network and Sharing Center - allows you to view and manage your network connections and sharing
options, such as file and printer sharing.
○ System - allows you to view and manage system settings, including system information, device manager, and
performance settings.
○ Windows Defender Firewall - allows you to manage the Windows Firewall settings, including enabling or
disabling the firewall, creating firewall rules, and configuring notifications.
○ Mail - allows you to manage your email accounts and settings, including adding and removing email
accounts, changing email settings, and setting up email signatures.
○ Sound - allows you to manage your computer's audio settings, including playback and recording devices,
volume, and sound effects.
○ User Accounts - allows you to manage user accounts on your computer, including creating and deleting user
accounts, changing account settings, and managing passwords.
○ Device Manager - allows you to manage hardware devices installed on your computer, including updating
drivers, enabling or disabling devices, and troubleshooting device issues.
○ Indexing Options - allows you to manage the Windows search indexing settings, including adding or
removing indexed locations and optimizing the search index.
○ Administrative Tools - provides access to various administrative tools, including Event Viewer, Task
Scheduler, and Services.
○ File Explorer Options
• Show hidden files - this option allows you to see files and folders that are normally hidden from view.
These files may include system files, hidden files, and other files that Windows does not want you to
see by default.
• Hide extensions - this option hides the file extensions (e.g., .docx, .pdf, .jpg) for known file types in File
Explorer. This can help to keep the file names cleaner and easier to read, but can also make it harder to
identify different file types.
• General options - this section contains general settings for File Explorer, such as changing the default
folder view, opening File Explorer to This PC instead of Quick Access, and clearing the File Explorer
history.
• View options - this section contains more detailed settings for customizing the way File Explorer
displays files and folders. This includes options for changing the icon size, enabling or disabling file and
folder thumbnails, changing the default sorting order, and more. You can also choose to apply these
settings to all folders or just the current folder.
○ Power Options
• Hibernate - this option allows you to save all open files and running programs to the hard drive, and
then turn off your computer completely. When you turn your computer back on, all open files and
programs will be restored to their previous state. This can be useful if you need to leave your computer
for a period of time but want to resume your work quickly when you return.
• Power plans - this option allows you to choose from pre-set power plans that control how your
computer uses energy. These plans include Balanced, Power Saver, and High Performance, and can be
customized to suit your needs.
• Sleep/suspend - this option puts your computer into a low-power state, saving energy while still
keeping the computer running. All open files and programs are saved to memory, and the computer
can be quickly resumed from this state by pressing a key or moving the mouse.
• Standby - this option is similar to sleep/suspend, but the computer uses even less power and takes
longer to resume. Standby is rarely used on modern computers, as sleep/suspend provides a better
balance between energy savings and speed of resuming.
• Choose what closing the lid does - this option lets you choose what happens when you close the lid of
your laptop. You can choose to do nothing, turn off the display, put the computer to sleep, or shut
down the computer.
• Turn on fast startup - this option allows your computer to start up more quickly by saving system
information to a file when you shut down your computer. This information is then used to quickly
restore the system state when you turn your computer back on.
• Universal Serial Bus (USB) selective suspend - this option allows you to save power by suspending
power to USB devices when they are not in use. This can be useful for laptops and other portable
devices, as it can help to extend battery life.
○ Ease of Access - allows you to manage accessibility settings, including visual, auditory, and input assistance, to make
the computer easier to use for people with disabilities
1.5 Given a scenario, use the appropriate Windows settings
○
○
○
○
○
○
○
○
○
○
Time and Language: Allows users to configure their time zone, date and time formats, and language settings.
Update and Security: Provides access to Windows Update, device security settings, and recovery options.
Personalization: Allows users to customize the appearance and behavior of their desktop, taskbar, and Start menu.
Apps: Allows users to manage and uninstall their installed applications, and configure app-related settings.
Privacy: Provides access to settings for managing how apps and services collect and use data.
System: Provides access to settings for managing system-wide features and configuration options, such as storage,
display, power, and notifications.
Devices: Provides access to settings for managing and configuring external devices, such as printers, scanners, and
Bluetooth devices.
Network and Internet: Provides access to settings for managing network connections and Wi-Fi settings.
Gaming: Provides access to settings for managing game-related features, such as Game Bar, Game DVR, and Xbox
Game Pass.
Accounts: Allows users to manage their Microsoft account settings, sign-in options, and user account preferences.
1.6 Given a scenario, configure Microsoft Windows networking features on a client/desktop
○ Workgroup vs. domain setup:
• Workgroup: A workgroup is a collection of computers on a network that share resources, such as files
and printers. In a workgroup setup, each computer manages its own user accounts, and users need to
provide separate usernames and passwords to access shared resources on other computers.
• Domain: A domain is a centralized network setup managed by a server computer called a domain
controller. Users log in to the domain controller to access shared resources, and administrators can
manage user accounts and security settings from a single location.
• Shared resources, printers, and file servers: In a network setup, shared resources such as printers and
file servers are made available to other computers on the network. This allows users to access and
share files and resources from different computers.
○ Local OS firewall settings: The firewall in Windows is designed to block incoming traffic that might be
harmful to your computer. The firewall can be configured to allow or block specific applications, and
exceptions can be created for certain types of traffic.
○ Client network configuration:
• IP addressing scheme: IP addresses are used to identify and communicate with other devices on a
network. In a client desktop, IP addressing can be configured using DHCP (dynamic host configuration
protocol) or by assigning static IP addresses manually.
• DNS settings: DNS (Domain Name System) resolves domain names to IP addresses. DNS settings can be
configured to automatically obtain DNS server addresses from the network or to use specific DNS
servers.
• Subnet mask: A subnet mask is used to define the network address and the host address in an IP
address. It is used to determine the network segment to which an IP address belongs.
• Gateway: A gateway is a device that connects two different networks. It allows devices on one network
to communicate with devices on another network.
• Static vs. dynamic: Static IP addresses are manually assigned and do not change, while dynamic IP
addresses are automatically assigned and can change.
○ Establish network connections:
• VPN: A virtual private network (VPN) allows a user to connect to a remote network securely over the
internet.
• Wireless: A wireless connection allows a client desktop to connect to a network wirelessly.
• Wired: A wired connection allows a client desktop to connect to a network using an Ethernet cable.
• WWAN: Wireless wide area network (WWAN) is a wireless network that provides internet access to
○
○
○
○
mobile devices using cellular networks.
Proxy settings: Proxy settings are used to configure the client desktop to use a proxy server to access the
internet.
Public network vs. private network: In Windows, a public network is one that is not trusted and has limited
access to shared resources, while a private network is a trusted network with access to shared resources.
File Explorer navigation – network paths: File Explorer can be used to navigate to and access shared
resources on a network using network paths.
Metered connections and limitations: Metered connections are network connections that have a limited
data allowance, such as cellular networks. Windows can be configured to limit data usage on metered
connections to reduce the risk of exceeding the data allowance.
1.7 Given a scenario, apply application installation and configuration concepts
○ System requirements for applications
• 32-bit vs. 64-bit dependent application requirements: These refer to the type of software that can run
on the operating system. Windows 10 Home, Pro, and Enterprise all come in both 32-bit and 64-bit
versions, while Windows 10 Pro for Workstations only comes in 64-bit. Most newer applications are
designed to run on 64-bit operating systems, which offer better performance and more memory
support.
• Dedicated graphics card vs. integrated: This refers to the type of graphics processing unit (GPU) that a
computer has. A dedicated graphics card is a separate component that is designed solely for graphics
processing, while integrated graphics are built into the CPU and share system resources with the rest
of the computer. Dedicated graphics cards are generally more powerful and offer better performance
for tasks such as gaming and video editing.
• Video random-access memory (VRAM) requirements: This refers to the amount of memory that a
graphics card has for storing textures and other data related to rendering images on a display. More
VRAM generally means better performance, especially for higher-resolution displays.
• RAM requirements: This refers to the amount of memory (RAM) that a computer needs to run an
operating system and its applications smoothly. Windows 10 Home requires at least 1 GB of RAM for
32-bit versions and 2 GB for 64-bit versions, while Windows 10 Pro, Pro for Workstations, and
Enterprise require at least 2 GB of RAM for 32-bit versions and 4 GB for 64-bit versions. However, more
RAM is generally better for running multiple applications or working with large files.
• Central processing unit (CPU) requirements: This refers to the type of processor that a computer has,
and the speed and number of cores it has. Windows 10 requires a minimum of a 1 GHz or faster
processor, but faster and more powerful processors can improve performance, especially for
multitasking and running resource-intensive applications.
• External hardware tokens: These are physical devices used for authentication and security purposes,
such as smart cards or USB security keys. Windows 10 supports a variety of hardware tokens and has
built-in support for biometric authentication through fingerprint readers and webcams.
• Storage requirements: This refers to the amount of disk space that an operating system and its
applications need to be installed and run. Windows 10 Home requires at least 16 GB of free space for
32-bit versions and 20 GB for 64-bit versions, while Windows 10 Pro, Pro for Workstations, and
Enterprise require at least 32 GB of free space for 64-bit versions. However, more storage is generally
needed for storing data and installing additional applications.
○ OS requirements for applications
• The compatibility between an application and the operating system it is installed on is crucial for the
application to function correctly. An application designed for Windows 10 may not work on Windows
7, for example.
• Another important aspect is the bit version of the operating system. Applications designed for a 32-bit
OS may not work on a 64-bit OS, and vice versa. It is essential to know which bit version the application
is designed for before installing it on an OS.
• Furthermore, a 64-bit OS can handle larger amounts of memory and data than a 32-bit OS, so
applications that require more memory or process larger amounts of data may require a 64-bit OS to
operate efficiently. However, not all applications require a 64-bit OS, and a 32-bit OS can run many
applications without issue. It is important to check the application's system requirements to determine
if it requires a 32-bit or 64-bit OS.
○ Distribution methods
• Windows can be distributed to users through different methods, including physical media and
downloadable files.
• Physical media refers to the use of CDs, DVDs, or USB flash drives to install or distribute Windows. This
method is often used for retail sales, as users can purchase a physical copy of the Windows software
and install it on their computer.
• On the other hand, downloadable files are often provided by Microsoft or other authorized sources,
allowing users to download the Windows installation files directly from the internet. This method is
convenient as users can download the files from anywhere with an internet connection and install
them on their computer.
• ISO mountable refers to the ability to mount the Windows installation files onto a virtual drive in order
to install or distribute the software. This method is often used by IT professionals who need to install
Windows on multiple computers, as it allows them to create a master copy of the installation files and
easily distribute it to other computers without the need for physical media.
○ Other considerations for new applications
• Impact to device: The installation of new applications can have an impact on the performance of the
device. The new application may require additional system resources, which can lead to slower
performance and longer boot times. Additionally, the new application may conflict with existing
software or cause instability.
• Impact to network: New applications may require access to the network, either to download updates
or to communicate with other devices. This can impact network performance and security, as the new
application may introduce new vulnerabilities or require additional network bandwidth.
• Impact to operation: The installation of new applications can impact the day-to-day operation of a
device. Users may need to learn how to use the new application, which can require additional training
or documentation. Additionally, the new application may change the way that users interact with the
device or with other software, which can impact productivity.
• Impact to business: Installing new applications can have a significant impact on a business. The new
application may require additional licensing fees or hardware upgrades, which can impact the budget.
Additionally, the new application may require changes to existing workflows or business processes,
which can impact productivity and profitability. Finally, the new application may introduce new
security risks or compliance concerns, which can impact the reputation of the business.
1.8 Explain common OS types and their purposes
○ Workstation OSs: These operating systems are designed for personal computers or workstations, which are
used by individual users for general computing tasks. Some examples of workstation OSs are:
• Windows: Microsoft Windows is a popular OS for personal computers, used in home and business
environments.
• Linux: Linux is a free and open-source OS, popular among developers and IT professionals. It is widely
used in server environments, but can also be used as a desktop OS.
• macOS: macOS is the operating system used on Apple Macintosh computers. It is designed to be userfriendly and intuitive, and is popular among creative professionals.
• Chrome OS: Chrome OS is a lightweight operating system designed for use on Chromebooks and other
devices that primarily use web applications.
Cell
phone/tablet
OSs: These operating systems are designed for mobile devices such as smartphones and
○
tablets. Some examples of cell phone/tablet OSs are:
• iPadOS: iPadOS is the operating system used on Apple iPads. It is similar to iOS but includes additional
features optimized for use on a larger screen.
• iOS: iOS is the operating system used on Apple iPhones. It is designed to be simple and intuitive, with a
focus on user experience.
• Android: Android is a mobile operating system developed by Google, used by many different device
manufacturers. It is designed to be flexible and customizable.
○ Various filesystem types: Filesystems are the way that data is organized and stored on a computer's hard
drive or other storage devices. Some common filesystem types include:
• New Technology File System (NTFS): NTFS is a proprietary filesystem developed by Microsoft. It is used
primarily on Windows computers.
• File Allocation Table 32 (FAT32): FAT32 is an older filesystem used primarily on smaller storage devices
such as USB drives.
• Third extended filesystem (ext3): ext3 is a popular filesystem used on Linux computers.
• Fourth extended filesystem (ext4): ext4 is a newer version of the ext filesystem, designed to improve
performance and reliability.
• Apple File System (APFS): APFS is the default filesystem used on macOS computers. It is designed to
improve performance and support advanced features such as encryption.
• Extensible File Allocation Table (exFAT): exFAT is a newer filesystem designed to support larger files
and better performance on flash drives and other removable storage devices.
○ Vendor life-cycle limitations: Software vendors typically provide support for their products for a certain
period of time. This includes providing updates and security patches. Some common vendor life-cycle
limitations include:
• End-of-life (EOL): When a product reaches its end-of-life, the vendor will no longer provide updates or
support for it.
• Update limitations: Some vendors may limit the number of updates or upgrades that a product can
receive.
○ Compatibility concerns between OSs: When using different operating systems on different devices, there
may be compatibility issues between them. For example, a file created on a Windows computer may not be
able to be opened on a macOS computer without additional software. It is important to consider these
compatibility concerns when working with different operating systems.
1.9 Given a scenario, perform OS installations and upgrades in a diverse OS environment
○ Boot Methods
• USB: USB booting involves creating a bootable USB drive, which contains the necessary files to start up
a computer. This method is often used to install a new operating system or to run a live operating
system from the USB drive.
• Optical media: This method involves using a bootable CD or DVD to start up the computer. This is an
older method that has largely been replaced by USB booting.
• Network: Network booting allows a computer to start up from a remote server over a network
connection. This method is often used in enterprise environments where administrators need to
quickly and easily deploy new operating systems to multiple computers.
• Solid-state/flash drives: Similar to USB booting, this method involves using a bootable solid-state drive
or flash drive to start up the computer. This is often used in embedded systems or other devices where
there is no traditional hard drive.
• Internet-based: Internet-based booting involves downloading the necessary files to start up the
computer from a remote server over the internet. This method is often used in thin client
environments or in situations where the operating system needs to be quickly and easily deployed to
multiple computers.
• External/hot-swappable drive: This method involves using an external hard drive or other removable
storage device to start up the computer. This is often used in situations where the internal hard drive
has failed or is being replaced.
• Internal hard drive (partition): This is the most common boot method and involves installing the
operating system on the computer's internal hard drive. The hard drive is partitioned to create a boot
partition, which contains the necessary files to start up the computer.
○ Types of installations
• Upgrade: This type of installation allows the user to upgrade their existing operating system to a newer
version. During the upgrade process, the old operating system is replaced with the new one, and the
user's files and applications are preserved. However, it's important to note that not all hardware and
software are compatible with newer operating systems, so there may be compatibility issues to
consider.
• Recovery partition: Many computer manufacturers include a recovery partition on their devices, which
can be used to restore the device to its factory settings. This type of installation wipes all data and
applications from the device and reinstalls the operating system and any pre-installed software.
• Clean install: A clean install involves completely wiping the device's hard drive and installing a fresh
copy of the operating system. This is usually done when the device is experiencing problems that
cannot be resolved through other means, or when the user wants to start fresh with a clean slate.
• Image deployment: Image deployment involves creating a master image of a computer's operating
system and software configuration, and then deploying that image to multiple computers. This is a
common method used by businesses and organizations to quickly and efficiently deploy the same
software configuration across multiple devices.
• Repair installation: A repair installation is a type of installation that allows the user to repair or reinstall
the operating system without losing their personal files or installed applications.
• Remote network installation: This type of installation allows the operating system to be installed on a
remote computer over a network connection. This is useful for businesses or organizations that need
to install the same operating system on multiple devices.
• Third-party drivers: Third-party drivers are drivers that are created by a company other than the
manufacturer of the hardware or software. These drivers may be necessary for the hardware or
software to function properly, but they may not be included in the operating system installation. In this
case, the user may need to manually install the third-party drivers after the operating system
installation is complete.
○ Partitioning
• Partitioning is the process of dividing a hard disk drive into separate, logically distinct sections. This
allows users to separate operating systems, applications, and data, and to manage them
independently. Two commonly used partitioning types are GUID Partition Table (GPT) and Master Boot
Record (MBR).
• GPT is a newer partitioning scheme that is part of the Unified Extensible Firmware Interface (UEFI)
specification. GPT can support hard drives larger than 2 TB and allows for up to 128 partitions on a
single disk. GPT also includes a backup partition table at the end of the disk, making it more resilient to
damage.
• MBR, on the other hand, is an older partitioning scheme that is used with legacy BIOS systems. MBR
can only support hard drives up to 2 TB in size and allows for up to four primary partitions or three
primary partitions and one extended partition. Extended partitions can then be divided into logical
partitions.
• In summary, GPT is the newer and more versatile partitioning scheme, while MBR is older and limited
in terms of disk size and the number of partitions it can support.
○ Drive format
• Drive format, also known as file system, refers to the method in which a storage device such as a hard drive,
solid-state drive, or flash drive is organized and structured to store and retrieve data. Each file system has its
own rules for how data is stored, named, and accessed. Examples of common file systems include NTFS (New
Technology File System) used by Windows operating system, HFS+ (Hierarchical File System Plus) used by
macOS, and EXT4 (Fourth Extended File System) used by Linux. When formatting a drive, it erases all data on the
drive and creates a new file system structure for the operating system to use. The choice of file system can
affect the performance and compatibility of the drive with different operating systems and devices.
○ Upgrade considerations
• Upgrading an operating system or software involves replacing an older version with a newer one. This
can have a significant impact on the system and its components. Here are some considerations to keep
in mind during the upgrade process:
• Backup files and user preferences: Before upgrading, it is essential to create a backup of all critical files
and user preferences. This can be done manually by copying files to an external hard drive or by using
a backup utility. In case of any errors during the upgrade process, the backup will ensure that
important files and settings are not lost.
• Application and driver support/backward compatibility: It is important to ensure that all the
applications and drivers installed on the system are compatible with the new operating system version.
Some applications may require updates or patches to work with the new OS. Drivers for hardware
components such as printers, scanners, and graphics cards may also need to be updated or replaced to
ensure compatibility with the new OS.
• Hardware compatibility: Upgrading to a newer version of an operating system may require newer
hardware components or more system resources. For example, if the new operating system version
requires more RAM or a faster processor, it may not work on older systems. It is important to ensure
that the system meets the minimum hardware requirements for the new OS version.
• Overall, it is important to plan and prepare for an upgrade carefully to minimize disruption and ensure
a smooth transition.
○ Feature updates
• A feature update is a major release of an operating system that includes significant changes and new
features. In the case of Windows 10, feature updates are released twice a year and are typically
accompanied by a version number change (e.g. from version 21H1 to version 21H2). Feature updates
are free to download and install for users who have a valid license for the operating system.
• The product life cycle refers to the different stages that a product goes through from its initial release
to its eventual retirement. In the case of operating systems like Windows 10, the life cycle typically
includes several phases, including mainstream support, extended support, and end of life. During
mainstream support, Microsoft provides regular updates and bug fixes for the operating system, while
during extended support, only security updates and critical bug fixes are provided. End of life means
that Microsoft will no longer provide any updates or support for the operating system. It's important to
note that feature updates are only provided during the mainstream support phase of the product life
cycle.
1.10 Identify common features and tools of the macOS client/desktop OS
○ Installation and uninstallation of applications
• .dmg: Disk Image file that contains a compressed file system and is used for software distribution,
typically used to distribute macOS software and updates.
• .pkg: Package file used for software installation and distribution on macOS.
• .app: Application bundle containing executable code and resources required to run an application on
macOS.
• App Store: The App Store is an application on macOS where users can download and install apps that
have been approved by Apple.
• Uninstallation process: To uninstall an application on macOS, the user can either drag the application
icon to the Trash or use a third-party uninstaller application. The uninstaller will remove the
application files and any associated files that the application may have created during installation.
○ Apple ID and corporate restrictions
• An Apple ID is a user account that provides access to various Apple services such as the App Store,
iCloud, and iTunes. It is required to download and install apps on macOS and iOS devices. In a
corporate setting, Apple IDs can be used to access corporate apps and services, and to manage and
distribute apps through the Apple Business Manager program.
• Corporate restrictions can be imposed on Apple IDs to limit access to certain apps or services, control
device settings, and enforce security policies. This can be done through Mobile Device Management
(MDM) software or through Apple's Configurator app. Corporate restrictions can also be used to
prevent users from downloading or installing unauthorized software, and to ensure compliance with
corporate IT policies. By using MDM, IT administrators can remotely manage and configure macOS and
iOS devices, including setting up security policies, pushing software updates, and enforcing data
encryption.
○ Best practices
• Backups: It is always a best practice to have a backup of your important data on macOS, as it can help
you restore your data in case of accidental deletion, hardware failure, or other issues. macOS provides
Time Machine, a built-in backup feature that allows you to back up your entire system, including apps,
documents, photos, music, and system files. You can also use third-party backup tools to create
backups of your data.
• Antivirus: Even though macOS is known for its security features and low vulnerability to viruses and
malware, it is still a good practice to use an antivirus software to protect your system from potential
threats. There are various antivirus software available for macOS, including Norton, McAfee, and
Avast.
• Updates/patches: It is essential to keep your macOS system up to date with the latest updates and
patches, as they can fix security vulnerabilities, bugs, and improve the overall performance of your
system. macOS provides regular updates and patches via the App Store or the Software Update
feature. You should also ensure that your third-party apps and drivers are updated regularly to ensure
compatibility and security
○ System Preferences
• Displays: This preference pane allows you to adjust the display settings of your Mac, including
resolution, brightness, and arrangement of multiple displays.
• Networks: This preference pane allows you to manage your network connections, such as Wi-Fi,
Ethernet, and VPNs.
• Printers & Scanners: This preference pane allows you to manage printers and scanners connected to
your Mac, including adding and removing devices and configuring their settings.
• Privacy: This preference pane allows you to manage your Mac's privacy settings, including location
services, camera, microphone, and app permissions.
• Accessibility: This preference pane allows you to configure accessibility features for users with
disabilities, including voiceover, display options, and keyboard shortcuts.
• Time Machine: This preference pane allows you to configure and manage automatic backups of your
Mac using Time Machine, including selecting backup destinations and excluding certain files or folders
from backups.
○ Features
• Multiple desktops: This feature allows users to create and manage multiple desktop spaces, each with
their own set of applications and windows. This can help to improve organization and productivity by
allowing users to separate different tasks and applications into different desktops.
• Mission Control: Mission Control is a feature that provides a unified view of all open windows and
desktops, making it easy to switch between them or rearrange them as needed.
• Keychain: The Keychain is a password management system that securely stores login credentials,
certificates, and other sensitive information. It also integrates with Safari to save and autofill website
passwords.
• Spotlight: Spotlight is a system-wide search feature that allows users to quickly search for files,
documents, emails, and other content on their Mac.
• iCloud: iCloud is Apple's cloud-based storage and synchronization service. It allows users to store files
and data in the cloud, sync them across multiple devices, and access them from anywhere with an
internet connection.
• Gestures: Macs have a variety of built-in trackpad gestures that allow users to perform a range of
tasks, such as scrolling, zooming, and navigating between applications and desktops.
• Finder: The Finder is the default file manager and graphical user interface shell on macOS. It allows
users to browse and organize files and folders, as well as access network shares and connected
devices.
• Remote Disc: This feature allows users to access the optical drive of another Mac or Windows
computer on their network, allowing them to install software or access data stored on a CD or DVD.
• Dock: The Dock is a feature that provides quick access to frequently used applications, documents, and
folders. It is typically located at the bottom of the screen and can be customized to suit individual
preferences.
○ Disk Utility
• Disk Utility is a built-in utility in macOS that allows users to manage their storage devices, such as hard
drives, solid-state drives, USB drives, and disk images. It provides features like creating, deleting,
formatting, resizing, and repairing disk partitions, as well as creating and burning disk images. Disk
Utility also provides SMART status monitoring and allows users to enable or disable journaling on a
volume.
○ FileVault
• FileVault is a disk encryption tool in macOS that provides full-disk encryption for Mac computers. It
uses XTS-AES 128 encryption to protect the data on the startup disk, including user data and system
files. With FileVault enabled, a user’s data is automatically encrypted and decrypted on the fly as they
access it, and is only accessible with the user's login password.
○ Terminal
• Terminal is a built-in command-line interface (CLI) in macOS that provides users with access to a Unix
shell environment. With Terminal, users can interact with their system and run commands that aren't
accessible through the graphical user interface (GUI). This includes tasks such as navigating the file
system, changing system settings, and installing software via the command line. The Terminal also
allows users to access remote computers and devices using a variety of protocols, such as SSH and
telnet
1.11 Identify common features and tools of the Linux client/desktop OS
○ Common commands
• ls: Lists files and directories in the current directory.
• pwd: Prints the current working directory.
• mv: Moves or renames a file or directory.
• cp: Copies a file or directory.
• rm: Removes (deletes) a file or directory.
• chmod: Changes the permissions of a file or directory.
• chown: Changes the owner of a file or directory.
• su/sudo: Allows a user to switch to the root user or execute a command as the root user.
• apt-get: Command-line tool used to manage packages on Debian and Ubuntu-based systems.
• yum: Command-line tool used to manage packages on Red Hat-based systems.
• ip: Displays and manages network interfaces and their properties.
• df: Displays the disk usage of file systems.
• grep: Searches for a specific string in a file or output of a command.
• ps: Lists the currently running processes.
• man: Displays the manual page of a command or program.
• top: Displays a real-time view of system processes and resource usage.
• find: Searches for files and directories that match certain criteria.
• dig: DNS lookup utility for querying DNS servers.
• cat: Concatenates and displays the contents of a file.
• nano: Text editor for the command line.
○ Best practices
• Backups: Regular backups of important data and system files are essential to ensure that data can be
restored in case of a system failure or data loss. Linux provides several backup tools, such as tar and
rsync, that can be used to create backups of important files and directories.
• Antivirus: Although Linux is generally considered to be less susceptible to viruses and malware than
other operating systems, it is still important to take steps to protect against these threats. Linux
antivirus software, such as ClamAV, can be used to scan for viruses and malware.
• Updates/patches: Keeping a Linux system up-to-date with the latest security updates and patches is
critical to maintaining its security and stability. Most Linux distributions provide package management
tools, such as apt-get or yum, that can be used to install updates and patches automatically or
manually.
• Additionally, other best practices related to Linux include using strong passwords, restricting root
access, disabling unnecessary services, and monitoring system logs for suspicious activity.
○ Tools
• Shell/terminal: A shell or terminal is a command-line interface used to interact with the Linux
operating system. It allows the user to execute various commands, scripts, and programs. The shell
provides a way to navigate the file system, manage files and directories, and perform various
administrative tasks. There are various shells available in Linux, including bash, zsh, ksh, and others.
• Samba: Samba is an open-source software suite used to provide file and print services to clients using
the SMB/CIFS protocol. It allows Linux machines to act as file and print servers for Windows-based
clients. With Samba, Linux can be integrated into a Windows network environment, allowing files and
printers to be shared between Linux and Windows machines. Samba supports various versions of the
SMB/CIFS protocol, including SMB1, SMB2, and SMB3.
2.0 - Security (25%)
2.1 Summarize various security measures and their purposes
○ Physical Security
• Access control vestibule: An access control vestibule is a small enclosed area within a building's
entryway that requires a person to be authorized before granting them access to the rest of the
building. It typically has two doors and a badge reader or other access control system.
• Badge reader: A badge reader is a device used to scan an ID badge or card to grant access to a secure
area.
• Video surveillance: Video cameras are used to monitor and record activity in a given area. They can
help deter crime, provide evidence in case of a security incident, and help identify suspects.
• Alarm systems: Alarm systems are designed to alert security personnel or law enforcement in case of a
security breach, such as an unauthorized entry or an attempt to steal equipment.
• Motion sensors: Motion sensors are used to detect movement within a given area. They can trigger an
alarm, notify security personnel, or turn on lights to deter intruders.
• Door locks: Door locks are used to secure doors and prevent unauthorized access. There are various
types of locks, including key locks, card access locks, and biometric locks.
• Equipment locks: Equipment locks are used to secure equipment, such as laptops or servers, to a
stationary object to prevent theft or unauthorized access.
• Guards: Guards are security personnel who monitor and patrol an area, deter potential criminals, and
respond to security incidents.
• Bollards: Bollards are sturdy, vertical posts that are typically used to prevent vehicles from entering a
restricted area.
• Fences: Fences are physical barriers used to prevent unauthorized entry or exit from a given area. They
can be made of various materials, such as wood, metal, or concrete.
○ Physical security for staff
• Key fobs: Key fobs are small electronic devices that emit a signal when they are within range of a card
reader. They are typically used to grant access to a restricted area or building. The purpose of key fobs
is to ensure that only authorized personnel can enter a secure area.
• Smart cards: Smart cards are similar to key fobs, but they contain more information and are more
secure. They typically require a PIN or other form of authentication to grant access. The purpose of
smart cards is to provide a higher level of security than key fobs.
• Keys: Keys are physical devices that can be used to unlock doors or cabinets. They are typically used in
combination with other security measures, such as a guard or alarm system. The purpose of keys is to
provide a low-tech backup in case other security measures fail.
• Biometrics: Biometric security measures use physical characteristics to verify a person's identity. Retina
scanners, fingerprint scanners, and palmprint scanners are all examples of biometric security
measures. The purpose of biometric security measures is to provide a high level of security and
prevent unauthorized access.
• Lighting: Lighting is an important aspect of physical security, especially in outdoor areas. Well-lit areas
are less attractive to criminals, and it is easier to detect suspicious activity when there is sufficient
lighting.
• Magnetometers: Magnetometers are devices that can detect metal objects on a person's body. They
○
○
○
○
are commonly used in airports and other high-security areas to prevent weapons from being brought
into the facility. The purpose of magnetometers is to provide an additional layer of security and
prevent potentially dangerous items from being brought into a secure area.
Logical security
• Principle of least privilege: This is a security principle that dictates that users should only be granted
the minimum access rights or permissions required to perform their job functions. This helps to limit
the potential damage that can be caused by insider attacks or external threats that may gain access to
user accounts.
• Access control lists (ACLs): An ACL is a set of rules that define the permissions or access rights that are
granted to users or groups for a specific resource such as a file or folder. This allows for fine-grained
control of access to resources and helps to prevent unauthorized access or modification.
• Multifactor authentication (MFA): This is a security mechanism that requires users to provide two or
more forms of authentication to access a resource or system. This can include something the user
knows (such as a password), something the user has (such as a smart card or token), or something the
user is (such as biometric data).
• Email: Email security measures include measures such as encryption, anti-spam filters, anti-malware
scanners, and content filtering to help prevent unauthorized access or disclosure of sensitive
information.
• Hard token: A hard token is a physical device such as a smart card or USB drive that generates a onetime password or PIN for authentication.
• Soft token: A soft token is a software-based authentication mechanism that uses an app or mobile
device to generate a one-time password or PIN for authentication.
• Short message service (SMS): SMS authentication sends a one-time code via text message to a user's
mobile device for authentication purposes.
• Voice call: Voice call authentication sends a one-time code via a voice call to a user's mobile or landline
phone for authentication purposes.
• Authenticator application: An authenticator application is a software-based authentication mechanism
that generates a one-time code for authentication on a mobile device or computer. Examples include
Google Authenticator, Microsoft Authenticator, and Authy.
Mobile Device Management (MDM)
• Mobile Device Management (MDM) is a type of security software designed to manage, monitor and
secure mobile devices such as smartphones, tablets, and laptops used in an enterprise environment.
• The purpose of MDM is to ensure the security and manageability of mobile devices in the enterprise by
allowing IT administrators to manage device settings, enforce security policies, deploy applications,
and control access to enterprise resources.
• With MDM, IT administrators can remotely manage devices, monitor device usage and data access,
configure device settings and enforce security policies, and wipe or lock lost or stolen devices. This
helps organizations ensure that sensitive data is protected, and that devices accessing corporate
resources are secure and comply with corporate policies and regulations.
• MDM solutions typically provide features such as mobile device inventory and tracking, remote device
configuration and management, application and content management, security and compliance
enforcement, and device monitoring and reporting. MDM can also help streamline device
deployments, reduce the risk of data breaches, and improve overall device performance and reliability.
Active Directory
Active Directory (AD) is a directory service developed by Microsoft that is used to manage network
resources, including users, computers, and applications, on a Windows domain network. Here are some of
the key features of Active Directory and their purposes:
• Login script: A login script is a set of instructions that run automatically when a user logs in to a
computer. In AD, login scripts can be used to map network drives, set up printers, or perform other
tasks that need to be done when a user logs in.
• Domain: A domain is a logical grouping of network resources, including computers, users, and other
devices. AD uses a domain model to manage network resources and provides centralized management
of network security, resources, and services.
• Group Policy/updates: Group Policy is a feature of AD that allows administrators to set policies that
govern the behavior of computers and users on the network. Group Policy can be used to enforce
security settings, set up software installation, and configure user settings.
• Organizational units: An organizational unit (OU) is a container used to group objects in AD. OUs can be
used to delegate administrative control and apply Group Policy settings to specific groups of users or
computers.
• Home folder: A home folder is a user's designated storage area on a network file server. In AD,
administrators can set up a user's home folder to automatically map to a network drive when the user
logs in.
• Folder redirection: Folder redirection is a feature that allows administrators to redirect certain folders,
such as the Documents folder, to a network location. This helps ensure that users' files are backed up
and provides easy access to files from multiple devices.
• Security groups: Security groups are used to control access to network resources. In AD, administrators
can create security groups that include specific users or computers and then assign permissions to
those groups for specific resources on the network.
2.2 Compare and contrast wireless security protocols and authentication methods
○ Protocols and encryption
• WiFi Protected Access 2 (WPA2): WPA2 is a security protocol that provides strong data protection for
wireless networks. It is the successor to the WEP (Wired Equivalent Privacy) protocol, which was found
to be insecure. WPA2 uses the Advanced Encryption Standard (AES) encryption algorithm, which is
considered highly secure.
• WPA3: WPA3 is the successor to WPA2 and includes several new security features. WPA3 uses a more
secure handshake protocol called Simultaneous Authentication of Equals (SAE), which is resistant to
password guessing attacks. WPA3 also provides better protection against brute-force attacks and
includes forward secrecy, which means that even if an attacker captures encrypted data, they won't be
able to decrypt it later if they gain access to the network.
• Temporal Key Integrity Protocol (TKIP): TKIP is an encryption protocol used in WPA and WPA2 to
protect wireless networks. TKIP was developed as a temporary solution to replace the insecure WEP
protocol until WPA2 was introduced. TKIP is less secure than AES and has several known
vulnerabilities, which is why WPA3 no longer supports it.
• Advanced Encryption Standard (AES): AES is a symmetric encryption algorithm used in WPA2 and
WPA3 to protect wireless networks. AES is considered highly secure and is used by the US government
for encrypting classified information. AES uses a key to encrypt and decrypt data, and the key must be
kept secret to ensure the security of the data.
• Overall, it's important to use the latest encryption protocols (such as WPA3) and avoid using outdated
encryption protocols (such as TKIP) to ensure the security of your wireless network.
○ Authentication
• Remote Authentication Dial-In User Service (RADIUS) and Terminal Access Controller Access-Control
System (TACACS+) are two common network authentication protocols used to control access to
network devices.
• RADIUS is an authentication, authorization, and accounting (AAA) protocol that is widely used in
corporate networks and ISPs for remote access and wireless network authentication. It provides
centralized authentication, authorization, and accounting services for users who connect to a network
resource, such as a router, switch, or wireless access point. RADIUS servers store user credentials in a
central database and are responsible for authenticating users who try to access network resources.
Once a user is authenticated, RADIUS servers can also enforce access control policies and track user
activity.
• TACACS+ is another AAA protocol that provides similar authentication, authorization, and accounting
services as RADIUS but with more advanced features. TACACS+ is primarily used in enterprise networks
and is designed to separate authentication, authorization, and accounting functions, providing greater
control and flexibility. It offers support for a wider range of authentication methods, including two-
factor authentication, and provides more detailed auditing and reporting capabilities. TACACS+ also
encrypts all communication between the server and client, making it more secure than RADIUS.
• Kerberos is a network authentication protocol that uses symmetric key cryptography to provide strong
authentication for client/server applications. It allows entities communicating over a network to prove
their identity to each other in a secure manner, without transmitting passwords over the network. It is
commonly used in enterprise environments, particularly with Microsoft Active Directory.
• Multifactor authentication (MFA) is a security mechanism that requires users to provide two or more
forms of authentication to access a system. This approach adds an extra layer of security beyond
traditional username and password authentication. The factors used for authentication can be
something the user knows (such as a password), something the user has (such as a smart card or
token), or something the user is (such as a biometric scan). MFA can help prevent unauthorized access
to sensitive information and systems.
2.3 Given a scenario, detect, remove, and prevent malware using the appropriate tools and methods
○ Malware
• Trojan: Trojan malware appears to be a legitimate software application, but it is designed to damage,
disrupt, steal or spy on your computer system. Symptoms of a Trojan infection may include system
crashes, frequent pop-up ads, and changes to your desktop or homepage.
• Rootkit: A rootkit is a type of malware that is designed to hide its presence on a computer or network.
Symptoms of a rootkit infection may include slow system performance, unexplained network activity,
and disabled antivirus software.
• Virus: A virus is a type of malware that spreads from one computer to another by attaching itself to
files or programs. Symptoms of a virus infection may include slow system performance, unexplained
error messages, and missing or corrupted files.
• Spyware: Spyware is a type of malware that collects personal information about you without your
knowledge or consent. Symptoms of spyware infection may include slow system performance,
frequent pop-up ads, and changes to your browser settings.
• Ransomware: Ransomware is a type of malware that encrypts your files or blocks access to your
computer until a ransom is paid. Symptoms of ransomware infection may include missing or encrypted
files, pop-up messages demanding payment, and changes to your desktop or homepage.
• Keylogger: Keylogger is a type of malware that records keystrokes and captures sensitive information
such as usernames, passwords, and credit card numbers. Symptoms of keylogger infection may include
slow system performance, unexplained network activity, and missing or corrupted files.
• Boot sector virus: A boot sector virus is a type of virus that infects the master boot record of a hard
drive, making it impossible to boot the operating system. Symptoms of boot sector virus infection may
include error messages during startup, missing or corrupted files, and slow system performance.
• Cryptominers: Cryptominers are a type of malware that hijacks a computer's processing power to mine
cryptocurrencies. Symptoms of cryptominer infection may include slow system performance, high CPU
usage, and increased energy consumption.
• To detect these malware, you can use antivirus software, which can scan and detect the presence of
malware on your computer system. You can also look for the symptoms mentioned above and take
necessary actions to remove or mitigate the malware.
○ Tools and methods
• Recovery mode: This is a built-in feature of some operating systems that allows the user to boot into a
minimal environment and perform system maintenance tasks, including removing malware. Recovery
mode can be accessed by pressing a specific key during the boot process.
• Antivirus: Antivirus software is designed to detect and remove viruses, Trojans, and other types of
malware from a system. Antivirus software typically uses a combination of signature-based detection
and behavioral analysis to identify and remove malware.
• Anti-malware: Anti-malware software is similar to antivirus software but is designed to detect and
remove a wider range of malware types, including spyware, adware, and other potentially unwanted
programs (PUPs).
• Software firewalls: Software firewalls can help prevent malware from accessing a system by blocking
unauthorized network traffic. A software firewall can also alert the user if an application attempts to
access the internet without permission.
• Anti-phishing training: Phishing attacks are a common method used by cybercriminals to distribute
malware. Anti-phishing training can help educate users on how to identify and avoid phishing attacks.
• User education regarding common threats: Educating users about common threats can help them
avoid downloading or installing malware. Users should be taught to be wary of email attachments from
unknown senders, suspicious links, and free downloads from untrusted sources.
• OS reinstallation: In some cases, malware may be so deeply embedded in a system that it cannot be
removed using standard tools and methods. In these cases, the only option may be to reinstall the
operating system and all software applications from scratch. This method can be time-consuming and
may result in data loss, so it should only be used as a last resort.
2.4 Explain common social-engineering attacks, threats, and vulnerabilities
○ Social engineering
• Social engineering is a type of attack that targets human behavior and psychology rather than technical
vulnerabilities in order to manipulate individuals into divulging sensitive information or performing an
action that would be detrimental to an organization's security. There are various types of social
engineering attacks, including:
□ Phishing: This involves sending fake emails or messages that appear to be from a legitimate
source, in order to trick the recipient into revealing sensitive information such as passwords or
account numbers.
□ Vishing: This is a form of phishing that involves using voice calls or voicemail messages to trick the
victim into revealing sensitive information.
□ Shoulder surfing: This involves observing or eavesdropping on an individual as they enter
sensitive information such as passwords or PINs.
□ Whaling: This is a type of phishing attack that targets high-level executives or other individuals
with access to sensitive information.
□ Tailgating: This involves following someone into a restricted area without proper authorization,
by pretending to be an authorized person or simply following them closely.
□ Impersonation: This involves pretending to be someone else in order to gain access to restricted
information or perform a certain action.
□ Dumpster diving: This involves rummaging through trash or recycling bins in order to find
sensitive information such as account numbers or passwords.
□ Evil twin: This involves setting up a fake wireless access point that looks identical to a legitimate
one, in order to trick users into connecting to it and revealing sensitive information.
• To prevent these types of attacks, it is important to educate employees about these tactics and
provide training on how to identify and avoid social engineering attacks. Additionally, technical
measures such as multi-factor authentication and encryption can help protect against unauthorized
access to sensitive information.
○ Threats
• Distributed denial of service (DDoS) attack: A type of cyber attack in which multiple compromised
computer systems target a website, server, or other network resources to make it unavailable for its
intended users. This is done by overwhelming the target system with a flood of traffic from multiple
sources, rendering it inaccessible.
• Denial of service (DoS) attack: A type of cyber attack that makes a server or network resource
unavailable to its intended users by overwhelming it with traffic or sending it information that triggers
a crash or shutdown.
• Zero-day attack: A type of cyber attack that exploits an unknown vulnerability in software or hardware.
Attackers use these vulnerabilities to gain access to a system and steal data or cause harm.
• Spoofing: A type of cyber attack in which an attacker masquerades as a trusted entity to gain access to
sensitive information. Spoofing can occur via email, websites, phone calls, or text messages.
• On-path attack: A type of cyber attack where an attacker intercepts and alters network traffic between
two parties. The attacker could steal data, manipulate the data being sent, or even launch additional
attacks.
• Brute-force attack: A type of cyber attack where an attacker tries to guess a password or encryption
key by trying different combinations of characters until the correct one is found.
• Dictionary attack: A type of cyber attack where an attacker uses a list of known passwords or
commonly used passwords to try and gain access to a system or device.
• Insider threat: A type of threat where an individual within an organization has access to sensitive data
or systems and intentionally or unintentionally causes harm or theft.
• Structured Query Language (SQL) injection: A type of cyber attack where an attacker inserts malicious
code into a website or application that uses SQL, allowing them to access or manipulate sensitive data.
• Cross-site scripting (XSS): A type of cyber attack where an attacker injects malicious code into a
website or application that allows them to steal sensitive information, such as login credentials or
personal information, from users who visit the site.
○ Vulnerabilities
• Non-compliant systems: Non-compliant systems refer to systems that do not adhere to security
policies and standards set by an organization. For example, a system that does not have the latest
security patches installed or does not have the necessary security controls in place can be considered
non-compliant. Such systems can be exploited by attackers to gain unauthorized access or steal
sensitive information.
• Unpatched systems: Unpatched systems are systems that have not been updated with the latest
security patches released by the vendor. Attackers can exploit vulnerabilities in unpatched systems to
gain unauthorized access or perform malicious activities. Organizations should regularly update their
systems to protect against known vulnerabilities.
• Unprotected systems (missing antivirus/missing firewall): Unprotected systems are systems that do not
have the necessary security controls in place to prevent or detect malicious activities. For example, a
system without antivirus software can be vulnerable to malware attacks, while a system without a
firewall can be vulnerable to network attacks. Organizations should implement appropriate security
controls to protect their systems and data.
• End-of-life (EOL) operating systems: EOL operating systems are operating systems that are no longer
supported by the vendor. This means that the vendor no longer releases security patches or updates
for these operating systems. Attackers can exploit vulnerabilities in EOL operating systems as there is
no support from the vendor to fix these vulnerabilities. Organizations should upgrade to a supported
operating system to protect against security threats.
• Bring Your Own Device (BYOD): BYOD refers to the practice of employees using their personal devices
(such as smartphones, laptops, or tablets) for work purposes. BYOD can increase productivity but can
also introduce security risks as these devices may not have the necessary security controls or may be
vulnerable to attacks. Organizations should implement security policies and controls to manage the
risks associated with BYOD.
2.5 Given a scenario, manage and configure basic security settings in the Microsoft Windows OS
○ Defender Antivirus
• A built-in security feature in the Microsoft Windows operating system that helps protect against
malware, viruses, and other malicious software. It continuously monitors the system for potential
threats and takes actions to remove or quarantine them.
• To activate or deactivate Defender Antivirus on a Windows machine, follow these steps:
□ Open the Windows Security app by clicking the Start menu and searching for "Windows Security."
□ Click on "Virus & threat protection."
□ Click on "Manage settings."
□ Toggle the "Real-time protection" switch to turn Defender Antivirus on or off.
• Defender Antivirus automatically checks for updates to its virus definitions, which are the files that
identify known viruses and other malware. It is important to keep these definitions up to date to
ensure the most effective protection against new threats.
• To manually update Defender Antivirus definitions, follow these steps:
□ Open the Windows Security app.
○ Firewall
□ Click on "Virus & threat protection."
□ Click on "Check for updates" under the "Virus & threat protection updates" section.
□ Wait for the updates to download and install.
• The Windows OS Firewall is a security feature that monitors and controls incoming and outgoing network traffic.
It can be configured to allow or block specific ports and applications based on user-defined rules.
• To manage and configure the Windows OS Firewall settings:
□ Open the Windows Defender Firewall settings by typing "Windows Defender Firewall" in the Start menu
search box and clicking on the result.
• To activate or deactivate the firewall, click on the "Turn Windows Defender Firewall on or off" link on the lefthand side of the screen. From there, you can choose to turn on the firewall for public and private networks, or
turn it off entirely.
• To configure port security, click on the "Advanced settings" link on the left-hand side of the screen. This will
open the Windows Defender Firewall with Advanced Security console.
• To allow incoming traffic on a specific port, right-click on "Inbound Rules" and select "New Rule." Follow the
wizard to create a new inbound rule for the desired port. To block incoming traffic on a specific port, follow the
same steps but choose "Block the connection" instead of "Allow the connection" during the rule creation
process.
• To configure application security, click on the "Windows Defender Firewall with Advanced Security" link on the
left-hand side of the screen. From there, you can create new inbound and outbound rules for specific
applications or programs.
• It is important to note that changes made to the Windows Firewall settings can impact the functionality of
certain applications and services. It is recommended to only make changes if necessary and to test any changes
in a controlled environment before deploying to production.
○ Users and groups
• Local Account: A local account is created on a specific device and is not connected to any online
account. It allows a user to log in to the device and access its resources, but limits access to resources
on other devices and on the network.
• Microsoft Account: A Microsoft account is an online account that is connected to a user's email
address and password. It allows users to sign in to their devices with their Microsoft credentials and
provides access to Microsoft services like OneDrive, Office, and the Microsoft Store.
• Standard Account: A standard account is a limited user account that can access the computer's
resources, but cannot make system-wide changes, install software, or modify other users' accounts.
• Administrator Account: An administrator account has full control over the device and can perform any
actions on it, including installing software, changing system settings, and managing other user
accounts.
• Guest Account: A guest account provides temporary access to the device for users who do not have
their own user account. It has very limited access to the system and cannot make any permanent
changes.
• Power User Account: A power user account is a type of account that gives users more control over
their system than a standard user account, but less than an administrator account. It is designed for
users who need to perform advanced tasks on the computer, such as installing drivers or modifying
system settings, but do not require full administrative access.
○ Login OS option
• Username and password: This is the most common and traditional way of logging into a Windows 10
account. Users enter their unique username and password to gain access to their account.
• Personal identification number (PIN): A PIN is a four-digit code that users can set up to sign in to their
Windows 10 account quickly. It is more convenient than a password because it is shorter and easier to
remember. However, it is less secure than a password.
• Fingerprint: Windows 10 supports fingerprint recognition, allowing users to log in using their
fingerprint. This is a highly secure and convenient way of logging in.
• Facial recognition: Windows 10 also supports facial recognition using the built-in camera on the device.
This is a highly secure and convenient way of logging in, but it requires a device with a compatible
camera.
• Single sign-on (SSO): SSO allows users to log in to multiple applications or services using a single set of
credentials. Windows 10 supports SSO using Azure Active Directory and Microsoft accounts.
○ NTFS vs. share permissions
• When it comes to file and folder permissions, Microsoft Windows provides two types of permissions:
NTFS (New Technology File System) and share permissions.
• NTFS permissions are applied directly to files and folders stored on an NTFS file system. These
permissions apply regardless of whether the user is accessing the files locally or over the network.
NTFS permissions can be set to allow or deny users and groups various levels of access to files and
folders, such as read, write, execute, or modify permissions.
• Share permissions, on the other hand, are used when accessing files and folders over the network.
They apply to folders and files being accessed over the network and cannot be used to restrict access
to files accessed locally. Share permissions can be set to allow or deny users and groups various levels
of access to shared folders, such as read, write, or execute permissions.
• File and folder attributes refer to various settings that can be applied to files and folders, such as readonly, hidden, or archive. These attributes are stored as part of the file or folder's metadata and can be
used to control access to the file or folder.
• Inheritance is a feature that allows permissions applied to a parent folder to be passed down to its
subfolders and files. This means that permissions set at the parent level can be inherited by all
subfolders and files unless otherwise specified. However, inheritance can be disabled, allowing for
more granular control over individual files and folders.
○ Run as administrator vs. standard user
• User Account Control (UAC) is a security feature in Windows that helps prevent unauthorized changes
to the system by asking for confirmation or prompting for credentials when a user attempts to perform
certain actions that require administrative privileges.
• When a user is logged in with a standard user account, UAC prompts for administrator credentials
when attempting to perform actions that require administrative privileges. This is because standard
user accounts have limited permissions and cannot make changes to certain system settings.
• On the other hand, running as an administrator allows a user to perform actions that require
administrative privileges without being prompted for credentials by UAC. This is because administrator
accounts have full control over the system and can make changes to all system settings.
• However, it is generally not recommended to run as an administrator all the time, as it increases the
risk of malware or other threats taking advantage of those elevated privileges. It is recommended to
use a standard user account for daily use and only run as an administrator when necessary to perform
specific actions that require administrative privileges.
○ BitLocker: BitLocker is a full-disk encryption feature that is available in Windows 10 Pro, Enterprise, and
Education editions. It encrypts the entire operating system volume and protects the computer from offline
attacks. BitLocker uses AES encryption with 128-bit or 256-bit keys to encrypt data. To use BitLocker, you
need a Trusted Platform Module (TPM) chip or a USB drive to store the encryption key. With BitLocker, you
can also set up a PIN or password to prevent unauthorized access to the computer.
○ BitLocker To Go: BitLocker To Go is a feature that allows users to encrypt removable drives, such as USB
flash drives and external hard drives. It is available in Windows 10 Pro and Enterprise editions. Like
BitLocker, it uses AES encryption with 128-bit or 256-bit keys to encrypt data. To use BitLocker To Go, you
need to enable the feature and set up a password or smart card to unlock the drive.
○ Encrypting File System (EFS): EFS is a file-level encryption feature that is available in all editions of Windows.
It allows users to encrypt individual files and folders on NTFS-formatted drives. EFS uses a combination of
symmetric and asymmetric encryption to protect data. EFS keys are automatically generated and stored in
the user's profile. To use EFS, you need to enable the feature and set the appropriate permissions on the
files and folders you want to encrypt.
2.6 Given a scenario, configure a workstation to meet best practices for security
○ Data-at-rest encryption
• Data-at-rest encryption is a security measure used to protect sensitive data stored on digital devices
such as hard drives, solid-state drives, or other storage devices. It involves encrypting the data while it
is at rest (not being accessed or used) to prevent unauthorized access, theft, or modification.
○
○
○
○
• The encryption process involves converting the original data into a coded form that cannot be read or
understood without the proper decryption key. The encryption key is only available to authorized users
who possess the correct credentials to access the data.
• Data-at-rest encryption can be implemented at various levels, including the device level, file level, or
even individual field level. It can be done using software-based encryption tools, hardware-based
encryption devices, or cloud-based encryption services. Some examples of data-at-rest encryption
methods include BitLocker, VeraCrypt, and LUKS.
• By using data-at-rest encryption, organizations can ensure that their sensitive data is protected even if
the physical device or storage media falls into the wrong hands. It is an essential security measure for
safeguarding confidential information such as financial records, medical records, intellectual property,
and personal data.
Password best practices
• Complexity requirements
□ Length and Character types: Passwords should have a minimum length of eight characters and
should be a combination of upper and lower case letters, numbers, and special characters.
Longer passwords are better, as they are harder to crack.
• Expiration requirements: Passwords should be changed regularly, typically every 90 days. This helps
ensure that compromised passwords are not used to access systems for an extended period.
• Basic Input/Output System (BIOS)/Unified Extensible Firmware Interface (UEFI) passwords: BIOS/UEFI
passwords are used to secure the boot process of a computer. They can prevent unauthorized users
from booting the computer from an external device. BIOS/UEFI passwords should be set and should be
kept confidential.
• By following these best practices, users can create strong passwords that are less vulnerable to bruteforce attacks, dictionary attacks, and other types of password cracking techniques.
End-user best practices
• Use screensaver locks: Screensaver locks can automatically lock the screen after a specific period of
inactivity. This helps to prevent unauthorized access to the system.
• Log off when not in use: Users should log off their accounts when they are not using the system. This
ensures that no one else can access their account and the information on the system.
• Secure/protect critical hardware (e.g., laptops): Users should ensure that critical hardware, such as
laptops, are protected and secured when not in use. This includes using a password-protected screen
lock, storing the device in a secure location, and using a cable lock to prevent theft.
• Secure personally identifiable information (PII) and passwords: Users should secure their personally
identifiable information (PII) and passwords by creating strong passwords, not sharing them with
others, and avoiding using the same password across multiple accounts.
Account Management
• Restrict user permissions: Users should only be given the permissions necessary to perform their job
duties. This helps to limit the potential damage that could be caused if a user's account is
compromised.
• Restrict login times: If users only need to access the system during specific times, their accounts should
be configured to only allow logins during those times. This can help prevent unauthorized access
outside of business hours.
• Disable guest account: The guest account is a built-in account in many operating systems that allows
users to log in without a password. It should be disabled, as it provides an easy entry point for
attackers.
• Use failed attempts lockout: To prevent brute-force attacks on user accounts, lockout policies should
be implemented. For example, after a certain number of failed login attempts, the account should be
locked for a specified period of time.
• Use timeout/screen lock: Users should be encouraged to lock their screens or log out of the system
when they step away from their computer, even for short periods of time. This helps to prevent
unauthorized access to their account in their absence.
Change default administrator’s user account/password
• This best practice is aimed at changing the default administrator account credentials that are set up by
the system manufacturer or software provider. This is because many hackers and attackers are aware
of the default usernames and passwords, and may attempt to exploit these to gain access to the
system. Therefore, changing the default administrator's user account/password will help prevent
unauthorized access to the system.
○ Disable AutoRun
• This is a Windows feature that automatically launches programs or applications when a new device or
removable media is connected to the computer. However, this feature can also be exploited by
malware or other malicious programs to automatically execute code without the user's knowledge or
consent. Therefore, disabling AutoRun can help prevent the automatic execution of malicious code.
○ Disable AutoPlay
• AutoPlay is a feature in Windows that launches a menu of options when a new device or removable
media is connected to the computer. This menu allows users to choose what they want to do with the
device or media, such as open files, import pictures, or play music. However, this feature can also be
exploited by malware or other malicious programs to automatically execute code without the user's
knowledge or consent. Therefore, disabling AutoPlay can help prevent the automatic execution of
malicious code.
2.7 Explain common methods for securing mobile and embedded devices
○ Screen locks:
• Facial recognition: This type of screen lock uses the front-facing camera to scan the user's face and
unlock the device if it recognizes the person's features. It provides fast and convenient access but may
not be as secure as other types of screen locks.
• PIN codes: A PIN code is a four or six-digit numeric code that the user enters to unlock the device. It is
a simple and effective way to protect the device from unauthorized access.
• Fingerprint: A fingerprint scanner is a biometric authentication method that uses the user's unique
fingerprint to unlock the device. It is more secure than a PIN code as it is harder to replicate a
fingerprint.
• Pattern: A pattern lock requires the user to draw a specific pattern on the screen to unlock the device.
It is a popular screen lock for Android devices.
• Swipe: A swipe screen lock requires the user to swipe a finger across the screen in a specific direction
to unlock the device. It is the least secure type of screen lock as it is vulnerable to smudge attacks.
• It is important to note that no screen lock is completely foolproof, and each type has its own strengths
and weaknesses. It is recommended to use a combination of different screen locks to enhance the
security of the device.
○ Remote wipes: If your device is lost or stolen, remote wipe allows you to erase all data from the device
remotely, preventing unauthorized access.
○ Locator applications: Locator applications allow you to track the location of your device if it is lost or stolen.
○ OS updates: Regularly updating your mobile or embedded device’s operating system can help keep it secure
by patching vulnerabilities.
○ Device encryption: Device encryption protects the data on your device by scrambling it and making it
unreadable without the proper key or password.
○ Remote backup applications: Remote backup applications automatically back up your data to the cloud or
another remote location, protecting it from data loss due to theft, damage, or other events.
○ Failed login attempts restrictions: Restricting the number of failed login attempts can help prevent
unauthorized access to your device.
○ Antivirus/anti-malware: Mobile and embedded devices are just as vulnerable to viruses and malware as
desktop computers. Installing antivirus or anti-malware software can help protect your device from these
threats.
○ Firewalls: Firewalls can help protect your device from network-based attacks by blocking unauthorized
access to your device.
○ Policies and procedures: Establishing policies and procedures around mobile and embedded device security
can help ensure that users follow best practices. This includes policies around whether devices should be
corporate-owned or allowed for BYOD, as well as profile security requirements.
○ Internet of Things (IoT): The Internet of Things (IoT) is a growing network of interconnected devices that
communicate with each other. Securing these devices is essential to prevent unauthorized access to your
network or data.
2.8 Given a scenario, use common data destruction and disposal methods
○ Physical Destruction
• Drilling: This method involves drilling holes through the storage device to destroy the internal
components and make it impossible to retrieve any data.
• Shredding: This involves using a specialized shredder that grinds the storage device into small pieces,
ensuring that it is impossible to retrieve any data from the device.
• Degaussing: This method involves exposing the storage device to a strong magnetic field to scramble
the data stored on it. This renders the data unreadable and the device unusable.
• Incinerating: This method involves heating the storage device to very high temperatures until it is
reduced to ashes. This ensures that no data can be retrieved from the device.
○ Recycling or repurposing best practices
• Erasing/Wiping: This is the process of securely deleting data from the device's storage by overwriting
the existing data with new data. There are various software tools available that can perform this task,
including built-in options like Windows' Disk Cleanup utility or third-party tools like DBAN (Darik's Boot
and Nuke) or Eraser.
• Low-Level Formatting: This process involves completely wiping the disk drive and recreating the file
system from scratch. This method is typically used when the device is being repurposed or resold, and
not when the device is being recycled or disposed of.
• Standard Formatting: This process involves simply reformatting the drive without any additional
measures taken to securely erase the data. This method should only be used when the device is being
repurposed within a secure environment and all sensitive data has already been securely erased.
○ Outsourcing concepts
• When it comes to disposing of sensitive data, outsourcing to a third-party vendor is a common
solution. Third-party vendors specialize in data destruction and have the equipment and expertise to
safely and securely dispose of electronic devices and media.
• Before choosing a vendor, it is important to ensure they have the necessary certifications and follow
industry best practices for data destruction. The certification of destruction/recycling is an important
factor to consider when outsourcing data destruction. It is a certification given to third-party vendors
to verify that they have securely destroyed or recycled electronic devices and media.
• The most commonly recognized certification for data destruction is the National Association for
Information Destruction (NAID). The NAID provides certification to third-party vendors who follow
strict guidelines for data destruction and recycling.
• Outsourcing data destruction can be a good option for companies that do not have the resources or
expertise to handle it themselves. However, it is important to choose a reputable vendor and ensure
that the data is destroyed securely and in compliance with relevant laws and regulations.
2.9 Given a scenario, configure appropriate security settings on small office/home office (SOHO) wireless and
wired networks
○ Home router settings
• Change default passwords: Routers come with default passwords that are easy to guess, so it's crucial
to change the default passwords to a strong, unique password.
• IP filtering: This setting allows you to specify which devices can access your network by filtering traffic
based on IP addresses.
• Firmware updates: Regularly updating your router's firmware can ensure that it has the latest security
patches and features.
• Content filtering: Content filtering can block malicious or unwanted websites and protect your devices
from malware and other cyber threats.
• Physical placement/secure locations: It is recommended to place your router in a secure location
where it's not easily accessible, like a locked closet.
• DHCP reservations: DHCP reservation allows you to assign a fixed IP address to a specific device on
your network, so it always receives the same IP address.
• Static WAN IP: A static WAN IP address is a permanent IP address assigned to your router by your
Internet Service Provider (ISP). It's recommended to use a static IP address instead of a dynamic one to
prevent your IP address from changing frequently.
• Universal Plug and Play (UPnP): UPnP allows devices on your network to automatically configure the
router and access the Internet without manual configuration. However, UPnP can also be a security
risk if attackers exploit it to gain access to your network.
• Screened subnet: A screened subnet is a DMZ (Demilitarized Zone) that is set up to isolate public-facing
servers from the rest of the network. This provides an additional layer of security to protect your
network from external attacks.
○ Wireless specifics
• Changing the service set identifier (SSID)
□ The SSID is the name of the wireless network, and it is visible to anyone within range.
□ Changing the default SSID to a unique name makes it harder for attackers to identify and target
the network.
• Disabling SSID broadcast
□ When SSID broadcast is enabled, the network name is included in the signal broadcast by the
wireless access point.
□ Disabling this feature means that users must manually enter the SSID to connect to the network,
making it less visible to potential attackers.
• Encryption settings
□ Encryption is used to protect wireless traffic from eavesdropping and unauthorized access.
□ Common encryption methods include Wired Equivalent Privacy (WEP), Wi-Fi Protected Access
(WPA), WPA2, and WPA3. Of these, WPA3 is the most secure and recommended method for
wireless networks.
• Disabling guest access
□ Disabling guest access means that only authorized users can connect to the wireless network.
□ This prevents unauthorized individuals from accessing the network and its resources.
• Changing channels
□ Wireless networks use different channels to broadcast signals
□ Changing the channel can help to avoid interference from other networks and reduce the risk of
attacks targeting specific channels.
□ Non-overlapping channels on the 2.4 GHz frequency are 1, 6, and 11
□ 5 GHz frequencies have more channels and less interference
• By configuring these security settings, wireless network administrators can help to protect the network
and the devices connected to it from various security threats.
○ Firewall settings
• Firewalls are network security systems that monitor and control network traffic. They can be
hardware-based or software-based and can be configured to block or allow specific types of traffic
based on rules and policies. Two important firewall security settings are disabling unused ports and
port forwarding/mapping.
• Disabling unused ports involves closing off network ports that are not being used. This is important
because unused ports can be exploited by attackers to gain access to a network. By disabling unused
ports, organizations can reduce the attack surface of their network and limit the number of potential
entry points for attackers.
• Port forwarding/mapping involves redirecting network traffic from one port to another. This is
commonly used to allow external access to a specific service or application running on a device on the
internal network. However, port forwarding can also be used by attackers to bypass firewalls and gain
access to a network. It is important for organizations to carefully consider the risks of port forwarding
and ensure that it is only used when necessary, and that it is properly configured to prevent
unauthorized access.
2.10 Given a scenario, install and configure browsers and relevant security settings
○ Browser download/installation
• Trusted sources: These are websites or platforms that are considered reliable and safe for downloading
software, including browsers. Trusted sources include the official websites of the browser developers
or well-known software distribution platforms. It is generally recommended to download software
only from trusted sources to reduce the risk of downloading malicious software or viruses.
• Hashing: Hashing is a process of generating a unique alphanumeric code for a file or software. The
purpose of hashing is to verify the integrity of the downloaded file and ensure that it has not been
tampered with during transit. The hash value of a downloaded file can be compared with the hash
value provided by the trusted source to ensure that the file is authentic.
• Untrusted sources: These are websites or platforms that are not considered reliable or safe for
downloading software. Untrusted sources may include websites that are not well-known or that have a
history of distributing malware or other malicious software. Downloading software from untrusted
sources can increase the risk of downloading viruses or malware that can harm your computer or
compromise your security. It is generally recommended to avoid downloading software from untrusted
sources.
○ Extensions and plug-ins
• Browser extensions and plug-ins are additional software components that can enhance the
functionality of web browsers. They can provide additional features such as ad-blockers, password
managers, and language translators. However, they can also pose a security risk to the system and the
user's data.
• Trusted sources refer to the reliable sources that are known for providing safe and secure browser
extensions and plug-ins. These sources are generally well-known companies, developers, or
marketplaces such as Google Chrome Web Store, Mozilla Firefox Add-ons, and Microsoft Edge Addons. It is generally recommended to only install browser extensions and plug-ins from trusted sources
to avoid the risk of malware or other security threats.
• On the other hand, untrusted sources refer to sources that are unknown or known for providing
malicious software. These sources can be third-party websites, pop-ups, or other unauthorized
sources. Installing browser extensions and plug-ins from untrusted sources can compromise the
security of the system and expose sensitive information to malicious actors. It is strongly
recommended to avoid installing browser extensions and plug-ins from untrusted sources to prevent
any security threats.
○ Password managers
• Password managers are tools that allow users to securely store and manage their various passwords. They often
require a master password to access the stored passwords and can generate strong passwords for users to use,
reducing the likelihood of using weak or easily guessable passwords. This can increase overall security by
reducing the risk of password-based attacks, such as brute-force attacks
○ Secure connections/sites-valid certificates
• Secure connections and sites with valid certificates are also important for security. When a website uses HTTPS
(Hypertext Transfer Protocol Secure), it means that the connection between the user's browser and the
website's server is encrypted, making it more difficult for anyone to intercept or eavesdrop on the
communication. Websites that use HTTPS should also have a valid SSL/TLS (Secure Sockets Layer/Transport
Layer Security) certificate, which is issued by a trusted Certificate Authority and confirms the identity of the
website. This helps prevent phishing attacks and other types of attacks that rely on impersonating legitimate
websites. Most modern browsers indicate whether a website is using HTTPS and whether its certificate is valid
or not, usually by displaying a lock icon or a warning message.
○ Settings
• Pop-up blocker: This setting blocks pop-up windows, which can be used to show unwanted ads,
malware, or phishing attempts.
• Clearing browsing data: This setting allows users to clear their browsing history, cookies, and other
data that could be used to track them online.
• Clearing cache: This setting clears the cache, which is temporary storage used by browsers to speed up
webpage loading. Clearing the cache can help prevent webpages from loading improperly or showing
outdated information.
• Private-browsing mode: This setting lets users browse the internet without storing any data on their
device, such as history or cookies.
• Sign-in/browser data synchronization: This setting allows users to synchronize their browser data
across different devices, such as bookmarks, history, and passwords.
• Ad blockers: This setting blocks ads on webpages, which can improve browsing speed and protect
against malicious ads that could be used to distribute malware or steal user data.
3.0 - Software Troubleshooting (22%)
3.1 Given a scenario, troubleshoot common Windows OS problems
○ Common symptoms
• Blue screen of death (BSOD): It is an error screen displayed when the system encounters a critical error
that it can't recover from. This can be caused by faulty hardware, corrupt drivers, or software issues.
• Sluggish performance: This is when the computer is slow to respond or perform tasks. This can be
caused by a lack of memory, outdated drivers, or malware.
• Boot problems: This is when the system fails to boot up. This can be caused by hardware failure,
corrupt system files, or malware.
• Frequent shutdowns: This is when the system shuts down unexpectedly. This can be caused by
overheating, a failing power supply, or malware.
• Services not starting: This is when system services fail to start. This can be caused by corrupt system
files, malware, or a lack of available memory.
• Applications crashing: This is when applications close unexpectedly. This can be caused by outdated
software, corrupt system files, or malware.
• Low memory warnings: This is when the system warns of low memory availability. This can be caused
by a lack of available memory, too many programs running, or memory leaks in applications.
• USB controller resource warnings: This is when the system warns of low USB controller resources. This
can be caused by too many USB devices connected, outdated drivers, or hardware issues.
• System instability: This is when the system behaves erratically or unpredictably. This can be caused by
malware, outdated drivers, or hardware failure.
• No OS found: This is when the system can't find the operating system. This can be caused by a failing
hard drive, corrupt system files, or malware.
• Slow profile load: This is when it takes a long time for a user profile to load. This can be caused by a
large number of files in the user's profile, corrupt user profile files, or a lack of available memory.
• Time drift: This is when the system clock is inaccurate. This can be caused by a failing battery on the
motherboard, incorrect time zone settings, or malware
○ Common troubleshooting steps
• Reboot: Restarting the computer is often the first step in troubleshooting many issues. It can help clear
the memory and fix minor issues.
• Restart services: If a particular service is causing issues, you can try restarting it to see if it resolves the
problem.
• Uninstall/reinstall/update applications: If an application is causing issues, you can try uninstalling it and
reinstalling it or updating it to the latest version.
• Add resources: If the computer is running slow, you can try adding more resources like RAM, hard
drive space, or a better processor.
• Verify requirements: Make sure that the computer meets the minimum requirements for the software
or application that is causing issues.
• System file check: Use the built-in System File Checker tool to scan for and repair any corrupted or
missing system files.
• Repair Windows: You can use the built-in Windows Repair tool to fix common issues with the operating
system.
• Restore: You can restore the system to a previous state using System Restore if the issue occurred
after a recent change or update.
• Reimage: In some cases, it may be necessary to reimage the computer to restore it to a working state.
• Roll back updates: If an update caused the issue, you can try rolling back the update to a previous
version.
• Rebuild Windows profiles: If the user profile is causing issues, you can try rebuilding it by creating a
new profile and copying the data over.
3.2 Given a scenario, troubleshoot common personal computer (PC) security issues
○ Common symptoms
• Unable to access the network
□ This could be caused by a malware infection that is blocking network access.
□ Try running a malware scan and checking network settings to ensure they are configured
correctly.
• Desktop alerts
□ If you are receiving desktop alerts that are unfamiliar or suspicious, it could be a sign of malware.
□ Run a malware scan to check for any infections.
• False alerts regarding antivirus protection
□ Some malware may attempt to mimic antivirus software or display false alerts that your
computer is infected.
□ Be cautious and do not click on any suspicious alerts.
□ Run a malware scan with a trusted antivirus software to confirm whether the alerts are real or
fake.
• Altered system or personal files
□ If you notice changes to important files on your system, such as system files or personal
documents, it could be a sign of a malware infection.
□ Run a malware scan and check your file backups to ensure your important files are not lost or
compromised.
• Missing/renamed files
□ If you are missing important files or they have been renamed, it could be a sign of a malware
infection or accidental deletion.
□ Check your backup files and run a malware scan to determine the cause of the missing files.
• Unwanted notifications within the OS
□ If you are receiving unwanted notifications on your computer, it could be a sign of a malware
infection.
□ Run a malware scan to check for any infections and ensure that your operating system is up to
date.
• OS update failures
□ If you are experiencing issues with updating your operating system, it could be due to a malware
infection or other system issue.
□ Run a malware scan and check for any other system issues that may be preventing updates from
installing correctly.
○ Browser-related symptoms
• Random/Frequent Pop-ups: These are windows that appear on top of the web page you are currently
viewing without your consent. They can be caused by malware or adware installed on your computer.
To troubleshoot, you can check your browser's settings to block pop-ups or run an antivirus scan to
remove any malware.
• Certificate Warnings: These warnings appear when a website's SSL/TLS certificate is expired, invalid, or
not issued by a trusted authority. They indicate that the connection between your browser and the
website is not secure, and sensitive information may be intercepted by attackers. To troubleshoot, you
can try accessing the website using a different browser or verify the certificate's details to ensure it's
valid.
• Redirection: This happens when a website redirects you to another website without your consent. It
can be caused by malicious code injected into the website or a phishing attempt. To troubleshoot, you
can check your browser's settings for any unauthorized extensions or plugins installed or run an
antivirus scan to remove any malware.
3.3 Given a scenario, use best practice procedures for malware removal
○ Investigate and verify malware symptoms
• The first step is to investigate the symptoms that indicate the presence of malware on a system. This
includes analyzing system logs, error messages, and abnormal behavior.
○ Quarantine infected systems
• The infected systems must be isolated from the network to prevent the spread of malware.
○ Disable System Restore in Windows
• The System Restore feature in Windows can undo malware removal actions. So, it's recommended to
disable it to prevent malware from being restored.
○ Remediate infected systems
• The next step is to remediate the infected systems. This involves updating anti-malware software and
using scanning and removal techniques to detect and remove malware. Scanning and removal
techniques include using safe mode, pre-installation environment, or other specialized tools.
○ Schedule scans and run updates
• After malware removal, schedule regular scans and run updates to ensure that the system remains
secure.
○ Enable System Restore and create a restore point in Windows
• Once the system is clean, System Restore can be enabled again, and a restore point should be created.
• This will allow the system to be restored to a previous state if any issues arise in the future.
○ Educate the end user
• Finally, end-users should be educated on how to identify and prevent malware infections.
• This includes practicing safe browsing habits, avoiding suspicious emails and links, and keeping their
systems up-to-date with the latest security patches.
3.4 Given a scenario, troubleshoot common mobile OS and application issues
○ Common symptoms
• Application fails to launch:
□ Check if the app is up to date and update it if necessary.
□ Check if there is enough storage space available on the device.
□ Restart the device.
□ Uninstall and reinstall the app.
□ If the issue persists, contact the app developer's support team.
• Application fails to close/crashes:
□ Restart the device.
□ Check if the app is up to date and update it if necessary.
□ Uninstall and reinstall the app.
□ If the issue persists, contact the app developer's support team.
• Application fails to update:
□ Check if the device is connected to the internet.
□ Check if there is enough storage space available on the device.
□ Check if the app is compatible with the device's OS version.
□ Restart the device.
□ Uninstall and reinstall the app.
□ If the issue persists, contact the app developer's support team.
• Slow to respond:
□ Check if there are any pending OS or app updates and update them if necessary.
□ Clear the device's cache.
□ Remove any unused apps.
□ Restart the device.
• OS fails to update:
□ Check if the device is connected to the internet.
□ Check if there is enough storage space available on the device.
•
•
•
•
•
•
•
□ Restart the device.
□ If the issue persists, contact the device manufacturer's support team.
Battery life issues:
□ Check the device's battery usage settings to identify any power-hungry apps or features.
□ Reduce the screen brightness.
□ Disable any unused features such as Bluetooth, WiFi, or location services.
□ Turn on battery-saving mode.
□ If the issue persists, consider replacing the battery or contacting the device manufacturer's
support team.
Randomly reboots:
□ Check if the device is up to date and update it if necessary.
□ Clear the device's cache.
□ Uninstall any recently installed apps.
□ If the issue persists, contact the device manufacturer's support team.
Bluetooth connectivity issues:
□ Check if the device's Bluetooth is turned on and in discoverable mode.
□ Check if the device is within the Bluetooth range of the connected device.
□ Restart the device.
□ Forget and re-pair the Bluetooth connection.
□ If the issue persists, contact the device manufacturer's support team.
WiFi connectivity issues:
□ Check if the device is within the WiFi range and connected to the right network.
□ Restart the device.
□ Forget and re-connect to the WiFi network.
□ If the issue persists, contact the device manufacturer's support team.
Near-field communication connectivity issues (NFC):
□ Check if the device's NFC is turned on.
□ Check if the device is within the NFC range of the connected device.
□ Restart the device.
□ If the issue persists, contact the device manufacturer's support team.
AirDrop connectivity issues:
□ Check if AirDrop is turned on and the device is discoverable.
□ Check if the device is within the AirDrop range of the connected device.
□ Restart the device.
□ If the issue persists, contact the device manufacturer's support team.
Screen does not autorotate:
□ Check if the device's auto-rotate feature is turned on.
□ Check if the device's screen rotation lock is not enabled.
□ Restart the device.
□ If the issue persists, contact the device manufacturer's support team.
3.5 Given a scenario, troubleshoot common mobile OS and application issues
○ Security concerns
• Android Package (APK) Source: Android Package (APK) source refers to the source of the application
file that is used to install the app on an Android device. This source can be from an official app store,
such as Google Play, or it can be downloaded from third-party websites. The security concern with APK
sources is that if the source is not trustworthy, it could contain malware or other malicious code that
could harm the device or compromise the user's data.
• Developer Mode: Developer mode is a feature on Android devices that allows developers to access
additional tools and features for testing and debugging apps. However, enabling developer mode can
also open up security vulnerabilities, as it allows users to access sensitive information, modify system
settings, and install unverified apps that could contain malware.
• Root Access/Jailbreak: Root access (also known as jailbreaking on iOS) refers to the process of
removing the limitations and restrictions imposed by the operating system on an Android or iOS
device, respectively. Rooting or jailbreaking can allow users to customize their devices, access
advanced features, and install unauthorized apps. However, it also removes the security protections
that the operating system provides, leaving the device vulnerable to malware and other security
threats.
• Bootleg/Malicious Application: Bootleg or malicious applications are apps that are not authorized or
verified by the official app store or developer. These apps can contain malware or other malicious code
that can harm the device, compromise the user's data, or steal sensitive information. Bootleg apps can
be downloaded from third-party websites or shared through file-sharing services.
• Application Spoofing: Application spoofing is a technique used by attackers to create a fake or
fraudulent version of a legitimate app. The spoofed app may look and function like the original, but it
may contain malware or other malicious code that can harm the device or compromise the user's data.
Application spoofing can be used to distribute phishing attacks, steal login credentials, or install
malware on the device.
○ Common symptoms
• High network traffic: High network traffic on a mobile device can be a sign that there are apps or
processes running in the background that are consuming data or connecting to suspicious servers. This
could indicate a malware infection, especially if the network traffic continues even when the device is
not actively being used.
• Sluggish response time: Sluggish response time on a mobile device can be a symptom of a malware
infection, especially if it occurs when launching or using specific apps. Malware can consume system
resources and slow down the device's performance.
• Data-usage limit notification: Receiving a data-usage limit notification, despite not having used the
device heavily, can be a sign of malware on the device. Malware can consume data in the background
without the user's knowledge, leading to unexpected data usage.
• Limited Internet connectivity: Limited internet connectivity can be a sign that there is a problem with
the device's network configuration or that there is malware interfering with the device's ability to
connect to the internet. Malware can modify network settings to redirect traffic to malicious servers.
• No internet connectivity: Complete loss of internet connectivity can be a sign of malware or a technical
issue with the device's network settings. Malware can modify the device's network settings or block
access to the internet altogether.
• High number of ads: A high number of ads appearing on the device can be a sign of adware or
malware. Adware can display ads in apps or on the device's lock screen, which can interfere with
normal use and even lead to other security issues.
• Fake security warnings: Fake security warnings appearing on the device can be a sign of malware
attempting to trick the user into downloading and installing a malicious app or visiting a phishing
website. The warnings may appear as pop-ups or notifications, and they may claim that the device is
infected with a virus or other malware.
• Unexpected application behavior: Unexpected application behavior, such as crashing or freezing, can
be a sign of malware on the device. Malware can interfere with app functionality and cause them to
behave erratically.
• Leaked personal files/data: Personal files or data leaking from the device can be a sign of malware or a
security vulnerability on the device. Malware can steal data or modify settings to allow other attackers
to access the device's data.
4.0 - Operational Procedures (22%)
4.1 Given a scenario, implement best practices associated with documentation and support systems
information management
○ Ticketing systems:
• User Information: In a ticketing system, it's important to collect complete and accurate user
information, such as name, contact details, and department. This information can help the support
team quickly identify the user and their role within the organization, as well as reach out to them for
additional information if necessary.
• Device Information: Similarly, it's important to collect complete and accurate device information, such
as the make and model of the device, the operating system, and any other relevant hardware or
software details. This information can help the support team troubleshoot the issue more effectively
and determine if the problem is related to a specific device or software configuration.
• Description of Problems: When submitting a ticket, it's crucial to provide a clear and detailed
description of the problem. This should include any error messages, symptoms, and steps taken to
reproduce the issue. The more information provided, the easier it will be for the support team to
diagnose and resolve the problem.
• Categories: Categorizing tickets can help the support team manage and prioritize their workload. Best
practices include using a limited number of categories that are specific enough to be useful, but not so
narrow that they become too granular. It's also important to ensure that all tickets are categorized
consistently, so that similar issues are grouped together and can be addressed more efficiently.
• Severity: Assigning a severity level to a ticket can help the support team prioritize their work and
ensure that critical issues are addressed quickly. Best practices include defining severity levels clearly,
and ensuring that they align with the organization's business needs and priorities.
• Escalation Levels: Establishing a clear escalation path for tickets can help ensure that critical issues are
addressed quickly and that the appropriate resources are engaged to resolve them. Best practices
include defining escalation levels and response times clearly, and ensuring that all stakeholders are
aware of the escalation process.
• Clear, Concise Written Communication: Clear, concise written communication is essential for effective
ticketing system management. This includes providing a clear and detailed problem description when
submitting a ticket, as well as providing progress notes that are relevant and easy to understand. When
resolving a problem, it's important to provide a clear and concise explanation of the solution, including
any relevant steps taken and any necessary follow-up actions.
○ Asset management
• Inventory Lists: Inventory lists are important in asset management because they provide a
comprehensive record of all assets owned by an organization. This can include details such as the type
of asset, the make and model, the location, and the date of acquisition. With an accurate inventory list,
organizations can more effectively manage their assets, identify redundant or underutilized
equipment, and plan for future asset procurement.
• Database System: A database system is essential for effective asset management, as it provides a
centralized location for storing and managing asset data. With a database system, organizations can
track the location, condition, and utilization of assets, as well as manage procurement and disposal
processes. A well-designed database system can also provide real-time visibility into asset performance
and utilization, enabling organizations to make more informed decisions about asset management.
• Asset Tags and IDs: Asset tags and IDs are important for asset tracking and management. They provide
a unique identifier for each asset, making it easy to track the asset's location, condition, and utilization.
Asset tags and IDs can also be used to automate asset tracking and management processes, such as
inventory audits and maintenance scheduling.
• Procurement Life Cycle: The procurement life cycle is important for effective asset management, as it
enables organizations to acquire the right assets at the right time and at the right price. The
procurement life cycle includes processes such as planning, vendor selection, purchasing, and delivery.
With an effective procurement process, organizations can ensure that they have the assets they need
to support their operations, while minimizing costs and reducing the risk of asset redundancy or
underutilization.
• Warranty and Licensing: Warranty and licensing information is important for asset management, as it
helps organizations track the expiration dates of warranties and licenses, as well as ensure compliance
with licensing agreements. With accurate warranty and licensing information, organizations can
proactively manage asset maintenance and licensing requirements, reducing the risk of downtime or
legal penalties.
• Assigned Users: Assigned user information is important for asset management, as it enables
organizations to track who is responsible for each asset and how it is being used. With assigned user
information, organizations can more effectively manage asset utilization and track the performance of
individual assets. Assigned user information can also be used to automate processes such as asset
check-in/check-out and maintenance scheduling.
○ Types of documents
• Acceptable use policy (AUP): A document that outlines the rules and guidelines for using a company's
IT resources. It typically includes rules on what types of activities are acceptable and unacceptable, as
well as consequences for violating the policy.
• Network topology diagram: A graphical representation of the physical and logical connections between
devices in a network. It shows how devices are connected and how data flows through the network.
• Regulatory compliance requirements: A document that outlines the legal and regulatory requirements
that a company must adhere to. It may include requirements for data privacy, security, and other
areas.
□ Splash screens: A document that outlines the legal and regulatory requirements for splash
screens, which are typically the first screen that users see when they launch a software
application or website.
• Incident reports: A document that details an incident or event that occurred, such as a security breach
or system outage. It typically includes information on the cause of the incident, the impact it had, and
steps taken to resolve it.
• Standard operating procedures: A document that outlines the standard procedures that must be
followed for a particular task or process. It typically includes step-by-step instructions and may include
flowcharts or diagrams.
□ Procedures for custom installation of software package: A document that outlines the procedures
for installing a custom software package on a computer or network. It may include information
on hardware and software requirements, installation steps, and troubleshooting tips.
• New-user setup checklist: A document that outlines the steps and requirements for setting up a new
user account or workstation. It typically includes information on hardware and software requirements,
user permissions, and security settings.
• End-user termination checklist: A document that outlines the steps and requirements for terminating
an end user's access to company IT resources. It typically includes information on data backup and
deletion, account deactivation, and security measures.
○ Knowledge base/articles
• A knowledge base is a centralized repository of information that provides support and guidance to
customers or users. In the context of support systems, a knowledge base typically contains articles,
tutorials, FAQs, and other resources that help users troubleshoot common issues, answer questions,
and learn how to use a product or service effectively.
• Knowledge base articles are written documents that explain various aspects of a product or service.
They can cover a wide range of topics, from basic how-to guides to more advanced technical
information. Knowledge base articles are designed to be easy to read and understand, so that users
can quickly find the information they need.
• Support systems often use knowledge bases to provide self-service support to customers. Instead of
having to contact a support representative, customers can search the knowledge base for answers to
their questions or solutions to their problems. This can help reduce the volume of support requests,
improve customer satisfaction, and lower support costs for the organization.
• In addition to providing self-service support, knowledge bases can also be used by support
representatives to assist customers during live support interactions. Representatives can search the
knowledge base for relevant articles and share them with customers to help them resolve their issues
more quickly.
• Overall, a knowledge base is an essential component of any support system, providing users with the
information they need to get the most out of a product or service, and enabling support organizations
to deliver high-quality support at scale.
4.2 Explain basic change-management best practices
○ Documented business processes
• Rollback plan: A rollback plan is a documented process that outlines the steps to be taken if there is a
need to revert a system or application to its previous state or version. This plan is created to ensure
that if an update or change causes unexpected issues or errors, the organization can quickly and
efficiently return to the previous state of the system. A rollback plan typically includes steps for
identifying the issue, determining the cause, identifying the steps required to roll back the change, and
communicating with stakeholders about the rollback process. Having a rollback plan can help minimize
disruption to operations and reduce the risk of data loss or corruption.
• Sandbox testing: Sandbox testing is a process of testing software or applications in a controlled,
isolated environment that is separate from the production environment. This approach allows
developers or testers to test new features, functions, or changes without impacting the live system. A
sandbox environment can be set up to mimic the production environment as closely as possible, and
data can be copied over from the production environment for testing purposes. This approach helps
identify and address any issues or bugs before they are deployed in the live environment, reducing the
risk of disrupting operations or causing harm to the system or users.
• Responsible staff member: A responsible staff member is an individual who is assigned a specific role
or responsibility within a documented business process. This person is accountable for ensuring that
the process is followed correctly and that the desired outcome is achieved. Responsibilities may
include overseeing the execution of the process, communicating with stakeholders, making decisions,
and addressing issues or concerns. The responsible staff member is typically identified in the process
documentation, and their role is clearly defined to ensure that everyone involved understands their
responsibilities and can work together effectively.
○ Change management
• Request forms: Using change request forms is a best practice in change management to ensure that all
proposed changes are documented and tracked. Request forms should include information such as the
requester's name, contact information, and the reason for the change request. This information helps
the change management team to prioritize, evaluate, and plan the change.
• Purpose of the change: Defining the purpose of the change is crucial for effective change management.
The purpose should be clearly stated and communicated to all stakeholders. This helps ensure that
everyone understands why the change is necessary, and it helps to gain support and buy-in from those
affected by the change.
• Scope of the change: Defining the scope of the change is essential to ensure that the change is wellunderstood and its impact is fully assessed. The scope should be defined in terms of the systems,
processes, and people that will be impacted by the change.
• Date and time of the change: It is important to schedule changes at times when they will have minimal
impact on operations. Change management should work with stakeholders to determine the best time
for the change, and document the date and time in the change request form and other relevant
documentation.
• Affected systems/impact: Identifying the systems that will be impacted by the change is necessary to
assess the impact of the change. A thorough understanding of the potential impact will allow for
proper planning, risk management, and communication to stakeholders.
• Risk analysis: Conducting a risk analysis helps identify potential risks that may arise from the change.
This allows the change management team to develop plans to mitigate and manage risks to avoid or
minimize negative consequences.
□ Risk level: Assigning risk levels to identified risks helps prioritize which risks should be addressed
first. A risk level matrix can be used to identify the severity of the risk, the likelihood of the risk
occurring, and the impact it may have on the organization.
□ Risk responses:
 Avoidance: Avoidance is a risk response strategy where the organization takes action to
eliminate or change the factors that create the risk. This strategy can be appropriate when
the risk is deemed too high or the cost of addressing the risk is greater than the potential
benefits.
 Mitigation: Mitigation is a risk response strategy where the organization takes steps to
reduce the probability or impact of a risk. This strategy can involve taking proactive
measures to reduce the likelihood of the risk occurring or developing contingency plans to
address the risk if it does occur.
 Transfer: Transfer is a risk response strategy where the organization shifts the risk to a third
party. This strategy can involve purchasing insurance or outsourcing a function or process to
a third party. The third party takes on the responsibility for managing the risk, and the
organization is protected against potential losses.
 Acceptance: Acceptance is a risk response strategy where the organization chooses not to
take any action to address the risk. This strategy can be appropriate when the risk is low or
the cost of addressing the risk is greater than the potential benefits. In this strategy, the
organization acknowledges the risk and is prepared to accept the potential consequences if
the risk occurs.
• Change board approvals: A change board is a group of individuals responsible for evaluating and
approving or rejecting changes. The change board should include representatives from different areas
of the organization, including IT, operations, and management. The board should review and approve
all proposed changes to ensure that they are in line with the organization's objectives and goals.
• End-user acceptance: End-user acceptance is critical to the success of any change. Ensuring that endusers are informed about the change, properly trained, and have an opportunity to provide feedback
helps to ensure that the change is well-received and adopted. End-user acceptance should be
considered throughout the entire change management process.
4.3 Given a scenario, implement workstation backup and recovery methods
○ Backup and recovery
• Full backup: A full backup is a complete copy of all data and files that need to be backed up. It is the
most comprehensive backup strategy and is typically performed periodically, such as daily, weekly, or
monthly. Full backups can be time-consuming and require significant storage space, but they provide
the most comprehensive protection against data loss.
• Incremental backup: An incremental backup is a backup strategy that only copies the data that has
changed since the last daily backup. This type of backup is faster and requires less storage space than a
full backup, but it may take longer to restore data in the event of a disaster. Incremental backups are
typically performed on a daily basis.
• Differential backup: A differential backup is a backup strategy that copies all the data that has changed
since the last full backup. This type of backup is faster than a full backup and requires less storage
space than incremental backup, but it still requires more storage space and time to complete than an
incremental backup. Differential backups are typically performed on a daily basis.
• Synthetic backup: A synthetic backup is a backup strategy that combines full and incremental backups
to create a complete backup copy. This type of backup can provide the benefits of both full and
incremental backups, with faster backup times and reduced storage requirements. Synthetic backups
are typically performed on a regular schedule, such as weekly or monthly.
○ Backup testing
• Regardless of the backup and recovery strategy, it is essential to regularly test and verify the backups
to ensure that they are working correctly and can be restored in the event of a disaster. Additionally, it
is important to store backups in a secure location, such as offsite or in the cloud, to ensure that they
are protected against physical damage or theft.
• Backup testing is an important aspect of ensuring the recoverability of critical data in case of a disaster
or unexpected outage. The frequency of backup testing refers to how often backup tests should be
conducted to ensure that the backup data is recoverable and can be used to restore the system to its
normal state.
• The frequency of backup testing depends on several factors, including the volume and frequency of
data changes, the criticality of the data, the complexity of the backup system, and the overall recovery
time objectives (RTO) and recovery point objectives (RPO) of the organization.
• In general, backup testing should be conducted on a regular basis to ensure that the backup data is upto-date and reliable. The frequency of backup testing may range from daily to weekly or monthly,
depending on the specific needs of the organization.
• However, it is important to note that backup testing should not be conducted at the expense of
production systems or user experience. Therefore, the frequency of backup testing should be balanced
with the organization's overall priorities and operational needs.
○ Backup rotation schemes
• On site vs. off site: On-site backups are stored at the same location as the original data, whereas offsite backups are stored at a different location. Having an off-site backup is important in case of a
disaster such as a fire or flood that could destroy both the original data and the on-site backup.
• Grandfather-father-son (GFS): The GFS backup rotation scheme involves creating three sets of
backups: the grandfather backup, the father backup, and the son backup. The grandfather backup is
the oldest backup and is typically stored off-site. The father backup is a more recent backup and is
usually stored on-site. The son backup is the most recent backup and is stored on a separate device for
easy access in case of data loss.
• 3-2-1 backup rule: The 3-2-1 backup rule is a backup rotation scheme that recommends creating three
copies of your data, stored in two different formats, and at least one of the copies should be stored
off-site. This ensures that there is a backup available in case of any disaster or failure.
4.4 Given a scenario, use common safety procedures
○ Electrostatic discharge (ESD) straps: These are straps that are worn on the wrist to ground the wearer and
prevent the buildup and discharge of static electricity that can damage electronic components.
○ ESD mats: These are special mats that are placed on the work surface to prevent the buildup of static
electricity and provide a safe work area for handling electronic components.
○ Equipment grounding: Proper grounding of equipment is important to prevent electric shock and damage to
equipment from electrical surges.
○ Proper power handling: This involves ensuring that the correct voltage and amperage are used when
connecting equipment to power sources, and avoiding overloading electrical circuits.
○ Proper component handling and storage: Electronic components are sensitive to moisture, static electricity,
and physical damage. Therefore, they should be handled with care and stored properly in a dry, cool, and
static-free environment.
○ Antistatic bags: These are special bags that are used to store and transport electronic components, providing
protection from static electricity and physical damage.
○ Compliance with government regulations: Adhering to government regulations related to workplace safety,
such as those related to electrical safety and hazardous materials handling, is important to ensure the safety
of employees.
○ Personal safety: This includes following safety procedures such as:
• Disconnect power before repairing PC: Always turn off and disconnect the power supply before
performing any maintenance or repair work on a computer.
• Lifting techniques: Use proper lifting techniques to avoid injury when moving heavy equipment.
• Electrical fire safety: Be aware of fire hazards associated with electrical equipment and take
appropriate measures to prevent fires.
• Safety goggles: Wear safety goggles to protect your eyes from dust, debris, and other hazards when
working with hardware.
• Air filtration mask: Use an air filtration mask to protect yourself from inhaling harmful dust or fumes
when working with hardware.
4.5 Summarize environmental impacts and local environmental controls
○ Material safety data sheet (MSDS)/documentation for handling and disposal
• Proper disposal of batteries, toner, and other electronic devices and assets is important to minimize
the environmental impact and ensure compliance with regulations. The Material Safety Data Sheet
(MSDS) provides information on the safe handling, storage, and disposal of these materials.
• Proper battery disposal: Batteries can contain hazardous materials such as lead, mercury, and
cadmium, which can contaminate the environment if not disposed of properly. The MSDS provides
information on how to handle and dispose of batteries in a safe and environmentally responsible
manner, including recycling or disposal at approved facilities.
• Proper toner disposal: Toner cartridges and other printing supplies may contain hazardous materials
such as toner dust, which can be harmful if inhaled. The MSDS provides information on how to safely
handle and dispose of toner cartridges, including recycling or disposal at approved facilities.
• Proper disposal of other devices and assets: Electronic devices and assets such as computers, monitors,
and printers contain hazardous materials such as lead, mercury, and cadmium, which can contaminate
the environment if not disposed of properly. The MSDS provides information on how to handle and
dispose of these devices and assets in a safe and environmentally responsible manner, including
recycling or disposal at approved facilities.
○ Temperature, humidity-level awareness, and proper ventilation
• Location/equipment placement: Electronic equipment should be placed in a location that has adequate
ventilation and temperature control. Extreme temperatures and humidity levels can cause damage to
the equipment and may result in malfunctioning. Proper placement ensures the equipment operates
optimally and avoids overheating.
• Dust cleanup: Dust buildup can clog equipment's ventilation and cause it to overheat. Regular dust
cleaning, using specialized cleaning products, is essential to prevent equipment failure due to excessive
heat. Cleaning should be performed in a well-ventilated area.
• Compressed air/vacuums: Compressed air and vacuums are effective tools to clean equipment from
dust and debris. When using compressed air, it's important to avoid blowing dust and debris deeper
into the equipment, which can cause more harm. Also, ensure the compressed air is clean and free
from moisture. When using vacuums, use ones that are specially designed for electronics and ensure
they are grounded to avoid any static build-up.
• Temperature: Between 64.4°F (18°C) to 80.6°F (27°C) with a maximum temperature difference of 9°F
(5°C) within a rack and a maximum of 18°F (10°C) from the front to the back of the equipment.
• Humidity: Between 40% to 60% relative humidity (RH). If the humidity is too high, it can cause
condensation, which can damage the equipment. If the humidity is too low, it can cause electrostatic
discharge (ESD), which can also damage the equipment.
○ Power surges, under-voltage events, and power failures
• Power surges: A power surge is a sudden increase in voltage that lasts for a short period. Power surges
can cause damage to electronic equipment such as computers, servers, and networking devices. Power
surges can occur due to lightning strikes, power outages, or when large appliances are turned on or off.
It's important to protect electronic equipment from power surges using surge protectors or
uninterruptible power supplies (UPS).
• Under-voltage events and power failures: An under-voltage event is a decrease in voltage that lasts for
a short period. Under-voltage events can cause electronic equipment to malfunction or fail. Power
failures occur when there is a complete loss of power. Power failures and under-voltage events can
occur due to power outages, brownouts, or faults in the electrical distribution system. Protecting
electronic equipment from these events can be achieved through the use of a UPS, which provides
temporary power to the equipment until normal power is restored.
• Battery backup: A battery backup is a device that provides temporary power to electronic equipment
during a power outage. A battery backup, also known as an uninterruptible power supply (UPS), can
help prevent data loss and equipment damage caused by power surges, under-voltage events, and
power failures.
• Surge suppressor: A surge suppressor is a device that protects electronic equipment from power
surges by redirecting excess voltage to a grounding wire. Surge suppressors are often used in
combination with battery backups or UPS devices to protect electronic equipment from damage
caused by power surges. Surge suppressors can be found in power strips or as standalone devices and
are an essential component of protecting electronic equipment from power surges.
4.6 Explain the importance of prohibited content/activity and privacy, licensing, and policy concepts
○ Incident Response
• Chain of custody: The chain of custody is a crucial component of incident response that ensures the
integrity and admissibility of evidence in legal proceedings. It involves a documented and unbroken
trail of evidence custody, from the initial collection to its final disposition. Properly maintaining the
chain of custody is important to ensure that evidence is not lost, destroyed, or tampered with during
the investigation.
• Inform management/law enforcement as necessary: In the event of an incident, it's important to
inform management and law enforcement as necessary. This allows for the proper allocation of
resources and ensures that the incident is handled appropriately. Management can assist in
coordinating incident response efforts and communicating with stakeholders, while law enforcement
can provide investigative resources and expertise.
• Copy of drive (data integrity and preservation): As part of the incident response process, it's important
to make a copy of the affected drive or system to preserve the data for further analysis. This copy is
often referred to as a forensic image, and it's important to ensure that it's a bit-for-bit copy to maintain
data integrity. The original drive or system should be secured and preserved to maintain the chain of
custody.
• Documentation of incident: Documentation of the incident is essential to ensure that all information
related to the incident is recorded accurately and completely. This documentation should include
information about the incident, the response efforts, and any findings or conclusions. It's important to
keep detailed records of the incident to aid in future incident response efforts, regulatory compliance,
and legal proceedings if necessary.
○ Licensing/digital rights management (DRM)/end-user licensing agreement (EULA)
• Digital rights management (DRM): DRM is a type of licensing that is used to protect and manage digital
content such as software, music, and movies. DRM technologies are used to control the use,
modification, and distribution of digital content, typically to prevent unauthorized copying, sharing, or
use of the content.
• End-user license agreement (EULA): An EULA is a legal agreement between the software provider and
the end-user. The EULA outlines the terms and conditions under which the software can be used,
including restrictions on use, warranties, liability, and intellectual property rights.
• Valid licenses: A valid license is a legal agreement that grants the user the right to use a product or
service. A valid license ensures that the user has the legal right to use the product or service and is not
infringing on any intellectual property rights.
• Non-expired licenses: A non-expired license is a license that is still valid and has not expired. It ensures
that the user has the legal right to use the product or service and has not violated any license terms or
conditions.
• Personal use license vs. corporate use license: A personal use license grants an individual the right to
use a product or service for personal, non-commercial purposes. A corporate use license, on the other
hand, grants a business or organization the right to use a product or service for commercial or business
purposes.
• Open-source license: An open-source license is a type of software license that grants users the right to
view, modify, and distribute the source code of the software. Open-source licenses typically allow for
the free use, modification, and distribution of the software, subject to certain conditions and
restrictions.
○ Regulated data
• Credit card transactions: Credit card transactions are a type of regulated data that are subject to the
Payment Card Industry Data Security Standard (PCI DSS). This standard outlines requirements for the
protection of credit card data, including requirements for secure transmission, storage, and processing
of credit card information.
• Personal government-issued information: Personal government-issued information, such as social
security numbers, driver's license numbers, and passport numbers, are subject to various privacy
regulations, such as the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and
Accountability Act (HIPAA).
• PII: Personally Identifiable Information (PII) is any information that can be used to identify an
individual, such as name, address, phone number, email address, and social security number. PII is
subject to various privacy regulations, such as the General Data Protection Regulation (GDPR) and the
California Consumer Privacy Act (CCPA).
• Healthcare data: Healthcare data is a type of regulated data that is subject to HIPAA. This regulation
outlines requirements for the protection of patient health information, including requirements for
secure transmission, storage, and processing of health data.
• Data retention requirements: Data retention requirements refer to the regulations that govern how
long certain types of data must be retained. For example, certain financial records must be retained for
a minimum of seven years under the Internal Revenue Service (IRS) regulations. Failure to comply with
data retention requirements can result in penalties and fines.
4.7 Given a scenario, use proper communication techniques and professionalism
○ Professional appearance and attire
• Matching the required attire of the given environment is an important aspect of professional
appearance and attire. It shows respect for the workplace and helps to maintain a professional image.
• Formal attire is typically required for formal occasions such as business meetings, interviews, and
special events. This may include a suit and tie for men, and a dress or suit for women.
• Business casual attire is less formal than formal attire but still maintains a professional image. This may
include slacks or khakis with a dress shirt or blouse for men, and a dress, skirt or dress pants with a
blouse or sweater for women.
• It's important to follow the dress code of the workplace and understand the expectations for
professional appearance. This can vary depending on the industry, workplace culture, and specific job
role. By matching the required attire of the given environment, individuals can present themselves in a
professional manner and contribute to a positive workplace image.
○ Use proper language and avoid jargon, acronyms, and slang, when applicable: Effective communication
involves conveying information clearly and concisely. When communicating with customers, colleagues, or
superiors, it's important to use language that is appropriate for the situation. Avoid using technical jargon,
acronyms, or slang that may be confusing or misunderstood by the recipient.
○ Maintain a positive attitude/project confidence: Maintaining a positive attitude and projecting confidence
can help to establish trust and build rapport with customers, colleagues, or superiors. By demonstrating
confidence in your abilities, you can instill confidence in others and inspire them to work with you.
○ Actively listen, take notes, and avoid interrupting the customer: Active listening involves paying attention to
what the other person is saying and responding appropriately. When communicating with customers,
colleagues, or superiors, it's important to listen actively, take notes, and avoid interrupting them. This shows
that you value their input and are willing to engage in a productive conversation.
○ Be culturally sensitive
• Being culturally sensitive involves being aware and respectful of cultural differences and norms, and
recognizing how they may impact communication and interactions with others. One aspect of cultural
sensitivity is using appropriate professional titles when applicable.
• Professional titles can vary depending on culture and country, and it's important to use the
appropriate title when communicating with individuals from different backgrounds. This demonstrates
respect for their culture and professional status, and can help to establish a positive rapport.
• For example, in some cultures, it is customary to use honorific titles such as "Dr." or "Professor" when
addressing individuals with advanced degrees or academic positions. In other cultures, such titles may
not be as commonly used, or there may be different titles that hold similar meaning.
• When in doubt, it's best to ask the individual how they would like to be addressed. This shows that you
are respectful of their culture and professional status, and can help to avoid any potential
misunderstandings or cultural faux pas. By using appropriate professional titles, you can demonstrate
cultural sensitivity and build stronger relationships with individuals from diverse backgrounds.
○ Avoid distractions
• Personal calls: Personal calls can be a major distraction in the workplace. It's important to avoid taking
personal calls during work hours, unless it's an emergency. If you need to take a call, try to step away
from your work area and keep the call brief.
• Texting/social media sites: Texting and social media can be major distractions, especially if you receive
frequent notifications or alerts. To avoid distractions, try to limit your use of social media and texting
during work hours. If you need to check your phone or respond to a message, try to do so quickly and
then put your phone away.
• Personal interruptions: Personal interruptions, such as colleagues stopping by to chat or asking for help
with non-work-related tasks, can be a major distraction. To avoid these interruptions, try to establish
boundaries and communicate your priorities clearly. Let your colleagues know when you're busy or
need to focus on a task, and ask them to respect your time.
○ Dealing with difficult customers
• Do not argue with customers or be defensive: It's important to remain calm and avoid becoming
defensive or argumentative when dealing with difficult customers. Instead, try to listen to their
concerns and address them in a respectful and professional manner.
• Avoid dismissing customer problems: Even if you don't agree with a customer's complaint or issue, it's
important to take their concerns seriously and address them to the best of your ability. Avoid
dismissing customer problems or concerns, as this can lead to further frustration and dissatisfaction.
• Avoid being judgmental: It's important to avoid being judgmental when dealing with difficult
customers, as this can escalate the situation and make it more difficult to resolve. Try to approach the
situation with empathy and understanding, and focus on finding a solution that meets the customer's
needs.
• Clarify customer statements: To better understand a customer's issue or problem, it can be helpful to
ask open-ended questions to narrow the scope of the problem, restate the issue in your own words, or
question to verify your understanding. This can help you identify the root cause of the problem and
find a solution that meets the customer's needs.
• Do not disclose experience via social media outlets: It's important to maintain confidentiality and
professionalism when dealing with difficult customers or situations. Avoid disclosing any details or
experiences related to the situation via social media outlets, as this can compromise customer privacy
and damage your professional reputation.
○ Set and meet expectations/time line and communicate status with the customer
• Offer repair/replacement options, as needed: If the customer's device or equipment is beyond repair
or replacement is necessary, offer appropriate options and communicate them clearly to the customer.
This includes detailing the cost, warranty, and any other relevant information.
• Provide proper documentation on the services provided: Ensure that the customer receives proper
documentation on the services provided, such as a detailed report of the issue and the steps taken to
resolve it. This can include an itemized bill, repair log, or maintenance report.
• Follow up with customer/user at a later date to verify satisfaction: After the repair or service has been
provided, follow up with the customer to verify their satisfaction and ensure that the issue has been
resolved to their liking. This can be done via phone or email and can also provide an opportunity to ask
for feedback on the service provided.
○ Deal appropriately with customers' confidential and private materials
• When dealing with customers' confidential and private materials located on a computer, desktop,
printer, or other device, it is important to take the following steps:
□ Respect the customer's privacy: Ensure that the customer's confidential and private materials are
not shared or accessed by anyone else without their explicit consent.
□ Obtain permission: Before accessing or working on the customer's device, obtain their permission
to access their confidential and private materials.
□ Protect confidential data: Use appropriate security measures to protect the customer's
confidential data, such as using strong passwords, encryption, and firewalls.
□ Follow proper disposal procedures: If the device or equipment needs to be disposed of or
recycled, follow proper disposal procedures to ensure that any confidential data is securely
erased or destroyed.
□ Keep communication professional: While handling confidential and private materials, maintain a
professional demeanor and communicate in a clear and respectful manner. Avoid making any
inappropriate or unprofessional comments that may be seen as disrespectful or offensive to the
customer.
4.8 Identify the basics of scripting
○ Script file types
• .bat: This is a batch file used on Windows systems that contain a series of commands for the operating
system to execute. It is usually created using a text editor and can be used to automate tasks or run
specific programs.
• .ps1: This is a PowerShell script file used on Windows systems. PowerShell is a task automation and
configuration management framework developed by Microsoft, and .ps1 files contain scripts written in
the PowerShell language.
• .vbs: This is a Visual Basic script file used on Windows systems. It is a scripting language developed by
Microsoft and can be used to automate tasks, customize Windows settings, and create simple
programs.
• .sh: This is a shell script file used on Unix-based systems, including Linux and macOS. It contains
commands written in a shell programming language and can be used to automate tasks, run programs,
and manage system settings.
• .js: This is a JavaScript file used for scripting on web pages, but it can also be used for server-side
scripting using Node.js. JavaScript is a high-level programming language used for web development
and can be used to automate tasks and create simple programs.
• .py: This is a Python script file used on various systems, including Windows, Linux, and macOS. Python
is a high-level programming language used for general-purpose programming, and .py files can be used
to automate tasks, create programs, and develop web applications.
○ Use cases for scripting
• Basic automation: Scripting can be used to automate repetitive tasks, such as creating or deleting files,
copying or moving data, renaming files or folders, and more. This can save a significant amount of time
and increase efficiency in the workplace.
• Restarting machines: Scripts can be used to automate the process of restarting machines, either on
demand or on a schedule. This can be particularly useful for maintaining server uptime and reducing
downtime during maintenance.
• Remapping network drives: Scripts can also be used to remap network drives, either on demand or
automatically at login. This can help ensure that users have access to the resources they need, without
having to manually map drives each time.
• Installation of applications: Scripts can be used to automate the installation of applications across
multiple computers or users, either locally or remotely. This can be particularly useful for IT
departments that need to install or update software on a large number of machines.
• Automated backups: Scripts can be used to automate the process of backing up data, either locally or
to remote servers. This can help ensure that critical data is protected and available in the event of a
disaster or system failure.
• Gathering of information/data: Scripts can be used to gather information or data from various sources,
such as log files, databases, or other systems. This information can be used for analysis or reporting
purposes, or to help identify and resolve issues.
• Initiating updates: Scripts can be used to automate the process of initiating updates, either for
operating systems, applications, or other software. This can help ensure that systems are kept up-todate with the latest security patches and features.
○ Other considerations when using scripting
• Unintentionally introducing malware: Scripts can potentially introduce malware into the system if they
are not properly designed or if they are obtained from unreliable sources. It's important to only use
scripts from reputable sources and to thoroughly scan them for viruses or other malicious code.
• Inadvertently changing system settings: Scripts can modify system settings, which can have unintended
consequences. It's important to carefully test scripts and ensure they do not have any unintended
effects on the system.
• Browser or system crashes due to mishandling of resources: Scripts can cause system resources such as
memory or CPU usage to spike, which can lead to crashes or freezes. It's important to design scripts in
a way that does not excessively tax system resources and to monitor system performance while
running scripts to catch any potential issues early on.
4.9 Given a scenario, use remote access technologies
○ Methods/tools
• RDP (Remote Desktop Protocol) is a proprietary protocol developed by Microsoft that allows users to
remotely connect to a Windows-based computer over a network connection.
• VPN (Virtual Private Network) is a secure connection that allows remote users to securely access a
company's private network through the internet.
• VNC (Virtual Network Computer) is a software that allows remote access and control of a computer
desktop over a network connection.
• SSH (Secure Shell) is a cryptographic network protocol that allows secure remote access to a computer
system.
• RMM (Remote Monitoring and Management) is a software tool that enables IT administrators to
monitor and manage remote computers and networks from a central location.
• MSRA (Microsoft Remote Assistance) is a tool built into Windows that allows users to receive remote
help from an IT administrator or another user.
• Screen-sharing software allows remote users to see and control another computer's screen.
• Video-conferencing software allows remote users to participate in virtual meetings and collaborate
with others in real-time through video and audio.
• File transfer software enables users to transfer files between remote computers securely.
• Desktop management software helps IT administrators to remotely manage and support desktop
computers, servers, and mobile devices.
○ Security considerations of each access method
• RDP (Remote Desktop Protocol): RDP is a commonly used method for remote access and control of
Windows machines. To ensure security, it is recommended to use strong authentication mechanisms
and enforce proper password policies. Additionally, RDP traffic should be encrypted using SSL/TLS or a
VPN, and access should be restricted to authorized users only.
• VPN (Virtual Private Network): VPNs provide a secure tunnel for remote access to internal networks.
To ensure security, it is important to use strong authentication methods, including two-factor
authentication, and use encryption to protect traffic. VPNs should also be configured to allow access
only to authorized users and to enforce security policies.
• VNC (Virtual Network Computing): VNC is a remote desktop sharing system that allows users to view
and control another computer over a network. To ensure security, it is important to use strong
authentication methods and to encrypt VNC traffic. Access should also be restricted to authorized
users only.
• SSH (Secure Shell): SSH is a secure protocol for remote command-line access and file transfer. To
ensure security, it is important to use strong authentication methods and to encrypt SSH traffic.
Additionally, SSH servers should be configured to allow access only to authorized users and to enforce
security policies.
• RMM (Remote Monitoring and Management): RMM software is used by IT professionals to remotely
monitor and manage client systems. To ensure security, it is important to use strong authentication
methods, including two-factor authentication, and to encrypt RMM traffic. Access should also be
restricted to authorized users only.
• MSRA (Microsoft Remote Assistance): MSRA is a built-in tool in Windows that allows users to remotely
control a Windows machine. To ensure security, it is important to use strong authentication methods
and to encrypt MSRA traffic. Access should also be restricted to authorized users only.
• Third-party tools: There are many third-party remote access tools available, and security
considerations will vary depending on the specific tool being used. It is important to carefully evaluate
the security features and risks of any third-party tool before using it for remote access.
□ Screen-sharing software: Screen-sharing software allows users to share their desktops with
others over a network. To ensure security, it is important to use strong authentication methods
and to encrypt screen-sharing traffic. Access should also be restricted to authorized users only.
□ Video-conferencing software: Video-conferencing software allows users to hold meetings and
conferences remotely. To ensure security, it is important to use strong authentication methods
and to encrypt video-conferencing traffic. Access should also be restricted to authorized users
only.
□ File transfer software: File transfer software is used to transfer files between systems over a
network. To ensure security, it is important to use strong authentication methods and to encrypt
file transfer traffic. Additionally, access should be restricted to authorized users and files should
be scanned for malware before transfer.
□ Desktop management software: Desktop management software is used by IT professionals to
remotely manage client systems. To ensure security, it is important to use strong authentication
methods, including two-factor authentication, and to encrypt desktop management traffic.
Access should also be restricted to authorized users only.