Welcome to the second half, CompTIA A+ 220-902 study notes! This is quite the wall of text, even bigger than my CompTIA A+ 220-901 study guide by about 2K words.

Again, a fair warning to those who use a weak PC.

Much like the last study guide, this is mostly text.

This information came from some knowledge I already had in the industry, as I took the exam many years ago. Other parts came from random articles, including Wikipedia websites such as sevenforums.com and eightforums.com. I didn’t use as many YouTube videos this time around.

I was surprised that I retained more information on this exam than on the last exam (901 study notes). Even though most of this is my own words, I ordered it by the 220-902 exam objectives and filled in the blanks.

You should know going into this that you won’t retain all industry knowledge at all times. I’ll happily admit I don’t have this entire page of notes memorized. What’s more important is taking notes and knowing where to look when you need to recall something or fix an issue.

Treat these notes as a review. You should be shaking your head yes as you go through these notes. Learn and retain as much of the concepts as possible. There’s no shortcut to being an IT pro. Put the work, and do great.

Let me know how you do. Good luck!

Section 1: Windows Operating Systems

1.1 – Microsoft Operating Systems

Overview of Windows Vista

  • Released 1-30-2007, 5 years after XP
  • Features:
    • Upgraded GUI
    • Integrated search functions
    • Aero defines how the Windows and UI look and feel (same with 7)
  • Emphasis on security, UAC added
  • Home Use
    • Home Basic: No AD or Aero
    • Home Premium: DVD burning, more games
  • Ultimate
    • Bitlocker included
    • Language packs
    • Video background
  • Work Use with Vista Business
    • AD
    • Encrypting files
    • RDP
    • Supports 2 CPUs
  • Enterprise
    • Bitlocker
    • Multilingual

Overview of Windows 7

  • Released 10-22-2009
  • Same HW and SW as Vista, increased performance
  • New Features:
    • Libraries
    • Homegroup
    • Pinned taskbar
  • Starter
    • Made for netbooks
    • No DVD drive
    • No Aero
    • No WMC
    • 32 bit, 2 GB RAM max
  • Home Premium
    • Aero
    • DVD
    • 64 bit
    • 16 GB ram max
  • Ultimate
    • Domain support
    • RDP
    • Encryption
    • Bitlocker
    • 64 bit
    • 192 GB ram max, same features as enterprise
  • Professional
    • Same features as Home Premium
    • Domain support
    • RDP
    • EFS
    • No bitlocker
    • 64bit
    • 192 GB ram
  • Enterprise
    • Sold only in volume license

Overview of Windows 8

  • New Features:
    • New UI
    • New start menu
    • 8.1 was an update, but same OS
    • Modern UI (Metro) replaces Windows Aero in 8 / 8.1
  • Core
    • Very basic
    • 32 and 64 bit
    • Account integration
    • Windows Defender
  • Pro
    • Similar to 7 Pro / Ultimate
    • Bitlocker
    • EFS (full disk and file)
    • Domain support and group policy
  • Enterprise
    • Large volume license
    • Applocker
    • Windows to go
    • Direct access
  • Physical Access Extension (PAE)
    • PAE allows 32 bit OS to use more than 4 GB of ram
  • Nx processor bit – protects against malicious software
  • Streaming SIMB Extension 2 (SSE2) – instructions used by 3rd party SW and drivers

Windows Features

  • 64 bit can run 64 and 32 bit programs
  • Drivers must match OS bit
  • 64 bit installs 32 bit apps in one folder (program files/x86) and 64 bit in another folder (program files)
  • Windows Aero
    • Only in Vista and 7
    • Enhanced UI
    • Allows switching between apps
  • UAC – User account control
    • Limits software access
    • Asks for admin password
  • Bitlocker
    • Protects entire drive, including the OS
    • Stays on HDD in case it’s stolen
  • Volume shadow copy – backup entire volumes while OS is running, even open file
  • System Restore
    • Go back in time on OS to fix issues, not good for virus/malware
    • Accessories / System tools / System restore
  • Sidebar / gadgets
    • Vista had sidebar
    • 7 has gadgets that can go anywhere
    • Gadgets were discontinued for vulnerabilities
    • Windows 8 started using Apps instead of gadgets
  • Ready Boost
    • Cache to RAM instead of HDD
    • Can be stored on flash memory
    • Plug in compatibility
  • Compatibility Mode
    • Run app as an old OS
    • OS pretends it’s an older version
  • Windows XP mode (XPM)
    • VM on Windows 7 through Windows Virtual PC
    • Not supported on any OSs anymore
  • Windows Easy Transfer
    • Migrates files and settings for XP / Vista / 7 /8
    • 8.1 only transfers files, no settings
  • Admin tools
    • In the CP
    • Computer management / Services / Memory tools
    • Basic tool set for admins and advanced users
  • Windows Defender
    • Anti-malware in Vista / 7
    • Antivirus also in 8 / 8.1
    • Also called Windows Security Center
  • Windows Firewall
    • Allow or disallow certain traffic
    • Prevents malware
  • Security Center
    • Vista  (called action center in 7 / 8 / 8.1)
    • Security overview of AV, updates, etc.
    • Monitors both security and maintenance tasks
  • Event Viewer
    • Shows everything going on
    • Info, warnings, critical events, log events
  • Control Panel
    • Category view and classing view (everything in alphabetical order)

Windows 8 / 8.1 Features

  • Pinning
    • Put apps on task bar
    • Right click then pin to taskbar
  • Onedrive
    • Cloud service in OS
    • Stores files and settings
  • Windows Store
    • Central point for modern UI apps
  • Multimonitor taskbar
    • Multiple monitors with different taskbars
  • Charms
    • Shortcuts available at anytime
  • Powershell
    • Command line for sysadmins
  • Centralized account login
    • Syncs account with email

Windows File Structures and Paths

  • Storage Device Naming – letter followed by a colon (C:)
  • Files and Folders – just like physical folders
  • Folders can contain other folders
  • Folder names separated by backslash
  • C:\users\admin\documents\file.text
  • Windows Folders
    • \users: user documents
    • Important
    • Be sure to backup
  • \program files: all applications
  • \Windows: OS files

Windows Upgrade Paths

  • Upgrade
    • Keeps files in place
    • Much quicker
    • No install needed
  • Options
    • In place upgrading and clean install
  • Clean installs
    • Start over completely fresh install
    • Cannot upgrade 32 to 64 or 64 to 32
    • XP cannot install to 7
  • Windows anytime upgrade
    • Upgrade within the current OS
    • Very easy
    • Not available in Vista

1.2 – Installing Windows

Preparing For Windows Install

  • Make sure updates are current
  • Make room on HDD
  • Backup important data
  • Installation sources
    • CD
    • DVD
    • USB
    • PXE network boot
    • Netboot (MAC)

Type of Installs

  • In place upgrade
    • Saves apps and settings
  • Clean install
  • Image – deploy a clone on every computer
  • Unattended – answers questions asked during install
  • Repair install
    • Fixes OS problems
    • No file changes
  • Dual Boot – 2 OS’s on one computer
  • Recovery Partition – hidden partition with install files
  • Refresh / Restore
    • Windows 8 feature
    • Built into OS
    • No install media needed
  • Disk Partitions – separates  physical drive into logical pieces
  • Volumes – formatted partitions with file systems (NTFS, fat32)
  • First step when preparing disk – partition needs to be compatible with Windows (MBR or GUID)

MBR Partition – Masterboot Record

  • Primary
    • Contains OS bootable file
    • Marked as active when booted
    • Max of 4 primaries per disk
  • Extended
    • Extends max number of partitions
    • One extended per disk
    • Partitions inside extended not bootable
  • GPT partition
    • GUID partition table
    • Latest, requires UEFI
    • Up to 128 primary partitions

File Systems

  • FAT – File allocation table
    • One of the first PC file systems
  • FAT32
    • Larger (2 TB) volume sizes
    • Max file size of 4 GB
  • exFAT
    • Microsoft flash drive system
    • Files can be andgt;4 GB
  • NTFS
    • NT file system
    • Started in Windows NT
    • Improvements included quotas, file compression, encryption, large file support, and recoverability
  • CDFS – CD file system
    • All OS’s can read the CD
  • Ext3 – 3rd Extended
    • File system
    • Used in Linux
  • Ext4 – 4th Extended
    • Update from Ext3
    • Used in Linux and Android
  • NFS – Network File System
    • Access drives as if they were local

Storage Types

  • Layered on top of partition and file system
  • Basic Disk Storage – in DOS and Windows, partitions cannot span across separate physical disks
  • Dynamic Disk Storage – span across multiple disks to make
  • One volume (RAID)
  • Quick Format – new file table, overwrites existing file table
  • Full Format – overwrites and writes zeros to all data
  • Checks disks for bad sectors

1.3 – The Windows Command Line

  • Not all users can run all commands
  • Need permissions

Type help + command or [command]/? to get info

Close cmd with exit

  • Diskpart – change existing volumes
  • Format – erases everything in a partition
    • Example – format C:
  • CHKDSK –  CHKDSK /f – fix errors found on disk
    • CHKDSK /r – finds bad sectors and recovers readable info
    • If volume is locked, run during startup
  • DIR – lists files and directories
  • DEL – removes file
    • Example – del [filename]
  • MD – make directory
  • CD – change directory
  • RD – remove directory
  • COPY /V – verifies files are written correctly
  • COPY /y – suppresses overwrite prompt
    • Example – copy [filename][drive] /y
  • XCOPY – copies files and entire directory trees
    • Example – xcopy /s Documents E: (E being destination)
  • ROBOCOPY – a better xcopy, can resume copy if errors occur
  • TASKLIST – manage tasks from cmd
    • Show current processes
  • TASKKILL – terminate process
  • SFC – scan integrity of all protected file systems
    • /scannow – repairs files
  • SHUTDOWN – shut down PC
    • /s or /r = shutdown or restart
  • EXPAND – expands folders

Managing Group Policy

  • Manage PCs in an AD domain
  • GP updated at login
  • GPUPDATE – force a GP update
  • GPRESULT – view policy settings for a computer or user

Windows Recovery Environment Command Prompt

Preboot Command Prompt
  • Can be very dangerous, make it a last resort
  • Can fix issues before the OS starts
  • Able to modify system files
  • Enable or disable services
  • Able to create or modify partitions
  • Start by booting from install media (choose troubleshoot on Windows 8)
Master Boot Record (MBR)
  • Not located in a partition
  • Knows all other partitions, master list
  • Knows location of active bootable partition
  • Problems with MBR
    • Error loading OS
    • Missing OS
    • Invalid partition table
  • Fixing MBR
    • bootrec /fixmbr – fixes MBR on physical drive
Partition Boot Record
  • Also called volume boot record
  • Problems – Invalid partition table
  • Fix – bootrec /fixboot
Rebuilding Boot Config Data
  • Bootrec /rebuildbcd
  • Creates a new boot configuration data store

1.4 – Windows Operating System Features

Windows Administrative Tools

  • Computer Management
    • Pre-built Microsoft Management Console
    • Shows events, users, accounts, storage management
  • Device Drivers
    • OS does not know how to talk to hardware
    • Drivers are found in device manager
  • Local users and groups
    • Admin is the super user, has all permissions
    • Regular users and guest accounts
    • Users can be put into group
  • Local Security Policy
    • Large companies manage this through AD
    • Standalone computers need local policies
    • Password policies can control length, complexity, expire time length
  • Performance Monitor
    • Gathers long term statistics
    • Creates reports
    • OS metrics such as disk usage, memory, CPU usage
  • Services
    • Running in background
    • No user interaction (such as AV, file indexing, etc.)
    • Useful when troubleshooting startup
    • Many services start up automatically
    • Control
      • net start
      • net stop
  • Task Scheduler
    • Schedule and app or batch file
    • Includes pre-defined schedules
  • Print Management – manage and configure printers and drivers
  • Memory Diagnostics – check memory modules for read / write errors
  • Windows Firewall and Advanced Security
    • Stateful firewalls – remembers the state of traffic going through it
  • Windows Firewalls
    • Integrated into the OS
    • Has fundamental firewall rules
    • Based on apps, no detailed control
    • No scope or IP range, all traffic applies
    • No connection security or rules
  • Advanced Security
    • Inbound / outbound rules
    • Connection security rules
    • Set rules by program / port
    • Can use pre-defined or custom rules

Using Windows System Configuration

  • Msconfig
    • Manage boot process, startup apps, services
  • General tab
    • Normal startup – loads all normal programs
    • Diagnostic startup – loads basic services
      • Step up from safe mode
    • Selective startup – you choose what starts
  • Boot tab
    • Set different configurations
    • Advanced options
      • Set number of CPUs
      • Max memory
    • Boot options
      • Safe boot
      • Remove GUI
      • Create boot log
    • Services tab
      • Enable / disable services
      • Easier to manage, check / uncheck services
    • Startup tab
      • Manage which programs start automatically at log in
      • Moved to task manager in 8/8.1
    • Tools tab – easy to access popular admin tools

Using Task Manager

  • Task manager contains real time statistics (CPU usage, memory, disk)
  • Windows 7
    • Applications tab – apps running on desktop
    • Processes – interactive and system tray apps, other user processes
      Performance – shows historical usage
    • Networking – see performance of each network adapter
    • Users – see what they are doing, send messages, log off
  • Windows 8 / 8.1 – apps, processes, and services are all on one tab
    • Users – shows separate processes, performance stats

Using Windows Disk Management

Used to Manage Disk Operations
  • Disk status – Healthy, healthy and at risk, initializing, failed
  • Failed Redundancy – failed RAID 1 or 5
  • ReSyncing – RAID 1 is syncing data between drives
  • Regenerating – RAID 5 is recreating itself based on parity bit
  • Mounting Drives – extend the available storage space, can be a folder
  • Makes it so you do not need another drive letter
  • Can set up a RAID 1 mirrored volume
  • Storage Spaces – storage for data centers or clouds
  • Multiple tiers, administrator controlled
Windows Migration Tools
  • Migrate – moving all files and settings
  • Upgrade Adviser (Windows 7) – checks software and hardware is compatibility with OS
    • What to do to preserve data and functionality after Windows 7 upgrade
  • Upgrade Assistant (Windows 8) – check software and hardware compatibility with OS
    • Checks compatibility for in-place upgrades (7 / 8)
  • Migration Methods
    • Side by side
    • 2 PCs, transfer from one to the other
  • Wipe and Load
    • Export data
    • Wipe PC
    • Install OS
    • Move data to new OS
  • Windows 8 / 8.1 – use OneDrive cloud to save files and settings
  • Windows Easy Transfer
    • Transfers all user info, docs, app settings, videos pics, not the actual apps
    • Supports side by side and wipe and load
  • User State Migration Tool
    • Can be used on any upgrade
    • Included with automatic install kit (AIK)
  • Used at command line, in large enterprises
  • Can migrate a large quantity of machines
  • 2 step process:
    • 1: scan state – compiles and stores data
    • 2: load state – loads on destination PC

Windows System Utilities

  • Run Line – start an app as a command
  • CMD – very powerful, can do anything with right permissions
  • Regedit – Windows registry editor, huge master database
    • Drives, services, security account manager, backup
  • Services.msc – shows background apps running
    • Useful for troubleshooting startup
    • Services can reveal dependencies on others
  • MMC – Microsoft Management Console
    • Build your own management framework
    • Decide what utilities or “snap ins” you want
  • MSTSC – Microsoft Terminal Services Client
    • Remote Desktop connection utility
    • Common for “headless” machines
  • Notepad – view and edit text files
  • Explorer – file management, copy, view, or launch files
  • MSinfo32 – Windows system info
  • DXDIAG – direct x diagnostic tool
    • Manage direct x installation
  • DEFRAG – disk defragmentation
    • Moves file fragments so they are contiguous
    • Not needed with SSD’s
  • System Restore – go back in time to an earlier working configuration
    • Does not resolve virus or malware issues
  • Windows update – keeps OS up to date
    • Can be automatic
    • Can select download and not install option

1.5 – The Windows Control Panel

Internet Options

  • Make changes to IE
  • General – homepage, history settings
  • Security
  • Privacy – cookies, popup blocker, anonymous browsing
  • Connections – VPN or proxy settings
  • Programs – default browser, plug ins
  • Advanced – detailed settings and reset

Display

  • Resolution, color, depth, refresh rate

User Accounts

  • All local user accounts, change account settings

Folder Options

  • Manage Windows explorer
  • General – expand folders
  • View – hide files, hide extensions
  • Search – search options, searching non-indexed

System

  • PC info, OS version and edition
  • performance – virtual memory
  • Remote settings – remote assistance and RDP
  • System Protection – system restore

Windows Firewall

  • Integrated into the OS
  • Protects from attacks

Power Options

  • Customize power usage
  • Sleep – saves power, quick startup
  • Switches to hibernate if power is low
  • Stores open apps in memory
  • Hibernate – open apps and docs are saved to disk
  • Common on laptops
  • No power is used during hibernation

Programs and features

  • Install / uninstall apps
  • Can also enable / disable on Windows

Homegroup (7 and 8)

  • Easily share files and devices
  • Network settings must be set to home network
  • Single password for everyone

Devices and Printers

  • See everything on network
  • Quicker and easier than device manager

Sounds

  • Configure output levels

Troubleshooting

  • Automates most common issues
  • May require elevated access

Network and Sharing Center

  • All network adapters (wired and wireless)

Device Manager

  • List devices and drivers
  • Add / remove hardware

1.6 – Windows Networking

Workgroups

  • Logical group of network devices, non centralized
  • Every device is standalone and everyone is a peer
  • All on a single subnet

Homegroups

  • Share files with everyone else on the homegroup
  • Works only on a private network
  • Network settings must be set to home or private
  • No homegroups on Vista
  • 7 has home network
  • 8 has private network

Domain

  • Business networks, centralized authentication
  • Manage all devices from one central point
  • Supports thousands of devices on multiple networks

Windows Network Technologies

Network locations in Windows 7
  • Home – everything is trusted
  • Work – can see other computer but cannot join homegroup
  • Public – you are invisible
Network Locations in Windows 8
  • Private – similar to home, everything is trusted
  • Public – No sharing or connectivity
Remote Access
  • Remote Assistance
    • One time remote access
    • Single use password
    • Can be used through a firewall
  • Remote Desktop Connection
    • On going access
    • May have to open ports
Proxy Settings
  • Can change the traffic flow
  • Is an internet go between
  • Defines an address and exceptions
Network Shares
  • A folder accessible by anyone on the network
  • Assign a drive letter to the network share
  • Shares ending in $ are hidden
Printer Shares
  • Similar to sharing folder, add a printer in Windows explorer

Establishing Windows Network Connections

  • Network and sharing center found in the Control Panel
  • VPN Concentrator – decrypts the encrypted data to the destination
  • Windows has a built in VPN
  • Multifactor Authentication – something you know, have, or are
  • Dial Up Connections – uses a modem connection, standard phone line
  • WiFi – 802.11 is the WiFi standard
  • SSID – Service Set Identification which is the network name
  • WWAN – Wireless Wide Area Network – connects to cellular data

Configuring Windows Firewall

  • Windows firewall should always be on, only turn off for troubleshooting
  • Settings – public and private
  • Block all incoming connections – ignores exception list
  • Modify Notification – notifies if app is blocked
  • Traffic can be allowed / blocked by program name or port number
  • Windows firewall has pre-defined exception

Windows IP Address Configuration

  • Windows gets IP address automatically through DHCP
  • DHCP – Dynamic Host configuration Protocol
  • Used to automatically assign private IP addresses
  • APIPA – Automatic Private IP addressing (169.254.1.0169.254.254.255)
  • Only used if DHCP is unavailable
  • Does not have any Internet connectivity, non-routing
  • Static Address – addressed you assign manually
  • IP Address – Unique identifier
  • Subnet Mask – Identifies what the subnet is
  • Gateway – The route from the subnet to the rest of the Internet
  • DNS – Translates names to IP addresses
  • Loopback Address – 127.0.0.1

Configuring Network Adapter Properties

  • Properties – Link speed and Duplex need to match (autonegotiation)
  • Wake on LAN – computer will sleep until needed
    • Good for late night software updates
  • QOS – Quality of service, used to prioritize network traffic
    • Apps, VOIP, video, all devices must support QOS
  • DSCP Classification – Differentiated Service Code Points Classification
    • Allows Windows to change packets
    • Managed through policy or group policy
  • Network adapters can be enabled / disabled in BIOS

1.7 – Windows Preventive Maintenance

  • Scheduled Backups
    • Can be hourly, daily, weekly
    • Must specify what you want backed up onsite and offsite
  • SMART – used to avoid hardware failures and look for warning signs
  • Logical and physical disk checks – in Windows used CHKDSK
  • Scheduled Defrag – setup a weekly schedule, not needed for SSDs
  • Windows Updates – security patches, drivers, features
  • Patch Management – allows you to manage updates, many  patches
  • Drivers / Firmware – some updated more than others, some automatic
  • AV – keep it up to date
  • Windows Backup – backup/restore individual files
    • Can also do images and recovery discs
  • Cloud took over in Windows 8

Section 2: Other Operating Systems and Technologies

2.1 – Mac OS and Linux

Best Practices for MAC OS

  • Scheduled Backups
    • “Time Machine” Included in MAC
    • Hourly backups, daily, or weekly
    • Starts deleting oldest data when disk is full
  • Scheduled Disk Maintenance
    • Disk Utility – rarely needed
    • Other utilities can run during
    • Used to verify disk, run as needed
  • System Updates
    • Updates can be found in the app store
    • Can be automatic or manual
    • Both OS and app updates
  • Driver / Firmware Updates
    • Done in background, almost invisible
    • System information is detailed hardware list
  • Antivirus / Antimalware
    • Not included in MAC OS, 3rd party app
    • MAC is not as attacked as Windows

Best Practices For Linux

  • Scheduled Backups
    • Can use a CLI or GUI
    • TAR – tape archive, easy to script schedule
    • RSYNC – sync files between storage devices
    • Instant or scheduled
  • Disk Maintenance
    • File systems require little maintenance
    • Check file system
    • Clean up disk space from log files
  • System Updates
    • CLI tools, apt-get and yum
    • GUI updates also
    • Used of patch management, can be scheduled
  • Driver/Software updates
    • Many drivers are in the kernel
    • Updated whenever the kernel updates
    • Additional software updates can be done yourself
  • Antivirus / Antimalware
    • Not as vulnerable as Windows
    • Clam AV – open source, same update practices

MAC OS Tools

Time Machine
  • Used for backups, auto and easy to use
  • MAC takes local snapshots if time machine is unavailable
Image Recovery
  • Build a disk image in disk utility
  • Creates an apple disk image file (.dmg)
  • Mount on any MAC os system
  • Appears as a normal system file
  • Restore in disk utility
Disk Utility
  • Manage disks and images
  • Verify and fix file systems
  • Erase disks, modify partitions
  • Manage RAID, restore image to volumes
  • Create, convert, and manage images
Terminal
  • CLI, used to run scripts
Screen Sharing
  • Integrated into the OS
  • Can be used with virtual networking computing
  • Available devices in Finder or access them by IP
Force Quit
  • Stop an app from executing
  • Command + option + escape or hold option + right click

Linux Tools

Backups
  • May be built into OS
  • GUI – backup / restore, scheduling
  • CLI – TAR and RSYNC
Image Recovery
  • Not as many options as Windows
  • DD – Date Description
    • Built into Linux and very powerful
  • Creates an image of the entire drive
  • 3rd party – GNU parted, clonezilla
Disk Maintenance
  • Linux file systems do not require much maintenance
  • Clean up logs, logs are stored in /var/log
  • File System check – sudo touch /forcefsck
Terminal
  • CLI for OS
Screen Sharing
  • Can have screen access from remote device
Closing Programs
  • Use terminal, sudo gives admin privileges
  • Killall can be used to stop program
    • Example: sudo killall firefox
  • xKill – graphical
  • kill – kill individual program

MAC OS Features

  • Mission Control – Quickly view everything that is running
  • Spaces – multiple desktops running
  • Keychain – password management
    • Passwords, notes, certs, etc.
    • Integrated into the OS
    • Encrypts password with 3DES
  • Spotlight – finds files, images, apps, or searches the web
    • Similar to Windows search
  • iCloud – integrates all MAC OS’s and files
    • Shares across system (calender, photos, contacts)
    • Backs up your iOS device, integrated into OS
  • Gestures – customize what happens on trackpad
    • Swipe, pinch, click one finger, two fingers, three
  • Finder – OS file manager, similar to Windows explorer
  • Remote Disk – use an optical drive from another computer
    • Designed for copying files
    • Made for data CDs, not music or video
    • Setup in system preferences
    • Can set up to share with Windows
  • Dock – fast and easy access to apps
    • Dot underneath icon indicates the app is running
    • Folders can be added to Dock
  • Boot Camp – dual boot into Windows or MAC
    • Not the same as virtualization
    • Managed in boot camp, install partitions, drivers, etc.

Basic Linux Commands

  • Man – manual, help
    • Man grep
  • SU / SUDO – gives elevated rights, stands for superuser do
    • SU – become super user instead of typing SUDO every time
    • Exit to go back to regular user
    • SUDO – used to run a single command as a super user
  • LS – list directory contents, similar to dir in Windows
    • Lists files and directories, may support color coding
    • Blue = directory
    • Red = archived file
    • Ls -l = long output
  • Grep – find text in a file, search through many files at once
    • Grep File
    • Grep stuff.log
  • Cd – change directory, use forward slashes instead of backslashes in Windows
    • cd/var/log
  • Shutdown – similar to Windows shutdown command
    • Run as SU, time is in minutes
    • Sudo shutdown 2
    • Restart – sudo shutdown -r 2
    • Ctrl-c to cancel
  • PWD – print working directory, displays current working directory path
    • Passwd – change a user account password
    • Passwd username
    • Can change other use password if SU
  • MV – move a file or rename a file
    • Move – Mv source destination
    • Rename – Mv /first.txt ./second.txt
  • CP – copy a file
    • Cp source destination
  • Rm – removes a file or directory
    • Rm file.txt
  • Mkdir – make a directory or create a folder for file storage
    • Mkdir pile
  • Chmod – changes mode of a file system object
    • Chown – change a file owner or group, modify file settings
    • Sudo chown owner:group file
    • Sudo chown user stuff.txt
  • Iwconfig – view or change wireless network configuration
    • Change the essid, frequencies, channel, mode, rate
  • Ifconfig – view or configure networking info
    • Ip, subnet, similar to ipconfig on Windows
  • PS – view all current processes and process IDs (PID)
  • Apt-get – advanced packaging tool, install update or remove
    • Sudo apt-get install wireshark
  • Vi – visual mode editor, full screen editing with copy, paste, and more
    • Vi filename
    • Vi text.txt
  • Dd – convert and copy files, backup and restore an entire partition

2.2 – Virtualization

  • Ability to run multiple OS’s on a single desktop
  • Host based Virtualization
    • Virtual box, running on one main OS
  • Enterprise Level
    • Standalone machine that hosts VMs
  • Hypervisor
    • Software that is able to create the VMs
    • Manages the physical hardware
  • Emulation
    • Trying to run the app as if it is the required OS
    • Virtualization is the actual OS
  • Resource Requirements
    • CPU must support virtualization
    • Intel : Virtualization Technology (VT)
    • AMD: AMD-V
    • Memory must go above host requirements
  • Network Requirements
    • VMs share IP with physical host
  • Uses NAT to convert to the host IP
  • Uses a private IP inside the VM
  • Bridged Network – VM is its own device on network
  • Private address – Can only communicate with other VMs

2.3 – Cloud Computing

4 Characteristics

  • Rapid Elasticity
    • Scale up and down as needed
    • Seamless to everyone
  • On Demand Self Service
    • Adding resources is easy
    • Virtualized
  • Resource Pooling
    • All computer power located in one place
    • One large instead of several small resources
  • Measured Service
    • Cost and use are closely tracked

Software as a Service (SaaS)

  • On demand software
  • No local installation
  • Program is managed by someone else (email, payroll)
  • Your data is stored elsewhere (Gmail)

Infrastructure as a Service (Iaas)

  • Using someone else’s hardware
  • You are responsible for management and security
  • Your data is elsewhere but you control it (web hosting providers)

Platform as a Service (PaaS)

  • No server, no software, no HVAC
  • Someone else handles the platform, you handle the product
  • You do not have direct control of data, people, infrastructure (salesforce.com)

Cloud Deployment Models

  • Private – your own virtualized local data center
  • Public – available to everyone on the Internet
  • Hybrid – mix of public and private
  • Community – several organizations sharing resources

2.4 – Network Services

Web Server

  • Responds to browser requests
  • Uses standard protocols
  • HTML, HTML5
  • Web pages are stored on a server
  • Web pages are downloaded to the browser
  • Pages can be static or built dynamically

File Server

  • Stores all types of files
  • Standard system of file management
  • Windows uses SMB apple used AFP

Print Server

  • Connect a printer to a network
  • Uses standard printing protocols (SMB, LDP)

DHCP server

  • Assigns IPs automatically
  • Enterprise DHCP servers are redundant

DNS Server

  • Converts names in IP addresses
  • Distributed – load balanced on many servers
  • Managed by ISP or enterprise IP department

Proxy Server

  • Intermediate server, client makes requests to proxy
  • Proxy performs the actual request from there
  • Proxy provides result back to the client
  • Features – caching, access control, content / URL filtering

Mail Server

  • Incoming / outgoing mail
  • Managed by ISP or IT dept

Authentication Server

  • Login authentication to resources
  • Centralized management
  • Always on enterprise networks, not usually home
  • Usually set of redundant servers so it’s always available

IDS / IPS

  • Intrusion detection system / Intrusion Prevention System
  • Intrusions – exploits in OS, apps, etc
  • Buffer overflows, cross-site scripting, and others
  • Detection – alarm or an alert for intrusion, does not stop
  • Prevention – stops it before it gets into the network

All-in-one Security Appliance

  • Can be called next generation firewall
  • Unified Threat Management (UTM)
  • Web security gateway
  • Examples – Firewall IDP/IPS, router, switch, spam filter

Legacy Systems

  • Really old stuff
  • Be aware if important service is running on legacy systems

Embedded Systems

  • Purpose built device, usually no access to OS
  • Example – alarm system

2.5 – Mobile Operating Systems

iOS

  • Based off of Unix
  • Closed source
  • Apps developed with software developer kits (SDK)
  • Apps must be approved by Apple

Google Android

  • Based off Linux
  • Open source
  • Apps are on Google play or 3rd party sites

Windows Mobile

  • Microsoft OS
  • Closed source
  • Based on Windows NT kernel

Device Displays and Technologies

  • Calibration
    • Older resistive touchscreens require calibration periodically
    • Modern touchscreens do not
  • Accelerometer – motion sensor and detects orientation
  • Gyroscope – detects pitch, roll, and yaw
  • GPS – created by DOD
    • Over 30 satellites in orbit
    • Precise navigation requires at least 4 satellites
    • Determines location based on timing differences
    • Location services use GPS, WiFi, and cell towers
  • WiFi Calling – uses VOIP technology
  • Virtual Assistant – talk to phone to get assistance (Siri)
  • Production and Development Models
    • iOS developed on MAC OSx
    • Linux
  • Android – apps developed on Windows, MAC OSx, Linux
    • Apps distributed in Android app package (APK) format
  • Windows – apps developed in Windows 8.1 visual studio
  • Wireless Emergency Alert – similar to SMS, no cost
    • Works on all mobile OSs

Mobile Device Payments

  • Can be used with SMS
  • Charge to mobile account (apps)
  • Mobile web payments from browser
  • NFC

2.6 – Mobile Connectivity

  • Baseband Radio Processor
    • Communicates with the mobile provider
    • Has its own firmware and memory
    • Firmware updated over the air
  • PRL updates (preferred roaming list)
    • Used on CDMA networks (Verizon and sprint)
    • Allows phone to be connected to correct tower
  • PRI updates (product release instructions)
    • Radio settings (ID numbers) network and country codes
  • IMEI – International Mobile Station Equipment Identity
    • Identifies the physical mobile device
    • Every phone has a different IMEI
    • Can be used to allow / disallow access
  • IMSI – International Mobile Subscriber Identity
    • Identifies the user of a mobile network
    • In the SIM card
  • Wireless networks
    • Enable / disable data WiFi and Bluetooth independently
    • iOS – settings / cellular
    • Android – settings / wireless and network settings
    • Windows – settings / WiFi
  • Bluetooth – is a Personal Area Network (PAN)
    • Range of 10 meters
  • Tethering – phone is a WiFi hotspot, uses carriers internet
  • Airplane Mode – turns off all radios
  • VPN – turn phone into a VPN endpoint
    • Integrated into OS
    • May support multifactor authentication

Configuring Email on Mobile Devices

  • Retrieving Email – POP3 and IMAP
  • Sending Email – SMTP
  • POP3 – downloads email to local client
    • May delete email from mail server (TCP/110)
  • IMAP – Access mail on a central mail server
    • Mail is stored on the server (TCP/143)
  • Network ports – defined by the mail provider
    • May not be 110 or 143
    • SSL settings
      • POP3S – TCP/995
      • IMAPS- TCP/993
  • SMTP – sends email from device to server
    • Must send mail from a local or trusted server
  • Microsoft exchange – enterprise email, contacts, calendar, and reminders
    • Able to sync with a mobile device
  • S/MIME – secure/multipurpose Internet mail extensions
    • Encrypts and digitally signs emails

Provider Email Delivery

  • Gmail – IMAP and POP3
  • Yahoo – IMAP and POP3
  • Outlook – IMAP and POP3
  • iCloudmail – IMAP only

2.7 – Mobile Synchronization

  • Syncing is used for many types of data (contacts, programs, emails, pics)
  • Syncing to desktop – needs minimal memory but lots of storage space
  • iOS – iTunes syncs everything from phone so it can transfer to another
  • Android – syncs online with Google or can use 3rd party to sync locally
  • Windows phone – Windows app with sync media but not email or contacts

Cloud Syncing

  • All wirelessly, may be integrated with email
  • iOS – syncs all data to iCloud, good for backup and recovery
  • Android – syncs to Google
  • Windows – syncs to Microsoft account

Synchronization Connections

  • iOS – USB to 30 pin (older) or 8 pin lightning cable
  • 802.11 wireless or mobile network
  • Android – USB micro or wireless

Section 3: Security

3.1 – Security Threats

Malware

  • Malicious software
  • Can gather info, such as keystrokes
  • Can install a bot
  • Collective bots are called a Botnet
  • Used for extortion
  • Viruses and worms can be malware

Spyware

  • Malware that watches you
  • Usually tricks you into installing it
  • Captures web browsing habits
  • Can be a keylogger

Viruses

  • Malware that can reproduce itself through network file systems
  • May or may not cause issues, can be invisible or annoying
  • AV must be updated regularly, there are new viruses everyday and current signatures do not catch everything

Worms

  • Malware that self replicates through the network
  • Can take over many PC’s quickly
  • Worms can also be good, can fix issues by spreading

Trojan Horse

  • Software that pretends to be good, but is actually a virus
  • Better trojans can avoid or disable your AV

Rootkits

  • Can be invisible to the OS, won’t see in task manager or services
  • Modifies your core system files, part of the kernel
  • Can be named something similar to a common Windows file

Ransomware

  • Data is held hostage
  • OS will work but data is encrypted
  • Must pay the bad guys for encryption key
  • Usually untraceable but that is shifting

Phishing

  • Form of social engineering
  • Fake web pages to get your login, password
  • Always check the URL when logging in

Spear Phishing

  • Targeted and sophisticated phishing

Spoofing

  • Pretending to be someone you are not
  • Mac spoofing – changing mac to look like one on network
  • IP spoofing – changing IP to look like one on network
  • Spoofing is used in many DDOS attacks

Social Engineering

  • Suspicious phone calls
  • Unattended devices
  • Tricking you into giving info

Shoulder Surfing

  • Watching what someone is doing
  • Easy to do in public or walkway
  • Can be done from afar with binoculars

Zero Day Attacks

  • Many vulnerabilities in apps not found yet
  • Patches do not exist yet
  • Bad guys try to find before good guys patch them

DDOS

  • Launch an army of computers to bring down a service
  • Uses all the bandwidth or resources, traffic spike
  • Bad guys use botnets – thousands or millions of PCs at your command
  • Attackers are zombies, most have no idea their computer is a bot

Brute Force

  • Keep trying to log in until password is guessed
  • Online – very slow, most accounts will lock out after so many attempts
  • Offline – obtain the list of users and hashes, calculate

Dictionary Attack

  • Only using well known words to brute force

Non-Compliant Systems

  • Constant challenge, always changes and updates
  • Standard Operating Environment (SOE) – set of tested and approved hardware and software systems
  • OS and App updates – must have patches to be in compliance, OS and AV

Tailgating

  • Use someone else to gain access to a building
  • Follow them in directly behind

Man-in-the-Middle Attack

  • Traffic goes to man in middle
  • He acts as a faux proxy and forwards to destination
  • You never know the traffic was redirected
  • Example – ARP poisoning
  • Avoid by encrypting the transmission of your data

3.2 – Security Prevention Methods

  • Door Access Control
    • Conventional key and lock
    • Deadbolt – physical bolt
    • Electronic – keyless, RFID badge
    • Token based – magnetic swipe card,  key fob
    • Biometric – hand, finger, retina
  • Mantraps
    • One door on each side of the room
    • All doors unlocked, but opening one locks the other
  • Securing Physical Items
    • Safes – heavy, difficult to steal
  • Cable Locks
    • Temporary security
    • Connects hardware to something solid
  • Privacy Filters
    • Screen looks black when walking by
  • Badges and Entry Roster
    • Security guard
      • Physical protection
      • Validates identity
    • ID Badge
      • Picture, name, other details
      • Many include RFID chip

Digital Security Prevention Methods

Antivirus / Antimalware
  • Software the runs on the PC
  • Must keep updated as it’s usually signature based
Host Based Firewall
  • Also called a personal firewall
  • Included in many OSs, can be 3rd party
  • Windows Firewall filters by port, app, etc.
  • Stops people from accessing PC from outside the network
  • Only allows communication if you have started it
Network Based Firewall
  • Filters traffic by port number TCP / UDP layer 4
  • Can encrypt traffic in and out of the network
  • Can proxy traffic as well
  • Most firewalls can be a layer 3 device (router)
User Authentication
  • User name and password to gain access
  • Identifier – every Windows account has security identifier
  • Credentials – password, pin, smartcard
  • Profile – info stored about the user (name, contact, group)
Strong Passwords
  • Weak passwords can be easy to brute force
  • Hashed passwords can be brute forced online
  • Complexity and constant refresh
Multi Factor Authentication
  • More than one factor
  • Something you are, have, know, or do
  • Can be expensive, separate hardware tokens
  • Can be cheap or free smartphone apps
Directory permissions
  • NTFS permissions – much for granular than FAT
  • Lock down access
  • Prevent accidental mods or deletes
VPN Concentrator
  • VPN – encrypts private data traversing on public network
  • Concentrator – encrypt and decrypt access drives
  • Can be hardware or software
Data Loss Prevention (DLP)
  • Stops unencrypted data from leaking
  • Can be built into the firewall
Access Control Lists (ACL)
  • Permissions associated with an object
  • Used in file systems, network devices, OS etc.
  • List Permissions
    • Carl can read files
    • Sprinkly can access network
    • Chris P can access network 192.168.1.0/24 using 80 and 443
Disabling Unused Ports
  • Stop anyone from plugging into your network
  • Does not just rely on 802.1x
  • Required periodic audits
Smart Cards
  • Contains a digital certificate
  • Multiple factors: card + pin or fingerprint
Email Filtering
  • Unsolicited email / spam stopped at gateway before it reaches users
  • Scan and block malware executables
Trusted/Untrusted Software Sources
  • Consider the source
  • Must not have access to the code
Trusted Source
  • Internal apps
  • Well known publishers
  • Digitally signed
Untrusted Source
  • Apps from 3rd party
  • Links from emails
  • Drive by downloads
Security Awareness
  • All policies on intranet so everyone can see
  • In person training sessions
  • Company policy for visitors
  • How to deal with viruses procedure
  • Network Policies
    • Govern network use
    • AUP
    • All rules signed
  • Principle Of Least Privileged
    • Only have rights required for job
    • Applies to physical and digital

3.3 – Windows Security

  • Accounts
    • Admin – super user
    • Guests – limited access
    • Standard user – regular access
    • Power user – not much more control than standard
  • Groups
    • Assign group of users with certain permissions
  • NTFS Permissions
    • Apply to local and network connections
  • Share Permissions
    • Apply only over the network
    • Most restrictive settings using both deny and allow
  • Explicit Permissions
    • Set default permissions for a share or object
  • Inherited Permissions
    • Set a permission and applies to everything under current folder
    • Explicit permissions take priority over inherited
  • Administrative Shares
    • Hidden Shares created during installation
    • Local Shares are created by user
    • View Shares – computer management > shares
  • Authentication
    • Username and password + others
  • Single Sign On (SSO)
    • Windows domain
    • Provide credentials once
    • Managed through kerberos
  • Run as Administrator
    • Additional rights and permissions
    • Can edit system files and install services
    • Right click + run as administrator
  • Bitlocker
    • Encrypts entire volume of data including the OS
    • Bitlocker to go
      • Encrypts USB flash drives
  • Encrypting Files Systems (EFS) on NTFS
    • Password and username to encrypt key

3.4 – Security Best Practices

  • Password Complexity
    • No single words or obvious passwords
    • Strong password, at least 8 characters
    • Set password expiration and require change
  • Password Expiration
    • All passwords should expire
    • Critical systems could expire more often
    • Recovery should have a formal process
  • Desktop Security
    • Require a screensaver password
    • Disable auto run, disabled in the registry
    • No autorun in 7 / 8 /8.1
    • Consider changing autoplay (Flash drive)
    • Have all security patches
  • Passwords
    • Change all default usernames and passwords
  • BIOS
    • Supervisor / admin password to prevent unauthorized hardware configuration changes
    • User password – prevents booting
  • User Permissions
    • Not everyone should be an admin
  • Groups
    • Assign rights to group
    • Add users to group
  • Login time restrictions
    • Only able to log in during work hours
  • Disabling Unnecessary accounts
    • Disable guest account if not needed
    • Only some accounts run services
    • Disable interactive logins
    • Change default names and passwords to prevent brute force
  • Account Lockout
    • Too many wrong passwords
    • Can prevent brute force attacks
  • Data Encryption
    • Full disk or file system
    • Removable media
    • Backup keys may be integrated into AD
  • Patch and Update Management
    • Built into the OS, update utility
    • Many apps include updater

3.5 – Securing Mobile Devices

  • Screen Lock
    • Fingerprint, face recognition, swipe pattern, passcode or pin
  • Too many fails
    • iOS – erase all data after 10 attempts
    • Android – locks device and requires a Google login
    • Windows – delays next attempt or factory reset
  • Locators
    • Built in GPS
    • Able to find phone on a map
    • Central control
    • Able to wipe phones
  • Remote Backup
    • Backup to cloud
    • Restore with a tap
  • Antivirus / Antimalware
    • iOS – equipment less vulnerable
      • Not as many vulnerabilities for malware to exploit
    • Android – more open, apps can be installed from anywhere
      • Easier for malware to find a way in
    • Windows phone
      • Closed environment
      • Apps run in a sandbox
  • Patching / OS updates
    • Security updates
    • Don’t get too far behind
  • Multifactor Authentication
    • Something you are, know, have, do, etc.
    • Biometric Authentication (something you are)
    • Authenticator Apps, random token generator
  • Full Device Encryption
    • Phone keeps the key
    • iOS8 and later – data encrypted with passcode
    • Android – encryption can be turned on
    • Windows phone 8 / 8.1
      • Available with Exchange Activesync
      • Also available with mobile device manager
  • Trusted vs Untrusted Source
    • Do not install APK from untrusted source
    • iOS – all apps are checked by the app store
    • Android – Google play checks apps but 3rd party apps are not
    • Windows – apps are created by Microsoft
  • Firewalls
    • Mobile phones do not include a firewall
    • Most activity is outbound, not inbound
    • Mobile firewall apps are available

Policies and Procedures

  • BYOD – Bring Your Own Device
  • MDM – Mobile Device Manager
    • Centralized management of mobile devices
    • Set policies for data storage, camera usage
    • Other various settings for device control
    • Manage Access Control – require pins or passcodes

3.6 – Data Destruction and Disposal

Physical Destruction

  • Never to be used again
  • Shredder, tools, electromagnet, fire

Certificate of Destruction

  • Done by 3rd party
  • Gives confirmation it was destroyed
  • Paper trail of when it was destroyed

Disk Formatting

  • Low Level Format – app or tool provided by factory
  • Not possible by user on their own
  • Standard / Quick Format
    • Sets up a file system
    • Clears master file table
    • Creates a boot sector
    • Can still be recovered

Standard Formatting

  • Overwrites every sector with 0’s
  • Available in Windows Vista and later
  • Cannot recover data

Hardware Security

  • Always audit 3rd party destruction
  • File level overwrite
    • Sdelete – Windows sysinternals
  • Whole drive wipe
    • DBAN – Dariks Boot and Nuke
  • Secure data removal

3.7 – Securing a SOHO Network

SSID (Service Set Identifier) Management

  • Change default name to something unique
  • Disable your SSID broadcast

Wireless Encryption

  • Only people with password can transmit and listen
  • WEP and WPA are outdated and insecure
  • Use WPA2

Antenna Placement

  • AP’s close to each other should not be on same channel
  • Same channel will cause frequency overlap

Power Level Controls

  • Set as low as possible so people in house can access
  • Make it so no one outside can access

MAC Address Filtering

  • Limit access through physical address
  • Not foolproof, MAC cloning
  • Set up in WAP

WPS – WiFi Protected Setup

  • Easier to connect to WiFi
  • Uses a pin configured on the AP
  • Push button on the AP, NFC is used
  • Very easily hacked, not used on modern APs

Login

  • Change default username and password to something unique

IP Addressing

  • DHCP or static
  • IPs are easy to see on unencrypted network

Firewall Settings

  • Inbound
    • Allow only required traffic
    • Port forwarding to map ports to device
    • Consider a DMZ for certain systems
  • Outbound
    • Blacklist – allow all, block some
    • Whitelist – block all, allow some

Disabling Physical Ports

  • Disable unused ports to prevent access
  • Network access control – 802.1x controls
  • Cannot communicate unless authorized

Content Filtering

  • Control traffic based on content data
  • Can filter data for sensitive data
  • Can control inappropriate content
  • Scan against malware and viruses

Physical Access

  • Door locks
  • Biometrics

Section 4: Software Troubleshooting

4.1 – Troubleshooting Operating Systems

  • BSOD – startup and shutdown BSOD
    • Bad hardware, drivers, or app installation
    • Apple – pinwheel / beachball
      • Hang or constant retries by app
    • Fix – use last known good configuration or boot in safemode
    • Restore or remove hardware
  • Boot Errors
    • Can’t find OS
    • OS could be missing
  • Boot loader changed or replaced, multiple OS’s installed
    • Fix – check boot drive, remove any media
    • Startup repair,  command  bootrec /rebuildbcd
  • Improper Shutdown
    • Should recover normally
    • If not, launch startup repair option should fix most issues
  • Missing GUI
    • No login or desktop
    • Start in VGA mode and run sfc
    • Update the drivers in safe mode
    • 8 / 8.1 – repair or refresh

Startup Repair

  • Missing NTLDR
    • Main Windows bootloader issue
    • Run startup repair, check boot device
  • Missing OS
    • Boot configuration may be wrong
    • Run startup repair or manually configure BCD
  • Auto safe mode boot
    • Run startup repair
  • Linux
    • Missing GRUB
      • Grand Unified Bootloader, most common
      • LILO – Linux Loader, least common
    • Missing bootloader – could be overwritten by other OS

Starting the System

  • Device not starting
    • Check device manager and event viewer
    • Remove or replace driver
  • One or more services failed to start
    • Bad driver or hardware
    • Try manual start, check permissions
    • Check file systems, reinstall app
  • DLL – Dynamic Link Library
    • Code installed that many apps use
    • A shared library
    • DLL versions are very specific
    • Apps are written to a library version
    • Windows File Protection / Windows Resource Protection
      • Protects DLL versions to avoid conflicts
  • Files and Compatibility Errors
    • Files associated with apps
    • Configure file types to specific apps
    • Control Panel > Default Programs applet
    • Compatibility tab – run app as an older Windows app

Slow System Performance

  • Task Manager – check for CPU usage and input / output
  • Windows Update – keep patches and drivers updated
  • Disk Space – check for available disk space or run defrag
  • Laptops – confirm the laptop is not in power saving mode
  • AV / AM – scan for any infection
  • Kernel Panic
    • Unix, Linux, MAC OSx, similar to Windows BSOD
    • Stops all activity
  • Multiple Monitor Misalignment
    • Monitors not aligned
    • Mouse will not move easily between screens
    • Just drag the monitors into alignment
    • Can be fixed in Control Panel > Display > Screen Resolution

OS Troubleshooting Tools

  • BIOS / UEFI Tools
    • Built in diagnostics
    • Check for temps and current stats
  • SFC – System File Checker
    • Integrity scan OS files
    • Find and corrects errors
  • Logs – found in Windows event viewer and Boot logs
    • Windows
      • C:\windows\nbtlog.txt
    • Linux
      • Individual app logs
      • /var/log
    • MAC
      • Utilities > Console
  • CMD
    • Can accessed pre-boot
    • Gives you complete control
  • System Repair Disc
    • Boots and provides you with recovery options
  • Pre-Installation Environment (PE)
    • Minimal Windows operating environment
    • Used for troubleshooting and recovery
    • Can build your own PE
  • MSconfig
    • Enable or disable startup apps and services
  • Defragmentation
    • Modifies file fragments so they are contiguous
    • defrag
  • Regedit
    • Registry editor
    • Used to modify settings
    • Add, modify, delete keys
  • Regsvr32
    • Register and unregister DLLs
  • Event Viewer
    • See what is going on with apps, setup, security, settings
  • Options at Boot time
    • F8 to get to advanced boot options
    • Most recovery options are found here
  • Safe Mode
    • In advanced boot options
    • VGA mode
      • Low resolution, used for video driver issues
  • Uninstall / Reinstall / Repair
    • 8 and 8.1 includes a refresh option
    • Refresh option cleans out Windows without losing files

4.2 – Troubleshooting Security Issues

  • Popups
    • Could be legitimate or malicious
    • Have an updated browser and a popup blocker
    • If popups are not related to your browsing, scan for malware
  • Browser Redirection
    • Instead of an expected result, you end up elsewhere
    • Caused by malware, run a malware scan
  • Browser Security Alert
    • Security alerts and invalid certificates
    • Means something is not right
    • Check out details by clicking the lock icon
    • Could be an expired or wrong domain
  • Malware Network Symptoms
    • Slow performance, lockups, connectivity
    • Issues, OS update failures
  • Malware OS Symptoms
    • Renamed system files
    • Files disappear or become encrypted
    • Can change file permissions
  • System Lockup
    • Completely stops, toggle Caps Lock to see if OS responds
    • May be able to terminate bad apps with task manager
    • Check logs after restarting to see the cause
  • App Crashes
    • Apps stop working or just disappear
    • Check out the event log and the reliability monitor
    • Reliability monitor has history of app issues
  • Virus Alerts and Hoaxes
    • Rogue Antivirus
      • Fake, may include real logs
      • Wants to bill you
  • Ransomware
    • Asks for money or subscription for access to your PC
  • Email Security
    • Unsolicited email – spam, phishing, ads, malicious files
    • Hijacked email – infected PCs can become email spammers

Tools for Security Troubleshooting

  • AV and AM
    • Stops malware from running
    • Must keep signatures updated daily
    • Sometimes they are bundled together
  • Recovery Console or commandline
    • Very powerful
    • Filesystem access
  • Terminal
    • Commandline for MAC and Linux
    • Able to modify every aspect of the OS
  • System Restore
    • Create restore points, go back in time to correct problems
    • Does not guarantee recovery from viruses or malware
  • LVM Snapshots – Local Volume Manager
    • Just like Windows restore
    • Works very quickly
  • Pre-installation Environment
    • Minimal Windows OS environment
    • Used for troubleshooting and recovery
  • Event Viewer
    • Get info about security events and other happenings
  • Refresh and Restore
    • Windows 8 / 8.1
    • Refresh – reinstalls Windows but keeps files and settings in place
    • Restore – returns to a previous restore point
  • MSconfig
    • Safeboot minimal – loads GUI but no networking
    • Safeboot alternate shell – cmd with minimal services, no network
    • Safeboot active directory repair – safe mode with file explorer and AD
    • Safeboot:Network – uses networking

Best Practices for Malware Removal

  • Malware Symptoms
    • Odd error messages
    • Unusual icons or apps
    • Very slow
  • Quarantine infected systems
    • Disconnect from network to stop spreading
    • Isolate removable media
  • Disable System Restore
    • Malware can also infect restore points
    • Delete all the restore points you have
    • Disable system protection
  • Update AV
    • Keep signature and AV version up to date
    • Automate updates instead of doing it manually
    • Malware can prevent updates
  • Scan and Remove
    • Get a well known provider who consistently finds the bad stuff
    • Use standalone removal apps
  • Safe mode
    • Just enough services to get the OS running, bare minimum
    • May prevent the malware from running
  • Schedule
    • AV and AM automatically update signatures
    • Make sure OS updates are scheduled
  • Enable System Restore
    • Only do once the system is clean
  • Educate End User
    • One on one training
    • Visible posters
    • General security awareness

4.3 – Troubleshooting Mobile Device Applications

  • Dim Display
    • Check brightness settings
    • Could be a backlight issue
  • Wireless Connectivity
    • Intermittent – try moving closer to the AP
    • None – check WiFi setting, confirm correct key
    • Do a hard reset
  • Non-responsive Touchscreen
    • Apple – iOS restart, hard or regular
    • Android – remove battery and put back in
    • Hold the power and volume button
  • App Issues
    • Apps run slow or not loading
    • Restart the phone or close out of the app
    • Update the app
  • Unable to Decrypt Email
    • Built into corporate email systems
    • Each user has their own private key
    • Install individual private keys on each device
    • Done with the mobile device manager
  • Short Battery Life
    • Bad reception, always signal searching
    • Turn off unnecessary features
    • Battery could be aging
  • Overheating
    • Phone will automatically shut down if too hot
    • Check apps for CPU usage
    • Avoid direct sunlight
  • Frozen System
    • Hard or soft reset
    • If problem is ongoing, do a factory reset
  • No Sound
    • Check volume settings for the app and phone
    • Bad install or app in general, delete and reload
    • Try headphones or external speakers
    • Sound starts then stops – could be dueling apps
    • No sound no matter what – factory reset, load the latest software
  • Inaccurate Touch Screen Response
    • Close some apps, low memory
    • Restart the device
    • May require new digitizer or reseat cables
  • System Lockout
    • Too many incorrect password attempts

4.4 – Troubleshooting Mobile Device Security

  • Signal Drop or Weak Signal
    • Only use a trusted network
    • Never use public WiFi without a VPN
    • Speed test – cell tower analyzer and test
  • Power Drain
    • Heavy app usage, increased network activity
    • Check app before install, use app scanner
    • Run antimalware, factory reset and clean app install
  • Slow Data Speeds
    • Use a trusted WiFi network
    • Run a WiFi analyzer
    • Run a speed test
    • Examine apps for unusual activity
  • Unattended Bluetooth Pairing
    • Never pair a device that isn’t yours
    • Remove device and repair
    • Can just disable Bluetooth completely also
  • Locked Information
    • Determine cause of data breach with AV or AM
    • Do a factory reset
  • Unauthorized Camera or Mic Usage
    • AM scan
    • Factory reset
    • Install app scanner

Section 5: Operational Procedures

5.1 – Computer Safety Procedures

Managing Electrostatic Discharge

Static Electricity
  • Electricity that does not move, can be very damaging
  • Around 3500 volts
  • 100v is only needed to cause damage
Controlling ESD
  • Humidity over 60% helps
  • Use hand to self ground, metal case of PS works
  • Unplug PC from a power source
  • Do not touch components directly, card edges only
  • Use anti-static pad and wrist strap
  • Anti-static bags for components

Computer Safety Procedures

  • Remove all power sources before working on a device
  • Replace entire power supply versus trying to repair it
  • Equipment Grounding – diverts electrical faults away from people
  • Large equipment racks have a large ground wire
  • Do not use electrical grounding for static grounding

Personal Safety

  • Remove jewelry, neck or badge straps
  • Lift with legs
  • Use a cart when possible

Electrical Fire Safety

  • No water or foam
  • Carbon dioxide, FM-200, or dry chemicals

Cable Management

  • Tie together
  • Avoid trip hazard

Toxic Waste

  • Safety glasses and air filter mask
  • dispose of batteries at hazardous waste facilities
  • CRT glass contains lead
  • Recycle and reuse toner, ship toner back to company

Local Government and Regulations

  • Health and safety laws
  • Building and electrical codes

Environmental

  • Proper disposal of electronic components

5.2 – Environmental Controls

  • Disposal Procedures
    • Check your MSDS
    • MSDS – product and company info
    • Includes ingredients, hazard info, etc.
  • Environmental Controls
    • Temperature – devices need constant cooling
    • Humidity – 50% to 60% is good
    • Proper ventilation – helps circulate the heat
  • UPS – Uninterruptible Power Supply
    • Backup battery
    • Types
      • Standby – always a primary power, has backup batteries
      • On-line – always running off of the batteries
  • Surge Suppressor
    • Spikes are sent to ground
    • Noise filter removes line noise
    • Surge Suppressor Specs
      • Higher joules is better, more protection
      • High amp rating is good
      • Let through rating – less is better
  • Protection From Airborne Particles
    • Protects from dust, oil, smoke, etc.
  • Dust and Debris
    • Cleaning with neutral detergents, non-ammonia based
    • Use a computer vacuum, reduces static
    • Compressed air pump instead of canned air

5.3 – Dealing with Prohibited Activity

First Response

  • Identify issue – logs, in person, monitoring data
  • Report to proper channels
  • Collect and protect info on event

Documentation

  • Outline in security policy
  • Documentation must be available to employees
  • Detail as much as possible

Chain of Custody

  • Control evidence, maintain integrity
  • Avoid tampering, use hashes
  • Label and catalog, seal, store, digitally sign

Licensing

  • EULA – End User Licensing Agreement
    • Determines how software is allowed to be used
  • Closed source – source code is private
    • End user only gets the .exe file
  • FOSS – Free and Open Source Software
    • End user makes their own .exe
  • Digital Rights Management – DRM – electronic limits on use of software
  • Licenses – Personal – associated with the device owned by one person
    • Designed for home use, one time purchase
    • Enterprise – site licenses, can install everywhere, annual renewals

Policies

  • PII is part of privacy policy, determines how to handle PII
  • Security policies
  • Block or usage policies – block by URL, app, username, or group

5.4 – Communication and Professionalism

Communication

  • Communication skills are needed for troubleshooting
  • Avoid jargon, no acronyms or slang when helping customer
  • Translate technical terms for simpler terms
  • Avoid interrupting, listen to customers issue even if you know answer
  • Clarify customer statements
    • Ask questions to clarify customers issue
    • Repeat your understanding to customer
  • Setting expectations
    • Offer options (repair or replace)
    • State the cost and time frame
  • Document everything
  • Follow up for customer satisfaction

Professionalism

  • Maintain a positive Attitude, keep a positive tone of voice
  • Problems cannot always be fixed but do your best
  • Have a good attitude with the customer
  • Avoid being judgemental
  • No insults, you are the teacher
  • You also make mistakes
  • Goal is to make people smarter
  • Be on time and avoid distractions, no phone, no talking to others
  • The customer and their issue is your number one concern
  • Create an environment for conversation
  • Difficult situations
    • Do not argue or be defensive
    • Make easier by listening and asking questions
    • Communicate even if there is no update on progress
    • Never vent on social media
    • Don’t minimize problems, technical issues can be traumatic
    • Must be a tech and a counselor
  • Maintain confidentiality
    • Keep private info private
    • IT people have access to a lot of data
    • Be respectful with others personal info

5.5 – Troubleshooting Theory

Identify the Problem

  • Gather information
  • Get as much info and duplicate issue if possible
  • Identify symptoms, may be more than one
  • Question the end user
  • Determine any recent changes to environment

Establish a Theory

  • Start with the obvious, but consider everything
  • Make a list of all possible causes

Test the Theory

  • Confirm the theory, determine the next steps
  • Re-establish theory if it did not work
  • Call an expert for other ideas

Create a Plan of Action

  • Once theory is working, correct the issue
  • Some issues cannot be fixed curing regular hours
  • All plans can go bad, have a plan A, B, and C

Implement the Solution

  • Fix the issue
  • Escalate if necessary, may need 3rd party

Verify Full System Functionality

  • Confirm the solution solved the issue
  • Have the customer test and confirm also
  • Implement preventative measures

Document Finding

  • Don’t lose the knowledge
  • Consider a formal database

Conclusion

Whoo boy. That does it. Over 9K words of CompTIA A+ 220-902 goodness. Let me know what was easy for you and, of course, what you had trouble with.

Please sound off in the comments below if anything needs to be corrected or added.

Thanks, and good luck with the exam!

Update: If you’re interested in going further, the next certification that makes sense is the CompTIA Network+ exam. Head over to the N10-006 exam overview to read more. When ready for the exam, jump into the N10-006 exam study notes post to review your stuff. Study hard. This one is a bit longer and tougher!