1002

Started :

4/25/21
•

90 questions 90
,
minutes , 700 passing score (100-900)

1. 0 Operating systems -

271 .

Pg 3-12

2. 0
Security -24% Pg 13-19
3. 0 Software troubleshooting -
261 .

Pg 20-23

4. 0 Operational Procedures -
23%
Pg 24-28
 1. 1 Operating Types { Purposes
32 bit vs . 64 bit
think of lanes on more lanes > more traffic
highway more cars >
•

•
RAM limitations
-
32 =
up to 4GB ,
64 =
Over 4GB space
-

depends on OS
software compatibility
•

use version thats same bit as 05

Workstation 05
•
Microsoft Windows -
most popular, User friendly gui ,
not free
,

Apple Macintosh OS -
not free , not compatible w/ other hw , User friendly
•
Linux -

open source , free ,

gui or text based ,
diff flavors or distros
Cellphone / tablet 0s
share
•
Ms windows not really used anymore 32 bit not free 2.5% market
-

, , ,

•
Android google baby , most popular based off linux open source 32464 bit
-

, , ,

•
10s apple , based macos { darwin , not proprietary , 64 bit
-

•
Chrome OS google , not open source , web based app based linux 32464
-
, ,

render -

specific limitations
•
end of life
-

when they come out w/ a new cos thats better

•

Update limitations after

-

eoi

Computability concerns between OS

•
soft / hardware based
•
32 V5 .
64 bit
•
drivers for specific 05

1. 2 Features of Ms windows versions

windows 7
•
minimum requirements
-

CPU =
1GHz ,
H D= 16 -20GB , RAM =
I -2GB , graphics -
direct ✗ 9 W/ WDDM 1.0 higher
•

traditional windows style

windows 8 48.1
•
same min .
requirements
designed for touchscreen
•

better ARM support , not just for PCs

Windows 10
•
same min .

req .

•
Cortana
•

edge extensions -
browser extensions
•
Ink API -

stylus work in apps

corporate us . Personal needs

•

Domain access
domain vs workgroup
-

.
,
Dc and servers
•

Bit locker
-
for security , encrypts data ,
•

Media center
longer
-

no in windows 10
'

Branch cache
-

corporate needs for VPN

EFS
Encrypting File System
•
-

Desktop style / User interface

•
Windows 7 more traditional V1
•

Windows 8 more touchscreen oriented

'

windows 10 both

1.3 05 Installation { Upgrade methods

Boot Methods
•

modify boot options

•
boot from following :

Optical drive ,
external drive , network boot internal fixed drive ( HDB
,

internal hard drive (partition)

Types installations : of
•
unattended installation
•
dont need to be on -
site entire time
•
need device like thumb drive w/ answer file
•
In Place -

upgrade
•

not recommended
•
7 to 8 or 8.1 to 10

keeps all and data

settings
'

put in disk and run setup . exe

#
1.
Clean install
rebuild system
•
" "

removes all settings ! files from drive , reinstall 0s

•

if data stored on
separate drive works
great
 •

Repair installation
•

Something wrong w/
went OS
-

malware , bad install

-

Multi boot
dont want to use virtualization , multi boot
your system
•

Remote network installation

•
most prep work
need server to push an image to device
•

•
need a server in place for
addressing
-
BOOTP / DHCP ,
MAC > IP address

Image deployment
•

images can be used from different locations

•

deploy images locally w/ uh /attended installations

•

use windows Deployment server

,
windows ADK and
,
USMT
•
Use WIM file created and add own info

Recovery Partition
'

•
area of hard drive set aside to hold files that can be
Used to recover the 0s in event of a failure
#2.
Refresh / Restore
to the back into the condition it took it out of the
get system was when
•

you
box .
Uninstall { reinstall all apps and media
•

restore goes back to earlier build of

system

Partitioning
breaking
•
up a disk in a
logical manner , create spaces for OS , data

Dynamic
•

•
Can hold simple volumes , spanned mirrored , striped volume
,

preform disk { Volume manage . W/ 0 restart 0s

•
Basic
•
normal partition tables basic storage
-
-
basic disk
,
*only have 4
•
hold
primary / extended partitions logical ,
drives
primary partitions
Primary
•

houses and boot partition W/o this , not

system know how to boot properly
•
.

Extended
extended partition subdivised into
logical partitions
•

Logical
•

•
a volume created within an extended partition on basic disk
•

assigned a letter but cant hold 0s

 •
GPT
Guid •

Partition table
basic disk GPT partition style can have 128 partitions
using
•

File system Types / Formatting

•
EXFAT
-
extended file allocation table
•
flash drives that hold lots of data
•
FAT 32
•
4GB file limit size
•
OK for flash drive
-

NTFS
•

new technology file system

•

de facto for Ms 05
4 permissions
Compression encryption
•

•
CDFS
•

compact disk file system

put data CD
-

on
•
NFS
network file
system
•

access files over computer network

•

ext 3 , ext 4
•

linux file system

•
16GB -
16 TB
•

ext 4 hold
64,000 Subdirectories , ext 3--32.000
•

maximum ext 4 file system size IEB =

'

HFS
•

hierarchical file system for apple

•
Old , replaced by HFS& and now APFS
•

Swap partition
Swaps from HD to RAM to increase virtual memory
•

•
Quick format us full format .

full format on volume files youre formatting are removed to

•
-
-
scan

for bad sectors

•

quick format on volume format remove files but doesnt

= scan
*
only used if your HD has previously been formatted

Load alternate third-party drivers when necessary

•

when HD cant be found ,

load driver
during install so you
can use hardware
 Domain
Workgroup vs .
setup
of
•
workgroups are grouping systems to share resources
•
peer-to-peer networking ,
no centralized node

Domain of systems to share resources

groups
•

•
centralized system ,
client-server relationship
Factory Recovery partition
•
part of install process

Properly format
•
partition for { system
boot
0s / Upgrade path
compatibility
•
Windows 7 RTM =/ windows 10
7 SPI = 10

8 =/ 10
8 RTM =/ 10
8.1514 = 10

1. 4 Microsoft Command Line

Navigation
folder
dir
*
everything in
directory
• -

•
Cd -

Change directory
i
Cd . .
-

go back a level
•

IP config see network -

settings
*
Use tall for more details

ping test connectivity to remote end

•
-

Trace rt trace the path the packets take

•
-

•
netstat -
see all Tcp / UDP connections to our system
•

NS lookup -

see who authoritative DNS servers

Shutdown Options to shutdown restart * shutdown ? options

or
gives you
- -

dism -

deployment image servicing { manage .

-
Mount { Service windows images
•
Sfc -

System file checker scan for -

corruptions beforedeployme.int#
-

first run DIISM ,

then Sfc / Scan now
Chkdsk checks file for logical physical errors doesnt fix
system or
• -

diskpart manage - disk partitions ,

need admin Perm .

•
taskkill -

ends tasks or processes by image name or ID

tasklist ID
get process
• -

gp update group policy update be part of domain retrieve latest update

• - -

gpresult group policy result Shows Resultant set of policy tells what take
• - -

effect before it takes effect

 •
format -
prepares disk for use C :/ format d :

Copy Copy data from one location to next

• -

MOVE Moves file pfromatob pin % rectories

• -
;

' '"em

and dir , subdirectories a :b : is / e

✗ copy Copies files
including ✗
copy
•
-

robo options
copy replace ✗
copy w/
•
-
more
•

netuse -
connect , remove , config shared resources
•
net user -
add ,
remove user accounts
"
•
help / ? -
find any command
use to

commands available w/ standard priv . vs . admin priv

•

sometimes need elevated priv . to manipulate system

1. 5 Microsoft OS { Tools
computer management
for information
everything system mmc snap
in
•
-

right click start comp manag

•

, . .

Device manager
•
see how the hardware is doing
Local users and Groups
create users and
groups
•

Local
security policy
like but only for this machine
group policy
•

preform ance Monitor

•

See how your system

is
preforming
services
gives a list of running services system
•

on

system configuration Cms config)

Manage windows startup and boot options troubleshoot stability
•

and preform ance issues

Task scheduler
preform routine tasks automatically
•

component services
•

Config and administer COM components , Comte , DTC

Data sources
•

applications need connection to database and sources

manages database drivers

•

Print Management
local print jobs
manages on
system
•
Windows memory diagnostics
defected physical
memory BSOD , crashing freezing
•
-

windows Firewall /defender

•

filters traffic coming in / out of your system

Advanced security
-

set rules for Windows defender

Event viewer
Where can see logs system /security / application
•

you ,

user acc .

management
•

Users and domain

Ms config
•

System config Gen , .

,
boot , services
Task
manager
app processes preform ance , networking users
•

, , ,

Disk management
•

drive status mounting , initializing , , extending partitions splitting , part.

assign / change drive letters , adding drives /arrays storage , space

disk related can do in elevated Cmd prompt
everything
•

system utilities :
reg edit make changes to
system registry
• -

•
Command -
takes to command prompt
•
Services . Msc -
takes you to services MMC snap -
in

MMC Microsoft management console

•
-

MSTSC sets up remote desktop connection

•
-

notepad built in utility simple word processing

-

explorer manipulate files 4 folders in Windows environment

•
-

Ms info 32 -
all Sys . info about current device youre on
•

DXDiag -

diagnostic tool test DirectX function . and troubleshoot video or

sound related hardware problems

•
Disk Defragm enter rearrange fragmented disk -

System restore revert to previous software registry

-

, ,
and driver configuration
•
windows update
1. 6 Windows Control Panel
Internet options
Connections advanced
security general privacy programs
-

, , ,
, ,

Display / settings
resolution , refresh rate , color depth
•

user accounts
create local accounts
•

Folder options
hidden files hide extensions view options general
•

, ,
,

system
•
pre for Mance , remote settings system protections
,

Windows Firewall
-

windows defender firewall

Power options
•
hibernate , power plans ,
Slee / suspend , standby
credential manager
•

place for username / Passwords

Programs features
•

What is installed on
system
Home
group
•

only in windows 7
•

group of PC 's on home network that can share files { Printers

Devices and Printers
all peripherals connected to Pc
•

Troubleshooting
good place to start

Network and
sharing center
•
Subnet mask , adapter , VPN
Bitlocker
based
encryption hardware encryption
•

,
 1. 7 Application install { Config
System Requirements
Drive space have enough space for partitions
• -

RAM make sure have enough

you
• -

05 Requirements
•

Compatibility
Methods for installation and Deployment
10cal (RD / OSB) all files are local
• -

Network based retrieve files through direct

• -

link or
browsing

client /
1. 8 Windows Networking on
desktop
Home group V5 .

Workgroup
•
home group protected w/ password
Workgroup just have to be on network
•

Domain setup
•

can log onto domain from across the world

need a domain
•

controller somewhere on infrastructure

Network share
•
set up a network to share data
hidden shares made by Administrative shares
•

map a drive to pull down every time reboot

you
•

Printer sharing us Network printer mapping .

printer sharing is very popular

•

•
network printers connected directly to network w/ IP & NIC { drivers

proxy settings
behalf , filter out questionable websites
Working on
your
•

config system to use

proxy server
•

Remote Assistance
get an invitation so
you can remote desktop and Use their PC
•

Home us Work . us . Public network

•
Public network has more rules

Alternative IP address
Control panel > Network and Internet
>
> Network connections
Network card properties
half duplex send / relieve at
•

time -

any
•

Full duplex go both ways -

•
Auto -
let it decide (both sides need to be Auto)
LAN have Nlc wake comp up
Wake on
.
-
•
 1. 9 Features of Mac Osh Linux
Scheduled Backups
network / Cloud { test
Copy files onto EHD or
•

Patch management
third party apps •
to help
Anti-virus
•
macs still need anti virus / malware
-

Restore snapshot
Migration Assistant
•

Disk maintinance Utilities

•

On Linux -
du -

disk space , df -
see free space ,
fsck check { repair disk
-

multiple desktops
•
On Mac , Mission control =
multiple desktop
Remote disk
•
access remote CD/DVD in another machine
Boot camp
•

multiboot on Mac hardware Quiz questions :

Linux commands
subn-et.IS
workgroups require same

list (dir)
COPY
-
MAC Of files - Time Machine

Search for expressions in text g. , ,

grep
• -

Cd -

Change directory
Shutdown Shut off
system
• -

Pwd print working directory

• -

•
passwd -

Changes password
•
MV -
rename and move file to another directory
•

Cp -

copy
•

rm -
remove (deletes files
chmod Change file perm
•
-
.

Chown Change file owner

•
-

•
1W Config / if config network/wireless settings -

PS list of currently running processes

-

SU / Sudo -
starts a new shell as a new user
-

Sudo runs as administrator

•

apt -

get
-

download files from a repository to update

Vi -
Stare the visual file editor
•
dd copies blocks of data from
-

one file to another

•
Kill -

Stop a process w/ PID #

2. 1 Physical Security Measures

Mantrap
•
between 2 Security areas , like Sandy house from Spongebob
Badge reader
•
RFID or NFC to scan a badge
Door lock
card swipe , biometric , proximity lock , punch code
-

key code ,

Hardware token
•

One time password that correlates w/ server

server lock
•

lock servers in a rack

USB lock
•
dont want anyone to use USB

Privacy screen
•

other ppl cant see your screen

2. 2 Logical Security Concepts

Active
Directory
windows , directory control
•

organization
login script Folder redirection Domain Group policy / updating Home folder , a ' unit
•

, , , ,

software Token
•

multi factor authentication , system sends extra code to login

MDM Policies
•
mobile device management
One stop shop for mobile devices
managing
•

Whos responsible for backups , data ownership , device update /Maintinence

•

Port Security
netword ad mins control who physically plug into
•

switch
What happens once violation has occurd shutdown or blocking
•
-
state
MAC Address Filtering
great line of defense for network /System admires
•

•
Who has access to network based on hardware address
Digital certificate
•
Use to authenticate yourself
-

verifies web is secure { authenticates

Anti-virus / Anti-malware
•

always have this

prevents them
•

helps you
find and
get rid of viruses and
against
Firewalls
•
filters traffic coming in /out of a network Cor )
pc
-

Hardware firewall actual device -

,
software firewall -

built into OS
packet Stateful Application layer , NGFW WAF
filtering
•

. , ,
web firewall
layer 3 {
Source Where it block content combines app
attack
destination came from de packet all 3 protects web

User authentication / Strong password

•

passphrases longer more complex

,
" "

Change often dont use same diff acc

•

, on .

Muti factor Authentication

do
Something you know have , are
•

, ,

Directory permissions
•
access control list
•
need permissions to access smthng
VPN
allows use private network
•

by a tunnel .

physically run on internet

backbone
Data Loss Prevention ( DLP )
•
how we keep unauthorized data from leaking or
escaping
Access control List
•
Access control entries ( ACE ) to determine who has access to object
Email Filtering
•
UTM ,
DLP NGFW,
 2. 3 Wireless security { Auth .

Protocols and Encryption

•
WEP -
not rec ,RC4 .

Algorithm ,
IV weakness
•

WPA -
Wifi protected access , better against IV attacks , use TKIP
•

WPAZ -
current , best system , use CCMP w/ AES
TKIP Temporal Key Integrity protocol rotation of keys
•
-

,
•
AES Advanced
-

Encryption standard Sy metrical encryption ,

Authentication
Singlefactor , multi factor
•

•
Radius server dial in access , auth , centralized
- server talk to access point
-
UDP ,
2 factor
•

Tacacs -
Access control Service , more secure , Central manage for auth config .

TCP , 3 profiles

2. 4 Preventing Malware Tools

Malware (malicious software )
Ransome ware take lock data for
money
-

or
-

Trojan gain package

-
access , to look like legit program
Keylogger -10g Keystrokes
•

•
Rootkit -

kernel level , control everything

-

virus -

replicate , attached to file

Botnet Send commands to multiple systems (zombie)
• -

worm package all together crawl through system

• -

,
•

Spyware way -
for advertisers to
spy on
you and benefit from it . evolved now
Tools and methods capture data
•
Anti -
virus

Anti-malware
goes against younger malware
-

console / Backup Restore

Recovery backups saved
•
-

End user education -

teach everyone what to look for

•

Software Firewalls -
filter out some traffic

DNS configuration DNS compromised , not actual website verify DNS t static ARP
•
-
.
 Social
2. 5 Engineering ,
Threats Vulnerabilities
,

Social Engineering
phishing trying to get you to click on things
• -

Spear phishing goes after specific individuals

•
-

Impersonating pretending to be someone else

- -

Shoulder surfing looking over someones shoulder

-
-

Tailgating walking in after someone

• -

Dumpster Diving looking through trash for sensitive info

•
-

DDOS -
Distributed service Denial of
•
attacker → command handler → multiple zombies → victim
DOS -
denial of service

system overloading
one another system
-

Zero Day -

antivirus cant protect , never

you dont know about it seen before
•
.

Man -
in -
the -
middle
between communication stream to get your data that youre sending
'

Brute-force
•
tries
every password combination
to
guess
Dictionary
•

Using common words as password guessing

Rainbow Table
to
Comparing hashes reverse
engineer
'

spoofing
•

Using someone else s IP , Mac , DNS or

anything else pretending to be them digitally

2. 6 Windows security settings

users and Groups
•

Admin Power ,
user ,
guest .
Standard user
standard
beyond
not admin

NTFS vs . Share permissions

•
have to give both

Allow us deny
•

shared Files and Folders

•
admin shares vs . local shares
•

permission propagation
inheritance
System files and folders
•
hidden for security or deletion
SSO -

single sign on
sign on
only and have to
once access
everything else
•

Run as Admin vs . Standard

Standard user until need token to make change admin
you a as
•

Bit Locker

encryption
•

tied to Trusted Platform Module chip on Mb

EES -

encrypted file system

•

Used to
encrypt a bunch of files , w/ NTFS ,
transparent public key

2. 7 Secure a workstation
Password best practice
•

Strong passphrase
-

pass expiration 60-120 days -

more complex longer expiration
,

Screensaver required password

'

BIOS / UEFI password

Account Management
•
restrict user perm .

logon time restrictions -

M F -
6am -

7pm -
from Cmd line
•
disable guest acc
•
failed attempts lockout Account - lockout in local Sec .

policy
•
timeout / screen lock
default admin user / Pass cant be locked out
change
• -

Basic Active Directory functions

account creation / deletion /disable
•

password reset /
-
Unlock account

Disable Auto run

automatically CD / USB horrible for
run
security
•

Data Encryption
•
data at rest ,
on HD ,
needs to be
encrypted
•
data in transit also needs to be encrypted
2. 8 Mobile Devices
Securing
Methods of securing mobile device
•
Remote wipe
-

Locator Application
•
Remote backup application
•

failed login attempts restrictions

•
Antivirus / Anti-malware
patching / 05 updates
•

Biometrics authentication
Full device
encryption
•

•
Multi factor authentication
•
authenticator applications
•
Trusted sources vs. Untrusted sources
-

Firewalls
•

policies { procedures

2.9 Data Destruction { Disposal

physicaldest-rut.cn
-

Shredder
•

grinds devices into particles

•
Drill / Hammer
-
WACK WACK

Electromagnetic ( Degaussing)
•

move bits of data from device

•

Incineration
•
Hot Hot Hot
-
Certificate of destruction
-
Send them off and get certificate

Recyclingorrepurposing
•
low level format - us .
Standard format
factory format vs
everyday format
'

Overwrite
•
write a bunch of 0 's and 1 's (binary)
•
Drive wipe

drive w/ format command but data could still be present

wiping
•
 wired {
2.10 Security wireless
Networks

Wireless Specific
Change default SSID router name
•
-

Set encryption -
WPAZ personal us . enterprise
auth on router doesnt have pre shared key ,

auth on server

•
disable SSID broadcast
•
Antenna and access point placement
-

Radio power levels -

broadcasting at 100% , very congested

•
WPS -
Wi fi
-

protected setup dont -

use -
number to connect devices

change default username d. Password

hackable
Change to something only you know default easily
•
,

Enable MAC Filtering

black or white list MAC addresses
•

,
be tricked w/ spoofing
static IP Addresses

dynamic static w/ DHCP ?

'

or

done w/ either WAN or LAN on WAN the ISP might overwrite you
,

Firewall settings
•

Usually built into most devices ,

white / blacklist
Port Forwarding
•

run web server from private IP , forwards it to specific port inside system
* minecraft Java server
Content Filtering /Parent controls
•

can monitor or filter .

Set time of
day restrictions
Update Firmware
-

little peice of software for specific device that tells it how to function

Quiz questions :

✗ YOU cannot block inheritance from parent folders in windows = FALSE

✗ Permission propagation allows you to restrict permissions on child objects =

FALSE
*
patching and updates can come from various renders _- TRUE
 3. I Troubleshoot Windows OS

com-monsympt-ms.SI 0W Preform once

-
malware , not enough system resources , disk highly fragmented ,

too many background processes , hard drive too full , update in

background
•
Limited connectivity
far from AP or atenna interference power issues
•

, ,

•
Failure to Boot / no 05 found
hardware issue no 0s bad driver HD not prop formatted wrong
•

, , , .
,
Boot device

master boot record or Boot config data corrupt or missing

•

Application crash
-

Bad update new install hardware , poor app creation malware

•
, , ,

blue screen CBSOD)

-
hardware , driver , overheating
•

black screen
•
hardware monitor / mb , driver ,
overheat, labeling , power
•

printer issues
•
not installed wrong driver, permissions , Cabe / ing jamed
, ,
offline
•
Services failed to start
•

not set to start auto , driver ,

malware , dependencies arent starting
•

Slow Bootup
too many start processes Hardware ,
-
malware , boot time scan , update install
,

•
Slow profile load
from domain , too AD
loading roaming profile many logon scripts through
•

active directory

commo-E-ins.DE fragment the Hard drive

puts place to faster
•

everything in one run

•
Reboot
•

Always
•

Kill task
•
Kill Specific process
 •

Restart services

.sc in Cmd
-

update network settings

-
IP Config / release :/ renew
'
Reim age / Reload 05
Use recovery partition
-

Rollback updates /device drivers

-
bad update , paused or poor wifi
•

Apply updates
patch bug { vulnerabilities
•

Repair Application
•

if keeps crashing
•

Update boot order

-

no 05 ,
make sure cables plugged in
Disable windows services / applications
disable starting at boot
•

, Task Manager
•

Disable Application Startup

Task Manager disable app from starting @ boot
'

, up
•

Safe Boot
Change
•

Driver , F8 function
•
Rebuild windows profile

something corrupt
-

3. 2 TS & Resolve PC Sec . Issues

COMMptrns
•

Pop -
ups
•
a window w/ an ad that
gets you to click on
something
-

Browser Redirection
lets you that leaving the
know
youre webpage
•

Security alerts
•

anti virus -
or anti-malware alerts
•

Slow preform once

-

malware , botnet / Zombie

•

Internet connectivity issues

DHCP / DNS Mi TM
rogue
-

,
 •

PC /OS lockup / application crash

-
Malware ,
deletion of files
-05 Update Failure
Update
-

legit copy of Windows OS didnt update

, properly , Sec . admin didnt push out

Rogue Anti-virus
•

letting things run ramprd while the anti -

virus is
telling you its safe
•

Renamed system Files

doesnt happen w/o admin control , malware , rootkit

•

Disappearing Files
•

'

Malware , rootkit, login compromised infected ,

USB
•

Hijacked Email

responses from users regarding email

spoofing
-

Invalid certificate trusted Root CA)

credentials incorrect, domain name on Cert
wrong
•

3. 3 Malware Removal
1.
Identify and Researching malware symptoms
Whats going on to make you think you have malware ?
-

missing files , renamed files , slow , missing objects

2. Quarantine infected
system
•

Take off network first , unplug cable

•

make sure malware doesnt spread

3. Disable System Restore
dont •
save state that has malware on it

4. Remediate infected system

update anti-malware , scan and remove
-

,
install scanner in safe mode

5. Schedule scans and runs updates

Make sure doesnt come back run scans daily AYAM updated daily
-

,
,

6. Enable system Restore and create restore point

put •
date and time incase
7. Educate end user

•
What to do , what not to do ,
not IT people ,
what to look for
 3. 4 Mobile 05 App issues

Ctmmonsymptoms
•
Wireless connectivity
battery too low
•

•
Cant broadcast ext monitor
•
wireless int 05 graphics card , cable , extended or duplicate screen in settings
, ,
-

Apps not
loading
need network connectivity , malware
-

Unable to decrypt email

incorrect
key bad certificate , wrong algorithm
•

,
•
Frozen system
•
Overheated ,
Overuse ,
Malware, bad update, app hanging
-
NO sound from speakers
•
water , driver issue , bluetooth paired ?
•

App log errors

•
connect to computer, stored on phone

3.5 Mobile 0s App security issues

•

Signal drop / weak signal

•
interference , too far from cellular tower , battery level
•
Unintended Wifi connection
dont connect to any open
-

access point AP 's that ISP

, control = bad
•

Leaked personal files / data

physical security , pass compromised Unintended bluetooth / wifi
-
,

•
Data transmission over limit

rogue app malware

•

Unauthorize location app

rogue app malware
•

High resource utilization

•

malware app havent restarted phone in a while

rogue
•

, ,

Quiz questions :

Cmd line tool allows to pause ,

stop or start service = SC exe .

airplane mode will keep bluetooth from

pairing
4. 1 Types of Documentation

Network Topology diagram

Logical network topology

Knowle de base / articles

-
Self serve
-

online
library of info abt product , topic ,
etc .

Incident documentation
document from beginning date / time who reported , when noticed , who took report
'

, ,

triage steps / first responder steps taken , resolution lesson learned

,

Regulatory and compliance policy

•
different regulations you need to follow

Acceptable use
policy
-

What you can and cant do , administrative control

password policy
•
how the password should be

length min pass age , pass history complexity Max

passage
-

, , ,

Inventory management
asset tags barcodes track inventory
•

, ,
4.2 Basic Change Management
Documented Business Processes
•
a business is a
group of interrelated processes .

Companies have repeatable processes , documentation is crucial guide for employees

purpose of change management

CM team follow apply to drive individual trans
•

Sequence of steps that .

and ensure project meets intended outcomes

scope of the change
•
how big is
change ,
what will it affect , who involved , snowball ?
Risk Analysis BAD
"

something happening is it worth it does change intro

probability of extra risk
•

, ,

how are we handling risk? mitigation transfer acceptance avoid

• -
, , ,

Plan for change

•
Who and what impacted
•

communicate to stakeholders
End-user Acceptance
communication is
key training important
-

change Board
•

A board that approve or reject the change

Back out Plan
•

help in bad event , make a plan

Document changes
Document everything
•

4. 3 Disaster Prevention d. Recovery

Backup and Recovery
image level
everything
, backed up , 0s files , Applications
,

File level . backup just files and data

Critical application something business has to have
your
•

Backup testing
Make sure backup is
working
•

UPS
•

Uninterruptible power supply

Cloud storage us . local storage backups
•

local backups quick , Cloud backup best if physical damage

Account Recovery options
•
Active directory ,
off site domain controller synced up
 4. 4 Safety Procedures
Equipment Grounding
electricity grounded so no shock
•

•
antistatic bag ,
ESD Straps / mats , self grounding
Toxic waste handling
•
Take to recycle center
•

battery toner , , CRT , cell phone, tablet

Personal safety
disconnect power before
opening up , remove jewellery lift tech , weight limit ,
•

elec fire cable air filter

safety ,
management safety goggles , ,
mask

Compliance W/ Government Regulations

•
OSHA

4.5 Environmental Impacts

MSDS document for handel ing
•
Material Safety Data Sheet basic info , on chemical product
HOW to handle it safely
•

Temp , humid level awareness

•
have proper ventilation . humid low 45 -55% but not ESD encouraging low

Power surges ,
brownouts ,
blackouts
•
have UPS / surge protector Backup services . . Generators

4. 6 Addressing Stuff
Incident Response
First report data /device preservation
response identify
•
-
,
,

'

Use of documentation / documentation changes

Chain of evidence /
custody tracking documenting
•

process
-

Licensing / DRM / EULA

•
Open source us . Commercial license , Personal license us .
enterprise license

End User
•

Digital Rights Management ,

License
Agreement
Regulated Data
PII personally Identifiable info Stuff abt you
•
- -

Pcl / Dss
payment card industry how youu protect credit cards
• -
-

•
GDPR General Data protection regulation if you resell data
-
-

PHI protected health info HIPPA but w/

payment
• -
-
 4. 7 Professional communication
•

Use proper language

•
Dont talk above them

Try to use bunch of

•

not
acronyms
•

dont use slang

maintain positive attitude
•

•
have confidence

actively listen , no interruption

•

be culturally sensitive -
use titles Sir dr .

be on time -
let them know
•

Avoid distractions dont , look at phone , have convo , dont talk w/ coworker

Dealing w/ difficult customers or situations

>

dont be defensive dont be dismissive dont be judgemental

argue
-

, , , ,

clarify their statements -

open ended questions , dont disclose exp on social

media
-

Set and meet expectations /timeline { communicate status

•
deal appropriately w/ customer sensitive material

4. 8 Basics Of Scripting
Script File
Types
-
bat -
batch file w/ dos -
execute Comm at cmd (Cmd .
)
exe

•
PSI -

powershell script -

Management scripting tool

•

Sh -

Shell executable for linux

Py Python files Object oriented

-

•
JS -
javascript functions , to open close windows
-
Vbs -
Visual basic script ,
AD folders move
copy files
environment variables
•
Variables defined for current shell ,
inherited by child shells
pass info into processes
'

comment syntax
add comments for
why
•

Python # Javascript -11 Batch files

•

rem
-
-

Basic script constructs

•
Basic 100ps -
if then loop ,
do while loop

Variables
"

hello world
defining temporary for data
"
•
-
holders ✗=
•

Integers -
Whole # 's ,
+ or -

, start at 0
•

Strings -

Sequence of characters as constant or variable

4. 9 Remote Access Technologies
RDP
-

remote desktop protocol , looks like were

sitting at another system
•

3389
Telnet
•
remote
connectivity to config switches ,
routers , plain text , txt based
•
23 -

un secure

SSH
•
secure shell secure
,
telnet
•
22 authentication = 21

Third tools
party
•
screen share feature ,
file share ,
PUTTY

4.x quiz
:

chain of custody to document evidence

PCI , Sox , HIPAA =
regulatory policies