From 10de90430cf7ce2157fa825c2f147f9b03719b61 Mon Sep 17 00:00:00 2001 From: Ken Patmonk Date: Thu, 11 Jun 2026 20:17:44 -0500 Subject: [PATCH] Initial Core 2 study project --- .gitignore | 7 + MEMORY.md | 333 +++++++++++++++++ README.md | 33 ++ SCHEDULE.md | 93 +++++ flashcards/OPS-flashcards.json | 137 +++++++ flashcards/TRB-flashcards.json | 234 ++++++++++++ lab-log.md | 18 + ...OPS-1-documentation-support-systems-lab.md | 42 +++ labs/OPS-10-ai-concepts-lab.md | 35 ++ labs/OPS-2-change-management-lab.md | 32 ++ labs/OPS-3-backup-recovery-lab.md | 36 ++ labs/OPS-4-safety-procedures-lab.md | 37 ++ labs/OPS-5-environmental-controls-lab.md | 38 ++ labs/OPS-6-policy-privacy-licensing-lab.md | 26 ++ labs/OPS-7-professionalism-lab.md | 34 ++ labs/OPS-8-scripting-basics-lab.md | 49 +++ labs/OPS-9-remote-access-lab.md | 40 ++ labs/OS-1-system-inventory-lab.md | 71 ++++ labs/OS-10-application-installation-lab.md | 96 +++++ labs/OS-11-cloud-productivity-lab.md | 76 ++++ labs/OS-2-recovery-info-lab.md | 64 ++++ labs/OS-3-admin-tools-lab.md | 76 ++++ labs/OS-4-command-line-lab.md | 87 +++++ labs/OS-5-os-filesystem-lab.md | 66 ++++ labs/OS-6-settings-lab.md | 75 ++++ labs/OS-7-windows-networking-lab.md | 74 ++++ labs/OS-8-macos-tools-lab.md | 69 ++++ labs/OS-9-linux-client-tools-lab.md | 89 +++++ labs/SEC-1-security-controls-lab.md | 86 +++++ labs/SEC-10-soho-network-security-lab.md | 119 ++++++ labs/SEC-11-browser-security-lab.md | 122 ++++++ labs/SEC-2-windows-security-settings-lab.md | 99 +++++ labs/SEC-3-wireless-security-lab.md | 92 +++++ labs/SEC-4-malware-response-lab.md | 84 +++++ labs/SEC-5-social-engineering-scenario-lab.md | 63 ++++ labs/SEC-6-malware-removal-tabletop-lab.md | 76 ++++ labs/SEC-7-workstation-hardening-lab.md | 94 +++++ labs/SEC-8-mobile-device-security-lab.md | 117 ++++++ labs/SEC-9-data-destruction-lab.md | 122 ++++++ labs/TRB-1-windows-os-issues-lab.md | 72 ++++ labs/TRB-2-mobile-os-app-issues-lab.md | 56 +++ labs/TRB-3-mobile-security-issues-lab.md | 54 +++ labs/TRB-4-pc-security-symptoms-lab.md | 53 +++ mind-maps/core2-overview.md | 37 ++ mind-maps/core2-status.html | 225 ++++++++++++ notes/OPS-1-documentation-support-systems.md | 61 +++ notes/OPS-10-ai-concepts.md | 59 +++ notes/OPS-2-change-management.md | 55 +++ notes/OPS-3-backup-recovery.md | 48 +++ notes/OPS-4-safety-procedures.md | 52 +++ notes/OPS-5-environmental-controls.md | 49 +++ notes/OPS-6-policy-privacy-licensing.md | 55 +++ notes/OPS-7-professionalism.md | 56 +++ notes/OPS-8-scripting-basics.md | 59 +++ notes/OPS-9-remote-access.md | 56 +++ notes/OS-1-windows-editions-system-info.md | 179 +++++++++ ...0-application-installation-requirements.md | 280 ++++++++++++++ notes/OS-11-cloud-productivity-tools.md | 232 ++++++++++++ notes/OS-2-windows-installation-recovery.md | 142 +++++++ notes/OS-3-windows-admin-tools.md | 200 ++++++++++ notes/OS-4-windows-command-line.md | 343 +++++++++++++++++ notes/OS-5-os-types-filesystems.md | 186 ++++++++++ notes/OS-6-windows-control-panel-settings.md | 248 +++++++++++++ notes/OS-7-windows-networking.md | 283 ++++++++++++++ notes/OS-8-macos-tools-features.md | 253 +++++++++++++ notes/OS-9-linux-client-tools.md | 347 ++++++++++++++++++ notes/SEC-1-security-controls.md | 291 +++++++++++++++ notes/SEC-10-soho-network-security.md | 277 ++++++++++++++ notes/SEC-11-browser-security.md | 314 ++++++++++++++++ notes/SEC-2-windows-security-settings.md | 321 ++++++++++++++++ notes/SEC-3-wireless-security.md | 251 +++++++++++++ notes/SEC-4-malware-security-tools.md | 275 ++++++++++++++ notes/SEC-5-social-engineering-attacks.md | 306 +++++++++++++++ notes/SEC-6-malware-removal-process.md | 247 +++++++++++++ notes/SEC-7-workstation-hardening.md | 307 ++++++++++++++++ notes/SEC-8-mobile-device-security.md | 232 ++++++++++++ notes/SEC-9-data-destruction.md | 260 +++++++++++++ notes/TRB-1-windows-os-issues.md | 108 ++++++ notes/TRB-2-mobile-os-app-issues.md | 87 +++++ notes/TRB-3-mobile-security-issues.md | 88 +++++ notes/TRB-4-pc-security-symptoms.md | 78 ++++ quiz-log.md | 22 ++ quizzes/OPS-1-quiz.md | 51 +++ quizzes/OPS-10-quiz.md | 51 +++ quizzes/OPS-2-quiz.md | 51 +++ quizzes/OPS-3-quiz.md | 51 +++ quizzes/OPS-4-quiz.md | 51 +++ quizzes/OPS-5-quiz.md | 52 +++ quizzes/OPS-6-quiz.md | 52 +++ quizzes/OPS-7-quiz.md | 52 +++ quizzes/OPS-8-quiz.md | 52 +++ quizzes/OPS-9-quiz.md | 51 +++ quizzes/OS-1-quiz.md | 67 ++++ quizzes/OS-10-quiz.md | 68 ++++ quizzes/OS-11-quiz.md | 68 ++++ quizzes/OS-2-quiz.md | 52 +++ quizzes/OS-3-quiz.md | 52 +++ quizzes/OS-4-quiz.md | 68 ++++ quizzes/OS-5-quiz.md | 68 ++++ quizzes/OS-6-quiz.md | 68 ++++ quizzes/OS-7-quiz.md | 68 ++++ quizzes/OS-8-quiz.md | 68 ++++ quizzes/OS-9-quiz.md | 68 ++++ quizzes/SEC-1-quiz.md | 68 ++++ quizzes/SEC-10-quiz.md | 68 ++++ quizzes/SEC-11-quiz.md | 68 ++++ quizzes/SEC-2-quiz.md | 68 ++++ quizzes/SEC-3-quiz.md | 68 ++++ quizzes/SEC-4-quiz.md | 68 ++++ quizzes/SEC-5-quiz.md | 68 ++++ quizzes/SEC-6-quiz.md | 68 ++++ quizzes/SEC-7-quiz.md | 68 ++++ quizzes/SEC-8-quiz.md | 68 ++++ quizzes/SEC-9-quiz.md | 68 ++++ quizzes/TRB-1-quiz.md | 68 ++++ quizzes/TRB-2-quiz.md | 67 ++++ quizzes/TRB-3-quiz.md | 67 ++++ quizzes/TRB-4-quiz.md | 67 ++++ reference-materials/README.md | 45 +++ reference-materials/REFERENCE_INDEX.md | 60 +++ 120 files changed, 12696 insertions(+) create mode 100644 .gitignore create mode 100644 MEMORY.md create mode 100644 README.md create mode 100644 SCHEDULE.md create mode 100644 flashcards/OPS-flashcards.json create mode 100644 flashcards/TRB-flashcards.json create mode 100644 lab-log.md create mode 100644 labs/OPS-1-documentation-support-systems-lab.md create mode 100644 labs/OPS-10-ai-concepts-lab.md create mode 100644 labs/OPS-2-change-management-lab.md create mode 100644 labs/OPS-3-backup-recovery-lab.md create mode 100644 labs/OPS-4-safety-procedures-lab.md create mode 100644 labs/OPS-5-environmental-controls-lab.md create mode 100644 labs/OPS-6-policy-privacy-licensing-lab.md create mode 100644 labs/OPS-7-professionalism-lab.md create mode 100644 labs/OPS-8-scripting-basics-lab.md create mode 100644 labs/OPS-9-remote-access-lab.md create mode 100644 labs/OS-1-system-inventory-lab.md create mode 100644 labs/OS-10-application-installation-lab.md create mode 100644 labs/OS-11-cloud-productivity-lab.md create mode 100644 labs/OS-2-recovery-info-lab.md create mode 100644 labs/OS-3-admin-tools-lab.md create mode 100644 labs/OS-4-command-line-lab.md create mode 100644 labs/OS-5-os-filesystem-lab.md create mode 100644 labs/OS-6-settings-lab.md create mode 100644 labs/OS-7-windows-networking-lab.md create mode 100644 labs/OS-8-macos-tools-lab.md create mode 100644 labs/OS-9-linux-client-tools-lab.md create mode 100644 labs/SEC-1-security-controls-lab.md create mode 100644 labs/SEC-10-soho-network-security-lab.md create mode 100644 labs/SEC-11-browser-security-lab.md create mode 100644 labs/SEC-2-windows-security-settings-lab.md create mode 100644 labs/SEC-3-wireless-security-lab.md create mode 100644 labs/SEC-4-malware-response-lab.md create mode 100644 labs/SEC-5-social-engineering-scenario-lab.md create mode 100644 labs/SEC-6-malware-removal-tabletop-lab.md create mode 100644 labs/SEC-7-workstation-hardening-lab.md create mode 100644 labs/SEC-8-mobile-device-security-lab.md create mode 100644 labs/SEC-9-data-destruction-lab.md create mode 100644 labs/TRB-1-windows-os-issues-lab.md create mode 100644 labs/TRB-2-mobile-os-app-issues-lab.md create mode 100644 labs/TRB-3-mobile-security-issues-lab.md create mode 100644 labs/TRB-4-pc-security-symptoms-lab.md create mode 100644 mind-maps/core2-overview.md create mode 100644 mind-maps/core2-status.html create mode 100644 notes/OPS-1-documentation-support-systems.md create mode 100644 notes/OPS-10-ai-concepts.md create mode 100644 notes/OPS-2-change-management.md create mode 100644 notes/OPS-3-backup-recovery.md create mode 100644 notes/OPS-4-safety-procedures.md create mode 100644 notes/OPS-5-environmental-controls.md create mode 100644 notes/OPS-6-policy-privacy-licensing.md create mode 100644 notes/OPS-7-professionalism.md create mode 100644 notes/OPS-8-scripting-basics.md create mode 100644 notes/OPS-9-remote-access.md create mode 100644 notes/OS-1-windows-editions-system-info.md create mode 100644 notes/OS-10-application-installation-requirements.md create mode 100644 notes/OS-11-cloud-productivity-tools.md create mode 100644 notes/OS-2-windows-installation-recovery.md create mode 100644 notes/OS-3-windows-admin-tools.md create mode 100644 notes/OS-4-windows-command-line.md create mode 100644 notes/OS-5-os-types-filesystems.md create mode 100644 notes/OS-6-windows-control-panel-settings.md create mode 100644 notes/OS-7-windows-networking.md create mode 100644 notes/OS-8-macos-tools-features.md create mode 100644 notes/OS-9-linux-client-tools.md create mode 100644 notes/SEC-1-security-controls.md create mode 100644 notes/SEC-10-soho-network-security.md create mode 100644 notes/SEC-11-browser-security.md create mode 100644 notes/SEC-2-windows-security-settings.md create mode 100644 notes/SEC-3-wireless-security.md create mode 100644 notes/SEC-4-malware-security-tools.md create mode 100644 notes/SEC-5-social-engineering-attacks.md create mode 100644 notes/SEC-6-malware-removal-process.md create mode 100644 notes/SEC-7-workstation-hardening.md create mode 100644 notes/SEC-8-mobile-device-security.md create mode 100644 notes/SEC-9-data-destruction.md create mode 100644 notes/TRB-1-windows-os-issues.md create mode 100644 notes/TRB-2-mobile-os-app-issues.md create mode 100644 notes/TRB-3-mobile-security-issues.md create mode 100644 notes/TRB-4-pc-security-symptoms.md create mode 100644 quiz-log.md create mode 100644 quizzes/OPS-1-quiz.md create mode 100644 quizzes/OPS-10-quiz.md create mode 100644 quizzes/OPS-2-quiz.md create mode 100644 quizzes/OPS-3-quiz.md create mode 100644 quizzes/OPS-4-quiz.md create mode 100644 quizzes/OPS-5-quiz.md create mode 100644 quizzes/OPS-6-quiz.md create mode 100644 quizzes/OPS-7-quiz.md create mode 100644 quizzes/OPS-8-quiz.md create mode 100644 quizzes/OPS-9-quiz.md create mode 100644 quizzes/OS-1-quiz.md create mode 100644 quizzes/OS-10-quiz.md create mode 100644 quizzes/OS-11-quiz.md create mode 100644 quizzes/OS-2-quiz.md create mode 100644 quizzes/OS-3-quiz.md create mode 100644 quizzes/OS-4-quiz.md create mode 100644 quizzes/OS-5-quiz.md create mode 100644 quizzes/OS-6-quiz.md create mode 100644 quizzes/OS-7-quiz.md create mode 100644 quizzes/OS-8-quiz.md create mode 100644 quizzes/OS-9-quiz.md create mode 100644 quizzes/SEC-1-quiz.md create mode 100644 quizzes/SEC-10-quiz.md create mode 100644 quizzes/SEC-11-quiz.md create mode 100644 quizzes/SEC-2-quiz.md create mode 100644 quizzes/SEC-3-quiz.md create mode 100644 quizzes/SEC-4-quiz.md create mode 100644 quizzes/SEC-5-quiz.md create mode 100644 quizzes/SEC-6-quiz.md create mode 100644 quizzes/SEC-7-quiz.md create mode 100644 quizzes/SEC-8-quiz.md create mode 100644 quizzes/SEC-9-quiz.md create mode 100644 quizzes/TRB-1-quiz.md create mode 100644 quizzes/TRB-2-quiz.md create mode 100644 quizzes/TRB-3-quiz.md create mode 100644 quizzes/TRB-4-quiz.md create mode 100644 reference-materials/README.md create mode 100644 reference-materials/REFERENCE_INDEX.md diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f811a1e --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +# Generated/local working files +build/ + +# Extracted full text from copyrighted reference PDFs. +# Keep reference indexes and summarized study materials in git instead. +reference-materials/extracted-text/ + diff --git a/MEMORY.md b/MEMORY.md new file mode 100644 index 0000000..2218802 --- /dev/null +++ b/MEMORY.md @@ -0,0 +1,333 @@ +# CompTIA A+ Core 2 Study Memory + +Last updated: 2026-06-11 20:14 CDT + +## Goal + +Prepare to pass CompTIA A+ Core 2 by June 30, 2026. + +Target exam: +- Certification: CompTIA A+ Core 2 V15 +- Exam code: 220-1202 +- Launch date: March 25, 2025 +- Question count: maximum 90 +- Time limit: 90 minutes +- Passing score: 700 on a 900-point scale +- Question styles: multiple choice, multiple response, drag-and-drop, performance-based questions + +Official domain weights: +- 1.0 Operating Systems: 28% +- 2.0 Security: 28% +- 3.0 Software Troubleshooting: 23% +- 4.0 Operational Procedures: 21% + +Source checked: +- CompTIA A+ Core 2 V15 page, accessed 2026-06-10: + https://www.comptia.org/en-us/certifications/a/core-2-v15/ + +## Study Strategy + +Use a fast exam-prep loop: +1. Teach one small topic in plain language. +2. Add a memory trick for the topic. +3. Enter commands when commands are relevant. +4. Explain what each command does and how to interpret the output. +5. Run a Windows or Linux lab when useful. +6. Quiz only after the section has been studied. +7. Log mistakes by domain and objective. +8. Re-test weak areas with spaced repetition. + +Priority rule: +- Security and Operating Systems receive the most study time because each is 28% of the exam. +- Troubleshooting gets daily scenario practice because it overlaps with performance-based questions. +- Operational Procedures gets frequent short reviews because it is vocabulary-heavy and process-driven. + +## Progress State + +Current status: +- Study system created. +- Objective 1.1 / OS-5 studied on 2026-06-11; quiz score 7/7. Status: Strong. Lab still pending. +- Baseline quiz replaced by section quizzes after study. +- OS-1 lesson/lab/quiz created: Windows editions and system information. +- OS-2 lesson/lab/quiz created: Windows installation, boot, and recovery. +- OS-3 lesson/lab/quiz created: Windows administrative tools. +- OS-4 lesson/lab/quiz created: Windows command line. +- OS-5 lesson/lab/quiz created: OS types and file systems. +- OS-6 lesson/lab/quiz created: Windows Control Panel and Settings. +- OS-7 lesson/lab/quiz created: Windows networking. +- User reference materials found in `/home/kenpatmonk/Downloads/`. +- Reference PDFs extracted to `reference-materials/extracted-text/`. +- `Downloads/core2.html` contains an objective-level map from 1.1 through 4.10 and should guide the HTML status map. +- `mind-maps/core2-status.html` upgraded to objective-level tracking from 1.1 through 4.10. +- OS-1 updated from reference material to include Windows 11 TPM/UEFI/Secure Boot clues, `msinfo32`, and `tpm.msc`. +- User does not personally have a Mac, but a friend has a Mac the user can use for macOS labs. +- Labs should include Windows/Linux options and optional macOS labs when macOS is exam-relevant. +- Weak domains unknown. +- User prefers quizzes after each study section, not before. +- User can sometimes access a friend's Mac. Do not block progress on Mac access, but include real Mac labs for objective 1.8. + +Next action: +- User should run the OS-5 lab when convenient, then continue to objective 1.2: OS installation and upgrade. +- If skipping the OS-5 lab for now, begin OS-2 study and quiz for objective 1.2. +- OS-3 is ready after OS-2: Windows administrative tools. +- OS-1 quiz now has 7 questions. +- OS-4 is ready after OS-3: Windows command line. +- OS-5 is ready and covers objective 1.1. It can be studied before OS-1 if starting from fundamentals. +- OS-6 is ready after OS-4: Windows Control Panel and Settings. +- OS-7 is ready after OS-6: Windows networking. +- OS-8 lesson/lab/quiz created: macOS tools and features. Mac lab is available when user can use friend's Mac; otherwise use comparison practice. +- OS-9 lesson/lab/quiz created: Linux client tools. +- OS-10 lesson/lab/quiz created: application installation requirements. +- OS-11 lesson/lab/quiz created: cloud productivity tools. +- Domain 1 Operating Systems now has ready lessons/labs/quizzes for objectives 1.1 through 1.11. +- SEC-1 lesson/lab/quiz created: security controls for objective 2.1. +- SEC-2 lesson/lab/quiz created: Windows security settings for objective 2.2. +- SEC-3 lesson/lab/quiz created: wireless security for objective 2.3. +- SEC-4 lesson/lab/quiz created: malware and security tools for objective 2.4. +- SEC-5 lesson/lab/quiz created: social engineering and attacks for objective 2.5. +- SEC-6 lesson/lab/quiz created: malware removal process for objective 2.6. +- SEC-7 lesson/lab/quiz created: workstation hardening for objective 2.7. +- SEC-8 lesson/lab/quiz created: mobile device security for objective 2.8. +- SEC-9 lesson/lab/quiz created: data destruction for objective 2.9. +- SEC-10 lesson/lab/quiz created: SOHO network security for objective 2.10. +- SEC-11 lesson/lab/quiz created: browser security for objective 2.11. +- Domain 2 Security now has ready lessons/labs/quizzes for objectives 2.1 through 2.11. +- TRB-1 lesson/lab/quiz created: Windows OS issues for objective 3.1. +- TRB-2 lesson/lab/quiz created: mobile OS and app issues for objective 3.2. +- TRB-3 lesson/lab/quiz created: mobile security issues for objective 3.3. +- TRB-4 lesson/lab/quiz created: PC security symptoms for objective 3.4. +- Domain 3 Software Troubleshooting now has ready lessons/labs/quizzes for objectives 3.1 through 3.4. +- OPS-1 lesson/lab/quiz created: documentation and support systems for objective 4.1. +- OPS-2 lesson/lab/quiz created: change management for objective 4.2. +- OPS-3 lesson/lab/quiz created: backup and recovery for objective 4.3. +- OPS-4 lesson/lab/quiz created: safety procedures for objective 4.4. +- OPS-5 lesson/lab/quiz created: environmental controls for objective 4.5. +- OPS-6 lesson/lab/quiz created: policy, privacy, and licensing for objective 4.6. +- OPS-7 lesson/lab/quiz created: professionalism for objective 4.7. +- OPS-8 lesson/lab/quiz created: scripting basics for objective 4.8. +- OPS-9 lesson/lab/quiz created: remote access for objective 4.9. +- OPS-10 lesson/lab/quiz created: AI concepts for objective 4.10. +- Domain 4 Operational Procedures now has ready lessons/labs/quizzes for objectives 4.1 through 4.10. +- All quiz answer keys were audited on 2026-06-10; correct answers are mixed across A, B, C, and D instead of always using A. + +## Teaching Rules + +Each section should stay small and easy to understand: +- What it is +- Why it matters on the exam +- Memory trick +- Commands to enter, if applicable +- What each command does +- Mini lab +- Quiz after study + +Quiz remediation rule: +- If the user misses a quiz question, explain the correct answer. +- Explain why the selected answer was wrong. +- Explain what each answer choice does or means. +- Update `quiz-log.md` and the HTML mind map status. + +Quiz design rule: +- Do not make every correct answer the same letter. +- Mix correct answers across A, B, C, and D to prevent pattern guessing. +- After creating or editing a quiz, verify the answer key distribution. + +Mind map rule: +- Use `mind-maps/core2-status.html` as the visual progress map. +- Track status for each objective topic with levels: + - Not started + - Studying + - Needs review + - Good + - Strong + +## Memory Protocol + +Before context limits or long sessions, update this file with: +- Date and time +- Topics completed +- Quiz scores and missed concepts +- Labs completed +- Weak areas +- Next recommended action + +Use these files: +- `SCHEDULE.md`: day-by-day plan through June 30 +- `quiz-log.md`: quiz attempts and mistake patterns +- `lab-log.md`: hands-on exercises completed +- `mind-maps/core2-overview.md`: overview map of the exam +- `mind-maps/core2-status.html`: HTML objective status mind map +- `reference-materials/`: user-provided Core 2 books/files/reference materials +- `reference-materials/REFERENCE_INDEX.md`: index of processed references + +## Reference Material Workflow + +User may provide PDFs, EPUBs, images, text files, or unknown formats such as `.atm`. + +When reference files are added: +- Inspect filenames first. +- Use `file` to identify unknown formats. +- Extract or read text when possible. +- Use references to improve original study materials. +- Do not copy long copyrighted passages into notes. +- Update lessons, labs, quizzes, and the HTML mind map from summarized concepts. +- Track processed files in `reference-materials/REFERENCE_INDEX.md`. + +Indexed references: +- `/home/kenpatmonk/Downloads/Professor Messer’s A+ Core 2 Course Notes-1.pdf` +- `/home/kenpatmonk/Downloads/Professor Messer’s CompTIA A+ Core 2 Practice Exams.pdf` +- `/home/kenpatmonk/Downloads/core2.html` + +## Created Sections + +Operating Systems: +- OS-5: OS types and file systems + - Lesson: `notes/OS-5-os-types-filesystems.md` + - Lab: `labs/OS-5-os-filesystem-lab.md` + - Quiz: `quizzes/OS-5-quiz.md` +- OS-1: Windows editions and system information + - Lesson: `notes/OS-1-windows-editions-system-info.md` + - Lab: `labs/OS-1-system-inventory-lab.md` + - Quiz: `quizzes/OS-1-quiz.md` +- OS-2: Windows installation, boot, and recovery + - Lesson: `notes/OS-2-windows-installation-recovery.md` + - Lab: `labs/OS-2-recovery-info-lab.md` + - Quiz: `quizzes/OS-2-quiz.md` +- OS-3: Windows administrative tools + - Lesson: `notes/OS-3-windows-admin-tools.md` + - Lab: `labs/OS-3-admin-tools-lab.md` + - Quiz: `quizzes/OS-3-quiz.md` +- OS-4: Windows command line + - Lesson: `notes/OS-4-windows-command-line.md` + - Lab: `labs/OS-4-command-line-lab.md` + - Quiz: `quizzes/OS-4-quiz.md` +- OS-6: Windows Control Panel and Settings + - Lesson: `notes/OS-6-windows-control-panel-settings.md` + - Lab: `labs/OS-6-settings-lab.md` + - Quiz: `quizzes/OS-6-quiz.md` +- OS-7: Windows networking + - Lesson: `notes/OS-7-windows-networking.md` + - Lab: `labs/OS-7-windows-networking-lab.md` + - Quiz: `quizzes/OS-7-quiz.md` +- OS-8: macOS tools and features + - Lesson: `notes/OS-8-macos-tools-features.md` + - Lab: `labs/OS-8-macos-tools-lab.md` + - Quiz: `quizzes/OS-8-quiz.md` +- OS-9: Linux client tools + - Lesson: `notes/OS-9-linux-client-tools.md` + - Lab: `labs/OS-9-linux-client-tools-lab.md` + - Quiz: `quizzes/OS-9-quiz.md` +- OS-10: Application installation requirements + - Lesson: `notes/OS-10-application-installation-requirements.md` + - Lab: `labs/OS-10-application-installation-lab.md` + - Quiz: `quizzes/OS-10-quiz.md` +- OS-11: Cloud productivity tools + - Lesson: `notes/OS-11-cloud-productivity-tools.md` + - Lab: `labs/OS-11-cloud-productivity-lab.md` + - Quiz: `quizzes/OS-11-quiz.md` + +Security: +- SEC-1: Security controls + - Lesson: `notes/SEC-1-security-controls.md` + - Lab: `labs/SEC-1-security-controls-lab.md` + - Quiz: `quizzes/SEC-1-quiz.md` +- SEC-2: Windows security settings + - Lesson: `notes/SEC-2-windows-security-settings.md` + - Lab: `labs/SEC-2-windows-security-settings-lab.md` + - Quiz: `quizzes/SEC-2-quiz.md` +- SEC-3: Wireless security + - Lesson: `notes/SEC-3-wireless-security.md` + - Lab: `labs/SEC-3-wireless-security-lab.md` + - Quiz: `quizzes/SEC-3-quiz.md` +- SEC-4: Malware and security tools + - Lesson: `notes/SEC-4-malware-security-tools.md` + - Lab: `labs/SEC-4-malware-response-lab.md` + - Quiz: `quizzes/SEC-4-quiz.md` +- SEC-5: Social engineering and attacks + - Lesson: `notes/SEC-5-social-engineering-attacks.md` + - Lab: `labs/SEC-5-social-engineering-scenario-lab.md` + - Quiz: `quizzes/SEC-5-quiz.md` +- SEC-6: Malware removal process + - Lesson: `notes/SEC-6-malware-removal-process.md` + - Lab: `labs/SEC-6-malware-removal-tabletop-lab.md` + - Quiz: `quizzes/SEC-6-quiz.md` +- SEC-7: Workstation hardening + - Lesson: `notes/SEC-7-workstation-hardening.md` + - Lab: `labs/SEC-7-workstation-hardening-lab.md` + - Quiz: `quizzes/SEC-7-quiz.md` +- SEC-8: Mobile device security + - Lesson: `notes/SEC-8-mobile-device-security.md` + - Lab: `labs/SEC-8-mobile-device-security-lab.md` + - Quiz: `quizzes/SEC-8-quiz.md` +- SEC-9: Data destruction + - Lesson: `notes/SEC-9-data-destruction.md` + - Lab: `labs/SEC-9-data-destruction-lab.md` + - Quiz: `quizzes/SEC-9-quiz.md` +- SEC-10: SOHO network security + - Lesson: `notes/SEC-10-soho-network-security.md` + - Lab: `labs/SEC-10-soho-network-security-lab.md` + - Quiz: `quizzes/SEC-10-quiz.md` +- SEC-11: Browser security + - Lesson: `notes/SEC-11-browser-security.md` + - Lab: `labs/SEC-11-browser-security-lab.md` + - Quiz: `quizzes/SEC-11-quiz.md` + +Software Troubleshooting: +- TRB-1: Windows OS issues + - Lesson: `notes/TRB-1-windows-os-issues.md` + - Lab: `labs/TRB-1-windows-os-issues-lab.md` + - Quiz: `quizzes/TRB-1-quiz.md` +- TRB-2: Mobile OS and app issues + - Lesson: `notes/TRB-2-mobile-os-app-issues.md` + - Lab: `labs/TRB-2-mobile-os-app-issues-lab.md` + - Quiz: `quizzes/TRB-2-quiz.md` +- TRB-3: Mobile security issues + - Lesson: `notes/TRB-3-mobile-security-issues.md` + - Lab: `labs/TRB-3-mobile-security-issues-lab.md` + - Quiz: `quizzes/TRB-3-quiz.md` +- TRB-4: PC security symptoms + - Lesson: `notes/TRB-4-pc-security-symptoms.md` + - Lab: `labs/TRB-4-pc-security-symptoms-lab.md` + - Quiz: `quizzes/TRB-4-quiz.md` + +Operational Procedures: +- OPS-1: Documentation and support systems + - Lesson: `notes/OPS-1-documentation-support-systems.md` + - Lab: `labs/OPS-1-documentation-support-systems-lab.md` + - Quiz: `quizzes/OPS-1-quiz.md` +- OPS-2: Change management + - Lesson: `notes/OPS-2-change-management.md` + - Lab: `labs/OPS-2-change-management-lab.md` + - Quiz: `quizzes/OPS-2-quiz.md` +- OPS-3: Backup and recovery + - Lesson: `notes/OPS-3-backup-recovery.md` + - Lab: `labs/OPS-3-backup-recovery-lab.md` + - Quiz: `quizzes/OPS-3-quiz.md` +- OPS-4: Safety procedures + - Lesson: `notes/OPS-4-safety-procedures.md` + - Lab: `labs/OPS-4-safety-procedures-lab.md` + - Quiz: `quizzes/OPS-4-quiz.md` +- OPS-5: Environmental controls + - Lesson: `notes/OPS-5-environmental-controls.md` + - Lab: `labs/OPS-5-environmental-controls-lab.md` + - Quiz: `quizzes/OPS-5-quiz.md` +- OPS-6: Policy, privacy, and licensing + - Lesson: `notes/OPS-6-policy-privacy-licensing.md` + - Lab: `labs/OPS-6-policy-privacy-licensing-lab.md` + - Quiz: `quizzes/OPS-6-quiz.md` +- OPS-7: Professionalism + - Lesson: `notes/OPS-7-professionalism.md` + - Lab: `labs/OPS-7-professionalism-lab.md` + - Quiz: `quizzes/OPS-7-quiz.md` +- OPS-8: Scripting basics + - Lesson: `notes/OPS-8-scripting-basics.md` + - Lab: `labs/OPS-8-scripting-basics-lab.md` + - Quiz: `quizzes/OPS-8-quiz.md` +- OPS-9: Remote access + - Lesson: `notes/OPS-9-remote-access.md` + - Lab: `labs/OPS-9-remote-access-lab.md` + - Quiz: `quizzes/OPS-9-quiz.md` +- OPS-10: AI concepts + - Lesson: `notes/OPS-10-ai-concepts.md` + - Lab: `labs/OPS-10-ai-concepts-lab.md` + - Quiz: `quizzes/OPS-10-quiz.md` diff --git a/README.md b/README.md new file mode 100644 index 0000000..e1a81d3 --- /dev/null +++ b/README.md @@ -0,0 +1,33 @@ +# CompTIA A+ Core 2 Study Project + +Private study workspace for CompTIA A+ Core 2 `220-1202`. + +## Goal + +Prepare to pass Core 2 by June 30, 2026. + +## How To Continue + +Start with `MEMORY.md` for the current state, progress, and next action. + +Useful files: +- `SCHEDULE.md`: day-by-day study plan +- `quiz-log.md`: quiz attempts and missed concepts +- `lab-log.md`: hands-on lab progress +- `mind-maps/core2-status.html`: visual objective status map +- `notes/`: lessons by objective +- `labs/`: hands-on exercises +- `quizzes/`: section quizzes +- `reference-materials/REFERENCE_INDEX.md`: processed reference inventory + +## Current Flow + +1. Study one objective from `notes/`. +2. Run the matching lab from `labs/` when practical. +3. Take the matching quiz from `quizzes/`. +4. Update `quiz-log.md`, `lab-log.md`, `MEMORY.md`, and `mind-maps/core2-status.html`. + +## Reference Policy + +Full extracted text from commercial PDFs is intentionally not committed. Use summarized project notes and the reference index for continuity. + diff --git a/SCHEDULE.md b/SCHEDULE.md new file mode 100644 index 0000000..d660fa1 --- /dev/null +++ b/SCHEDULE.md @@ -0,0 +1,93 @@ +# CompTIA A+ Core 2 Schedule + +Dates: June 10 through June 30, 2026 + +## Phase 1: Baseline and Operating Systems + +June 10: +- Review exam structure and domain map. +- Study small section OS-1: Windows editions and system information. +- Enter system information commands. +- Lab: identify system edition, version, build, CPU, RAM, and architecture. +- Quiz: OS-1 only, after study. + +June 11: +- Windows command-line tools: `ipconfig`, `ping`, `tracert`, `netstat`, `nslookup`, `chkdsk`, `sfc`, `dism`, `gpupdate`, `gpresult`, `shutdown`. +- Lab: collect network and system info from a Windows or Linux machine. + +June 12: +- Windows administrative tools: Task Manager, Services, Event Viewer, Disk Management, Device Manager, System Configuration, Local Users and Groups, Performance Monitor. +- Quiz: Operating Systems set 1. + +June 13: +- Linux basics: file systems, terminal commands, app installation, permissions, backups, system settings. +- Lab: Linux command practice. + +June 14: +- Mobile operating systems: Android/iOS settings, accounts, synchronization, app management, connectivity, backups. +- Quiz: Operating Systems set 2. + +## Phase 2: Security + +June 15: +- Security fundamentals: authentication, authorization, least privilege, MFA, password policies, account types. + +June 16: +- Malware types, symptoms, removal process, browser security, social engineering. +- Lab: malware response tabletop. + +June 17: +- Wireless security, SOHO router hardening, encryption, firewalls, physical security. +- Quiz: Security set 1. + +June 18: +- Data protection: backups, recovery, EFS, BitLocker/FileVault concepts, secure disposal, privacy. + +June 19: +- Security review and mixed PBQ-style scenarios. +- Quiz: Security set 2. + +## Phase 3: Software Troubleshooting + +June 20: +- Windows symptoms: boot issues, BSOD, services failing, application crashes, slow performance. + +June 21: +- Application, browser, and network-related software issues. +- Lab: troubleshooting decision tree. + +June 22: +- Mobile app, OS, connectivity, and security troubleshooting. +- Quiz: Software Troubleshooting set 1. + +June 23: +- Mixed troubleshooting scenarios with root cause analysis. + +## Phase 4: Operational Procedures + +June 24: +- Documentation, ticketing, change management, asset management, incident handling. + +June 25: +- Safety, ESD, environmental controls, professionalism, communication. +- Quiz: Operational Procedures set 1. + +June 26: +- Backup types, recovery testing, disaster recovery, remote access etiquette. + +## Phase 5: Final Review + +June 27: +- Full mixed practice exam 1. +- Review every missed question. + +June 28: +- Targeted weak-domain labs and flash review. + +June 29: +- Full mixed practice exam 2. +- Final cram sheet. + +June 30: +- Light review only. +- Focus on missed-question log, acronyms, command syntax, and PBQ strategy. diff --git a/flashcards/OPS-flashcards.json b/flashcards/OPS-flashcards.json new file mode 100644 index 0000000..fc141d4 --- /dev/null +++ b/flashcards/OPS-flashcards.json @@ -0,0 +1,137 @@ +{ + "OPS-1": [ + {"front": "What is the U-D-I-S-R memory trick for tickets?", "back": "User, Device, Issue, Severity, Resolution - the core fields a support ticket should capture."}, + {"front": "What is the shortcut phrase for why documentation matters?", "back": "If it is not documented, the next tech cannot trust what happened."}, + {"front": "What information should a ticket record besides user, device, and issue?", "back": "Category, severity, escalation level, progress notes, and resolution."}, + {"front": "What is a CMDB?", "back": "A configuration management database used as part of asset management to track inventory and configuration details."}, + {"front": "What does asset management track about a device?", "back": "Inventory, asset tags and IDs, procurement life cycle, warranty and licensing, and assigned users."}, + {"front": "What is an SOP?", "back": "A standard operating procedure - a repeatable, documented process for performing a task."}, + {"front": "What is an SLA?", "back": "A service level agreement that defines the expected level of service, such as response or resolution times."}, + {"front": "What is the purpose of a knowledge base article?", "back": "It helps future technicians solve known issues by documenting solutions to past problems."}, + {"front": "Name three document types used in IT operations besides SOPs.", "back": "Incident reports, onboarding/offboarding checklists, and SLAs (knowledge base articles and package installation procedures are also examples)."}, + {"front": "Why are asset tags important?", "back": "They connect devices to users, warranty information, and lifecycle records."}, + {"front": "Why do tickets need enough detail for handoff?", "back": "So another technician can pick up the issue and continue work, and so trends can be analyzed across many tickets."}, + {"front": "What is the procurement life cycle in asset management?", "back": "The stages a device goes through from purchase/acquisition through use to retirement or disposal."} + ], + "OPS-2": [ + {"front": "What is the P-S-R-B-R memory trick for change management?", "back": "Purpose, Scope, Risk, Backup, Rollback - key elements of a change plan."}, + {"front": "What is the shortcut phrase about rollback plans?", "back": "A change without rollback is a bet, not a plan."}, + {"front": "What is a standard change?", "back": "A low-risk, preapproved, repeatable change."}, + {"front": "What is a normal change?", "back": "A planned change that requires review and approval before implementation."}, + {"front": "What is an emergency change?", "back": "An urgent change made to fix a major risk or outage; it may happen faster but still needs documentation afterward."}, + {"front": "What should a change plan include besides purpose, scope, and risk level?", "back": "Change type, schedule, affected systems, responsible staff, approvals, backup, rollback plan, sandbox testing, implementation steps, peer review, and end-user acceptance."}, + {"front": "What is the purpose of sandbox testing in change management?", "back": "It lets a change be tested in an isolated environment before being applied to production systems."}, + {"front": "Why is peer review part of change planning?", "back": "It helps catch mistakes before the change is implemented."}, + {"front": "What is a maintenance window?", "back": "A scheduled time period for making changes that reduces impact on users."}, + {"front": "What is a change freeze?", "back": "A period during which noncritical changes are blocked, typically during sensitive business periods."}, + {"front": "Scenario: A technician needs to update server software but the update could cause downtime. What should be prepared before implementing the change?", "back": "A backup and a rollback plan should be prepared, along with approvals and a scheduled maintenance window, so the system can be restored if the change fails."}, + {"front": "Scenario: A critical production server is down and needs an immediate fix outside the normal approval process. What type of change is this, and what must still happen afterward?", "back": "This is an emergency change; even though it bypasses normal advance approval, it must still be documented after the fact."} + ], + "OPS-3": [ + {"front": "What does the F-I-D-S memory trick stand for?", "back": "Full, Incremental, Differential, Synthetic full - the four backup types."}, + {"front": "What is the shortcut phrase about backups and restores?", "back": "Backups are promises; restore tests prove them."}, + {"front": "What is a full backup?", "back": "A backup that backs up all selected data."}, + {"front": "What is an incremental backup?", "back": "A backup that backs up changes since the last backup of any type (full or incremental)."}, + {"front": "What is a differential backup?", "back": "A backup that backs up changes since the last full backup."}, + {"front": "What is a synthetic full backup?", "back": "A full backup built from previous backup data rather than copying all data again from the source."}, + {"front": "What is the trade-off of incremental backups?", "back": "They are small and fast, but the restore chain can be longer because multiple incremental backups must be applied in sequence."}, + {"front": "What happens to differential backups over time?", "back": "They grow larger until the next full backup is performed."}, + {"front": "What does the 3-2-1 backup rule mean?", "back": "Three copies of data, on two different media types, with one copy stored offsite."}, + {"front": "What is grandfather-father-son backup rotation?", "back": "A backup rotation scheme using a hierarchy of backup sets (e.g., monthly, weekly, daily) to retain different backup ages."}, + {"front": "What are the two restore options mentioned for recovering data?", "back": "Restore in place (to the original location) or restore to an alternate location."}, + {"front": "Why should restore tests be performed on a defined schedule?", "back": "Because backups only matter if they can actually be restored, and testing verifies that the backup data is usable."} + ], + "OPS-4": [ + {"front": "What does the P-E-C memory trick stand for?", "back": "Power off, ESD control, Cables managed - key safety steps before working on equipment."}, + {"front": "What is the shortcut phrase for safety priorities?", "back": "Protect people first, then parts."}, + {"front": "Name the main ESD controls.", "back": "Antistatic wrist strap, ESD mat, antistatic bags, proper grounding, and proper component handling."}, + {"front": "Can ESD damage components even if you do not feel a shock?", "back": "Yes, ESD can damage components even when the discharge is too small to be felt."}, + {"front": "What is the purpose of antistatic bags?", "back": "They protect components from electrostatic discharge during storage and transport."}, + {"front": "What personal safety practices should a technician follow?", "back": "Disconnect power before repairs, use proper lifting technique, know fire safety procedures, and use safety goggles or air filter masks when needed."}, + {"front": "When should power be disconnected before repairs?", "back": "Before internal repairs, unless a specific procedure requires the device to remain powered."}, + {"front": "How should heavy equipment be lifted?", "back": "Using proper lifting technique, or with two people if the equipment is too heavy for one person."}, + {"front": "What workspace safety practices help prevent accidents?", "back": "Cable management, clear walkways, stable equipment placement, and compliance with local rules."}, + {"front": "What does proper grounding accomplish in ESD prevention?", "back": "It safely discharges static electricity from the technician and equipment to prevent damage to sensitive components."}, + {"front": "When might safety goggles or an air filter mask be needed?", "back": "When working in environments with dust, debris, or particles that could harm the eyes or lungs."} + ], + "OPS-5": [ + {"front": "What does the P-H-D-P memory trick stand for?", "back": "Power, Heat and humidity, Dust, Proper disposal - the key environmental factors to manage."}, + {"front": "What is the shortcut phrase about environmental issues?", "back": "Bad power, heat, dust, or disposal can turn a simple support issue into a safety issue."}, + {"front": "What is an SDS or MSDS used for?", "back": "It provides safety data on chemicals and materials, including handling and disposal guidance."}, + {"front": "How should batteries and toner be handled at end of life?", "back": "They require proper disposal or recycling rather than regular trash disposal."}, + {"front": "What does a UPS protect against?", "back": "Short power outages, and it gives time for a safe shutdown of equipment."}, + {"front": "What do surge suppressors protect against?", "back": "Voltage spikes (surges) that could damage equipment."}, + {"front": "What is the difference between a brownout and a blackout?", "back": "A brownout is a low-voltage event, while a blackout is a complete loss of power."}, + {"front": "What environmental factors should be controlled in an equipment area?", "back": "Temperature, humidity, ventilation, equipment placement, and dust."}, + {"front": "How should dust be cleaned from computer equipment?", "back": "Using compressed air and vacuums designed for electronics."}, + {"front": "What categories of items require special asset/device disposal procedures?", "back": "Batteries, toner, and devices/assets in general at end of life."}, + {"front": "Why is equipment placement an environmental control consideration?", "back": "Proper placement ensures adequate airflow, ventilation, and protection from heat, humidity, and physical hazards."} + ], + "OPS-6": [ + {"front": "What does the C-D-P-L memory trick stand for?", "back": "Chain of custody, Data privacy, Policies, Licensing - core policy and incident handling concepts."}, + {"front": "What is the shortcut phrase for what policy controls?", "back": "Policy decides what you can touch, copy, disclose, and install."}, + {"front": "What is chain of custody?", "back": "The documented tracking of evidence handling to preserve its integrity for incident response or legal purposes."}, + {"front": "What does order of volatility mean?", "back": "It means collecting the most temporary (volatile) evidence first during incident response."}, + {"front": "What is a EULA?", "back": "An End User License Agreement, which defines the terms under which software may be used."}, + {"front": "Does open-source software have no license?", "back": "No, open-source does not mean no license - it still has license terms that must be followed."}, + {"front": "What is the difference between an NDA and an MNDA?", "back": "An NDA is a non-disclosure agreement between two parties, while an MNDA is a mutual non-disclosure agreement where both parties agree not to disclose each other's information."}, + {"front": "What is regulated data?", "back": "Data that may require special handling and retention due to legal or regulatory requirements."}, + {"front": "What is data retention policy concerned with?", "back": "How long data must be kept and when it can or must be deleted, based on policy or regulation."}, + {"front": "What is an acceptable use policy (AUP)?", "back": "A policy that defines how users are allowed to use company systems and resources."}, + {"front": "Why might drive copies be made during incident response?", "back": "To preserve the integrity of original evidence while allowing analysis to be performed on a copy."}, + {"front": "What is the purpose of a login banner or splash screen in policy enforcement?", "back": "It communicates acceptable use terms or legal notices to users before they access a system."} + ], + "OPS-7": [ + {"front": "What does the L-E-D-F memory trick stand for?", "back": "Listen, Explain expectations, Document, Follow up - core professional behaviors."}, + {"front": "What is the shortcut phrase for professionalism?", "back": "Fix the problem without making the user the problem."}, + {"front": "What type of questions should a technician ask first when troubleshooting with a user?", "back": "Open-ended questions, to gather information about the issue."}, + {"front": "Why should a technician restate the issue back to the user?", "back": "To confirm understanding of the problem before proceeding."}, + {"front": "Name three behaviors a technician should avoid.", "back": "Arguing, being defensive, and dismissing or judging the user (also avoid sharing confidential information)."}, + {"front": "What professional practices show respect for the user?", "back": "Appropriate appearance and language, respect for user time, active listening, cultural sensitivity, and discretion."}, + {"front": "Why is setting clear expectations important?", "back": "It helps the user understand realistic timelines and what will happen next, and supports follow-up."}, + {"front": "What should a technician do regarding confidentiality?", "back": "Protect confidential information and never share it inappropriately."}, + {"front": "Scenario: A user is frustrated and blames the technician for a recurring problem. What is the best response?", "back": "Listen actively without arguing or being defensive, restate the issue to confirm understanding, and focus on resolving the problem rather than blaming the user."}, + {"front": "Scenario: A technician discovers sensitive personal files while fixing a user's computer. What should the technician do?", "back": "Maintain discretion and confidentiality - do not share or discuss what was found with anyone outside of what policy requires."}, + {"front": "Scenario: A repair is going to take longer than expected. What should the technician do?", "back": "Communicate status clearly, set realistic updated expectations, document the situation, and follow up with the user."}, + {"front": "Scenario: A user asks a vague question like 'my computer is broken.' How should the technician respond?", "back": "Ask open-ended questions to gather more details about the issue before attempting to diagnose or fix it."} + ], + "OPS-8": [ + {"front": "What does the A-R-I-B-D memory trick stand for?", "back": "Automate, Restart, Install, Back up, Data gathering - common scripting use cases."}, + {"front": "What is the shortcut phrase about scripts?", "back": "Scripts are force multipliers for both fixes and mistakes."}, + {"front": "What file extension is used for PowerShell scripts?", "back": ".ps1"}, + {"front": "What file extension is commonly used for Bash shell scripts?", "back": ".sh"}, + {"front": "What file extension is used for batch files?", "back": ".bat"}, + {"front": "Name three script types used in IT support besides .ps1, .bat, and .sh.", "back": ".vbs (VBScript), .js (JavaScript), and .py (Python)."}, + {"front": "What are common use cases for scripts in IT support?", "back": "Automation, restarting machines, remapping drives, application installs, backups, data gathering, and updates."}, + {"front": "What risks do scripts pose if used carelessly?", "back": "They can introduce malware, change system settings, delete data, crash browsers or systems, and mishandle resources."}, + {"front": "Why should scripts be tested before broad deployment?", "back": "Because a script can quickly apply mistakes across many systems, so testing limits the impact of errors before wide rollout."}, + {"front": "Why should scripts from unknown sources be reviewed before running?", "back": "Because they could contain malware or unintended commands that could harm the system."}, + {"front": "What is one risk of running an automated script that remaps drives or changes settings across many machines?", "back": "A small mistake in the script could be applied to every machine it runs on, causing widespread issues."} + ], + "OPS-9": [ + {"front": "What does the E-A-L-L memory trick stand for?", "back": "Encryption, Authentication, Least privilege, Logging - key remote access security considerations."}, + {"front": "What is the shortcut phrase for remote access?", "back": "Remote access should be approved, authenticated, encrypted, and logged."}, + {"front": "What is RDP commonly used for?", "back": "Remote desktop access to Windows systems."}, + {"front": "What is SSH commonly used for?", "back": "Secure command-line access to remote systems."}, + {"front": "What does a VPN provide?", "back": "An encrypted path into a private network."}, + {"front": "What are RMM tools used for?", "back": "Remote monitoring and management - supporting managed monitoring and administration of systems."}, + {"front": "List the remote access methods mentioned in the lesson.", "back": "RDP, VPN, VNC, SSH, RMM, SPICE, WinRM, third-party screen sharing, videoconferencing, file transfer, and desktop management tools."}, + {"front": "Why is least privilege important for remote access accounts?", "back": "It limits what a remote user or session can do, reducing the impact if the access is misused or compromised."}, + {"front": "What should happen with screen sharing sessions due to data exposure risk?", "back": "Get user permission before starting, and close the session afterward to avoid exposing sensitive data."}, + {"front": "Why is logging important for remote access?", "back": "It creates a record of who accessed a system remotely and what they did, supporting security and accountability."}, + {"front": "What security considerations apply to remote access overall?", "back": "Encryption, authentication, least privilege, user approval, logging, data exposure, and session termination."} + ], + "OPS-10": [ + {"front": "What does the P-B-H-D memory trick stand for?", "back": "Policy, Bias, Hallucinations, Data privacy - core AI concept areas."}, + {"front": "What is the shortcut phrase for AI output?", "back": "AI output is a draft until verified."}, + {"front": "What does hallucination mean in the context of AI?", "back": "It means the AI produces confident but false output."}, + {"front": "What does bias mean in the context of AI output?", "back": "It means the output can reflect unfair or skewed training data."}, + {"front": "Why might public AI tools be a data privacy concern?", "back": "Public AI tools may expose private data depending on policy and configuration."}, + {"front": "For what types of content does AI accuracy matter most?", "back": "Technical, legal, medical, financial, and security content."}, + {"front": "Name three things a technician should do when using AI tools.", "back": "Follow company AI policy, verify important output, and protect private data (also check source quality and be transparent when policy requires)."}, + {"front": "Name three things a technician should NOT do when using AI tools.", "back": "Paste confidential data into unapproved public tools, treat AI output as automatically accurate, or ignore bias and hallucination risk."}, + {"front": "Should AI-generated work be submitted as original?", "back": "Not if doing so would violate policy - this relates to plagiarism concerns with AI use."}, + {"front": "What AI concept areas does Core 2 expect technicians to be aware of?", "back": "Application integration, policy, appropriate use, plagiarism, bias, hallucinations, accuracy, private vs. public data, and data source concerns."}, + {"front": "Why should the source quality of data used by or with AI tools be checked?", "back": "Because data source concerns affect the reliability and appropriateness of AI output, and poor sources can contribute to inaccurate or biased results."} + ] +} diff --git a/flashcards/TRB-flashcards.json b/flashcards/TRB-flashcards.json new file mode 100644 index 0000000..e8af513 --- /dev/null +++ b/flashcards/TRB-flashcards.json @@ -0,0 +1,234 @@ +{ + "TRB-1": [ + { + "front": "A user reports that Windows displays No OS found at startup. What should you check first?", + "back": "Check the boot order in firmware/BIOS, confirm the drive is detected, and check the boot files and startup repair options." + }, + { + "front": "A user reports a blue screen of death (BSOD). What should you suspect first?", + "back": "Suspect drivers, hardware, memory, storage, or recent updates, and use Event Viewer, Reliability Monitor, and memory/storage diagnostics to investigate." + }, + { + "front": "A user reports that Windows is running slowly overall. What should you check first?", + "back": "Check Task Manager for CPU, memory, disk, and startup load, check available disk space, and review recently installed apps." + }, + { + "front": "A user reports that a Windows service is failing to start. What should you check first?", + "back": "Check the Services console for the service status, check its dependencies, and review Event Viewer for related errors." + }, + { + "front": "A user reports that their Windows profile takes a very long time to load at sign-in. What should you suspect?", + "back": "Suspect a large profile data set, network profile issues, login scripts, or domain connectivity problems." + }, + { + "front": "A user reports that the system clock keeps drifting and showing the wrong time. What should you check?", + "back": "Check the time zone setting, the CMOS battery, and time synchronization settings." + }, + { + "front": "A system fails to boot correctly right after a driver update was installed. What is the likely fix?", + "back": "Roll back the driver, or boot into Safe Mode to remove or fix the problematic driver." + }, + { + "front": "Applications are crashing and you suspect system file corruption. What two tools should you use?", + "back": "Use SFC (System File Checker) and DISM to repair corrupted system files and the Windows component store." + }, + { + "front": "A user reports slow performance and asks you to immediately start changing system settings. What should you do first?", + "back": "Gather evidence first (e.g., Task Manager, disk space, recently installed apps) before making any changes." + }, + { + "front": "What's the memory trick for diagnosing common Windows OS problems?", + "back": "B-S-S-A-D-P-T: Boot, Services, Storage, Applications, Drivers, Profiles, Time. A Windows symptom usually points to boot, services, storage, drivers, profile, or time." + }, + { + "front": "What does sfc /scannow do? (Windows command)", + "back": "It checks protected Windows system files and attempts to repair any that are corrupted." + }, + { + "front": "What does DISM /Online /Cleanup-Image /RestoreHealth do? (Windows command)", + "back": "It repairs the Windows component store, which SFC relies on to repair system files." + }, + { + "front": "What does chkdsk do? (Windows command)", + "back": "It checks the file system status of a drive." + }, + { + "front": "What does eventvwr.msc do? (Windows command)", + "back": "It opens Event Viewer, which provides logs and error clues for troubleshooting." + }, + { + "front": "What does perfmon /rel do? (Windows command)", + "back": "It opens Reliability Monitor, which shows a timeline of system failures and changes." + }, + { + "front": "If a Windows system reports low memory warnings or USB controller resource warnings, which category of the B-S-S-A-D-P-T memory trick does this most likely fall under?", + "back": "These point toward storage and drivers (resource and driver-related issues), part of the B-S-S-A-D-P-T framework for Windows symptoms." + } + ], + "TRB-2": [ + { + "front": "A mobile app fails to launch or repeatedly crashes. What is the troubleshooting flow?", + "back": "Restart the app, restart the device, update the app, update the OS, clear the app cache where supported, and reinstall the app if needed." + }, + { + "front": "A mobile app will not install or update. What should you check first?", + "back": "Check available storage, network connectivity, app store account status, and OS compatibility." + }, + { + "front": "A user reports their mobile device's battery is draining quickly. What should you check?", + "back": "Review battery usage by app, check screen brightness, disable unnecessary radios, and check for runaway apps." + }, + { + "front": "A user reports Bluetooth or Wi-Fi connectivity problems on a mobile device. What is the troubleshooting flow?", + "back": "Toggle the affected radio, forget and reconnect to the network or device, check range and pairing mode, and restart the device if needed." + }, + { + "front": "A user reports that screen autorotation is not working on their mobile device. What should you check?", + "back": "Check if rotation lock is enabled, restart the app, and test the device sensors if available." + }, + { + "front": "An app cannot be installed on a mobile device. Which two causes are high-probability answers on the exam?", + "back": "Insufficient storage and OS/app compatibility issues." + }, + { + "front": "A mobile device fails to pair with a Bluetooth accessory. What should you check?", + "back": "Check that the accessory is in pairing mode, and try forgetting the device and re-pairing it." + }, + { + "front": "A mobile issue started right after an OS or app update. What should you investigate?", + "back": "Check for known issues with the update and verify compatibility between the app and the new OS version." + }, + { + "front": "Only one app is misbehaving on a mobile device. What should you do before resetting the entire phone?", + "back": "Focus troubleshooting on that specific app (cache, update, reinstall) before considering a full device reset." + }, + { + "front": "What's the memory trick for troubleshooting mobile OS and app issues?", + "back": "U-S-P-C-R: Update, Storage, Permissions, Connectivity, Restart/reinstall. Most mobile app problems start with update, storage, permission, or connectivity checks." + }, + { + "front": "A user reports random reboots on their mobile device. Under which category of mobile troubleshooting checks would you start investigating?", + "back": "Start with the basic checks: updates, storage, permissions, connectivity, and battery health, since these are the common starting points for most mobile symptoms." + }, + { + "front": "What basic checks should be performed for nearly any mobile OS or app problem according to the lesson?", + "back": "Updates, storage, permissions, connectivity, app cache/data, battery health, and compatibility." + }, + { + "front": "A user reports an OS update failure on their mobile device. What category of issue does this fall under, and what should you check?", + "back": "It falls under update-related issues; check storage space, network connectivity, and compatibility, similar to app install/update failures." + } + ], + "TRB-3": [ + { + "front": "What is application spoofing on a mobile device?", + "back": "Application spoofing means a fake app pretends to be a legitimate app, often to trick users into installing malware or giving up data." + }, + { + "front": "A user's phone has high network traffic, data usage alerts, and many ads outside the browser. What should you suspect?", + "back": "Suspect malware or unwanted/unauthorized software, and check which app is causing the unusual data usage." + }, + { + "front": "A user reports fake antivirus pop-ups and browser redirects on their mobile device. What should you check first?", + "back": "Check the app source - whether apps were installed from the official app store, whether developer names are correct, and whether permissions/reviews look suspicious." + }, + { + "front": "Why are rooted or jailbroken devices considered high risk?", + "back": "Rooted or jailbroken devices bypass the normal protections built into the mobile OS, making them more vulnerable to malware and unauthorized access." + }, + { + "front": "A managed (company) mobile device is suspected of being compromised. What should you do?", + "back": "Follow company policy, notify support/security, use MDM actions when appropriate, and preserve evidence if required." + }, + { + "front": "A personal mobile device is suspected of being compromised by malware. What is the response?", + "back": "Remove suspicious apps, update the OS and apps, run trusted security tools if available, and change passwords from a known-clean device if compromise is suspected." + }, + { + "front": "Why do unofficial app stores increase mobile security risk?", + "back": "Apps from unofficial app stores are not vetted the same way as official store apps, which increases the risk of installing malware." + }, + { + "front": "What should you check regarding device integrity when investigating a mobile security issue?", + "back": "Check whether the device is rooted or jailbroken, whether developer mode is enabled, and whether installation from unknown sources is allowed." + }, + { + "front": "What network and data clues suggest a mobile app may be malicious?", + "back": "One app using unusual amounts of data, traffic spiking when that app is open, or unexpected VPN/proxy settings." + }, + { + "front": "What's the memory trick for mobile security issues?", + "back": "R-U-D-A: Root/jailbreak, Unofficial store, Developer mode, Ads/alerts. If the source or control model is untrusted, treat the phone as high risk." + }, + { + "front": "A user's mobile device shows leaked personal data and unrecognized apps. What should be the immediate concern?", + "back": "This suggests an unauthorized or malicious app has been installed; check the app source, device integrity (root/jailbreak), and remove suspicious apps." + }, + { + "front": "What does it mean for a mobile device's control model to be untrusted, and what should you do if it is?", + "back": "An untrusted control model means the device's source of apps or its root/jailbreak status cannot be trusted; treat the phone as high risk per the lesson's shortcut." + }, + { + "front": "List the four main risk factors for mobile security issues mentioned in the lesson.", + "back": "Unofficial app stores, sideloaded applications, developer mode, and rooted or jailbroken devices (also unauthorized apps and application spoofing)." + } + ], + "TRB-4": [ + { + "front": "A user reports files on their PC are altered, missing, renamed, or inaccessible. What should you suspect?", + "back": "This points to ransomware as the likely cause." + }, + { + "front": "A user reports frequent pop-ups and browser redirects. What should you suspect?", + "back": "This points to adware or browser hijacking." + }, + { + "front": "A user reports certificate warnings in their browser. What are the possible causes?", + "back": "Certificate warnings can be caused by something malicious, a misconfiguration, or the wrong system time/date on the PC." + }, + { + "front": "A PC cannot access the network at all. What should you check?", + "back": "Check for misconfiguration causes such as a bad proxy setting, wrong DNS setting, or a firewall/security tool blocking traffic; also consider malware as a cause." + }, + { + "front": "A user reports fake antivirus warnings appearing on their desktop. What should you suspect first?", + "back": "Suspect fake antivirus malware (scareware), and assume compromise until verified." + }, + { + "front": "An OS update keeps failing on a PC. What are the possible causes?", + "back": "OS update failure may be caused by malware, file/system corruption, or network problems." + }, + { + "front": "A user's web browser has new extensions they didn't install, plus unexpected sync changes and login alerts. What should you suspect?", + "back": "Suspect a compromised account - check for unauthorized browser extensions, unexpected sync changes, and new login alerts." + }, + { + "front": "What is the first step in the response flow for a suspected PC security compromise?", + "back": "Identify the symptoms." + }, + { + "front": "After identifying symptoms of a suspected active compromise on a PC, what is the next step?", + "back": "Disconnect the PC from the network if active compromise is suspected." + }, + { + "front": "After running trusted security tools and removing or quarantining threats from a compromised PC, what should be done next?", + "back": "Update the OS, browser, and security software, then change passwords from a known-clean device if credentials may be compromised, and document findings and actions." + }, + { + "front": "What's the memory trick for PC security symptoms?", + "back": "FAN-B: Files changed, Alerts are fake, Network blocked, Browser redirects. Fake alerts plus changed files or redirects means assume compromise until verified." + }, + { + "front": "List the categories of common causes for PC security symptoms described in the lesson.", + "back": "Malware (fake antivirus, ransomware, spyware, adware, browser hijackers), misconfiguration (bad proxy, wrong DNS, expired certificate or wrong system time, firewall blocking traffic), and compromised account (unexpected sync changes, unauthorized extensions, new login alerts)." + }, + { + "front": "Why might evidence preservation be part of the response flow for a PC security incident?", + "back": "Because policy may require preserving evidence of the compromise before remediation, especially in managed or business environments." + }, + { + "front": "A user's PC shows degraded browser performance along with unwanted OS notifications. What should you consider?", + "back": "Consider malware (such as adware or browser hijackers) as well as possible misconfiguration; treat it as a possible compromise per the FAN-B memory trick." + } + ] +} diff --git a/lab-log.md b/lab-log.md new file mode 100644 index 0000000..d1e0f01 --- /dev/null +++ b/lab-log.md @@ -0,0 +1,18 @@ +# Lab Log + +## OS-5 Lab: OS and File-System Identification + +- Date: 2026-06-11 20:14 CDT +- Lab: OS-5 / Objective 1.1 operating system and file-system identification +- Domain: 1.0 Operating Systems +- Completed: no +- Notes: Quiz completed after study session; hands-on Windows/Linux filesystem identification lab still pending. +- Follow-up: Run the OS-5 lab commands and record OS version, kernel/build, root or main-drive filesystem, and main disk. + +Record format: +- Date: +- Lab: +- Domain: +- Completed: +- Notes: +- Follow-up: diff --git a/labs/OPS-1-documentation-support-systems-lab.md b/labs/OPS-1-documentation-support-systems-lab.md new file mode 100644 index 0000000..c38c639 --- /dev/null +++ b/labs/OPS-1-documentation-support-systems-lab.md @@ -0,0 +1,42 @@ +# Lab OPS-1: Build a Good Ticket + +Domain: +- 4.0 Operational Procedures + +## Goal + +Practice writing a useful ticket from a support scenario. + +## Scenario + +A user named Jordan says their Windows laptop is slow after sign-in. The device is asset tag LAP-2048. The issue started yesterday after a software update. They need the laptop for a client call in two hours. + +## Ticket Fields + +Fill in: +- User: +- Device: +- Asset tag: +- Issue summary: +- Category: +- Severity: +- Business impact: +- Troubleshooting steps: +- Escalation needed: +- Resolution: +- Follow-up: + +## Asset Check + +Record what you would verify: +- Warranty: +- Assigned user: +- Installed software: +- Recent changes: +- Replacement availability: + +## What You Should Learn + +- Good tickets include user, device, impact, steps, and resolution. +- Asset records support warranty, lifecycle, licensing, and ownership decisions. + diff --git a/labs/OPS-10-ai-concepts-lab.md b/labs/OPS-10-ai-concepts-lab.md new file mode 100644 index 0000000..7870620 --- /dev/null +++ b/labs/OPS-10-ai-concepts-lab.md @@ -0,0 +1,35 @@ +# Lab OPS-10: AI Use Decision Practice + +Domain: +- 4.0 Operational Procedures + +## Goal + +Decide whether AI use is appropriate in support scenarios. + +## Scenarios + +For each, answer allowed, not allowed, or needs approval: + +1. Summarize a public vendor knowledge base article. +2. Paste a customer's medical record into a public chatbot. +3. Draft a ticket response without including private data. +4. Ask AI for a PowerShell script, then run it without reading it. +5. Use AI output as a final answer for a security incident without verification. +6. Ask AI to explain a generic error code. + +## Verification Checklist + +For AI-assisted work, record: +- Data sensitivity: +- Approved tool: +- Source checked: +- Output verified: +- Bias or hallucination risk: +- Policy followed: + +## What You Should Learn + +- AI can help with drafts and explanations. +- Private data, accuracy, and policy control whether AI use is acceptable. + diff --git a/labs/OPS-2-change-management-lab.md b/labs/OPS-2-change-management-lab.md new file mode 100644 index 0000000..5085b6c --- /dev/null +++ b/labs/OPS-2-change-management-lab.md @@ -0,0 +1,32 @@ +# Lab OPS-2: Write a Change Request + +Domain: +- 4.0 Operational Procedures + +## Goal + +Practice building a simple change request. + +## Scenario + +You need to update a department printer driver on 24 workstations. + +Fill in: +- Purpose: +- Scope: +- Change type: +- Affected systems: +- Risk level: +- Maintenance window: +- Backup or restore point needed: +- Test plan: +- Rollback plan: +- Approver: +- User communication: +- Success criteria: + +## What You Should Learn + +- Changes need scope, risk, schedule, approval, testing, and rollback. +- Standard, normal, and emergency changes follow different approval paths. + diff --git a/labs/OPS-3-backup-recovery-lab.md b/labs/OPS-3-backup-recovery-lab.md new file mode 100644 index 0000000..46d4b0f --- /dev/null +++ b/labs/OPS-3-backup-recovery-lab.md @@ -0,0 +1,36 @@ +# Lab OPS-3: Backup Plan Design + +Domain: +- 4.0 Operational Procedures + +## Goal + +Design a backup and recovery plan for a small office. + +## Scenario + +A five-person office stores contracts, invoices, and customer records on one shared PC. + +Fill in: +- Data to back up: +- Backup type: +- Backup schedule: +- Onsite copy: +- Offsite copy: +- Encryption needed: +- Restore test frequency: +- Restore location: +- Responsible person: + +## Scenario Questions + +1. What happens if the PC drive fails? +2. What happens if ransomware encrypts local files? +3. What happens if the office loses power during backup? +4. How will you prove restores work? + +## What You Should Learn + +- Backup design must match business risk. +- The restore process must be tested before an emergency. + diff --git a/labs/OPS-4-safety-procedures-lab.md b/labs/OPS-4-safety-procedures-lab.md new file mode 100644 index 0000000..a77973a --- /dev/null +++ b/labs/OPS-4-safety-procedures-lab.md @@ -0,0 +1,37 @@ +# Lab OPS-4: Workspace Safety Check + +Domain: +- 4.0 Operational Procedures + +## Goal + +Inspect a work area for safety and ESD risks. + +## Checklist + +Record: +- Power cords are safe: +- Walkways are clear: +- Cables are managed: +- Food or liquid near equipment: +- ESD mat available: +- Antistatic bag available: +- Heavy items stored safely: +- Fire extinguisher location known: +- Ventilation adequate: + +## Scenario Practice + +Choose the safe action: + +1. Replacing RAM in a desktop. +2. Moving a heavy laser printer. +3. Cleaning dust from inside a PC. +4. Finding a frayed power cord. +5. Storing a removed motherboard. + +## What You Should Learn + +- Safety procedures reduce injury and equipment damage. +- ESD controls are part of normal component handling. + diff --git a/labs/OPS-5-environmental-controls-lab.md b/labs/OPS-5-environmental-controls-lab.md new file mode 100644 index 0000000..b69cba9 --- /dev/null +++ b/labs/OPS-5-environmental-controls-lab.md @@ -0,0 +1,38 @@ +# Lab OPS-5: Environmental Risk Walkthrough + +Domain: +- 4.0 Operational Procedures + +## Goal + +Identify environmental risks in a home or office workspace. + +## Checklist + +Record: +- Equipment has ventilation: +- Dust buildup visible: +- Devices near heat source: +- Devices near liquid: +- Surge suppressor present: +- UPS present: +- Battery disposal plan: +- Toner disposal plan: +- Cable airflow blocked: +- Room temperature reasonable: + +## Scenario Practice + +Choose the best control: + +1. Frequent brief power outages. +2. Printer toner replacement. +3. Dust inside desktop vents. +4. Equipment near a heater. +5. Low-voltage events during storms. + +## What You Should Learn + +- Environmental controls reduce failures and safety risk. +- Power protection, ventilation, cleanup, and disposal are part of IT operations. + diff --git a/labs/OPS-6-policy-privacy-licensing-lab.md b/labs/OPS-6-policy-privacy-licensing-lab.md new file mode 100644 index 0000000..c6ca4a0 --- /dev/null +++ b/labs/OPS-6-policy-privacy-licensing-lab.md @@ -0,0 +1,26 @@ +# Lab OPS-6: Policy Decision Practice + +Domain: +- 4.0 Operational Procedures + +## Goal + +Practice deciding which policy concept applies to a scenario. + +## Scenarios + +For each, identify the policy concept: + +1. A technician images a drive for investigation. +2. A user wants to install personally purchased software on a company laptop. +3. A vendor asks for confidential project details. +4. A company must keep financial records for seven years. +5. A login screen warns that activity may be monitored. +6. A technician finds customer medical records. +7. A program is free to download but has redistribution rules. + +## What You Should Learn + +- Privacy, licensing, evidence, and acceptable use are operational controls. +- Technicians should follow policy instead of improvising on sensitive data. + diff --git a/labs/OPS-7-professionalism-lab.md b/labs/OPS-7-professionalism-lab.md new file mode 100644 index 0000000..23a08d2 --- /dev/null +++ b/labs/OPS-7-professionalism-lab.md @@ -0,0 +1,34 @@ +# Lab OPS-7: Support Conversation Practice + +Domain: +- 4.0 Operational Procedures + +## Goal + +Practice professional responses to difficult support moments. + +## Scenarios + +Write a professional response: + +1. A user is angry because their laptop failed during a meeting. +2. A user asks you to share another employee's files. +3. A user says, "I'm terrible with computers." +4. A repair will take longer than expected. +5. You need to ask clarifying questions. + +## Checklist + +Your responses should: +- Acknowledge the issue. +- Avoid blame. +- Ask useful questions. +- Set expectations. +- Protect confidentiality. +- Document next steps. + +## What You Should Learn + +- Professionalism is part of technical support. +- Communication should reduce confusion, protect privacy, and set clear expectations. + diff --git a/labs/OPS-8-scripting-basics-lab.md b/labs/OPS-8-scripting-basics-lab.md new file mode 100644 index 0000000..6125db2 --- /dev/null +++ b/labs/OPS-8-scripting-basics-lab.md @@ -0,0 +1,49 @@ +# Lab OPS-8: Script Recognition + +Domain: +- 4.0 Operational Procedures + +Works on: +- Windows +- Linux +- Optional macOS + +## Goal + +Recognize common script types and safe script habits. + +## Part 1: Match Extensions + +Match the extension to the common language: + +1. `.ps1` +2. `.bat` +3. `.sh` +4. `.py` +5. `.js` +6. `.vbs` + +## Part 2: Safe Review + +Before running a script, record: +- Source: +- Purpose: +- Systems affected: +- Required permissions: +- Backup or rollback: +- Test result: + +## Part 3: Use Case Practice + +Choose a script use case: + +1. Install the same app on 40 PCs. +2. Collect hostname and IP address. +3. Restart a service nightly. +4. Copy user files to backup storage. + +## What You Should Learn + +- Scripts can automate support tasks. +- Unknown scripts should be reviewed and tested before execution. + diff --git a/labs/OPS-9-remote-access-lab.md b/labs/OPS-9-remote-access-lab.md new file mode 100644 index 0000000..e26f26e --- /dev/null +++ b/labs/OPS-9-remote-access-lab.md @@ -0,0 +1,40 @@ +# Lab OPS-9: Remote Support Safety Checklist + +Domain: +- 4.0 Operational Procedures + +## Goal + +Build a safe checklist for remote access support. + +## Scenario + +A user needs help configuring email on a company laptop while working from home. + +Fill in: +- Remote access tool: +- User approval method: +- Authentication method: +- Encryption present: +- Least privilege account: +- Sensitive windows closed: +- File transfer needed: +- Session logged: +- Session ended: +- Ticket updated: + +## Tool Matching + +Match the tool: + +1. Secure command line to Linux. +2. Windows graphical remote desktop. +3. Encrypted access into private network. +4. Managed monitoring and administration. +5. User-facing screen sharing. + +## What You Should Learn + +- Remote access is useful but can expose data. +- Permission, authentication, encryption, and logging are key controls. + diff --git a/labs/OS-1-system-inventory-lab.md b/labs/OS-1-system-inventory-lab.md new file mode 100644 index 0000000..b0a59eb --- /dev/null +++ b/labs/OS-1-system-inventory-lab.md @@ -0,0 +1,71 @@ +# Lab OS-1: System Inventory + +Domain: +- 1.0 Operating Systems + +Works on: +- Windows +- Linux + +Does not require: +- macOS + +## Goal + +Build the habit of collecting basic system identity information before troubleshooting. + +## Windows Steps + +Run: + +```powershell +winver +systeminfo +hostname +whoami +wmic os get caption,version,buildnumber,osarchitecture +msinfo32 +tpm.msc +``` + +Record: +- Windows edition: +- Version/build: +- Architecture: +- Host name: +- Current user: +- Total RAM: +- BIOS mode: +- Secure Boot state: +- TPM status/version: + +## Linux Steps + +Run: + +```bash +cat /etc/os-release +uname -a +hostname +whoami +free -h +``` + +Record: +- Distribution: +- Kernel: +- Architecture: +- Host name: +- Current user: +- Memory: + +## What You Should Learn + +- `winver` is a quick Windows version check. +- `systeminfo` is a fuller Windows inventory command. +- `hostname` identifies the machine. +- `whoami` identifies the current user. +- `cat /etc/os-release` identifies the Linux distribution. +- `uname -a` shows kernel and architecture details. +- `msinfo32` shows detailed Windows system and firmware information. +- `tpm.msc` checks TPM status and version. diff --git a/labs/OS-10-application-installation-lab.md b/labs/OS-10-application-installation-lab.md new file mode 100644 index 0000000..aea4e87 --- /dev/null +++ b/labs/OS-10-application-installation-lab.md @@ -0,0 +1,96 @@ +# Lab OS-10: Application Installation Readiness + +Domain: +- 1.0 Operating Systems + +Works on: +- Windows +- Linux +- Optional macOS + +## Goal + +Practice checking whether a system meets application requirements before installing software. + +## Hypothetical Application + +Requirements: +- 64-bit OS +- 8 GB RAM +- 20 GB free storage +- Modern CPU +- Dedicated GPU preferred +- Internet access +- Vendor download or approved package manager + +## Windows Steps + +Run: + +```powershell +systeminfo +wmic os get osarchitecture +Get-Volume +winget --version +``` + +Record: +- OS: +- Architecture: +- RAM: +- CPU: +- Free storage: +- Package manager available: +- Meets requirements: +- Risk/impact notes: + +## Linux Steps + +Run: + +```bash +cat /etc/os-release +uname -m +lscpu +free -h +df -h +which apt +which dnf +``` + +Record: +- Distribution: +- Architecture: +- RAM: +- CPU: +- Free storage: +- Package manager: +- Meets requirements: +- Risk/impact notes: + +## Optional macOS Steps + +Run: + +```bash +sw_vers +uname -m +system_profiler SPHardwareDataType +``` + +Record: +- macOS version: +- Architecture: +- RAM: +- CPU/chip: +- Meets requirements: +- Risk/impact notes: + +## What You Should Learn + +- Always check OS, architecture, CPU, RAM, storage, and graphics requirements. +- Use trusted distribution methods. +- ISO files are mountable disk images. +- Image deployment can install a full prepared system build. +- Business-critical apps require planning, testing, communication, and rollback. + diff --git a/labs/OS-11-cloud-productivity-lab.md b/labs/OS-11-cloud-productivity-lab.md new file mode 100644 index 0000000..e98c807 --- /dev/null +++ b/labs/OS-11-cloud-productivity-lab.md @@ -0,0 +1,76 @@ +# Lab OS-11: Cloud Productivity Recognition + +Domain: +- 1.0 Operating Systems + +Works on: +- Windows +- Linux +- Optional macOS + +## Goal + +Identify cloud productivity services, sync behavior, identity context, and license-related symptoms. + +## Local Inspection Steps + +Windows: + +```powershell +whoami +hostname +ipconfig /all +dir $env:USERPROFILE +``` + +Linux: + +```bash +whoami +hostname +ip addr +ls ~ +``` + +macOS: + +```bash +whoami +hostname +ls ~ +``` + +Record: +- Current user: +- Device name: +- Cloud storage folders found: +- Cloud email service used: +- Collaboration tools used: +- Identity/account used for cloud tools: + +## Scenario Practice + +Answer in short notes: + +1. A user can sign in to the portal but cannot use the spreadsheet app. + - Likely check: + +2. A file saved on a laptop does not appear on another device. + - Likely check: + +3. A new user was created locally but does not appear in cloud apps. + - Likely check: + +4. A department changed tools and several users lost access. + - Likely check: + +5. A user wants files available without internet access. + - Likely setting: + +## What You Should Learn + +- Cloud productivity includes email, storage, sync, collaboration, identity, and licensing. +- Sync settings control whether files are local, online-only, or downloaded on demand. +- Identity sync connects accounts across directories and cloud apps. +- License assignment controls app/service access. + diff --git a/labs/OS-2-recovery-info-lab.md b/labs/OS-2-recovery-info-lab.md new file mode 100644 index 0000000..296b6c2 --- /dev/null +++ b/labs/OS-2-recovery-info-lab.md @@ -0,0 +1,64 @@ +# Lab OS-2: Recovery and Disk Information + +Domain: +- 1.0 Operating Systems + +Works on: +- Windows +- Linux + +Does not require: +- macOS + +## Goal + +Practice safe commands that help identify recovery status, file corruption, boot configuration, and disk layout. + +## Windows Steps + +Run: + +```powershell +reagentc /info +sfc /scannow +bcdedit +``` + +Optional repair command: + +```powershell +DISM /Online /Cleanup-Image /RestoreHealth +``` + +Record: +- Is Windows RE enabled? +- Did SFC find integrity violations? +- What boot loader description appears in `bcdedit`? +- Did DISM complete successfully, if you ran it? + +Do not edit BCD settings in this lab. + +## Linux Steps + +Run: + +```bash +lsblk +df -h +``` + +Record: +- Main disk name: +- Root filesystem: +- Root filesystem free space: +- Any mounted removable drives: + +## What You Should Learn + +- `reagentc /info` checks Windows Recovery Environment status. +- `sfc /scannow` checks and repairs protected Windows system files. +- `DISM /Online /Cleanup-Image /RestoreHealth` repairs the Windows image/component store. +- `bcdedit` displays boot configuration. +- `lsblk` shows disks and partitions. +- `df -h` shows mounted filesystem usage. + diff --git a/labs/OS-3-admin-tools-lab.md b/labs/OS-3-admin-tools-lab.md new file mode 100644 index 0000000..5f00af4 --- /dev/null +++ b/labs/OS-3-admin-tools-lab.md @@ -0,0 +1,76 @@ +# Lab OS-3: Administrative Tool Matching + +Domain: +- 1.0 Operating Systems + +Works on: +- Windows +- Linux comparison practice + +Does not require: +- macOS + +## Goal + +Practice opening the right tool for the right troubleshooting symptom. + +## Windows Steps + +Run: + +```powershell +taskmgr +eventvwr.msc +devmgmt.msc +diskmgmt.msc +services.msc +resmon +perfmon +taskschd.msc +``` + +Optional, if supported: + +```powershell +lusrmgr.msc +``` + +Record the best tool: +- App is frozen: +- Service failed to start: +- USB device has driver error: +- Need to assign drive letter: +- Need live disk activity: +- Need performance counters over time: +- Need a script to run every day: +- Need to check local group membership: + +## Linux Comparison Steps + +Run: + +```bash +ps aux +top +systemctl status +journalctl -p err +lsblk +``` + +Record: +- Command for running processes: +- Command for live resource usage: +- Command for service status: +- Command for error logs: +- Command for disks/partitions: + +## What You Should Learn + +- Event Viewer is for logs. +- Device Manager is for hardware and drivers. +- Services is for background services. +- Disk Management is for partitions, volumes, and drive letters. +- Resource Monitor shows live resource usage. +- Performance Monitor tracks counters over time. +- Task Scheduler automates tasks. + diff --git a/labs/OS-4-command-line-lab.md b/labs/OS-4-command-line-lab.md new file mode 100644 index 0000000..eb09fe4 --- /dev/null +++ b/labs/OS-4-command-line-lab.md @@ -0,0 +1,87 @@ +# Lab OS-4: Command-Line Troubleshooting + +Domain: +- 1.0 Operating Systems + +Works on: +- Windows +- Linux + +Does not require: +- macOS + +## Goal + +Build comfort entering commands and interpreting basic troubleshooting output. + +## Windows Steps + +Run: + +```powershell +hostname +whoami +winver +ipconfig +ipconfig /all +ping 127.0.0.1 +nslookup example.com +netstat -ano +sfc /scannow +ipconfig /? +``` + +Record: +- Computer name: +- Current user: +- Windows version/build: +- IPv4 address: +- Default gateway: +- DNS server: +- Loopback ping successful: +- DNS lookup successful: +- One active/listening port: +- SFC result: + +## Linux Steps + +Run: + +```bash +hostname +whoami +ip addr +ping -c 4 127.0.0.1 +df -h +ps aux +top +``` + +Press `q` to exit `top`. + +Record: +- Hostname: +- Current user: +- IP address: +- Root filesystem free space: +- One running process: + +## Safety Notes + +Do not run destructive disk commands in this lab. + +Know these for the exam, but do not experiment casually: +- `format` +- `diskpart` +- `robocopy` with mirror/delete options +- `chkdsk /f` or `chkdsk /r` on important disks without planning + +## What You Should Learn + +- `ipconfig /all` gives detailed IP configuration. +- `ping` tests reachability. +- `nslookup` tests DNS. +- `netstat -ano` shows connections, ports, and process IDs. +- `sfc /scannow` repairs protected Windows system files. +- `/?` shows command help. + diff --git a/labs/OS-5-os-filesystem-lab.md b/labs/OS-5-os-filesystem-lab.md new file mode 100644 index 0000000..3887ac3 --- /dev/null +++ b/labs/OS-5-os-filesystem-lab.md @@ -0,0 +1,66 @@ +# Lab OS-5: OS and File-System Identification + +Domain: +- 1.0 Operating Systems + +Works on: +- Windows +- Linux + +Does not require: +- macOS + +## Goal + +Identify OS family, OS version, and file-system type. + +## Windows Steps + +Run: + +```powershell +winver +wmic logicaldisk get caption,filesystem,size,freespace +Get-Volume +``` + +Optional: + +```powershell +fsutil fsinfo drives +fsutil fsinfo volumeinfo C: +``` + +Record: +- Windows version: +- Main drive: +- Main drive file system: +- Free space: +- Any removable drives: + +## Linux Steps + +Run: + +```bash +cat /etc/os-release +uname -a +df -T +lsblk -f +``` + +Record: +- Distribution: +- Kernel: +- Root filesystem: +- Main disk: +- Any removable drives: + +## What You Should Learn + +- NTFS is the normal modern Windows file system. +- ext4 and XFS are common Linux file systems. +- exFAT is useful for cross-platform removable storage. +- FAT32 is compatible but limited by its 4 GB max file size. +- APFS is Apple's modern file system, but this lab does not require a Mac. + diff --git a/labs/OS-6-settings-lab.md b/labs/OS-6-settings-lab.md new file mode 100644 index 0000000..a21984c --- /dev/null +++ b/labs/OS-6-settings-lab.md @@ -0,0 +1,75 @@ +# Lab OS-6: Windows Settings and Control Panel + +Domain: +- 1.0 Operating Systems + +Works on: +- Windows +- Linux comparison practice + +Does not require: +- macOS + +## Goal + +Practice opening common Windows configuration areas and matching each area to an exam scenario. + +## Windows Steps + +Run: + +```powershell +control +ms-settings: +appwiz.cpl +ncpa.cpl +firewall.cpl +powercfg.cpl +inetcpl.cpl +control printers +control folders +devmgmt.msc +``` + +Record the right tool or settings area: +- Uninstall or change a desktop app: +- Turn Windows features on/off: +- Change DNS settings on an adapter: +- Allow an app through Windows Firewall: +- Change sleep/hibernate behavior: +- Change laptop lid behavior: +- Show hidden files: +- Show file extensions: +- Manage a printer: +- Update or roll back a driver: +- Change date/time: +- Change language: +- Set default apps: + +## Linux Comparison Steps + +Run: + +```bash +timedatectl +``` + +Optional, if available: + +```bash +gnome-control-center +nm-connection-editor +``` + +Record: +- Time zone: +- Desktop settings command available: +- Network editor command available: + +## What You Should Learn + +- Control Panel still matters for many classic tools. +- Settings is the modern configuration interface. +- `.cpl` commands open Control Panel applets directly. +- `.msc` commands open Microsoft Management Console tools. + diff --git a/labs/OS-7-windows-networking-lab.md b/labs/OS-7-windows-networking-lab.md new file mode 100644 index 0000000..0978470 --- /dev/null +++ b/labs/OS-7-windows-networking-lab.md @@ -0,0 +1,74 @@ +# Lab OS-7: Windows Networking + +Domain: +- 1.0 Operating Systems + +Works on: +- Windows +- Linux comparison practice + +Does not require: +- macOS + +## Goal + +Practice basic network identification and map common network scenarios to the right Windows settings. + +## Windows Steps + +Run: + +```powershell +ipconfig +ipconfig /all +ping 127.0.0.1 +nslookup example.com +net use +ncpa.cpl +firewall.cpl +``` + +Record: +- IPv4 address: +- Subnet mask: +- Default gateway: +- DNS server: +- DHCP enabled: +- Network adapter name: +- Any mapped drives: +- Current firewall profiles visible: + +Scenario matching: +- Need to map `H:` to `\\server\share`: +- Need to remove mapped drive `H:`: +- Need to change DNS manually: +- Need to allow an app through firewall: +- Need stricter settings on public Wi-Fi: +- Need to reduce data usage on a hotspot: + +## Linux Comparison Steps + +Run: + +```bash +ip addr +ip route +cat /etc/resolv.conf +ping -c 4 127.0.0.1 +``` + +Record: +- IP address: +- Default gateway: +- DNS server: +- Loopback test successful: + +## What You Should Learn + +- `ipconfig /all` gives detailed Windows network settings. +- `169.254.x.x` usually means DHCP failed and APIPA was assigned. +- `net use` displays or maps network drives. +- `ncpa.cpl` opens adapter settings. +- `firewall.cpl` opens Windows Defender Firewall. +- Public network profile is stricter than Private. + diff --git a/labs/OS-8-macos-tools-lab.md b/labs/OS-8-macos-tools-lab.md new file mode 100644 index 0000000..fa58d4a --- /dev/null +++ b/labs/OS-8-macos-tools-lab.md @@ -0,0 +1,69 @@ +# Lab OS-8: macOS Tools and Feature Recognition + +Domain: +- 1.0 Operating Systems + +Works on: +- macOS, when available +- Windows/Linux comparison practice when a Mac is unavailable + +## Goal + +Identify macOS tools and map them to familiar Windows/Linux concepts. + +## macOS Steps + +Open or inspect: +- Finder +- System Settings +- Spotlight +- Disk Utility +- Terminal +- Time Machine settings +- FileVault settings +- Privacy settings + +Run in Terminal: + +```bash +sw_vers +whoami +uname -a +ls /Applications +ls /Users +diskutil list +tmutil status +fdesetup status +``` + +Record: +- macOS version: +- Current user: +- Kernel/architecture: +- One app in `/Applications`: +- FileVault status: +- Time Machine status: +- Main disk/volume: +- Where camera/microphone permissions are controlled: + +## Windows/Linux Comparison Steps + +Record the closest equivalent: +- Finder: +- System Settings: +- Terminal: +- Disk Utility: +- Time Machine: +- FileVault: +- Spotlight: +- Keychain: + +## What You Should Learn + +- Finder is the macOS file manager. +- Time Machine is macOS backup. +- FileVault is macOS full disk encryption. +- Keychain stores passwords, certificates, and keys. +- Spotlight is macOS search. +- Disk Utility manages disks and images. + diff --git a/labs/OS-9-linux-client-tools-lab.md b/labs/OS-9-linux-client-tools-lab.md new file mode 100644 index 0000000..c0980e1 --- /dev/null +++ b/labs/OS-9-linux-client-tools-lab.md @@ -0,0 +1,89 @@ +# Lab OS-9: Linux Client Tools + +Domain: +- 1.0 Operating Systems + +Works on: +- Linux +- Windows comparison practice + +## Goal + +Practice Linux commands that commonly appear on Core 2. + +## Linux Steps + +Run: + +```bash +cat /etc/os-release +whoami +pwd +ls -l +cat /etc/passwd +cat /etc/hosts +cat /etc/resolv.conf +cat /etc/fstab +ip addr +ip route +df -h +du -h +ps aux +top +``` + +Press `q` to quit `top`. + +Practice file commands: + +```bash +mkdir linux-practice +cd linux-practice +echo "Core 2 Linux practice" > notes.txt +cp notes.txt copy.txt +mv copy.txt renamed.txt +grep Linux notes.txt +chmod u+x renamed.txt +ls -l +cd .. +rm -r linux-practice +``` + +Record: +- Distribution: +- Current user: +- Current directory: +- DNS server: +- Default gateway: +- Root filesystem free space: +- One process name: +- Permission string before/after `chmod u+x`: + +## Windows Comparison Steps + +Run: + +```powershell +dir +taskmgr +nslookup example.com +tracert example.com +``` + +Record Linux equivalents: +- `dir`: +- Task Manager process view: +- `nslookup`: +- `tracert`: + +## What You Should Learn + +- `/etc/passwd` lists users. +- `/etc/shadow` stores password hashes and is protected. +- `/etc/hosts` maps names to IPs locally. +- `/etc/resolv.conf` shows DNS resolver settings. +- `/etc/fstab` controls startup mounts. +- `chmod` changes permissions. +- `top` and `ps` show processes. +- `df` and `du` show storage usage. + diff --git a/labs/SEC-1-security-controls-lab.md b/labs/SEC-1-security-controls-lab.md new file mode 100644 index 0000000..8797ca8 --- /dev/null +++ b/labs/SEC-1-security-controls-lab.md @@ -0,0 +1,86 @@ +# Lab SEC-1: Security Controls and Account Privileges + +Domain: +- 2.0 Security + +Works on: +- Windows +- Linux +- Optional macOS + +## Goal + +Practice identifying local account privileges and matching security controls to risks. + +## Windows Steps + +Run: + +```powershell +whoami +whoami /groups +whoami /priv +net user +net localgroup +net localgroup administrators +``` + +Record: +- Current user: +- Is the user in Administrators? +- One group membership: +- One privilege listed: +- Any account/group that seems high risk: + +## Linux Steps + +Run: + +```bash +whoami +id +groups +sudo -l +``` + +Record: +- Current user: +- UID: +- Groups: +- Sudo allowed: + +## Optional macOS Steps + +Run: + +```bash +whoami +id +groups +``` + +Record: +- Current user: +- UID: +- Groups: + +## Control Matching + +Match the best control: +- Stop vehicles from reaching a building: +- Prevent one person from following another through a secure door: +- Store privileged passwords and grant temporary admin access: +- Stop confidential files from being emailed: +- Require phones to use PINs and allow remote wipe: +- Authenticate once and access multiple cloud apps: +- Give users only the access required for their work: + +## What You Should Learn + +- Local group membership affects privileges. +- Least privilege reduces risk. +- MFA proves identity using multiple factor types. +- DLP protects sensitive data from leakage. +- MDM centrally manages mobile devices and policies. +- PAM/JIT control privileged access. + diff --git a/labs/SEC-10-soho-network-security-lab.md b/labs/SEC-10-soho-network-security-lab.md new file mode 100644 index 0000000..37ff11a --- /dev/null +++ b/labs/SEC-10-soho-network-security-lab.md @@ -0,0 +1,119 @@ +# Lab SEC-10: SOHO Network Security Inspection + +Domain: +- 2.0 Security + +Works on: +- Windows +- Linux +- Optional macOS + +## Goal + +Inspect local network information and practice SOHO hardening decisions without changing router settings. + +Do not change router settings, passwords, firmware, port forwarding, guest networks, or Wi-Fi settings during this lab unless you own/administer the router and intentionally choose to do that outside the lab. + +## Windows Steps + +Run: + +```powershell +ipconfig +Get-NetConnectionProfile +netsh wlan show interfaces +``` + +Record: +- IPv4 address: +- Default gateway: +- Network profile: +- Wi-Fi SSID: +- Wi-Fi authentication type: +- Wi-Fi cipher: + +What the commands show: +- `ipconfig` shows IP address and default gateway. +- `Get-NetConnectionProfile` shows whether Windows treats the network as Public or Private. +- `netsh wlan show interfaces` shows connected Wi-Fi details. + +## Linux Steps + +Run: + +```bash +ip route +nmcli connection show --active +nmcli dev wifi list +``` + +Record: +- Default gateway: +- Active connection: +- Connected SSID, if shown: +- Security type for your Wi-Fi, if shown: + +What the commands show: +- `ip route` shows the path to the router. +- `nmcli connection show --active` shows active NetworkManager connections. +- `nmcli dev wifi list` shows Wi-Fi networks and security, when supported. + +If `nmcli` is not installed, record that and continue. + +## Optional macOS Steps + +Run: + +```bash +route -n get default +networksetup -getairportnetwork en0 +system_profiler SPAirPortDataType +``` + +Record: +- Default gateway: +- Connected Wi-Fi network: +- Security type, if shown: + +What the commands show: +- `route -n get default` shows the default router. +- `networksetup -getairportnetwork en0` shows the connected Wi-Fi network on many Macs. +- `system_profiler SPAirPortDataType` shows detailed Wi-Fi information. + +## Router Hardening Checklist + +Answer based on your own router if you administer it, or as a paper exercise if you do not. + +Record: +- Was the default admin password changed? +- Is firmware update status known? +- Is remote administration disabled or restricted? +- Is UPnP disabled unless needed? +- Is Wi-Fi using WPA2 or WPA3? +- Is the SSID non-personal and non-default? +- Is guest network disabled or isolated? +- Are router and network devices physically protected? +- Is content filtering or parental control needed? + +## Scenario Matching + +Choose the best SOHO security action: + +1. A router still uses the factory admin password. +2. A router has a known security vulnerability. +3. A game console requires inbound connectivity, but UPnP is currently enabled for every device. +4. Visitors need Internet but should not access office computers. +5. A Wi-Fi network is open with no password. +6. A router admin page is reachable from the Internet. +7. A business hosts a public service but wants to separate it from internal PCs. + +## What You Should Learn + +- The default gateway is usually the router. +- Router admin credentials must not remain default. +- Firmware updates patch router vulnerabilities. +- WPA2/WPA3 protects Wi-Fi better than open access. +- UPnP can open inbound ports without approval. +- Guest networks should be isolated and encrypted. +- A screened subnet separates public services from internal systems. + diff --git a/labs/SEC-11-browser-security-lab.md b/labs/SEC-11-browser-security-lab.md new file mode 100644 index 0000000..6a29caa --- /dev/null +++ b/labs/SEC-11-browser-security-lab.md @@ -0,0 +1,122 @@ +# Lab SEC-11: Browser Security Inspection + +Domain: +- 2.0 Security + +Works on: +- Windows +- Linux +- Optional macOS + +## Goal + +Inspect browser security settings and practice safe browser decisions without deleting important data. + +Do not clear saved passwords, reset the browser, remove profiles, or uninstall extensions during this lab unless you intentionally choose to do that outside the lab. + +## Part 1: Version and Update Check + +Open your main browser and inspect: +- Browser name: +- Browser version: +- Update status: +- Whether automatic updates appear enabled: + +Common paths: +- Chrome: Menu > Help > About Google Chrome +- Edge: Menu > Help and feedback > About Microsoft Edge +- Firefox: Menu > Help > About Firefox +- Safari: Apple menu > System Settings > General > Software Update + +## Part 2: Extension Review + +Inspect installed extensions. + +Record: +- Number of installed extensions: +- One extension name: +- Why it is needed: +- Whether its source appears trusted: +- One permission it has, if shown: + +Do not remove anything during the lab unless you know the impact. + +## Part 3: Privacy and Site Data + +Inspect privacy settings. + +Record: +- Pop-up blocker status: +- Third-party cookie or tracking protection setting: +- Saved passwords area found: +- Clear browsing data area found: +- Browser sync status: +- Notification permissions area found: + +Do not clear saved passwords or reset settings. + +## Part 4: Commands + +Windows PowerShell: + +```powershell +start ms-settings:dateandtime +Get-FileHash "$env:USERPROFILE\Downloads\example.exe" +``` + +Record: +- Date/time appears correct: +- What happened when checking the example file: + +If the example file does not exist, record that. Do not download a random file just for this lab. + +Linux: + +```bash +date +sha256sum ~/Downloads/example-file +``` + +Record: +- Date/time output: +- What happened when checking the example file: + +If the example file does not exist, record that. Do not download a random file just for this lab. + +Optional macOS: + +```bash +date +shasum -a 256 ~/Downloads/example-file +open -b com.apple.Safari +``` + +Record: +- Date/time output: +- What happened when checking the example file: +- Safari opened: + +If the example file does not exist, record that. Do not download a random file just for this lab. + +## Part 5: Scenario Matching + +Choose the best browser security action: + +1. A user downloaded a browser installer from an unfamiliar third-party website. +2. A browser warns that a banking site certificate is invalid. +3. A user has 18 extensions and cannot explain why most are installed. +4. A site is broken after a recent update and keeps loading old content. +5. A user thinks private browsing hides activity from the employer network. +6. A company wants browser traffic filtered and logged centrally. +7. A user reuses the same password on many websites. + +## What You Should Learn + +- Browser installers should come from trusted sources. +- Hashes verify file integrity when a known-good hash is provided. +- Updates patch browser vulnerabilities. +- Extensions are useful but can be dangerous. +- Certificate warnings should be investigated. +- Private browsing protects local session traces, not full network privacy. +- Browser sync and password managers need strong account protection. + diff --git a/labs/SEC-2-windows-security-settings-lab.md b/labs/SEC-2-windows-security-settings-lab.md new file mode 100644 index 0000000..de85f7e --- /dev/null +++ b/labs/SEC-2-windows-security-settings-lab.md @@ -0,0 +1,99 @@ +# Lab SEC-2: Windows Security Settings + +Domain: +- 2.0 Security + +Works on: +- Windows +- Linux/macOS comparison where available + +## Goal + +Inspect Windows security settings without weakening protections. + +## Windows Steps + +Run: + +```powershell +windowsdefender: +firewall.cpl +wf.msc +whoami +whoami /groups +net user +net localgroup administrators +manage-bde -status +gpresult /r +cipher /? +``` + +Record: +- Defender status: +- Defender definition/update status: +- Active firewall profile: +- Current user: +- Local users visible: +- Administrators group members: +- BitLocker status: +- Group Policy result available: +- What `cipher` is used for: + +## Permissions Review + +Create or choose a non-critical test folder. + +1. Open folder Properties. +2. Open the Security tab. +3. View groups/users. +4. View Advanced permissions. +5. Check whether inheritance is enabled. + +Do not remove permissions in this lab. + +Record: +- One group/user: +- One allowed permission: +- Inheritance enabled: +- Owner: + +## Linux Comparison + +Run: + +```bash +whoami +id +groups +``` + +Record: +- Current user: +- Groups: +- Sudo/admin indication: + +## macOS Comparison + +Run if you have Mac access: + +```bash +whoami +id +groups +fdesetup status +``` + +Record: +- Current user: +- Groups: +- FileVault status: + +## What You Should Learn + +- Defender and Firewall are managed from Windows Security/Control Panel tools. +- NTFS permissions apply locally and over the network. +- Share permissions apply only over the network. +- BitLocker protects volumes. +- EFS protects individual NTFS files/folders. +- Group Policy is checked with `gpresult` and refreshed with `gpupdate`. + diff --git a/labs/SEC-3-wireless-security-lab.md b/labs/SEC-3-wireless-security-lab.md new file mode 100644 index 0000000..5583e8e --- /dev/null +++ b/labs/SEC-3-wireless-security-lab.md @@ -0,0 +1,92 @@ +# Lab SEC-3: Wireless Security Inspection + +Domain: +- 2.0 Security + +Works on: +- Windows +- Linux +- Optional macOS + +## Goal + +Inspect wireless security settings without changing router configuration. + +## Windows Steps + +Run: + +```powershell +netsh wlan show interfaces +netsh wlan show profiles +ipconfig /all +ncpa.cpl +``` + +Record: +- SSID: +- Authentication: +- Cipher: +- Wi-Fi adapter name: +- DHCP enabled: +- DNS server: + +## Linux Steps + +Run: + +```bash +nmcli device status +nmcli connection show +ip addr +``` + +Optional: + +```bash +iw dev +``` + +Record: +- Wireless interface: +- Active connection: +- IP address: +- Tool availability: + +## Optional macOS Steps + +Run: + +```bash +networksetup -listallhardwareports +``` + +Optional, if available: + +```bash +airport -I +``` + +Record: +- Wi-Fi hardware port: +- SSID/security details if visible: + +## Scenario Matching + +Choose the best answer: +- Home network, newest supported security: +- Business Wi-Fi with individual user login: +- Legacy setting that should be replaced: +- Strong encryption used with WPA2: +- Authentication server for 802.1X: +- Microsoft domain authentication: +- Cisco/network device admin authentication: + +## What You Should Learn + +- WEP and TKIP are weak/legacy choices. +- WPA2-AES is a common secure baseline. +- WPA3 is preferred when supported. +- Personal mode uses a shared password. +- Enterprise mode uses individual authentication, usually with RADIUS. + diff --git a/labs/SEC-4-malware-response-lab.md b/labs/SEC-4-malware-response-lab.md new file mode 100644 index 0000000..4839920 --- /dev/null +++ b/labs/SEC-4-malware-response-lab.md @@ -0,0 +1,84 @@ +# Lab SEC-4: Malware Recognition and Safe Inspection + +Domain: +- 2.0 Security + +Works on: +- Windows +- Linux +- Optional macOS + +## Goal + +Practice safe inspection commands and malware/tool matching. Do not download or run malware. + +## Windows Steps + +Run: + +```powershell +windowsdefender: +taskmgr +resmon +eventvwr.msc +netstat -ano +Get-Process | Sort-Object CPU -Descending | Select-Object -First 10 +``` + +Record: +- Defender status: +- Highest CPU process: +- Highest memory process: +- One listening port or connection: +- One log area you would inspect after suspected malware: + +## Linux Steps + +Run: + +```bash +top +ps aux +ss -tulpn +journalctl -p err +``` + +Record: +- Highest CPU process: +- One listening service: +- One recent error: +- One process you would investigate further: + +## Optional macOS Steps + +Run: + +```bash +top +ps aux +``` + +Record: +- Highest CPU process: +- One unfamiliar process to research: + +## Tabletop Scenarios + +For each, write likely malware/tool/next action. + +1. User files are encrypted and a payment note appears. +2. A free installer added browser toolbars and pop-up ads. +3. CPU stays near 100% while the system is idle. +4. A laptop shows signs of surveillance: location tracking, microphone access, screenshots. +5. A system has a suspected boot-level infection and normal tools cannot remove it. +6. Users receive malicious email attachments before endpoint tools can stop them. +7. Security team wants endpoint behavior detection and isolation. + +## What You Should Learn + +- Malware type is identified by behavior. +- EDR responds on endpoints. +- MDR is managed by a third party. +- XDR correlates endpoint/network/cloud data. +- Severe persistent infections may require reimage/reinstall. + diff --git a/labs/SEC-5-social-engineering-scenario-lab.md b/labs/SEC-5-social-engineering-scenario-lab.md new file mode 100644 index 0000000..bf027b0 --- /dev/null +++ b/labs/SEC-5-social-engineering-scenario-lab.md @@ -0,0 +1,63 @@ +# Lab SEC-5: Social Engineering and Attack Scenario Matching + +Domain: +- 2.0 Security + +Works on: +- Windows +- Linux +- Scenario/tabletop practice + +## Goal + +Recognize common social engineering and attack patterns. This lab does not perform attacks. + +## Safe Inspection Commands + +Windows: + +```powershell +arp -a +netstat -ano +ipconfig /all +whoami /groups +``` + +Linux: + +```bash +ip neigh +ss -tulpn +ip route +id +``` + +Record: +- Default gateway: +- One ARP/neighbor entry: +- One listening port or active connection: +- Current user/group context: + +## Scenario Matching + +For each scenario, identify the attack and one mitigation. + +1. A text message says your package cannot be delivered unless you click a link. +2. A caller says they are from IT and need your MFA code. +3. An email to payroll requests changing direct deposit information. +4. An attacker sets up a fake coffee shop Wi-Fi network with the same name as the real one. +5. A user lets someone into a locked building because they say they forgot their badge. +6. A website comment field stores malicious JavaScript that runs for every visitor. +7. A login system is attacked with millions of password guesses. +8. A vendor update installs a backdoor. +9. A web form lets an attacker change a database query. +10. A service is unavailable because thousands of systems flood it with traffic. + +## What You Should Learn + +- Social engineering attacks exploit trust and urgency. +- Web attacks often target unsafe input handling. +- DDoS uses many attack sources. +- Evil twins imitate trusted Wi-Fi. +- Supply chain attacks abuse trusted vendors or updates. + diff --git a/labs/SEC-6-malware-removal-tabletop-lab.md b/labs/SEC-6-malware-removal-tabletop-lab.md new file mode 100644 index 0000000..8b25ba0 --- /dev/null +++ b/labs/SEC-6-malware-removal-tabletop-lab.md @@ -0,0 +1,76 @@ +# Lab SEC-6: Malware Removal Process Tabletop + +Domain: +- 2.0 Security + +Works on: +- Windows +- Tabletop/scenario practice + +## Goal + +Practice the malware removal order without working on live malware. + +## Safe Windows Inspection + +Run or open: + +```powershell +windowsdefender: +taskmgr +resmon +SystemPropertiesProtection +``` + +Optional reboot command to know, but do not run unless you are ready to restart: + +```powershell +shutdown /r /o /t 0 +``` + +Record: +- Defender status: +- Highest CPU process: +- System Protection enabled: +- Where you would find Advanced Startup: + +## Process Drill + +Write the 10 steps from memory: + +1. +2. +3. +4. +5. +6. +7. +8. +9. +10. + +## Next-Step Scenarios + +Identify the next correct step. + +1. User reports browser redirects and fake security alerts. +2. You verify symptoms and identify likely malware. +3. The infected system is still on the network. +4. The system is quarantined. +5. System Restore is disabled. +6. Remediation is complete. +7. Anti-malware is updated. +8. Scan/removal fails and system trust is low. +9. Known-good image is restored. +10. Scheduled scans and updates are enabled. +11. System Protection is re-enabled. + +## What You Should Learn + +- Quarantine comes early. +- Disable System Restore before remediation. +- Update anti-malware before scanning/removal. +- Reimage/reinstall when cleanup cannot be trusted. +- Re-enable System Protection only after cleanup. +- User education is part of the process. + diff --git a/labs/SEC-7-workstation-hardening-lab.md b/labs/SEC-7-workstation-hardening-lab.md new file mode 100644 index 0000000..c3f7d29 --- /dev/null +++ b/labs/SEC-7-workstation-hardening-lab.md @@ -0,0 +1,94 @@ +# Lab SEC-7: Workstation Hardening Inspection + +Domain: +- 2.0 Security + +Works on: +- Windows +- Linux +- Optional macOS + +## Goal + +Inspect workstation hardening settings without weakening the system. + +## Windows Steps + +Run: + +```powershell +manage-bde -status +net accounts +net user +net localgroup administrators +services.msc +ms-settings:autoplay +``` + +Optional, when ready to test locking: + +```powershell +rundll32.exe user32.dll,LockWorkStation +``` + +Record: +- BitLocker status: +- Password expiration/lockout settings: +- Local users: +- Local Administrators group: +- AutoPlay setting: +- One running service to research: + +Do not disable services in this lab unless you know the impact. + +## Linux Steps + +Run: + +```bash +id +sudo -l +systemctl --type=service --state=running +lsblk -f +``` + +Record: +- User/group identity: +- Sudo permissions: +- One running service: +- Disk/filesystem info: + +## Optional macOS Steps + +Run: + +```bash +fdesetup status +id +groups +``` + +Record: +- FileVault status: +- User/group identity: + +## Scenario Matching + +Choose the best hardening action: + +1. A laptop is lost in an airport. +2. A shared workstation allows automatic login. +3. A router still uses admin/admin. +4. USB drives automatically open when inserted. +5. A contractor account should stop working next week. +6. A user is a local administrator but only needs standard access. +7. An unused remote service is listening on the network. + +## What You Should Learn + +- Hardening reduces attack surface. +- Encryption protects data at rest. +- Screen locks protect unattended devices. +- Strong passwords and lockout reduce brute force risk. +- Unused services and default accounts/passwords increase risk. + diff --git a/labs/SEC-8-mobile-device-security-lab.md b/labs/SEC-8-mobile-device-security-lab.md new file mode 100644 index 0000000..2f29351 --- /dev/null +++ b/labs/SEC-8-mobile-device-security-lab.md @@ -0,0 +1,117 @@ +# Lab SEC-8: Mobile Device Security Inspection + +Domain: +- 2.0 Security + +Works on: +- Android phone or tablet +- iPhone or iPad +- Optional Windows, Linux, or macOS browser for account-security review + +## Goal + +Inspect mobile device security settings without changing risky controls. + +Do not erase, wipe, reset, unenroll, remove accounts, remove trusted devices, or turn off security features during this lab. + +## Android Steps + +Settings names vary by manufacturer. Look for the closest match. + +Inspect and record: +- OS version: +- Security patch level: +- Screen lock type: +- Whether fingerprint or face unlock is enabled: +- Whether device encryption is shown as enabled: +- Find My Device status: +- Backup status: +- App update setting in Google Play: +- Unknown app install or sideloading setting: +- Any work profile or device management entry: +- Content restriction or parental control setting, if present: + +Useful paths to check: +- Settings > Security and privacy +- Settings > Lock screen +- Settings > Passwords and accounts +- Settings > Google > Find My Device +- Settings > System > System update +- Settings > Apps > Special app access > Install unknown apps +- Google Play > Profile icon > Settings > Network preferences > Auto-update apps + +## iPhone or iPad Steps + +Inspect and record: +- iOS or iPadOS version: +- Screen lock type: +- Face ID or Touch ID status: +- Find My status: +- iCloud Backup status: +- Automatic updates status: +- App update setting: +- VPN & Device Management profiles, if present: +- Content & Privacy Restrictions status: + +Useful paths to check: +- Settings > General > About +- Settings > Face ID & Passcode or Touch ID & Passcode +- Settings > Apple Account > Find My +- Settings > Apple Account > iCloud > iCloud Backup +- Settings > General > Software Update > Automatic Updates +- Settings > App Store > App Updates +- Settings > General > VPN & Device Management +- Settings > Screen Time > Content & Privacy Restrictions + +## Optional Computer Account Review + +Use only the account that belongs to you. + +Windows: + +```powershell +start https://account.microsoft.com/devices +start https://myaccount.google.com/security +``` + +Linux: + +```bash +xdg-open https://myaccount.google.com/security +``` + +macOS: + +```bash +open https://appleid.apple.com +``` + +Record: +- One registered device: +- One security alert or recent activity item, if any: +- Whether recovery email/phone is configured: +- Whether two-factor or multifactor authentication is enabled: + +Do not remove devices or change recovery settings during this lab unless you intentionally choose to do that later outside the lab. + +## Scenario Matching + +Choose the best mobile security action: + +1. A user loses a company phone that contains email and files. +2. A company wants all phones to require passcodes and encryption. +3. A personal phone is allowed to access company email. +4. A phone has not received security patches for months. +5. A user installed an app from an unknown website. +6. A parent wants to block adult websites on a child device. +7. A phone is probably stolen and cannot be recovered. + +## What You Should Learn + +- Mobile security starts with lock method and encryption. +- MDM centrally enforces mobile security settings. +- BYOD requires clear policy because personal and company data share one device. +- Locator, lock, backup, and wipe are the main lost-device responses. +- OS and app updates are security controls. +- Sideloading increases malware risk, especially on Android. + diff --git a/labs/SEC-9-data-destruction-lab.md b/labs/SEC-9-data-destruction-lab.md new file mode 100644 index 0000000..32066bd --- /dev/null +++ b/labs/SEC-9-data-destruction-lab.md @@ -0,0 +1,122 @@ +# Lab SEC-9: Data Destruction Decision Practice + +Domain: +- 2.0 Security + +Works on: +- Windows +- Linux +- Optional macOS + +## Goal + +Practice data destruction decisions and safely demonstrate the difference between deletion and secure destruction concepts. + +Do not wipe, format, shred, degauss, reset, or destroy any real drive for this lab. + +## Part 1: Safe File Deletion Demo + +Windows PowerShell: + +```powershell +New-Item -ItemType Directory -Path "$env:USERPROFILE\AplusDataDestructionLab" +"Practice data" | Set-Content "$env:USERPROFILE\AplusDataDestructionLab\test.txt" +Get-ChildItem "$env:USERPROFILE\AplusDataDestructionLab" +Remove-Item "$env:USERPROFILE\AplusDataDestructionLab\test.txt" +Get-ChildItem "$env:USERPROFILE\AplusDataDestructionLab" +``` + +Record: +- Folder created: +- Test file visible before deletion: +- Test file visible after deletion: +- Why this was not secure destruction: + +Linux: + +```bash +mkdir -p ~/aplus-data-destruction-lab +printf "Practice data\n" > ~/aplus-data-destruction-lab/test.txt +ls -l ~/aplus-data-destruction-lab +rm ~/aplus-data-destruction-lab/test.txt +ls -l ~/aplus-data-destruction-lab +``` + +Record: +- Folder created: +- Test file visible before deletion: +- Test file visible after deletion: +- Why this was not secure destruction: + +Optional macOS: + +```bash +mkdir -p ~/aplus-data-destruction-lab +printf "Practice data\n" > ~/aplus-data-destruction-lab/test.txt +ls -l ~/aplus-data-destruction-lab +rm ~/aplus-data-destruction-lab/test.txt +ls -l ~/aplus-data-destruction-lab +``` + +Record: +- Folder created: +- Test file visible before deletion: +- Test file visible after deletion: +- Why this was not secure destruction: + +## Part 2: Storage Inspection + +Windows: + +```powershell +Get-Volume +``` + +Record: +- Main drive letter: +- File system: +- Any removable drives listed: + +Linux: + +```bash +lsblk -f +``` + +Record: +- Main device name: +- File system: +- Any removable drives listed: + +Optional macOS: + +```bash +diskutil list +``` + +Record: +- Main disk identifier: +- File system or container type: +- Any removable drives listed: + +## Part 3: Method Matching + +Choose the best destruction method: + +1. A laptop hard drive will be reused by another employee. +2. A failed hard drive contains financial records and will be discarded. +3. An SSD contains sensitive data and is being retired. +4. A magnetic tape backup must be destroyed. +5. A vendor destroys 200 company drives. +6. A single sensitive file must be removed while the computer remains in service. +7. A user quick-formatted a drive and wants to know whether the data is safely gone. + +## What You Should Learn + +- Delete removes normal access, but it is not secure data destruction. +- Quick format is not the same as a full overwrite. +- Whole-drive wiping is for reuse. +- Physical destruction is for disposal. +- Degaussing is for magnetic media, not SSDs or flash. +- A certificate of destruction provides an audit trail. + diff --git a/labs/TRB-1-windows-os-issues-lab.md b/labs/TRB-1-windows-os-issues-lab.md new file mode 100644 index 0000000..471db07 --- /dev/null +++ b/labs/TRB-1-windows-os-issues-lab.md @@ -0,0 +1,72 @@ +# Lab TRB-1: Windows OS Troubleshooting Evidence + +Domain: +- 3.0 Software Troubleshooting + +Works on: +- Windows +- Linux comparison optional + +## Goal + +Practice gathering evidence for Windows OS symptoms without making risky changes. + +## Part 1: Resource Check + +Windows: + +```powershell +taskmgr +perfmon /rel +eventvwr.msc +``` + +Record: +- Highest CPU process: +- Highest memory process: +- One Reliability Monitor event: +- One Windows log you opened: + +## Part 2: System Repair Commands + +Do not interrupt these commands if you run them. + +```powershell +sfc /verifyonly +DISM /Online /Cleanup-Image /CheckHealth +chkdsk +``` + +Record: +- SFC result: +- DISM result: +- CHKDSK result: + +## Part 3: Startup and Services + +Open: +- Task Manager > Startup apps +- Services console + +Record: +- One enabled startup app: +- One stopped service: +- Whether the stopped service appears normal or suspicious: + +## Part 4: Scenario Practice + +Match the next step: + +1. Windows says no OS found. +2. A service fails to start after boot. +3. A system blue-screens after a driver update. +4. A user reports the PC is slow after login. +5. The clock keeps drifting. + +## What You Should Learn + +- Troubleshooting starts with symptoms and evidence. +- Event Viewer and Reliability Monitor help build a timeline. +- SFC, DISM, and CHKDSK support repair decisions. +- Startup apps, services, drivers, storage, and time settings are common Windows issue areas. + diff --git a/labs/TRB-2-mobile-os-app-issues-lab.md b/labs/TRB-2-mobile-os-app-issues-lab.md new file mode 100644 index 0000000..a907f9a --- /dev/null +++ b/labs/TRB-2-mobile-os-app-issues-lab.md @@ -0,0 +1,56 @@ +# Lab TRB-2: Mobile App Troubleshooting Checklist + +Domain: +- 3.0 Software Troubleshooting + +Works on: +- Android +- iOS + +## Goal + +Practice safe mobile troubleshooting checks without deleting personal data. + +## Part 1: Pick One App + +Choose a noncritical app. + +Record: +- App name: +- App version if visible: +- Last update status: +- Storage used by the app: +- Permissions granted: + +## Part 2: Battery and Storage + +Record: +- Available device storage: +- Top battery-using app: +- Battery saver mode status: +- OS update status: + +## Part 3: Connectivity + +Record: +- Wi-Fi connected: +- Bluetooth enabled: +- NFC enabled, if present: +- Airplane mode off: + +## Part 4: Scenario Matching + +Choose the best first checks: + +1. App will not install. +2. Bluetooth headphones will not pair. +3. Phone battery drains quickly. +4. Screen will not rotate. +5. App crashes after launch. + +## What You Should Learn + +- Mobile troubleshooting is usually low-risk checks first. +- Storage, updates, permissions, and connectivity solve many app issues. +- Avoid factory reset unless simpler steps fail and data is backed up. + diff --git a/labs/TRB-3-mobile-security-issues-lab.md b/labs/TRB-3-mobile-security-issues-lab.md new file mode 100644 index 0000000..c106c94 --- /dev/null +++ b/labs/TRB-3-mobile-security-issues-lab.md @@ -0,0 +1,54 @@ +# Lab TRB-3: Mobile Security Inspection + +Domain: +- 3.0 Software Troubleshooting + +Works on: +- Android +- iOS + +## Goal + +Inspect mobile security signals without installing or removing apps. + +## Part 1: App Source Review + +Pick three installed apps and record: +- App name: +- Source or store if visible: +- Developer name if visible: +- Permissions that seem sensitive: + +## Part 2: Device Controls + +Record: +- OS update status: +- Unknown sources or sideloading status if visible: +- Developer mode status if visible: +- VPN status: +- Device management profile or MDM status if visible: + +## Part 3: Data and Battery Signals + +Record: +- Highest mobile data user: +- Highest battery user: +- Any app you do not recognize: +- Any unexpected ads, redirects, or warnings: + +## Part 4: Scenario Practice + +Choose the risk: + +1. User installed a bank app from a link in a text message. +2. Phone shows ads when no browser is open. +3. Device is jailbroken. +4. A weather app uses large amounts of background data. +5. Fake virus warnings appear repeatedly. + +## What You Should Learn + +- Mobile compromise often looks like odd app behavior, ads, or data usage. +- Rooting, jailbreaking, sideloading, and unofficial stores raise risk. +- Managed devices should follow organization policy and MDM procedures. + diff --git a/labs/TRB-4-pc-security-symptoms-lab.md b/labs/TRB-4-pc-security-symptoms-lab.md new file mode 100644 index 0000000..acdab4d --- /dev/null +++ b/labs/TRB-4-pc-security-symptoms-lab.md @@ -0,0 +1,53 @@ +# Lab TRB-4: PC Security Symptom Triage + +Domain: +- 3.0 Software Troubleshooting + +Works on: +- Windows +- Linux comparison optional + +## Goal + +Practice security symptom triage without changing browser profiles or deleting files. + +## Part 1: Browser Checks + +Record: +- Browser extension count: +- Default search engine: +- Proxy setting location found: +- Certificate warning seen on normal sites, yes or no: +- Pop-up and notification permissions location found: + +## Part 2: Windows Checks + +Windows: + +```powershell +Get-ComputerInfo | Select-Object OsName,OsVersion +Get-Date +netsh winhttp show proxy +``` + +Record: +- OS version: +- System date/time: +- Proxy status: + +## Part 3: Scenario Triage + +For each symptom, list likely cause and first action: + +1. Files are renamed and cannot be opened. +2. Browser searches redirect to an unfamiliar site. +3. Fake antivirus warnings demand payment. +4. Windows Update fails on a previously infected PC. +5. A banking site certificate warning appears. + +## What You Should Learn + +- Security troubleshooting starts with symptoms and risk. +- Some symptoms require isolation before normal repair. +- Browser settings, proxy settings, date/time, and extensions can explain many security symptoms. + diff --git a/mind-maps/core2-overview.md b/mind-maps/core2-overview.md new file mode 100644 index 0000000..8218993 --- /dev/null +++ b/mind-maps/core2-overview.md @@ -0,0 +1,37 @@ +# Core 2 Overview Mind Map + +```text +CompTIA A+ Core 2 220-1202 +| +|-- 1.0 Operating Systems (28%) +| |-- Windows installation and upgrade +| |-- Windows tools and settings +| |-- Command-line tools +| |-- macOS basics +| |-- Linux basics +| |-- Mobile OS configuration +| +|-- 2.0 Security (28%) +| |-- Authentication and authorization +| |-- Malware types and removal +| |-- Wireless and SOHO security +| |-- Device hardening +| |-- Data protection and encryption +| |-- Social engineering +| +|-- 3.0 Software Troubleshooting (23%) +| |-- Windows startup and OS symptoms +| |-- Application crashes and performance +| |-- Browser and network software issues +| |-- Mobile app and connectivity problems +| |-- Malware symptoms +| +|-- 4.0 Operational Procedures (21%) + |-- Documentation and ticketing + |-- Change management + |-- Safety and ESD + |-- Backup and recovery + |-- Professional communication + |-- Remote support practices +``` + diff --git a/mind-maps/core2-status.html b/mind-maps/core2-status.html new file mode 100644 index 0000000..103883b --- /dev/null +++ b/mind-maps/core2-status.html @@ -0,0 +1,225 @@ + + + + + + CompTIA A+ Core 2 Status Mind Map + + + +
+

CompTIA A+ Core 2 Status Mind Map

+
Exam: 220-1202 | Last updated: 2026-06-10 | Quizzes happen after study sections.
+
+ Not started + Studying + Needs review + Good + Strong +
+
+
+
+
+

Operating Systems 28% | Current: studying OS-1

+
    +
  • 1.1 OS types and file systemsStrong: studied 2026-06-11, quiz 7/7; lab pending
    • +
  • 1.2 OS installation and upgradeReady: OS-2 lesson, lab, and quiz created
    • +
  • 1.3 Windows editions and requirementsStudying: OS-1 lesson created, quiz pending
    • +
  • 1.4 Windows toolsReady: OS-3 lesson, lab, and quiz created
    • +
  • 1.5 Windows command lineReady: OS-4 lesson, lab, and quiz created
    • +
  • 1.6 Windows Control Panel and SettingsReady: OS-6 lesson, lab, and quiz created
    • +
  • 1.7 Windows networkingReady: OS-7 lesson, lab, and quiz created
    • +
  • 1.8 macOS tools and featuresReady: OS-8 lesson, optional Mac lab, and quiz created
    • +
  • 1.9 Linux client toolsReady: OS-9 lesson, lab, and quiz created
    • +
  • 1.10 Application installation requirementsReady: OS-10 lesson, lab, and quiz created
    • +
  • 1.11 Cloud productivity toolsReady: OS-11 lesson, lab, and quiz created
    • +
+
+
+

Security 28% | Current: not started

+
    +
  • 2.1 Security controlsReady: SEC-1 lesson, lab, and quiz created
    • +
  • 2.2 Windows security settingsReady: SEC-2 lesson, lab, and quiz created
    • +
  • 2.3 Wireless securityReady: SEC-3 lesson, lab, and quiz created
    • +
  • 2.4 Malware and security toolsReady: SEC-4 lesson, lab, and quiz created
    • +
  • 2.5 Social engineering and attacksReady: SEC-5 lesson, lab, and quiz created
    • +
  • 2.6 Malware removal processReady: SEC-6 lesson, lab, and quiz created
    • +
  • 2.7 Workstation hardeningReady: SEC-7 lesson, lab, and quiz created
    • +
  • 2.8 Mobile device securityReady: SEC-8 lesson, lab, and quiz created
    • +
  • 2.9 Data destructionReady: SEC-9 lesson, lab, and quiz created
    • +
  • 2.10 SOHO network securityReady: SEC-10 lesson, lab, and quiz created
    • +
  • 2.11 Browser securityReady: SEC-11 lesson, lab, and quiz created
    • +
+
+
+

Software Troubleshooting 23% | Current: not started

+
    +
  • 3.1 Windows OS issuesReady: TRB-1 lesson, lab, and quiz created
    • +
  • 3.2 Mobile OS and app issuesReady: TRB-2 lesson, lab, and quiz created
    • +
  • 3.3 Mobile security issuesReady: TRB-3 lesson, lab, and quiz created
    • +
  • 3.4 PC security symptomsReady: TRB-4 lesson, lab, and quiz created
    • +
+
+
+

Operational Procedures 21% | Current: not started

+
    +
  • 4.1 Documentation and support systemsReady: OPS-1 lesson, lab, and quiz created
    • +
  • 4.2 Change managementReady: OPS-2 lesson, lab, and quiz created
    • +
  • 4.3 Backup and recoveryReady: OPS-3 lesson, lab, and quiz created
    • +
  • 4.4 Safety proceduresReady: OPS-4 lesson, lab, and quiz created
    • +
  • 4.5 Environmental controlsReady: OPS-5 lesson, lab, and quiz created
    • +
  • 4.6 Policy, privacy, and licensingReady: OPS-6 lesson, lab, and quiz created
    • +
  • 4.7 ProfessionalismReady: OPS-7 lesson, lab, and quiz created
    • +
  • 4.8 Scripting basicsReady: OPS-8 lesson, lab, and quiz created
    • +
  • 4.9 Remote accessReady: OPS-9 lesson, lab, and quiz created
    • +
  • 4.10 AI conceptsReady: OPS-10 lesson, lab, and quiz created
    • +
+
+
+
+ + diff --git a/notes/OPS-1-documentation-support-systems.md b/notes/OPS-1-documentation-support-systems.md new file mode 100644 index 0000000..f53c480 --- /dev/null +++ b/notes/OPS-1-documentation-support-systems.md @@ -0,0 +1,61 @@ +# OPS-1: Documentation and Support Systems + +Status: not started + +Domain: +- 4.0 Operational Procedures + +Objective alignment: +- 4.1 Documentation, ticketing, asset management, and support systems + +## What You Need To Know + +Operational questions often test whether you record the right information and follow process. + +Ticketing details: +- User information +- Device information +- Issue description +- Category +- Severity +- Escalation level +- Progress notes +- Resolution + +Asset management: +- Inventory +- CMDB +- Asset tags and IDs +- Procurement life cycle +- Warranty and licensing +- Assigned users + +Document types: +- Incident reports +- SOPs +- Package installation procedures +- Onboarding and offboarding checklists +- SLAs +- Knowledge base articles + +## Memory Trick + +Use **U-D-I-S-R** for tickets: + +- **U**ser +- **D**evice +- **I**ssue +- **S**everity +- **R**esolution + +Shortcut: +- **If it is not documented, the next tech cannot trust what happened.** + +## Exam Clues + +- Tickets need enough detail for handoff and trend analysis. +- Asset tags connect devices to users, warranty, and lifecycle records. +- SOPs are repeatable procedures. +- SLAs define expected service levels. +- Knowledge base articles help future technicians solve known issues. + diff --git a/notes/OPS-10-ai-concepts.md b/notes/OPS-10-ai-concepts.md new file mode 100644 index 0000000..2a06fba --- /dev/null +++ b/notes/OPS-10-ai-concepts.md @@ -0,0 +1,59 @@ +# OPS-10: AI Concepts + +Status: not started + +Domain: +- 4.0 Operational Procedures + +Objective alignment: +- 4.10 Artificial intelligence concepts + +## What You Need To Know + +Core 2 expects basic AI awareness for support environments. + +AI concepts: +- Application integration +- Policy +- Appropriate use +- Plagiarism +- Bias +- Hallucinations +- Accuracy +- Private vs. public data +- Data source concerns + +## Memory Trick + +Use **P-B-H-D**: + +- **P**olicy +- **B**ias +- **H**allucinations +- **D**ata privacy + +Shortcut: +- **AI output is a draft until verified.** + +## Practical Rules + +Do: +- Follow company AI policy. +- Verify important output. +- Protect private data. +- Check source quality. +- Be transparent when policy requires it. + +Do not: +- Paste confidential data into unapproved public tools. +- Treat AI output as automatically accurate. +- Ignore bias or hallucination risk. +- Submit AI-generated work as original if that violates policy. + +## Exam Clues + +- Hallucination means confident but false output. +- Bias means output can reflect unfair or skewed training data. +- Public AI tools may expose private data depending on policy and configuration. +- Accuracy matters most for technical, legal, medical, financial, and security content. + diff --git a/notes/OPS-2-change-management.md b/notes/OPS-2-change-management.md new file mode 100644 index 0000000..f9e0f3a --- /dev/null +++ b/notes/OPS-2-change-management.md @@ -0,0 +1,55 @@ +# OPS-2: Change Management + +Status: not started + +Domain: +- 4.0 Operational Procedures + +Objective alignment: +- 4.2 Change management + +## What You Need To Know + +Change management reduces risk when systems are modified. + +Change planning should include: +- Purpose +- Scope +- Change type +- Schedule +- Affected systems +- Risk level +- Responsible staff +- Approvals +- Backup +- Rollback plan +- Sandbox testing +- Implementation steps +- Peer review +- End-user acceptance + +Change types: +- Standard: low-risk, preapproved, repeatable +- Normal: planned change requiring review and approval +- Emergency: urgent change to fix major risk or outage + +## Memory Trick + +Use **P-S-R-B-R**: + +- **P**urpose +- **S**cope +- **R**isk +- **B**ackup +- **R**ollback + +Shortcut: +- **A change without rollback is a bet, not a plan.** + +## Exam Clues + +- Maintenance windows reduce user impact. +- Change freezes block noncritical changes during sensitive periods. +- Emergency changes may be faster but still need documentation afterward. +- Peer review helps catch mistakes before implementation. + diff --git a/notes/OPS-3-backup-recovery.md b/notes/OPS-3-backup-recovery.md new file mode 100644 index 0000000..2bcfd06 --- /dev/null +++ b/notes/OPS-3-backup-recovery.md @@ -0,0 +1,48 @@ +# OPS-3: Backup and Recovery + +Status: not started + +Domain: +- 4.0 Operational Procedures + +Objective alignment: +- 4.3 Backup and recovery + +## What You Need To Know + +Backups only matter if they can be restored. + +Backup types: +- Full: backs up all selected data. +- Incremental: backs up changes since the last backup of any type. +- Differential: backs up changes since the last full backup. +- Synthetic full: builds a full backup from previous backup data. + +Rotation concepts: +- Onsite and offsite +- Grandfather-father-son +- 3-2-1 rule + +Restore options: +- Restore in place +- Restore to alternate location + +## Memory Trick + +Use **F-I-D-S**: + +- **F**ull +- **I**ncremental +- **D**ifferential +- **S**ynthetic full + +Shortcut: +- **Backups are promises; restore tests prove them.** + +## Exam Clues + +- Incremental backups are small and fast but restore chains can be longer. +- Differential backups grow until the next full backup. +- 3-2-1 means three copies, two media types, one offsite copy. +- Test restores on a defined schedule. + diff --git a/notes/OPS-4-safety-procedures.md b/notes/OPS-4-safety-procedures.md new file mode 100644 index 0000000..ffb6379 --- /dev/null +++ b/notes/OPS-4-safety-procedures.md @@ -0,0 +1,52 @@ +# OPS-4: Safety Procedures + +Status: not started + +Domain: +- 4.0 Operational Procedures + +Objective alignment: +- 4.4 Safety procedures + +## What You Need To Know + +Safety questions test whether you protect people, equipment, and data. + +ESD controls: +- Antistatic wrist strap +- ESD mat +- Antistatic bags +- Proper grounding +- Proper component handling + +Personal safety: +- Disconnect power before repairs. +- Use proper lifting technique. +- Know fire safety procedures. +- Use safety goggles when needed. +- Use air filter masks when needed. + +Workspace safety: +- Cable management +- Clear walkways +- Stable equipment placement +- Compliance with local rules + +## Memory Trick + +Use **P-E-C**: + +- **P**ower off +- **E**SD control +- **C**ables managed + +Shortcut: +- **Protect people first, then parts.** + +## Exam Clues + +- ESD can damage components even when you do not feel a shock. +- Antistatic bags protect components during storage and transport. +- Heavy equipment should be lifted safely or by two people. +- Disconnect power before internal repairs unless a procedure specifically requires power. + diff --git a/notes/OPS-5-environmental-controls.md b/notes/OPS-5-environmental-controls.md new file mode 100644 index 0000000..dd99956 --- /dev/null +++ b/notes/OPS-5-environmental-controls.md @@ -0,0 +1,49 @@ +# OPS-5: Environmental Controls + +Status: not started + +Domain: +- 4.0 Operational Procedures + +Objective alignment: +- 4.5 Environmental controls + +## What You Need To Know + +Environmental controls protect equipment and people. + +Key topics: +- MSDS or SDS documentation +- Battery disposal +- Toner disposal +- Device and asset disposal +- Temperature +- Humidity +- Ventilation +- Equipment placement +- Dust cleanup +- Compressed air and vacuums +- UPS +- Surge suppressors +- Surges, brownouts, and blackouts + +## Memory Trick + +Use **P-H-D-P**: + +- **P**ower +- **H**eat and humidity +- **D**ust +- **P**roper disposal + +Shortcut: +- **Bad power, heat, dust, or disposal can turn a simple support issue into a safety issue.** + +## Exam Clues + +- Use SDS/MSDS for chemical and material safety guidance. +- Toner and batteries require proper disposal or recycling. +- UPS protects against short outages and gives time for safe shutdown. +- Surge suppressors protect against voltage spikes. +- Brownouts are low-voltage events; blackouts are power loss. + diff --git a/notes/OPS-6-policy-privacy-licensing.md b/notes/OPS-6-policy-privacy-licensing.md new file mode 100644 index 0000000..9836398 --- /dev/null +++ b/notes/OPS-6-policy-privacy-licensing.md @@ -0,0 +1,55 @@ +# OPS-6: Policy, Privacy, and Licensing + +Status: not started + +Domain: +- 4.0 Operational Procedures + +Objective alignment: +- 4.6 Policy, privacy, licensing, and incident handling + +## What You Need To Know + +Policies tell technicians what they are allowed to do and what must be protected. + +Incident response concepts: +- Chain of custody +- Informing management or law enforcement when required +- Drive copies for integrity and preservation +- Documentation +- Order of volatility + +Policy and privacy concepts: +- Valid licenses +- DRM +- EULA +- Perpetual licensing +- Personal vs. corporate licensing +- Open-source licensing +- NDA and MNDA +- Regulated data +- Data retention +- Acceptable use policy +- Compliance +- Splash screens and login banners + +## Memory Trick + +Use **C-D-P-L**: + +- **C**hain of custody +- **D**ata privacy +- **P**olicies +- **L**icensing + +Shortcut: +- **Policy decides what you can touch, copy, disclose, and install.** + +## Exam Clues + +- Chain of custody tracks evidence handling. +- Order of volatility means collect the most temporary evidence first. +- EULAs define software use terms. +- Open-source does not mean no license. +- Regulated data may require special handling and retention. + diff --git a/notes/OPS-7-professionalism.md b/notes/OPS-7-professionalism.md new file mode 100644 index 0000000..be52bf3 --- /dev/null +++ b/notes/OPS-7-professionalism.md @@ -0,0 +1,56 @@ +# OPS-7: Professionalism + +Status: not started + +Domain: +- 4.0 Operational Procedures + +Objective alignment: +- 4.7 Professionalism and communication + +## What You Need To Know + +Professional behavior is tested directly on Core 2. + +Use: +- Appropriate appearance +- Appropriate language +- Respect for user time +- Active listening +- Cultural sensitivity +- Discretion +- Confidentiality +- Open-ended questions +- Restating the issue +- Clear expectations +- Status communication +- Documentation +- Follow-up + +Avoid: +- Arguing +- Being defensive +- Dismissing the user +- Judging the user +- Sharing confidential information + +## Memory Trick + +Use **L-E-D-F**: + +- **L**isten +- **E**xplain expectations +- **D**ocument +- **F**ollow up + +Shortcut: +- **Fix the problem without making the user the problem.** + +## Exam Clues + +- Ask open-ended questions first. +- Restate the issue to confirm understanding. +- Do not blame the user. +- Protect confidential information. +- Set realistic timelines and follow up. + diff --git a/notes/OPS-8-scripting-basics.md b/notes/OPS-8-scripting-basics.md new file mode 100644 index 0000000..1bc82bd --- /dev/null +++ b/notes/OPS-8-scripting-basics.md @@ -0,0 +1,59 @@ +# OPS-8: Scripting Basics + +Status: not started + +Domain: +- 4.0 Operational Procedures + +Objective alignment: +- 4.8 Scripting languages, use cases, and risks + +## What You Need To Know + +Scripts automate repeated tasks, but they can also break systems quickly. + +Script types: +- `.bat` +- `.ps1` +- `.vbs` +- `.sh` +- `.js` +- `.py` + +Use cases: +- Automation +- Restarting machines +- Remapping drives +- Application installs +- Backups +- Data gathering +- Updates + +Risks: +- Introducing malware +- Changing system settings +- Deleting data +- Crashing browsers or systems +- Mishandling resources + +## Memory Trick + +Use **A-R-I-B-D**: + +- **A**utomate +- **R**estart +- **I**nstall +- **B**ack up +- **D**ata gathering + +Shortcut: +- **Scripts are force multipliers for both fixes and mistakes.** + +## Exam Clues + +- PowerShell scripts use `.ps1`. +- Bash shell scripts commonly use `.sh`. +- Batch files use `.bat`. +- Test scripts before broad deployment. +- Review scripts from unknown sources before running. + diff --git a/notes/OPS-9-remote-access.md b/notes/OPS-9-remote-access.md new file mode 100644 index 0000000..2fc604d --- /dev/null +++ b/notes/OPS-9-remote-access.md @@ -0,0 +1,56 @@ +# OPS-9: Remote Access + +Status: not started + +Domain: +- 4.0 Operational Procedures + +Objective alignment: +- 4.9 Remote access technologies and security considerations + +## What You Need To Know + +Remote access lets technicians support systems without being physically present. + +Methods: +- RDP +- VPN +- VNC +- SSH +- RMM +- SPICE +- WinRM +- Third-party screen sharing +- Videoconferencing +- File transfer +- Desktop management tools + +Security considerations: +- Encryption +- Authentication +- Least privilege +- User approval +- Logging +- Data exposure +- Session termination + +## Memory Trick + +Use **E-A-L-L**: + +- **E**ncryption +- **A**uthentication +- **L**east privilege +- **L**ogging + +Shortcut: +- **Remote access should be approved, authenticated, encrypted, and logged.** + +## Exam Clues + +- RDP is common for Windows remote desktop access. +- SSH is common for secure command-line access. +- VPN creates an encrypted path into a private network. +- RMM tools support managed monitoring and administration. +- Screen sharing may expose sensitive data, so get permission and close sessions. + diff --git a/notes/OS-1-windows-editions-system-info.md b/notes/OS-1-windows-editions-system-info.md new file mode 100644 index 0000000..dec503a --- /dev/null +++ b/notes/OS-1-windows-editions-system-info.md @@ -0,0 +1,179 @@ +# OS-1: Windows Editions and System Information + +Status: studying + +Domain: +- 1.0 Operating Systems + +Objective alignment: +- 1.3 Windows editions and requirements +- 1.5 Windows command-line/system information basics + +## What You Need To Know + +Windows comes in different editions. For A+ Core 2, focus on what features separate home-user editions from business editions. + +Common exam distinction: +- Windows Home: basic consumer edition. +- Windows Pro: adds business features such as joining a domain, BitLocker, Remote Desktop host, Group Policy tools, and Hyper-V support. +- Windows Pro for Workstations: high-end workstation edition with expanded CPU/RAM/storage feature support. +- Windows Enterprise/Education: organization-managed editions with more advanced deployment and security controls. + +The exam often asks which edition is needed for a business feature. If the feature sounds like centralized management, encryption, domain access, or remote administration, think Pro or higher. + +Windows 11 requirement clues: +- TPM 2.0: security chip/firmware feature used by Windows security features. +- UEFI: modern firmware replacement for legacy BIOS. +- Secure Boot: helps prevent untrusted boot loaders from starting before the OS. + +Exam shortcut: +- If the question says a PC cannot upgrade to Windows 11, check TPM 2.0, UEFI, Secure Boot capability, CPU/RAM/storage, and edition compatibility. + +## Memory Trick + +Remember: **Pro = Professional workplace features**. + +The "PRO" clue: +- **P**olicies: Group Policy management +- **R**emote Desktop host +- **O**rganization login: domain join / business identity features + +BitLocker also belongs in the "workplace/security" bucket, so associate it with Pro or higher. + +## Commands To Enter + +Enter these on Windows PowerShell or Command Prompt: + +```powershell +winver +``` + +What it does: +- Opens a Windows dialog showing the Windows version and build. +- Use it when you need a fast human-readable version check. + +```powershell +systeminfo +``` + +What it does: +- Prints detailed system information. +- Useful fields include OS Name, OS Version, System Type, BIOS Version, Total Physical Memory, and install date. + +```powershell +hostname +``` + +What it does: +- Shows the computer name. +- Useful when documenting a device or confirming you are connected to the right machine. + +```powershell +whoami +``` + +What it does: +- Shows the currently signed-in user. +- Useful when checking whether you are using the expected account. + +```powershell +wmic os get caption,version,buildnumber,osarchitecture +``` + +What it does: +- Shows Windows edition, version, build number, and whether the OS is 32-bit or 64-bit. +- WMIC is older, but it still appears in exam-style command questions. + +```powershell +tpm.msc +``` + +What it does: +- Opens TPM Management. +- Use it to check TPM status and version on Windows. + +```powershell +msinfo32 +``` + +What it does: +- Opens System Information. +- Use it to check BIOS Mode, Secure Boot State, system model, CPU, RAM, and OS details. + +Enter these on Linux: + +```bash +hostname +``` + +What it does: +- Shows the Linux system's host name. + +```bash +whoami +``` + +What it does: +- Shows the current logged-in user. + +```bash +uname -a +``` + +What it does: +- Shows kernel and architecture information. +- Useful for identifying whether the system is 64-bit and what kernel it is running. + +```bash +cat /etc/os-release +``` + +What it does: +- Shows the Linux distribution name and version. +- This is one of the quickest ways to identify the Linux OS. + +## Mini Lab + +Goal: +- Identify and document your system's OS edition/version, architecture, host name, current user, CPU, and RAM. + +On Windows: +1. Run `winver`. +2. Run `systeminfo`. +3. Run `hostname`. +4. Run `whoami`. +5. Run `msinfo32`. +6. Optional: run `tpm.msc`. +7. Record: + - Windows edition + - Version/build + - 32-bit or 64-bit + - Host name + - Current user + - Installed RAM + - BIOS mode + - Secure Boot state + - TPM version/status, if available + +On Linux: +1. Run `cat /etc/os-release`. +2. Run `uname -a`. +3. Run `hostname`. +4. Run `whoami`. +5. Optional: run `free -h` to view memory. +6. Record: + - Distribution + - Kernel + - 32-bit or 64-bit architecture + - Host name + - Current user + - Installed/available memory + +## Quick Check Before Quiz + +You are ready for the OS-1 quiz when you can answer these without looking: +- Which edition is usually needed for domain join and Group Policy? +- Which command quickly displays Windows version/build in a GUI dialog? +- Which command gives detailed Windows inventory information? +- Which Linux file commonly identifies the distribution? +- Which Windows 11 upgrade clues point to firmware/security requirements? diff --git a/notes/OS-10-application-installation-requirements.md b/notes/OS-10-application-installation-requirements.md new file mode 100644 index 0000000..a813668 --- /dev/null +++ b/notes/OS-10-application-installation-requirements.md @@ -0,0 +1,280 @@ +# OS-10: Application Installation Requirements + +Status: not started + +Domain: +- 1.0 Operating Systems + +Objective alignment: +- 1.10 Application installation requirements + +## What You Need To Know + +Application install questions are usually about compatibility and impact. + +Before installing or upgrading software, check: +- OS compatibility +- 32-bit vs. 64-bit requirements +- CPU requirements +- RAM requirements +- Storage requirements +- Graphics/GPU/VRAM requirements +- External hardware token requirements +- Distribution method +- Impact to the device, network, operations, and business + +## Memory Trick + +Use **O-CRaSH-G-DIB**: + +- **O**S compatibility +- **C**PU +- **Ra**M +- **S**torage +- **H**ardware token +- **G**raphics/GPU +- **D**istribution method +- **I**mpact +- **B**usiness risk + +If the app will not install or runs badly, think: +- Wrong OS +- Wrong architecture +- Not enough RAM/storage +- Missing GPU/VRAM +- Missing driver +- Missing hardware token +- Bad source or corrupted installer + +## Platform and Architecture + +32-bit vs. 64-bit: +- A 32-bit OS cannot run 64-bit apps. +- A 64-bit OS can usually run many 32-bit apps. +- 64-bit Windows uses: + - `C:\Program Files` for 64-bit apps + - `C:\Program Files (x86)` for 32-bit apps + +Driver compatibility: +- Drivers are OS-specific and architecture-specific. +- A driver for the wrong Windows version or architecture may fail. + +## Hardware Requirements + +CPU: +- Some apps require a minimum CPU generation, speed, or instruction set. + +RAM: +- Apps may install but perform poorly if RAM is too low. + +Storage: +- Check both install size and working data size. +- Some apps need much more space after install. + +Graphics: +- Integrated graphics shares system memory. +- Dedicated/discrete GPU has its own VRAM. +- High-end apps may require dedicated GPU and minimum VRAM. + +External hardware tokens: +- Some professional software requires a USB license dongle or hardware security key. +- If the token is missing, the software may not run. + +## Distribution Methods + +Download: +- Get from vendor or trusted app store. +- Avoid random third-party download sites. + +Physical media: +- USB or optical disc. +- Less common now, but still possible. + +ISO: +- Disk image file. +- Can be mounted by the OS and used like a virtual disc. + +Image deployment: +- Installs a prepared system image, often with OS, drivers, and apps included. +- Common in business and virtual machine deployments. + +Package managers: +- Linux examples: `apt`, `dnf`. +- Windows examples: Microsoft Store, winget in some environments. + +## Impact Questions + +Impact to device: +- App may slow the computer, break existing apps, overwrite files, or require reboot. + +Impact to network: +- App may need internal services, firewall exceptions, bandwidth, or file share permissions. + +Impact to operations: +- A workflow may change after an upgrade. +- A time-sensitive job may be interrupted. + +Impact to business: +- Critical applications can affect revenue, customer service, compliance, or production. + +Exam shortcut: +- If the app affects business-critical work, test first, schedule downtime, communicate, and have rollback. + +## Commands To Enter + +Windows: + +```powershell +systeminfo +``` + +What it does: +- Shows OS, architecture, CPU, memory, and system details. + +```powershell +wmic os get osarchitecture +``` + +What it does: +- Shows whether Windows is 32-bit or 64-bit. + +```powershell +Get-ComputerInfo | Select-Object OsName, OsArchitecture, CsProcessors, CsTotalPhysicalMemory +``` + +What it does: +- PowerShell summary of OS name, architecture, CPU, and RAM. + +```powershell +Get-Volume +``` + +What it does: +- Shows volume/file-system information and free space. + +```powershell +winget --version +``` + +What it does: +- Shows whether Windows Package Manager is installed and its version. + +```powershell +Get-AppxPackage | Select-Object -First 5 Name, Version +``` + +What it does: +- Shows installed Microsoft Store/UWP-style app package names and versions. + +Linux: + +```bash +uname -m +``` + +What it does: +- Shows system architecture, such as `x86_64`. + +```bash +lscpu +``` + +What it does: +- Shows CPU details. + +```bash +free -h +``` + +What it does: +- Shows memory usage in human-readable units. + +```bash +df -h +``` + +What it does: +- Shows filesystem free space. + +```bash +which apt +which dnf +``` + +What it does: +- Checks whether `apt` or `dnf` package manager commands exist. + +macOS, if available: + +```bash +sw_vers +uname -m +system_profiler SPHardwareDataType +``` + +What it does: +- Shows macOS version, architecture, and hardware summary. + +## Mini Lab + +Goal: +- Decide whether a computer can run a hypothetical app. + +Hypothetical app requirements: +- 64-bit OS +- 8 GB RAM +- 20 GB free storage +- Modern CPU +- Dedicated GPU preferred +- Internet download from vendor site + +Windows: +1. Run `systeminfo`. +2. Run `wmic os get osarchitecture`. +3. Run `Get-Volume`. +4. Optional: run `winget --version`. +5. Record: + - OS: + - Architecture: + - RAM: + - Free storage: + - CPU: + - Package manager available: + - Meets requirements? Why or why not? + +Linux: +1. Run `cat /etc/os-release`. +2. Run `uname -m`. +3. Run `lscpu`. +4. Run `free -h`. +5. Run `df -h`. +6. Run `which apt` and `which dnf`. +7. Record: + - Distribution: + - Architecture: + - RAM: + - Free storage: + - CPU: + - Package manager: + - Meets requirements? Why or why not? + +macOS, if available: +1. Run `sw_vers`. +2. Run `uname -m`. +3. Run `system_profiler SPHardwareDataType`. +4. Record: + - macOS version: + - Architecture: + - RAM: + - CPU/chip: + - Meets requirements? Why or why not? + +## Quick Check Before Quiz + +You are ready for the OS-10 quiz when you can answer these without looking: +- Can a 32-bit OS run a 64-bit application? +- Which folder holds 32-bit apps on 64-bit Windows? +- What is an ISO? +- Why does VRAM matter? +- Why should business impact be checked before app updates? + diff --git a/notes/OS-11-cloud-productivity-tools.md b/notes/OS-11-cloud-productivity-tools.md new file mode 100644 index 0000000..0152759 --- /dev/null +++ b/notes/OS-11-cloud-productivity-tools.md @@ -0,0 +1,232 @@ +# OS-11: Cloud Productivity Tools + +Status: not started + +Domain: +- 1.0 Operating Systems + +Objective alignment: +- 1.11 Cloud productivity tools + +## What You Need To Know + +Cloud productivity tools move everyday business services from local servers and local apps into cloud-managed services. + +Common examples: +- Email +- Cloud storage +- File synchronization +- Collaboration tools +- Spreadsheets +- Word processing +- Presentations +- Videoconferencing +- Instant messaging/chat +- Identity synchronization +- License assignment + +## Memory Trick + +Use **E-S-C-I-L**: + +- **E**mail +- **S**torage and sync +- **C**ollaboration +- **I**dentity synchronization +- **L**icense assignment + +If the question says "user can access from anywhere," "syncs across devices," or "assign a license to a user," think cloud productivity. + +## Email Systems + +Cloud email: +- Mailbox is hosted by a cloud provider. +- Common examples include Microsoft 365/Exchange Online and Google Workspace/Gmail. +- Often includes spam filtering, malware filtering, redundancy, backups, and centralized management. + +Exam clue: +- If the user can sign in from multiple devices and mail is stored on the provider's servers, it is cloud email. + +## Storage and Synchronization + +Cloud storage: +- Files are stored in a cloud service. +- Common examples include OneDrive, Google Drive, Dropbox, and iCloud Drive. + +Synchronization: +- A local file can be uploaded to the cloud and synced to other devices. +- Sync clients may let you choose which folders are local, cloud-only, or always available offline. + +Memory trick: +- **Sync = same files across systems.** + +Important distinction: +- Local-only file: stored on one device. +- Synced file: copied between local device and cloud. +- Streaming/cloud-only file: visible locally but downloaded on demand. + +## Collaboration Tools + +Collaboration tools let users work together in real time or near real time. + +Examples: +- Shared documents +- Spreadsheets +- Presentations +- Videoconferencing +- Instant messaging +- Shared calendars +- Comments and version history + +Exam clue: +- If multiple users edit or communicate together through the same service, it is collaboration. + +## Identity Synchronization + +Identity synchronization connects user identities across systems. + +Examples: +- Microsoft Entra ID +- Google Identity +- Okta +- Directory sync from on-premises identity to cloud identity + +Why it matters: +- Create or update a user once, and the change can appear in connected cloud services. +- Password and account state may be synchronized depending on configuration. + +Exam clue: +- If the question says "same account works across cloud apps" or "new users appear automatically," think identity sync. + +## License Assignment + +Cloud services often use per-user licenses. + +License assignment: +- Admin assigns a license to a user account. +- The user receives access to apps/services. +- Licenses can often be moved between users. + +Why it matters: +- Easier than tracking physical license keys. +- Prevents wasting unused licenses. +- Centralized license management helps audits and cost control. + +Exam clue: +- If a user can sign in but cannot access an app, check whether the correct license is assigned. + +## Commands To Enter + +Cloud productivity is usually managed in web admin portals, but you can still inspect local sync and network basics. + +Windows: + +```powershell +whoami +``` + +What it does: +- Shows the currently signed-in user. +- Useful when checking identity or account context. + +```powershell +hostname +``` + +What it does: +- Shows the device name. + +```powershell +ipconfig /all +``` + +What it does: +- Shows network and DNS details needed for cloud service connectivity. + +```powershell +dir $env:USERPROFILE +``` + +What it does: +- Lists folders in the current user's profile. +- Look for cloud sync folders such as OneDrive, Dropbox, or Google Drive if installed. + +Linux: + +```bash +whoami +``` + +What it does: +- Shows current user. + +```bash +hostname +``` + +What it does: +- Shows device name. + +```bash +ip addr +``` + +What it does: +- Shows network interface/IP address information. + +```bash +ls ~ +``` + +What it does: +- Lists folders in the current user's home directory. +- Look for cloud sync folders if a sync client is installed. + +macOS, if available: + +```bash +whoami +hostname +ls ~ +``` + +What it does: +- Shows user, device name, and home folder contents. +- Look for iCloud Drive, OneDrive, Dropbox, or Google Drive folders if configured. + +## Mini Lab + +Goal: +- Recognize cloud productivity components and local sync behavior. + +Windows/Linux/macOS: +1. Identify the signed-in user. +2. Identify the device name. +3. Check basic network connectivity. +4. Look in the user's home/profile folder for any cloud sync folders. +5. If you use a cloud storage app, identify whether files are local, online-only, or synced. + +Record: +- Current user: +- Device name: +- Cloud email service used, if any: +- Cloud storage service used, if any: +- Sync folder path: +- Is there an online-only or streaming file option? +- What collaboration tools do you use? +- What account identity do those tools use? + +Admin scenario practice: +- A new employee can sign in but cannot open the company spreadsheet app. What should you check? +- A user saved a file locally but it does not appear on another device. What sync settings should you inspect? +- A user changed departments and now needs a different app set. What licensing/admin action may be needed? + +## Quick Check Before Quiz + +You are ready for the OS-11 quiz when you can answer these without looking: +- What does cloud file synchronization do? +- What is identity synchronization? +- What does license assignment control? +- Why are cloud email services centrally managed? +- What should you check if a user can sign in but cannot use a licensed app? + diff --git a/notes/OS-2-windows-installation-recovery.md b/notes/OS-2-windows-installation-recovery.md new file mode 100644 index 0000000..4e77819 --- /dev/null +++ b/notes/OS-2-windows-installation-recovery.md @@ -0,0 +1,142 @@ +# OS-2: Windows Installation, Boot, and Recovery + +Status: not started + +Domain: +- 1.0 Operating Systems + +## What You Need To Know + +Windows installation questions usually test which method fits the situation. + +Core install types: +- **Clean install**: wipes or replaces the existing OS. Best when starting fresh or when the old OS is badly damaged. +- **Upgrade install**: keeps compatible apps, files, and settings while moving to a newer Windows version. +- **Repair install / in-place repair**: reinstalls Windows system files while trying to keep user data and applications. +- **Image deployment**: applies a prepared OS image to one or many computers. Common in business environments. +- **Network boot / PXE**: boots a computer from the network to install or deploy an OS. + +Boot and recovery questions usually test the first tool to try. + +Common recovery tools: +- **Windows RE**: Windows Recovery Environment. This is the recovery menu used for repair options. +- **Startup Repair**: use when Windows will not boot correctly. +- **System Restore**: rolls system files/settings back to a restore point. It does not restore personal files. +- **Uninstall updates**: useful after a bad Windows update breaks startup. +- **Reset this PC**: reinstalls Windows and can keep or remove user files, depending on the option selected. +- **System image recovery**: restores the computer from a full system image backup. + +## Memory Tricks + +Install choices: +- **Clean = clear the old system.** +- **Upgrade = up but keep stuff.** +- **Image = identical installs.** +- **PXE = Preboot eXecution Environment = boot before local OS.** + +Recovery choices: +- **Startup Repair starts the system again.** +- **System Restore restores settings, not documents.** +- **Image Recovery returns the whole picture.** +- **Reset is the bigger hammer when repair tools fail.** + +## Commands To Enter + +Enter these on Windows PowerShell or Command Prompt: + +```powershell +reagentc /info +``` + +What it does: +- Shows whether Windows Recovery Environment is enabled. +- Useful when checking whether local recovery tools are available. + +```powershell +shutdown /r /o /t 0 +``` + +What it does: +- Restarts Windows directly into Advanced Startup options. +- `/r` means restart. +- `/o` means go to advanced boot options. +- `/t 0` means wait zero seconds. + +```powershell +bcdedit +``` + +What it does: +- Displays Boot Configuration Data. +- Useful for viewing boot loader entries. +- Be careful: changing BCD settings can break boot if done incorrectly. + +```powershell +sfc /scannow +``` + +What it does: +- Scans protected Windows system files and repairs corrupted files when possible. +- Use for suspected Windows system file corruption. + +```powershell +DISM /Online /Cleanup-Image /RestoreHealth +``` + +What it does: +- Repairs the Windows component store used by SFC. +- If SFC cannot repair corruption, DISM is often used before running SFC again. + +Enter these on Linux for comparison practice: + +```bash +lsblk +``` + +What it does: +- Lists block devices such as drives and partitions. +- Useful for understanding disk layout before installation or recovery work. + +```bash +df -h +``` + +What it does: +- Shows mounted file systems and disk usage in human-readable units. + +```bash +sudo reboot +``` + +What it does: +- Restarts the Linux system. +- `sudo` runs the command with administrative privileges. + +## Mini Lab + +Goal: +- Recognize recovery options and practice safe information-gathering commands. + +Windows: +1. Run `reagentc /info`. +2. Record whether Windows RE is enabled. +3. Run `sfc /scannow`. +4. Record whether Windows found integrity violations. +5. Optional: run `DISM /Online /Cleanup-Image /RestoreHealth`. +6. Do not change `bcdedit` settings. Only run `bcdedit` to view current boot entries. + +Linux: +1. Run `lsblk`. +2. Identify the main disk. +3. Run `df -h`. +4. Identify the root filesystem and free space. + +## Quick Check Before Quiz + +You are ready for the OS-2 quiz when you can answer these without looking: +- What install type wipes the old OS? +- What install type keeps compatible files/apps/settings? +- Which recovery tool fixes common boot problems? +- What does System Restore affect? +- What command restarts Windows into Advanced Startup? + diff --git a/notes/OS-3-windows-admin-tools.md b/notes/OS-3-windows-admin-tools.md new file mode 100644 index 0000000..d6ad46d --- /dev/null +++ b/notes/OS-3-windows-admin-tools.md @@ -0,0 +1,200 @@ +# OS-3: Windows Administrative Tools + +Status: not started + +Domain: +- 1.0 Operating Systems + +## What You Need To Know + +The exam often describes a problem and expects you to pick the right Windows tool. + +Core tools: +- **Task Manager**: view running apps/processes, resource use, startup apps, and end unresponsive tasks. +- **Services**: start, stop, restart, disable, or change startup type for Windows services. +- **Event Viewer**: read logs for errors, warnings, failed services, application crashes, security events, and system events. +- **Device Manager**: manage hardware devices, drivers, disabled devices, and driver rollback. +- **Disk Management**: create, format, extend, shrink, and assign drive letters to partitions/volumes. +- **System Configuration (`msconfig`)**: troubleshooting startup configuration and boot options. +- **Local Users and Groups**: manage local users and local group membership. +- **Performance Monitor**: collect detailed performance counters over time. +- **Resource Monitor**: live view of CPU, memory, disk, and network activity. +- **Task Scheduler**: run programs or scripts automatically based on time or events. + +## Memory Tricks + +Use the problem wording: + +- **"What happened?" = Event Viewer** +- **"What hardware/driver?" = Device Manager** +- **"What starts with Windows?" = Task Manager or System Configuration** +- **"What service is stopped?" = Services** +- **"What partition/drive letter?" = Disk Management** +- **"What account/group?" = Local Users and Groups** +- **"What is slow right now?" = Resource Monitor** +- **"What is slow over time?" = Performance Monitor** +- **"Run this automatically" = Task Scheduler** + +## Commands To Enter + +Enter these on Windows PowerShell or Command Prompt: + +```powershell +taskmgr +``` + +What it does: +- Opens Task Manager. +- Use it to view processes, performance, startup apps, and signed-in users. + +```powershell +services.msc +``` + +What it does: +- Opens the Services console. +- Use it to start, stop, restart, disable, or change startup type for services. + +```powershell +eventvwr.msc +``` + +What it does: +- Opens Event Viewer. +- Use it to investigate system, application, setup, and security logs. + +```powershell +devmgmt.msc +``` + +What it does: +- Opens Device Manager. +- Use it to check hardware status and manage drivers. + +```powershell +diskmgmt.msc +``` + +What it does: +- Opens Disk Management. +- Use it to manage partitions, volumes, and drive letters. + +```powershell +msconfig +``` + +What it does: +- Opens System Configuration. +- Use it for boot and startup troubleshooting. + +```powershell +lusrmgr.msc +``` + +What it does: +- Opens Local Users and Groups on supported Windows editions. +- Use it to manage local accounts and group membership. +- This is not available on all Home editions. + +```powershell +perfmon +``` + +What it does: +- Opens Performance Monitor. +- Use it for detailed performance counters and longer-term monitoring. + +```powershell +resmon +``` + +What it does: +- Opens Resource Monitor. +- Use it for live CPU, memory, disk, and network activity. + +```powershell +taskschd.msc +``` + +What it does: +- Opens Task Scheduler. +- Use it to create, view, and troubleshoot scheduled tasks. + +Linux comparison commands: + +```bash +ps aux +``` + +What it does: +- Lists running processes. + +```bash +top +``` + +What it does: +- Shows live process and resource usage. + +```bash +systemctl status +``` + +What it does: +- Shows systemd service manager status. +- You can also check a specific service, such as `systemctl status ssh`. + +```bash +journalctl -p err +``` + +What it does: +- Shows systemd journal entries with error priority. + +```bash +lsblk +``` + +What it does: +- Lists disks and partitions. + +## Mini Lab + +Goal: +- Match tools to symptoms and practice safe viewing commands. + +Windows: +1. Open Task Manager with `taskmgr`. +2. Open Event Viewer with `eventvwr.msc`. +3. In Event Viewer, view Windows Logs > System. +4. Open Device Manager with `devmgmt.msc`. +5. Open Disk Management with `diskmgmt.msc`. +6. Open Resource Monitor with `resmon`. +7. Record which tool you would use for: + - Failed service startup: + - Missing driver: + - Drive letter change: + - Slow disk right now: + - Long-term CPU tracking: + +Linux: +1. Run `ps aux`. +2. Run `top`, then press `q` to quit. +3. Run `systemctl status`. +4. Run `journalctl -p err`. +5. Run `lsblk`. +6. Record the Linux command closest to: + - Task Manager: + - Event Viewer: + - Services: + - Disk Management: + +## Quick Check Before Quiz + +You are ready for the OS-3 quiz when you can answer these without looking: +- Which tool shows Windows logs? +- Which tool manages drivers? +- Which tool manages partitions and drive letters? +- Which tool shows live resource usage? +- Which tool runs jobs automatically? + diff --git a/notes/OS-4-windows-command-line.md b/notes/OS-4-windows-command-line.md new file mode 100644 index 0000000..c91f7d3 --- /dev/null +++ b/notes/OS-4-windows-command-line.md @@ -0,0 +1,343 @@ +# OS-4: Windows Command Line + +Status: not started + +Domain: +- 1.0 Operating Systems + +Objective alignment: +- 1.5 Windows command-line tools +- 1.7 Windows networking basics +- 3.1 Windows troubleshooting support + +## What You Need To Know + +Core 2 command questions usually ask, "Which command would you use?" + +Think in buckets: +- **Navigation**: move around files and folders. +- **Network**: check IP address, connectivity, DNS, routes, and connections. +- **Disk/file repair**: check file systems and system files. +- **Identity/system info**: computer name, signed-in user, Windows version. +- **Group Policy**: update or report applied policies. +- **Help**: find command syntax. + +Some commands are safe to run anytime. Others can change disks or files, so use them carefully. + +## Memory Tricks + +- **`ipconfig` = IP configuration.** +- **`ping` = "Are you alive?"** +- **`tracert` = trace route.** +- **`nslookup` = name server lookup.** +- **`netstat` = network statistics.** +- **`chkdsk` = check disk.** +- **`sfc` = system file checker.** +- **`gpupdate` = Group Policy update.** +- **`gpresult` = Group Policy result.** +- **`/?` = "How do I use this?"** + +## Commands To Enter + +Enter these on Windows PowerShell or Command Prompt. + +### Navigation + +```powershell +dir +``` + +What it does: +- Lists files and folders in the current directory. +- Similar Linux command: `ls`. + +```powershell +cd +``` + +What it does: +- Shows or changes the current directory. +- `cd ..` moves up one folder. + +```powershell +mkdir test-folder +``` + +What it does: +- Creates a folder named `test-folder`. +- `md` does the same thing. + +```powershell +rmdir test-folder +``` + +What it does: +- Removes an empty folder. +- `rd` does the same thing. + +### Network + +```powershell +ipconfig +``` + +What it does: +- Shows IP address, subnet mask, and default gateway for network adapters. + +```powershell +ipconfig /all +``` + +What it does: +- Shows detailed adapter info, including MAC address, DNS servers, DHCP status, and lease details. + +```powershell +ping 127.0.0.1 +``` + +What it does: +- Tests the local TCP/IP stack using the loopback address. +- If this fails, the local networking stack has a problem. + +```powershell +ping 8.8.8.8 +``` + +What it does: +- Tests basic IP connectivity to an external address. +- If this works but names do not, suspect DNS. + +```powershell +nslookup example.com +``` + +What it does: +- Queries DNS for a hostname. +- Useful when websites fail by name but IP connectivity works. + +```powershell +tracert example.com +``` + +What it does: +- Shows the router hops toward a destination. +- Useful for finding where a path may stop. + +```powershell +pathping example.com +``` + +What it does: +- Combines route tracing with packet-loss statistics. +- Takes longer than `tracert`. + +```powershell +netstat -ano +``` + +What it does: +- Shows active connections and listening ports. +- `-a` shows all connections/listeners. +- `-n` keeps addresses numeric. +- `-o` shows process IDs. + +### Disk and File Repair + +```powershell +chkdsk +``` + +What it does: +- Checks the disk file system status. + +```powershell +chkdsk /f +``` + +What it does: +- Fixes logical file system errors. +- May need to run at startup if the drive is locked. + +```powershell +chkdsk /r +``` + +What it does: +- Looks for bad sectors and recovers readable information. +- Includes `/f`. +- Can take a long time. + +```powershell +sfc /scannow +``` + +What it does: +- Scans protected Windows system files and repairs them when possible. + +### Identity and System Info + +```powershell +hostname +``` + +What it does: +- Shows the computer name. + +```powershell +whoami +``` + +What it does: +- Shows the current user. + +```powershell +whoami /all +``` + +What it does: +- Shows current user, groups, privileges, and security identifier details. + +```powershell +winver +``` + +What it does: +- Opens the Windows version/build dialog. + +### Group Policy + +```powershell +gpupdate /force +``` + +What it does: +- Forces a Group Policy refresh. +- Most relevant on domain-joined business systems. + +```powershell +gpresult /r +``` + +What it does: +- Shows Resultant Set of Policy summary for the user/computer. +- Use it to verify what policies applied. + +### Help + +```powershell +ipconfig /? +``` + +What it does: +- Shows help and syntax for `ipconfig`. +- Most Windows commands support `/?`. + +```powershell +help dir +``` + +What it does: +- Shows help for the `dir` command. + +## Commands To Know But Treat Carefully + +```powershell +format +``` + +What it does: +- Formats a volume. +- Warning: this can erase data. + +```powershell +diskpart +``` + +What it does: +- Opens a powerful disk partitioning tool. +- Warning: incorrect commands can erase partitions or make a system unbootable. + +```powershell +robocopy +``` + +What it does: +- Copies files and folders robustly. +- Useful for backups and migrations. +- Be careful with mirror options because they can delete destination files. + +## Linux Comparison Commands + +```bash +ls +pwd +cd +mkdir test-folder +rmdir test-folder +ip addr +ping 127.0.0.1 +traceroute example.com +dig example.com +df -h +du -h +ps aux +top +``` + +Why this matters: +- Linux command practice helps you understand the same troubleshooting ideas across operating systems. +- Exact commands differ, but the goal is often the same: identify the system, check network state, inspect storage, and view running processes. + +## Mini Lab + +Goal: +- Practice safe command-line troubleshooting. + +Windows: +1. Run `hostname`. +2. Run `whoami`. +3. Run `winver`. +4. Run `ipconfig`. +5. Run `ipconfig /all`. +6. Run `ping 127.0.0.1`. +7. Run `nslookup example.com`. +8. Run `netstat -ano`. +9. Run `sfc /scannow`. +10. Run `ipconfig /?`. + +Record: +- Computer name: +- Current user: +- IPv4 address: +- Default gateway: +- DNS server: +- Did loopback ping work? +- Did DNS lookup work? +- One listening port from `netstat -ano`: + +Linux: +1. Run `hostname`. +2. Run `whoami`. +3. Run `ip addr`. +4. Run `ping -c 4 127.0.0.1`. +5. Run `df -h`. +6. Run `ps aux`. +7. Run `top`, then press `q`. + +Record: +- Hostname: +- Current user: +- IP address: +- Root filesystem free space: +- One running process: + +## Quick Check Before Quiz + +You are ready for the OS-4 quiz when you can answer these without looking: +- Which command shows full Windows IP configuration? +- Which command tests DNS name resolution? +- Which command shows active connections and process IDs? +- Which command repairs protected Windows system files? +- Which command forces Group Policy refresh? +- Which commands can erase data if misused? + diff --git a/notes/OS-5-os-types-filesystems.md b/notes/OS-5-os-types-filesystems.md new file mode 100644 index 0000000..6ab8ddc --- /dev/null +++ b/notes/OS-5-os-types-filesystems.md @@ -0,0 +1,186 @@ +# OS-5: OS Types and File Systems + +Status: strong + +Domain: +- 1.0 Operating Systems + +Objective alignment: +- 1.1 Operating system types and file systems + +## What You Need To Know + +An operating system sits between the user, applications, and hardware. + +It handles: +- Files and folders +- Application support +- Memory use +- Input and output devices +- Drivers +- User interface +- System settings and updates + +For the exam, know the personality of each OS family. + +## OS Type Shortcuts + +Windows: +- Common in business and consumer PCs. +- Broad hardware and software support. +- Big target for malware because it is widely used. + +Linux: +- Open-source and common on servers, development systems, and technical workstations. +- Many distributions, such as Ubuntu, Debian, Fedora, and Red Hat. +- Strong command-line culture. + +macOS: +- Apple desktop/laptop OS. +- Runs on Apple hardware. +- You need conceptual knowledge, but no Mac lab is required for our study plan. + +ChromeOS: +- Google OS based on the Linux kernel. +- Web/cloud-focused. +- Common on Chromebooks. + +iOS/iPadOS: +- Apple mobile/tablet OS. +- Apps normally come through Apple's App Store. + +Android: +- Linux-based mobile OS. +- Used by many manufacturers. +- Apps can come from Google Play and, depending on policy/settings, other app stores. + +## Memory Trick + +Use **W-L-M-C-I-A**: + +- **W**indows: workplace and wide support +- **L**inux: lots of distributions +- **M**ac: manufactured by Apple +- **C**hromeOS: cloud-centered +- **I**OS/iPadOS: inside Apple's app store +- **A**ndroid: available across many manufacturers + +## File Systems + +A file system is the format used to organize data on a storage device. + +Common file systems: +- **NTFS**: modern Windows file system. Supports permissions, encryption, compression, large files, and recoverability. +- **ReFS**: newer Microsoft file system focused on resiliency and large storage use cases. +- **FAT32**: older and broadly compatible, but has a 4 GB max file size. +- **exFAT**: good for flash drives and cross-platform file transfer; supports files larger than 4 GB. +- **ext4**: common Linux file system. +- **XFS**: high-performance Linux file system, often used for large-scale storage. +- **APFS**: Apple file system for modern macOS/iOS/iPadOS devices. + +## File System Memory Tricks + +- **NTFS = New Technology For Security**: Windows permissions and encryption. +- **FAT32 = Four GB wall**: single files cannot exceed 4 GB. +- **exFAT = EXternal flash-friendly FAT**: good for USB drives across OSs. +- **ext4 = Linux everyday default**: common Linux file system. +- **APFS = Apple Prefers Flash Storage**: Apple modern file system. +- **ReFS = Resilient File System**: built for resiliency. + +## Commands To Enter + +Windows: + +```powershell +fsutil fsinfo drives +``` + +What it does: +- Lists available drives. + +```powershell +fsutil fsinfo volumeinfo C: +``` + +What it does: +- Shows file-system information for the C: volume. +- You may need an elevated terminal. + +```powershell +wmic logicaldisk get caption,filesystem,size,freespace +``` + +What it does: +- Lists drive letters, file systems, sizes, and free space. + +```powershell +Get-Volume +``` + +What it does: +- PowerShell command that shows volumes, drive letters, labels, file systems, and health status. + +Linux: + +```bash +df -T +``` + +What it does: +- Shows mounted file systems and their types. + +```bash +lsblk -f +``` + +What it does: +- Lists block devices with file-system information. + +```bash +cat /etc/os-release +``` + +What it does: +- Shows Linux distribution information. + +```bash +uname -a +``` + +What it does: +- Shows kernel and architecture information. + +## Mini Lab + +Goal: +- Identify the OS family and file system in use. + +Windows: +1. Run `winver`. +2. Run `wmic logicaldisk get caption,filesystem,size,freespace`. +3. Run `Get-Volume` in PowerShell. +4. Record: + - Windows version: + - Main drive letter: + - Main drive file system: + - Free space: + +Linux: +1. Run `cat /etc/os-release`. +2. Run `uname -a`. +3. Run `df -T`. +4. Run `lsblk -f`. +5. Record: + - Distribution: + - Kernel: + - Root file system type: + - Main disk/partition: + +## Quick Check Before Quiz + +You are ready for the OS-5 quiz when you can answer these without looking: +- Which file system is common for modern Windows? +- Which file system has a 4 GB single-file limit? +- Which file system is common for Linux? +- Which OS is cloud/browser-centered? +- Which mobile OS is used by many manufacturers? diff --git a/notes/OS-6-windows-control-panel-settings.md b/notes/OS-6-windows-control-panel-settings.md new file mode 100644 index 0000000..147763b --- /dev/null +++ b/notes/OS-6-windows-control-panel-settings.md @@ -0,0 +1,248 @@ +# OS-6: Windows Control Panel and Settings + +Status: not started + +Domain: +- 1.0 Operating Systems + +Objective alignment: +- 1.6 Windows Control Panel and Settings + +## What You Need To Know + +This objective is about knowing where to configure Windows features. + +Windows has two major configuration areas: +- **Control Panel**: older interface, still used for many classic tools. +- **Settings app**: newer interface, used for most daily configuration. + +Exam questions usually describe a task and ask where you should go. + +## Memory Trick + +Use **"Old Control, New Settings"**: + +- If it sounds like an older Windows admin item, think Control Panel or `.cpl`. +- If it sounds like modern user preferences, think Settings. + +Another shortcut: +- **Hardware problem? Device Manager.** +- **Power/sleep/lid? Power Options.** +- **Hidden files/extensions? File Explorer Options.** +- **Installed apps? Apps / Programs and Features.** +- **Printers? Devices and Printers or Settings > Bluetooth & devices.** +- **Windows updates? Update and Security / Windows Update.** +- **Clock/language? Time and Language.** + +## Control Panel Areas To Know + +Internet Options: +- Browser-related legacy settings such as security zones, privacy, and connections. + +Devices and Printers: +- View and manage printers and connected devices. + +Programs and Features: +- Uninstall or change installed desktop applications. +- Turn Windows features on or off. + +Network and Sharing Center: +- View network status and adapter settings. + +Windows Defender Firewall: +- Enable/disable firewall profiles and allow apps through the firewall. + +User Accounts: +- Manage local user account settings. + +Device Manager: +- Manage hardware and drivers. + +Indexing Options: +- Choose locations Windows indexes for faster search. + +Power Options: +- Sleep, hibernate, lid behavior, power plans, USB selective suspend, and Fast Startup. + +File Explorer Options: +- Show hidden files, show file extensions, and change search/view behavior. + +Ease of Access: +- Accessibility settings for display, keyboard, mouse, narrator, and other input/output needs. + +## Settings App Areas To Know + +System: +- Display, sound, notifications, power, storage, and about information. + +Bluetooth and devices: +- Bluetooth, printers, mouse, typing, pen, and connected devices. + +Network and Internet: +- Wi-Fi, Ethernet, VPN, proxy, metered network, and IP settings. + +Personalization: +- Wallpaper, colors, lock screen, themes, and Start/taskbar preferences. + +Apps: +- Installed apps, default apps, optional features, and app settings. + +Accounts: +- Microsoft account/local account, email accounts, sign-in options, PIN, password, and security key. + +Time and Language: +- Date/time, region, language, and keyboard options. + +Privacy and Security: +- App permissions, privacy controls, Windows Security, and security-related settings. + +Windows Update: +- Updates, active hours, update history, and restart scheduling. + +## Commands To Enter + +Windows commands: + +```powershell +control +``` + +What it does: +- Opens Control Panel. + +```powershell +ms-settings: +``` + +What it does: +- Opens the Windows Settings app. + +```powershell +appwiz.cpl +``` + +What it does: +- Opens Programs and Features. +- Use this to uninstall or change classic desktop apps. + +```powershell +ncpa.cpl +``` + +What it does: +- Opens Network Connections. +- Use this to view or change network adapters. + +```powershell +firewall.cpl +``` + +What it does: +- Opens Windows Defender Firewall. + +```powershell +powercfg.cpl +``` + +What it does: +- Opens Power Options. + +```powershell +inetcpl.cpl +``` + +What it does: +- Opens Internet Options. + +```powershell +control printers +``` + +What it does: +- Opens Devices and Printers. + +```powershell +control folders +``` + +What it does: +- Opens File Explorer Options. + +```powershell +devmgmt.msc +``` + +What it does: +- Opens Device Manager. + +Linux comparison commands: + +```bash +gnome-control-center +``` + +What it does: +- Opens GNOME Settings on Linux systems that use GNOME. +- May not be installed on every Linux distribution. + +```bash +nm-connection-editor +``` + +What it does: +- Opens a graphical network connection editor on many Linux desktops. +- May not be installed on every Linux distribution. + +```bash +timedatectl +``` + +What it does: +- Shows or configures Linux time/date settings. + +## Mini Lab + +Goal: +- Learn where Windows settings live. + +Windows: +1. Run `control`. +2. Run `ms-settings:`. +3. Run `appwiz.cpl`. +4. Run `ncpa.cpl`. +5. Run `firewall.cpl`. +6. Run `powercfg.cpl`. +7. Run `control printers`. +8. Run `control folders`. +9. Run `devmgmt.msc`. + +Record the best place to configure: +- Uninstall a desktop app: +- Change a network adapter: +- Allow an app through firewall: +- Change what closing a laptop lid does: +- Show hidden files: +- Manage a printer: +- Fix a driver problem: +- Change date/time or language: +- Change default apps: + +Linux: +1. Run `timedatectl`. +2. If using GNOME, run `gnome-control-center`. +3. Optional: run `nm-connection-editor`. + +Record: +- Current time zone: +- Network settings tool available: +- Desktop settings tool available: + +## Quick Check Before Quiz + +You are ready for the OS-6 quiz when you can answer these without looking: +- Where do you uninstall classic desktop apps? +- Where do you change adapter settings? +- Where do you show hidden files and extensions? +- Where do you change sleep/hibernate/lid behavior? +- Where do you manage drivers? + diff --git a/notes/OS-7-windows-networking.md b/notes/OS-7-windows-networking.md new file mode 100644 index 0000000..2fdcb88 --- /dev/null +++ b/notes/OS-7-windows-networking.md @@ -0,0 +1,283 @@ +# OS-7: Windows Networking + +Status: not started + +Domain: +- 1.0 Operating Systems + +Objective alignment: +- 1.7 Windows networking +- 1.5 Windows network command-line support + +## What You Need To Know + +Windows networking questions usually describe one of these tasks: +- Join or compare a workgroup/domain. +- Share a folder or printer. +- Map a network drive. +- Configure firewall exceptions. +- Configure IP settings. +- Choose public/private network profile. +- Configure VPN, Wi-Fi, proxy, WWAN, or metered connection. + +## Memory Tricks + +Use **D-S-F-I-P**: + +- **D**omain/workgroup: who manages login? +- **S**hares: folder/printer access. +- **F**irewall: allow/block traffic. +- **I**P settings: address, mask, gateway, DNS. +- **P**rofile/proxy/VPN: how traffic is treated. + +Network profile: +- **Private = trusted = sharing allowed.** +- **Public = untrusted = sharing restricted.** + +IP troubleshooting: +- **169.254 = APIPA = DHCP failed.** +- **127.0.0.1 = loopback = local TCP/IP test.** + +## Workgroup vs Domain + +Workgroup: +- Small peer-to-peer network. +- Each PC manages its own local users and permissions. +- No centralized authentication. + +Domain: +- Business network with centralized authentication and management. +- Usually uses Active Directory. +- Supports Group Policy. +- Requires Windows Pro or higher to join a domain. + +## Shared Resources + +Shared folder: +- Makes a folder available over the network. +- Uses a UNC path like `\\server\share`. + +Mapped drive: +- Assigns a drive letter to a network share. +- Example: map `H:` to `\\server\shared`. + +Hidden share: +- Share name ends in `$`. +- Example: `\\server\share$`. +- It hides the share from browsing but is not real security. + +Shared printer: +- Makes a printer available to other users. +- Can be added from Settings, Control Panel, or a shared path. + +## Firewall Concepts + +Windows Defender Firewall should normally stay enabled. + +Firewall exception types: +- Allow an app or feature. +- Allow/block a port. +- Use a predefined rule. +- Create a custom rule. + +Network profiles: +- Public profile: stricter, for public Wi-Fi. +- Private profile: more trusted, allows more discovery/sharing. + +## IP Addressing + +DHCP: +- Automatically assigns IP settings. +- Default behavior on most clients. + +Static IP: +- Manually configured IP address, subnet mask, gateway, and DNS. +- Used when a device needs a fixed address. + +APIPA: +- Automatic Private IP Addressing. +- Address range starts with `169.254`. +- Means the client did not get DHCP and usually has no internet access. + +Core fields: +- IP address: device address. +- Subnet mask: local network boundary. +- Default gateway: route off the local network. +- DNS server: converts names to IP addresses. + +## Connection Types + +Wired: +- Ethernet cable. +- Usually stable and fast. + +Wireless: +- Wi-Fi using SSID, security type, encryption, and key. + +VPN: +- Encrypted connection to a private network. +- Often used for work access. +- May use MFA such as smart card, authenticator app, or token. + +WWAN: +- Cellular data connection. +- May use built-in modem, USB modem, tethering, or hotspot. + +Proxy: +- A go-between for web/internet traffic. +- Configured in Settings > Network and Internet or Internet Options. + +Metered connection: +- Tells Windows to reduce data use. +- Useful for cellular/hotspot/limited data networks. + +## Commands To Enter + +Windows: + +```powershell +ipconfig +``` + +What it does: +- Shows IP address, subnet mask, and default gateway. + +```powershell +ipconfig /all +``` + +What it does: +- Shows detailed network configuration, including DNS, DHCP, and MAC address. + +```powershell +ping 127.0.0.1 +``` + +What it does: +- Tests local TCP/IP stack. + +```powershell +ping 8.8.8.8 +``` + +What it does: +- Tests external IP connectivity. + +```powershell +nslookup example.com +``` + +What it does: +- Tests DNS name resolution. + +```powershell +net use +``` + +What it does: +- Shows mapped network drives and network connections. + +```powershell +net use H: \\server\share +``` + +What it does: +- Maps drive `H:` to a network share. +- Replace `\\server\share` with a real share in your environment. + +```powershell +net use H: /delete +``` + +What it does: +- Removes the mapped drive `H:`. + +```powershell +ncpa.cpl +``` + +What it does: +- Opens Network Connections. + +```powershell +firewall.cpl +``` + +What it does: +- Opens Windows Defender Firewall. + +Linux comparison: + +```bash +ip addr +``` + +What it does: +- Shows Linux network interfaces and IP addresses. + +```bash +ip route +``` + +What it does: +- Shows routing table, including default gateway. + +```bash +cat /etc/resolv.conf +``` + +What it does: +- Shows DNS resolver configuration on many Linux systems. + +```bash +ping -c 4 127.0.0.1 +``` + +What it does: +- Tests local TCP/IP stack. + +## Mini Lab + +Goal: +- Identify IP settings, network profile concepts, firewall location, and mapped-drive syntax. + +Windows: +1. Run `ipconfig`. +2. Run `ipconfig /all`. +3. Run `ping 127.0.0.1`. +4. Run `nslookup example.com`. +5. Run `net use`. +6. Run `ncpa.cpl`. +7. Run `firewall.cpl`. + +Record: +- IPv4 address: +- Subnet mask: +- Default gateway: +- DNS server: +- DHCP enabled: +- Any mapped drives: +- Current network adapter name: +- Where firewall profile settings are located: + +Linux: +1. Run `ip addr`. +2. Run `ip route`. +3. Run `cat /etc/resolv.conf`. +4. Run `ping -c 4 127.0.0.1`. + +Record: +- IP address: +- Default gateway: +- DNS server: +- Loopback ping result: + +## Quick Check Before Quiz + +You are ready for the OS-7 quiz when you can answer these without looking: +- What does a `169.254.x.x` address usually mean? +- Which network profile is safest for public Wi-Fi? +- What does `net use` do? +- What settings are required for a static IP? +- What does DNS do? + diff --git a/notes/OS-8-macos-tools-features.md b/notes/OS-8-macos-tools-features.md new file mode 100644 index 0000000..5e5979a --- /dev/null +++ b/notes/OS-8-macos-tools-features.md @@ -0,0 +1,253 @@ +# OS-8: macOS Tools and Features + +Status: not started + +Domain: +- 1.0 Operating Systems + +Objective alignment: +- 1.8 macOS tools and features + +## What You Need To Know + +You may not use macOS daily, but the exam expects you to recognize common macOS tools, file types, folders, and features. + +Focus on matching the macOS term to its job. + +## Memory Trick + +Use **F-D-T-K-S-I**: + +- **F**inder: files +- **D**isk Utility: disks +- **T**ime Machine: backups +- **K**eychain: passwords/certificates +- **S**potlight: search +- **I**Cloud: sync + +Security shortcut: +- **FileVault = full disk encryption** +- **Privacy = app permissions** +- **Rapid Security Response = urgent Apple security patches** + +## macOS File Types + +`.dmg`: +- Apple disk image. +- Mounts like a virtual drive. + +`.pkg`: +- Installer package. +- Runs an installation process. + +`.app`: +- Application bundle. +- Often removed by dragging to Trash, though some apps include uninstallers. + +## macOS Folders + +`/Applications`: +- Installed apps. + +`/Users`: +- User home folders. + +`/Library`: +- System-wide support files. + +`~/Library`: +- User-specific support files and preferences. +- `~` means the current user's home folder. + +`/System`: +- Core operating system files. + +## macOS Tools and Features + +System Settings: +- macOS equivalent of the Windows Settings app/Control Panel. +- Used for display, network, privacy, accessibility, updates, accounts, and more. + +Finder: +- macOS file manager. +- Similar idea to Windows File Explorer. + +Dock: +- Quick app launcher and running-app indicator. + +Spotlight: +- Search for apps, files, settings, and information. +- Shortcut: `Command-Space`. + +Mission Control: +- Shows open windows and desktops. + +Spaces: +- Multiple virtual desktops. + +Keychain Access: +- Stores passwords, certificates, keys, and secure notes. + +iCloud: +- Apple cloud sync for files, photos, contacts, calendars, messages, device backup, and cross-device integration. + +Time Machine: +- Built-in macOS backup tool. +- Creates automatic backups and removes oldest backups when the backup disk fills. + +Disk Utility: +- Manage disks, partitions, images, erasing, verifying, and repairing file systems. + +FileVault: +- Full disk encryption for macOS. + +Terminal: +- Command-line access to macOS. + +Force Quit: +- Stops an unresponsive application. +- Shortcut: `Command-Option-Escape`. + +Continuity: +- Apple cross-device features such as AirDrop, iPhone camera use, message forwarding, and handoff-style workflows. + +Gestures: +- Trackpad actions such as swiping, pinching, and multi-finger controls. + +Remote Disc: +- Uses an optical drive from another computer. +- Mostly a legacy feature, but still an exam term. + +## Commands To Enter On A Mac + +Run these in Terminal when you have access to your friend's Mac. + +```bash +sw_vers +``` + +What it does: +- Shows macOS product name, version, and build. + +```bash +uname -a +``` + +What it does: +- Shows kernel and architecture information. + +```bash +whoami +``` + +What it does: +- Shows the current user. + +```bash +pwd +``` + +What it does: +- Shows the current directory. + +```bash +ls /Applications +``` + +What it does: +- Lists installed applications in `/Applications`. + +```bash +ls /Users +``` + +What it does: +- Lists user home folders. + +```bash +diskutil list +``` + +What it does: +- Lists disks and partitions. + +```bash +tmutil status +``` + +What it does: +- Shows Time Machine backup status. + +```bash +fdesetup status +``` + +What it does: +- Shows whether FileVault is enabled. + +## Windows/Linux Comparisons + +Finder: +- Windows comparison: File Explorer. +- Linux comparison: Files/Nautilus, Dolphin, or another file manager. + +System Settings: +- Windows comparison: Settings and Control Panel. +- Linux comparison: GNOME Settings or KDE System Settings. + +Terminal: +- Windows comparison: Command Prompt, PowerShell, Windows Terminal. +- Linux comparison: Terminal. + +Disk Utility: +- Windows comparison: Disk Management. +- Linux comparison: `lsblk`, `fdisk`, GNOME Disks. + +Time Machine: +- Windows comparison: File History, Backup and Restore, system image concepts. +- Linux comparison: distribution-specific backup tools or `rsync`-based workflows. + +FileVault: +- Windows comparison: BitLocker. +- Linux comparison: LUKS/disk encryption. + +## Mini Lab + +Goal: +- Recognize macOS tools by doing safe lookups and comparisons. + +On macOS: +1. Open Finder and identify `/Applications` and `/Users`. +2. Open System Settings. +3. Search System Settings for `FileVault`. +4. Search System Settings for `Time Machine`. +5. Open Spotlight with `Command-Space` and search for `Disk Utility`. +6. Open Terminal. +7. Run `sw_vers`. +8. Run `diskutil list`. +9. Run `tmutil status`. +10. Run `fdesetup status`. + +Record: +- macOS version: +- Current user: +- FileVault status: +- Time Machine status: +- Main disk name: +- Where app privacy permissions are configured: + +Without a Mac: +1. Review the macOS term list. +2. Match each macOS term to a Windows or Linux equivalent. +3. Practice the OS-8 quiz. + +## Quick Check Before Quiz + +You are ready for the OS-8 quiz when you can answer these without looking: +- What does Time Machine do? +- What does FileVault do? +- What does Keychain store? +- What is Finder comparable to in Windows? +- Which shortcut opens Force Quit? +- Which command shows macOS version? + diff --git a/notes/OS-9-linux-client-tools.md b/notes/OS-9-linux-client-tools.md new file mode 100644 index 0000000..f271aba --- /dev/null +++ b/notes/OS-9-linux-client-tools.md @@ -0,0 +1,347 @@ +# OS-9: Linux Client Tools + +Status: not started + +Domain: +- 1.0 Operating Systems + +Objective alignment: +- 1.9 Linux client tools + +## What You Need To Know + +Linux questions on Core 2 usually test: +- Basic file navigation +- Permissions and ownership +- Important configuration files +- Package managers +- Network commands +- Process and disk usage commands +- The difference between normal user and root/admin actions + +## Memory Tricks + +Command buckets: +- **Files**: `ls`, `pwd`, `mv`, `cp`, `rm`, `find`, `cat` +- **Permissions**: `chmod`, `chown`, `sudo`, `su` +- **Network**: `ip`, `ping`, `curl`, `dig`, `traceroute` +- **System**: `top`, `ps`, `df`, `du`, `mount`, `fsck` +- **Help**: `man` + +Key files: +- `/etc/passwd`: user account list +- `/etc/shadow`: password hashes +- `/etc/hosts`: local name-to-IP mappings +- `/etc/resolv.conf`: DNS resolver settings +- `/etc/fstab`: file systems mounted at boot + +Memory hook: +- **PASS users, SHADOW passwords, HOSTS names, RESOLV DNS, FSTAB mounts.** + +## Linux Concepts + +Root: +- The all-powerful administrative account. +- User ID `0`. + +`sudo`: +- Runs one command with elevated privileges. +- Safer than staying logged in as root. + +`su`: +- Switches to another user, often root. +- You remain that user until you exit. + +Kernel: +- Core of the operating system. +- Manages hardware, memory, and processes. + +Bootloader: +- Starts the operating system during boot. + +systemd: +- System and service manager. +- Starts and manages services, login sessions, logging, and other system processes. + +## Commands To Enter + +Safe commands: + +```bash +pwd +``` + +What it does: +- Prints the current working directory. + +```bash +ls +``` + +What it does: +- Lists files and directories. + +```bash +ls -l +``` + +What it does: +- Lists files with permissions, owner, group, size, and date. + +```bash +cat /etc/os-release +``` + +What it does: +- Shows Linux distribution details. + +```bash +cat /etc/passwd +``` + +What it does: +- Shows local user account entries. +- Each line includes username, UID, GID, home directory, and shell. + +```bash +cat /etc/hosts +``` + +What it does: +- Shows local hostname-to-IP mappings. + +```bash +cat /etc/resolv.conf +``` + +What it does: +- Shows DNS resolver settings. + +```bash +cat /etc/fstab +``` + +What it does: +- Shows file systems configured to mount at startup. + +```bash +grep root /etc/passwd +``` + +What it does: +- Searches `/etc/passwd` for lines containing `root`. + +```bash +find . -name "*.txt" +``` + +What it does: +- Finds `.txt` files under the current directory. + +```bash +ip addr +``` + +What it does: +- Shows network interfaces and IP addresses. + +```bash +ip route +``` + +What it does: +- Shows routes, including the default gateway. + +```bash +ping -c 4 127.0.0.1 +``` + +What it does: +- Sends four pings to the local loopback address. + +```bash +curl https://example.com +``` + +What it does: +- Retrieves data from a URL. + +```bash +dig example.com +``` + +What it does: +- Queries DNS for detailed domain information. +- If `dig` is not installed, try `nslookup example.com`. + +```bash +traceroute example.com +``` + +What it does: +- Shows the route packets take to a destination. +- If not installed, use `tracepath example.com` if available. + +```bash +top +``` + +What it does: +- Shows live process and resource usage. +- Press `q` to quit. + +```bash +ps aux +``` + +What it does: +- Shows running processes. + +```bash +df -h +``` + +What it does: +- Shows mounted file systems and free space in human-readable units. + +```bash +du -h +``` + +What it does: +- Shows disk usage for files/directories. + +```bash +man grep +``` + +What it does: +- Opens the manual page for `grep`. +- Press `q` to quit. + +## Practice File Commands + +Use these in a temporary folder: + +```bash +mkdir linux-practice +cd linux-practice +echo "Core 2 Linux practice" > notes.txt +cp notes.txt copy.txt +mv copy.txt renamed.txt +ls -l +grep Linux notes.txt +chmod u+x renamed.txt +ls -l +cd .. +rm -r linux-practice +``` + +What they do: +- `mkdir` creates a directory. +- `cd` changes directory. +- `echo ... > file` writes text to a file. +- `cp` copies a file. +- `mv` moves or renames a file. +- `grep` searches inside a file. +- `chmod u+x` adds execute permission for the owner. +- `rm -r` removes a directory and its contents. + +## Admin Commands To Know + +Do not run these casually on important systems: + +```bash +sudo chown user:group file +``` + +What it does: +- Changes file owner/group. + +```bash +sudo apt update +sudo apt install package-name +``` + +What it does: +- Updates package lists and installs software on Debian/Ubuntu-based systems. + +```bash +sudo dnf install package-name +``` + +What it does: +- Installs software on Fedora/Red Hat-based systems. + +```bash +sudo fsck /dev/device +``` + +What it does: +- Checks and repairs a file system. +- Usually run on unmounted or read-only volumes. + +```bash +sudo mount /dev/device /mnt +``` + +What it does: +- Mounts a storage device to a directory. + +## Windows Comparisons + +- `ls` is like `dir`. +- `pwd` is like checking your current path in Command Prompt/PowerShell. +- `top` and `ps` are like Task Manager process views. +- `df -h` is like checking drive free space. +- `fsck` is like `chkdsk`. +- `traceroute` is like Windows `tracert`. +- `dig` is like `nslookup`, but usually more detailed. + +## Mini Lab + +Goal: +- Practice common Linux commands safely. + +Linux: +1. Run `cat /etc/os-release`. +2. Run `pwd`. +3. Run `ls -l`. +4. Run `cat /etc/passwd`. +5. Run `cat /etc/hosts`. +6. Run `cat /etc/resolv.conf`. +7. Run `ip addr`. +8. Run `ip route`. +9. Run `df -h`. +10. Run `ps aux`. +11. Run `top`, then press `q`. +12. Create and remove the `linux-practice` folder from the practice command section. + +Record: +- Distribution: +- Current directory: +- Current user: +- DNS server: +- Default gateway: +- Root filesystem free space: +- One running process: +- What permission changed after `chmod u+x`: + +Windows comparison: +1. Run `dir`. +2. Run `taskmgr`. +3. Run `tracert example.com`. +4. Run `nslookup example.com`. +5. Record which Linux commands match those Windows tools. + +## Quick Check Before Quiz + +You are ready for the OS-9 quiz when you can answer these without looking: +- Which file lists user accounts? +- Which file stores password hashes? +- Which command changes file permissions? +- Which command shows live process/resource usage? +- Which command shows disk free space? +- Which package manager is common on Ubuntu/Debian? +- Which command gives help/manual pages? + diff --git a/notes/SEC-1-security-controls.md b/notes/SEC-1-security-controls.md new file mode 100644 index 0000000..6cd73d5 --- /dev/null +++ b/notes/SEC-1-security-controls.md @@ -0,0 +1,291 @@ +# SEC-1: Security Controls + +Status: not started + +Domain: +- 2.0 Security + +Objective alignment: +- 2.1 Security controls + +## What You Need To Know + +Security controls reduce risk. Core 2 expects you to match the control to the problem. + +Main groups: +- Physical security controls +- Physical access controls +- Logical security controls +- Authentication and access management +- Data and device management controls + +## Memory Trick + +Use **P-L-A-D**: + +- **P**hysical: stop bodies, cars, theft, and entry +- **L**ogical: permissions, trust, and network/software rules +- **A**uthentication: prove who you are +- **D**ata/device controls: protect data and managed devices + +MFA factors: +- **Know**: password, PIN +- **Have**: smart card, key fob, phone, token +- **Are**: fingerprint, face, retina +- **Where**: location + +## Physical Security Controls + +Bollards: +- Posts/barriers that stop vehicles. +- Exam clue: prevent cars/trucks from reaching a building. + +Access control vestibule: +- Two-door controlled entry area. +- One door opens while the other remains locked. +- Exam clue: prevent tailgating or control one-person-at-a-time entry. + +Badge reader: +- Reads magnetic stripe, RFID, NFC, or similar badge. +- Exam clue: employee door access or time clock. + +Video surveillance/CCTV: +- Cameras and recording. +- Exam clue: monitor entrances, review incidents, license plates, faces, motion. + +Alarm systems: +- Door/window/fence circuits, motion detection, duress buttons. +- Exam clue: alert when perimeter or protected area is breached. + +Locks: +- Conventional key, deadbolt, electronic PIN, token-based, biometric, multifactor. + +Equipment locks: +- Lock racks, cabinets, laptops, or devices. + +Guards and access lists: +- Human verification of ID and visitor access. +- Often includes visitor log. + +Fences and lighting: +- Fences create perimeter. +- Lighting deters attackers and improves camera visibility. + +Magnetometers: +- Detect metal objects. +- Exam clue: weapons screening. + +## Physical Access Factors + +Key fob: +- Small RFID/proximity key. + +Smart card: +- Certificate-based card, usually part of MFA. + +Mobile digital key: +- Phone acts as key for building, hotel, car, or office. + +Biometrics: +- Fingerprint, retina, palm, face, or voice. +- Strong but not easily changed if compromised. + +## Logical Security Controls + +Least privilege: +- Users get only the access needed to do their job. +- Exam clue: reduce damage from mistakes or malware. + +Zero Trust: +- Trust nothing automatically. +- Verify users, devices, apps, and requests continuously. + +ACL: +- Access Control List. +- Allows or denies traffic or file access based on rules. + +## Authentication and Access + +MFA: +- Multi-factor authentication. +- Requires two or more different factor types. + +OTP: +- One-time password. +- Used once for a login/session. + +TOTP: +- Time-based one-time password. +- Common authenticator app code that changes every 30 seconds. + +SMS/voice codes: +- Codes sent by text or phone call. +- Better than password only, but weaker than authenticator apps or hardware tokens. + +Authentication app: +- Generates codes or push approvals. + +SAML: +- Security Assertion Markup Language. +- Standard for authentication/authorization between identity provider and service. + +SSO: +- Single sign-on. +- Authenticate once and access multiple approved resources. + +Just-in-time access: +- Grants elevated/admin access only temporarily. +- Exam clue: reduce standing admin privileges. + +PAM: +- Privileged Access Management. +- Broader system for controlling, vaulting, auditing, and granting privileged access. + +## Data and Device Controls + +MDM: +- Mobile Device Management. +- Centrally manages phones/tablets/laptops, policies, screen lock, apps, wipe, and BYOD controls. + +DLP: +- Data Loss Prevention. +- Detects/prevents sensitive data from leaving approved locations. +- Exam clue: block SSNs, credit cards, medical records, or confidential files from being emailed/uploaded. + +IAM: +- Identity and Access Management. +- Gives the right access to the right identities at the right time. + +Directory services: +- Central database of users, computers, groups, printers, and resources. +- Windows example: Active Directory. + +## Commands To Enter + +Windows: + +```powershell +whoami +``` + +What it does: +- Shows the current signed-in user. + +```powershell +whoami /groups +``` + +What it does: +- Shows groups for the current user. +- Useful for checking whether the user has elevated group membership. + +```powershell +whoami /priv +``` + +What it does: +- Shows privileges assigned to the current user. + +```powershell +net user +``` + +What it does: +- Lists local user accounts. + +```powershell +net localgroup +``` + +What it does: +- Lists local groups. + +```powershell +net localgroup administrators +``` + +What it does: +- Shows members of the local Administrators group. +- Use this to check for excessive admin access. + +Linux: + +```bash +whoami +``` + +What it does: +- Shows current user. + +```bash +id +``` + +What it does: +- Shows user ID, group ID, and group membership. + +```bash +groups +``` + +What it does: +- Shows groups for the current user. + +```bash +sudo -l +``` + +What it does: +- Shows what commands the current user can run with `sudo`, if allowed. + +macOS, if available: + +```bash +whoami +id +groups +``` + +What it does: +- Shows user and group identity information. + +## Mini Lab + +Goal: +- Identify authentication factors and local privilege level. + +Windows: +1. Run `whoami`. +2. Run `whoami /groups`. +3. Run `whoami /priv`. +4. Run `net localgroup administrators`. +5. Record whether your user appears to have admin rights. + +Linux: +1. Run `whoami`. +2. Run `id`. +3. Run `groups`. +4. Run `sudo -l`. +5. Record whether your user has sudo/admin rights. + +Physical control walk-through: +1. Pick a building you know. +2. Identify one physical control, such as lock, camera, guard, badge reader, or lighting. +3. Identify what risk it reduces. +4. Identify what it does not protect against. + +Scenario practice: +- A user needs admin access for 30 minutes to patch a server. Which control fits? +- A company wants to stop credit card numbers from being emailed. Which control fits? +- A company wants all phones to require PINs and allow remote wipe. Which control fits? + +## Quick Check Before Quiz + +You are ready for the SEC-1 quiz when you can answer these without looking: +- What does least privilege mean? +- What is the difference between SSO and MFA? +- What does DLP protect against? +- What does MDM manage? +- What is just-in-time access? +- Which physical control stops vehicles? + diff --git a/notes/SEC-10-soho-network-security.md b/notes/SEC-10-soho-network-security.md new file mode 100644 index 0000000..ce30857 --- /dev/null +++ b/notes/SEC-10-soho-network-security.md @@ -0,0 +1,277 @@ +# SEC-10: SOHO Network Security + +Status: not started + +Domain: +- 2.0 Security + +Objective alignment: +- 2.10 SOHO network security + +## What You Need To Know + +SOHO means Small Office/Home Office. On the exam, this usually means a small router or wireless access point that combines routing, switching, firewall, and Wi-Fi. + +Your job is to harden the router so attackers cannot easily control it, join the wireless network, or open paths into the network. + +Core protections: +- Change default admin credentials +- Update firmware +- Use WPA2/WPA3 encryption +- Disable UPnP unless required +- Disable remote management unless required +- Use guest networks carefully +- Place network equipment securely +- Use content/IP filtering when needed + +## Memory Trick + +Use **P-F-W-U-G**: + +- **P**asswords: change defaults +- **F**irmware: keep updated +- **W**i-Fi: WPA2/WPA3, not open +- **U**PnP: usually disable +- **G**uest: disable or isolate and secure + +Shortcut: +- **If it manages the network, protect the login first.** + +## Default Passwords + +Routers and access points often ship with known default usernames and passwords. + +Why it matters: +- Admin access gives full control of the device. +- Defaults are easy to find online. +- Attackers can change DNS, Wi-Fi settings, firewall rules, and port forwarding. + +Best practice: +- Change the admin password during setup. +- Use a strong unique password. +- Store it in a password manager if possible. + +## Firmware Updates + +Firmware is the router's built-in software. + +Updates can include: +- Security patches +- Bug fixes +- Stability fixes +- New features + +Exam clue: +- If a router has known vulnerabilities, update firmware from the manufacturer. + +## Secure Management Access + +Router management access should be limited. + +Good settings: +- Strong admin password +- Multifactor authentication if available +- Local management only +- Disable Internet-facing remote administration unless required +- Limit management access by IP address if supported + +Cloud management: +- Some routers use cloud accounts. +- Protect the cloud account with a strong password and MFA. + +Exam clue: +- If a question says management is exposed to the Internet, disable remote management or restrict access. + +## Wi-Fi Security + +SSID: +- The wireless network name. +- Change obvious default names such as LINKSYS or NETGEAR. +- Do not use personal information in the SSID. + +SSID broadcast: +- Hiding the SSID is not strong security. +- The SSID can still be discovered with wireless tools. +- Use real encryption instead. + +Encryption: +- Open network: no password, weak security. +- WPA2-Personal or WPA3-Personal: common SOHO choice with a pre-shared key. +- WPA2/WPA3-Enterprise: uses individual user authentication with a server, usually in larger organizations. + +Best SOHO choice: +- WPA3-Personal when supported. +- WPA2-Personal if WPA3 is not available. +- Strong Wi-Fi passphrase. + +## UPnP + +UPnP means Universal Plug and Play. + +What it does: +- Lets internal apps/devices automatically open inbound ports on the router. +- Common with gaming, media, and peer-to-peer apps. + +Risk: +- Apps may open ports without approval. +- This can expose internal services to the Internet. + +Best practice: +- Disable UPnP unless a required app needs it. + +## IP Filtering and Content Filtering + +Allow list: +- Only approved traffic or destinations are allowed. +- More restrictive. + +Deny list: +- Blocks known bad traffic, sites, domains, or IPs. +- More flexible but less strict. + +Content filtering: +- Blocks traffic by URL, category, malware reputation, or content type. +- Used for parental controls, business policy, and malware protection. + +Exam clue: +- If the goal is to block inappropriate websites, use content filtering. +- If the goal is to permit only known systems or destinations, use an allow list. + +## Screened Subnet + +A screened subnet is a separate network area for public-facing services. + +Older term: +- DMZ + +Purpose: +- Keeps public systems separated from the internal private network. +- Adds a layer between the Internet and internal devices. + +SOHO example: +- A router may have a DMZ host option. +- Be careful: placing a device in a DMZ can expose it heavily. + +## Guest Networks + +Guest networks can be useful, but they must be controlled. + +Best practice: +- Disable guest network if not needed. +- If enabled, use WPA2/WPA3. +- Isolate guests from internal devices. +- Use a separate password. + +Common uses: +- Visitors +- IoT devices +- Lab or test devices + +Exam clue: +- If visitors need Internet but should not access internal PCs, use an isolated guest network. + +## Physical Placement + +Network devices should be physically protected. + +Reasons: +- A person with physical access may reset the router. +- A person may unplug cables or connect unauthorized devices. +- Wireless access points need good placement for coverage. + +Best practice: +- Keep routers, switches, and access points in a secure location. +- Place wireless access points high and central when possible. +- Plan power and access for maintenance. + +## Commands To Enter + +These commands inspect your local network. They do not change router settings. + +Windows PowerShell: + +```powershell +ipconfig +``` + +What it does: +- Shows IP address information. +- Look for Default Gateway; that is usually your router. + +```powershell +Get-NetConnectionProfile +``` + +What it does: +- Shows the current network profile. +- Public is more restrictive; Private is used for trusted local networks. + +```powershell +netsh wlan show interfaces +``` + +What it does: +- Shows Wi-Fi connection details, including SSID and authentication type. + +Linux: + +```bash +ip route +``` + +What it does: +- Shows the default route. +- The `default via` address is usually your router. + +```bash +nmcli dev wifi list +``` + +What it does: +- Lists nearby Wi-Fi networks if NetworkManager is installed. +- Shows SSIDs and security types. + +```bash +nmcli connection show --active +``` + +What it does: +- Shows active network connections. + +macOS: + +```bash +route -n get default +``` + +What it does: +- Shows the default gateway router. + +```bash +networksetup -getairportnetwork en0 +``` + +What it does: +- Shows the connected Wi-Fi network on many Macs. +- Some Macs may use a different interface than `en0`. + +```bash +system_profiler SPAirPortDataType +``` + +What it does: +- Shows detailed Wi-Fi information. + +Do not log in to a router you do not own or administer. Do not change router settings in this section unless you understand the impact. + +## Quick Checks + +You should be able to answer: +- Why change default router passwords? +- Why keep firmware updated? +- Why is WPA2/WPA3 better than an open network? +- Why is hiding the SSID not strong security? +- Why is UPnP risky? +- When should you use a guest network? +- What is the purpose of a screened subnet? + diff --git a/notes/SEC-11-browser-security.md b/notes/SEC-11-browser-security.md new file mode 100644 index 0000000..2a1de1e --- /dev/null +++ b/notes/SEC-11-browser-security.md @@ -0,0 +1,314 @@ +# SEC-11: Browser Security + +Status: not started + +Domain: +- 2.0 Security + +Objective alignment: +- 2.11 Browser security + +## What You Need To Know + +Browsers are a major security target because users access email, banking, cloud apps, password resets, downloads, and work systems through them. + +The exam wants you to know how to secure: +- Browser installation sources +- Updates and patches +- Extensions and plug-ins +- Password storage +- Certificates and secure connections +- Pop-ups, ads, cache, cookies, and private browsing +- Browser sync and proxy settings + +## Memory Trick + +Use **D-U-E-C-P**: + +- **D**ownload from trusted sources +- **U**pdate the browser +- **E**xtensions only from trusted stores +- **C**ertificates must be valid +- **P**rivacy data can be cleared + +Shortcut: +- **Browser trust starts before install and continues with updates.** + +## Trusted Browser Downloads + +Safe browser installation: +- Go directly to the vendor website or official app store. +- Avoid links in email. +- Avoid random third-party download sites. +- Verify downloads with hashes or signatures when provided. + +Hash verification: +- A hash is a fingerprint of a file. +- If the downloaded file hash matches the posted hash, the file likely did not change. +- If it does not match, do not install it. + +Exam clue: +- If a user needs to install a browser safely, choose trusted source and hash/signature verification. + +## Browser Updates + +Browsers need frequent updates because browser vulnerabilities are heavily targeted. + +Updates may come from: +- The browser itself +- The operating system update process +- An enterprise software management tool + +Best practice: +- Keep automatic updates enabled when possible. +- Restart the browser after updates if required. + +Exam clue: +- If the browser has security vulnerabilities or degraded behavior from an old version, update it. + +## Extensions and Plug-ins + +Extensions add browser features, but they can also steal data. + +Trusted sources: +- Official browser extension stores +- Microsoft Store +- Chrome Web Store +- Known vendor websites + +Untrusted sources: +- Random websites +- Email links +- Pop-up prompts +- Extensions installed by malware + +Possible malicious extension behavior: +- Credential theft +- Screenshot capture +- Keylogging +- Redirecting searches +- Data exfiltration + +Best practice: +- Install only necessary extensions. +- Remove unused extensions. +- Review permissions before installing. + +## Password Managers + +Password managers store credentials in an encrypted vault. + +Benefits: +- Unique passwords for each site +- Strong generated passwords +- Easier password hygiene +- Sync across devices when configured + +Risk: +- The vault must be protected with a strong master password. +- Browser-saved passwords may be less controlled than enterprise password managers. + +Exam clue: +- If the issue is password reuse across many websites, use a password manager. + +## Secure Connections and Certificates + +HTTPS uses certificates to prove the site identity and protect traffic. + +Browser certificate warnings may mean: +- Certificate is expired +- Certificate is for the wrong domain +- Certificate is signed by an untrusted authority +- System date/time is wrong +- A captive portal or inspection device is interfering + +Best practice: +- Do not ignore certificate warnings on sensitive sites. +- Check certificate details. +- Check the system date and time. + +Exam clue: +- If a browser shows invalid certificate warnings, investigate before entering credentials. + +## Pop-Up Blockers and Notifications + +Pop-up blockers stop unwanted browser windows or prompts. + +Best practice: +- Keep pop-up blocking enabled. +- Allow pop-ups only for trusted sites that require them. +- Disable only temporarily for troubleshooting. + +Browser notifications: +- Websites may request permission to send notifications. +- Malicious or low-quality sites can abuse notification prompts. +- Disable unwanted site notifications. + +## Clearing Private Data + +Browser data can include: +- History +- Cookies +- Cache +- Download list +- Saved form data +- Saved passwords + +Cache: +- Stores parts of websites locally. +- Can speed up browsing. +- Can cause stale-page or troubleshooting issues. + +Cookies: +- Store session and site data. +- Can keep users signed in. +- Can also be used for tracking. + +Best practice: +- Clear cache/cookies when troubleshooting site problems. +- Be careful before clearing saved passwords. + +## Private Browsing Mode + +Private browsing does not save normal local session history after the window closes. + +It can remove: +- Browsing history for that session +- Download history list +- Temporary cache/cookies for that private session + +It does not make you invisible to: +- Websites +- Employer/school networks +- Internet provider +- Network logging tools + +Exam clue: +- Private browsing is local privacy, not full anonymity. + +## Browser Data Synchronization + +Browser sync can share data across devices. + +Synced items may include: +- Bookmarks +- History +- Extensions +- Passwords +- Settings + +Risk: +- A compromised browser account can expose synced data. +- Unwanted extensions may appear on multiple devices. + +Best practice: +- Protect sync accounts with MFA. +- Disable sync for sensitive categories if policy requires it. + +## Ad Blockers and Proxies + +Ad blockers: +- Can reduce ads and some malicious ad risks. +- May break some websites. +- Should come from trusted extension stores. + +Proxy: +- Sits between the browser and the destination site. +- Can cache content. +- Can enforce access control. +- Can filter traffic. +- Can be configured manually or by policy. + +Exam clue: +- If browsing must be filtered or logged centrally, think proxy or content filtering. + +## Commands To Enter + +Windows PowerShell: + +```powershell +Get-FileHash "$env:USERPROFILE\Downloads\example.exe" +``` + +What it does: +- Calculates a hash for a downloaded file. +- Replace `example.exe` with a real file name only when you intentionally want to check it. + +```powershell +start ms-settings:dateandtime +``` + +What it does: +- Opens Windows date and time settings. +- Wrong date/time can cause certificate warnings. + +```powershell +start chrome://settings/privacy +``` + +What it does: +- Opens Chrome privacy settings if Chrome is installed. + +Linux: + +```bash +sha256sum ~/Downloads/example-file +``` + +What it does: +- Calculates a SHA-256 hash for a downloaded file. +- Replace `example-file` with a real file name only when checking a download. + +```bash +date +``` + +What it does: +- Shows the system date and time. +- Incorrect date/time can cause certificate warnings. + +```bash +xdg-open chrome://settings/privacy +``` + +What it does: +- Attempts to open Chrome privacy settings. +- Works only if a compatible browser handles the URL. + +macOS: + +```bash +shasum -a 256 ~/Downloads/example-file +``` + +What it does: +- Calculates a SHA-256 hash for a downloaded file. + +```bash +date +``` + +What it does: +- Shows the system date and time. + +```bash +open -b com.apple.Safari +``` + +What it does: +- Opens Safari. +- Use Safari Settings to inspect privacy, extensions, passwords, and website permissions. + +Do not clear saved passwords, remove profiles, or reset browser settings during this section unless you intentionally want those changes. + +## Quick Checks + +You should be able to answer: +- Why download browsers from trusted sources? +- What does a file hash prove? +- Why do browser updates matter? +- Why are extensions risky? +- What does a certificate warning mean? +- What does private browsing protect, and what does it not protect? +- Why protect browser sync with MFA? + diff --git a/notes/SEC-2-windows-security-settings.md b/notes/SEC-2-windows-security-settings.md new file mode 100644 index 0000000..4c730c7 --- /dev/null +++ b/notes/SEC-2-windows-security-settings.md @@ -0,0 +1,321 @@ +# SEC-2: Windows Security Settings + +Status: not started + +Domain: +- 2.0 Security + +Objective alignment: +- 2.2 Windows security settings + +## What You Need To Know + +Windows security questions often ask where to configure or verify a protection. + +Core areas: +- Microsoft Defender Antivirus +- Windows Defender Firewall +- Windows Security app +- Local, Microsoft, and domain accounts +- Users and groups +- Login options and Windows Hello +- UAC and Run as administrator +- NTFS vs. share permissions +- BitLocker and BitLocker To Go +- EFS +- Active Directory basics +- Group Policy basics + +## Memory Trick + +Use **A-F-U-P-E-D-G**: + +- **A**ntivirus: Defender +- **F**irewall: network profiles and exceptions +- **U**sers: local/Microsoft/domain accounts +- **P**ermissions: NTFS/share +- **E**ncryption: BitLocker/EFS +- **D**irectory: Active Directory +- **G**roup Policy: centralized settings + +Encryption shortcut: +- **BitLocker = whole volume** +- **BitLocker To Go = removable drive** +- **EFS = individual files/folders on NTFS** + +## Defender Antivirus + +Microsoft Defender Antivirus: +- Built into Windows. +- Managed from Windows Security > Virus & threat protection. +- Uses real-time protection. +- Needs updated definitions/signatures. + +Exam clue: +- If the task is scan/update/check Windows antivirus, go to Windows Security or Defender. + +## Windows Defender Firewall + +Windows Defender Firewall: +- Should normally remain enabled. +- Has separate profiles such as Public and Private. +- Can allow an app, allow/block a port, use predefined rules, or create custom rules. + +Exam clue: +- If an app cannot receive network traffic, check firewall exception/rule. +- Public profile should be stricter than Private. + +## Windows Accounts + +Local account: +- Exists only on one Windows computer. + +Microsoft account: +- Cloud-linked personal/work account. +- Can sync settings and integrate with Microsoft services. + +Domain account: +- Centrally managed by Active Directory. +- Used in business environments. + +User types/groups: +- Administrator: elevated control. +- Standard user: normal daily use. +- Guest: limited access. +- Groups simplify permissions. + +## Login Options + +Common options: +- Password +- PIN +- Fingerprint +- Facial recognition +- Security key +- Windows Hello +- Domain/SSO login + +Passwordless authentication: +- Uses methods such as biometrics, PIN, or security key instead of a traditional password. + +## UAC and Run As Administrator + +UAC: +- User Account Control. +- Limits automatic administrative access. +- Prompts before elevated actions. + +Run as administrator: +- Starts an app with elevated permissions. +- Needed for tasks like installing services, changing system files, or editing protected settings. + +Memory trick: +- **Admin account is not always elevated. UAC asks before elevation.** + +## NTFS vs. Share Permissions + +NTFS permissions: +- Apply locally and over the network. +- Stored on NTFS volumes. + +Share permissions: +- Apply only when accessing through a network share. + +Rule: +- The most restrictive effective permission wins. +- Deny usually overrides allow. + +Inheritance: +- Permissions can flow from parent folder to child files/folders. + +Explicit permissions: +- Set directly on the object. + +## BitLocker vs. EFS + +BitLocker: +- Encrypts an entire volume. +- Protects data if a device or drive is stolen. + +BitLocker To Go: +- Encrypts removable drives such as USB flash drives. + +EFS: +- Encrypting File System. +- Encrypts individual files/folders on NTFS. +- Tied to user credentials/certificates. +- Password reset problems can make EFS files inaccessible if recovery is not planned. + +## Active Directory and Group Policy + +Active Directory: +- Central database of users, computers, groups, printers, shares, and other objects. +- Domain controllers store/manage the domain database. + +Domain: +- Group of managed users, computers, and resources. + +OU: +- Organizational Unit. +- Container used to organize AD objects and apply policies. + +Group Policy: +- Centralized settings for users/computers. +- Can configure security settings, login scripts, folder redirection, and more. + +Security groups: +- Assign permissions to a group, then add users to the group. + +Folder redirection: +- Redirects folders such as Desktop/Documents to a network location. + +## Commands To Enter + +Windows: + +```powershell +windowsdefender: +``` + +What it does: +- Opens Windows Security. + +```powershell +firewall.cpl +``` + +What it does: +- Opens Windows Defender Firewall. + +```powershell +wf.msc +``` + +What it does: +- Opens Windows Defender Firewall with Advanced Security. + +```powershell +whoami +``` + +What it does: +- Shows current user. + +```powershell +whoami /groups +``` + +What it does: +- Shows group membership for the current user. + +```powershell +net user +``` + +What it does: +- Lists local users. + +```powershell +net localgroup administrators +``` + +What it does: +- Lists local Administrators group members. + +```powershell +gpupdate /force +``` + +What it does: +- Forces Group Policy refresh. +- Most useful on domain-joined systems. + +```powershell +gpresult /r +``` + +What it does: +- Shows applied Group Policy summary. + +```powershell +manage-bde -status +``` + +What it does: +- Shows BitLocker status. + +```powershell +cipher /? +``` + +What it does: +- Shows help for the `cipher` command used with EFS and encryption-related tasks. + +Linux comparison: + +```bash +whoami +id +groups +``` + +What it does: +- Shows current user and group identity. + +macOS comparison, if available: + +```bash +fdesetup status +``` + +What it does: +- Shows FileVault disk encryption status on macOS. + +## Mini Lab + +Goal: +- Identify Windows security status and account privilege context. + +Windows: +1. Run `windowsdefender:`. +2. Open Virus & threat protection and find protection update status. +3. Run `firewall.cpl`. +4. Identify active firewall profiles. +5. Run `wf.msc`. +6. Locate inbound and outbound rules. +7. Run `whoami`. +8. Run `whoami /groups`. +9. Run `net localgroup administrators`. +10. Run `manage-bde -status`. +11. Run `gpresult /r`. + +Record: +- Defender protection status: +- Defender update status: +- Firewall profile active: +- Current user: +- Admin group membership: +- BitLocker status: +- Group Policy result available: + +Permissions scenario: +1. Create a test folder. +2. Right-click > Properties > Security. +3. View permissions only. +4. Do not remove permissions. + +Record: +- One user/group listed: +- One permission listed: +- Whether permissions are inherited: + +## Quick Check Before Quiz + +You are ready for the SEC-2 quiz when you can answer these without looking: +- What is the difference between NTFS and share permissions? +- Which encryption protects an entire Windows volume? +- Which encryption protects individual NTFS files/folders? +- What does UAC do? +- What does `gpupdate /force` do? +- Where do you check Defender status? + diff --git a/notes/SEC-3-wireless-security.md b/notes/SEC-3-wireless-security.md new file mode 100644 index 0000000..cb7cb83 --- /dev/null +++ b/notes/SEC-3-wireless-security.md @@ -0,0 +1,251 @@ +# SEC-3: Wireless Security and Authentication Methods + +Status: not started + +Domain: +- 2.0 Security + +Objective alignment: +- 2.3 Wireless security + +## What You Need To Know + +Wireless security questions usually ask which encryption/authentication method is safest or most appropriate. + +Core ideas: +- WEP is obsolete and should not be used. +- WPA was a temporary improvement over WEP. +- WPA2 with AES is still common and acceptable. +- WPA3 is newer and stronger. +- Personal/PSK uses one shared password. +- Enterprise/802.1X authenticates users individually, usually with RADIUS. + +## Memory Trick + +Use **3 beats 2, AES beats TKIP, Enterprise beats shared password**. + +Order to remember: +- **WEP = Weak** +- **WPA = temporary** +- **WPA2-AES = solid** +- **WPA3 = strongest common choice** + +Mode shortcut: +- **Personal = shared pre-shared key** +- **Enterprise = individual user authentication** + +## Wireless Encryption + +WEP: +- Wired Equivalent Privacy. +- Broken/obsolete. +- Do not choose it unless the question asks what should be replaced. + +WPA: +- Wi-Fi Protected Access. +- Temporary replacement for WEP. +- Uses TKIP. + +TKIP: +- Older encryption method used with WPA. +- Avoid when better options exist. + +WPA2: +- Stronger replacement for WPA. +- Uses AES. + +AES: +- Advanced Encryption Standard. +- Stronger than TKIP. + +WPA3: +- Newer than WPA2. +- Improves encryption and key exchange. +- Best default answer when supported. + +## Wireless Modes + +Open: +- No password. +- Avoid for private/business networks. + +WPA2/WPA3-Personal: +- Uses a pre-shared key. +- Good for home/SOHO networks. +- Everyone uses the same Wi-Fi password. + +WPA2/WPA3-Enterprise: +- Uses 802.1X. +- Authenticates users individually. +- Usually uses RADIUS. +- Best for business networks when supported. + +## Authentication Methods + +RADIUS: +- Remote Authentication Dial-in User Service. +- Centralized AAA service. +- Common for VPN, wireless 802.1X, network devices, and server authentication. + +TACACS+: +- Authentication protocol common with Cisco/network device administration. +- Exam clue: network device admin authentication, especially Cisco. + +Kerberos: +- Ticket-based network authentication. +- Common in Microsoft/Active Directory environments. +- Supports SSO-style access in Windows domains. + +MFA: +- Multi-factor authentication. +- Uses more than one factor type: + - Something you know + - Something you have + - Something you are + - Somewhere you are + - Something you do + +## Scenario Shortcuts + +Home Wi-Fi: +- WPA3-Personal if supported. +- WPA2-AES if WPA3 is not available. + +Business Wi-Fi: +- WPA3-Enterprise or WPA2-Enterprise with 802.1X/RADIUS. + +Legacy weak network: +- Replace WEP/WPA/TKIP. + +VPN authentication server: +- RADIUS is a common answer. + +Cisco/network device admin authentication: +- TACACS+ is a common answer. + +Microsoft domain authentication: +- Kerberos is a common answer. + +## Commands To Enter + +Windows: + +```powershell +netsh wlan show interfaces +``` + +What it does: +- Shows current Wi-Fi interface, SSID, authentication, and cipher details. +- Works only if Wi-Fi is present and connected. + +```powershell +netsh wlan show profiles +``` + +What it does: +- Lists saved Wi-Fi profiles. + +```powershell +ipconfig /all +``` + +What it does: +- Shows network adapter details, including DHCP and DNS information. + +```powershell +ncpa.cpl +``` + +What it does: +- Opens Network Connections. + +Linux: + +```bash +nmcli device status +``` + +What it does: +- Shows network devices and connection state when NetworkManager is installed. + +```bash +nmcli connection show +``` + +What it does: +- Shows configured network connections when NetworkManager is installed. + +```bash +iw dev +``` + +What it does: +- Shows wireless interface information if wireless tools are installed. + +```bash +ip addr +``` + +What it does: +- Shows network interfaces and IP addresses. + +macOS, if available: + +```bash +networksetup -listallhardwareports +``` + +What it does: +- Lists network hardware ports, including Wi-Fi. + +```bash +airport -I +``` + +What it does: +- Shows current Wi-Fi details on many macOS systems. +- On some macOS versions, the `airport` command path may require lookup or may be deprecated. + +## Mini Lab + +Goal: +- Identify current wireless mode/security without changing router settings. + +Windows: +1. Connect to a known Wi-Fi network. +2. Run `netsh wlan show interfaces`. +3. Run `netsh wlan show profiles`. +4. Run `ipconfig /all`. +5. Record: + - SSID: + - Authentication: + - Cipher: + - DHCP enabled: + - DNS server: + +Linux: +1. Run `nmcli device status`. +2. Run `nmcli connection show`. +3. Run `ip addr`. +4. Optional: run `iw dev`. +5. Record: + - Wireless interface name: + - Active connection: + - IP address: + +Router review, if you own/admin the network: +1. Look at Wi-Fi security mode. +2. Confirm WEP/TKIP are not used. +3. Prefer WPA3 or WPA2-AES. +4. Do not change settings unless you understand the impact. + +## Quick Check Before Quiz + +You are ready for the SEC-3 quiz when you can answer these without looking: +- Which wireless security should be avoided? +- Which is stronger: TKIP or AES? +- Which mode uses one shared password? +- Which mode uses 802.1X/RADIUS? +- Which authentication protocol is common in Microsoft domains? +- Which authentication protocol is common for VPN/wireless AAA? + diff --git a/notes/SEC-4-malware-security-tools.md b/notes/SEC-4-malware-security-tools.md new file mode 100644 index 0000000..e901545 --- /dev/null +++ b/notes/SEC-4-malware-security-tools.md @@ -0,0 +1,275 @@ +# SEC-4: Malware and Security Tools + +Status: not started + +Domain: +- 2.0 Security + +Objective alignment: +- 2.4 Malware and security tools + +## What You Need To Know + +Malware questions usually ask you to identify the type of malware or choose the right security tool. + +Do not memorize only definitions. Tie each malware type to its behavior. + +## Memory Trick + +Use **RATS-VCK-BFP**: + +- **R**ansomware: ransom after encryption +- **A**dware/PUP: ads or unwanted extras +- **T**rojan: tricks you by pretending to be useful +- **S**pyware/stalkerware: surveillance +- **V**irus: needs execution and can replicate +- **C**ryptominer: steals CPU/GPU cycles +- **K**eylogger: captures keystrokes +- **B**oot sector virus: starts before/with OS boot +- **F**ileless malware: lives in memory +- **P**ersistent/rootkit: hides deep in the system + +## Malware Types + +Trojan: +- Pretends to be legitimate software. +- Does not need to self-replicate. +- Often opens the door for other malware. + +Rootkit: +- Hides deep in the OS, kernel, drivers, or boot process. +- May not appear in normal tools like Task Manager. +- Often requires special tools or reinstall/reimage. + +Virus: +- Replicates by infecting files or systems. +- Usually needs a program to run. + +Spyware: +- Watches user activity. +- May track browsing, personal data, or behavior. + +Ransomware: +- Encrypts or locks user data and demands payment. +- Strong backup strategy is critical. + +Keylogger: +- Captures keystrokes. +- Can steal passwords even when websites use encryption. + +Cryptominer: +- Uses CPU/GPU resources to mine cryptocurrency. +- Clue: unexplained high CPU/GPU use, heat, fan noise. + +Boot sector virus: +- Infects boot code. +- Starts before or during OS boot. +- Secure Boot helps reduce this risk. + +Fileless malware: +- Runs from memory or trusted scripting tools. +- Avoids writing a normal malware file to disk. + +Stalkerware: +- Surveillance software, often on mobile devices. +- Tracks location, messages, microphone, camera, screenshots, or activity. + +PUP: +- Potentially Unwanted Program. +- Often bundled with other installs. +- May include adware, toolbars, or browser hijackers. + +## Security Tools + +Windows Recovery Environment: +- Used when Windows will not start normally or malware blocks normal repair. +- Powerful and risky. +- Last-resort style tool for boot repair, command prompt, service/device startup changes, or file replacement. + +Antivirus/anti-malware: +- Detects, blocks, quarantines, and removes malware. +- Should use real-time protection and updated definitions. + +EDR: +- Endpoint Detection and Response. +- Detects behavior, investigates endpoint threats, and can isolate/quarantine/respond. + +MDR: +- Managed Detection and Response. +- Third-party managed service that monitors and responds to EDR/security events. + +XDR: +- Extended Detection and Response. +- Correlates endpoint, network, cloud, and other security data. + +Email security gateway: +- Filters inbound/outbound email. +- Blocks phishing, malware, spam, and suspicious attachments before reaching users. + +Software firewall: +- Monitors and controls local network communication. +- Can stop malware from calling out. + +Anti-phishing training: +- Teaches users to identify phishing and social engineering. +- Important because technology alone cannot stop every attack. + +End-user education: +- Broader security awareness: links, downloads, reporting, password hygiene, safe behavior. + +OS reinstallation/reimage: +- Most reliable way to remove severe or persistent malware. +- Must ensure backups/images are clean. + +## Tool Matching Shortcut + +- Email threat before user sees it: **email security gateway** +- Suspicious endpoint behavior: **EDR** +- Outsourced endpoint monitoring: **MDR** +- Endpoint plus network/cloud correlation: **XDR** +- Local app calling out unexpectedly: **software firewall** +- Persistent/rootkit/severe infection: **reimage/reinstall** +- User keeps clicking bad links: **anti-phishing training** +- Windows will not boot or malware blocks repair: **Windows RE** + +## Commands To Enter + +Windows inspection commands: + +```powershell +windowsdefender: +``` + +What it does: +- Opens Windows Security. +- Use it to check Virus & threat protection. + +```powershell +taskmgr +``` + +What it does: +- Opens Task Manager. +- Use it to look for high CPU, memory, disk, or suspicious processes. + +```powershell +resmon +``` + +What it does: +- Opens Resource Monitor. +- Gives more detailed live CPU, memory, disk, and network activity. + +```powershell +eventvwr.msc +``` + +What it does: +- Opens Event Viewer. +- Use it to inspect logs for crashes, service issues, and security-related events. + +```powershell +netstat -ano +``` + +What it does: +- Shows active connections/listening ports and process IDs. +- Useful for spotting unexpected network connections. + +```powershell +Get-Process | Sort-Object CPU -Descending | Select-Object -First 10 +``` + +What it does: +- Lists the top processes by CPU use in PowerShell. + +Linux inspection commands: + +```bash +top +``` + +What it does: +- Shows live process/resource usage. + +```bash +ps aux +``` + +What it does: +- Lists running processes. + +```bash +ss -tulpn +``` + +What it does: +- Shows listening network sockets and associated processes when permissions allow. + +```bash +journalctl -p err +``` + +What it does: +- Shows systemd journal errors. + +macOS, if available: + +```bash +top +ps aux +``` + +What it does: +- Shows running processes and resource usage. + +## Mini Lab + +Goal: +- Practice safe inspection and tool selection. + +Windows: +1. Open Windows Security with `windowsdefender:`. +2. Check whether Virus & threat protection is enabled. +3. Open Task Manager with `taskmgr`. +4. Sort by CPU and memory. +5. Open Resource Monitor with `resmon`. +6. Run `netstat -ano`. +7. Record: + - Antivirus status: + - Highest CPU process: + - Any listening ports: + - One unexpected thing you would investigate further: + +Linux: +1. Run `top`, then press `q`. +2. Run `ps aux`. +3. Run `ss -tulpn`. +4. Run `journalctl -p err`. +5. Record: + - Highest CPU process: + - One listening service: + - One error log theme: + +Tabletop scenarios: +- Files are encrypted and a payment note appears. +- Browser homepage changes and toolbars appear after installing free software. +- CPU is high even when no apps are open. +- A system keeps reinfecting after cleanup. +- Users are receiving malicious attachments by email. + +For each scenario, identify: +- Malware type or likely issue +- Best tool or response +- What evidence you would collect + +## Quick Check Before Quiz + +You are ready for the SEC-4 quiz when you can answer these without looking: +- What malware encrypts user files for payment? +- What malware captures keystrokes? +- What malware hides deep in the OS? +- What tool filters malicious email? +- What is the difference between EDR, MDR, and XDR? +- When is reimage/reinstall the right answer? + diff --git a/notes/SEC-5-social-engineering-attacks.md b/notes/SEC-5-social-engineering-attacks.md new file mode 100644 index 0000000..b8d9a7f --- /dev/null +++ b/notes/SEC-5-social-engineering-attacks.md @@ -0,0 +1,306 @@ +# SEC-5: Social Engineering and Attacks + +Status: not started + +Domain: +- 2.0 Security + +Objective alignment: +- 2.5 Social engineering and attacks + +## What You Need To Know + +This objective is scenario-heavy. The exam describes an attack and expects you to identify the type or best prevention. + +Think in categories: +- Human manipulation +- Availability attacks +- Spoofing/on-path attacks +- Password attacks +- Web app attacks +- Insider/supply chain risks +- Vulnerable systems + +## Memory Trick + +Use **PHISH-DOS-PASS-WEB-SUPPLY**: + +- **PHISH**: phishing, vishing, smishing, QR phishing, spear phishing, whaling +- **DOS**: DoS and DDoS +- **PASS**: brute force, dictionary, plaintext passwords +- **WEB**: SQL injection and XSS +- **SUPPLY**: service provider, hardware, software supply chain + +Physical/social trick: +- **Tailgating = no consent** +- **Piggybacking = with consent** + +## Phishing Variants + +Phishing: +- Fraud messages that trick users into clicking, logging in, paying, or sharing data. +- Often uses spoofed email, fake sites, urgency, or suspicious links. + +Vishing: +- Voice phishing by phone or voicemail. + +Smishing: +- SMS/text phishing. + +QR code phishing: +- Malicious QR code points to a fake or harmful site. + +Spear phishing: +- Targeted phishing aimed at a specific person or group. + +Whaling: +- Spear phishing aimed at executives or high-value targets. + +Business Email Compromise (BEC): +- Attacker uses email trust to request money, gift cards, payroll changes, or wire transfers. +- Prevention: verify requests through a separate trusted channel. + +## Physical/Social Attacks + +Shoulder surfing: +- Watching someone enter or view sensitive information. +- Prevention: privacy screens, awareness, monitor placement. + +Tailgating: +- Unauthorized person follows through a secure door without consent. + +Piggybacking: +- Authorized person knowingly lets someone follow them in. + +Impersonation: +- Pretending to be someone trusted, such as help desk, vendor, executive, or employee. + +Dumpster diving: +- Searching trash for information useful in later attacks. +- Prevention: shredding, secure disposal, clean desk policy. + +## Availability Attacks + +DoS: +- Denial of Service. +- One system/attack source makes a service unavailable. + +DDoS: +- Distributed Denial of Service. +- Many systems, often botnets, attack at once. + +Prevention/mitigation: +- ISP filtering +- Cloud DDoS protection +- Firewall/rate-limit patterns +- Redundancy + +## Spoofing and On-Path Attacks + +On-path attack: +- Attacker intercepts/redirects traffic between victim and destination. +- Formerly called man-in-the-middle. + +ARP poisoning: +- Local network attack that tricks devices about MAC-to-IP mappings. + +Evil twin: +- Fake Wi-Fi access point that looks legitimate. +- Prevention: VPN, HTTPS, avoid unknown Wi-Fi, verify SSID, use enterprise authentication. + +On-path browser attack: +- Malware in the browser proxies or manipulates traffic from the victim's own machine. + +## Zero-Day Attacks + +Zero-day: +- Exploit for a vulnerability not yet known or patched by the vendor. + +Exam clue: +- No patch exists yet, or the vulnerability was unknown before exploitation. + +Mitigation: +- Defense in depth, least privilege, behavior detection, segmentation, rapid patching when fixes arrive. + +## Password Attacks + +Plaintext password storage: +- Passwords stored unencrypted. +- Bad design. + +Hashing: +- One-way representation of a password. +- Used for password storage. + +Brute force: +- Try every possible password combination. + +Dictionary attack: +- Try likely words/password lists and substitutions. + +Mitigation: +- Long passwords +- MFA +- Account lockout/rate limiting +- Strong hashing +- Password managers + +## Web App Attacks + +SQL injection: +- Attacker modifies database queries through unsafe input. +- Example effect: view, change, or delete database data. +- Prevention: input validation, parameterized queries, secure coding. + +XSS: +- Cross-site scripting. +- Attacker injects scripts into trusted web pages or links. +- Can steal cookies/session tokens or act as the user. +- Prevention: input validation/output encoding, secure coding, browser updates. + +Memory trick: +- **SQL injection attacks the database.** +- **XSS attacks the user's browser trust.** + +## Insider and Supply Chain + +Insider threat: +- Employee, contractor, or trusted person misuses access. +- May be malicious or careless. + +Supply chain attack: +- Attacker compromises a vendor, provider, update, hardware, or software source. +- Trusted relationship becomes the attack path. + +Service provider risk: +- Third-party providers may have access to internal systems. + +Mitigation: +- Vendor audits +- Least privilege +- Contract security requirements +- Monitor provider access +- Verify software signatures + +## Vulnerable Systems + +Non-compliant systems: +- Do not meet organization standards. + +Unpatched systems: +- Missing security updates. + +Unprotected systems: +- Security controls disabled or absent. + +EOL/EOSL: +- End of life/end of service life. +- No normal security patches or support. + +BYOD: +- Bring Your Own Device. +- User-owned device accessing company data. +- Needs policy, MDM, data separation, and security requirements. + +## Commands To Enter + +Windows: + +```powershell +arp -a +``` + +What it does: +- Shows ARP cache entries. +- Useful conceptually for ARP poisoning discussions. + +```powershell +netstat -ano +``` + +What it does: +- Shows active network connections and listening ports. + +```powershell +ipconfig /all +``` + +What it does: +- Shows IP, DNS, gateway, and adapter information. + +```powershell +whoami /groups +``` + +What it does: +- Shows group membership and helps discuss insider/privilege risk. + +Linux: + +```bash +ip neigh +``` + +What it does: +- Shows neighbor/ARP table entries. + +```bash +ss -tulpn +``` + +What it does: +- Shows listening sockets and processes when allowed. + +```bash +ip route +``` + +What it does: +- Shows routes, including default gateway. + +## Mini Lab + +Goal: +- Practice identifying attack types safely. + +Windows: +1. Run `arp -a`. +2. Run `netstat -ano`. +3. Run `ipconfig /all`. +4. Record: + - Default gateway: + - One ARP entry: + - One active/listening connection: + +Linux: +1. Run `ip neigh`. +2. Run `ss -tulpn`. +3. Run `ip route`. +4. Record: + - Default gateway: + - One neighbor entry: + - One listening service: + +Scenario practice: +1. A CFO gets an email asking for a wire transfer. +2. A user scans a QR code on a parking meter and lands on a fake payment site. +3. A fake Wi-Fi network copies the hotel SSID. +4. An attacker tries every possible password. +5. A vendor software update is compromised. +6. A website search box runs attacker-supplied JavaScript. +7. A database query is manipulated through form input. + +For each: +- Name the attack. +- Name one prevention or mitigation. + +## Quick Check Before Quiz + +You are ready for the SEC-5 quiz when you can answer these without looking: +- What is the difference between phishing, vishing, smishing, spear phishing, and whaling? +- What is the difference between tailgating and piggybacking? +- What does an evil twin imitate? +- What is the difference between SQL injection and XSS? +- What is a supply chain attack? +- What is the difference between DoS and DDoS? + diff --git a/notes/SEC-6-malware-removal-process.md b/notes/SEC-6-malware-removal-process.md new file mode 100644 index 0000000..362a033 --- /dev/null +++ b/notes/SEC-6-malware-removal-process.md @@ -0,0 +1,247 @@ +# SEC-6: Malware Removal Process + +Status: not started + +Domain: +- 2.0 Security + +Objective alignment: +- 2.6 Malware removal process + +## What You Need To Know + +The exam expects the malware removal process in order. Do not just know the steps individually; know what comes next. + +Important idea: +- Full wipe/reimage from known-good media is the cleanest answer for severe malware. +- Remediation is sometimes done to recover data or restore enough function to continue business. + +## Memory Trick + +Use **I-Q-D-R-U-S-R-S-E-E**: + +1. **I**nvestigate and verify symptoms +2. **Q**uarantine infected systems +3. **D**isable System Restore/System Protection +4. **R**emediate infected systems +5. **U**pdate anti-virus/anti-malware +6. **S**can and remove +7. **R**eimage/reinstall if needed +8. **S**chedule scans and run updates +9. **E**nable System Protection and create restore point +10. **E**ducate the end user + +Short phrase: +- **Investigate, Quarantine, Disable, Remediate, Update, Scan, Reimage, Schedule, Enable, Educate.** + +## Step 1: Investigate and Verify Symptoms + +Look for: +- Odd error messages +- Fake security alerts +- Application failures +- Slow boot +- Slow applications +- Browser redirects +- Files encrypted/renamed/missing +- Unknown processes + +Goal: +- Confirm there is a real problem before changing anything. + +## Step 2: Quarantine Infected Systems + +Actions: +- Disconnect from network. +- Disable Wi-Fi/Bluetooth if needed. +- Isolate removable media. +- Prevent file transfer from the infected system. + +Goal: +- Stop spread. + +## Step 3: Disable System Restore/System Protection + +Why: +- Malware can hide in restore points. +- Restoring later could bring the infection back. + +Exam clue: +- Disable before remediation, re-enable after cleanup. + +## Step 4: Remediate Infected Systems + +Actions: +- Remove/quarantine malicious files. +- Remove malicious startup entries. +- Remove suspicious apps/extensions. +- Repair changed settings. + +Goal: +- Remove the infection or reduce damage. + +## Step 5: Update Anti-Virus/Anti-Malware + +Actions: +- Update signatures/definitions. +- Update scanning engine. +- If malware blocks updates, use a trusted clean system or offline media. + +Goal: +- Make sure tools recognize current threats. + +## Step 6: Scan and Remove + +Techniques: +- Normal scan +- Safe Mode scan +- Offline/preinstallation environment scan +- Bootable rescue media + +Goal: +- Detect and remove malware using updated tools. + +## Step 7: Reimage/Reinstall If Needed + +When: +- Rootkit/persistent infection. +- Cleanup fails. +- System integrity is not trusted. +- Time-sensitive business recovery needs a known-good image. + +Goal: +- Return to a clean known-good state. + +## Step 8: Schedule Scans and Run Updates + +Actions: +- Enable scheduled scans. +- Enable automatic definition updates. +- Run OS updates. +- Run application updates. + +Goal: +- Reduce reinfection risk. + +## Step 9: Enable System Protection + +Actions: +- Re-enable System Protection/System Restore. +- Create a clean restore point. + +Goal: +- Restore recovery capability after the system is clean. + +## Step 10: Educate The End User + +Topics: +- Avoid suspicious links. +- Avoid unknown downloads. +- Report symptoms early. +- Validate pop-ups and security alerts. +- Use approved software sources. + +Goal: +- Reduce repeat infection. + +## Commands To Enter + +Windows inspection commands: + +```powershell +windowsdefender: +``` + +What it does: +- Opens Windows Security. + +```powershell +taskmgr +``` + +What it does: +- Opens Task Manager for process/resource review. + +```powershell +resmon +``` + +What it does: +- Opens Resource Monitor for detailed activity. + +```powershell +rstrui.exe +``` + +What it does: +- Opens System Restore. +- For this lab, view only. Do not restore. + +```powershell +SystemPropertiesProtection +``` + +What it does: +- Opens System Protection settings. +- For this lab, view only. Do not disable protection unless working a real guided incident. + +```powershell +shutdown /r /o /t 0 +``` + +What it does: +- Restarts into Advanced Startup options. +- This is how you can reach recovery tools. +- Do not run unless you are ready to reboot. + +Linux/macOS comparison: + +```bash +top +ps aux +``` + +What it does: +- Shows running processes and resource usage. + +## Mini Lab + +Goal: +- Practice the process order and safe inspection. + +Windows: +1. Open Windows Security with `windowsdefender:`. +2. Open Task Manager with `taskmgr`. +3. Open Resource Monitor with `resmon`. +4. Open System Protection with `SystemPropertiesProtection`. +5. Do not disable System Protection during practice. +6. Record: + - Defender status: + - Highest CPU process: + - System Protection state: + - Where Advanced Startup is located: + +Tabletop: +For each scenario, write the next step: + +1. User reports fake antivirus pop-ups and slow performance. +2. You confirm malware symptoms. +3. The system is disconnected from the network. +4. System Restore is disabled. +5. Malicious files are removed. +6. Anti-malware signatures are updated. +7. Scan fails to remove a suspected rootkit. +8. Clean image is restored. +9. Updates and scheduled scans are configured. +10. Clean restore point is created. + +## Quick Check Before Quiz + +You are ready for the SEC-6 quiz when you can answer these without looking: +- What is step 1? +- What comes after verifying symptoms? +- When do you disable System Restore? +- When do you re-enable System Protection? +- Why educate the user? +- When should you reimage/reinstall? + diff --git a/notes/SEC-7-workstation-hardening.md b/notes/SEC-7-workstation-hardening.md new file mode 100644 index 0000000..7c87061 --- /dev/null +++ b/notes/SEC-7-workstation-hardening.md @@ -0,0 +1,307 @@ +# SEC-7: Workstation Hardening + +Status: not started + +Domain: +- 2.0 Security + +Objective alignment: +- 2.7 Workstation hardening + +## What You Need To Know + +Hardening means reducing the attack surface. On the exam, choose the setting that makes the workstation harder to misuse, steal from, or compromise. + +Core hardening areas: +- Data encryption +- Password policy +- Password managers +- Account management +- Screen lock and failed login controls +- Default account/password changes +- BIOS/UEFI passwords +- AutoRun/AutoPlay +- Unused services +- Physical device security + +## Memory Trick + +Use **E-P-A-L-D-S**: + +- **E**ncrypt data +- **P**asswords strong and managed +- **A**ccounts limited +- **L**ock screen/login controls +- **D**isable defaults and AutoPlay +- **S**ervices reduced + +Attack surface shortcut: +- **If you do not need it, disable it.** + +## Data Encryption + +Full-disk encryption: +- Encrypts the whole drive/volume. +- Windows example: BitLocker. +- macOS example: FileVault. + +File-system encryption: +- Encrypts individual files/folders. +- Windows example: EFS on NTFS. + +Removable media encryption: +- Protects USB drives. +- Windows example: BitLocker To Go. + +Key backup: +- Encryption is only useful if recovery keys are protected and available. +- Lost keys can mean lost data. + +## Password Controls + +Password complexity: +- Mix character types. +- Avoid obvious words and reused passwords. + +Password length: +- Longer is usually stronger. +- Passphrases are easier to remember and harder to brute force. + +Password age/expiration: +- Controls how long passwords can be used. +- Some environments require periodic changes. + +Password history: +- Prevents users from reusing recent passwords. + +Default passwords: +- Change default usernames/passwords on devices, routers, apps, and admin portals. + +No blank passwords: +- Always require passwords. + +No automatic login: +- Do not let systems bypass authentication. + +Password managers: +- Store many unique passwords in an encrypted vault. +- Enterprise password managers can support recovery and central policy. + +## Account Management + +Least privilege: +- Users should not run as administrators for daily work. + +Groups: +- Assign permissions to groups, then add users to groups. + +Disable unnecessary accounts: +- Disable guest or unused accounts. +- Disable interactive login for service accounts when possible. + +Login time restrictions: +- Limit when accounts can sign in. +- Useful for contractors or temporary workers. + +Account expiration: +- Automatically disable temporary accounts after a date. + +Failed login lockout: +- Locks account after too many failed attempts. +- Reduces online brute force attacks. + +## Locking and Physical Security + +Screen lock: +- Automatically lock after inactivity. +- Require password/PIN/biometric to unlock. + +Secure critical hardware: +- Use cable locks, locked rooms, asset tracking, and physical controls for laptops and sensitive devices. + +Privacy screens: +- Reduce shoulder surfing. + +## BIOS/UEFI Passwords + +Supervisor/administrator password: +- Prevents unauthorized firmware setting changes. + +User/boot password: +- Can prevent booting without credentials. + +Exam clue: +- If the attacker might change boot order or firmware settings, think BIOS/UEFI password. + +## AutoRun and AutoPlay + +AutoRun: +- Automatically runs instructions from removable media. +- Legacy risk. + +AutoPlay: +- Prompts or acts when removable media is inserted. +- Disable or restrict to reduce removable-media risk. + +## Disable Unnecessary Services + +Every service is potential attack surface. + +Examples: +- Remote access service not used +- Old print/file sharing service +- Vendor updater no longer needed +- Unused web/database service + +Rule: +- Disable only after confirming business impact. + +## Commands To Enter + +Windows: + +```powershell +manage-bde -status +``` + +What it does: +- Shows BitLocker encryption status. + +```powershell +net user +``` + +What it does: +- Lists local user accounts. + +```powershell +net accounts +``` + +What it does: +- Shows local password and lockout policy. + +```powershell +net localgroup administrators +``` + +What it does: +- Shows local Administrators group members. + +```powershell +services.msc +``` + +What it does: +- Opens Services. +- Use it to inspect services. Do not disable services without knowing impact. + +```powershell +ms-settings:autoplay +``` + +What it does: +- Opens AutoPlay settings. + +```powershell +rundll32.exe user32.dll,LockWorkStation +``` + +What it does: +- Locks the workstation. + +Linux: + +```bash +id +``` + +What it does: +- Shows user and group identity. + +```bash +sudo -l +``` + +What it does: +- Shows sudo privileges if allowed. + +```bash +systemctl --type=service --state=running +``` + +What it does: +- Lists running services. + +```bash +lsblk -f +``` + +What it does: +- Shows block devices and filesystem details. + +macOS, if available: + +```bash +fdesetup status +``` + +What it does: +- Shows FileVault encryption status. + +```bash +id +groups +``` + +What it does: +- Shows user/group identity. + +## Mini Lab + +Goal: +- Inspect workstation hardening without making risky changes. + +Windows: +1. Run `manage-bde -status`. +2. Run `net accounts`. +3. Run `net user`. +4. Run `net localgroup administrators`. +5. Run `services.msc`. +6. Run `ms-settings:autoplay`. +7. Lock the workstation with `rundll32.exe user32.dll,LockWorkStation` when ready. +8. Record: + - BitLocker status: + - Password lockout policy: + - Local admin members: + - AutoPlay enabled/disabled: + - One service you would research before disabling: + +Linux: +1. Run `id`. +2. Run `sudo -l`. +3. Run `systemctl --type=service --state=running`. +4. Record: + - Groups: + - Sudo access: + - One running service to research: + +Hardening scenario: +- A contractor leaves next Friday. +- A laptop is used in airports. +- USB drives are often plugged into shared computers. +- A workstation runs an old unused service. +- A local account still uses a vendor default password. + +For each, choose the best hardening action. + +## Quick Check Before Quiz + +You are ready for the SEC-7 quiz when you can answer these without looking: +- What does full-disk encryption protect? +- Why change default passwords? +- Why disable unused services? +- What does account lockout prevent? +- What does AutoPlay/AutoRun risk involve? +- What should be checked before disabling a service? + diff --git a/notes/SEC-8-mobile-device-security.md b/notes/SEC-8-mobile-device-security.md new file mode 100644 index 0000000..592b701 --- /dev/null +++ b/notes/SEC-8-mobile-device-security.md @@ -0,0 +1,232 @@ +# SEC-8: Mobile Device Security + +Status: not started + +Domain: +- 2.0 Security + +Objective alignment: +- 2.8 Mobile device security + +## What You Need To Know + +Mobile devices are easy to lose, easy to steal, and often already signed in to email, files, password resets, cloud storage, and work apps. + +The exam wants you to know how to protect: +- The device +- The data on the device +- The user account connected to the device +- The company network if the phone is used for work + +## Memory Trick + +Use **L-E-A-S-H**: + +- **L**ock the screen +- **E**ncrypt the device +- **A**pply updates and app controls +- **S**ecure with MDM/BYOD policy +- **H**ave backup, location, and remote wipe ready + +Shortcut: +- **Lost phone = lock, locate, backup, wipe if needed.** + +## Screen Locks + +Common unlock methods: +- PIN +- Password +- Pattern +- Fingerprint +- Face recognition +- Swipe + +Exam priority: +- A plain swipe is weak because it does not really authenticate the user. +- PIN, password, fingerprint, and face unlock are stronger choices. +- Biometrics are convenient, but the device still needs a PIN/password fallback. + +Failed login controls: +- Devices can delay login attempts after repeated failures. +- Some environments can erase or wipe the device after too many failed attempts. +- This protects stolen devices from repeated guessing attempts. + +## Encryption + +Full device encryption protects stored data if the device is lost or stolen. + +What to remember: +- Modern iOS devices use strong built-in encryption when a passcode is configured. +- Modern Android devices commonly support file-based or full-device encryption. +- Encryption is strongest when paired with a real lock method, not swipe-only access. + +Exam clue: +- If the question says the phone was stolen and contains sensitive data, think encryption and remote wipe. + +## MDM and Configuration Profiles + +Mobile Device Management, or MDM, lets an organization centrally manage phones and tablets. + +Common MDM actions: +- Require a passcode +- Require encryption +- Push Wi-Fi, VPN, or email settings +- Install or restrict apps +- Block camera, copy/paste, or cloud sync in some environments +- Enforce OS update requirements +- Locate, lock, or wipe a managed device + +Common tools and terms: +- Microsoft Intune +- Apple Configurator +- Apple configuration profiles +- Android Enterprise + +BYOD means Bring Your Own Device. + +BYOD policy questions usually care about: +- Who owns the device +- What company data is allowed +- Whether the company can wipe only work data or the entire device +- Minimum OS version +- Screen lock requirements +- What happens when employment ends + +## Updates and Patching + +Mobile updates include: +- Operating system updates +- Security patches +- App updates + +Why they matter: +- Updates fix vulnerabilities. +- App updates can fix security bugs in messaging, browsers, email, banking, and work apps. + +Exam clue: +- If the question says a device is missing critical security fixes, update the OS or app. + +## Anti-Malware + +iOS: +- More closed app ecosystem. +- Apps are more isolated. +- Traditional antivirus is less common. + +Android: +- More open ecosystem. +- Third-party app sources increase risk. +- Anti-malware tools are more common, especially in business environments. + +Best protection: +- Use official app stores. +- Keep the OS updated. +- Avoid sideloading unknown apps. +- Use MDM controls when the device handles company data. + +## Content Filtering + +Content filtering limits access to unsafe or inappropriate content. + +Examples: +- Web filtering +- App restrictions +- Parental controls +- Enterprise browsing controls + +Exam clue: +- If the goal is to block categories of websites or unsafe browsing, think content filtering. + +## Locator, Remote Lock, Remote Wipe, and Backup + +Locator services: +- Help find a lost device. +- Examples: Find My on iPhone, Find My Device on Android. + +Remote lock: +- Locks the phone so someone else cannot use it. + +Remote message or sound: +- Helps recover a misplaced phone. + +Remote wipe: +- Erases data when the device is unlikely to be recovered. +- Use carefully because it removes data from the device. + +Remote backup: +- Stores device data in cloud backup. +- Makes replacement and recovery easier. + +Exam order for a lost phone: +1. Locate or lock if recovery is likely. +2. Confirm backup status if possible. +3. Wipe if data risk is high or recovery is unlikely. + +## Mobile Firewalls + +Mobile firewall apps are less common than desktop firewalls. + +On mobile devices, network control is often handled by: +- MDM +- VPN apps +- Per-app network rules +- Enterprise security suites + +Exam clue: +- If the question says only approved apps should access company data or network resources, think MDM, VPN, or app access control. + +## Commands To Enter + +This objective is mostly settings-based, so there are not many normal command-line tools for a locked-down phone. Use these commands only to open account/device-security pages from a computer browser. + +Windows: + +```powershell +start https://account.microsoft.com/devices +``` + +What it does: +- Opens the Microsoft devices page for the signed-in account in your default browser. +- Use it only to inspect registered devices. + +```powershell +start https://myaccount.google.com/security +``` + +What it does: +- Opens the Google account security page. +- Use it to inspect signed-in devices, security alerts, and recovery options. + +macOS: + +```bash +open https://appleid.apple.com +``` + +What it does: +- Opens the Apple ID account page in the default browser. +- Use it to review trusted devices and account security settings. + +Linux: + +```bash +xdg-open https://myaccount.google.com/security +``` + +What it does: +- Opens the Google account security page in the default browser. +- Use it to inspect account security if the command is available on your Linux system. + +Do not erase, wipe, unenroll, reset, or remove a device from an account during this section. + +## Quick Checks + +You should be able to answer: +- What protects mobile data at rest? +- What is weak about swipe-only unlock? +- What does MDM enforce? +- Why does BYOD need a policy? +- When would remote wipe be appropriate? +- Why are OS and app updates security controls? +- Why is Android anti-malware more common than iOS anti-malware? + diff --git a/notes/SEC-9-data-destruction.md b/notes/SEC-9-data-destruction.md new file mode 100644 index 0000000..ccd2da5 --- /dev/null +++ b/notes/SEC-9-data-destruction.md @@ -0,0 +1,260 @@ +# SEC-9: Data Destruction + +Status: not started + +Domain: +- 2.0 Security + +Objective alignment: +- 2.9 Data destruction + +## What You Need To Know + +Data destruction means making stored data unrecoverable before a device is reused, recycled, sold, returned, or thrown away. + +The exam wants you to match the method to the situation: +- Reuse the drive: securely wipe it. +- Dispose of the drive: physically destroy it. +- Magnetic hard drive: degaussing can work. +- SSD or flash storage: degaussing does not work. +- Legal or regulated data: keep a certificate of destruction. + +## Memory Trick + +Use **W-D-S-C**: + +- **W**ipe if you want to reuse it +- **D**estroy if you want it gone forever +- **S**SDs do not degauss +- **C**ertificate proves destruction + +Shortcut: +- **Reuse = wipe. Retire = destroy. Regulated = certificate.** + +## Deleting Is Not Destruction + +Normal delete: +- Removes the file entry from normal view. +- The data may still exist on the storage device. +- Recovery tools may be able to bring it back. + +Recycle Bin or Trash: +- Even less final than deletion. +- The user can often restore the file. + +Exam clue: +- If the question asks for secure removal, normal delete is not enough. + +## Formatting + +Quick format: +- Rebuilds the file system structure. +- Usually does not overwrite all old data. +- Data recovery may still be possible. + +Regular format: +- Overwrites sectors on modern Windows versions. +- Takes longer than quick format. +- Better for data removal than quick format. + +Low-level format: +- Factory-level process. +- Not a normal user or technician procedure on modern drives. +- Usually not the right exam answer for everyday data destruction. + +## Secure Erasing and Wiping + +File-level overwrite: +- Overwrites a specific file. +- Useful when only one file must be removed. +- Does not wipe the rest of the drive. + +Whole-drive wipe: +- Overwrites the entire drive. +- Useful before reusing or repurposing a drive. +- Takes longer but covers all data. + +Examples: +- Windows Sysinternals `sdelete` can securely delete files or clean free space. +- DBAN can wipe traditional hard drives. + +SSD caution: +- SSDs use wear leveling, so old data may not be overwritten the same way as a spinning hard drive. +- Use manufacturer secure erase tools, OS reset options designed for SSDs, or cryptographic erase when available. + +Cryptographic erase: +- Destroys the encryption key instead of overwriting all storage blocks. +- Fast when the device was already fully encrypted. +- Without the key, encrypted data is not practically readable. + +## Physical Destruction + +Physical destruction makes the drive unusable. + +Common methods: +- Drill or hammer through platters/chips +- Shredding +- Incineration +- Degaussing for magnetic media + +Use physical destruction when: +- The drive will not be reused. +- The data is highly sensitive. +- Regulations or company policy require destruction. +- You cannot trust a software wipe. + +## Degaussing + +Degaussing uses a strong magnetic field to destroy data on magnetic media. + +Works for: +- Magnetic hard drives +- Some magnetic tapes + +Does not work for: +- SSDs +- USB flash drives +- SD cards +- Other flash storage + +Exam clue: +- If the device is SSD or flash, do not choose degaussing. + +## Certificate of Destruction + +A certificate of destruction is proof that a drive or batch of drives was destroyed. + +It may include: +- Date +- Serial numbers or asset tags +- Method used +- Vendor name +- Chain-of-custody details +- Signature or confirmation + +Use it when: +- A third party destroys the drives. +- Data is regulated. +- The organization needs an audit trail. + +## Choosing The Best Method + +Scenario shortcuts: +- Old company laptop will be reused: whole-drive wipe or secure erase. +- Failed hard drive with patient records: physical destruction plus certificate. +- Magnetic hard drive disposal: shred, drill, incinerate, or degauss. +- SSD disposal: shred or use SSD secure erase/crypto erase; do not degauss. +- One file must be removed but the drive stays in use: file-level secure delete. +- Drive is encrypted and being retired: crypto erase may be appropriate if policy allows it. + +## Commands To Enter + +Only run these against disposable test files. Do not run wipe commands against real drives in this course unless you intentionally want to destroy data. + +Windows PowerShell: + +```powershell +New-Item -ItemType Directory -Path "$env:USERPROFILE\AplusDataDestructionLab" +``` + +What it does: +- Creates a safe lab folder in your user profile. + +```powershell +"Practice data" | Set-Content "$env:USERPROFILE\AplusDataDestructionLab\test.txt" +``` + +What it does: +- Creates a small test file for the lab. + +```powershell +Remove-Item "$env:USERPROFILE\AplusDataDestructionLab\test.txt" +``` + +What it does: +- Deletes the test file. +- This is normal deletion, not secure destruction. + +```powershell +Get-Volume +``` + +What it does: +- Lists mounted volumes and file systems. +- Use it for inspection only in this section. + +Linux: + +```bash +mkdir -p ~/aplus-data-destruction-lab +``` + +What it does: +- Creates a safe lab folder in your home directory. + +```bash +printf "Practice data\n" > ~/aplus-data-destruction-lab/test.txt +``` + +What it does: +- Creates a small test file. + +```bash +rm ~/aplus-data-destruction-lab/test.txt +``` + +What it does: +- Deletes the test file. +- This is normal deletion, not secure destruction. + +```bash +lsblk -f +``` + +What it does: +- Lists block devices and file systems. +- Use it to identify storage types for inspection only. + +macOS: + +```bash +mkdir -p ~/aplus-data-destruction-lab +``` + +What it does: +- Creates a safe lab folder on the Mac. + +```bash +printf "Practice data\n" > ~/aplus-data-destruction-lab/test.txt +``` + +What it does: +- Creates a small test file. + +```bash +rm ~/aplus-data-destruction-lab/test.txt +``` + +What it does: +- Deletes the test file. +- This is normal deletion, not secure destruction. + +```bash +diskutil list +``` + +What it does: +- Lists disks and partitions. +- Use it for inspection only. + +## Quick Checks + +You should be able to answer: +- Why is normal delete not secure destruction? +- What is the difference between quick format and regular format? +- When should you use whole-drive wiping? +- Why does degaussing not work on SSDs? +- When is a certificate of destruction needed? +- What method would you choose for a drive that must be reused? +- What method would you choose for regulated data on a retired drive? + diff --git a/notes/TRB-1-windows-os-issues.md b/notes/TRB-1-windows-os-issues.md new file mode 100644 index 0000000..50c0510 --- /dev/null +++ b/notes/TRB-1-windows-os-issues.md @@ -0,0 +1,108 @@ +# TRB-1: Windows OS Issues + +Status: not started + +Domain: +- 3.0 Software Troubleshooting + +Objective alignment: +- 3.1 Troubleshoot common Windows OS problems + +## What You Need To Know + +Windows troubleshooting questions usually give a symptom and ask for the most likely next step. + +Common symptoms: +- Blue screen of death +- Slow performance +- Frequent shutdowns +- Services failing to start +- Application crashes +- Low memory warnings +- USB controller resource warnings +- System instability +- No OS found +- Slow profile load +- Time drift + +## Memory Trick + +Use **B-S-S-A-D-P-T**: + +- **B**oot +- **S**ervices +- **S**torage +- **A**pplications +- **D**rivers +- **P**rofiles +- **T**ime + +Shortcut: +- **A Windows symptom usually points to boot, services, storage, drivers, profile, or time.** + +## Symptom Matching + +No OS found: +- Check boot order. +- Check whether the drive is detected. +- Check boot files and startup repair. + +BSOD: +- Suspect drivers, hardware, memory, storage, or recent updates. +- Use Event Viewer, Reliability Monitor, and memory/storage diagnostics. + +Slow performance: +- Check Task Manager for CPU, memory, disk, and startup load. +- Check available disk space. +- Review recently installed apps. + +Services not starting: +- Check Services console. +- Check dependencies. +- Review Event Viewer. + +Slow profile load: +- Suspect large profile data, network profile issues, login scripts, or domain connectivity. + +System time drift: +- Check time zone, CMOS battery, and time synchronization. + +## Commands To Know + +```powershell +sfc /scannow +``` + +Checks protected Windows system files and attempts repair. + +```powershell +DISM /Online /Cleanup-Image /RestoreHealth +``` + +Repairs the Windows component store used by SFC. + +```powershell +chkdsk +``` + +Checks file system status. + +```powershell +eventvwr.msc +``` + +Opens Event Viewer for logs and error clues. + +```powershell +perfmon /rel +``` + +Opens Reliability Monitor for a timeline of failures. + +## Exam Clues + +- If Windows cannot find an OS, think boot order, missing boot files, or failed drive. +- If the system fails after a driver update, roll back the driver or boot into Safe Mode. +- If apps crash after system corruption, use DISM and SFC. +- If performance is slow, gather evidence before changing settings. + diff --git a/notes/TRB-2-mobile-os-app-issues.md b/notes/TRB-2-mobile-os-app-issues.md new file mode 100644 index 0000000..5dd5b68 --- /dev/null +++ b/notes/TRB-2-mobile-os-app-issues.md @@ -0,0 +1,87 @@ +# TRB-2: Mobile OS and App Issues + +Status: not started + +Domain: +- 3.0 Software Troubleshooting + +Objective alignment: +- 3.2 Troubleshoot common mobile OS and application problems + +## What You Need To Know + +Mobile troubleshooting often starts with simple checks: +- Updates +- Storage +- Permissions +- Connectivity +- App cache/data +- Battery health +- Compatibility + +Common symptoms: +- App fails to launch +- App fails to close +- App fails to update +- App fails to install +- App crashes +- Slow response +- OS update failure +- Battery drain +- Random reboots +- Bluetooth, Wi-Fi, or NFC problems +- Screen autorotation failure + +## Memory Trick + +Use **U-S-P-C-R**: + +- **U**pdate +- **S**torage +- **P**ermissions +- **C**onnectivity +- **R**estart/reinstall + +Shortcut: +- **Most mobile app problems start with update, storage, permission, or connectivity checks.** + +## Troubleshooting Flow + +App will not launch or crashes: +- Restart the app. +- Restart the device. +- Update the app. +- Update the OS. +- Clear app cache where supported. +- Reinstall the app if needed. + +App will not install or update: +- Check storage. +- Check network connectivity. +- Check app store account status. +- Check OS compatibility. + +Battery drains quickly: +- Review battery usage by app. +- Check screen brightness. +- Disable unnecessary radios. +- Check for runaway apps. + +Connectivity problems: +- Toggle the affected radio. +- Forget and reconnect to the network or device. +- Check range and pairing mode. +- Restart device if needed. + +Autorotation fails: +- Check rotation lock. +- Restart the app. +- Test sensors if available. + +## Exam Clues + +- If an app cannot install, storage and compatibility are high-probability answers. +- If Bluetooth pairing fails, check pairing mode and forget/re-pair. +- If the issue started after an update, check known issues and compatibility. +- If one app is the only problem, focus on that app before resetting the whole phone. + diff --git a/notes/TRB-3-mobile-security-issues.md b/notes/TRB-3-mobile-security-issues.md new file mode 100644 index 0000000..9c039df --- /dev/null +++ b/notes/TRB-3-mobile-security-issues.md @@ -0,0 +1,88 @@ +# TRB-3: Mobile Security Issues + +Status: not started + +Domain: +- 3.0 Software Troubleshooting + +Objective alignment: +- 3.3 Troubleshoot common mobile device security issues + +## What You Need To Know + +Mobile security issues often come from risky configuration or untrusted apps. + +Risk factors: +- Unofficial app stores +- Sideloaded applications +- Developer mode +- Rooted or jailbroken device +- Unauthorized apps +- Application spoofing + +Symptoms: +- High network traffic +- Slow response +- Data usage alerts +- Limited or no internet +- Many ads +- Fake security warnings +- Unexpected app behavior +- Leaked personal data + +## Memory Trick + +Use **R-U-D-A**: + +- **R**oot/jailbreak +- **U**nofficial store +- **D**eveloper mode +- **A**ds/alerts + +Shortcut: +- **If the source or control model is untrusted, treat the phone as high risk.** + +## What To Check + +App source: +- Was the app installed from the official app store? +- Is the developer name correct? +- Are reviews and permissions suspicious? + +Device integrity: +- Is the device rooted or jailbroken? +- Is developer mode enabled? +- Are unknown sources allowed? + +Network and data: +- Is one app using unusual data? +- Does traffic spike when the app is open? +- Are VPN or proxy settings unexpected? + +User symptoms: +- Fake antivirus pop-ups +- Ads outside the browser +- Browser redirects +- Unrecognized apps + +## Response Priorities + +For personal devices: +- Remove suspicious apps. +- Update OS and apps. +- Run trusted security tools if available. +- Change passwords from a known-clean device if compromise is suspected. + +For managed devices: +- Follow company policy. +- Notify support/security. +- Use MDM actions when appropriate. +- Preserve evidence if required. + +## Exam Clues + +- Rooted or jailbroken devices bypass normal protections. +- Unofficial app stores increase malware risk. +- App spoofing means a fake app pretends to be legitimate. +- High data usage plus ads and fake warnings points to malware or unwanted software. + diff --git a/notes/TRB-4-pc-security-symptoms.md b/notes/TRB-4-pc-security-symptoms.md new file mode 100644 index 0000000..b2f3f1e --- /dev/null +++ b/notes/TRB-4-pc-security-symptoms.md @@ -0,0 +1,78 @@ +# TRB-4: PC Security Symptoms + +Status: not started + +Domain: +- 3.0 Software Troubleshooting + +Objective alignment: +- 3.4 Troubleshoot common PC security issues + +## What You Need To Know + +Security troubleshooting questions often describe symptoms instead of naming malware. + +PC symptoms: +- Cannot access the network +- Desktop alerts +- Fake antivirus warnings +- Files are altered, missing, renamed, or inaccessible +- Unwanted OS notifications +- OS update failures + +Browser symptoms: +- Frequent pop-ups +- Certificate warnings +- Redirection +- Degraded browser performance + +## Memory Trick + +Use **FAN-B**: + +- **F**iles changed +- **A**lerts are fake +- **N**etwork blocked +- **B**rowser redirects + +Shortcut: +- **Fake alerts plus changed files or redirects means assume compromise until verified.** + +## Common Causes + +Malware: +- Fake antivirus +- Ransomware +- Spyware +- Adware +- Browser hijackers + +Misconfiguration: +- Bad proxy setting +- Wrong DNS setting +- Expired certificate or wrong system time +- Firewall or security tool blocking traffic + +Compromised account: +- Unexpected sync changes +- Unauthorized browser extensions +- New login alerts + +## Response Flow + +1. Identify symptoms. +2. Disconnect from the network if active compromise is suspected. +3. Preserve evidence when policy requires it. +4. Run trusted security tools. +5. Remove or quarantine threats. +6. Update OS, browser, and security software. +7. Change passwords from a known-clean device if credentials may be compromised. +8. Document findings and actions. + +## Exam Clues + +- Pop-ups and redirects point to adware or browser hijacking. +- Inaccessible renamed files point to ransomware. +- Certificate warnings can be malicious, misconfigured, or caused by wrong system time. +- OS update failure may be caused by malware, corruption, or network problems. + diff --git a/quiz-log.md b/quiz-log.md new file mode 100644 index 0000000..006dab1 --- /dev/null +++ b/quiz-log.md @@ -0,0 +1,22 @@ +# Quiz Log + +## OS-5 Quiz: OS Types and File Systems + +- Date: 2026-06-11 20:14 CDT +- Quiz: OS-5 / Objective 1.1 operating system types and file systems +- Score: 7/7 +- Missed questions: none +- Weak concepts: none from quiz; use exact exam term `ext4` instead of general `ext` +- Next review: quick spaced review before starting the next Operating Systems block + +## Baseline Quiz + +Status: not started + +Record format: +- Date: +- Quiz: +- Score: +- Missed questions: +- Weak concepts: +- Next review: diff --git a/quizzes/OPS-1-quiz.md b/quizzes/OPS-1-quiz.md new file mode 100644 index 0000000..3ca9764 --- /dev/null +++ b/quizzes/OPS-1-quiz.md @@ -0,0 +1,51 @@ +# OPS-1 Quiz: Documentation and Support Systems + +Take this after studying `notes/OPS-1-documentation-support-systems.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. Which information belongs in a support ticket? + +A. Only the technician's favorite tool +B. User, device, issue, severity, steps, and resolution +C. Only the desktop background +D. Only the weather + +2. What does an asset tag help identify? + +A. The user's password +B. The monitor color temperature +C. The managed device in inventory records +D. The browser homepage + +3. What is an SLA? + +A. A service level agreement defining expected support terms +B. A screen layout assistant +C. A backup cable +D. A command prompt shortcut + +4. What is a knowledge base article used for? + +A. Storing private passwords +B. Replacing all tickets +C. Disabling escalation +D. Reusing documented solutions to known issues + +5. What is an SOP? + +A. A wireless antenna type +B. A repeatable standard operating procedure +C. A disk partition format +D. A certificate warning + +## Answer Key For Instructor + +1. B +2. C +3. A +4. D +5. B diff --git a/quizzes/OPS-10-quiz.md b/quizzes/OPS-10-quiz.md new file mode 100644 index 0000000..3d647fc --- /dev/null +++ b/quizzes/OPS-10-quiz.md @@ -0,0 +1,51 @@ +# OPS-10 Quiz: AI Concepts + +Take this after studying `notes/OPS-10-ai-concepts.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B` + +## Questions + +1. What is an AI hallucination? + +A. A confident but false or unsupported output +B. A verified source citation +C. A backup rotation method +D. A remote desktop protocol + +2. What should you do before entering private company data into an AI tool? + +A. Post it publicly +B. Disable all logs +C. Check company policy and approval +D. Ignore data sensitivity + +3. Why can AI output be biased? + +A. Because backups are encrypted +B. Because RDP is enabled +C. Because toner is low +D. Because output may reflect skewed training data or assumptions + +4. What should you do with AI-generated technical steps before using them? + +A. Trust them automatically +B. Verify them before acting +C. Delete the ticket +D. Skip testing + +5. Which AI use is highest risk? + +A. Explaining a public error code +B. Pasting sensitive customer data into an unapproved public AI tool +C. Drafting a generic checklist +D. Summarizing public documentation + +## Answer Key For Instructor + +1. A +2. C +3. D +4. B +5. B diff --git a/quizzes/OPS-2-quiz.md b/quizzes/OPS-2-quiz.md new file mode 100644 index 0000000..19b0c1d --- /dev/null +++ b/quizzes/OPS-2-quiz.md @@ -0,0 +1,51 @@ +# OPS-2 Quiz: Change Management + +Take this after studying `notes/OPS-2-change-management.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B` + +## Questions + +1. What should a change plan include in case the update fails? + +A. Wallpaper plan +B. Rollback plan +C. Keyboard shortcut list +D. Browser favorites + +2. What type of change is usually low-risk, repeatable, and preapproved? + +A. Emergency +B. Unknown +C. Standard +D. Unauthorized + +3. Why use a maintenance window? + +A. To reduce impact on users and operations +B. To avoid documenting the change +C. To remove approval requirements +D. To skip backups + +4. What is a change freeze? + +A. A file compression method +B. A hardware cooling feature +C. A command-line shell +D. A period when noncritical changes are restricted + +5. What should happen after an emergency change? + +A. Delete all records +B. Document and review it according to policy +C. Ignore user impact +D. Disable ticketing + +## Answer Key For Instructor + +1. B +2. C +3. A +4. D +5. B diff --git a/quizzes/OPS-3-quiz.md b/quizzes/OPS-3-quiz.md new file mode 100644 index 0000000..19371b2 --- /dev/null +++ b/quizzes/OPS-3-quiz.md @@ -0,0 +1,51 @@ +# OPS-3 Quiz: Backup and Recovery + +Take this after studying `notes/OPS-3-backup-recovery.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B` + +## Questions + +1. Which backup includes all selected data? + +A. Incremental +B. Full +C. Differential +D. Synthetic only + +2. Which backup saves changes since the last full backup? + +A. Incremental only +B. Firmware +C. Differential +D. Proxy + +3. What does the 3-2-1 rule include? + +A. Three copies, two media types, one offsite copy +B. Three passwords, two users, one printer +C. Three browsers, two tabs, one cache +D. Three updates, two drivers, one cable + +4. Why test restores? + +A. To reduce screen brightness +B. To change the hostname +C. To remove asset tags +D. To verify backup data can actually be recovered + +5. Which backup type saves changes since the last backup of any type? + +A. Full +B. Incremental +C. Differential +D. Manual only + +## Answer Key For Instructor + +1. B +2. C +3. A +4. D +5. B diff --git a/quizzes/OPS-4-quiz.md b/quizzes/OPS-4-quiz.md new file mode 100644 index 0000000..3eb8c2c --- /dev/null +++ b/quizzes/OPS-4-quiz.md @@ -0,0 +1,51 @@ +# OPS-4 Quiz: Safety Procedures + +Take this after studying `notes/OPS-4-safety-procedures.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B` + +## Questions + +1. What protects components from electrostatic discharge? + +A. Louder speakers +B. Antistatic wrist strap and ESD mat +C. More browser tabs +D. Dark wallpaper + +2. What should be done before opening a desktop for repair? + +A. Disable all tickets +B. Clear browser cache +C. Disconnect power according to procedure +D. Change the SLA + +3. How should a removed motherboard be stored? + +A. In an antistatic bag +B. On carpet +C. Under a drink cup +D. In a printer tray + +4. What is proper action for moving a heavy printer? + +A. Drag it by cables +B. Balance it on one hand +C. Ignore manufacturer guidance +D. Use proper lifting technique or get assistance + +5. Why manage cables? + +A. To increase malware risk +B. To reduce trip hazards and improve organization +C. To disable grounding +D. To block ventilation + +## Answer Key For Instructor + +1. B +2. C +3. A +4. D +5. B diff --git a/quizzes/OPS-5-quiz.md b/quizzes/OPS-5-quiz.md new file mode 100644 index 0000000..c328a0e --- /dev/null +++ b/quizzes/OPS-5-quiz.md @@ -0,0 +1,52 @@ +# OPS-5 Quiz: Environmental Controls + +Take this after studying `notes/OPS-5-environmental-controls.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B` + +## Questions + +1. What device provides short-term battery power during an outage? + +A. Surge suppressor +B. UPS +C. Toner cartridge +D. Patch panel + +2. What document gives safety guidance for chemicals or materials? + +A. SDS or MSDS +B. SLA +C. SSID +D. RDP + +3. What is a brownout? + +A. Complete loss of power +B. A malware alert +C. A low-voltage power condition +D. A browser redirect + +4. How should used toner be handled? + +A. Thrown anywhere +B. Washed down a sink +C. Stored in RAM slots +D. Recycled or disposed of according to policy + +5. Why does equipment need ventilation? + +A. To reduce overheating risk +B. To improve password length +C. To disable updates +D. To remove asset tags + +## Answer Key For Instructor + +1. B +2. A +3. C +4. D +5. A + diff --git a/quizzes/OPS-6-quiz.md b/quizzes/OPS-6-quiz.md new file mode 100644 index 0000000..c298a32 --- /dev/null +++ b/quizzes/OPS-6-quiz.md @@ -0,0 +1,52 @@ +# OPS-6 Quiz: Policy, Privacy, and Licensing + +Take this after studying `notes/OPS-6-policy-privacy-licensing.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B` + +## Questions + +1. What does chain of custody document? + +A. Evidence handling and transfer history +B. Screen brightness +C. Toner density +D. Wi-Fi channel width + +2. What does order of volatility help decide? + +A. Which monitor to replace first +B. Which evidence to collect first +C. Which font to use +D. Which wallpaper to deploy + +3. What is an EULA? + +A. Emergency user login account +B. Ethernet uplink layer adapter +C. End-user license agreement +D. External USB logging app + +4. What does an acceptable use policy define? + +A. Rules for appropriate use of company systems +B. Backup cable length +C. Printer tray order +D. Screen resolution + +5. Which statement about open-source software is correct? + +A. It never has license terms +B. It may still have license requirements +C. It cannot be used by businesses +D. It disables compliance + +## Answer Key For Instructor + +1. A +2. B +3. C +4. A +5. B + diff --git a/quizzes/OPS-7-quiz.md b/quizzes/OPS-7-quiz.md new file mode 100644 index 0000000..7544647 --- /dev/null +++ b/quizzes/OPS-7-quiz.md @@ -0,0 +1,52 @@ +# OPS-7 Quiz: Professionalism + +Take this after studying `notes/OPS-7-professionalism.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B` + +## Questions + +1. What is the best first response to an unclear user issue? + +A. Ask open-ended questions +B. Blame the user +C. Close the ticket +D. Delete the profile + +2. Why restate the user's issue? + +A. To avoid documenting it +B. To confirm understanding +C. To prove the user is wrong +D. To skip troubleshooting + +3. A repair will take longer than expected. What should you do? + +A. Say nothing +B. Hide the delay +C. Communicate status and reset expectations +D. Delete the ticket + +4. A user requests access to another user's files. What matters most? + +A. File size +B. Screen brightness +C. Wallpaper policy +D. Authorization and confidentiality + +5. Which behavior should be avoided? + +A. Active listening +B. Dismissing or judging the user +C. Follow-up +D. Documentation + +## Answer Key For Instructor + +1. A +2. B +3. C +4. D +5. B + diff --git a/quizzes/OPS-8-quiz.md b/quizzes/OPS-8-quiz.md new file mode 100644 index 0000000..e30f46e --- /dev/null +++ b/quizzes/OPS-8-quiz.md @@ -0,0 +1,52 @@ +# OPS-8 Quiz: Scripting Basics + +Take this after studying `notes/OPS-8-scripting-basics.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B` + +## Questions + +1. Which extension is commonly used for PowerShell scripts? + +A. `.bat` +B. `.ps1` +C. `.jpg` +D. `.xlsx` + +2. Which extension is commonly used for Bash shell scripts? + +A. `.sh` +B. `.docx` +C. `.png` +D. `.iso` + +3. What is a common scripting use case? + +A. Physically lifting a printer +B. Replacing toner +C. Automating software installation +D. Cleaning a monitor + +4. What is a risk of running an unknown script? + +A. It may change settings or introduce malware +B. It always improves security +C. It cannot affect files +D. It disables all permissions + +5. What should you do before broad script deployment? + +A. Skip testing +B. Test and review the script +C. Delete all backups +D. Disable rollback + +## Answer Key For Instructor + +1. B +2. A +3. C +4. A +5. B + diff --git a/quizzes/OPS-9-quiz.md b/quizzes/OPS-9-quiz.md new file mode 100644 index 0000000..ebebcdc --- /dev/null +++ b/quizzes/OPS-9-quiz.md @@ -0,0 +1,51 @@ +# OPS-9 Quiz: Remote Access + +Take this after studying `notes/OPS-9-remote-access.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B` + +## Questions + +1. Which protocol is commonly used for secure command-line access? + +A. RDP +B. SSH +C. VNC +D. SPICE + +2. What does a VPN provide? + +A. Encrypted access into a private network +B. Toner recycling +C. Screen cleaning +D. File deletion only + +3. What should happen before starting user screen sharing? + +A. Ignore the user +B. Disable authentication +C. Get user approval +D. Publish the session + +4. What security principle limits technician access to only what is needed? + +A. Highest privilege +B. Open access +C. Anonymous access +D. Least privilege + +5. Which tool category supports managed monitoring and administration? + +A. MSDS +B. EULA +C. RMM +D. GFS + +## Answer Key For Instructor + +1. B +2. A +3. C +4. D +5. C diff --git a/quizzes/OS-1-quiz.md b/quizzes/OS-1-quiz.md new file mode 100644 index 0000000..1dcefcf --- /dev/null +++ b/quizzes/OS-1-quiz.md @@ -0,0 +1,67 @@ +# OS-1 Quiz: Windows Editions and System Information + +Take this after studying `notes/OS-1-windows-editions-system-info.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. A small business needs Windows computers to join a domain and use Group Policy. Which Windows edition is the best minimum choice? + +A. Windows Home +B. Windows Pro +C. Windows SE +D. Windows IoT + +2. Which command opens a graphical dialog showing the Windows version and build? + +A. `whoami` +B. `hostname` +C. `ping` +D. `winver` + +3. Which command is best for collecting detailed Windows inventory information such as OS version, BIOS version, system type, and memory? + +A. `systeminfo` +B. `ipconfig` +C. `netstat` +D. `gpupdate` + +4. Which Linux command or file is commonly used to identify the distribution name and version? + +A. `chmod` +B. `ping 127.0.0.1` +C. `cat /etc/os-release` +D. `net use` + +5. A technician wants to verify which user account is currently active before making changes. Which command should they use on Windows or Linux? + +A. `hostname` +B. `whoami` +C. `uname -a` +D. `tracert` + +6. A PC cannot upgrade to Windows 11 because it does not meet a security hardware requirement. Which item should the technician check? + +A. exFAT +B. Telnet +C. POP3 +D. TPM 2.0 + +7. Which Windows tool can show BIOS Mode and Secure Boot State? + +A. Disk Cleanup +B. Services +C. System Information +D. Resource Monitor + +## Answer Key For Instructor + +1. B +2. D +3. A +4. C +5. B +6. D +7. C diff --git a/quizzes/OS-10-quiz.md b/quizzes/OS-10-quiz.md new file mode 100644 index 0000000..bc72775 --- /dev/null +++ b/quizzes/OS-10-quiz.md @@ -0,0 +1,68 @@ +# OS-10 Quiz: Application Installation Requirements + +Take this after studying `notes/OS-10-application-installation-requirements.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. Can a 32-bit operating system run a 64-bit application? + +A. Yes, always +B. Only if the app is installed from an ISO +C. Only if the system has enough RAM +D. No + +2. On 64-bit Windows, where are many 32-bit desktop applications installed by default? + +A. `C:\Program Files (x86)` +B. `C:\Windows\System32` +C. `C:\Users\Public` +D. `C:\Drivers` + +3. An application requires a dedicated GPU with 4 GB VRAM. Which requirement is being described? + +A. Storage +B. Network +C. Graphics +D. Package manager + +4. What is an ISO file? + +A. A compressed user profile +B. A disk image that can be mounted like a virtual disc +C. A firewall rule +D. A password database + +5. A company wants new PCs deployed with the OS, drivers, and standard apps already installed. Which method fits best? + +A. Manual registry editing +B. APIPA +C. Safe Mode +D. Image deployment + +6. Why should business impact be considered before upgrading a critical application? + +A. It changes the MAC address +B. It disables DNS automatically +C. The app may affect workflows, downtime, or dependent processes +D. It always removes user accounts + +7. Which Linux command shows memory usage in human-readable units? + +A. `dig` +B. `free -h` +C. `chmod` +D. `pwd` + +## Answer Key For Instructor + +1. D +2. A +3. C +4. B +5. D +6. C +7. B + diff --git a/quizzes/OS-11-quiz.md b/quizzes/OS-11-quiz.md new file mode 100644 index 0000000..dfff1f0 --- /dev/null +++ b/quizzes/OS-11-quiz.md @@ -0,0 +1,68 @@ +# OS-11 Quiz: Cloud Productivity Tools + +Take this after studying `notes/OS-11-cloud-productivity-tools.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. Which cloud productivity feature keeps files available across multiple devices? + +A. File synchronization +B. APIPA +C. Disk defragmentation +D. Secure Boot + +2. A user can sign in to the company portal but cannot open the licensed presentation app. What should the technician check? + +A. Drive letter assignment +B. BIOS time +C. License assignment +D. File system type + +3. Which concept allows user account changes in one directory to appear in connected cloud services? + +A. Disk imaging +B. Identity synchronization +C. Local formatting +D. File compression + +4. Which is an example of a cloud collaboration tool? + +A. Disk cleanup +B. Device Manager +C. Local-only Notepad file +D. Shared online document editing + +5. What does an online-only cloud file usually mean? + +A. The file is stored only in BIOS +B. The file cannot be shared +C. The file appears locally but downloads when opened +D. The file is a printer driver + +6. Why are cloud licenses easier to manage than physical license keys? + +A. They disable MFA +B. They can be centrally assigned and moved between users +C. They replace DNS +D. They require FAT32 + +7. Which service is commonly included in cloud productivity suites? + +A. POST beep codes +B. RAID controller firmware +C. Thermal paste management +D. Email + +## Answer Key For Instructor + +1. A +2. C +3. B +4. D +5. C +6. B +7. D + diff --git a/quizzes/OS-2-quiz.md b/quizzes/OS-2-quiz.md new file mode 100644 index 0000000..070f52e --- /dev/null +++ b/quizzes/OS-2-quiz.md @@ -0,0 +1,52 @@ +# OS-2 Quiz: Windows Installation, Boot, and Recovery + +Take this after studying `notes/OS-2-windows-installation-recovery.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B` + +## Questions + +1. A technician needs to install Windows on a used PC and remove the previous operating system and data. Which installation type is best? + +A. Upgrade install +B. In-place repair +C. Clean install +D. PXE boot only + +2. A user wants to move to a newer supported Windows version while keeping compatible apps and files. Which installation type fits best? + +A. Clean install +B. Upgrade install +C. System image recovery +D. Low-level format + +3. Windows fails to boot after a power loss. Which recovery option should the technician try first for common startup issues? + +A. Disk Cleanup +B. Device Manager +C. Credential Manager +D. Startup Repair + +4. Which statement best describes System Restore? + +A. It restores personal documents from cloud storage. +B. It securely erases the drive. +C. It rolls system files and settings back to a restore point. +D. It changes the computer name. + +5. Which command restarts Windows directly into Advanced Startup options? + +A. `shutdown /s /t 0` +B. `shutdown /r /o /t 0` +C. `sfc /scannow` +D. `ipconfig /release` + +## Answer Key For Instructor + +1. C +2. B +3. D +4. C +5. B + diff --git a/quizzes/OS-3-quiz.md b/quizzes/OS-3-quiz.md new file mode 100644 index 0000000..1099111 --- /dev/null +++ b/quizzes/OS-3-quiz.md @@ -0,0 +1,52 @@ +# OS-3 Quiz: Windows Administrative Tools + +Take this after studying `notes/OS-3-windows-admin-tools.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B` + +## Questions + +1. A Windows service failed to start during boot. Which tool should the technician check first for detailed logged errors? + +A. Disk Management +B. Event Viewer +C. Device Manager +D. Task Scheduler + +2. A user installed a printer, but Windows shows a driver problem. Which tool should the technician use? + +A. Performance Monitor +B. Disk Cleanup +C. Local Security Policy +D. Device Manager + +3. A technician needs to assign a new drive letter to a partition. Which tool should they use? + +A. Resource Monitor +B. Task Manager +C. Disk Management +D. Event Viewer + +4. A computer is slow right now, and the technician wants to see live CPU, memory, disk, and network activity. Which tool fits best? + +A. System Restore +B. Resource Monitor +C. Local Users and Groups +D. Windows Defender Firewall + +5. A technician needs a script to run automatically every night. Which tool should they use? + +A. Services +B. Device Manager +C. System Information +D. Task Scheduler + +## Answer Key For Instructor + +1. B +2. D +3. C +4. B +5. D + diff --git a/quizzes/OS-4-quiz.md b/quizzes/OS-4-quiz.md new file mode 100644 index 0000000..2655057 --- /dev/null +++ b/quizzes/OS-4-quiz.md @@ -0,0 +1,68 @@ +# OS-4 Quiz: Windows Command Line + +Take this after studying `notes/OS-4-windows-command-line.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. Which command shows detailed Windows network adapter information, including DNS and DHCP details? + +A. `ping` +B. `hostname` +C. `winver` +D. `ipconfig /all` + +2. A user can ping `8.8.8.8` but cannot browse to `example.com`. Which command should the technician use to test DNS resolution? + +A. `chkdsk /f` +B. `gpupdate /force` +C. `nslookup example.com` +D. `format` + +3. Which command shows active connections, listening ports, and process IDs? + +A. `sfc /scannow` +B. `netstat -ano` +C. `dir` +D. `whoami` + +4. Which command scans protected Windows system files and repairs them when possible? + +A. `tracert` +B. `net use` +C. `pathping` +D. `sfc /scannow` + +5. Which command forces Group Policy to refresh on a Windows system? + +A. `gpupdate /force` +B. `gpresult /r` +C. `winver` +D. `hostname` + +6. Which command-line tool can manage partitions and is dangerous if misused? + +A. `whoami` +B. `nslookup` +C. `diskpart` +D. `help dir` + +7. Which command displays syntax help for many Windows commands? + +A. `..` +B. `/?` +C. `127.0.0.1` +D. `C:` + +## Answer Key For Instructor + +1. D +2. C +3. B +4. D +5. A +6. C +7. B + diff --git a/quizzes/OS-5-quiz.md b/quizzes/OS-5-quiz.md new file mode 100644 index 0000000..2ad4e3f --- /dev/null +++ b/quizzes/OS-5-quiz.md @@ -0,0 +1,68 @@ +# OS-5 Quiz: OS Types and File Systems + +Take this after studying `notes/OS-5-os-types-filesystems.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. Which file system is the normal modern choice for Windows system drives? + +A. ext4 +B. APFS +C. NTFS +D. XFS + +2. Which file system is broadly compatible but has a 4 GB maximum single-file size? + +A. NTFS +B. FAT32 +C. ReFS +D. APFS + +3. Which file system is commonly used by Linux systems? + +A. HFS+ +B. exFAT +C. NTFS +D. ext4 + +4. Which operating system is most associated with Chromebooks and cloud/web-based workflows? + +A. ChromeOS +B. Windows Server +C. iPadOS +D. Android + +5. Which mobile operating system is Linux-based and used by many device manufacturers? + +A. iOS +B. macOS +C. Android +D. ChromeOS + +6. Which file system is Apple's modern file system for macOS, iOS, and iPadOS? + +A. ReFS +B. APFS +C. FAT32 +D. XFS + +7. Which command on Linux shows mounted file systems and their file-system types? + +A. `whoami` +B. `ping 127.0.0.1` +C. `gpupdate /force` +D. `df -T` + +## Answer Key For Instructor + +1. C +2. B +3. D +4. A +5. C +6. B +7. D + diff --git a/quizzes/OS-6-quiz.md b/quizzes/OS-6-quiz.md new file mode 100644 index 0000000..59f31a3 --- /dev/null +++ b/quizzes/OS-6-quiz.md @@ -0,0 +1,68 @@ +# OS-6 Quiz: Windows Control Panel and Settings + +Take this after studying `notes/OS-6-windows-control-panel-settings.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. A technician needs to uninstall a classic desktop application. Which tool is the best fit? + +A. Device Manager +B. Programs and Features +C. Event Viewer +D. Resource Monitor + +2. A user wants Windows to show hidden files and file extensions. Which area should the technician open? + +A. Power Options +B. Windows Defender Firewall +C. Devices and Printers +D. File Explorer Options + +3. A laptop user wants closing the lid to do nothing while connected to a docking station. Which area should be configured? + +A. Power Options +B. Internet Options +C. Indexing Options +D. User Accounts + +4. Which command opens Network Connections so a technician can view or change adapter settings? + +A. `appwiz.cpl` +B. `firewall.cpl` +C. `ncpa.cpl` +D. `powercfg.cpl` + +5. A printer needs to be managed from the classic Control Panel interface. Which command can open the right area? + +A. `control folders` +B. `control printers` +C. `msconfig` +D. `perfmon` + +6. A technician needs to manage a device driver. Which tool should they use? + +A. Disk Cleanup +B. Task Scheduler +C. Indexing Options +D. Device Manager + +7. Which command opens the Windows Settings app? + +A. `eventvwr.msc` +B. `chkdsk` +C. `ms-settings:` +D. `whoami` + +## Answer Key For Instructor + +1. B +2. D +3. A +4. C +5. B +6. D +7. C + diff --git a/quizzes/OS-7-quiz.md b/quizzes/OS-7-quiz.md new file mode 100644 index 0000000..e871575 --- /dev/null +++ b/quizzes/OS-7-quiz.md @@ -0,0 +1,68 @@ +# OS-7 Quiz: Windows Networking + +Take this after studying `notes/OS-7-windows-networking.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. A Windows client has an address beginning with `169.254`. What is the most likely issue? + +A. DNS is resolving too slowly +B. The firewall is disabled +C. The computer joined a domain +D. The client did not receive an address from DHCP + +2. Which Windows network profile is best for public Wi-Fi? + +A. Public +B. Private +C. Domain +D. Metered only + +3. Which command displays current mapped network drives? + +A. `gpresult /r` +B. `sfc /scannow` +C. `net use` +D. `winver` + +4. Which command opens Network Connections to view or change network adapter settings? + +A. `firewall.cpl` +B. `ncpa.cpl` +C. `appwiz.cpl` +D. `powercfg.cpl` + +5. Which setting converts hostnames like `example.com` into IP addresses? + +A. Gateway +B. Subnet mask +C. SSID +D. DNS server + +6. A company wants centralized login and Group Policy management. Which network model fits best? + +A. Workgroup +B. Public profile +C. Domain +D. APIPA + +7. Which Windows feature should be enabled for a cellular hotspot with limited data? + +A. Hidden share +B. Metered connection +C. Disk quota +D. Fast Startup + +## Answer Key For Instructor + +1. D +2. A +3. C +4. B +5. D +6. C +7. B + diff --git a/quizzes/OS-8-quiz.md b/quizzes/OS-8-quiz.md new file mode 100644 index 0000000..d67d53c --- /dev/null +++ b/quizzes/OS-8-quiz.md @@ -0,0 +1,68 @@ +# OS-8 Quiz: macOS Tools and Features + +Take this after studying `notes/OS-8-macos-tools-features.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. Which macOS feature provides built-in backups? + +A. Time Machine +B. FileVault +C. Spotlight +D. Keychain + +2. Which macOS feature provides full disk encryption? + +A. Finder +B. Dock +C. FileVault +D. Mission Control + +3. Which macOS tool stores passwords, certificates, and keys? + +A. Disk Utility +B. Keychain Access +C. Time Machine +D. Remote Disc + +4. Which macOS tool is most similar to Windows File Explorer? + +A. FileVault +B. Terminal +C. Spaces +D. Finder + +5. Which shortcut opens Force Quit on macOS? + +A. `Command-Space` +B. `Control-Alt-Delete` +C. `Command-Option-Escape` +D. `Windows-R` + +6. Which command shows the macOS version from Terminal? + +A. `gpresult /r` +B. `sw_vers` +C. `ipconfig /all` +D. `chkdsk` + +7. Which macOS tool is used to manage disks, partitions, and disk images? + +A. Spotlight +B. Dock +C. Continuity +D. Disk Utility + +## Answer Key For Instructor + +1. A +2. C +3. B +4. D +5. C +6. B +7. D + diff --git a/quizzes/OS-9-quiz.md b/quizzes/OS-9-quiz.md new file mode 100644 index 0000000..496d198 --- /dev/null +++ b/quizzes/OS-9-quiz.md @@ -0,0 +1,68 @@ +# OS-9 Quiz: Linux Client Tools + +Take this after studying `notes/OS-9-linux-client-tools.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. Which Linux file lists local user accounts? + +A. `/etc/resolv.conf` +B. `/etc/fstab` +C. `/etc/passwd` +D. `/etc/hosts` + +2. Which Linux file stores password hashes and is normally protected? + +A. `/etc/hosts` +B. `/etc/shadow` +C. `/etc/os-release` +D. `/etc/fstab` + +3. Which command changes file permissions? + +A. `grep` +B. `df` +C. `dig` +D. `chmod` + +4. Which command shows live CPU, memory, and process activity? + +A. `pwd` +B. `cp` +C. `top` +D. `cat` + +5. Which command shows mounted file systems and free space in human-readable units? + +A. `du -h` +B. `df -h` +C. `ls -l` +D. `mv` + +6. Which package manager is common on Debian and Ubuntu-based Linux distributions? + +A. `dnf` +B. `regedit` +C. `diskpart` +D. `apt` + +7. Which command opens Linux manual/help pages? + +A. `man` +B. `mount` +C. `sudo` +D. `find` + +## Answer Key For Instructor + +1. C +2. B +3. D +4. C +5. B +6. D +7. A + diff --git a/quizzes/SEC-1-quiz.md b/quizzes/SEC-1-quiz.md new file mode 100644 index 0000000..8a3b82a --- /dev/null +++ b/quizzes/SEC-1-quiz.md @@ -0,0 +1,68 @@ +# SEC-1 Quiz: Security Controls + +Take this after studying `notes/SEC-1-security-controls.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. Which physical control is designed to stop vehicles from approaching a building entrance? + +A. Smart card +B. Bollard +C. SAML +D. DLP + +2. Which control grants users only the access needed to perform their job? + +A. Zero Trust +B. SSO +C. Video surveillance +D. Least privilege + +3. A company wants to prevent credit card numbers from being emailed outside the organization. Which control fits best? + +A. TOTP +B. APIPA +C. DLP +D. Disk Cleanup + +4. Which technology centrally manages mobile device policies such as PIN requirements and remote wipe? + +A. ACL +B. MDM +C. CCTV +D. ReFS + +5. Which access model grants elevated admin rights only for a limited time? + +A. Workgroup access +B. Public network profile +C. File sharing +D. Just-in-time access + +6. Which authentication method uses a code that changes based on time, often every 30 seconds? + +A. TOTP +B. ACL +C. DLP +D. CCTV + +7. Which feature lets a user authenticate once and then access multiple approved resources? + +A. Magnetometer +B. APFS +C. SSO +D. exFAT + +## Answer Key For Instructor + +1. B +2. D +3. C +4. B +5. D +6. A +7. C + diff --git a/quizzes/SEC-10-quiz.md b/quizzes/SEC-10-quiz.md new file mode 100644 index 0000000..6dfcbdd --- /dev/null +++ b/quizzes/SEC-10-quiz.md @@ -0,0 +1,68 @@ +# SEC-10 Quiz: SOHO Network Security + +Take this after studying `notes/SEC-10-soho-network-security.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. Why should the default admin password on a router be changed? + +A. It increases Wi-Fi signal strength +B. It changes the file system to NTFS +C. It disables all security patches +D. Default credentials are often publicly known + +2. A SOHO router has a known vulnerability. What is the best first action? + +A. Hide every file extension +B. Change the monitor refresh rate +C. Install the manufacturer's firmware update +D. Disable all backups + +3. Which Wi-Fi configuration is best for a typical SOHO network? + +A. Open network with no password +B. WPA3-Personal or WPA2-Personal with a strong passphrase +C. Default SSID and default password +D. WEP with a short key + +4. Why is UPnP often disabled as a best practice? + +A. It prevents firmware updates +B. It encrypts every hard drive +C. It disables DHCP permanently +D. It can let internal apps open inbound ports automatically + +5. Visitors need Internet access but should not reach internal office computers. What is the best solution? + +A. Isolated guest network +B. Quick format +C. Degaussing +D. Disable all encryption + +6. What is the purpose of a screened subnet? + +A. Increase laptop battery life +B. Replace multifactor authentication +C. Separate public-facing services from the internal network +D. Remove the need for a firewall + +7. Which statement about hiding an SSID is correct? + +A. It replaces WPA2/WPA3 encryption +B. It is not strong security because the SSID can still be discovered +C. It prevents all malware infections +D. It physically protects the router + +## Answer Key For Instructor + +1. D +2. C +3. B +4. D +5. A +6. C +7. B + diff --git a/quizzes/SEC-11-quiz.md b/quizzes/SEC-11-quiz.md new file mode 100644 index 0000000..d8c41e7 --- /dev/null +++ b/quizzes/SEC-11-quiz.md @@ -0,0 +1,68 @@ +# SEC-11 Quiz: Browser Security + +Take this after studying `notes/SEC-11-browser-security.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. What is the safest source for downloading a browser installer? + +A. A random mirror linked in a pop-up +B. An email attachment from an unknown sender +C. The official vendor website or trusted app store +D. A file-sharing site with no verification + +2. What is the purpose of checking a downloaded file hash? + +A. Increase monitor resolution +B. Confirm the file matches the expected original file +C. Disable all browser extensions +D. Clear cookies automatically + +3. Why are browser updates important? + +A. They remove the need for passwords +B. They make certificate warnings safe to ignore +C. They physically secure the router +D. They can patch security vulnerabilities + +4. Why should browser extensions be limited to trusted sources? + +A. Malicious extensions can steal data or credentials +B. Extensions always disable encryption +C. Extensions are required for every website +D. Trusted stores guarantee no updates are needed + +5. A browser shows an invalid certificate warning on a banking site. What should the user do? + +A. Ignore the warning and sign in quickly +B. Disable all updates +C. Stop and investigate the certificate warning before entering credentials +D. Quick format the drive + +6. What does private browsing mainly protect? + +A. All activity from the employer network +B. Local browsing traces for that private session +C. All traffic from the internet provider +D. The router firmware + +7. A company wants centralized browser filtering and logging. What technology is most relevant? + +A. Degaussing +B. Quick format +C. Screen brightness +D. Proxy + +## Answer Key For Instructor + +1. C +2. B +3. D +4. A +5. C +6. B +7. D + diff --git a/quizzes/SEC-2-quiz.md b/quizzes/SEC-2-quiz.md new file mode 100644 index 0000000..2337480 --- /dev/null +++ b/quizzes/SEC-2-quiz.md @@ -0,0 +1,68 @@ +# SEC-2 Quiz: Windows Security Settings + +Take this after studying `notes/SEC-2-windows-security-settings.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. Which Windows feature provides built-in antivirus protection? + +A. Disk Management +B. Microsoft Defender Antivirus +C. File Explorer Options +D. APIPA + +2. Which permission type applies locally and over the network on an NTFS volume? + +A. Share permissions +B. Public profile +C. SSID permissions +D. NTFS permissions + +3. Which Windows feature encrypts an entire volume? + +A. BitLocker +B. EFS +C. SAML +D. DLP + +4. Which Windows feature encrypts individual files or folders on NTFS? + +A. BitLocker To Go +B. UAC +C. EFS +D. Group Policy + +5. What does UAC help prevent? + +A. DHCP address assignment +B. Silent or automatic administrative changes without approval +C. DNS name resolution +D. File synchronization + +6. Which command forces Group Policy to refresh? + +A. `gpresult /r` +B. `whoami /groups` +C. `manage-bde -status` +D. `gpupdate /force` + +7. Which account type is centrally managed by Active Directory? + +A. Local account +B. Microsoft account +C. Domain account +D. Guest-only account + +## Answer Key For Instructor + +1. B +2. D +3. A +4. C +5. B +6. D +7. C + diff --git a/quizzes/SEC-3-quiz.md b/quizzes/SEC-3-quiz.md new file mode 100644 index 0000000..b70584d --- /dev/null +++ b/quizzes/SEC-3-quiz.md @@ -0,0 +1,68 @@ +# SEC-3 Quiz: Wireless Security + +Take this after studying `notes/SEC-3-wireless-security.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. Which wireless security option should be avoided because it is obsolete and insecure? + +A. WPA3 +B. WPA2-AES +C. WPA3-Enterprise +D. WEP + +2. Which encryption method is stronger and commonly associated with WPA2? + +A. AES +B. TKIP +C. WEP +D. APIPA + +3. Which wireless mode uses one shared Wi-Fi password for all users? + +A. Enterprise +B. Kerberos +C. Personal/PSK +D. TACACS+ + +4. Which wireless mode authenticates users individually with 802.1X? + +A. Open +B. Enterprise +C. Personal +D. WEP + +5. Which authentication service is commonly used for 802.1X wireless and VPN authentication? + +A. FAT32 +B. APFS +C. ReFS +D. RADIUS + +6. Which authentication protocol is commonly associated with Microsoft domain environments? + +A. TKIP +B. WEP +C. Kerberos +D. exFAT + +7. Which protocol is commonly associated with network device administration, especially Cisco environments? + +A. WPA2-Personal +B. TACACS+ +C. BitLocker +D. EFS + +## Answer Key For Instructor + +1. D +2. A +3. C +4. B +5. D +6. C +7. B + diff --git a/quizzes/SEC-4-quiz.md b/quizzes/SEC-4-quiz.md new file mode 100644 index 0000000..8f3b0e0 --- /dev/null +++ b/quizzes/SEC-4-quiz.md @@ -0,0 +1,68 @@ +# SEC-4 Quiz: Malware and Security Tools + +Take this after studying `notes/SEC-4-malware-security-tools.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. A user's documents are encrypted and a payment note appears. What malware type is most likely? + +A. Ransomware +B. Keylogger +C. Cryptominer +D. PUP + +2. Which malware type captures keystrokes to steal passwords or messages? + +A. Boot sector virus +B. Rootkit +C. Keylogger +D. Email gateway + +3. Which malware type hides deep in the OS and may not appear in normal tools? + +A. Adware +B. Rootkit +C. PUP +D. Spam + +4. A computer has high CPU usage while idle and no obvious user workload. Which malware type is a likely possibility? + +A. SSO +B. APIPA +C. BitLocker +D. Cryptominer + +5. Which tool filters malicious email before it reaches the user mailbox? + +A. Disk Cleanup +B. File Explorer +C. Email security gateway +D. ReFS + +6. Which security tool focuses on endpoint detection, investigation, and response? + +A. FAT32 +B. EDR +C. WEP +D. APFS + +7. A persistent infection keeps returning after cleanup. Which response is often the most reliable? + +A. Disable all updates permanently +B. Change the desktop wallpaper +C. Convert the disk to FAT32 +D. Reimage or reinstall the OS from clean media/image + +## Answer Key For Instructor + +1. A +2. C +3. B +4. D +5. C +6. B +7. D + diff --git a/quizzes/SEC-5-quiz.md b/quizzes/SEC-5-quiz.md new file mode 100644 index 0000000..92cfeba --- /dev/null +++ b/quizzes/SEC-5-quiz.md @@ -0,0 +1,68 @@ +# SEC-5 Quiz: Social Engineering and Attacks + +Take this after studying `notes/SEC-5-social-engineering-attacks.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. A phishing attack sent by SMS text message is called: + +A. Vishing +B. Whaling +C. Smishing +D. Shoulder surfing + +2. A phishing attack targeted at a CEO is called: + +A. Dumpster diving +B. Whaling +C. Tailgating +D. ARP poisoning + +3. A fake Wi-Fi access point imitates a legitimate hotel network. What attack is this? + +A. Dictionary attack +B. SQL injection +C. DLP +D. Evil twin + +4. Which attack modifies database queries through unsafe user input? + +A. XSS +B. DDoS +C. SQL injection +D. Shoulder surfing + +5. Which attack injects malicious scripts that run in a user's browser? + +A. APIPA +B. XSS +C. Kerberos +D. BitLocker + +6. An attacker compromises a vendor software update trusted by customers. What attack type is this? + +A. Piggybacking +B. Brute force +C. Vishing +D. Supply chain attack + +7. Which attack uses many systems to overwhelm a service? + +A. DDoS +B. Plaintext storage +C. Tailgating +D. SAML + +## Answer Key For Instructor + +1. C +2. B +3. D +4. C +5. B +6. D +7. A + diff --git a/quizzes/SEC-6-quiz.md b/quizzes/SEC-6-quiz.md new file mode 100644 index 0000000..0d49853 --- /dev/null +++ b/quizzes/SEC-6-quiz.md @@ -0,0 +1,68 @@ +# SEC-6 Quiz: Malware Removal Process + +Take this after studying `notes/SEC-6-malware-removal-process.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. What is the first step in the malware removal process? + +A. Educate the end user +B. Investigate and verify symptoms +C. Reimage immediately +D. Enable System Restore + +2. After verifying malware symptoms, what should be done next? + +A. Create a restore point +B. Re-enable System Protection +C. Install random cleanup tools +D. Quarantine the infected system + +3. Why is System Restore/System Protection disabled before remediation? + +A. It improves Wi-Fi range +B. It resets the BIOS password +C. Malware may be stored in restore points +D. It assigns DHCP addresses + +4. After malicious files are remediated, what should be updated before scanning? + +A. Desktop wallpaper +B. Anti-virus/anti-malware signatures and engine +C. Monitor refresh rate +D. Printer queue + +5. If malware cannot be trusted as fully removed, especially with persistent infection, what is often the best response? + +A. Ignore the issue +B. Disable all updates +C. Share the files over the network +D. Reimage or reinstall from known-good media/image + +6. When should System Protection be re-enabled and a restore point created? + +A. After cleanup, updates, and scans are complete +B. Before quarantine +C. Before investigating symptoms +D. While malware is still active + +7. What is the final step in the malware removal process? + +A. Disable the firewall permanently +B. Delete all backups +C. Educate the end user +D. Turn off antivirus + +## Answer Key For Instructor + +1. B +2. D +3. C +4. B +5. D +6. A +7. C + diff --git a/quizzes/SEC-7-quiz.md b/quizzes/SEC-7-quiz.md new file mode 100644 index 0000000..1403876 --- /dev/null +++ b/quizzes/SEC-7-quiz.md @@ -0,0 +1,68 @@ +# SEC-7 Quiz: Workstation Hardening + +Take this after studying `notes/SEC-7-workstation-hardening.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. Which control protects data if a laptop drive is stolen? + +A. APIPA +B. Disk Cleanup +C. SSID broadcast +D. Full-disk encryption + +2. Why should default usernames and passwords be changed? + +A. It increases CPU speed +B. It disables DNS +C. Defaults are often publicly known +D. It changes the file system + +3. What does account lockout after failed password attempts help prevent? + +A. Shoulder surfing only +B. Online brute force attacks +C. Disk fragmentation +D. DHCP failure + +4. Which setting should be disabled or restricted to reduce removable-media auto-execution risk? + +A. File extension visibility +B. Screen brightness +C. Time zone +D. AutoPlay/AutoRun + +5. Why disable unnecessary services? + +A. Each service can increase attack surface +B. It improves monitor resolution +C. It guarantees password recovery +D. It removes the need for backups + +6. Which tool shows BitLocker status from the command line? + +A. `netstat -ano` +B. `ipconfig /release` +C. `manage-bde -status` +D. `gpresult /r` + +7. What should you do before disabling a service on a workstation? + +A. Delete all user files +B. Confirm business/system impact +C. Disable antivirus permanently +D. Convert the drive to FAT32 + +## Answer Key For Instructor + +1. D +2. C +3. B +4. D +5. A +6. C +7. B + diff --git a/quizzes/SEC-8-quiz.md b/quizzes/SEC-8-quiz.md new file mode 100644 index 0000000..8c28f47 --- /dev/null +++ b/quizzes/SEC-8-quiz.md @@ -0,0 +1,68 @@ +# SEC-8 Quiz: Mobile Device Security + +Take this after studying `notes/SEC-8-mobile-device-security.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. Which setting best protects data stored on a lost mobile device? + +A. Lower screen brightness +B. SSID broadcast +C. Full device encryption +D. Disk Cleanup + +2. Which unlock method is weakest because it does not really authenticate the user? + +A. PIN +B. Swipe +C. Fingerprint +D. Password + +3. What is the main purpose of Mobile Device Management? + +A. Increase battery capacity +B. Replace DNS for all phones +C. Convert mobile files to NTFS +D. Centrally enforce mobile security and configuration policies + +4. A company lets employees use personal phones for company email. What policy is most relevant? + +A. BYOD policy +B. Guest Wi-Fi isolation only +C. Disk defragmentation policy +D. Printer sharing policy + +5. A phone is lost and may not be recovered. Which feature can protect company data by erasing the device? + +A. Auto brightness +B. NFC pairing +C. Remote wipe +D. Airplane mode + +6. Why are mobile OS and app updates important? + +A. They remove the need for screen locks +B. They can patch security vulnerabilities +C. They disable encryption +D. They guarantee unlimited storage + +7. Which behavior creates a higher malware risk, especially on Android devices? + +A. Enabling automatic app updates +B. Using a PIN +C. Backing up the device +D. Installing apps from unknown third-party sources + +## Answer Key For Instructor + +1. C +2. B +3. D +4. A +5. C +6. B +7. D + diff --git a/quizzes/SEC-9-quiz.md b/quizzes/SEC-9-quiz.md new file mode 100644 index 0000000..0b8187a --- /dev/null +++ b/quizzes/SEC-9-quiz.md @@ -0,0 +1,68 @@ +# SEC-9 Quiz: Data Destruction + +Take this after studying `notes/SEC-9-data-destruction.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. A company wants to reuse a hard drive but remove all previous data first. What is the best choice? + +A. Quick format only +B. Whole-drive wipe +C. Lower screen brightness +D. Disable SSID broadcast + +2. Which data destruction method does not work on SSDs or flash drives? + +A. Shredding +B. Cryptographic erase +C. Manufacturer secure erase +D. Degaussing + +3. What does a quick format usually do? + +A. Rebuilds file system structures without securely overwriting all data +B. Physically destroys the drive +C. Removes the magnetic field from the drive +D. Produces a certificate of destruction + +4. A third-party vendor destroys drives containing regulated data. What should the company request? + +A. Screen lock timer +B. APIPA address +C. Certificate of destruction +D. Browser cache + +5. Which method makes the drive unusable afterward? + +A. File-level secure delete +B. Physical destruction +C. Quick format +D. Changing the file extension + +6. A single sensitive file must be securely removed, but the drive will stay in use. What method is most targeted? + +A. Degauss the SSD +B. Incinerate the laptop +C. Disable Bluetooth +D. File-level overwrite or secure delete + +7. Why is normal file deletion not considered secure data destruction? + +A. It always encrypts the file +B. It physically breaks the disk +C. The data may still be recoverable from storage +D. It creates an audit certificate + +## Answer Key For Instructor + +1. B +2. D +3. A +4. C +5. B +6. D +7. C + diff --git a/quizzes/TRB-1-quiz.md b/quizzes/TRB-1-quiz.md new file mode 100644 index 0000000..7db4660 --- /dev/null +++ b/quizzes/TRB-1-quiz.md @@ -0,0 +1,68 @@ +# TRB-1 Quiz: Windows OS Issues + +Take this after studying `notes/TRB-1-windows-os-issues.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. A PC displays "No operating system found." What should be checked first? + +A. Monitor brightness +B. Boot order and whether the storage device is detected +C. Browser cache +D. Printer spooler queue + +2. Which tool shows a timeline of Windows crashes and failed updates? + +A. Reliability Monitor +B. Disk Cleanup +C. Character Map +D. Notepad + +3. Which command checks protected Windows system files? + +A. `netstat -ano` +B. `ipconfig /all` +C. `sfc /scannow` +D. `gpupdate /force` + +4. A computer becomes unstable immediately after a new driver. What is a likely fix? + +A. Roll back the driver +B. Disable all certificates +C. Format a USB flash drive +D. Clear browser history + +5. A Windows service fails to start. What should you check? + +A. Wallpaper settings +B. Service dependencies and Event Viewer +C. Keyboard language only +D. Screen saver timeout + +6. Which issue can cause repeated system time drift? + +A. Failed CMOS battery or time synchronization problem +B. Too many bookmarks +C. High screen resolution +D. Empty recycle bin + +7. Which tool is best for checking current CPU, memory, and disk usage? + +A. Paint +B. WordPad +C. Task Manager +D. Snipping Tool + +## Answer Key For Instructor + +1. B +2. A +3. C +4. A +5. B +6. A +7. C + diff --git a/quizzes/TRB-2-quiz.md b/quizzes/TRB-2-quiz.md new file mode 100644 index 0000000..36aeee5 --- /dev/null +++ b/quizzes/TRB-2-quiz.md @@ -0,0 +1,67 @@ +# TRB-2 Quiz: Mobile OS and App Issues + +Take this after studying `notes/TRB-2-mobile-os-app-issues.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. A mobile app will not install. What should you check early? + +A. Router firmware only +B. Device storage and OS compatibility +C. Desktop wallpaper +D. Printer drivers + +2. A single app keeps crashing. What is a reasonable early step? + +A. Clear the app cache or update the app +B. Replace the monitor +C. Degauss the phone +D. Disable all MFA + +3. Bluetooth earbuds will not connect. What should you try? + +A. Delete the email account +B. Quick format storage +C. Verify pairing mode and forget/re-pair the device +D. Change DNS records + +4. Screen autorotation does not work. What setting should be checked? + +A. Rotation lock +B. Firewall profile +C. BitLocker recovery key +D. Proxy server port + +5. A phone battery drains quickly. Which area should be reviewed? + +A. File extensions +B. Battery usage by app +C. Browser certificate chain only +D. Monitor refresh rate + +6. An OS update fails repeatedly. What should be checked? + +A. Available storage and network connection +B. Printer toner level +C. VGA cable type +D. Desktop icon size + +7. Which approach is best before factory resetting a phone? + +A. Ignore the issue +B. Root the device +C. Disable all updates forever +D. Try low-risk fixes and verify backup status + +## Answer Key For Instructor + +1. B +2. A +3. C +4. A +5. B +6. A +7. D diff --git a/quizzes/TRB-3-quiz.md b/quizzes/TRB-3-quiz.md new file mode 100644 index 0000000..6c661c7 --- /dev/null +++ b/quizzes/TRB-3-quiz.md @@ -0,0 +1,67 @@ +# TRB-3 Quiz: Mobile Security Issues + +Take this after studying `notes/TRB-3-mobile-security-issues.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. Why is a jailbroken or rooted mobile device a security concern? + +A. It always improves patching +B. It bypasses normal OS security controls +C. It disables all storage +D. It prevents app installs + +2. A fake banking app uses the real bank logo. What is this called? + +A. Application spoofing +B. Differential backup +C. Screen rotation +D. Disk defragmentation + +3. Which symptom can indicate mobile malware? + +A. Correct time zone +B. Normal battery use +C. High data usage with unexpected ads +D. Strong Wi-Fi signal + +4. What is risky about unofficial app stores? + +A. They improve MFA +B. They remove all app permissions +C. Apps may not be vetted like official store apps +D. They guarantee privacy + +5. A managed phone appears compromised. What should a technician do? + +A. Post screenshots publicly +B. Ignore the issue +C. Follow company policy and notify the correct support/security path +D. Disable documentation + +6. Developer mode on a phone can be risky because it may allow what? + +A. Higher screen brightness only +B. Faster charging only +C. Better speaker volume only +D. Advanced controls that weaken normal protections if misused + +7. A user sees fake virus warnings on a phone. What should be suspected? + +A. Normal calendar sync +B. Unwanted software, malicious site notifications, or malicious app behavior +C. Printer spooler failure +D. Low toner + +## Answer Key For Instructor + +1. B +2. A +3. C +4. C +5. C +6. D +7. B diff --git a/quizzes/TRB-4-quiz.md b/quizzes/TRB-4-quiz.md new file mode 100644 index 0000000..0bb825a --- /dev/null +++ b/quizzes/TRB-4-quiz.md @@ -0,0 +1,67 @@ +# TRB-4 Quiz: PC Security Symptoms + +Take this after studying `notes/TRB-4-pc-security-symptoms.md`. + +Reply with answers like: +`1B 2A 3D 4C 5B 6A 7D` + +## Questions + +1. A user's documents are renamed and cannot be opened. What should you suspect? + +A. Normal update behavior +B. Ransomware +C. Screen saver timeout +D. Low monitor brightness + +2. Browser searches keep redirecting to an unknown search site. What is likely? + +A. Healthy DNS cache +B. Good backup rotation +C. Browser hijacker or malicious extension +D. Normal BitLocker behavior + +3. Fake antivirus pop-ups demand payment. What is the safest assumption? + +A. The system may be compromised +B. The pop-ups are required OS updates +C. The monitor cable is loose +D. The user needs a new keyboard + +4. Certificate warnings appear on many websites. Which simple setting should be checked? + +A. Mouse pointer size +B. Wallpaper rotation +C. Speaker volume +D. System date and time + +5. What should be done if active malware compromise is suspected? + +A. Share credentials by email +B. Consider isolating the system from the network according to policy +C. Disable documentation +D. Ignore the alerts + +6. Which symptom can point to adware? + +A. Correct file names +B. Normal login time +C. Frequent unwanted pop-ups +D. Successful backup test + +7. OS updates fail after an infection. What could be a cause? + +A. A clean keyboard +B. High screen resolution +C. Too many folders on the desktop only +D. Malware damage, system corruption, or network blocking + +## Answer Key For Instructor + +1. B +2. C +3. A +4. D +5. B +6. C +7. D diff --git a/reference-materials/README.md b/reference-materials/README.md new file mode 100644 index 0000000..1263ae3 --- /dev/null +++ b/reference-materials/README.md @@ -0,0 +1,45 @@ +# Reference Materials Intake + +Drop Core 2 reference files into this folder: + +`/home/kenpatmonk/comptia-a-plus-core2/reference-materials/` + +Supported or likely usable formats: +- PDF +- EPUB +- HTML +- TXT +- Markdown +- Images/screenshots +- Unknown formats, after inspection with `file` + +## How References Will Be Used + +Reference materials are used to improve: +- Small study sections +- Memory tricks +- Windows and Linux labs +- Post-section quizzes +- Wrong-answer explanations +- HTML objective status mind map + +Reference materials are not copied directly into study notes. Notes should be original summaries, explanations, examples, labs, and quiz questions. + +## Intake Steps + +When new files are added: +1. List filenames. +2. Run `file` on unknown formats. +3. Extract readable text from PDFs/EPUBs when possible. +4. Identify which Core 2 objective topics the material covers. +5. Update `REFERENCE_INDEX.md`. +6. Update lessons, labs, quizzes, and `mind-maps/core2-status.html` as needed. + +## User Notes + +The user does not personally have a Mac, but can sometimes use a friend's Mac. + +For macOS material: +- Include real Mac labs when the objective is exam-relevant. +- Include Windows/Linux comparison notes so progress is not blocked when the Mac is unavailable. +- Keep macOS labs safe and read-only unless a change is explicitly part of the lab. diff --git a/reference-materials/REFERENCE_INDEX.md b/reference-materials/REFERENCE_INDEX.md new file mode 100644 index 0000000..02be0bc --- /dev/null +++ b/reference-materials/REFERENCE_INDEX.md @@ -0,0 +1,60 @@ +# Reference Index + +Last updated: 2026-06-10 + +## Indexed Files + +### Professor Messer’s A+ Core 2 Course Notes-1.pdf + +- Filename: `/home/kenpatmonk/Downloads/Professor Messer’s A+ Core 2 Course Notes-1.pdf` +- Type: PDF, 79 pages +- Readable: yes, extracted with `pdftotext` +- Extracted text: `extracted-text/professor-messer-core2-course-notes.txt` +- Main Core 2 domains covered: 1.0, 2.0, 3.0, 4.0 +- Objective topics covered: broad Core 2 coverage +- Useful for: lesson sequencing, small-section summaries, memory tricks, labs, quiz distractors +- Notes updated: `notes/OS-1-windows-editions-system-info.md`, `notes/OS-4-windows-command-line.md`, `notes/OS-5-os-types-filesystems.md`, `notes/OS-6-windows-control-panel-settings.md`, `notes/OS-7-windows-networking.md`, `notes/OS-8-macos-tools-features.md`, `notes/OS-9-linux-client-tools.md`, `notes/OS-10-application-installation-requirements.md`, `notes/OS-11-cloud-productivity-tools.md`, `notes/SEC-1-security-controls.md`, `notes/SEC-2-windows-security-settings.md`, `notes/SEC-3-wireless-security.md`, `notes/SEC-4-malware-security-tools.md`, `notes/SEC-5-social-engineering-attacks.md`, `notes/SEC-6-malware-removal-process.md`, `notes/SEC-7-workstation-hardening.md`, `notes/SEC-8-mobile-device-security.md`, `notes/SEC-9-data-destruction.md`, `notes/SEC-10-soho-network-security.md`, `notes/SEC-11-browser-security.md` +- Labs updated: `labs/OS-1-system-inventory-lab.md`, `labs/OS-4-command-line-lab.md`, `labs/OS-5-os-filesystem-lab.md`, `labs/OS-6-settings-lab.md`, `labs/OS-7-windows-networking-lab.md`, `labs/OS-8-macos-tools-lab.md`, `labs/OS-9-linux-client-tools-lab.md`, `labs/OS-10-application-installation-lab.md`, `labs/OS-11-cloud-productivity-lab.md`, `labs/SEC-1-security-controls-lab.md`, `labs/SEC-2-windows-security-settings-lab.md`, `labs/SEC-3-wireless-security-lab.md`, `labs/SEC-4-malware-response-lab.md`, `labs/SEC-5-social-engineering-scenario-lab.md`, `labs/SEC-6-malware-removal-tabletop-lab.md`, `labs/SEC-7-workstation-hardening-lab.md`, `labs/SEC-8-mobile-device-security-lab.md`, `labs/SEC-9-data-destruction-lab.md`, `labs/SEC-10-soho-network-security-lab.md`, `labs/SEC-11-browser-security-lab.md` +- Quizzes updated: `quizzes/OS-1-quiz.md`, `quizzes/OS-4-quiz.md`, `quizzes/OS-5-quiz.md`, `quizzes/OS-6-quiz.md`, `quizzes/OS-7-quiz.md`, `quizzes/OS-8-quiz.md`, `quizzes/OS-9-quiz.md`, `quizzes/OS-10-quiz.md`, `quizzes/OS-11-quiz.md`, `quizzes/SEC-1-quiz.md`, `quizzes/SEC-2-quiz.md`, `quizzes/SEC-3-quiz.md`, `quizzes/SEC-4-quiz.md`, `quizzes/SEC-5-quiz.md`, `quizzes/SEC-6-quiz.md`, `quizzes/SEC-7-quiz.md`, `quizzes/SEC-8-quiz.md`, `quizzes/SEC-9-quiz.md`, `quizzes/SEC-10-quiz.md`, `quizzes/SEC-11-quiz.md` +- Mind map updated: used with `core2.html` objective breakdown + +### Professor Messer’s CompTIA A+ Core 2 Practice Exams.pdf + +- Filename: `/home/kenpatmonk/Downloads/Professor Messer’s CompTIA A+ Core 2 Practice Exams.pdf` +- Type: PDF, 23 pages +- Readable: yes, extracted with `pdftotext` +- Extracted text: `extracted-text/professor-messer-core2-practice-exams.txt` +- Main Core 2 domains covered: practice questions across Core 2 +- Objective topics covered: mixed +- Useful for: exam style, scenario wording, wrong-answer remediation practice +- Notes updated: pending incremental updates +- Labs updated: pending incremental updates +- Quizzes updated: pending incremental updates +- Mind map updated: pending score-based updates after quiz use + +### core2.html + +- Filename: `/home/kenpatmonk/Downloads/core2.html` +- Type: HTML, 521 lines +- Readable: yes +- Main Core 2 domains covered: 1.0, 2.0, 3.0, 4.0 +- Objective topics covered: detailed objective map from 1.1 through 4.10 +- Useful for: HTML mind map structure, objective-level status tracking, topic coverage planning +- Notes updated: objective alignment planned +- Labs updated: objective alignment planned +- Quizzes updated: objective alignment planned +- Mind map updated: used to upgrade `mind-maps/core2-status.html` to objective-level tracking + +## Index Format + +For each file: +- Filename: +- Type: +- Readable: +- Main Core 2 domains covered: +- Objective topics covered: +- Useful for: +- Notes updated: +- Labs updated: +- Quizzes updated: +- Mind map updated: