Initial Core 2 study project
This commit is contained in:
commit
10de90430c
120 changed files with 12696 additions and 0 deletions
137
flashcards/OPS-flashcards.json
Normal file
137
flashcards/OPS-flashcards.json
Normal file
|
|
@ -0,0 +1,137 @@
|
|||
{
|
||||
"OPS-1": [
|
||||
{"front": "What is the U-D-I-S-R memory trick for tickets?", "back": "User, Device, Issue, Severity, Resolution - the core fields a support ticket should capture."},
|
||||
{"front": "What is the shortcut phrase for why documentation matters?", "back": "If it is not documented, the next tech cannot trust what happened."},
|
||||
{"front": "What information should a ticket record besides user, device, and issue?", "back": "Category, severity, escalation level, progress notes, and resolution."},
|
||||
{"front": "What is a CMDB?", "back": "A configuration management database used as part of asset management to track inventory and configuration details."},
|
||||
{"front": "What does asset management track about a device?", "back": "Inventory, asset tags and IDs, procurement life cycle, warranty and licensing, and assigned users."},
|
||||
{"front": "What is an SOP?", "back": "A standard operating procedure - a repeatable, documented process for performing a task."},
|
||||
{"front": "What is an SLA?", "back": "A service level agreement that defines the expected level of service, such as response or resolution times."},
|
||||
{"front": "What is the purpose of a knowledge base article?", "back": "It helps future technicians solve known issues by documenting solutions to past problems."},
|
||||
{"front": "Name three document types used in IT operations besides SOPs.", "back": "Incident reports, onboarding/offboarding checklists, and SLAs (knowledge base articles and package installation procedures are also examples)."},
|
||||
{"front": "Why are asset tags important?", "back": "They connect devices to users, warranty information, and lifecycle records."},
|
||||
{"front": "Why do tickets need enough detail for handoff?", "back": "So another technician can pick up the issue and continue work, and so trends can be analyzed across many tickets."},
|
||||
{"front": "What is the procurement life cycle in asset management?", "back": "The stages a device goes through from purchase/acquisition through use to retirement or disposal."}
|
||||
],
|
||||
"OPS-2": [
|
||||
{"front": "What is the P-S-R-B-R memory trick for change management?", "back": "Purpose, Scope, Risk, Backup, Rollback - key elements of a change plan."},
|
||||
{"front": "What is the shortcut phrase about rollback plans?", "back": "A change without rollback is a bet, not a plan."},
|
||||
{"front": "What is a standard change?", "back": "A low-risk, preapproved, repeatable change."},
|
||||
{"front": "What is a normal change?", "back": "A planned change that requires review and approval before implementation."},
|
||||
{"front": "What is an emergency change?", "back": "An urgent change made to fix a major risk or outage; it may happen faster but still needs documentation afterward."},
|
||||
{"front": "What should a change plan include besides purpose, scope, and risk level?", "back": "Change type, schedule, affected systems, responsible staff, approvals, backup, rollback plan, sandbox testing, implementation steps, peer review, and end-user acceptance."},
|
||||
{"front": "What is the purpose of sandbox testing in change management?", "back": "It lets a change be tested in an isolated environment before being applied to production systems."},
|
||||
{"front": "Why is peer review part of change planning?", "back": "It helps catch mistakes before the change is implemented."},
|
||||
{"front": "What is a maintenance window?", "back": "A scheduled time period for making changes that reduces impact on users."},
|
||||
{"front": "What is a change freeze?", "back": "A period during which noncritical changes are blocked, typically during sensitive business periods."},
|
||||
{"front": "Scenario: A technician needs to update server software but the update could cause downtime. What should be prepared before implementing the change?", "back": "A backup and a rollback plan should be prepared, along with approvals and a scheduled maintenance window, so the system can be restored if the change fails."},
|
||||
{"front": "Scenario: A critical production server is down and needs an immediate fix outside the normal approval process. What type of change is this, and what must still happen afterward?", "back": "This is an emergency change; even though it bypasses normal advance approval, it must still be documented after the fact."}
|
||||
],
|
||||
"OPS-3": [
|
||||
{"front": "What does the F-I-D-S memory trick stand for?", "back": "Full, Incremental, Differential, Synthetic full - the four backup types."},
|
||||
{"front": "What is the shortcut phrase about backups and restores?", "back": "Backups are promises; restore tests prove them."},
|
||||
{"front": "What is a full backup?", "back": "A backup that backs up all selected data."},
|
||||
{"front": "What is an incremental backup?", "back": "A backup that backs up changes since the last backup of any type (full or incremental)."},
|
||||
{"front": "What is a differential backup?", "back": "A backup that backs up changes since the last full backup."},
|
||||
{"front": "What is a synthetic full backup?", "back": "A full backup built from previous backup data rather than copying all data again from the source."},
|
||||
{"front": "What is the trade-off of incremental backups?", "back": "They are small and fast, but the restore chain can be longer because multiple incremental backups must be applied in sequence."},
|
||||
{"front": "What happens to differential backups over time?", "back": "They grow larger until the next full backup is performed."},
|
||||
{"front": "What does the 3-2-1 backup rule mean?", "back": "Three copies of data, on two different media types, with one copy stored offsite."},
|
||||
{"front": "What is grandfather-father-son backup rotation?", "back": "A backup rotation scheme using a hierarchy of backup sets (e.g., monthly, weekly, daily) to retain different backup ages."},
|
||||
{"front": "What are the two restore options mentioned for recovering data?", "back": "Restore in place (to the original location) or restore to an alternate location."},
|
||||
{"front": "Why should restore tests be performed on a defined schedule?", "back": "Because backups only matter if they can actually be restored, and testing verifies that the backup data is usable."}
|
||||
],
|
||||
"OPS-4": [
|
||||
{"front": "What does the P-E-C memory trick stand for?", "back": "Power off, ESD control, Cables managed - key safety steps before working on equipment."},
|
||||
{"front": "What is the shortcut phrase for safety priorities?", "back": "Protect people first, then parts."},
|
||||
{"front": "Name the main ESD controls.", "back": "Antistatic wrist strap, ESD mat, antistatic bags, proper grounding, and proper component handling."},
|
||||
{"front": "Can ESD damage components even if you do not feel a shock?", "back": "Yes, ESD can damage components even when the discharge is too small to be felt."},
|
||||
{"front": "What is the purpose of antistatic bags?", "back": "They protect components from electrostatic discharge during storage and transport."},
|
||||
{"front": "What personal safety practices should a technician follow?", "back": "Disconnect power before repairs, use proper lifting technique, know fire safety procedures, and use safety goggles or air filter masks when needed."},
|
||||
{"front": "When should power be disconnected before repairs?", "back": "Before internal repairs, unless a specific procedure requires the device to remain powered."},
|
||||
{"front": "How should heavy equipment be lifted?", "back": "Using proper lifting technique, or with two people if the equipment is too heavy for one person."},
|
||||
{"front": "What workspace safety practices help prevent accidents?", "back": "Cable management, clear walkways, stable equipment placement, and compliance with local rules."},
|
||||
{"front": "What does proper grounding accomplish in ESD prevention?", "back": "It safely discharges static electricity from the technician and equipment to prevent damage to sensitive components."},
|
||||
{"front": "When might safety goggles or an air filter mask be needed?", "back": "When working in environments with dust, debris, or particles that could harm the eyes or lungs."}
|
||||
],
|
||||
"OPS-5": [
|
||||
{"front": "What does the P-H-D-P memory trick stand for?", "back": "Power, Heat and humidity, Dust, Proper disposal - the key environmental factors to manage."},
|
||||
{"front": "What is the shortcut phrase about environmental issues?", "back": "Bad power, heat, dust, or disposal can turn a simple support issue into a safety issue."},
|
||||
{"front": "What is an SDS or MSDS used for?", "back": "It provides safety data on chemicals and materials, including handling and disposal guidance."},
|
||||
{"front": "How should batteries and toner be handled at end of life?", "back": "They require proper disposal or recycling rather than regular trash disposal."},
|
||||
{"front": "What does a UPS protect against?", "back": "Short power outages, and it gives time for a safe shutdown of equipment."},
|
||||
{"front": "What do surge suppressors protect against?", "back": "Voltage spikes (surges) that could damage equipment."},
|
||||
{"front": "What is the difference between a brownout and a blackout?", "back": "A brownout is a low-voltage event, while a blackout is a complete loss of power."},
|
||||
{"front": "What environmental factors should be controlled in an equipment area?", "back": "Temperature, humidity, ventilation, equipment placement, and dust."},
|
||||
{"front": "How should dust be cleaned from computer equipment?", "back": "Using compressed air and vacuums designed for electronics."},
|
||||
{"front": "What categories of items require special asset/device disposal procedures?", "back": "Batteries, toner, and devices/assets in general at end of life."},
|
||||
{"front": "Why is equipment placement an environmental control consideration?", "back": "Proper placement ensures adequate airflow, ventilation, and protection from heat, humidity, and physical hazards."}
|
||||
],
|
||||
"OPS-6": [
|
||||
{"front": "What does the C-D-P-L memory trick stand for?", "back": "Chain of custody, Data privacy, Policies, Licensing - core policy and incident handling concepts."},
|
||||
{"front": "What is the shortcut phrase for what policy controls?", "back": "Policy decides what you can touch, copy, disclose, and install."},
|
||||
{"front": "What is chain of custody?", "back": "The documented tracking of evidence handling to preserve its integrity for incident response or legal purposes."},
|
||||
{"front": "What does order of volatility mean?", "back": "It means collecting the most temporary (volatile) evidence first during incident response."},
|
||||
{"front": "What is a EULA?", "back": "An End User License Agreement, which defines the terms under which software may be used."},
|
||||
{"front": "Does open-source software have no license?", "back": "No, open-source does not mean no license - it still has license terms that must be followed."},
|
||||
{"front": "What is the difference between an NDA and an MNDA?", "back": "An NDA is a non-disclosure agreement between two parties, while an MNDA is a mutual non-disclosure agreement where both parties agree not to disclose each other's information."},
|
||||
{"front": "What is regulated data?", "back": "Data that may require special handling and retention due to legal or regulatory requirements."},
|
||||
{"front": "What is data retention policy concerned with?", "back": "How long data must be kept and when it can or must be deleted, based on policy or regulation."},
|
||||
{"front": "What is an acceptable use policy (AUP)?", "back": "A policy that defines how users are allowed to use company systems and resources."},
|
||||
{"front": "Why might drive copies be made during incident response?", "back": "To preserve the integrity of original evidence while allowing analysis to be performed on a copy."},
|
||||
{"front": "What is the purpose of a login banner or splash screen in policy enforcement?", "back": "It communicates acceptable use terms or legal notices to users before they access a system."}
|
||||
],
|
||||
"OPS-7": [
|
||||
{"front": "What does the L-E-D-F memory trick stand for?", "back": "Listen, Explain expectations, Document, Follow up - core professional behaviors."},
|
||||
{"front": "What is the shortcut phrase for professionalism?", "back": "Fix the problem without making the user the problem."},
|
||||
{"front": "What type of questions should a technician ask first when troubleshooting with a user?", "back": "Open-ended questions, to gather information about the issue."},
|
||||
{"front": "Why should a technician restate the issue back to the user?", "back": "To confirm understanding of the problem before proceeding."},
|
||||
{"front": "Name three behaviors a technician should avoid.", "back": "Arguing, being defensive, and dismissing or judging the user (also avoid sharing confidential information)."},
|
||||
{"front": "What professional practices show respect for the user?", "back": "Appropriate appearance and language, respect for user time, active listening, cultural sensitivity, and discretion."},
|
||||
{"front": "Why is setting clear expectations important?", "back": "It helps the user understand realistic timelines and what will happen next, and supports follow-up."},
|
||||
{"front": "What should a technician do regarding confidentiality?", "back": "Protect confidential information and never share it inappropriately."},
|
||||
{"front": "Scenario: A user is frustrated and blames the technician for a recurring problem. What is the best response?", "back": "Listen actively without arguing or being defensive, restate the issue to confirm understanding, and focus on resolving the problem rather than blaming the user."},
|
||||
{"front": "Scenario: A technician discovers sensitive personal files while fixing a user's computer. What should the technician do?", "back": "Maintain discretion and confidentiality - do not share or discuss what was found with anyone outside of what policy requires."},
|
||||
{"front": "Scenario: A repair is going to take longer than expected. What should the technician do?", "back": "Communicate status clearly, set realistic updated expectations, document the situation, and follow up with the user."},
|
||||
{"front": "Scenario: A user asks a vague question like 'my computer is broken.' How should the technician respond?", "back": "Ask open-ended questions to gather more details about the issue before attempting to diagnose or fix it."}
|
||||
],
|
||||
"OPS-8": [
|
||||
{"front": "What does the A-R-I-B-D memory trick stand for?", "back": "Automate, Restart, Install, Back up, Data gathering - common scripting use cases."},
|
||||
{"front": "What is the shortcut phrase about scripts?", "back": "Scripts are force multipliers for both fixes and mistakes."},
|
||||
{"front": "What file extension is used for PowerShell scripts?", "back": ".ps1"},
|
||||
{"front": "What file extension is commonly used for Bash shell scripts?", "back": ".sh"},
|
||||
{"front": "What file extension is used for batch files?", "back": ".bat"},
|
||||
{"front": "Name three script types used in IT support besides .ps1, .bat, and .sh.", "back": ".vbs (VBScript), .js (JavaScript), and .py (Python)."},
|
||||
{"front": "What are common use cases for scripts in IT support?", "back": "Automation, restarting machines, remapping drives, application installs, backups, data gathering, and updates."},
|
||||
{"front": "What risks do scripts pose if used carelessly?", "back": "They can introduce malware, change system settings, delete data, crash browsers or systems, and mishandle resources."},
|
||||
{"front": "Why should scripts be tested before broad deployment?", "back": "Because a script can quickly apply mistakes across many systems, so testing limits the impact of errors before wide rollout."},
|
||||
{"front": "Why should scripts from unknown sources be reviewed before running?", "back": "Because they could contain malware or unintended commands that could harm the system."},
|
||||
{"front": "What is one risk of running an automated script that remaps drives or changes settings across many machines?", "back": "A small mistake in the script could be applied to every machine it runs on, causing widespread issues."}
|
||||
],
|
||||
"OPS-9": [
|
||||
{"front": "What does the E-A-L-L memory trick stand for?", "back": "Encryption, Authentication, Least privilege, Logging - key remote access security considerations."},
|
||||
{"front": "What is the shortcut phrase for remote access?", "back": "Remote access should be approved, authenticated, encrypted, and logged."},
|
||||
{"front": "What is RDP commonly used for?", "back": "Remote desktop access to Windows systems."},
|
||||
{"front": "What is SSH commonly used for?", "back": "Secure command-line access to remote systems."},
|
||||
{"front": "What does a VPN provide?", "back": "An encrypted path into a private network."},
|
||||
{"front": "What are RMM tools used for?", "back": "Remote monitoring and management - supporting managed monitoring and administration of systems."},
|
||||
{"front": "List the remote access methods mentioned in the lesson.", "back": "RDP, VPN, VNC, SSH, RMM, SPICE, WinRM, third-party screen sharing, videoconferencing, file transfer, and desktop management tools."},
|
||||
{"front": "Why is least privilege important for remote access accounts?", "back": "It limits what a remote user or session can do, reducing the impact if the access is misused or compromised."},
|
||||
{"front": "What should happen with screen sharing sessions due to data exposure risk?", "back": "Get user permission before starting, and close the session afterward to avoid exposing sensitive data."},
|
||||
{"front": "Why is logging important for remote access?", "back": "It creates a record of who accessed a system remotely and what they did, supporting security and accountability."},
|
||||
{"front": "What security considerations apply to remote access overall?", "back": "Encryption, authentication, least privilege, user approval, logging, data exposure, and session termination."}
|
||||
],
|
||||
"OPS-10": [
|
||||
{"front": "What does the P-B-H-D memory trick stand for?", "back": "Policy, Bias, Hallucinations, Data privacy - core AI concept areas."},
|
||||
{"front": "What is the shortcut phrase for AI output?", "back": "AI output is a draft until verified."},
|
||||
{"front": "What does hallucination mean in the context of AI?", "back": "It means the AI produces confident but false output."},
|
||||
{"front": "What does bias mean in the context of AI output?", "back": "It means the output can reflect unfair or skewed training data."},
|
||||
{"front": "Why might public AI tools be a data privacy concern?", "back": "Public AI tools may expose private data depending on policy and configuration."},
|
||||
{"front": "For what types of content does AI accuracy matter most?", "back": "Technical, legal, medical, financial, and security content."},
|
||||
{"front": "Name three things a technician should do when using AI tools.", "back": "Follow company AI policy, verify important output, and protect private data (also check source quality and be transparent when policy requires)."},
|
||||
{"front": "Name three things a technician should NOT do when using AI tools.", "back": "Paste confidential data into unapproved public tools, treat AI output as automatically accurate, or ignore bias and hallucination risk."},
|
||||
{"front": "Should AI-generated work be submitted as original?", "back": "Not if doing so would violate policy - this relates to plagiarism concerns with AI use."},
|
||||
{"front": "What AI concept areas does Core 2 expect technicians to be aware of?", "back": "Application integration, policy, appropriate use, plagiarism, bias, hallucinations, accuracy, private vs. public data, and data source concerns."},
|
||||
{"front": "Why should the source quality of data used by or with AI tools be checked?", "back": "Because data source concerns affect the reliability and appropriateness of AI output, and poor sources can contribute to inaccurate or biased results."}
|
||||
]
|
||||
}
|
||||
234
flashcards/TRB-flashcards.json
Normal file
234
flashcards/TRB-flashcards.json
Normal file
|
|
@ -0,0 +1,234 @@
|
|||
{
|
||||
"TRB-1": [
|
||||
{
|
||||
"front": "A user reports that Windows displays No OS found at startup. What should you check first?",
|
||||
"back": "Check the boot order in firmware/BIOS, confirm the drive is detected, and check the boot files and startup repair options."
|
||||
},
|
||||
{
|
||||
"front": "A user reports a blue screen of death (BSOD). What should you suspect first?",
|
||||
"back": "Suspect drivers, hardware, memory, storage, or recent updates, and use Event Viewer, Reliability Monitor, and memory/storage diagnostics to investigate."
|
||||
},
|
||||
{
|
||||
"front": "A user reports that Windows is running slowly overall. What should you check first?",
|
||||
"back": "Check Task Manager for CPU, memory, disk, and startup load, check available disk space, and review recently installed apps."
|
||||
},
|
||||
{
|
||||
"front": "A user reports that a Windows service is failing to start. What should you check first?",
|
||||
"back": "Check the Services console for the service status, check its dependencies, and review Event Viewer for related errors."
|
||||
},
|
||||
{
|
||||
"front": "A user reports that their Windows profile takes a very long time to load at sign-in. What should you suspect?",
|
||||
"back": "Suspect a large profile data set, network profile issues, login scripts, or domain connectivity problems."
|
||||
},
|
||||
{
|
||||
"front": "A user reports that the system clock keeps drifting and showing the wrong time. What should you check?",
|
||||
"back": "Check the time zone setting, the CMOS battery, and time synchronization settings."
|
||||
},
|
||||
{
|
||||
"front": "A system fails to boot correctly right after a driver update was installed. What is the likely fix?",
|
||||
"back": "Roll back the driver, or boot into Safe Mode to remove or fix the problematic driver."
|
||||
},
|
||||
{
|
||||
"front": "Applications are crashing and you suspect system file corruption. What two tools should you use?",
|
||||
"back": "Use SFC (System File Checker) and DISM to repair corrupted system files and the Windows component store."
|
||||
},
|
||||
{
|
||||
"front": "A user reports slow performance and asks you to immediately start changing system settings. What should you do first?",
|
||||
"back": "Gather evidence first (e.g., Task Manager, disk space, recently installed apps) before making any changes."
|
||||
},
|
||||
{
|
||||
"front": "What's the memory trick for diagnosing common Windows OS problems?",
|
||||
"back": "B-S-S-A-D-P-T: Boot, Services, Storage, Applications, Drivers, Profiles, Time. A Windows symptom usually points to boot, services, storage, drivers, profile, or time."
|
||||
},
|
||||
{
|
||||
"front": "What does sfc /scannow do? (Windows command)",
|
||||
"back": "It checks protected Windows system files and attempts to repair any that are corrupted."
|
||||
},
|
||||
{
|
||||
"front": "What does DISM /Online /Cleanup-Image /RestoreHealth do? (Windows command)",
|
||||
"back": "It repairs the Windows component store, which SFC relies on to repair system files."
|
||||
},
|
||||
{
|
||||
"front": "What does chkdsk do? (Windows command)",
|
||||
"back": "It checks the file system status of a drive."
|
||||
},
|
||||
{
|
||||
"front": "What does eventvwr.msc do? (Windows command)",
|
||||
"back": "It opens Event Viewer, which provides logs and error clues for troubleshooting."
|
||||
},
|
||||
{
|
||||
"front": "What does perfmon /rel do? (Windows command)",
|
||||
"back": "It opens Reliability Monitor, which shows a timeline of system failures and changes."
|
||||
},
|
||||
{
|
||||
"front": "If a Windows system reports low memory warnings or USB controller resource warnings, which category of the B-S-S-A-D-P-T memory trick does this most likely fall under?",
|
||||
"back": "These point toward storage and drivers (resource and driver-related issues), part of the B-S-S-A-D-P-T framework for Windows symptoms."
|
||||
}
|
||||
],
|
||||
"TRB-2": [
|
||||
{
|
||||
"front": "A mobile app fails to launch or repeatedly crashes. What is the troubleshooting flow?",
|
||||
"back": "Restart the app, restart the device, update the app, update the OS, clear the app cache where supported, and reinstall the app if needed."
|
||||
},
|
||||
{
|
||||
"front": "A mobile app will not install or update. What should you check first?",
|
||||
"back": "Check available storage, network connectivity, app store account status, and OS compatibility."
|
||||
},
|
||||
{
|
||||
"front": "A user reports their mobile device's battery is draining quickly. What should you check?",
|
||||
"back": "Review battery usage by app, check screen brightness, disable unnecessary radios, and check for runaway apps."
|
||||
},
|
||||
{
|
||||
"front": "A user reports Bluetooth or Wi-Fi connectivity problems on a mobile device. What is the troubleshooting flow?",
|
||||
"back": "Toggle the affected radio, forget and reconnect to the network or device, check range and pairing mode, and restart the device if needed."
|
||||
},
|
||||
{
|
||||
"front": "A user reports that screen autorotation is not working on their mobile device. What should you check?",
|
||||
"back": "Check if rotation lock is enabled, restart the app, and test the device sensors if available."
|
||||
},
|
||||
{
|
||||
"front": "An app cannot be installed on a mobile device. Which two causes are high-probability answers on the exam?",
|
||||
"back": "Insufficient storage and OS/app compatibility issues."
|
||||
},
|
||||
{
|
||||
"front": "A mobile device fails to pair with a Bluetooth accessory. What should you check?",
|
||||
"back": "Check that the accessory is in pairing mode, and try forgetting the device and re-pairing it."
|
||||
},
|
||||
{
|
||||
"front": "A mobile issue started right after an OS or app update. What should you investigate?",
|
||||
"back": "Check for known issues with the update and verify compatibility between the app and the new OS version."
|
||||
},
|
||||
{
|
||||
"front": "Only one app is misbehaving on a mobile device. What should you do before resetting the entire phone?",
|
||||
"back": "Focus troubleshooting on that specific app (cache, update, reinstall) before considering a full device reset."
|
||||
},
|
||||
{
|
||||
"front": "What's the memory trick for troubleshooting mobile OS and app issues?",
|
||||
"back": "U-S-P-C-R: Update, Storage, Permissions, Connectivity, Restart/reinstall. Most mobile app problems start with update, storage, permission, or connectivity checks."
|
||||
},
|
||||
{
|
||||
"front": "A user reports random reboots on their mobile device. Under which category of mobile troubleshooting checks would you start investigating?",
|
||||
"back": "Start with the basic checks: updates, storage, permissions, connectivity, and battery health, since these are the common starting points for most mobile symptoms."
|
||||
},
|
||||
{
|
||||
"front": "What basic checks should be performed for nearly any mobile OS or app problem according to the lesson?",
|
||||
"back": "Updates, storage, permissions, connectivity, app cache/data, battery health, and compatibility."
|
||||
},
|
||||
{
|
||||
"front": "A user reports an OS update failure on their mobile device. What category of issue does this fall under, and what should you check?",
|
||||
"back": "It falls under update-related issues; check storage space, network connectivity, and compatibility, similar to app install/update failures."
|
||||
}
|
||||
],
|
||||
"TRB-3": [
|
||||
{
|
||||
"front": "What is application spoofing on a mobile device?",
|
||||
"back": "Application spoofing means a fake app pretends to be a legitimate app, often to trick users into installing malware or giving up data."
|
||||
},
|
||||
{
|
||||
"front": "A user's phone has high network traffic, data usage alerts, and many ads outside the browser. What should you suspect?",
|
||||
"back": "Suspect malware or unwanted/unauthorized software, and check which app is causing the unusual data usage."
|
||||
},
|
||||
{
|
||||
"front": "A user reports fake antivirus pop-ups and browser redirects on their mobile device. What should you check first?",
|
||||
"back": "Check the app source - whether apps were installed from the official app store, whether developer names are correct, and whether permissions/reviews look suspicious."
|
||||
},
|
||||
{
|
||||
"front": "Why are rooted or jailbroken devices considered high risk?",
|
||||
"back": "Rooted or jailbroken devices bypass the normal protections built into the mobile OS, making them more vulnerable to malware and unauthorized access."
|
||||
},
|
||||
{
|
||||
"front": "A managed (company) mobile device is suspected of being compromised. What should you do?",
|
||||
"back": "Follow company policy, notify support/security, use MDM actions when appropriate, and preserve evidence if required."
|
||||
},
|
||||
{
|
||||
"front": "A personal mobile device is suspected of being compromised by malware. What is the response?",
|
||||
"back": "Remove suspicious apps, update the OS and apps, run trusted security tools if available, and change passwords from a known-clean device if compromise is suspected."
|
||||
},
|
||||
{
|
||||
"front": "Why do unofficial app stores increase mobile security risk?",
|
||||
"back": "Apps from unofficial app stores are not vetted the same way as official store apps, which increases the risk of installing malware."
|
||||
},
|
||||
{
|
||||
"front": "What should you check regarding device integrity when investigating a mobile security issue?",
|
||||
"back": "Check whether the device is rooted or jailbroken, whether developer mode is enabled, and whether installation from unknown sources is allowed."
|
||||
},
|
||||
{
|
||||
"front": "What network and data clues suggest a mobile app may be malicious?",
|
||||
"back": "One app using unusual amounts of data, traffic spiking when that app is open, or unexpected VPN/proxy settings."
|
||||
},
|
||||
{
|
||||
"front": "What's the memory trick for mobile security issues?",
|
||||
"back": "R-U-D-A: Root/jailbreak, Unofficial store, Developer mode, Ads/alerts. If the source or control model is untrusted, treat the phone as high risk."
|
||||
},
|
||||
{
|
||||
"front": "A user's mobile device shows leaked personal data and unrecognized apps. What should be the immediate concern?",
|
||||
"back": "This suggests an unauthorized or malicious app has been installed; check the app source, device integrity (root/jailbreak), and remove suspicious apps."
|
||||
},
|
||||
{
|
||||
"front": "What does it mean for a mobile device's control model to be untrusted, and what should you do if it is?",
|
||||
"back": "An untrusted control model means the device's source of apps or its root/jailbreak status cannot be trusted; treat the phone as high risk per the lesson's shortcut."
|
||||
},
|
||||
{
|
||||
"front": "List the four main risk factors for mobile security issues mentioned in the lesson.",
|
||||
"back": "Unofficial app stores, sideloaded applications, developer mode, and rooted or jailbroken devices (also unauthorized apps and application spoofing)."
|
||||
}
|
||||
],
|
||||
"TRB-4": [
|
||||
{
|
||||
"front": "A user reports files on their PC are altered, missing, renamed, or inaccessible. What should you suspect?",
|
||||
"back": "This points to ransomware as the likely cause."
|
||||
},
|
||||
{
|
||||
"front": "A user reports frequent pop-ups and browser redirects. What should you suspect?",
|
||||
"back": "This points to adware or browser hijacking."
|
||||
},
|
||||
{
|
||||
"front": "A user reports certificate warnings in their browser. What are the possible causes?",
|
||||
"back": "Certificate warnings can be caused by something malicious, a misconfiguration, or the wrong system time/date on the PC."
|
||||
},
|
||||
{
|
||||
"front": "A PC cannot access the network at all. What should you check?",
|
||||
"back": "Check for misconfiguration causes such as a bad proxy setting, wrong DNS setting, or a firewall/security tool blocking traffic; also consider malware as a cause."
|
||||
},
|
||||
{
|
||||
"front": "A user reports fake antivirus warnings appearing on their desktop. What should you suspect first?",
|
||||
"back": "Suspect fake antivirus malware (scareware), and assume compromise until verified."
|
||||
},
|
||||
{
|
||||
"front": "An OS update keeps failing on a PC. What are the possible causes?",
|
||||
"back": "OS update failure may be caused by malware, file/system corruption, or network problems."
|
||||
},
|
||||
{
|
||||
"front": "A user's web browser has new extensions they didn't install, plus unexpected sync changes and login alerts. What should you suspect?",
|
||||
"back": "Suspect a compromised account - check for unauthorized browser extensions, unexpected sync changes, and new login alerts."
|
||||
},
|
||||
{
|
||||
"front": "What is the first step in the response flow for a suspected PC security compromise?",
|
||||
"back": "Identify the symptoms."
|
||||
},
|
||||
{
|
||||
"front": "After identifying symptoms of a suspected active compromise on a PC, what is the next step?",
|
||||
"back": "Disconnect the PC from the network if active compromise is suspected."
|
||||
},
|
||||
{
|
||||
"front": "After running trusted security tools and removing or quarantining threats from a compromised PC, what should be done next?",
|
||||
"back": "Update the OS, browser, and security software, then change passwords from a known-clean device if credentials may be compromised, and document findings and actions."
|
||||
},
|
||||
{
|
||||
"front": "What's the memory trick for PC security symptoms?",
|
||||
"back": "FAN-B: Files changed, Alerts are fake, Network blocked, Browser redirects. Fake alerts plus changed files or redirects means assume compromise until verified."
|
||||
},
|
||||
{
|
||||
"front": "List the categories of common causes for PC security symptoms described in the lesson.",
|
||||
"back": "Malware (fake antivirus, ransomware, spyware, adware, browser hijackers), misconfiguration (bad proxy, wrong DNS, expired certificate or wrong system time, firewall blocking traffic), and compromised account (unexpected sync changes, unauthorized extensions, new login alerts)."
|
||||
},
|
||||
{
|
||||
"front": "Why might evidence preservation be part of the response flow for a PC security incident?",
|
||||
"back": "Because policy may require preserving evidence of the compromise before remediation, especially in managed or business environments."
|
||||
},
|
||||
{
|
||||
"front": "A user's PC shows degraded browser performance along with unwanted OS notifications. What should you consider?",
|
||||
"back": "Consider malware (such as adware or browser hijackers) as well as possible misconfiguration; treat it as a possible compromise per the FAN-B memory trick."
|
||||
}
|
||||
]
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue