kenpat/comptia-a-plus-core2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial Core 2 study project

Browse source
This commit is contained in:
Ken Patmonk 2026-06-11 20:17:44 -05:00
commit 10de90430c
120 changed files with 12696 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

42
labs/OPS-1-documentation-support-systems-lab.md Normal file
View file

@ -0,0 +1,42 @@
# Lab OPS-1: Build a Good Ticket
Domain:
- 4.0 Operational Procedures
## Goal
Practice writing a useful ticket from a support scenario.
## Scenario
A user named Jordan says their Windows laptop is slow after sign-in. The device is asset tag LAP-2048. The issue started yesterday after a software update. They need the laptop for a client call in two hours.
## Ticket Fields
Fill in:
- User:
- Device:
- Asset tag:
- Issue summary:
- Category:
- Severity:
- Business impact:
- Troubleshooting steps:
- Escalation needed:
- Resolution:
- Follow-up:
## Asset Check
Record what you would verify:
- Warranty:
- Assigned user:
- Installed software:
- Recent changes:
- Replacement availability:
## What You Should Learn
- Good tickets include user, device, impact, steps, and resolution.
- Asset records support warranty, lifecycle, licensing, and ownership decisions.

35
labs/OPS-10-ai-concepts-lab.md Normal file
View file

@ -0,0 +1,35 @@
# Lab OPS-10: AI Use Decision Practice
Domain:
- 4.0 Operational Procedures
## Goal
Decide whether AI use is appropriate in support scenarios.
## Scenarios
For each, answer allowed, not allowed, or needs approval:
1. Summarize a public vendor knowledge base article.
2. Paste a customer's medical record into a public chatbot.
3. Draft a ticket response without including private data.
4. Ask AI for a PowerShell script, then run it without reading it.
5. Use AI output as a final answer for a security incident without verification.
6. Ask AI to explain a generic error code.
## Verification Checklist
For AI-assisted work, record:
- Data sensitivity:
- Approved tool:
- Source checked:
- Output verified:
- Bias or hallucination risk:
- Policy followed:
## What You Should Learn
- AI can help with drafts and explanations.
- Private data, accuracy, and policy control whether AI use is acceptable.

32
labs/OPS-2-change-management-lab.md Normal file
View file

@ -0,0 +1,32 @@
# Lab OPS-2: Write a Change Request
Domain:
- 4.0 Operational Procedures
## Goal
Practice building a simple change request.
## Scenario
You need to update a department printer driver on 24 workstations.
Fill in:
- Purpose:
- Scope:
- Change type:
- Affected systems:
- Risk level:
- Maintenance window:
- Backup or restore point needed:
- Test plan:
- Rollback plan:
- Approver:
- User communication:
- Success criteria:
## What You Should Learn
- Changes need scope, risk, schedule, approval, testing, and rollback.
- Standard, normal, and emergency changes follow different approval paths.

36
labs/OPS-3-backup-recovery-lab.md Normal file
View file

@ -0,0 +1,36 @@
# Lab OPS-3: Backup Plan Design
Domain:
- 4.0 Operational Procedures
## Goal
Design a backup and recovery plan for a small office.
## Scenario
A five-person office stores contracts, invoices, and customer records on one shared PC.
Fill in:
- Data to back up:
- Backup type:
- Backup schedule:
- Onsite copy:
- Offsite copy:
- Encryption needed:
- Restore test frequency:
- Restore location:
- Responsible person:
## Scenario Questions
1. What happens if the PC drive fails?
2. What happens if ransomware encrypts local files?
3. What happens if the office loses power during backup?
4. How will you prove restores work?
## What You Should Learn
- Backup design must match business risk.
- The restore process must be tested before an emergency.

37
labs/OPS-4-safety-procedures-lab.md Normal file
View file

@ -0,0 +1,37 @@
# Lab OPS-4: Workspace Safety Check
Domain:
- 4.0 Operational Procedures
## Goal
Inspect a work area for safety and ESD risks.
## Checklist
Record:
- Power cords are safe:
- Walkways are clear:
- Cables are managed:
- Food or liquid near equipment:
- ESD mat available:
- Antistatic bag available:
- Heavy items stored safely:
- Fire extinguisher location known:
- Ventilation adequate:
## Scenario Practice
Choose the safe action:
1. Replacing RAM in a desktop.
2. Moving a heavy laser printer.
3. Cleaning dust from inside a PC.
4. Finding a frayed power cord.
5. Storing a removed motherboard.
## What You Should Learn
- Safety procedures reduce injury and equipment damage.
- ESD controls are part of normal component handling.

38
labs/OPS-5-environmental-controls-lab.md Normal file
View file

@ -0,0 +1,38 @@
# Lab OPS-5: Environmental Risk Walkthrough
Domain:
- 4.0 Operational Procedures
## Goal
Identify environmental risks in a home or office workspace.
## Checklist
Record:
- Equipment has ventilation:
- Dust buildup visible:
- Devices near heat source:
- Devices near liquid:
- Surge suppressor present:
- UPS present:
- Battery disposal plan:
- Toner disposal plan:
- Cable airflow blocked:
- Room temperature reasonable:
## Scenario Practice
Choose the best control:
1. Frequent brief power outages.
2. Printer toner replacement.
3. Dust inside desktop vents.
4. Equipment near a heater.
5. Low-voltage events during storms.
## What You Should Learn
- Environmental controls reduce failures and safety risk.
- Power protection, ventilation, cleanup, and disposal are part of IT operations.

26
labs/OPS-6-policy-privacy-licensing-lab.md Normal file
View file

@ -0,0 +1,26 @@
# Lab OPS-6: Policy Decision Practice
Domain:
- 4.0 Operational Procedures
## Goal
Practice deciding which policy concept applies to a scenario.
## Scenarios
For each, identify the policy concept:
1. A technician images a drive for investigation.
2. A user wants to install personally purchased software on a company laptop.
3. A vendor asks for confidential project details.
4. A company must keep financial records for seven years.
5. A login screen warns that activity may be monitored.
6. A technician finds customer medical records.
7. A program is free to download but has redistribution rules.
## What You Should Learn
- Privacy, licensing, evidence, and acceptable use are operational controls.
- Technicians should follow policy instead of improvising on sensitive data.

34
labs/OPS-7-professionalism-lab.md Normal file
View file

@ -0,0 +1,34 @@
# Lab OPS-7: Support Conversation Practice
Domain:
- 4.0 Operational Procedures
## Goal
Practice professional responses to difficult support moments.
## Scenarios
Write a professional response:
1. A user is angry because their laptop failed during a meeting.
2. A user asks you to share another employee's files.
3. A user says, "I'm terrible with computers."
4. A repair will take longer than expected.
5. You need to ask clarifying questions.
## Checklist
Your responses should:
- Acknowledge the issue.
- Avoid blame.
- Ask useful questions.
- Set expectations.
- Protect confidentiality.
- Document next steps.
## What You Should Learn
- Professionalism is part of technical support.
- Communication should reduce confusion, protect privacy, and set clear expectations.

49
labs/OPS-8-scripting-basics-lab.md Normal file
View file

@ -0,0 +1,49 @@
# Lab OPS-8: Script Recognition
Domain:
- 4.0 Operational Procedures
Works on:
- Windows
- Linux
- Optional macOS
## Goal
Recognize common script types and safe script habits.
## Part 1: Match Extensions
Match the extension to the common language:
1. `.ps1`
2. `.bat`
3. `.sh`
4. `.py`
5. `.js`
6. `.vbs`
## Part 2: Safe Review
Before running a script, record:
- Source:
- Purpose:
- Systems affected:
- Required permissions:
- Backup or rollback:
- Test result:
## Part 3: Use Case Practice
Choose a script use case:
1. Install the same app on 40 PCs.
2. Collect hostname and IP address.
3. Restart a service nightly.
4. Copy user files to backup storage.
## What You Should Learn
- Scripts can automate support tasks.
- Unknown scripts should be reviewed and tested before execution.

40
labs/OPS-9-remote-access-lab.md Normal file
View file

@ -0,0 +1,40 @@
# Lab OPS-9: Remote Support Safety Checklist
Domain:
- 4.0 Operational Procedures
## Goal
Build a safe checklist for remote access support.
## Scenario
A user needs help configuring email on a company laptop while working from home.
Fill in:
- Remote access tool:
- User approval method:
- Authentication method:
- Encryption present:
- Least privilege account:
- Sensitive windows closed:
- File transfer needed:
- Session logged:
- Session ended:
- Ticket updated:
## Tool Matching
Match the tool:
1. Secure command line to Linux.
2. Windows graphical remote desktop.
3. Encrypted access into private network.
4. Managed monitoring and administration.
5. User-facing screen sharing.
## What You Should Learn
- Remote access is useful but can expose data.
- Permission, authentication, encryption, and logging are key controls.

71
labs/OS-1-system-inventory-lab.md Normal file
View file

@ -0,0 +1,71 @@
# Lab OS-1: System Inventory
Domain:
- 1.0 Operating Systems
Works on:
- Windows
- Linux
Does not require:
- macOS
## Goal
Build the habit of collecting basic system identity information before troubleshooting.
## Windows Steps
Run:
```powershell
winver
systeminfo
hostname
whoami
wmic os get caption,version,buildnumber,osarchitecture
msinfo32
tpm.msc
```
Record:
- Windows edition:
- Version/build:
- Architecture:
- Host name:
- Current user:
- Total RAM:
- BIOS mode:
- Secure Boot state:
- TPM status/version:
## Linux Steps
Run:
```bash
cat /etc/os-release
uname -a
hostname
whoami
free -h
```
Record:
- Distribution:
- Kernel:
- Architecture:
- Host name:
- Current user:
- Memory:
## What You Should Learn
- `winver` is a quick Windows version check.
- `systeminfo` is a fuller Windows inventory command.
- `hostname` identifies the machine.
- `whoami` identifies the current user.
- `cat /etc/os-release` identifies the Linux distribution.
- `uname -a` shows kernel and architecture details.
- `msinfo32` shows detailed Windows system and firmware information.
- `tpm.msc` checks TPM status and version.

96
labs/OS-10-application-installation-lab.md Normal file
View file

@ -0,0 +1,96 @@
# Lab OS-10: Application Installation Readiness
Domain:
- 1.0 Operating Systems
Works on:
- Windows
- Linux
- Optional macOS
## Goal
Practice checking whether a system meets application requirements before installing software.
## Hypothetical Application
Requirements:
- 64-bit OS
- 8 GB RAM
- 20 GB free storage
- Modern CPU
- Dedicated GPU preferred
- Internet access
- Vendor download or approved package manager
## Windows Steps
Run:
```powershell
systeminfo
wmic os get osarchitecture
Get-Volume
winget --version
```
Record:
- OS:
- Architecture:
- RAM:
- CPU:
- Free storage:
- Package manager available:
- Meets requirements:
- Risk/impact notes:
## Linux Steps
Run:
```bash
cat /etc/os-release
uname -m
lscpu
free -h
df -h
which apt
which dnf
```
Record:
- Distribution:
- Architecture:
- RAM:
- CPU:
- Free storage:
- Package manager:
- Meets requirements:
- Risk/impact notes:
## Optional macOS Steps
Run:
```bash
sw_vers
uname -m
system_profiler SPHardwareDataType
```
Record:
- macOS version:
- Architecture:
- RAM:
- CPU/chip:
- Meets requirements:
- Risk/impact notes:
## What You Should Learn
- Always check OS, architecture, CPU, RAM, storage, and graphics requirements.
- Use trusted distribution methods.
- ISO files are mountable disk images.
- Image deployment can install a full prepared system build.
- Business-critical apps require planning, testing, communication, and rollback.

76
labs/OS-11-cloud-productivity-lab.md Normal file
View file

@ -0,0 +1,76 @@
# Lab OS-11: Cloud Productivity Recognition
Domain:
- 1.0 Operating Systems
Works on:
- Windows
- Linux
- Optional macOS
## Goal
Identify cloud productivity services, sync behavior, identity context, and license-related symptoms.
## Local Inspection Steps
Windows:
```powershell
whoami
hostname
ipconfig /all
dir $env:USERPROFILE
```
Linux:
```bash
whoami
hostname
ip addr
ls ~
```
macOS:
```bash
whoami
hostname
ls ~
```
Record:
- Current user:
- Device name:
- Cloud storage folders found:
- Cloud email service used:
- Collaboration tools used:
- Identity/account used for cloud tools:
## Scenario Practice
Answer in short notes:
1. A user can sign in to the portal but cannot use the spreadsheet app.
- Likely check:
2. A file saved on a laptop does not appear on another device.
- Likely check:
3. A new user was created locally but does not appear in cloud apps.
- Likely check:
4. A department changed tools and several users lost access.
- Likely check:
5. A user wants files available without internet access.
- Likely setting:
## What You Should Learn
- Cloud productivity includes email, storage, sync, collaboration, identity, and licensing.
- Sync settings control whether files are local, online-only, or downloaded on demand.
- Identity sync connects accounts across directories and cloud apps.
- License assignment controls app/service access.

64
labs/OS-2-recovery-info-lab.md Normal file
View file

@ -0,0 +1,64 @@
# Lab OS-2: Recovery and Disk Information
Domain:
- 1.0 Operating Systems
Works on:
- Windows
- Linux
Does not require:
- macOS
## Goal
Practice safe commands that help identify recovery status, file corruption, boot configuration, and disk layout.
## Windows Steps
Run:
```powershell
reagentc /info
sfc /scannow
bcdedit
```
Optional repair command:
```powershell
DISM /Online /Cleanup-Image /RestoreHealth
```
Record:
- Is Windows RE enabled?
- Did SFC find integrity violations?
- What boot loader description appears in `bcdedit`?
- Did DISM complete successfully, if you ran it?
Do not edit BCD settings in this lab.
## Linux Steps
Run:
```bash
lsblk
df -h
```
Record:
- Main disk name:
- Root filesystem:
- Root filesystem free space:
- Any mounted removable drives:
## What You Should Learn
- `reagentc /info` checks Windows Recovery Environment status.
- `sfc /scannow` checks and repairs protected Windows system files.
- `DISM /Online /Cleanup-Image /RestoreHealth` repairs the Windows image/component store.
- `bcdedit` displays boot configuration.
- `lsblk` shows disks and partitions.
- `df -h` shows mounted filesystem usage.

76
labs/OS-3-admin-tools-lab.md Normal file
View file

@ -0,0 +1,76 @@
# Lab OS-3: Administrative Tool Matching
Domain:
- 1.0 Operating Systems
Works on:
- Windows
- Linux comparison practice
Does not require:
- macOS
## Goal
Practice opening the right tool for the right troubleshooting symptom.
## Windows Steps
Run:
```powershell
taskmgr
eventvwr.msc
devmgmt.msc
diskmgmt.msc
services.msc
resmon
perfmon
taskschd.msc
```
Optional, if supported:
```powershell
lusrmgr.msc
```
Record the best tool:
- App is frozen:
- Service failed to start:
- USB device has driver error:
- Need to assign drive letter:
- Need live disk activity:
- Need performance counters over time:
- Need a script to run every day:
- Need to check local group membership:
## Linux Comparison Steps
Run:
```bash
ps aux
top
systemctl status
journalctl -p err
lsblk
```
Record:
- Command for running processes:
- Command for live resource usage:
- Command for service status:
- Command for error logs:
- Command for disks/partitions:
## What You Should Learn
- Event Viewer is for logs.
- Device Manager is for hardware and drivers.
- Services is for background services.
- Disk Management is for partitions, volumes, and drive letters.
- Resource Monitor shows live resource usage.
- Performance Monitor tracks counters over time.
- Task Scheduler automates tasks.

87
labs/OS-4-command-line-lab.md Normal file
View file

@ -0,0 +1,87 @@
# Lab OS-4: Command-Line Troubleshooting
Domain:
- 1.0 Operating Systems
Works on:
- Windows
- Linux
Does not require:
- macOS
## Goal
Build comfort entering commands and interpreting basic troubleshooting output.
## Windows Steps
Run:
```powershell
hostname
whoami
winver
ipconfig
ipconfig /all
ping 127.0.0.1
nslookup example.com
netstat -ano
sfc /scannow
ipconfig /?
```
Record:
- Computer name:
- Current user:
- Windows version/build:
- IPv4 address:
- Default gateway:
- DNS server:
- Loopback ping successful:
- DNS lookup successful:
- One active/listening port:
- SFC result:
## Linux Steps
Run:
```bash
hostname
whoami
ip addr
ping -c 4 127.0.0.1
df -h
ps aux
top
```
Press `q` to exit `top`.
Record:
- Hostname:
- Current user:
- IP address:
- Root filesystem free space:
- One running process:
## Safety Notes
Do not run destructive disk commands in this lab.
Know these for the exam, but do not experiment casually:
- `format`
- `diskpart`
- `robocopy` with mirror/delete options
- `chkdsk /f` or `chkdsk /r` on important disks without planning
## What You Should Learn
- `ipconfig /all` gives detailed IP configuration.
- `ping` tests reachability.
- `nslookup` tests DNS.
- `netstat -ano` shows connections, ports, and process IDs.
- `sfc /scannow` repairs protected Windows system files.
- `/?` shows command help.

66
labs/OS-5-os-filesystem-lab.md Normal file
View file

@ -0,0 +1,66 @@
# Lab OS-5: OS and File-System Identification
Domain:
- 1.0 Operating Systems
Works on:
- Windows
- Linux
Does not require:
- macOS
## Goal
Identify OS family, OS version, and file-system type.
## Windows Steps
Run:
```powershell
winver
wmic logicaldisk get caption,filesystem,size,freespace
Get-Volume
```
Optional:
```powershell
fsutil fsinfo drives
fsutil fsinfo volumeinfo C:
```
Record:
- Windows version:
- Main drive:
- Main drive file system:
- Free space:
- Any removable drives:
## Linux Steps
Run:
```bash
cat /etc/os-release
uname -a
df -T
lsblk -f
```
Record:
- Distribution:
- Kernel:
- Root filesystem:
- Main disk:
- Any removable drives:
## What You Should Learn
- NTFS is the normal modern Windows file system.
- ext4 and XFS are common Linux file systems.
- exFAT is useful for cross-platform removable storage.
- FAT32 is compatible but limited by its 4 GB max file size.
- APFS is Apple's modern file system, but this lab does not require a Mac.

75
labs/OS-6-settings-lab.md Normal file
View file

@ -0,0 +1,75 @@
# Lab OS-6: Windows Settings and Control Panel
Domain:
- 1.0 Operating Systems
Works on:
- Windows
- Linux comparison practice
Does not require:
- macOS
## Goal
Practice opening common Windows configuration areas and matching each area to an exam scenario.
## Windows Steps
Run:
```powershell
control
ms-settings:
appwiz.cpl
ncpa.cpl
firewall.cpl
powercfg.cpl
inetcpl.cpl
control printers
control folders
devmgmt.msc
```
Record the right tool or settings area:
- Uninstall or change a desktop app:
- Turn Windows features on/off:
- Change DNS settings on an adapter:
- Allow an app through Windows Firewall:
- Change sleep/hibernate behavior:
- Change laptop lid behavior:
- Show hidden files:
- Show file extensions:
- Manage a printer:
- Update or roll back a driver:
- Change date/time:
- Change language:
- Set default apps:
## Linux Comparison Steps
Run:
```bash
timedatectl
```
Optional, if available:
```bash
gnome-control-center
nm-connection-editor
```
Record:
- Time zone:
- Desktop settings command available:
- Network editor command available:
## What You Should Learn
- Control Panel still matters for many classic tools.
- Settings is the modern configuration interface.
- `.cpl` commands open Control Panel applets directly.
- `.msc` commands open Microsoft Management Console tools.

74
labs/OS-7-windows-networking-lab.md Normal file
View file

@ -0,0 +1,74 @@
# Lab OS-7: Windows Networking
Domain:
- 1.0 Operating Systems
Works on:
- Windows
- Linux comparison practice
Does not require:
- macOS
## Goal
Practice basic network identification and map common network scenarios to the right Windows settings.
## Windows Steps
Run:
```powershell
ipconfig
ipconfig /all
ping 127.0.0.1
nslookup example.com
net use
ncpa.cpl
firewall.cpl
```
Record:
- IPv4 address:
- Subnet mask:
- Default gateway:
- DNS server:
- DHCP enabled:
- Network adapter name:
- Any mapped drives:
- Current firewall profiles visible:
Scenario matching:
- Need to map `H:` to `\\server\share`:
- Need to remove mapped drive `H:`:
- Need to change DNS manually:
- Need to allow an app through firewall:
- Need stricter settings on public Wi-Fi:
- Need to reduce data usage on a hotspot:
## Linux Comparison Steps
Run:
```bash
ip addr
ip route
cat /etc/resolv.conf
ping -c 4 127.0.0.1
```
Record:
- IP address:
- Default gateway:
- DNS server:
- Loopback test successful:
## What You Should Learn
- `ipconfig /all` gives detailed Windows network settings.
- `169.254.x.x` usually means DHCP failed and APIPA was assigned.
- `net use` displays or maps network drives.
- `ncpa.cpl` opens adapter settings.
- `firewall.cpl` opens Windows Defender Firewall.
- Public network profile is stricter than Private.

69
labs/OS-8-macos-tools-lab.md Normal file
View file

@ -0,0 +1,69 @@
# Lab OS-8: macOS Tools and Feature Recognition
Domain:
- 1.0 Operating Systems
Works on:
- macOS, when available
- Windows/Linux comparison practice when a Mac is unavailable
## Goal
Identify macOS tools and map them to familiar Windows/Linux concepts.
## macOS Steps
Open or inspect:
- Finder
- System Settings
- Spotlight
- Disk Utility
- Terminal
- Time Machine settings
- FileVault settings
- Privacy settings
Run in Terminal:
```bash
sw_vers
whoami
uname -a
ls /Applications
ls /Users
diskutil list
tmutil status
fdesetup status
```
Record:
- macOS version:
- Current user:
- Kernel/architecture:
- One app in `/Applications`:
- FileVault status:
- Time Machine status:
- Main disk/volume:
- Where camera/microphone permissions are controlled:
## Windows/Linux Comparison Steps
Record the closest equivalent:
- Finder:
- System Settings:
- Terminal:
- Disk Utility:
- Time Machine:
- FileVault:
- Spotlight:
- Keychain:
## What You Should Learn
- Finder is the macOS file manager.
- Time Machine is macOS backup.
- FileVault is macOS full disk encryption.
- Keychain stores passwords, certificates, and keys.
- Spotlight is macOS search.
- Disk Utility manages disks and images.

89
labs/OS-9-linux-client-tools-lab.md Normal file
View file

@ -0,0 +1,89 @@
# Lab OS-9: Linux Client Tools
Domain:
- 1.0 Operating Systems
Works on:
- Linux
- Windows comparison practice
## Goal
Practice Linux commands that commonly appear on Core 2.
## Linux Steps
Run:
```bash
cat /etc/os-release
whoami
pwd
ls -l
cat /etc/passwd
cat /etc/hosts
cat /etc/resolv.conf
cat /etc/fstab
ip addr
ip route
df -h
du -h
ps aux
top
```
Press `q` to quit `top`.
Practice file commands:
```bash
mkdir linux-practice
cd linux-practice
echo "Core 2 Linux practice" > notes.txt
cp notes.txt copy.txt
mv copy.txt renamed.txt
grep Linux notes.txt
chmod u+x renamed.txt
ls -l
cd ..
rm -r linux-practice
```
Record:
- Distribution:
- Current user:
- Current directory:
- DNS server:
- Default gateway:
- Root filesystem free space:
- One process name:
- Permission string before/after `chmod u+x`:
## Windows Comparison Steps
Run:
```powershell
dir
taskmgr
nslookup example.com
tracert example.com
```
Record Linux equivalents:
- `dir`:
- Task Manager process view:
- `nslookup`:
- `tracert`:
## What You Should Learn
- `/etc/passwd` lists users.
- `/etc/shadow` stores password hashes and is protected.
- `/etc/hosts` maps names to IPs locally.
- `/etc/resolv.conf` shows DNS resolver settings.
- `/etc/fstab` controls startup mounts.
- `chmod` changes permissions.
- `top` and `ps` show processes.
- `df` and `du` show storage usage.

86
labs/SEC-1-security-controls-lab.md Normal file
View file

@ -0,0 +1,86 @@
# Lab SEC-1: Security Controls and Account Privileges
Domain:
- 2.0 Security
Works on:
- Windows
- Linux
- Optional macOS
## Goal
Practice identifying local account privileges and matching security controls to risks.
## Windows Steps
Run:
```powershell
whoami
whoami /groups
whoami /priv
net user
net localgroup
net localgroup administrators
```
Record:
- Current user:
- Is the user in Administrators?
- One group membership:
- One privilege listed:
- Any account/group that seems high risk:
## Linux Steps
Run:
```bash
whoami
id
groups
sudo -l
```
Record:
- Current user:
- UID:
- Groups:
- Sudo allowed:
## Optional macOS Steps
Run:
```bash
whoami
id
groups
```
Record:
- Current user:
- UID:
- Groups:
## Control Matching
Match the best control:
- Stop vehicles from reaching a building:
- Prevent one person from following another through a secure door:
- Store privileged passwords and grant temporary admin access:
- Stop confidential files from being emailed:
- Require phones to use PINs and allow remote wipe:
- Authenticate once and access multiple cloud apps:
- Give users only the access required for their work:
## What You Should Learn
- Local group membership affects privileges.
- Least privilege reduces risk.
- MFA proves identity using multiple factor types.
- DLP protects sensitive data from leakage.
- MDM centrally manages mobile devices and policies.
- PAM/JIT control privileged access.

119
labs/SEC-10-soho-network-security-lab.md Normal file
View file

@ -0,0 +1,119 @@
# Lab SEC-10: SOHO Network Security Inspection
Domain:
- 2.0 Security
Works on:
- Windows
- Linux
- Optional macOS
## Goal
Inspect local network information and practice SOHO hardening decisions without changing router settings.
Do not change router settings, passwords, firmware, port forwarding, guest networks, or Wi-Fi settings during this lab unless you own/administer the router and intentionally choose to do that outside the lab.
## Windows Steps
Run:
```powershell
ipconfig
Get-NetConnectionProfile
netsh wlan show interfaces
```
Record:
- IPv4 address:
- Default gateway:
- Network profile:
- Wi-Fi SSID:
- Wi-Fi authentication type:
- Wi-Fi cipher:
What the commands show:
- `ipconfig` shows IP address and default gateway.
- `Get-NetConnectionProfile` shows whether Windows treats the network as Public or Private.
- `netsh wlan show interfaces` shows connected Wi-Fi details.
## Linux Steps
Run:
```bash
ip route
nmcli connection show --active
nmcli dev wifi list
```
Record:
- Default gateway:
- Active connection:
- Connected SSID, if shown:
- Security type for your Wi-Fi, if shown:
What the commands show:
- `ip route` shows the path to the router.
- `nmcli connection show --active` shows active NetworkManager connections.
- `nmcli dev wifi list` shows Wi-Fi networks and security, when supported.
If `nmcli` is not installed, record that and continue.
## Optional macOS Steps
Run:
```bash
route -n get default
networksetup -getairportnetwork en0
system_profiler SPAirPortDataType
```
Record:
- Default gateway:
- Connected Wi-Fi network:
- Security type, if shown:
What the commands show:
- `route -n get default` shows the default router.
- `networksetup -getairportnetwork en0` shows the connected Wi-Fi network on many Macs.
- `system_profiler SPAirPortDataType` shows detailed Wi-Fi information.
## Router Hardening Checklist
Answer based on your own router if you administer it, or as a paper exercise if you do not.
Record:
- Was the default admin password changed?
- Is firmware update status known?
- Is remote administration disabled or restricted?
- Is UPnP disabled unless needed?
- Is Wi-Fi using WPA2 or WPA3?
- Is the SSID non-personal and non-default?
- Is guest network disabled or isolated?
- Are router and network devices physically protected?
- Is content filtering or parental control needed?
## Scenario Matching
Choose the best SOHO security action:
1. A router still uses the factory admin password.
2. A router has a known security vulnerability.
3. A game console requires inbound connectivity, but UPnP is currently enabled for every device.
4. Visitors need Internet but should not access office computers.
5. A Wi-Fi network is open with no password.
6. A router admin page is reachable from the Internet.
7. A business hosts a public service but wants to separate it from internal PCs.
## What You Should Learn
- The default gateway is usually the router.
- Router admin credentials must not remain default.
- Firmware updates patch router vulnerabilities.
- WPA2/WPA3 protects Wi-Fi better than open access.
- UPnP can open inbound ports without approval.
- Guest networks should be isolated and encrypted.
- A screened subnet separates public services from internal systems.

122
labs/SEC-11-browser-security-lab.md Normal file
View file

@ -0,0 +1,122 @@
# Lab SEC-11: Browser Security Inspection
Domain:
- 2.0 Security
Works on:
- Windows
- Linux
- Optional macOS
## Goal
Inspect browser security settings and practice safe browser decisions without deleting important data.
Do not clear saved passwords, reset the browser, remove profiles, or uninstall extensions during this lab unless you intentionally choose to do that outside the lab.
## Part 1: Version and Update Check
Open your main browser and inspect:
- Browser name:
- Browser version:
- Update status:
- Whether automatic updates appear enabled:
Common paths:
- Chrome: Menu > Help > About Google Chrome
- Edge: Menu > Help and feedback > About Microsoft Edge
- Firefox: Menu > Help > About Firefox
- Safari: Apple menu > System Settings > General > Software Update
## Part 2: Extension Review
Inspect installed extensions.
Record:
- Number of installed extensions:
- One extension name:
- Why it is needed:
- Whether its source appears trusted:
- One permission it has, if shown:
Do not remove anything during the lab unless you know the impact.
## Part 3: Privacy and Site Data
Inspect privacy settings.
Record:
- Pop-up blocker status:
- Third-party cookie or tracking protection setting:
- Saved passwords area found:
- Clear browsing data area found:
- Browser sync status:
- Notification permissions area found:
Do not clear saved passwords or reset settings.
## Part 4: Commands
Windows PowerShell:
```powershell
start ms-settings:dateandtime
Get-FileHash "$env:USERPROFILE\Downloads\example.exe"
```
Record:
- Date/time appears correct:
- What happened when checking the example file:
If the example file does not exist, record that. Do not download a random file just for this lab.
Linux:
```bash
date
sha256sum ~/Downloads/example-file
```
Record:
- Date/time output:
- What happened when checking the example file:
If the example file does not exist, record that. Do not download a random file just for this lab.
Optional macOS:
```bash
date
shasum -a 256 ~/Downloads/example-file
open -b com.apple.Safari
```
Record:
- Date/time output:
- What happened when checking the example file:
- Safari opened:
If the example file does not exist, record that. Do not download a random file just for this lab.
## Part 5: Scenario Matching
Choose the best browser security action:
1. A user downloaded a browser installer from an unfamiliar third-party website.
2. A browser warns that a banking site certificate is invalid.
3. A user has 18 extensions and cannot explain why most are installed.
4. A site is broken after a recent update and keeps loading old content.
5. A user thinks private browsing hides activity from the employer network.
6. A company wants browser traffic filtered and logged centrally.
7. A user reuses the same password on many websites.
## What You Should Learn
- Browser installers should come from trusted sources.
- Hashes verify file integrity when a known-good hash is provided.
- Updates patch browser vulnerabilities.
- Extensions are useful but can be dangerous.
- Certificate warnings should be investigated.
- Private browsing protects local session traces, not full network privacy.
- Browser sync and password managers need strong account protection.

99
labs/SEC-2-windows-security-settings-lab.md Normal file
View file

@ -0,0 +1,99 @@
# Lab SEC-2: Windows Security Settings
Domain:
- 2.0 Security
Works on:
- Windows
- Linux/macOS comparison where available
## Goal
Inspect Windows security settings without weakening protections.
## Windows Steps
Run:
```powershell
windowsdefender:
firewall.cpl
wf.msc
whoami
whoami /groups
net user
net localgroup administrators
manage-bde -status
gpresult /r
cipher /?
```
Record:
- Defender status:
- Defender definition/update status:
- Active firewall profile:
- Current user:
- Local users visible:
- Administrators group members:
- BitLocker status:
- Group Policy result available:
- What `cipher` is used for:
## Permissions Review
Create or choose a non-critical test folder.
1. Open folder Properties.
2. Open the Security tab.
3. View groups/users.
4. View Advanced permissions.
5. Check whether inheritance is enabled.
Do not remove permissions in this lab.
Record:
- One group/user:
- One allowed permission:
- Inheritance enabled:
- Owner:
## Linux Comparison
Run:
```bash
whoami
id
groups
```
Record:
- Current user:
- Groups:
- Sudo/admin indication:
## macOS Comparison
Run if you have Mac access:
```bash
whoami
id
groups
fdesetup status
```
Record:
- Current user:
- Groups:
- FileVault status:
## What You Should Learn
- Defender and Firewall are managed from Windows Security/Control Panel tools.
- NTFS permissions apply locally and over the network.
- Share permissions apply only over the network.
- BitLocker protects volumes.
- EFS protects individual NTFS files/folders.
- Group Policy is checked with `gpresult` and refreshed with `gpupdate`.

92
labs/SEC-3-wireless-security-lab.md Normal file
View file

@ -0,0 +1,92 @@
# Lab SEC-3: Wireless Security Inspection
Domain:
- 2.0 Security
Works on:
- Windows
- Linux
- Optional macOS
## Goal
Inspect wireless security settings without changing router configuration.
## Windows Steps
Run:
```powershell
netsh wlan show interfaces
netsh wlan show profiles
ipconfig /all
ncpa.cpl
```
Record:
- SSID:
- Authentication:
- Cipher:
- Wi-Fi adapter name:
- DHCP enabled:
- DNS server:
## Linux Steps
Run:
```bash
nmcli device status
nmcli connection show
ip addr
```
Optional:
```bash
iw dev
```
Record:
- Wireless interface:
- Active connection:
- IP address:
- Tool availability:
## Optional macOS Steps
Run:
```bash
networksetup -listallhardwareports
```
Optional, if available:
```bash
airport -I
```
Record:
- Wi-Fi hardware port:
- SSID/security details if visible:
## Scenario Matching
Choose the best answer:
- Home network, newest supported security:
- Business Wi-Fi with individual user login:
- Legacy setting that should be replaced:
- Strong encryption used with WPA2:
- Authentication server for 802.1X:
- Microsoft domain authentication:
- Cisco/network device admin authentication:
## What You Should Learn
- WEP and TKIP are weak/legacy choices.
- WPA2-AES is a common secure baseline.
- WPA3 is preferred when supported.
- Personal mode uses a shared password.
- Enterprise mode uses individual authentication, usually with RADIUS.

84
labs/SEC-4-malware-response-lab.md Normal file
View file

@ -0,0 +1,84 @@
# Lab SEC-4: Malware Recognition and Safe Inspection
Domain:
- 2.0 Security
Works on:
- Windows
- Linux
- Optional macOS
## Goal
Practice safe inspection commands and malware/tool matching. Do not download or run malware.
## Windows Steps
Run:
```powershell
windowsdefender:
taskmgr
resmon
eventvwr.msc
netstat -ano
Get-Process | Sort-Object CPU -Descending | Select-Object -First 10
```
Record:
- Defender status:
- Highest CPU process:
- Highest memory process:
- One listening port or connection:
- One log area you would inspect after suspected malware:
## Linux Steps
Run:
```bash
top
ps aux
ss -tulpn
journalctl -p err
```
Record:
- Highest CPU process:
- One listening service:
- One recent error:
- One process you would investigate further:
## Optional macOS Steps
Run:
```bash
top
ps aux
```
Record:
- Highest CPU process:
- One unfamiliar process to research:
## Tabletop Scenarios
For each, write likely malware/tool/next action.
1. User files are encrypted and a payment note appears.
2. A free installer added browser toolbars and pop-up ads.
3. CPU stays near 100% while the system is idle.
4. A laptop shows signs of surveillance: location tracking, microphone access, screenshots.
5. A system has a suspected boot-level infection and normal tools cannot remove it.
6. Users receive malicious email attachments before endpoint tools can stop them.
7. Security team wants endpoint behavior detection and isolation.
## What You Should Learn
- Malware type is identified by behavior.
- EDR responds on endpoints.
- MDR is managed by a third party.
- XDR correlates endpoint/network/cloud data.
- Severe persistent infections may require reimage/reinstall.

63
labs/SEC-5-social-engineering-scenario-lab.md Normal file
View file

@ -0,0 +1,63 @@
# Lab SEC-5: Social Engineering and Attack Scenario Matching
Domain:
- 2.0 Security
Works on:
- Windows
- Linux
- Scenario/tabletop practice
## Goal
Recognize common social engineering and attack patterns. This lab does not perform attacks.
## Safe Inspection Commands
Windows:
```powershell
arp -a
netstat -ano
ipconfig /all
whoami /groups
```
Linux:
```bash
ip neigh
ss -tulpn
ip route
id
```
Record:
- Default gateway:
- One ARP/neighbor entry:
- One listening port or active connection:
- Current user/group context:
## Scenario Matching
For each scenario, identify the attack and one mitigation.
1. A text message says your package cannot be delivered unless you click a link.
2. A caller says they are from IT and need your MFA code.
3. An email to payroll requests changing direct deposit information.
4. An attacker sets up a fake coffee shop Wi-Fi network with the same name as the real one.
5. A user lets someone into a locked building because they say they forgot their badge.
6. A website comment field stores malicious JavaScript that runs for every visitor.
7. A login system is attacked with millions of password guesses.
8. A vendor update installs a backdoor.
9. A web form lets an attacker change a database query.
10. A service is unavailable because thousands of systems flood it with traffic.
## What You Should Learn
- Social engineering attacks exploit trust and urgency.
- Web attacks often target unsafe input handling.
- DDoS uses many attack sources.
- Evil twins imitate trusted Wi-Fi.
- Supply chain attacks abuse trusted vendors or updates.

76
labs/SEC-6-malware-removal-tabletop-lab.md Normal file
View file

@ -0,0 +1,76 @@
# Lab SEC-6: Malware Removal Process Tabletop
Domain:
- 2.0 Security
Works on:
- Windows
- Tabletop/scenario practice
## Goal
Practice the malware removal order without working on live malware.
## Safe Windows Inspection
Run or open:
```powershell
windowsdefender:
taskmgr
resmon
SystemPropertiesProtection
```
Optional reboot command to know, but do not run unless you are ready to restart:
```powershell
shutdown /r /o /t 0
```
Record:
- Defender status:
- Highest CPU process:
- System Protection enabled:
- Where you would find Advanced Startup:
## Process Drill
Write the 10 steps from memory:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
## Next-Step Scenarios
Identify the next correct step.
1. User reports browser redirects and fake security alerts.
2. You verify symptoms and identify likely malware.
3. The infected system is still on the network.
4. The system is quarantined.
5. System Restore is disabled.
6. Remediation is complete.
7. Anti-malware is updated.
8. Scan/removal fails and system trust is low.
9. Known-good image is restored.
10. Scheduled scans and updates are enabled.
11. System Protection is re-enabled.
## What You Should Learn
- Quarantine comes early.
- Disable System Restore before remediation.
- Update anti-malware before scanning/removal.
- Reimage/reinstall when cleanup cannot be trusted.
- Re-enable System Protection only after cleanup.
- User education is part of the process.

94
labs/SEC-7-workstation-hardening-lab.md Normal file
View file

@ -0,0 +1,94 @@
# Lab SEC-7: Workstation Hardening Inspection
Domain:
- 2.0 Security
Works on:
- Windows
- Linux
- Optional macOS
## Goal
Inspect workstation hardening settings without weakening the system.
## Windows Steps
Run:
```powershell
manage-bde -status
net accounts
net user
net localgroup administrators
services.msc
ms-settings:autoplay
```
Optional, when ready to test locking:
```powershell
rundll32.exe user32.dll,LockWorkStation
```
Record:
- BitLocker status:
- Password expiration/lockout settings:
- Local users:
- Local Administrators group:
- AutoPlay setting:
- One running service to research:
Do not disable services in this lab unless you know the impact.
## Linux Steps
Run:
```bash
id
sudo -l
systemctl --type=service --state=running
lsblk -f
```
Record:
- User/group identity:
- Sudo permissions:
- One running service:
- Disk/filesystem info:
## Optional macOS Steps
Run:
```bash
fdesetup status
id
groups
```
Record:
- FileVault status:
- User/group identity:
## Scenario Matching
Choose the best hardening action:
1. A laptop is lost in an airport.
2. A shared workstation allows automatic login.
3. A router still uses admin/admin.
4. USB drives automatically open when inserted.
5. A contractor account should stop working next week.
6. A user is a local administrator but only needs standard access.
7. An unused remote service is listening on the network.
## What You Should Learn
- Hardening reduces attack surface.
- Encryption protects data at rest.
- Screen locks protect unattended devices.
- Strong passwords and lockout reduce brute force risk.
- Unused services and default accounts/passwords increase risk.

117
labs/SEC-8-mobile-device-security-lab.md Normal file
View file

@ -0,0 +1,117 @@
# Lab SEC-8: Mobile Device Security Inspection
Domain:
- 2.0 Security
Works on:
- Android phone or tablet
- iPhone or iPad
- Optional Windows, Linux, or macOS browser for account-security review
## Goal
Inspect mobile device security settings without changing risky controls.
Do not erase, wipe, reset, unenroll, remove accounts, remove trusted devices, or turn off security features during this lab.
## Android Steps
Settings names vary by manufacturer. Look for the closest match.
Inspect and record:
- OS version:
- Security patch level:
- Screen lock type:
- Whether fingerprint or face unlock is enabled:
- Whether device encryption is shown as enabled:
- Find My Device status:
- Backup status:
- App update setting in Google Play:
- Unknown app install or sideloading setting:
- Any work profile or device management entry:
- Content restriction or parental control setting, if present:
Useful paths to check:
- Settings > Security and privacy
- Settings > Lock screen
- Settings > Passwords and accounts
- Settings > Google > Find My Device
- Settings > System > System update
- Settings > Apps > Special app access > Install unknown apps
- Google Play > Profile icon > Settings > Network preferences > Auto-update apps
## iPhone or iPad Steps
Inspect and record:
- iOS or iPadOS version:
- Screen lock type:
- Face ID or Touch ID status:
- Find My status:
- iCloud Backup status:
- Automatic updates status:
- App update setting:
- VPN & Device Management profiles, if present:
- Content & Privacy Restrictions status:
Useful paths to check:
- Settings > General > About
- Settings > Face ID & Passcode or Touch ID & Passcode
- Settings > Apple Account > Find My
- Settings > Apple Account > iCloud > iCloud Backup
- Settings > General > Software Update > Automatic Updates
- Settings > App Store > App Updates
- Settings > General > VPN & Device Management
- Settings > Screen Time > Content & Privacy Restrictions
## Optional Computer Account Review
Use only the account that belongs to you.
Windows:
```powershell
start https://account.microsoft.com/devices
start https://myaccount.google.com/security
```
Linux:
```bash
xdg-open https://myaccount.google.com/security
```
macOS:
```bash
open https://appleid.apple.com
```
Record:
- One registered device:
- One security alert or recent activity item, if any:
- Whether recovery email/phone is configured:
- Whether two-factor or multifactor authentication is enabled:
Do not remove devices or change recovery settings during this lab unless you intentionally choose to do that later outside the lab.
## Scenario Matching
Choose the best mobile security action:
1. A user loses a company phone that contains email and files.
2. A company wants all phones to require passcodes and encryption.
3. A personal phone is allowed to access company email.
4. A phone has not received security patches for months.
5. A user installed an app from an unknown website.
6. A parent wants to block adult websites on a child device.
7. A phone is probably stolen and cannot be recovered.
## What You Should Learn
- Mobile security starts with lock method and encryption.
- MDM centrally enforces mobile security settings.
- BYOD requires clear policy because personal and company data share one device.
- Locator, lock, backup, and wipe are the main lost-device responses.
- OS and app updates are security controls.
- Sideloading increases malware risk, especially on Android.

122
labs/SEC-9-data-destruction-lab.md Normal file
View file

@ -0,0 +1,122 @@
# Lab SEC-9: Data Destruction Decision Practice
Domain:
- 2.0 Security
Works on:
- Windows
- Linux
- Optional macOS
## Goal
Practice data destruction decisions and safely demonstrate the difference between deletion and secure destruction concepts.
Do not wipe, format, shred, degauss, reset, or destroy any real drive for this lab.
## Part 1: Safe File Deletion Demo
Windows PowerShell:
```powershell
New-Item -ItemType Directory -Path "$env:USERPROFILE\AplusDataDestructionLab"
"Practice data" | Set-Content "$env:USERPROFILE\AplusDataDestructionLab\test.txt"
Get-ChildItem "$env:USERPROFILE\AplusDataDestructionLab"
Remove-Item "$env:USERPROFILE\AplusDataDestructionLab\test.txt"
Get-ChildItem "$env:USERPROFILE\AplusDataDestructionLab"
```
Record:
- Folder created:
- Test file visible before deletion:
- Test file visible after deletion:
- Why this was not secure destruction:
Linux:
```bash
mkdir -p ~/aplus-data-destruction-lab
printf "Practice data\n" > ~/aplus-data-destruction-lab/test.txt
ls -l ~/aplus-data-destruction-lab
rm ~/aplus-data-destruction-lab/test.txt
ls -l ~/aplus-data-destruction-lab
```
Record:
- Folder created:
- Test file visible before deletion:
- Test file visible after deletion:
- Why this was not secure destruction:
Optional macOS:
```bash
mkdir -p ~/aplus-data-destruction-lab
printf "Practice data\n" > ~/aplus-data-destruction-lab/test.txt
ls -l ~/aplus-data-destruction-lab
rm ~/aplus-data-destruction-lab/test.txt
ls -l ~/aplus-data-destruction-lab
```
Record:
- Folder created:
- Test file visible before deletion:
- Test file visible after deletion:
- Why this was not secure destruction:
## Part 2: Storage Inspection
Windows:
```powershell
Get-Volume
```
Record:
- Main drive letter:
- File system:
- Any removable drives listed:
Linux:
```bash
lsblk -f
```
Record:
- Main device name:
- File system:
- Any removable drives listed:
Optional macOS:
```bash
diskutil list
```
Record:
- Main disk identifier:
- File system or container type:
- Any removable drives listed:
## Part 3: Method Matching
Choose the best destruction method:
1. A laptop hard drive will be reused by another employee.
2. A failed hard drive contains financial records and will be discarded.
3. An SSD contains sensitive data and is being retired.
4. A magnetic tape backup must be destroyed.
5. A vendor destroys 200 company drives.
6. A single sensitive file must be removed while the computer remains in service.
7. A user quick-formatted a drive and wants to know whether the data is safely gone.
## What You Should Learn
- Delete removes normal access, but it is not secure data destruction.
- Quick format is not the same as a full overwrite.
- Whole-drive wiping is for reuse.
- Physical destruction is for disposal.
- Degaussing is for magnetic media, not SSDs or flash.
- A certificate of destruction provides an audit trail.

72
labs/TRB-1-windows-os-issues-lab.md Normal file
View file

@ -0,0 +1,72 @@
# Lab TRB-1: Windows OS Troubleshooting Evidence
Domain:
- 3.0 Software Troubleshooting
Works on:
- Windows
- Linux comparison optional
## Goal
Practice gathering evidence for Windows OS symptoms without making risky changes.
## Part 1: Resource Check
Windows:
```powershell
taskmgr
perfmon /rel
eventvwr.msc
```
Record:
- Highest CPU process:
- Highest memory process:
- One Reliability Monitor event:
- One Windows log you opened:
## Part 2: System Repair Commands
Do not interrupt these commands if you run them.
```powershell
sfc /verifyonly
DISM /Online /Cleanup-Image /CheckHealth
chkdsk
```
Record:
- SFC result:
- DISM result:
- CHKDSK result:
## Part 3: Startup and Services
Open:
- Task Manager > Startup apps
- Services console
Record:
- One enabled startup app:
- One stopped service:
- Whether the stopped service appears normal or suspicious:
## Part 4: Scenario Practice
Match the next step:
1. Windows says no OS found.
2. A service fails to start after boot.
3. A system blue-screens after a driver update.
4. A user reports the PC is slow after login.
5. The clock keeps drifting.
## What You Should Learn
- Troubleshooting starts with symptoms and evidence.
- Event Viewer and Reliability Monitor help build a timeline.
- SFC, DISM, and CHKDSK support repair decisions.
- Startup apps, services, drivers, storage, and time settings are common Windows issue areas.

56
labs/TRB-2-mobile-os-app-issues-lab.md Normal file
View file

@ -0,0 +1,56 @@
# Lab TRB-2: Mobile App Troubleshooting Checklist
Domain:
- 3.0 Software Troubleshooting
Works on:
- Android
- iOS
## Goal
Practice safe mobile troubleshooting checks without deleting personal data.
## Part 1: Pick One App
Choose a noncritical app.
Record:
- App name:
- App version if visible:
- Last update status:
- Storage used by the app:
- Permissions granted:
## Part 2: Battery and Storage
Record:
- Available device storage:
- Top battery-using app:
- Battery saver mode status:
- OS update status:
## Part 3: Connectivity
Record:
- Wi-Fi connected:
- Bluetooth enabled:
- NFC enabled, if present:
- Airplane mode off:
## Part 4: Scenario Matching
Choose the best first checks:
1. App will not install.
2. Bluetooth headphones will not pair.
3. Phone battery drains quickly.
4. Screen will not rotate.
5. App crashes after launch.
## What You Should Learn
- Mobile troubleshooting is usually low-risk checks first.
- Storage, updates, permissions, and connectivity solve many app issues.
- Avoid factory reset unless simpler steps fail and data is backed up.

54
labs/TRB-3-mobile-security-issues-lab.md Normal file
View file

@ -0,0 +1,54 @@
# Lab TRB-3: Mobile Security Inspection
Domain:
- 3.0 Software Troubleshooting
Works on:
- Android
- iOS
## Goal
Inspect mobile security signals without installing or removing apps.
## Part 1: App Source Review
Pick three installed apps and record:
- App name:
- Source or store if visible:
- Developer name if visible:
- Permissions that seem sensitive:
## Part 2: Device Controls
Record:
- OS update status:
- Unknown sources or sideloading status if visible:
- Developer mode status if visible:
- VPN status:
- Device management profile or MDM status if visible:
## Part 3: Data and Battery Signals
Record:
- Highest mobile data user:
- Highest battery user:
- Any app you do not recognize:
- Any unexpected ads, redirects, or warnings:
## Part 4: Scenario Practice
Choose the risk:
1. User installed a bank app from a link in a text message.
2. Phone shows ads when no browser is open.
3. Device is jailbroken.
4. A weather app uses large amounts of background data.
5. Fake virus warnings appear repeatedly.
## What You Should Learn
- Mobile compromise often looks like odd app behavior, ads, or data usage.
- Rooting, jailbreaking, sideloading, and unofficial stores raise risk.
- Managed devices should follow organization policy and MDM procedures.

53
labs/TRB-4-pc-security-symptoms-lab.md Normal file
View file

@ -0,0 +1,53 @@
# Lab TRB-4: PC Security Symptom Triage
Domain:
- 3.0 Software Troubleshooting
Works on:
- Windows
- Linux comparison optional
## Goal
Practice security symptom triage without changing browser profiles or deleting files.
## Part 1: Browser Checks
Record:
- Browser extension count:
- Default search engine:
- Proxy setting location found:
- Certificate warning seen on normal sites, yes or no:
- Pop-up and notification permissions location found:
## Part 2: Windows Checks
Windows:
```powershell
Get-ComputerInfo | Select-Object OsName,OsVersion
Get-Date
netsh winhttp show proxy
```
Record:
- OS version:
- System date/time:
- Proxy status:
## Part 3: Scenario Triage
For each symptom, list likely cause and first action:
1. Files are renamed and cannot be opened.
2. Browser searches redirect to an unfamiliar site.
3. Fake antivirus warnings demand payment.
4. Windows Update fails on a previously infected PC.
5. A banking site certificate warning appears.
## What You Should Learn
- Security troubleshooting starts with symptoms and risk.
- Some symptoms require isolation before normal repair.
- Browser settings, proxy settings, date/time, and extensions can explain many security symptoms.