kenpat/comptia-a-plus-core2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial Core 2 study project

Browse source
This commit is contained in:
Ken Patmonk 2026-06-11 20:17:44 -05:00
commit 10de90430c
120 changed files with 12696 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

61
notes/OPS-1-documentation-support-systems.md Normal file
View file

@ -0,0 +1,61 @@
# OPS-1: Documentation and Support Systems
Status: not started
Domain:
- 4.0 Operational Procedures
Objective alignment:
- 4.1 Documentation, ticketing, asset management, and support systems
## What You Need To Know
Operational questions often test whether you record the right information and follow process.
Ticketing details:
- User information
- Device information
- Issue description
- Category
- Severity
- Escalation level
- Progress notes
- Resolution
Asset management:
- Inventory
- CMDB
- Asset tags and IDs
- Procurement life cycle
- Warranty and licensing
- Assigned users
Document types:
- Incident reports
- SOPs
- Package installation procedures
- Onboarding and offboarding checklists
- SLAs
- Knowledge base articles
## Memory Trick
Use **U-D-I-S-R** for tickets:
- **U**ser
- **D**evice
- **I**ssue
- **S**everity
- **R**esolution
Shortcut:
- **If it is not documented, the next tech cannot trust what happened.**
## Exam Clues
- Tickets need enough detail for handoff and trend analysis.
- Asset tags connect devices to users, warranty, and lifecycle records.
- SOPs are repeatable procedures.
- SLAs define expected service levels.
- Knowledge base articles help future technicians solve known issues.

59
notes/OPS-10-ai-concepts.md Normal file
View file

@ -0,0 +1,59 @@
# OPS-10: AI Concepts
Status: not started
Domain:
- 4.0 Operational Procedures
Objective alignment:
- 4.10 Artificial intelligence concepts
## What You Need To Know
Core 2 expects basic AI awareness for support environments.
AI concepts:
- Application integration
- Policy
- Appropriate use
- Plagiarism
- Bias
- Hallucinations
- Accuracy
- Private vs. public data
- Data source concerns
## Memory Trick
Use **P-B-H-D**:
- **P**olicy
- **B**ias
- **H**allucinations
- **D**ata privacy
Shortcut:
- **AI output is a draft until verified.**
## Practical Rules
Do:
- Follow company AI policy.
- Verify important output.
- Protect private data.
- Check source quality.
- Be transparent when policy requires it.
Do not:
- Paste confidential data into unapproved public tools.
- Treat AI output as automatically accurate.
- Ignore bias or hallucination risk.
- Submit AI-generated work as original if that violates policy.
## Exam Clues
- Hallucination means confident but false output.
- Bias means output can reflect unfair or skewed training data.
- Public AI tools may expose private data depending on policy and configuration.
- Accuracy matters most for technical, legal, medical, financial, and security content.

55
notes/OPS-2-change-management.md Normal file
View file

@ -0,0 +1,55 @@
# OPS-2: Change Management
Status: not started
Domain:
- 4.0 Operational Procedures
Objective alignment:
- 4.2 Change management
## What You Need To Know
Change management reduces risk when systems are modified.
Change planning should include:
- Purpose
- Scope
- Change type
- Schedule
- Affected systems
- Risk level
- Responsible staff
- Approvals
- Backup
- Rollback plan
- Sandbox testing
- Implementation steps
- Peer review
- End-user acceptance
Change types:
- Standard: low-risk, preapproved, repeatable
- Normal: planned change requiring review and approval
- Emergency: urgent change to fix major risk or outage
## Memory Trick
Use **P-S-R-B-R**:
- **P**urpose
- **S**cope
- **R**isk
- **B**ackup
- **R**ollback
Shortcut:
- **A change without rollback is a bet, not a plan.**
## Exam Clues
- Maintenance windows reduce user impact.
- Change freezes block noncritical changes during sensitive periods.
- Emergency changes may be faster but still need documentation afterward.
- Peer review helps catch mistakes before implementation.

48
notes/OPS-3-backup-recovery.md Normal file
View file

@ -0,0 +1,48 @@
# OPS-3: Backup and Recovery
Status: not started
Domain:
- 4.0 Operational Procedures
Objective alignment:
- 4.3 Backup and recovery
## What You Need To Know
Backups only matter if they can be restored.
Backup types:
- Full: backs up all selected data.
- Incremental: backs up changes since the last backup of any type.
- Differential: backs up changes since the last full backup.
- Synthetic full: builds a full backup from previous backup data.
Rotation concepts:
- Onsite and offsite
- Grandfather-father-son
- 3-2-1 rule
Restore options:
- Restore in place
- Restore to alternate location
## Memory Trick
Use **F-I-D-S**:
- **F**ull
- **I**ncremental
- **D**ifferential
- **S**ynthetic full
Shortcut:
- **Backups are promises; restore tests prove them.**
## Exam Clues
- Incremental backups are small and fast but restore chains can be longer.
- Differential backups grow until the next full backup.
- 3-2-1 means three copies, two media types, one offsite copy.
- Test restores on a defined schedule.

52
notes/OPS-4-safety-procedures.md Normal file
View file

@ -0,0 +1,52 @@
# OPS-4: Safety Procedures
Status: not started
Domain:
- 4.0 Operational Procedures
Objective alignment:
- 4.4 Safety procedures
## What You Need To Know
Safety questions test whether you protect people, equipment, and data.
ESD controls:
- Antistatic wrist strap
- ESD mat
- Antistatic bags
- Proper grounding
- Proper component handling
Personal safety:
- Disconnect power before repairs.
- Use proper lifting technique.
- Know fire safety procedures.
- Use safety goggles when needed.
- Use air filter masks when needed.
Workspace safety:
- Cable management
- Clear walkways
- Stable equipment placement
- Compliance with local rules
## Memory Trick
Use **P-E-C**:
- **P**ower off
- **E**SD control
- **C**ables managed
Shortcut:
- **Protect people first, then parts.**
## Exam Clues
- ESD can damage components even when you do not feel a shock.
- Antistatic bags protect components during storage and transport.
- Heavy equipment should be lifted safely or by two people.
- Disconnect power before internal repairs unless a procedure specifically requires power.

49
notes/OPS-5-environmental-controls.md Normal file
View file

@ -0,0 +1,49 @@
# OPS-5: Environmental Controls
Status: not started
Domain:
- 4.0 Operational Procedures
Objective alignment:
- 4.5 Environmental controls
## What You Need To Know
Environmental controls protect equipment and people.
Key topics:
- MSDS or SDS documentation
- Battery disposal
- Toner disposal
- Device and asset disposal
- Temperature
- Humidity
- Ventilation
- Equipment placement
- Dust cleanup
- Compressed air and vacuums
- UPS
- Surge suppressors
- Surges, brownouts, and blackouts
## Memory Trick
Use **P-H-D-P**:
- **P**ower
- **H**eat and humidity
- **D**ust
- **P**roper disposal
Shortcut:
- **Bad power, heat, dust, or disposal can turn a simple support issue into a safety issue.**
## Exam Clues
- Use SDS/MSDS for chemical and material safety guidance.
- Toner and batteries require proper disposal or recycling.
- UPS protects against short outages and gives time for safe shutdown.
- Surge suppressors protect against voltage spikes.
- Brownouts are low-voltage events; blackouts are power loss.

55
notes/OPS-6-policy-privacy-licensing.md Normal file
View file

@ -0,0 +1,55 @@
# OPS-6: Policy, Privacy, and Licensing
Status: not started
Domain:
- 4.0 Operational Procedures
Objective alignment:
- 4.6 Policy, privacy, licensing, and incident handling
## What You Need To Know
Policies tell technicians what they are allowed to do and what must be protected.
Incident response concepts:
- Chain of custody
- Informing management or law enforcement when required
- Drive copies for integrity and preservation
- Documentation
- Order of volatility
Policy and privacy concepts:
- Valid licenses
- DRM
- EULA
- Perpetual licensing
- Personal vs. corporate licensing
- Open-source licensing
- NDA and MNDA
- Regulated data
- Data retention
- Acceptable use policy
- Compliance
- Splash screens and login banners
## Memory Trick
Use **C-D-P-L**:
- **C**hain of custody
- **D**ata privacy
- **P**olicies
- **L**icensing
Shortcut:
- **Policy decides what you can touch, copy, disclose, and install.**
## Exam Clues
- Chain of custody tracks evidence handling.
- Order of volatility means collect the most temporary evidence first.
- EULAs define software use terms.
- Open-source does not mean no license.
- Regulated data may require special handling and retention.

56
notes/OPS-7-professionalism.md Normal file
View file

@ -0,0 +1,56 @@
# OPS-7: Professionalism
Status: not started
Domain:
- 4.0 Operational Procedures
Objective alignment:
- 4.7 Professionalism and communication
## What You Need To Know
Professional behavior is tested directly on Core 2.
Use:
- Appropriate appearance
- Appropriate language
- Respect for user time
- Active listening
- Cultural sensitivity
- Discretion
- Confidentiality
- Open-ended questions
- Restating the issue
- Clear expectations
- Status communication
- Documentation
- Follow-up
Avoid:
- Arguing
- Being defensive
- Dismissing the user
- Judging the user
- Sharing confidential information
## Memory Trick
Use **L-E-D-F**:
- **L**isten
- **E**xplain expectations
- **D**ocument
- **F**ollow up
Shortcut:
- **Fix the problem without making the user the problem.**
## Exam Clues
- Ask open-ended questions first.
- Restate the issue to confirm understanding.
- Do not blame the user.
- Protect confidential information.
- Set realistic timelines and follow up.

59
notes/OPS-8-scripting-basics.md Normal file
View file

@ -0,0 +1,59 @@
# OPS-8: Scripting Basics
Status: not started
Domain:
- 4.0 Operational Procedures
Objective alignment:
- 4.8 Scripting languages, use cases, and risks
## What You Need To Know
Scripts automate repeated tasks, but they can also break systems quickly.
Script types:
- `.bat`
- `.ps1`
- `.vbs`
- `.sh`
- `.js`
- `.py`
Use cases:
- Automation
- Restarting machines
- Remapping drives
- Application installs
- Backups
- Data gathering
- Updates
Risks:
- Introducing malware
- Changing system settings
- Deleting data
- Crashing browsers or systems
- Mishandling resources
## Memory Trick
Use **A-R-I-B-D**:
- **A**utomate
- **R**estart
- **I**nstall
- **B**ack up
- **D**ata gathering
Shortcut:
- **Scripts are force multipliers for both fixes and mistakes.**
## Exam Clues
- PowerShell scripts use `.ps1`.
- Bash shell scripts commonly use `.sh`.
- Batch files use `.bat`.
- Test scripts before broad deployment.
- Review scripts from unknown sources before running.

56
notes/OPS-9-remote-access.md Normal file
View file

@ -0,0 +1,56 @@
# OPS-9: Remote Access
Status: not started
Domain:
- 4.0 Operational Procedures
Objective alignment:
- 4.9 Remote access technologies and security considerations
## What You Need To Know
Remote access lets technicians support systems without being physically present.
Methods:
- RDP
- VPN
- VNC
- SSH
- RMM
- SPICE
- WinRM
- Third-party screen sharing
- Videoconferencing
- File transfer
- Desktop management tools
Security considerations:
- Encryption
- Authentication
- Least privilege
- User approval
- Logging
- Data exposure
- Session termination
## Memory Trick
Use **E-A-L-L**:
- **E**ncryption
- **A**uthentication
- **L**east privilege
- **L**ogging
Shortcut:
- **Remote access should be approved, authenticated, encrypted, and logged.**
## Exam Clues
- RDP is common for Windows remote desktop access.
- SSH is common for secure command-line access.
- VPN creates an encrypted path into a private network.
- RMM tools support managed monitoring and administration.
- Screen sharing may expose sensitive data, so get permission and close sessions.

179
notes/OS-1-windows-editions-system-info.md Normal file
View file

@ -0,0 +1,179 @@
# OS-1: Windows Editions and System Information
Status: studying
Domain:
- 1.0 Operating Systems
Objective alignment:
- 1.3 Windows editions and requirements
- 1.5 Windows command-line/system information basics
## What You Need To Know
Windows comes in different editions. For A+ Core 2, focus on what features separate home-user editions from business editions.
Common exam distinction:
- Windows Home: basic consumer edition.
- Windows Pro: adds business features such as joining a domain, BitLocker, Remote Desktop host, Group Policy tools, and Hyper-V support.
- Windows Pro for Workstations: high-end workstation edition with expanded CPU/RAM/storage feature support.
- Windows Enterprise/Education: organization-managed editions with more advanced deployment and security controls.
The exam often asks which edition is needed for a business feature. If the feature sounds like centralized management, encryption, domain access, or remote administration, think Pro or higher.
Windows 11 requirement clues:
- TPM 2.0: security chip/firmware feature used by Windows security features.
- UEFI: modern firmware replacement for legacy BIOS.
- Secure Boot: helps prevent untrusted boot loaders from starting before the OS.
Exam shortcut:
- If the question says a PC cannot upgrade to Windows 11, check TPM 2.0, UEFI, Secure Boot capability, CPU/RAM/storage, and edition compatibility.
## Memory Trick
Remember: **Pro = Professional workplace features**.
The "PRO" clue:
- **P**olicies: Group Policy management
- **R**emote Desktop host
- **O**rganization login: domain join / business identity features
BitLocker also belongs in the "workplace/security" bucket, so associate it with Pro or higher.
## Commands To Enter
Enter these on Windows PowerShell or Command Prompt:
```powershell
winver
```
What it does:
- Opens a Windows dialog showing the Windows version and build.
- Use it when you need a fast human-readable version check.
```powershell
systeminfo
```
What it does:
- Prints detailed system information.
- Useful fields include OS Name, OS Version, System Type, BIOS Version, Total Physical Memory, and install date.
```powershell
hostname
```
What it does:
- Shows the computer name.
- Useful when documenting a device or confirming you are connected to the right machine.
```powershell
whoami
```
What it does:
- Shows the currently signed-in user.
- Useful when checking whether you are using the expected account.
```powershell
wmic os get caption,version,buildnumber,osarchitecture
```
What it does:
- Shows Windows edition, version, build number, and whether the OS is 32-bit or 64-bit.
- WMIC is older, but it still appears in exam-style command questions.
```powershell
tpm.msc
```
What it does:
- Opens TPM Management.
- Use it to check TPM status and version on Windows.
```powershell
msinfo32
```
What it does:
- Opens System Information.
- Use it to check BIOS Mode, Secure Boot State, system model, CPU, RAM, and OS details.
Enter these on Linux:
```bash
hostname
```
What it does:
- Shows the Linux system's host name.
```bash
whoami
```
What it does:
- Shows the current logged-in user.
```bash
uname -a
```
What it does:
- Shows kernel and architecture information.
- Useful for identifying whether the system is 64-bit and what kernel it is running.
```bash
cat /etc/os-release
```
What it does:
- Shows the Linux distribution name and version.
- This is one of the quickest ways to identify the Linux OS.
## Mini Lab
Goal:
- Identify and document your system's OS edition/version, architecture, host name, current user, CPU, and RAM.
On Windows:
1. Run `winver`.
2. Run `systeminfo`.
3. Run `hostname`.
4. Run `whoami`.
5. Run `msinfo32`.
6. Optional: run `tpm.msc`.
7. Record:
- Windows edition
- Version/build
- 32-bit or 64-bit
- Host name
- Current user
- Installed RAM
- BIOS mode
- Secure Boot state
- TPM version/status, if available
On Linux:
1. Run `cat /etc/os-release`.
2. Run `uname -a`.
3. Run `hostname`.
4. Run `whoami`.
5. Optional: run `free -h` to view memory.
6. Record:
- Distribution
- Kernel
- 32-bit or 64-bit architecture
- Host name
- Current user
- Installed/available memory
## Quick Check Before Quiz
You are ready for the OS-1 quiz when you can answer these without looking:
- Which edition is usually needed for domain join and Group Policy?
- Which command quickly displays Windows version/build in a GUI dialog?
- Which command gives detailed Windows inventory information?
- Which Linux file commonly identifies the distribution?
- Which Windows 11 upgrade clues point to firmware/security requirements?

280
notes/OS-10-application-installation-requirements.md Normal file
View file

@ -0,0 +1,280 @@
# OS-10: Application Installation Requirements
Status: not started
Domain:
- 1.0 Operating Systems
Objective alignment:
- 1.10 Application installation requirements
## What You Need To Know
Application install questions are usually about compatibility and impact.
Before installing or upgrading software, check:
- OS compatibility
- 32-bit vs. 64-bit requirements
- CPU requirements
- RAM requirements
- Storage requirements
- Graphics/GPU/VRAM requirements
- External hardware token requirements
- Distribution method
- Impact to the device, network, operations, and business
## Memory Trick
Use **O-CRaSH-G-DIB**:
- **O**S compatibility
- **C**PU
- **Ra**M
- **S**torage
- **H**ardware token
- **G**raphics/GPU
- **D**istribution method
- **I**mpact
- **B**usiness risk
If the app will not install or runs badly, think:
- Wrong OS
- Wrong architecture
- Not enough RAM/storage
- Missing GPU/VRAM
- Missing driver
- Missing hardware token
- Bad source or corrupted installer
## Platform and Architecture
32-bit vs. 64-bit:
- A 32-bit OS cannot run 64-bit apps.
- A 64-bit OS can usually run many 32-bit apps.
- 64-bit Windows uses:
- `C:\Program Files` for 64-bit apps
- `C:\Program Files (x86)` for 32-bit apps
Driver compatibility:
- Drivers are OS-specific and architecture-specific.
- A driver for the wrong Windows version or architecture may fail.
## Hardware Requirements
CPU:
- Some apps require a minimum CPU generation, speed, or instruction set.
RAM:
- Apps may install but perform poorly if RAM is too low.
Storage:
- Check both install size and working data size.
- Some apps need much more space after install.
Graphics:
- Integrated graphics shares system memory.
- Dedicated/discrete GPU has its own VRAM.
- High-end apps may require dedicated GPU and minimum VRAM.
External hardware tokens:
- Some professional software requires a USB license dongle or hardware security key.
- If the token is missing, the software may not run.
## Distribution Methods
Download:
- Get from vendor or trusted app store.
- Avoid random third-party download sites.
Physical media:
- USB or optical disc.
- Less common now, but still possible.
ISO:
- Disk image file.
- Can be mounted by the OS and used like a virtual disc.
Image deployment:
- Installs a prepared system image, often with OS, drivers, and apps included.
- Common in business and virtual machine deployments.
Package managers:
- Linux examples: `apt`, `dnf`.
- Windows examples: Microsoft Store, winget in some environments.
## Impact Questions
Impact to device:
- App may slow the computer, break existing apps, overwrite files, or require reboot.
Impact to network:
- App may need internal services, firewall exceptions, bandwidth, or file share permissions.
Impact to operations:
- A workflow may change after an upgrade.
- A time-sensitive job may be interrupted.
Impact to business:
- Critical applications can affect revenue, customer service, compliance, or production.
Exam shortcut:
- If the app affects business-critical work, test first, schedule downtime, communicate, and have rollback.
## Commands To Enter
Windows:
```powershell
systeminfo
```
What it does:
- Shows OS, architecture, CPU, memory, and system details.
```powershell
wmic os get osarchitecture
```
What it does:
- Shows whether Windows is 32-bit or 64-bit.
```powershell
Get-ComputerInfo | Select-Object OsName, OsArchitecture, CsProcessors, CsTotalPhysicalMemory
```
What it does:
- PowerShell summary of OS name, architecture, CPU, and RAM.
```powershell
Get-Volume
```
What it does:
- Shows volume/file-system information and free space.
```powershell
winget --version
```
What it does:
- Shows whether Windows Package Manager is installed and its version.
```powershell
Get-AppxPackage | Select-Object -First 5 Name, Version
```
What it does:
- Shows installed Microsoft Store/UWP-style app package names and versions.
Linux:
```bash
uname -m
```
What it does:
- Shows system architecture, such as `x86_64`.
```bash
lscpu
```
What it does:
- Shows CPU details.
```bash
free -h
```
What it does:
- Shows memory usage in human-readable units.
```bash
df -h
```
What it does:
- Shows filesystem free space.
```bash
which apt
which dnf
```
What it does:
- Checks whether `apt` or `dnf` package manager commands exist.
macOS, if available:
```bash
sw_vers
uname -m
system_profiler SPHardwareDataType
```
What it does:
- Shows macOS version, architecture, and hardware summary.
## Mini Lab
Goal:
- Decide whether a computer can run a hypothetical app.
Hypothetical app requirements:
- 64-bit OS
- 8 GB RAM
- 20 GB free storage
- Modern CPU
- Dedicated GPU preferred
- Internet download from vendor site
Windows:
1. Run `systeminfo`.
2. Run `wmic os get osarchitecture`.
3. Run `Get-Volume`.
4. Optional: run `winget --version`.
5. Record:
- OS:
- Architecture:
- RAM:
- Free storage:
- CPU:
- Package manager available:
- Meets requirements? Why or why not?
Linux:
1. Run `cat /etc/os-release`.
2. Run `uname -m`.
3. Run `lscpu`.
4. Run `free -h`.
5. Run `df -h`.
6. Run `which apt` and `which dnf`.
7. Record:
- Distribution:
- Architecture:
- RAM:
- Free storage:
- CPU:
- Package manager:
- Meets requirements? Why or why not?
macOS, if available:
1. Run `sw_vers`.
2. Run `uname -m`.
3. Run `system_profiler SPHardwareDataType`.
4. Record:
- macOS version:
- Architecture:
- RAM:
- CPU/chip:
- Meets requirements? Why or why not?
## Quick Check Before Quiz
You are ready for the OS-10 quiz when you can answer these without looking:
- Can a 32-bit OS run a 64-bit application?
- Which folder holds 32-bit apps on 64-bit Windows?
- What is an ISO?
- Why does VRAM matter?
- Why should business impact be checked before app updates?

232
notes/OS-11-cloud-productivity-tools.md Normal file
View file

@ -0,0 +1,232 @@
# OS-11: Cloud Productivity Tools
Status: not started
Domain:
- 1.0 Operating Systems
Objective alignment:
- 1.11 Cloud productivity tools
## What You Need To Know
Cloud productivity tools move everyday business services from local servers and local apps into cloud-managed services.
Common examples:
- Email
- Cloud storage
- File synchronization
- Collaboration tools
- Spreadsheets
- Word processing
- Presentations
- Videoconferencing
- Instant messaging/chat
- Identity synchronization
- License assignment
## Memory Trick
Use **E-S-C-I-L**:
- **E**mail
- **S**torage and sync
- **C**ollaboration
- **I**dentity synchronization
- **L**icense assignment
If the question says "user can access from anywhere," "syncs across devices," or "assign a license to a user," think cloud productivity.
## Email Systems
Cloud email:
- Mailbox is hosted by a cloud provider.
- Common examples include Microsoft 365/Exchange Online and Google Workspace/Gmail.
- Often includes spam filtering, malware filtering, redundancy, backups, and centralized management.
Exam clue:
- If the user can sign in from multiple devices and mail is stored on the provider's servers, it is cloud email.
## Storage and Synchronization
Cloud storage:
- Files are stored in a cloud service.
- Common examples include OneDrive, Google Drive, Dropbox, and iCloud Drive.
Synchronization:
- A local file can be uploaded to the cloud and synced to other devices.
- Sync clients may let you choose which folders are local, cloud-only, or always available offline.
Memory trick:
- **Sync = same files across systems.**
Important distinction:
- Local-only file: stored on one device.
- Synced file: copied between local device and cloud.
- Streaming/cloud-only file: visible locally but downloaded on demand.
## Collaboration Tools
Collaboration tools let users work together in real time or near real time.
Examples:
- Shared documents
- Spreadsheets
- Presentations
- Videoconferencing
- Instant messaging
- Shared calendars
- Comments and version history
Exam clue:
- If multiple users edit or communicate together through the same service, it is collaboration.
## Identity Synchronization
Identity synchronization connects user identities across systems.
Examples:
- Microsoft Entra ID
- Google Identity
- Okta
- Directory sync from on-premises identity to cloud identity
Why it matters:
- Create or update a user once, and the change can appear in connected cloud services.
- Password and account state may be synchronized depending on configuration.
Exam clue:
- If the question says "same account works across cloud apps" or "new users appear automatically," think identity sync.
## License Assignment
Cloud services often use per-user licenses.
License assignment:
- Admin assigns a license to a user account.
- The user receives access to apps/services.
- Licenses can often be moved between users.
Why it matters:
- Easier than tracking physical license keys.
- Prevents wasting unused licenses.
- Centralized license management helps audits and cost control.
Exam clue:
- If a user can sign in but cannot access an app, check whether the correct license is assigned.
## Commands To Enter
Cloud productivity is usually managed in web admin portals, but you can still inspect local sync and network basics.
Windows:
```powershell
whoami
```
What it does:
- Shows the currently signed-in user.
- Useful when checking identity or account context.
```powershell
hostname
```
What it does:
- Shows the device name.
```powershell
ipconfig /all
```
What it does:
- Shows network and DNS details needed for cloud service connectivity.
```powershell
dir $env:USERPROFILE
```
What it does:
- Lists folders in the current user's profile.
- Look for cloud sync folders such as OneDrive, Dropbox, or Google Drive if installed.
Linux:
```bash
whoami
```
What it does:
- Shows current user.
```bash
hostname
```
What it does:
- Shows device name.
```bash
ip addr
```
What it does:
- Shows network interface/IP address information.
```bash
ls ~
```
What it does:
- Lists folders in the current user's home directory.
- Look for cloud sync folders if a sync client is installed.
macOS, if available:
```bash
whoami
hostname
ls ~
```
What it does:
- Shows user, device name, and home folder contents.
- Look for iCloud Drive, OneDrive, Dropbox, or Google Drive folders if configured.
## Mini Lab
Goal:
- Recognize cloud productivity components and local sync behavior.
Windows/Linux/macOS:
1. Identify the signed-in user.
2. Identify the device name.
3. Check basic network connectivity.
4. Look in the user's home/profile folder for any cloud sync folders.
5. If you use a cloud storage app, identify whether files are local, online-only, or synced.
Record:
- Current user:
- Device name:
- Cloud email service used, if any:
- Cloud storage service used, if any:
- Sync folder path:
- Is there an online-only or streaming file option?
- What collaboration tools do you use?
- What account identity do those tools use?
Admin scenario practice:
- A new employee can sign in but cannot open the company spreadsheet app. What should you check?
- A user saved a file locally but it does not appear on another device. What sync settings should you inspect?
- A user changed departments and now needs a different app set. What licensing/admin action may be needed?
## Quick Check Before Quiz
You are ready for the OS-11 quiz when you can answer these without looking:
- What does cloud file synchronization do?
- What is identity synchronization?
- What does license assignment control?
- Why are cloud email services centrally managed?
- What should you check if a user can sign in but cannot use a licensed app?

142
notes/OS-2-windows-installation-recovery.md Normal file
View file

@ -0,0 +1,142 @@
# OS-2: Windows Installation, Boot, and Recovery
Status: not started
Domain:
- 1.0 Operating Systems
## What You Need To Know
Windows installation questions usually test which method fits the situation.
Core install types:
- **Clean install**: wipes or replaces the existing OS. Best when starting fresh or when the old OS is badly damaged.
- **Upgrade install**: keeps compatible apps, files, and settings while moving to a newer Windows version.
- **Repair install / in-place repair**: reinstalls Windows system files while trying to keep user data and applications.
- **Image deployment**: applies a prepared OS image to one or many computers. Common in business environments.
- **Network boot / PXE**: boots a computer from the network to install or deploy an OS.
Boot and recovery questions usually test the first tool to try.
Common recovery tools:
- **Windows RE**: Windows Recovery Environment. This is the recovery menu used for repair options.
- **Startup Repair**: use when Windows will not boot correctly.
- **System Restore**: rolls system files/settings back to a restore point. It does not restore personal files.
- **Uninstall updates**: useful after a bad Windows update breaks startup.
- **Reset this PC**: reinstalls Windows and can keep or remove user files, depending on the option selected.
- **System image recovery**: restores the computer from a full system image backup.
## Memory Tricks
Install choices:
- **Clean = clear the old system.**
- **Upgrade = up but keep stuff.**
- **Image = identical installs.**
- **PXE = Preboot eXecution Environment = boot before local OS.**
Recovery choices:
- **Startup Repair starts the system again.**
- **System Restore restores settings, not documents.**
- **Image Recovery returns the whole picture.**
- **Reset is the bigger hammer when repair tools fail.**
## Commands To Enter
Enter these on Windows PowerShell or Command Prompt:
```powershell
reagentc /info
```
What it does:
- Shows whether Windows Recovery Environment is enabled.
- Useful when checking whether local recovery tools are available.
```powershell
shutdown /r /o /t 0
```
What it does:
- Restarts Windows directly into Advanced Startup options.
- `/r` means restart.
- `/o` means go to advanced boot options.
- `/t 0` means wait zero seconds.
```powershell
bcdedit
```
What it does:
- Displays Boot Configuration Data.
- Useful for viewing boot loader entries.
- Be careful: changing BCD settings can break boot if done incorrectly.
```powershell
sfc /scannow
```
What it does:
- Scans protected Windows system files and repairs corrupted files when possible.
- Use for suspected Windows system file corruption.
```powershell
DISM /Online /Cleanup-Image /RestoreHealth
```
What it does:
- Repairs the Windows component store used by SFC.
- If SFC cannot repair corruption, DISM is often used before running SFC again.
Enter these on Linux for comparison practice:
```bash
lsblk
```
What it does:
- Lists block devices such as drives and partitions.
- Useful for understanding disk layout before installation or recovery work.
```bash
df -h
```
What it does:
- Shows mounted file systems and disk usage in human-readable units.
```bash
sudo reboot
```
What it does:
- Restarts the Linux system.
- `sudo` runs the command with administrative privileges.
## Mini Lab
Goal:
- Recognize recovery options and practice safe information-gathering commands.
Windows:
1. Run `reagentc /info`.
2. Record whether Windows RE is enabled.
3. Run `sfc /scannow`.
4. Record whether Windows found integrity violations.
5. Optional: run `DISM /Online /Cleanup-Image /RestoreHealth`.
6. Do not change `bcdedit` settings. Only run `bcdedit` to view current boot entries.
Linux:
1. Run `lsblk`.
2. Identify the main disk.
3. Run `df -h`.
4. Identify the root filesystem and free space.
## Quick Check Before Quiz
You are ready for the OS-2 quiz when you can answer these without looking:
- What install type wipes the old OS?
- What install type keeps compatible files/apps/settings?
- Which recovery tool fixes common boot problems?
- What does System Restore affect?
- What command restarts Windows into Advanced Startup?

200
notes/OS-3-windows-admin-tools.md Normal file
View file

@ -0,0 +1,200 @@
# OS-3: Windows Administrative Tools
Status: not started
Domain:
- 1.0 Operating Systems
## What You Need To Know
The exam often describes a problem and expects you to pick the right Windows tool.
Core tools:
- **Task Manager**: view running apps/processes, resource use, startup apps, and end unresponsive tasks.
- **Services**: start, stop, restart, disable, or change startup type for Windows services.
- **Event Viewer**: read logs for errors, warnings, failed services, application crashes, security events, and system events.
- **Device Manager**: manage hardware devices, drivers, disabled devices, and driver rollback.
- **Disk Management**: create, format, extend, shrink, and assign drive letters to partitions/volumes.
- **System Configuration (`msconfig`)**: troubleshooting startup configuration and boot options.
- **Local Users and Groups**: manage local users and local group membership.
- **Performance Monitor**: collect detailed performance counters over time.
- **Resource Monitor**: live view of CPU, memory, disk, and network activity.
- **Task Scheduler**: run programs or scripts automatically based on time or events.
## Memory Tricks
Use the problem wording:
- **"What happened?" = Event Viewer**
- **"What hardware/driver?" = Device Manager**
- **"What starts with Windows?" = Task Manager or System Configuration**
- **"What service is stopped?" = Services**
- **"What partition/drive letter?" = Disk Management**
- **"What account/group?" = Local Users and Groups**
- **"What is slow right now?" = Resource Monitor**
- **"What is slow over time?" = Performance Monitor**
- **"Run this automatically" = Task Scheduler**
## Commands To Enter
Enter these on Windows PowerShell or Command Prompt:
```powershell
taskmgr
```
What it does:
- Opens Task Manager.
- Use it to view processes, performance, startup apps, and signed-in users.
```powershell
services.msc
```
What it does:
- Opens the Services console.
- Use it to start, stop, restart, disable, or change startup type for services.
```powershell
eventvwr.msc
```
What it does:
- Opens Event Viewer.
- Use it to investigate system, application, setup, and security logs.
```powershell
devmgmt.msc
```
What it does:
- Opens Device Manager.
- Use it to check hardware status and manage drivers.
```powershell
diskmgmt.msc
```
What it does:
- Opens Disk Management.
- Use it to manage partitions, volumes, and drive letters.
```powershell
msconfig
```
What it does:
- Opens System Configuration.
- Use it for boot and startup troubleshooting.
```powershell
lusrmgr.msc
```
What it does:
- Opens Local Users and Groups on supported Windows editions.
- Use it to manage local accounts and group membership.
- This is not available on all Home editions.
```powershell
perfmon
```
What it does:
- Opens Performance Monitor.
- Use it for detailed performance counters and longer-term monitoring.
```powershell
resmon
```
What it does:
- Opens Resource Monitor.
- Use it for live CPU, memory, disk, and network activity.
```powershell
taskschd.msc
```
What it does:
- Opens Task Scheduler.
- Use it to create, view, and troubleshoot scheduled tasks.
Linux comparison commands:
```bash
ps aux
```
What it does:
- Lists running processes.
```bash
top
```
What it does:
- Shows live process and resource usage.
```bash
systemctl status
```
What it does:
- Shows systemd service manager status.
- You can also check a specific service, such as `systemctl status ssh`.
```bash
journalctl -p err
```
What it does:
- Shows systemd journal entries with error priority.
```bash
lsblk
```
What it does:
- Lists disks and partitions.
## Mini Lab
Goal:
- Match tools to symptoms and practice safe viewing commands.
Windows:
1. Open Task Manager with `taskmgr`.
2. Open Event Viewer with `eventvwr.msc`.
3. In Event Viewer, view Windows Logs > System.
4. Open Device Manager with `devmgmt.msc`.
5. Open Disk Management with `diskmgmt.msc`.
6. Open Resource Monitor with `resmon`.
7. Record which tool you would use for:
- Failed service startup:
- Missing driver:
- Drive letter change:
- Slow disk right now:
- Long-term CPU tracking:
Linux:
1. Run `ps aux`.
2. Run `top`, then press `q` to quit.
3. Run `systemctl status`.
4. Run `journalctl -p err`.
5. Run `lsblk`.
6. Record the Linux command closest to:
- Task Manager:
- Event Viewer:
- Services:
- Disk Management:
## Quick Check Before Quiz
You are ready for the OS-3 quiz when you can answer these without looking:
- Which tool shows Windows logs?
- Which tool manages drivers?
- Which tool manages partitions and drive letters?
- Which tool shows live resource usage?
- Which tool runs jobs automatically?

343
notes/OS-4-windows-command-line.md Normal file
View file

@ -0,0 +1,343 @@
# OS-4: Windows Command Line
Status: not started
Domain:
- 1.0 Operating Systems
Objective alignment:
- 1.5 Windows command-line tools
- 1.7 Windows networking basics
- 3.1 Windows troubleshooting support
## What You Need To Know
Core 2 command questions usually ask, "Which command would you use?"
Think in buckets:
- **Navigation**: move around files and folders.
- **Network**: check IP address, connectivity, DNS, routes, and connections.
- **Disk/file repair**: check file systems and system files.
- **Identity/system info**: computer name, signed-in user, Windows version.
- **Group Policy**: update or report applied policies.
- **Help**: find command syntax.
Some commands are safe to run anytime. Others can change disks or files, so use them carefully.
## Memory Tricks
- **`ipconfig` = IP configuration.**
- **`ping` = "Are you alive?"**
- **`tracert` = trace route.**
- **`nslookup` = name server lookup.**
- **`netstat` = network statistics.**
- **`chkdsk` = check disk.**
- **`sfc` = system file checker.**
- **`gpupdate` = Group Policy update.**
- **`gpresult` = Group Policy result.**
- **`/?` = "How do I use this?"**
## Commands To Enter
Enter these on Windows PowerShell or Command Prompt.
### Navigation
```powershell
dir
```
What it does:
- Lists files and folders in the current directory.
- Similar Linux command: `ls`.
```powershell
cd
```
What it does:
- Shows or changes the current directory.
- `cd ..` moves up one folder.
```powershell
mkdir test-folder
```
What it does:
- Creates a folder named `test-folder`.
- `md` does the same thing.
```powershell
rmdir test-folder
```
What it does:
- Removes an empty folder.
- `rd` does the same thing.
### Network
```powershell
ipconfig
```
What it does:
- Shows IP address, subnet mask, and default gateway for network adapters.
```powershell
ipconfig /all
```
What it does:
- Shows detailed adapter info, including MAC address, DNS servers, DHCP status, and lease details.
```powershell
ping 127.0.0.1
```
What it does:
- Tests the local TCP/IP stack using the loopback address.
- If this fails, the local networking stack has a problem.
```powershell
ping 8.8.8.8
```
What it does:
- Tests basic IP connectivity to an external address.
- If this works but names do not, suspect DNS.
```powershell
nslookup example.com
```
What it does:
- Queries DNS for a hostname.
- Useful when websites fail by name but IP connectivity works.
```powershell
tracert example.com
```
What it does:
- Shows the router hops toward a destination.
- Useful for finding where a path may stop.
```powershell
pathping example.com
```
What it does:
- Combines route tracing with packet-loss statistics.
- Takes longer than `tracert`.
```powershell
netstat -ano
```
What it does:
- Shows active connections and listening ports.
- `-a` shows all connections/listeners.
- `-n` keeps addresses numeric.
- `-o` shows process IDs.
### Disk and File Repair
```powershell
chkdsk
```
What it does:
- Checks the disk file system status.
```powershell
chkdsk /f
```
What it does:
- Fixes logical file system errors.
- May need to run at startup if the drive is locked.
```powershell
chkdsk /r
```
What it does:
- Looks for bad sectors and recovers readable information.
- Includes `/f`.
- Can take a long time.
```powershell
sfc /scannow
```
What it does:
- Scans protected Windows system files and repairs them when possible.
### Identity and System Info
```powershell
hostname
```
What it does:
- Shows the computer name.
```powershell
whoami
```
What it does:
- Shows the current user.
```powershell
whoami /all
```
What it does:
- Shows current user, groups, privileges, and security identifier details.
```powershell
winver
```
What it does:
- Opens the Windows version/build dialog.
### Group Policy
```powershell
gpupdate /force
```
What it does:
- Forces a Group Policy refresh.
- Most relevant on domain-joined business systems.
```powershell
gpresult /r
```
What it does:
- Shows Resultant Set of Policy summary for the user/computer.
- Use it to verify what policies applied.
### Help
```powershell
ipconfig /?
```
What it does:
- Shows help and syntax for `ipconfig`.
- Most Windows commands support `/?`.
```powershell
help dir
```
What it does:
- Shows help for the `dir` command.
## Commands To Know But Treat Carefully
```powershell
format
```
What it does:
- Formats a volume.
- Warning: this can erase data.
```powershell
diskpart
```
What it does:
- Opens a powerful disk partitioning tool.
- Warning: incorrect commands can erase partitions or make a system unbootable.
```powershell
robocopy
```
What it does:
- Copies files and folders robustly.
- Useful for backups and migrations.
- Be careful with mirror options because they can delete destination files.
## Linux Comparison Commands
```bash
ls
pwd
cd
mkdir test-folder
rmdir test-folder
ip addr
ping 127.0.0.1
traceroute example.com
dig example.com
df -h
du -h
ps aux
top
```
Why this matters:
- Linux command practice helps you understand the same troubleshooting ideas across operating systems.
- Exact commands differ, but the goal is often the same: identify the system, check network state, inspect storage, and view running processes.
## Mini Lab
Goal:
- Practice safe command-line troubleshooting.
Windows:
1. Run `hostname`.
2. Run `whoami`.
3. Run `winver`.
4. Run `ipconfig`.
5. Run `ipconfig /all`.
6. Run `ping 127.0.0.1`.
7. Run `nslookup example.com`.
8. Run `netstat -ano`.
9. Run `sfc /scannow`.
10. Run `ipconfig /?`.
Record:
- Computer name:
- Current user:
- IPv4 address:
- Default gateway:
- DNS server:
- Did loopback ping work?
- Did DNS lookup work?
- One listening port from `netstat -ano`:
Linux:
1. Run `hostname`.
2. Run `whoami`.
3. Run `ip addr`.
4. Run `ping -c 4 127.0.0.1`.
5. Run `df -h`.
6. Run `ps aux`.
7. Run `top`, then press `q`.
Record:
- Hostname:
- Current user:
- IP address:
- Root filesystem free space:
- One running process:
## Quick Check Before Quiz
You are ready for the OS-4 quiz when you can answer these without looking:
- Which command shows full Windows IP configuration?
- Which command tests DNS name resolution?
- Which command shows active connections and process IDs?
- Which command repairs protected Windows system files?
- Which command forces Group Policy refresh?
- Which commands can erase data if misused?

186
notes/OS-5-os-types-filesystems.md Normal file
View file

@ -0,0 +1,186 @@
# OS-5: OS Types and File Systems
Status: strong
Domain:
- 1.0 Operating Systems
Objective alignment:
- 1.1 Operating system types and file systems
## What You Need To Know
An operating system sits between the user, applications, and hardware.
It handles:
- Files and folders
- Application support
- Memory use
- Input and output devices
- Drivers
- User interface
- System settings and updates
For the exam, know the personality of each OS family.
## OS Type Shortcuts
Windows:
- Common in business and consumer PCs.
- Broad hardware and software support.
- Big target for malware because it is widely used.
Linux:
- Open-source and common on servers, development systems, and technical workstations.
- Many distributions, such as Ubuntu, Debian, Fedora, and Red Hat.
- Strong command-line culture.
macOS:
- Apple desktop/laptop OS.
- Runs on Apple hardware.
- You need conceptual knowledge, but no Mac lab is required for our study plan.
ChromeOS:
- Google OS based on the Linux kernel.
- Web/cloud-focused.
- Common on Chromebooks.
iOS/iPadOS:
- Apple mobile/tablet OS.
- Apps normally come through Apple's App Store.
Android:
- Linux-based mobile OS.
- Used by many manufacturers.
- Apps can come from Google Play and, depending on policy/settings, other app stores.
## Memory Trick
Use **W-L-M-C-I-A**:
- **W**indows: workplace and wide support
- **L**inux: lots of distributions
- **M**ac: manufactured by Apple
- **C**hromeOS: cloud-centered
- **I**OS/iPadOS: inside Apple's app store
- **A**ndroid: available across many manufacturers
## File Systems
A file system is the format used to organize data on a storage device.
Common file systems:
- **NTFS**: modern Windows file system. Supports permissions, encryption, compression, large files, and recoverability.
- **ReFS**: newer Microsoft file system focused on resiliency and large storage use cases.
- **FAT32**: older and broadly compatible, but has a 4 GB max file size.
- **exFAT**: good for flash drives and cross-platform file transfer; supports files larger than 4 GB.
- **ext4**: common Linux file system.
- **XFS**: high-performance Linux file system, often used for large-scale storage.
- **APFS**: Apple file system for modern macOS/iOS/iPadOS devices.
## File System Memory Tricks
- **NTFS = New Technology For Security**: Windows permissions and encryption.
- **FAT32 = Four GB wall**: single files cannot exceed 4 GB.
- **exFAT = EXternal flash-friendly FAT**: good for USB drives across OSs.
- **ext4 = Linux everyday default**: common Linux file system.
- **APFS = Apple Prefers Flash Storage**: Apple modern file system.
- **ReFS = Resilient File System**: built for resiliency.
## Commands To Enter
Windows:
```powershell
fsutil fsinfo drives
```
What it does:
- Lists available drives.
```powershell
fsutil fsinfo volumeinfo C:
```
What it does:
- Shows file-system information for the C: volume.
- You may need an elevated terminal.
```powershell
wmic logicaldisk get caption,filesystem,size,freespace
```
What it does:
- Lists drive letters, file systems, sizes, and free space.
```powershell
Get-Volume
```
What it does:
- PowerShell command that shows volumes, drive letters, labels, file systems, and health status.
Linux:
```bash
df -T
```
What it does:
- Shows mounted file systems and their types.
```bash
lsblk -f
```
What it does:
- Lists block devices with file-system information.
```bash
cat /etc/os-release
```
What it does:
- Shows Linux distribution information.
```bash
uname -a
```
What it does:
- Shows kernel and architecture information.
## Mini Lab
Goal:
- Identify the OS family and file system in use.
Windows:
1. Run `winver`.
2. Run `wmic logicaldisk get caption,filesystem,size,freespace`.
3. Run `Get-Volume` in PowerShell.
4. Record:
- Windows version:
- Main drive letter:
- Main drive file system:
- Free space:
Linux:
1. Run `cat /etc/os-release`.
2. Run `uname -a`.
3. Run `df -T`.
4. Run `lsblk -f`.
5. Record:
- Distribution:
- Kernel:
- Root file system type:
- Main disk/partition:
## Quick Check Before Quiz
You are ready for the OS-5 quiz when you can answer these without looking:
- Which file system is common for modern Windows?
- Which file system has a 4 GB single-file limit?
- Which file system is common for Linux?
- Which OS is cloud/browser-centered?
- Which mobile OS is used by many manufacturers?

248
notes/OS-6-windows-control-panel-settings.md Normal file
View file

@ -0,0 +1,248 @@
# OS-6: Windows Control Panel and Settings
Status: not started
Domain:
- 1.0 Operating Systems
Objective alignment:
- 1.6 Windows Control Panel and Settings
## What You Need To Know
This objective is about knowing where to configure Windows features.
Windows has two major configuration areas:
- **Control Panel**: older interface, still used for many classic tools.
- **Settings app**: newer interface, used for most daily configuration.
Exam questions usually describe a task and ask where you should go.
## Memory Trick
Use **"Old Control, New Settings"**:
- If it sounds like an older Windows admin item, think Control Panel or `.cpl`.
- If it sounds like modern user preferences, think Settings.
Another shortcut:
- **Hardware problem? Device Manager.**
- **Power/sleep/lid? Power Options.**
- **Hidden files/extensions? File Explorer Options.**
- **Installed apps? Apps / Programs and Features.**
- **Printers? Devices and Printers or Settings > Bluetooth & devices.**
- **Windows updates? Update and Security / Windows Update.**
- **Clock/language? Time and Language.**
## Control Panel Areas To Know
Internet Options:
- Browser-related legacy settings such as security zones, privacy, and connections.
Devices and Printers:
- View and manage printers and connected devices.
Programs and Features:
- Uninstall or change installed desktop applications.
- Turn Windows features on or off.
Network and Sharing Center:
- View network status and adapter settings.
Windows Defender Firewall:
- Enable/disable firewall profiles and allow apps through the firewall.
User Accounts:
- Manage local user account settings.
Device Manager:
- Manage hardware and drivers.
Indexing Options:
- Choose locations Windows indexes for faster search.
Power Options:
- Sleep, hibernate, lid behavior, power plans, USB selective suspend, and Fast Startup.
File Explorer Options:
- Show hidden files, show file extensions, and change search/view behavior.
Ease of Access:
- Accessibility settings for display, keyboard, mouse, narrator, and other input/output needs.
## Settings App Areas To Know
System:
- Display, sound, notifications, power, storage, and about information.
Bluetooth and devices:
- Bluetooth, printers, mouse, typing, pen, and connected devices.
Network and Internet:
- Wi-Fi, Ethernet, VPN, proxy, metered network, and IP settings.
Personalization:
- Wallpaper, colors, lock screen, themes, and Start/taskbar preferences.
Apps:
- Installed apps, default apps, optional features, and app settings.
Accounts:
- Microsoft account/local account, email accounts, sign-in options, PIN, password, and security key.
Time and Language:
- Date/time, region, language, and keyboard options.
Privacy and Security:
- App permissions, privacy controls, Windows Security, and security-related settings.
Windows Update:
- Updates, active hours, update history, and restart scheduling.
## Commands To Enter
Windows commands:
```powershell
control
```
What it does:
- Opens Control Panel.
```powershell
ms-settings:
```
What it does:
- Opens the Windows Settings app.
```powershell
appwiz.cpl
```
What it does:
- Opens Programs and Features.
- Use this to uninstall or change classic desktop apps.
```powershell
ncpa.cpl
```
What it does:
- Opens Network Connections.
- Use this to view or change network adapters.
```powershell
firewall.cpl
```
What it does:
- Opens Windows Defender Firewall.
```powershell
powercfg.cpl
```
What it does:
- Opens Power Options.
```powershell
inetcpl.cpl
```
What it does:
- Opens Internet Options.
```powershell
control printers
```
What it does:
- Opens Devices and Printers.
```powershell
control folders
```
What it does:
- Opens File Explorer Options.
```powershell
devmgmt.msc
```
What it does:
- Opens Device Manager.
Linux comparison commands:
```bash
gnome-control-center
```
What it does:
- Opens GNOME Settings on Linux systems that use GNOME.
- May not be installed on every Linux distribution.
```bash
nm-connection-editor
```
What it does:
- Opens a graphical network connection editor on many Linux desktops.
- May not be installed on every Linux distribution.
```bash
timedatectl
```
What it does:
- Shows or configures Linux time/date settings.
## Mini Lab
Goal:
- Learn where Windows settings live.
Windows:
1. Run `control`.
2. Run `ms-settings:`.
3. Run `appwiz.cpl`.
4. Run `ncpa.cpl`.
5. Run `firewall.cpl`.
6. Run `powercfg.cpl`.
7. Run `control printers`.
8. Run `control folders`.
9. Run `devmgmt.msc`.
Record the best place to configure:
- Uninstall a desktop app:
- Change a network adapter:
- Allow an app through firewall:
- Change what closing a laptop lid does:
- Show hidden files:
- Manage a printer:
- Fix a driver problem:
- Change date/time or language:
- Change default apps:
Linux:
1. Run `timedatectl`.
2. If using GNOME, run `gnome-control-center`.
3. Optional: run `nm-connection-editor`.
Record:
- Current time zone:
- Network settings tool available:
- Desktop settings tool available:
## Quick Check Before Quiz
You are ready for the OS-6 quiz when you can answer these without looking:
- Where do you uninstall classic desktop apps?
- Where do you change adapter settings?
- Where do you show hidden files and extensions?
- Where do you change sleep/hibernate/lid behavior?
- Where do you manage drivers?

283
notes/OS-7-windows-networking.md Normal file
View file

@ -0,0 +1,283 @@
# OS-7: Windows Networking
Status: not started
Domain:
- 1.0 Operating Systems
Objective alignment:
- 1.7 Windows networking
- 1.5 Windows network command-line support
## What You Need To Know
Windows networking questions usually describe one of these tasks:
- Join or compare a workgroup/domain.
- Share a folder or printer.
- Map a network drive.
- Configure firewall exceptions.
- Configure IP settings.
- Choose public/private network profile.
- Configure VPN, Wi-Fi, proxy, WWAN, or metered connection.
## Memory Tricks
Use **D-S-F-I-P**:
- **D**omain/workgroup: who manages login?
- **S**hares: folder/printer access.
- **F**irewall: allow/block traffic.
- **I**P settings: address, mask, gateway, DNS.
- **P**rofile/proxy/VPN: how traffic is treated.
Network profile:
- **Private = trusted = sharing allowed.**
- **Public = untrusted = sharing restricted.**
IP troubleshooting:
- **169.254 = APIPA = DHCP failed.**
- **127.0.0.1 = loopback = local TCP/IP test.**
## Workgroup vs Domain
Workgroup:
- Small peer-to-peer network.
- Each PC manages its own local users and permissions.
- No centralized authentication.
Domain:
- Business network with centralized authentication and management.
- Usually uses Active Directory.
- Supports Group Policy.
- Requires Windows Pro or higher to join a domain.
## Shared Resources
Shared folder:
- Makes a folder available over the network.
- Uses a UNC path like `\\server\share`.
Mapped drive:
- Assigns a drive letter to a network share.
- Example: map `H:` to `\\server\shared`.
Hidden share:
- Share name ends in `$`.
- Example: `\\server\share$`.
- It hides the share from browsing but is not real security.
Shared printer:
- Makes a printer available to other users.
- Can be added from Settings, Control Panel, or a shared path.
## Firewall Concepts
Windows Defender Firewall should normally stay enabled.
Firewall exception types:
- Allow an app or feature.
- Allow/block a port.
- Use a predefined rule.
- Create a custom rule.
Network profiles:
- Public profile: stricter, for public Wi-Fi.
- Private profile: more trusted, allows more discovery/sharing.
## IP Addressing
DHCP:
- Automatically assigns IP settings.
- Default behavior on most clients.
Static IP:
- Manually configured IP address, subnet mask, gateway, and DNS.
- Used when a device needs a fixed address.
APIPA:
- Automatic Private IP Addressing.
- Address range starts with `169.254`.
- Means the client did not get DHCP and usually has no internet access.
Core fields:
- IP address: device address.
- Subnet mask: local network boundary.
- Default gateway: route off the local network.
- DNS server: converts names to IP addresses.
## Connection Types
Wired:
- Ethernet cable.
- Usually stable and fast.
Wireless:
- Wi-Fi using SSID, security type, encryption, and key.
VPN:
- Encrypted connection to a private network.
- Often used for work access.
- May use MFA such as smart card, authenticator app, or token.
WWAN:
- Cellular data connection.
- May use built-in modem, USB modem, tethering, or hotspot.
Proxy:
- A go-between for web/internet traffic.
- Configured in Settings > Network and Internet or Internet Options.
Metered connection:
- Tells Windows to reduce data use.
- Useful for cellular/hotspot/limited data networks.
## Commands To Enter
Windows:
```powershell
ipconfig
```
What it does:
- Shows IP address, subnet mask, and default gateway.
```powershell
ipconfig /all
```
What it does:
- Shows detailed network configuration, including DNS, DHCP, and MAC address.
```powershell
ping 127.0.0.1
```
What it does:
- Tests local TCP/IP stack.
```powershell
ping 8.8.8.8
```
What it does:
- Tests external IP connectivity.
```powershell
nslookup example.com
```
What it does:
- Tests DNS name resolution.
```powershell
net use
```
What it does:
- Shows mapped network drives and network connections.
```powershell
net use H: \\server\share
```
What it does:
- Maps drive `H:` to a network share.
- Replace `\\server\share` with a real share in your environment.
```powershell
net use H: /delete
```
What it does:
- Removes the mapped drive `H:`.
```powershell
ncpa.cpl
```
What it does:
- Opens Network Connections.
```powershell
firewall.cpl
```
What it does:
- Opens Windows Defender Firewall.
Linux comparison:
```bash
ip addr
```
What it does:
- Shows Linux network interfaces and IP addresses.
```bash
ip route
```
What it does:
- Shows routing table, including default gateway.
```bash
cat /etc/resolv.conf
```
What it does:
- Shows DNS resolver configuration on many Linux systems.
```bash
ping -c 4 127.0.0.1
```
What it does:
- Tests local TCP/IP stack.
## Mini Lab
Goal:
- Identify IP settings, network profile concepts, firewall location, and mapped-drive syntax.
Windows:
1. Run `ipconfig`.
2. Run `ipconfig /all`.
3. Run `ping 127.0.0.1`.
4. Run `nslookup example.com`.
5. Run `net use`.
6. Run `ncpa.cpl`.
7. Run `firewall.cpl`.
Record:
- IPv4 address:
- Subnet mask:
- Default gateway:
- DNS server:
- DHCP enabled:
- Any mapped drives:
- Current network adapter name:
- Where firewall profile settings are located:
Linux:
1. Run `ip addr`.
2. Run `ip route`.
3. Run `cat /etc/resolv.conf`.
4. Run `ping -c 4 127.0.0.1`.
Record:
- IP address:
- Default gateway:
- DNS server:
- Loopback ping result:
## Quick Check Before Quiz
You are ready for the OS-7 quiz when you can answer these without looking:
- What does a `169.254.x.x` address usually mean?
- Which network profile is safest for public Wi-Fi?
- What does `net use` do?
- What settings are required for a static IP?
- What does DNS do?

253
notes/OS-8-macos-tools-features.md Normal file
View file

@ -0,0 +1,253 @@
# OS-8: macOS Tools and Features
Status: not started
Domain:
- 1.0 Operating Systems
Objective alignment:
- 1.8 macOS tools and features
## What You Need To Know
You may not use macOS daily, but the exam expects you to recognize common macOS tools, file types, folders, and features.
Focus on matching the macOS term to its job.
## Memory Trick
Use **F-D-T-K-S-I**:
- **F**inder: files
- **D**isk Utility: disks
- **T**ime Machine: backups
- **K**eychain: passwords/certificates
- **S**potlight: search
- **I**Cloud: sync
Security shortcut:
- **FileVault = full disk encryption**
- **Privacy = app permissions**
- **Rapid Security Response = urgent Apple security patches**
## macOS File Types
`.dmg`:
- Apple disk image.
- Mounts like a virtual drive.
`.pkg`:
- Installer package.
- Runs an installation process.
`.app`:
- Application bundle.
- Often removed by dragging to Trash, though some apps include uninstallers.
## macOS Folders
`/Applications`:
- Installed apps.
`/Users`:
- User home folders.
`/Library`:
- System-wide support files.
`~/Library`:
- User-specific support files and preferences.
- `~` means the current user's home folder.
`/System`:
- Core operating system files.
## macOS Tools and Features
System Settings:
- macOS equivalent of the Windows Settings app/Control Panel.
- Used for display, network, privacy, accessibility, updates, accounts, and more.
Finder:
- macOS file manager.
- Similar idea to Windows File Explorer.
Dock:
- Quick app launcher and running-app indicator.
Spotlight:
- Search for apps, files, settings, and information.
- Shortcut: `Command-Space`.
Mission Control:
- Shows open windows and desktops.
Spaces:
- Multiple virtual desktops.
Keychain Access:
- Stores passwords, certificates, keys, and secure notes.
iCloud:
- Apple cloud sync for files, photos, contacts, calendars, messages, device backup, and cross-device integration.
Time Machine:
- Built-in macOS backup tool.
- Creates automatic backups and removes oldest backups when the backup disk fills.
Disk Utility:
- Manage disks, partitions, images, erasing, verifying, and repairing file systems.
FileVault:
- Full disk encryption for macOS.
Terminal:
- Command-line access to macOS.
Force Quit:
- Stops an unresponsive application.
- Shortcut: `Command-Option-Escape`.
Continuity:
- Apple cross-device features such as AirDrop, iPhone camera use, message forwarding, and handoff-style workflows.
Gestures:
- Trackpad actions such as swiping, pinching, and multi-finger controls.
Remote Disc:
- Uses an optical drive from another computer.
- Mostly a legacy feature, but still an exam term.
## Commands To Enter On A Mac
Run these in Terminal when you have access to your friend's Mac.
```bash
sw_vers
```
What it does:
- Shows macOS product name, version, and build.
```bash
uname -a
```
What it does:
- Shows kernel and architecture information.
```bash
whoami
```
What it does:
- Shows the current user.
```bash
pwd
```
What it does:
- Shows the current directory.
```bash
ls /Applications
```
What it does:
- Lists installed applications in `/Applications`.
```bash
ls /Users
```
What it does:
- Lists user home folders.
```bash
diskutil list
```
What it does:
- Lists disks and partitions.
```bash
tmutil status
```
What it does:
- Shows Time Machine backup status.
```bash
fdesetup status
```
What it does:
- Shows whether FileVault is enabled.
## Windows/Linux Comparisons
Finder:
- Windows comparison: File Explorer.
- Linux comparison: Files/Nautilus, Dolphin, or another file manager.
System Settings:
- Windows comparison: Settings and Control Panel.
- Linux comparison: GNOME Settings or KDE System Settings.
Terminal:
- Windows comparison: Command Prompt, PowerShell, Windows Terminal.
- Linux comparison: Terminal.
Disk Utility:
- Windows comparison: Disk Management.
- Linux comparison: `lsblk`, `fdisk`, GNOME Disks.
Time Machine:
- Windows comparison: File History, Backup and Restore, system image concepts.
- Linux comparison: distribution-specific backup tools or `rsync`-based workflows.
FileVault:
- Windows comparison: BitLocker.
- Linux comparison: LUKS/disk encryption.
## Mini Lab
Goal:
- Recognize macOS tools by doing safe lookups and comparisons.
On macOS:
1. Open Finder and identify `/Applications` and `/Users`.
2. Open System Settings.
3. Search System Settings for `FileVault`.
4. Search System Settings for `Time Machine`.
5. Open Spotlight with `Command-Space` and search for `Disk Utility`.
6. Open Terminal.
7. Run `sw_vers`.
8. Run `diskutil list`.
9. Run `tmutil status`.
10. Run `fdesetup status`.
Record:
- macOS version:
- Current user:
- FileVault status:
- Time Machine status:
- Main disk name:
- Where app privacy permissions are configured:
Without a Mac:
1. Review the macOS term list.
2. Match each macOS term to a Windows or Linux equivalent.
3. Practice the OS-8 quiz.
## Quick Check Before Quiz
You are ready for the OS-8 quiz when you can answer these without looking:
- What does Time Machine do?
- What does FileVault do?
- What does Keychain store?
- What is Finder comparable to in Windows?
- Which shortcut opens Force Quit?
- Which command shows macOS version?

347
notes/OS-9-linux-client-tools.md Normal file
View file

@ -0,0 +1,347 @@
# OS-9: Linux Client Tools
Status: not started
Domain:
- 1.0 Operating Systems
Objective alignment:
- 1.9 Linux client tools
## What You Need To Know
Linux questions on Core 2 usually test:
- Basic file navigation
- Permissions and ownership
- Important configuration files
- Package managers
- Network commands
- Process and disk usage commands
- The difference between normal user and root/admin actions
## Memory Tricks
Command buckets:
- **Files**: `ls`, `pwd`, `mv`, `cp`, `rm`, `find`, `cat`
- **Permissions**: `chmod`, `chown`, `sudo`, `su`
- **Network**: `ip`, `ping`, `curl`, `dig`, `traceroute`
- **System**: `top`, `ps`, `df`, `du`, `mount`, `fsck`
- **Help**: `man`
Key files:
- `/etc/passwd`: user account list
- `/etc/shadow`: password hashes
- `/etc/hosts`: local name-to-IP mappings
- `/etc/resolv.conf`: DNS resolver settings
- `/etc/fstab`: file systems mounted at boot
Memory hook:
- **PASS users, SHADOW passwords, HOSTS names, RESOLV DNS, FSTAB mounts.**
## Linux Concepts
Root:
- The all-powerful administrative account.
- User ID `0`.
`sudo`:
- Runs one command with elevated privileges.
- Safer than staying logged in as root.
`su`:
- Switches to another user, often root.
- You remain that user until you exit.
Kernel:
- Core of the operating system.
- Manages hardware, memory, and processes.
Bootloader:
- Starts the operating system during boot.
systemd:
- System and service manager.
- Starts and manages services, login sessions, logging, and other system processes.
## Commands To Enter
Safe commands:
```bash
pwd
```
What it does:
- Prints the current working directory.
```bash
ls
```
What it does:
- Lists files and directories.
```bash
ls -l
```
What it does:
- Lists files with permissions, owner, group, size, and date.
```bash
cat /etc/os-release
```
What it does:
- Shows Linux distribution details.
```bash
cat /etc/passwd
```
What it does:
- Shows local user account entries.
- Each line includes username, UID, GID, home directory, and shell.
```bash
cat /etc/hosts
```
What it does:
- Shows local hostname-to-IP mappings.
```bash
cat /etc/resolv.conf
```
What it does:
- Shows DNS resolver settings.
```bash
cat /etc/fstab
```
What it does:
- Shows file systems configured to mount at startup.
```bash
grep root /etc/passwd
```
What it does:
- Searches `/etc/passwd` for lines containing `root`.
```bash
find . -name "*.txt"
```
What it does:
- Finds `.txt` files under the current directory.
```bash
ip addr
```
What it does:
- Shows network interfaces and IP addresses.
```bash
ip route
```
What it does:
- Shows routes, including the default gateway.
```bash
ping -c 4 127.0.0.1
```
What it does:
- Sends four pings to the local loopback address.
```bash
curl https://example.com
```
What it does:
- Retrieves data from a URL.
```bash
dig example.com
```
What it does:
- Queries DNS for detailed domain information.
- If `dig` is not installed, try `nslookup example.com`.
```bash
traceroute example.com
```
What it does:
- Shows the route packets take to a destination.
- If not installed, use `tracepath example.com` if available.
```bash
top
```
What it does:
- Shows live process and resource usage.
- Press `q` to quit.
```bash
ps aux
```
What it does:
- Shows running processes.
```bash
df -h
```
What it does:
- Shows mounted file systems and free space in human-readable units.
```bash
du -h
```
What it does:
- Shows disk usage for files/directories.
```bash
man grep
```
What it does:
- Opens the manual page for `grep`.
- Press `q` to quit.
## Practice File Commands
Use these in a temporary folder:
```bash
mkdir linux-practice
cd linux-practice
echo "Core 2 Linux practice" > notes.txt
cp notes.txt copy.txt
mv copy.txt renamed.txt
ls -l
grep Linux notes.txt
chmod u+x renamed.txt
ls -l
cd ..
rm -r linux-practice
```
What they do:
- `mkdir` creates a directory.
- `cd` changes directory.
- `echo ... > file` writes text to a file.
- `cp` copies a file.
- `mv` moves or renames a file.
- `grep` searches inside a file.
- `chmod u+x` adds execute permission for the owner.
- `rm -r` removes a directory and its contents.
## Admin Commands To Know
Do not run these casually on important systems:
```bash
sudo chown user:group file
```
What it does:
- Changes file owner/group.
```bash
sudo apt update
sudo apt install package-name
```
What it does:
- Updates package lists and installs software on Debian/Ubuntu-based systems.
```bash
sudo dnf install package-name
```
What it does:
- Installs software on Fedora/Red Hat-based systems.
```bash
sudo fsck /dev/device
```
What it does:
- Checks and repairs a file system.
- Usually run on unmounted or read-only volumes.
```bash
sudo mount /dev/device /mnt
```
What it does:
- Mounts a storage device to a directory.
## Windows Comparisons
- `ls` is like `dir`.
- `pwd` is like checking your current path in Command Prompt/PowerShell.
- `top` and `ps` are like Task Manager process views.
- `df -h` is like checking drive free space.
- `fsck` is like `chkdsk`.
- `traceroute` is like Windows `tracert`.
- `dig` is like `nslookup`, but usually more detailed.
## Mini Lab
Goal:
- Practice common Linux commands safely.
Linux:
1. Run `cat /etc/os-release`.
2. Run `pwd`.
3. Run `ls -l`.
4. Run `cat /etc/passwd`.
5. Run `cat /etc/hosts`.
6. Run `cat /etc/resolv.conf`.
7. Run `ip addr`.
8. Run `ip route`.
9. Run `df -h`.
10. Run `ps aux`.
11. Run `top`, then press `q`.
12. Create and remove the `linux-practice` folder from the practice command section.
Record:
- Distribution:
- Current directory:
- Current user:
- DNS server:
- Default gateway:
- Root filesystem free space:
- One running process:
- What permission changed after `chmod u+x`:
Windows comparison:
1. Run `dir`.
2. Run `taskmgr`.
3. Run `tracert example.com`.
4. Run `nslookup example.com`.
5. Record which Linux commands match those Windows tools.
## Quick Check Before Quiz
You are ready for the OS-9 quiz when you can answer these without looking:
- Which file lists user accounts?
- Which file stores password hashes?
- Which command changes file permissions?
- Which command shows live process/resource usage?
- Which command shows disk free space?
- Which package manager is common on Ubuntu/Debian?
- Which command gives help/manual pages?

291
notes/SEC-1-security-controls.md Normal file
View file

@ -0,0 +1,291 @@
# SEC-1: Security Controls
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.1 Security controls
## What You Need To Know
Security controls reduce risk. Core 2 expects you to match the control to the problem.
Main groups:
- Physical security controls
- Physical access controls
- Logical security controls
- Authentication and access management
- Data and device management controls
## Memory Trick
Use **P-L-A-D**:
- **P**hysical: stop bodies, cars, theft, and entry
- **L**ogical: permissions, trust, and network/software rules
- **A**uthentication: prove who you are
- **D**ata/device controls: protect data and managed devices
MFA factors:
- **Know**: password, PIN
- **Have**: smart card, key fob, phone, token
- **Are**: fingerprint, face, retina
- **Where**: location
## Physical Security Controls
Bollards:
- Posts/barriers that stop vehicles.
- Exam clue: prevent cars/trucks from reaching a building.
Access control vestibule:
- Two-door controlled entry area.
- One door opens while the other remains locked.
- Exam clue: prevent tailgating or control one-person-at-a-time entry.
Badge reader:
- Reads magnetic stripe, RFID, NFC, or similar badge.
- Exam clue: employee door access or time clock.
Video surveillance/CCTV:
- Cameras and recording.
- Exam clue: monitor entrances, review incidents, license plates, faces, motion.
Alarm systems:
- Door/window/fence circuits, motion detection, duress buttons.
- Exam clue: alert when perimeter or protected area is breached.
Locks:
- Conventional key, deadbolt, electronic PIN, token-based, biometric, multifactor.
Equipment locks:
- Lock racks, cabinets, laptops, or devices.
Guards and access lists:
- Human verification of ID and visitor access.
- Often includes visitor log.
Fences and lighting:
- Fences create perimeter.
- Lighting deters attackers and improves camera visibility.
Magnetometers:
- Detect metal objects.
- Exam clue: weapons screening.
## Physical Access Factors
Key fob:
- Small RFID/proximity key.
Smart card:
- Certificate-based card, usually part of MFA.
Mobile digital key:
- Phone acts as key for building, hotel, car, or office.
Biometrics:
- Fingerprint, retina, palm, face, or voice.
- Strong but not easily changed if compromised.
## Logical Security Controls
Least privilege:
- Users get only the access needed to do their job.
- Exam clue: reduce damage from mistakes or malware.
Zero Trust:
- Trust nothing automatically.
- Verify users, devices, apps, and requests continuously.
ACL:
- Access Control List.
- Allows or denies traffic or file access based on rules.
## Authentication and Access
MFA:
- Multi-factor authentication.
- Requires two or more different factor types.
OTP:
- One-time password.
- Used once for a login/session.
TOTP:
- Time-based one-time password.
- Common authenticator app code that changes every 30 seconds.
SMS/voice codes:
- Codes sent by text or phone call.
- Better than password only, but weaker than authenticator apps or hardware tokens.
Authentication app:
- Generates codes or push approvals.
SAML:
- Security Assertion Markup Language.
- Standard for authentication/authorization between identity provider and service.
SSO:
- Single sign-on.
- Authenticate once and access multiple approved resources.
Just-in-time access:
- Grants elevated/admin access only temporarily.
- Exam clue: reduce standing admin privileges.
PAM:
- Privileged Access Management.
- Broader system for controlling, vaulting, auditing, and granting privileged access.
## Data and Device Controls
MDM:
- Mobile Device Management.
- Centrally manages phones/tablets/laptops, policies, screen lock, apps, wipe, and BYOD controls.
DLP:
- Data Loss Prevention.
- Detects/prevents sensitive data from leaving approved locations.
- Exam clue: block SSNs, credit cards, medical records, or confidential files from being emailed/uploaded.
IAM:
- Identity and Access Management.
- Gives the right access to the right identities at the right time.
Directory services:
- Central database of users, computers, groups, printers, and resources.
- Windows example: Active Directory.
## Commands To Enter
Windows:
```powershell
whoami
```
What it does:
- Shows the current signed-in user.
```powershell
whoami /groups
```
What it does:
- Shows groups for the current user.
- Useful for checking whether the user has elevated group membership.
```powershell
whoami /priv
```
What it does:
- Shows privileges assigned to the current user.
```powershell
net user
```
What it does:
- Lists local user accounts.
```powershell
net localgroup
```
What it does:
- Lists local groups.
```powershell
net localgroup administrators
```
What it does:
- Shows members of the local Administrators group.
- Use this to check for excessive admin access.
Linux:
```bash
whoami
```
What it does:
- Shows current user.
```bash
id
```
What it does:
- Shows user ID, group ID, and group membership.
```bash
groups
```
What it does:
- Shows groups for the current user.
```bash
sudo -l
```
What it does:
- Shows what commands the current user can run with `sudo`, if allowed.
macOS, if available:
```bash
whoami
id
groups
```
What it does:
- Shows user and group identity information.
## Mini Lab
Goal:
- Identify authentication factors and local privilege level.
Windows:
1. Run `whoami`.
2. Run `whoami /groups`.
3. Run `whoami /priv`.
4. Run `net localgroup administrators`.
5. Record whether your user appears to have admin rights.
Linux:
1. Run `whoami`.
2. Run `id`.
3. Run `groups`.
4. Run `sudo -l`.
5. Record whether your user has sudo/admin rights.
Physical control walk-through:
1. Pick a building you know.
2. Identify one physical control, such as lock, camera, guard, badge reader, or lighting.
3. Identify what risk it reduces.
4. Identify what it does not protect against.
Scenario practice:
- A user needs admin access for 30 minutes to patch a server. Which control fits?
- A company wants to stop credit card numbers from being emailed. Which control fits?
- A company wants all phones to require PINs and allow remote wipe. Which control fits?
## Quick Check Before Quiz
You are ready for the SEC-1 quiz when you can answer these without looking:
- What does least privilege mean?
- What is the difference between SSO and MFA?
- What does DLP protect against?
- What does MDM manage?
- What is just-in-time access?
- Which physical control stops vehicles?

277
notes/SEC-10-soho-network-security.md Normal file
View file

@ -0,0 +1,277 @@
# SEC-10: SOHO Network Security
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.10 SOHO network security
## What You Need To Know
SOHO means Small Office/Home Office. On the exam, this usually means a small router or wireless access point that combines routing, switching, firewall, and Wi-Fi.
Your job is to harden the router so attackers cannot easily control it, join the wireless network, or open paths into the network.
Core protections:
- Change default admin credentials
- Update firmware
- Use WPA2/WPA3 encryption
- Disable UPnP unless required
- Disable remote management unless required
- Use guest networks carefully
- Place network equipment securely
- Use content/IP filtering when needed
## Memory Trick
Use **P-F-W-U-G**:
- **P**asswords: change defaults
- **F**irmware: keep updated
- **W**i-Fi: WPA2/WPA3, not open
- **U**PnP: usually disable
- **G**uest: disable or isolate and secure
Shortcut:
- **If it manages the network, protect the login first.**
## Default Passwords
Routers and access points often ship with known default usernames and passwords.
Why it matters:
- Admin access gives full control of the device.
- Defaults are easy to find online.
- Attackers can change DNS, Wi-Fi settings, firewall rules, and port forwarding.
Best practice:
- Change the admin password during setup.
- Use a strong unique password.
- Store it in a password manager if possible.
## Firmware Updates
Firmware is the router's built-in software.
Updates can include:
- Security patches
- Bug fixes
- Stability fixes
- New features
Exam clue:
- If a router has known vulnerabilities, update firmware from the manufacturer.
## Secure Management Access
Router management access should be limited.
Good settings:
- Strong admin password
- Multifactor authentication if available
- Local management only
- Disable Internet-facing remote administration unless required
- Limit management access by IP address if supported
Cloud management:
- Some routers use cloud accounts.
- Protect the cloud account with a strong password and MFA.
Exam clue:
- If a question says management is exposed to the Internet, disable remote management or restrict access.
## Wi-Fi Security
SSID:
- The wireless network name.
- Change obvious default names such as LINKSYS or NETGEAR.
- Do not use personal information in the SSID.
SSID broadcast:
- Hiding the SSID is not strong security.
- The SSID can still be discovered with wireless tools.
- Use real encryption instead.
Encryption:
- Open network: no password, weak security.
- WPA2-Personal or WPA3-Personal: common SOHO choice with a pre-shared key.
- WPA2/WPA3-Enterprise: uses individual user authentication with a server, usually in larger organizations.
Best SOHO choice:
- WPA3-Personal when supported.
- WPA2-Personal if WPA3 is not available.
- Strong Wi-Fi passphrase.
## UPnP
UPnP means Universal Plug and Play.
What it does:
- Lets internal apps/devices automatically open inbound ports on the router.
- Common with gaming, media, and peer-to-peer apps.
Risk:
- Apps may open ports without approval.
- This can expose internal services to the Internet.
Best practice:
- Disable UPnP unless a required app needs it.
## IP Filtering and Content Filtering
Allow list:
- Only approved traffic or destinations are allowed.
- More restrictive.
Deny list:
- Blocks known bad traffic, sites, domains, or IPs.
- More flexible but less strict.
Content filtering:
- Blocks traffic by URL, category, malware reputation, or content type.
- Used for parental controls, business policy, and malware protection.
Exam clue:
- If the goal is to block inappropriate websites, use content filtering.
- If the goal is to permit only known systems or destinations, use an allow list.
## Screened Subnet
A screened subnet is a separate network area for public-facing services.
Older term:
- DMZ
Purpose:
- Keeps public systems separated from the internal private network.
- Adds a layer between the Internet and internal devices.
SOHO example:
- A router may have a DMZ host option.
- Be careful: placing a device in a DMZ can expose it heavily.
## Guest Networks
Guest networks can be useful, but they must be controlled.
Best practice:
- Disable guest network if not needed.
- If enabled, use WPA2/WPA3.
- Isolate guests from internal devices.
- Use a separate password.
Common uses:
- Visitors
- IoT devices
- Lab or test devices
Exam clue:
- If visitors need Internet but should not access internal PCs, use an isolated guest network.
## Physical Placement
Network devices should be physically protected.
Reasons:
- A person with physical access may reset the router.
- A person may unplug cables or connect unauthorized devices.
- Wireless access points need good placement for coverage.
Best practice:
- Keep routers, switches, and access points in a secure location.
- Place wireless access points high and central when possible.
- Plan power and access for maintenance.
## Commands To Enter
These commands inspect your local network. They do not change router settings.
Windows PowerShell:
```powershell
ipconfig
```
What it does:
- Shows IP address information.
- Look for Default Gateway; that is usually your router.
```powershell
Get-NetConnectionProfile
```
What it does:
- Shows the current network profile.
- Public is more restrictive; Private is used for trusted local networks.
```powershell
netsh wlan show interfaces
```
What it does:
- Shows Wi-Fi connection details, including SSID and authentication type.
Linux:
```bash
ip route
```
What it does:
- Shows the default route.
- The `default via` address is usually your router.
```bash
nmcli dev wifi list
```
What it does:
- Lists nearby Wi-Fi networks if NetworkManager is installed.
- Shows SSIDs and security types.
```bash
nmcli connection show --active
```
What it does:
- Shows active network connections.
macOS:
```bash
route -n get default
```
What it does:
- Shows the default gateway router.
```bash
networksetup -getairportnetwork en0
```
What it does:
- Shows the connected Wi-Fi network on many Macs.
- Some Macs may use a different interface than `en0`.
```bash
system_profiler SPAirPortDataType
```
What it does:
- Shows detailed Wi-Fi information.
Do not log in to a router you do not own or administer. Do not change router settings in this section unless you understand the impact.
## Quick Checks
You should be able to answer:
- Why change default router passwords?
- Why keep firmware updated?
- Why is WPA2/WPA3 better than an open network?
- Why is hiding the SSID not strong security?
- Why is UPnP risky?
- When should you use a guest network?
- What is the purpose of a screened subnet?

314
notes/SEC-11-browser-security.md Normal file
View file

@ -0,0 +1,314 @@
# SEC-11: Browser Security
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.11 Browser security
## What You Need To Know
Browsers are a major security target because users access email, banking, cloud apps, password resets, downloads, and work systems through them.
The exam wants you to know how to secure:
- Browser installation sources
- Updates and patches
- Extensions and plug-ins
- Password storage
- Certificates and secure connections
- Pop-ups, ads, cache, cookies, and private browsing
- Browser sync and proxy settings
## Memory Trick
Use **D-U-E-C-P**:
- **D**ownload from trusted sources
- **U**pdate the browser
- **E**xtensions only from trusted stores
- **C**ertificates must be valid
- **P**rivacy data can be cleared
Shortcut:
- **Browser trust starts before install and continues with updates.**
## Trusted Browser Downloads
Safe browser installation:
- Go directly to the vendor website or official app store.
- Avoid links in email.
- Avoid random third-party download sites.
- Verify downloads with hashes or signatures when provided.
Hash verification:
- A hash is a fingerprint of a file.
- If the downloaded file hash matches the posted hash, the file likely did not change.
- If it does not match, do not install it.
Exam clue:
- If a user needs to install a browser safely, choose trusted source and hash/signature verification.
## Browser Updates
Browsers need frequent updates because browser vulnerabilities are heavily targeted.
Updates may come from:
- The browser itself
- The operating system update process
- An enterprise software management tool
Best practice:
- Keep automatic updates enabled when possible.
- Restart the browser after updates if required.
Exam clue:
- If the browser has security vulnerabilities or degraded behavior from an old version, update it.
## Extensions and Plug-ins
Extensions add browser features, but they can also steal data.
Trusted sources:
- Official browser extension stores
- Microsoft Store
- Chrome Web Store
- Known vendor websites
Untrusted sources:
- Random websites
- Email links
- Pop-up prompts
- Extensions installed by malware
Possible malicious extension behavior:
- Credential theft
- Screenshot capture
- Keylogging
- Redirecting searches
- Data exfiltration
Best practice:
- Install only necessary extensions.
- Remove unused extensions.
- Review permissions before installing.
## Password Managers
Password managers store credentials in an encrypted vault.
Benefits:
- Unique passwords for each site
- Strong generated passwords
- Easier password hygiene
- Sync across devices when configured
Risk:
- The vault must be protected with a strong master password.
- Browser-saved passwords may be less controlled than enterprise password managers.
Exam clue:
- If the issue is password reuse across many websites, use a password manager.
## Secure Connections and Certificates
HTTPS uses certificates to prove the site identity and protect traffic.
Browser certificate warnings may mean:
- Certificate is expired
- Certificate is for the wrong domain
- Certificate is signed by an untrusted authority
- System date/time is wrong
- A captive portal or inspection device is interfering
Best practice:
- Do not ignore certificate warnings on sensitive sites.
- Check certificate details.
- Check the system date and time.
Exam clue:
- If a browser shows invalid certificate warnings, investigate before entering credentials.
## Pop-Up Blockers and Notifications
Pop-up blockers stop unwanted browser windows or prompts.
Best practice:
- Keep pop-up blocking enabled.
- Allow pop-ups only for trusted sites that require them.
- Disable only temporarily for troubleshooting.
Browser notifications:
- Websites may request permission to send notifications.
- Malicious or low-quality sites can abuse notification prompts.
- Disable unwanted site notifications.
## Clearing Private Data
Browser data can include:
- History
- Cookies
- Cache
- Download list
- Saved form data
- Saved passwords
Cache:
- Stores parts of websites locally.
- Can speed up browsing.
- Can cause stale-page or troubleshooting issues.
Cookies:
- Store session and site data.
- Can keep users signed in.
- Can also be used for tracking.
Best practice:
- Clear cache/cookies when troubleshooting site problems.
- Be careful before clearing saved passwords.
## Private Browsing Mode
Private browsing does not save normal local session history after the window closes.
It can remove:
- Browsing history for that session
- Download history list
- Temporary cache/cookies for that private session
It does not make you invisible to:
- Websites
- Employer/school networks
- Internet provider
- Network logging tools
Exam clue:
- Private browsing is local privacy, not full anonymity.
## Browser Data Synchronization
Browser sync can share data across devices.
Synced items may include:
- Bookmarks
- History
- Extensions
- Passwords
- Settings
Risk:
- A compromised browser account can expose synced data.
- Unwanted extensions may appear on multiple devices.
Best practice:
- Protect sync accounts with MFA.
- Disable sync for sensitive categories if policy requires it.
## Ad Blockers and Proxies
Ad blockers:
- Can reduce ads and some malicious ad risks.
- May break some websites.
- Should come from trusted extension stores.
Proxy:
- Sits between the browser and the destination site.
- Can cache content.
- Can enforce access control.
- Can filter traffic.
- Can be configured manually or by policy.
Exam clue:
- If browsing must be filtered or logged centrally, think proxy or content filtering.
## Commands To Enter
Windows PowerShell:
```powershell
Get-FileHash "$env:USERPROFILE\Downloads\example.exe"
```
What it does:
- Calculates a hash for a downloaded file.
- Replace `example.exe` with a real file name only when you intentionally want to check it.
```powershell
start ms-settings:dateandtime
```
What it does:
- Opens Windows date and time settings.
- Wrong date/time can cause certificate warnings.
```powershell
start chrome://settings/privacy
```
What it does:
- Opens Chrome privacy settings if Chrome is installed.
Linux:
```bash
sha256sum ~/Downloads/example-file
```
What it does:
- Calculates a SHA-256 hash for a downloaded file.
- Replace `example-file` with a real file name only when checking a download.
```bash
date
```
What it does:
- Shows the system date and time.
- Incorrect date/time can cause certificate warnings.
```bash
xdg-open chrome://settings/privacy
```
What it does:
- Attempts to open Chrome privacy settings.
- Works only if a compatible browser handles the URL.
macOS:
```bash
shasum -a 256 ~/Downloads/example-file
```
What it does:
- Calculates a SHA-256 hash for a downloaded file.
```bash
date
```
What it does:
- Shows the system date and time.
```bash
open -b com.apple.Safari
```
What it does:
- Opens Safari.
- Use Safari Settings to inspect privacy, extensions, passwords, and website permissions.
Do not clear saved passwords, remove profiles, or reset browser settings during this section unless you intentionally want those changes.
## Quick Checks
You should be able to answer:
- Why download browsers from trusted sources?
- What does a file hash prove?
- Why do browser updates matter?
- Why are extensions risky?
- What does a certificate warning mean?
- What does private browsing protect, and what does it not protect?
- Why protect browser sync with MFA?

321
notes/SEC-2-windows-security-settings.md Normal file
View file

@ -0,0 +1,321 @@
# SEC-2: Windows Security Settings
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.2 Windows security settings
## What You Need To Know
Windows security questions often ask where to configure or verify a protection.
Core areas:
- Microsoft Defender Antivirus
- Windows Defender Firewall
- Windows Security app
- Local, Microsoft, and domain accounts
- Users and groups
- Login options and Windows Hello
- UAC and Run as administrator
- NTFS vs. share permissions
- BitLocker and BitLocker To Go
- EFS
- Active Directory basics
- Group Policy basics
## Memory Trick
Use **A-F-U-P-E-D-G**:
- **A**ntivirus: Defender
- **F**irewall: network profiles and exceptions
- **U**sers: local/Microsoft/domain accounts
- **P**ermissions: NTFS/share
- **E**ncryption: BitLocker/EFS
- **D**irectory: Active Directory
- **G**roup Policy: centralized settings
Encryption shortcut:
- **BitLocker = whole volume**
- **BitLocker To Go = removable drive**
- **EFS = individual files/folders on NTFS**
## Defender Antivirus
Microsoft Defender Antivirus:
- Built into Windows.
- Managed from Windows Security > Virus & threat protection.
- Uses real-time protection.
- Needs updated definitions/signatures.
Exam clue:
- If the task is scan/update/check Windows antivirus, go to Windows Security or Defender.
## Windows Defender Firewall
Windows Defender Firewall:
- Should normally remain enabled.
- Has separate profiles such as Public and Private.
- Can allow an app, allow/block a port, use predefined rules, or create custom rules.
Exam clue:
- If an app cannot receive network traffic, check firewall exception/rule.
- Public profile should be stricter than Private.
## Windows Accounts
Local account:
- Exists only on one Windows computer.
Microsoft account:
- Cloud-linked personal/work account.
- Can sync settings and integrate with Microsoft services.
Domain account:
- Centrally managed by Active Directory.
- Used in business environments.
User types/groups:
- Administrator: elevated control.
- Standard user: normal daily use.
- Guest: limited access.
- Groups simplify permissions.
## Login Options
Common options:
- Password
- PIN
- Fingerprint
- Facial recognition
- Security key
- Windows Hello
- Domain/SSO login
Passwordless authentication:
- Uses methods such as biometrics, PIN, or security key instead of a traditional password.
## UAC and Run As Administrator
UAC:
- User Account Control.
- Limits automatic administrative access.
- Prompts before elevated actions.
Run as administrator:
- Starts an app with elevated permissions.
- Needed for tasks like installing services, changing system files, or editing protected settings.
Memory trick:
- **Admin account is not always elevated. UAC asks before elevation.**
## NTFS vs. Share Permissions
NTFS permissions:
- Apply locally and over the network.
- Stored on NTFS volumes.
Share permissions:
- Apply only when accessing through a network share.
Rule:
- The most restrictive effective permission wins.
- Deny usually overrides allow.
Inheritance:
- Permissions can flow from parent folder to child files/folders.
Explicit permissions:
- Set directly on the object.
## BitLocker vs. EFS
BitLocker:
- Encrypts an entire volume.
- Protects data if a device or drive is stolen.
BitLocker To Go:
- Encrypts removable drives such as USB flash drives.
EFS:
- Encrypting File System.
- Encrypts individual files/folders on NTFS.
- Tied to user credentials/certificates.
- Password reset problems can make EFS files inaccessible if recovery is not planned.
## Active Directory and Group Policy
Active Directory:
- Central database of users, computers, groups, printers, shares, and other objects.
- Domain controllers store/manage the domain database.
Domain:
- Group of managed users, computers, and resources.
OU:
- Organizational Unit.
- Container used to organize AD objects and apply policies.
Group Policy:
- Centralized settings for users/computers.
- Can configure security settings, login scripts, folder redirection, and more.
Security groups:
- Assign permissions to a group, then add users to the group.
Folder redirection:
- Redirects folders such as Desktop/Documents to a network location.
## Commands To Enter
Windows:
```powershell
windowsdefender:
```
What it does:
- Opens Windows Security.
```powershell
firewall.cpl
```
What it does:
- Opens Windows Defender Firewall.
```powershell
wf.msc
```
What it does:
- Opens Windows Defender Firewall with Advanced Security.
```powershell
whoami
```
What it does:
- Shows current user.
```powershell
whoami /groups
```
What it does:
- Shows group membership for the current user.
```powershell
net user
```
What it does:
- Lists local users.
```powershell
net localgroup administrators
```
What it does:
- Lists local Administrators group members.
```powershell
gpupdate /force
```
What it does:
- Forces Group Policy refresh.
- Most useful on domain-joined systems.
```powershell
gpresult /r
```
What it does:
- Shows applied Group Policy summary.
```powershell
manage-bde -status
```
What it does:
- Shows BitLocker status.
```powershell
cipher /?
```
What it does:
- Shows help for the `cipher` command used with EFS and encryption-related tasks.
Linux comparison:
```bash
whoami
id
groups
```
What it does:
- Shows current user and group identity.
macOS comparison, if available:
```bash
fdesetup status
```
What it does:
- Shows FileVault disk encryption status on macOS.
## Mini Lab
Goal:
- Identify Windows security status and account privilege context.
Windows:
1. Run `windowsdefender:`.
2. Open Virus & threat protection and find protection update status.
3. Run `firewall.cpl`.
4. Identify active firewall profiles.
5. Run `wf.msc`.
6. Locate inbound and outbound rules.
7. Run `whoami`.
8. Run `whoami /groups`.
9. Run `net localgroup administrators`.
10. Run `manage-bde -status`.
11. Run `gpresult /r`.
Record:
- Defender protection status:
- Defender update status:
- Firewall profile active:
- Current user:
- Admin group membership:
- BitLocker status:
- Group Policy result available:
Permissions scenario:
1. Create a test folder.
2. Right-click > Properties > Security.
3. View permissions only.
4. Do not remove permissions.
Record:
- One user/group listed:
- One permission listed:
- Whether permissions are inherited:
## Quick Check Before Quiz
You are ready for the SEC-2 quiz when you can answer these without looking:
- What is the difference between NTFS and share permissions?
- Which encryption protects an entire Windows volume?
- Which encryption protects individual NTFS files/folders?
- What does UAC do?
- What does `gpupdate /force` do?
- Where do you check Defender status?

251
notes/SEC-3-wireless-security.md Normal file
View file

@ -0,0 +1,251 @@
# SEC-3: Wireless Security and Authentication Methods
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.3 Wireless security
## What You Need To Know
Wireless security questions usually ask which encryption/authentication method is safest or most appropriate.
Core ideas:
- WEP is obsolete and should not be used.
- WPA was a temporary improvement over WEP.
- WPA2 with AES is still common and acceptable.
- WPA3 is newer and stronger.
- Personal/PSK uses one shared password.
- Enterprise/802.1X authenticates users individually, usually with RADIUS.
## Memory Trick
Use **3 beats 2, AES beats TKIP, Enterprise beats shared password**.
Order to remember:
- **WEP = Weak**
- **WPA = temporary**
- **WPA2-AES = solid**
- **WPA3 = strongest common choice**
Mode shortcut:
- **Personal = shared pre-shared key**
- **Enterprise = individual user authentication**
## Wireless Encryption
WEP:
- Wired Equivalent Privacy.
- Broken/obsolete.
- Do not choose it unless the question asks what should be replaced.
WPA:
- Wi-Fi Protected Access.
- Temporary replacement for WEP.
- Uses TKIP.
TKIP:
- Older encryption method used with WPA.
- Avoid when better options exist.
WPA2:
- Stronger replacement for WPA.
- Uses AES.
AES:
- Advanced Encryption Standard.
- Stronger than TKIP.
WPA3:
- Newer than WPA2.
- Improves encryption and key exchange.
- Best default answer when supported.
## Wireless Modes
Open:
- No password.
- Avoid for private/business networks.
WPA2/WPA3-Personal:
- Uses a pre-shared key.
- Good for home/SOHO networks.
- Everyone uses the same Wi-Fi password.
WPA2/WPA3-Enterprise:
- Uses 802.1X.
- Authenticates users individually.
- Usually uses RADIUS.
- Best for business networks when supported.
## Authentication Methods
RADIUS:
- Remote Authentication Dial-in User Service.
- Centralized AAA service.
- Common for VPN, wireless 802.1X, network devices, and server authentication.
TACACS+:
- Authentication protocol common with Cisco/network device administration.
- Exam clue: network device admin authentication, especially Cisco.
Kerberos:
- Ticket-based network authentication.
- Common in Microsoft/Active Directory environments.
- Supports SSO-style access in Windows domains.
MFA:
- Multi-factor authentication.
- Uses more than one factor type:
- Something you know
- Something you have
- Something you are
- Somewhere you are
- Something you do
## Scenario Shortcuts
Home Wi-Fi:
- WPA3-Personal if supported.
- WPA2-AES if WPA3 is not available.
Business Wi-Fi:
- WPA3-Enterprise or WPA2-Enterprise with 802.1X/RADIUS.
Legacy weak network:
- Replace WEP/WPA/TKIP.
VPN authentication server:
- RADIUS is a common answer.
Cisco/network device admin authentication:
- TACACS+ is a common answer.
Microsoft domain authentication:
- Kerberos is a common answer.
## Commands To Enter
Windows:
```powershell
netsh wlan show interfaces
```
What it does:
- Shows current Wi-Fi interface, SSID, authentication, and cipher details.
- Works only if Wi-Fi is present and connected.
```powershell
netsh wlan show profiles
```
What it does:
- Lists saved Wi-Fi profiles.
```powershell
ipconfig /all
```
What it does:
- Shows network adapter details, including DHCP and DNS information.
```powershell
ncpa.cpl
```
What it does:
- Opens Network Connections.
Linux:
```bash
nmcli device status
```
What it does:
- Shows network devices and connection state when NetworkManager is installed.
```bash
nmcli connection show
```
What it does:
- Shows configured network connections when NetworkManager is installed.
```bash
iw dev
```
What it does:
- Shows wireless interface information if wireless tools are installed.
```bash
ip addr
```
What it does:
- Shows network interfaces and IP addresses.
macOS, if available:
```bash
networksetup -listallhardwareports
```
What it does:
- Lists network hardware ports, including Wi-Fi.
```bash
airport -I
```
What it does:
- Shows current Wi-Fi details on many macOS systems.
- On some macOS versions, the `airport` command path may require lookup or may be deprecated.
## Mini Lab
Goal:
- Identify current wireless mode/security without changing router settings.
Windows:
1. Connect to a known Wi-Fi network.
2. Run `netsh wlan show interfaces`.
3. Run `netsh wlan show profiles`.
4. Run `ipconfig /all`.
5. Record:
- SSID:
- Authentication:
- Cipher:
- DHCP enabled:
- DNS server:
Linux:
1. Run `nmcli device status`.
2. Run `nmcli connection show`.
3. Run `ip addr`.
4. Optional: run `iw dev`.
5. Record:
- Wireless interface name:
- Active connection:
- IP address:
Router review, if you own/admin the network:
1. Look at Wi-Fi security mode.
2. Confirm WEP/TKIP are not used.
3. Prefer WPA3 or WPA2-AES.
4. Do not change settings unless you understand the impact.
## Quick Check Before Quiz
You are ready for the SEC-3 quiz when you can answer these without looking:
- Which wireless security should be avoided?
- Which is stronger: TKIP or AES?
- Which mode uses one shared password?
- Which mode uses 802.1X/RADIUS?
- Which authentication protocol is common in Microsoft domains?
- Which authentication protocol is common for VPN/wireless AAA?

275
notes/SEC-4-malware-security-tools.md Normal file
View file

@ -0,0 +1,275 @@
# SEC-4: Malware and Security Tools
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.4 Malware and security tools
## What You Need To Know
Malware questions usually ask you to identify the type of malware or choose the right security tool.
Do not memorize only definitions. Tie each malware type to its behavior.
## Memory Trick
Use **RATS-VCK-BFP**:
- **R**ansomware: ransom after encryption
- **A**dware/PUP: ads or unwanted extras
- **T**rojan: tricks you by pretending to be useful
- **S**pyware/stalkerware: surveillance
- **V**irus: needs execution and can replicate
- **C**ryptominer: steals CPU/GPU cycles
- **K**eylogger: captures keystrokes
- **B**oot sector virus: starts before/with OS boot
- **F**ileless malware: lives in memory
- **P**ersistent/rootkit: hides deep in the system
## Malware Types
Trojan:
- Pretends to be legitimate software.
- Does not need to self-replicate.
- Often opens the door for other malware.
Rootkit:
- Hides deep in the OS, kernel, drivers, or boot process.
- May not appear in normal tools like Task Manager.
- Often requires special tools or reinstall/reimage.
Virus:
- Replicates by infecting files or systems.
- Usually needs a program to run.
Spyware:
- Watches user activity.
- May track browsing, personal data, or behavior.
Ransomware:
- Encrypts or locks user data and demands payment.
- Strong backup strategy is critical.
Keylogger:
- Captures keystrokes.
- Can steal passwords even when websites use encryption.
Cryptominer:
- Uses CPU/GPU resources to mine cryptocurrency.
- Clue: unexplained high CPU/GPU use, heat, fan noise.
Boot sector virus:
- Infects boot code.
- Starts before or during OS boot.
- Secure Boot helps reduce this risk.
Fileless malware:
- Runs from memory or trusted scripting tools.
- Avoids writing a normal malware file to disk.
Stalkerware:
- Surveillance software, often on mobile devices.
- Tracks location, messages, microphone, camera, screenshots, or activity.
PUP:
- Potentially Unwanted Program.
- Often bundled with other installs.
- May include adware, toolbars, or browser hijackers.
## Security Tools
Windows Recovery Environment:
- Used when Windows will not start normally or malware blocks normal repair.
- Powerful and risky.
- Last-resort style tool for boot repair, command prompt, service/device startup changes, or file replacement.
Antivirus/anti-malware:
- Detects, blocks, quarantines, and removes malware.
- Should use real-time protection and updated definitions.
EDR:
- Endpoint Detection and Response.
- Detects behavior, investigates endpoint threats, and can isolate/quarantine/respond.
MDR:
- Managed Detection and Response.
- Third-party managed service that monitors and responds to EDR/security events.
XDR:
- Extended Detection and Response.
- Correlates endpoint, network, cloud, and other security data.
Email security gateway:
- Filters inbound/outbound email.
- Blocks phishing, malware, spam, and suspicious attachments before reaching users.
Software firewall:
- Monitors and controls local network communication.
- Can stop malware from calling out.
Anti-phishing training:
- Teaches users to identify phishing and social engineering.
- Important because technology alone cannot stop every attack.
End-user education:
- Broader security awareness: links, downloads, reporting, password hygiene, safe behavior.
OS reinstallation/reimage:
- Most reliable way to remove severe or persistent malware.
- Must ensure backups/images are clean.
## Tool Matching Shortcut
- Email threat before user sees it: **email security gateway**
- Suspicious endpoint behavior: **EDR**
- Outsourced endpoint monitoring: **MDR**
- Endpoint plus network/cloud correlation: **XDR**
- Local app calling out unexpectedly: **software firewall**
- Persistent/rootkit/severe infection: **reimage/reinstall**
- User keeps clicking bad links: **anti-phishing training**
- Windows will not boot or malware blocks repair: **Windows RE**
## Commands To Enter
Windows inspection commands:
```powershell
windowsdefender:
```
What it does:
- Opens Windows Security.
- Use it to check Virus & threat protection.
```powershell
taskmgr
```
What it does:
- Opens Task Manager.
- Use it to look for high CPU, memory, disk, or suspicious processes.
```powershell
resmon
```
What it does:
- Opens Resource Monitor.
- Gives more detailed live CPU, memory, disk, and network activity.
```powershell
eventvwr.msc
```
What it does:
- Opens Event Viewer.
- Use it to inspect logs for crashes, service issues, and security-related events.
```powershell
netstat -ano
```
What it does:
- Shows active connections/listening ports and process IDs.
- Useful for spotting unexpected network connections.
```powershell
Get-Process | Sort-Object CPU -Descending | Select-Object -First 10
```
What it does:
- Lists the top processes by CPU use in PowerShell.
Linux inspection commands:
```bash
top
```
What it does:
- Shows live process/resource usage.
```bash
ps aux
```
What it does:
- Lists running processes.
```bash
ss -tulpn
```
What it does:
- Shows listening network sockets and associated processes when permissions allow.
```bash
journalctl -p err
```
What it does:
- Shows systemd journal errors.
macOS, if available:
```bash
top
ps aux
```
What it does:
- Shows running processes and resource usage.
## Mini Lab
Goal:
- Practice safe inspection and tool selection.
Windows:
1. Open Windows Security with `windowsdefender:`.
2. Check whether Virus & threat protection is enabled.
3. Open Task Manager with `taskmgr`.
4. Sort by CPU and memory.
5. Open Resource Monitor with `resmon`.
6. Run `netstat -ano`.
7. Record:
- Antivirus status:
- Highest CPU process:
- Any listening ports:
- One unexpected thing you would investigate further:
Linux:
1. Run `top`, then press `q`.
2. Run `ps aux`.
3. Run `ss -tulpn`.
4. Run `journalctl -p err`.
5. Record:
- Highest CPU process:
- One listening service:
- One error log theme:
Tabletop scenarios:
- Files are encrypted and a payment note appears.
- Browser homepage changes and toolbars appear after installing free software.
- CPU is high even when no apps are open.
- A system keeps reinfecting after cleanup.
- Users are receiving malicious attachments by email.
For each scenario, identify:
- Malware type or likely issue
- Best tool or response
- What evidence you would collect
## Quick Check Before Quiz
You are ready for the SEC-4 quiz when you can answer these without looking:
- What malware encrypts user files for payment?
- What malware captures keystrokes?
- What malware hides deep in the OS?
- What tool filters malicious email?
- What is the difference between EDR, MDR, and XDR?
- When is reimage/reinstall the right answer?

306
notes/SEC-5-social-engineering-attacks.md Normal file
View file

@ -0,0 +1,306 @@
# SEC-5: Social Engineering and Attacks
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.5 Social engineering and attacks
## What You Need To Know
This objective is scenario-heavy. The exam describes an attack and expects you to identify the type or best prevention.
Think in categories:
- Human manipulation
- Availability attacks
- Spoofing/on-path attacks
- Password attacks
- Web app attacks
- Insider/supply chain risks
- Vulnerable systems
## Memory Trick
Use **PHISH-DOS-PASS-WEB-SUPPLY**:
- **PHISH**: phishing, vishing, smishing, QR phishing, spear phishing, whaling
- **DOS**: DoS and DDoS
- **PASS**: brute force, dictionary, plaintext passwords
- **WEB**: SQL injection and XSS
- **SUPPLY**: service provider, hardware, software supply chain
Physical/social trick:
- **Tailgating = no consent**
- **Piggybacking = with consent**
## Phishing Variants
Phishing:
- Fraud messages that trick users into clicking, logging in, paying, or sharing data.
- Often uses spoofed email, fake sites, urgency, or suspicious links.
Vishing:
- Voice phishing by phone or voicemail.
Smishing:
- SMS/text phishing.
QR code phishing:
- Malicious QR code points to a fake or harmful site.
Spear phishing:
- Targeted phishing aimed at a specific person or group.
Whaling:
- Spear phishing aimed at executives or high-value targets.
Business Email Compromise (BEC):
- Attacker uses email trust to request money, gift cards, payroll changes, or wire transfers.
- Prevention: verify requests through a separate trusted channel.
## Physical/Social Attacks
Shoulder surfing:
- Watching someone enter or view sensitive information.
- Prevention: privacy screens, awareness, monitor placement.
Tailgating:
- Unauthorized person follows through a secure door without consent.
Piggybacking:
- Authorized person knowingly lets someone follow them in.
Impersonation:
- Pretending to be someone trusted, such as help desk, vendor, executive, or employee.
Dumpster diving:
- Searching trash for information useful in later attacks.
- Prevention: shredding, secure disposal, clean desk policy.
## Availability Attacks
DoS:
- Denial of Service.
- One system/attack source makes a service unavailable.
DDoS:
- Distributed Denial of Service.
- Many systems, often botnets, attack at once.
Prevention/mitigation:
- ISP filtering
- Cloud DDoS protection
- Firewall/rate-limit patterns
- Redundancy
## Spoofing and On-Path Attacks
On-path attack:
- Attacker intercepts/redirects traffic between victim and destination.
- Formerly called man-in-the-middle.
ARP poisoning:
- Local network attack that tricks devices about MAC-to-IP mappings.
Evil twin:
- Fake Wi-Fi access point that looks legitimate.
- Prevention: VPN, HTTPS, avoid unknown Wi-Fi, verify SSID, use enterprise authentication.
On-path browser attack:
- Malware in the browser proxies or manipulates traffic from the victim's own machine.
## Zero-Day Attacks
Zero-day:
- Exploit for a vulnerability not yet known or patched by the vendor.
Exam clue:
- No patch exists yet, or the vulnerability was unknown before exploitation.
Mitigation:
- Defense in depth, least privilege, behavior detection, segmentation, rapid patching when fixes arrive.
## Password Attacks
Plaintext password storage:
- Passwords stored unencrypted.
- Bad design.
Hashing:
- One-way representation of a password.
- Used for password storage.
Brute force:
- Try every possible password combination.
Dictionary attack:
- Try likely words/password lists and substitutions.
Mitigation:
- Long passwords
- MFA
- Account lockout/rate limiting
- Strong hashing
- Password managers
## Web App Attacks
SQL injection:
- Attacker modifies database queries through unsafe input.
- Example effect: view, change, or delete database data.
- Prevention: input validation, parameterized queries, secure coding.
XSS:
- Cross-site scripting.
- Attacker injects scripts into trusted web pages or links.
- Can steal cookies/session tokens or act as the user.
- Prevention: input validation/output encoding, secure coding, browser updates.
Memory trick:
- **SQL injection attacks the database.**
- **XSS attacks the user's browser trust.**
## Insider and Supply Chain
Insider threat:
- Employee, contractor, or trusted person misuses access.
- May be malicious or careless.
Supply chain attack:
- Attacker compromises a vendor, provider, update, hardware, or software source.
- Trusted relationship becomes the attack path.
Service provider risk:
- Third-party providers may have access to internal systems.
Mitigation:
- Vendor audits
- Least privilege
- Contract security requirements
- Monitor provider access
- Verify software signatures
## Vulnerable Systems
Non-compliant systems:
- Do not meet organization standards.
Unpatched systems:
- Missing security updates.
Unprotected systems:
- Security controls disabled or absent.
EOL/EOSL:
- End of life/end of service life.
- No normal security patches or support.
BYOD:
- Bring Your Own Device.
- User-owned device accessing company data.
- Needs policy, MDM, data separation, and security requirements.
## Commands To Enter
Windows:
```powershell
arp -a
```
What it does:
- Shows ARP cache entries.
- Useful conceptually for ARP poisoning discussions.
```powershell
netstat -ano
```
What it does:
- Shows active network connections and listening ports.
```powershell
ipconfig /all
```
What it does:
- Shows IP, DNS, gateway, and adapter information.
```powershell
whoami /groups
```
What it does:
- Shows group membership and helps discuss insider/privilege risk.
Linux:
```bash
ip neigh
```
What it does:
- Shows neighbor/ARP table entries.
```bash
ss -tulpn
```
What it does:
- Shows listening sockets and processes when allowed.
```bash
ip route
```
What it does:
- Shows routes, including default gateway.
## Mini Lab
Goal:
- Practice identifying attack types safely.
Windows:
1. Run `arp -a`.
2. Run `netstat -ano`.
3. Run `ipconfig /all`.
4. Record:
- Default gateway:
- One ARP entry:
- One active/listening connection:
Linux:
1. Run `ip neigh`.
2. Run `ss -tulpn`.
3. Run `ip route`.
4. Record:
- Default gateway:
- One neighbor entry:
- One listening service:
Scenario practice:
1. A CFO gets an email asking for a wire transfer.
2. A user scans a QR code on a parking meter and lands on a fake payment site.
3. A fake Wi-Fi network copies the hotel SSID.
4. An attacker tries every possible password.
5. A vendor software update is compromised.
6. A website search box runs attacker-supplied JavaScript.
7. A database query is manipulated through form input.
For each:
- Name the attack.
- Name one prevention or mitigation.
## Quick Check Before Quiz
You are ready for the SEC-5 quiz when you can answer these without looking:
- What is the difference between phishing, vishing, smishing, spear phishing, and whaling?
- What is the difference between tailgating and piggybacking?
- What does an evil twin imitate?
- What is the difference between SQL injection and XSS?
- What is a supply chain attack?
- What is the difference between DoS and DDoS?

247
notes/SEC-6-malware-removal-process.md Normal file
View file

@ -0,0 +1,247 @@
# SEC-6: Malware Removal Process
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.6 Malware removal process
## What You Need To Know
The exam expects the malware removal process in order. Do not just know the steps individually; know what comes next.
Important idea:
- Full wipe/reimage from known-good media is the cleanest answer for severe malware.
- Remediation is sometimes done to recover data or restore enough function to continue business.
## Memory Trick
Use **I-Q-D-R-U-S-R-S-E-E**:
1. **I**nvestigate and verify symptoms
2. **Q**uarantine infected systems
3. **D**isable System Restore/System Protection
4. **R**emediate infected systems
5. **U**pdate anti-virus/anti-malware
6. **S**can and remove
7. **R**eimage/reinstall if needed
8. **S**chedule scans and run updates
9. **E**nable System Protection and create restore point
10. **E**ducate the end user
Short phrase:
- **Investigate, Quarantine, Disable, Remediate, Update, Scan, Reimage, Schedule, Enable, Educate.**
## Step 1: Investigate and Verify Symptoms
Look for:
- Odd error messages
- Fake security alerts
- Application failures
- Slow boot
- Slow applications
- Browser redirects
- Files encrypted/renamed/missing
- Unknown processes
Goal:
- Confirm there is a real problem before changing anything.
## Step 2: Quarantine Infected Systems
Actions:
- Disconnect from network.
- Disable Wi-Fi/Bluetooth if needed.
- Isolate removable media.
- Prevent file transfer from the infected system.
Goal:
- Stop spread.
## Step 3: Disable System Restore/System Protection
Why:
- Malware can hide in restore points.
- Restoring later could bring the infection back.
Exam clue:
- Disable before remediation, re-enable after cleanup.
## Step 4: Remediate Infected Systems
Actions:
- Remove/quarantine malicious files.
- Remove malicious startup entries.
- Remove suspicious apps/extensions.
- Repair changed settings.
Goal:
- Remove the infection or reduce damage.
## Step 5: Update Anti-Virus/Anti-Malware
Actions:
- Update signatures/definitions.
- Update scanning engine.
- If malware blocks updates, use a trusted clean system or offline media.
Goal:
- Make sure tools recognize current threats.
## Step 6: Scan and Remove
Techniques:
- Normal scan
- Safe Mode scan
- Offline/preinstallation environment scan
- Bootable rescue media
Goal:
- Detect and remove malware using updated tools.
## Step 7: Reimage/Reinstall If Needed
When:
- Rootkit/persistent infection.
- Cleanup fails.
- System integrity is not trusted.
- Time-sensitive business recovery needs a known-good image.
Goal:
- Return to a clean known-good state.
## Step 8: Schedule Scans and Run Updates
Actions:
- Enable scheduled scans.
- Enable automatic definition updates.
- Run OS updates.
- Run application updates.
Goal:
- Reduce reinfection risk.
## Step 9: Enable System Protection
Actions:
- Re-enable System Protection/System Restore.
- Create a clean restore point.
Goal:
- Restore recovery capability after the system is clean.
## Step 10: Educate The End User
Topics:
- Avoid suspicious links.
- Avoid unknown downloads.
- Report symptoms early.
- Validate pop-ups and security alerts.
- Use approved software sources.
Goal:
- Reduce repeat infection.
## Commands To Enter
Windows inspection commands:
```powershell
windowsdefender:
```
What it does:
- Opens Windows Security.
```powershell
taskmgr
```
What it does:
- Opens Task Manager for process/resource review.
```powershell
resmon
```
What it does:
- Opens Resource Monitor for detailed activity.
```powershell
rstrui.exe
```
What it does:
- Opens System Restore.
- For this lab, view only. Do not restore.
```powershell
SystemPropertiesProtection
```
What it does:
- Opens System Protection settings.
- For this lab, view only. Do not disable protection unless working a real guided incident.
```powershell
shutdown /r /o /t 0
```
What it does:
- Restarts into Advanced Startup options.
- This is how you can reach recovery tools.
- Do not run unless you are ready to reboot.
Linux/macOS comparison:
```bash
top
ps aux
```
What it does:
- Shows running processes and resource usage.
## Mini Lab
Goal:
- Practice the process order and safe inspection.
Windows:
1. Open Windows Security with `windowsdefender:`.
2. Open Task Manager with `taskmgr`.
3. Open Resource Monitor with `resmon`.
4. Open System Protection with `SystemPropertiesProtection`.
5. Do not disable System Protection during practice.
6. Record:
- Defender status:
- Highest CPU process:
- System Protection state:
- Where Advanced Startup is located:
Tabletop:
For each scenario, write the next step:
1. User reports fake antivirus pop-ups and slow performance.
2. You confirm malware symptoms.
3. The system is disconnected from the network.
4. System Restore is disabled.
5. Malicious files are removed.
6. Anti-malware signatures are updated.
7. Scan fails to remove a suspected rootkit.
8. Clean image is restored.
9. Updates and scheduled scans are configured.
10. Clean restore point is created.
## Quick Check Before Quiz
You are ready for the SEC-6 quiz when you can answer these without looking:
- What is step 1?
- What comes after verifying symptoms?
- When do you disable System Restore?
- When do you re-enable System Protection?
- Why educate the user?
- When should you reimage/reinstall?

307
notes/SEC-7-workstation-hardening.md Normal file
View file

@ -0,0 +1,307 @@
# SEC-7: Workstation Hardening
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.7 Workstation hardening
## What You Need To Know
Hardening means reducing the attack surface. On the exam, choose the setting that makes the workstation harder to misuse, steal from, or compromise.
Core hardening areas:
- Data encryption
- Password policy
- Password managers
- Account management
- Screen lock and failed login controls
- Default account/password changes
- BIOS/UEFI passwords
- AutoRun/AutoPlay
- Unused services
- Physical device security
## Memory Trick
Use **E-P-A-L-D-S**:
- **E**ncrypt data
- **P**asswords strong and managed
- **A**ccounts limited
- **L**ock screen/login controls
- **D**isable defaults and AutoPlay
- **S**ervices reduced
Attack surface shortcut:
- **If you do not need it, disable it.**
## Data Encryption
Full-disk encryption:
- Encrypts the whole drive/volume.
- Windows example: BitLocker.
- macOS example: FileVault.
File-system encryption:
- Encrypts individual files/folders.
- Windows example: EFS on NTFS.
Removable media encryption:
- Protects USB drives.
- Windows example: BitLocker To Go.
Key backup:
- Encryption is only useful if recovery keys are protected and available.
- Lost keys can mean lost data.
## Password Controls
Password complexity:
- Mix character types.
- Avoid obvious words and reused passwords.
Password length:
- Longer is usually stronger.
- Passphrases are easier to remember and harder to brute force.
Password age/expiration:
- Controls how long passwords can be used.
- Some environments require periodic changes.
Password history:
- Prevents users from reusing recent passwords.
Default passwords:
- Change default usernames/passwords on devices, routers, apps, and admin portals.
No blank passwords:
- Always require passwords.
No automatic login:
- Do not let systems bypass authentication.
Password managers:
- Store many unique passwords in an encrypted vault.
- Enterprise password managers can support recovery and central policy.
## Account Management
Least privilege:
- Users should not run as administrators for daily work.
Groups:
- Assign permissions to groups, then add users to groups.
Disable unnecessary accounts:
- Disable guest or unused accounts.
- Disable interactive login for service accounts when possible.
Login time restrictions:
- Limit when accounts can sign in.
- Useful for contractors or temporary workers.
Account expiration:
- Automatically disable temporary accounts after a date.
Failed login lockout:
- Locks account after too many failed attempts.
- Reduces online brute force attacks.
## Locking and Physical Security
Screen lock:
- Automatically lock after inactivity.
- Require password/PIN/biometric to unlock.
Secure critical hardware:
- Use cable locks, locked rooms, asset tracking, and physical controls for laptops and sensitive devices.
Privacy screens:
- Reduce shoulder surfing.
## BIOS/UEFI Passwords
Supervisor/administrator password:
- Prevents unauthorized firmware setting changes.
User/boot password:
- Can prevent booting without credentials.
Exam clue:
- If the attacker might change boot order or firmware settings, think BIOS/UEFI password.
## AutoRun and AutoPlay
AutoRun:
- Automatically runs instructions from removable media.
- Legacy risk.
AutoPlay:
- Prompts or acts when removable media is inserted.
- Disable or restrict to reduce removable-media risk.
## Disable Unnecessary Services
Every service is potential attack surface.
Examples:
- Remote access service not used
- Old print/file sharing service
- Vendor updater no longer needed
- Unused web/database service
Rule:
- Disable only after confirming business impact.
## Commands To Enter
Windows:
```powershell
manage-bde -status
```
What it does:
- Shows BitLocker encryption status.
```powershell
net user
```
What it does:
- Lists local user accounts.
```powershell
net accounts
```
What it does:
- Shows local password and lockout policy.
```powershell
net localgroup administrators
```
What it does:
- Shows local Administrators group members.
```powershell
services.msc
```
What it does:
- Opens Services.
- Use it to inspect services. Do not disable services without knowing impact.
```powershell
ms-settings:autoplay
```
What it does:
- Opens AutoPlay settings.
```powershell
rundll32.exe user32.dll,LockWorkStation
```
What it does:
- Locks the workstation.
Linux:
```bash
id
```
What it does:
- Shows user and group identity.
```bash
sudo -l
```
What it does:
- Shows sudo privileges if allowed.
```bash
systemctl --type=service --state=running
```
What it does:
- Lists running services.
```bash
lsblk -f
```
What it does:
- Shows block devices and filesystem details.
macOS, if available:
```bash
fdesetup status
```
What it does:
- Shows FileVault encryption status.
```bash
id
groups
```
What it does:
- Shows user/group identity.
## Mini Lab
Goal:
- Inspect workstation hardening without making risky changes.
Windows:
1. Run `manage-bde -status`.
2. Run `net accounts`.
3. Run `net user`.
4. Run `net localgroup administrators`.
5. Run `services.msc`.
6. Run `ms-settings:autoplay`.
7. Lock the workstation with `rundll32.exe user32.dll,LockWorkStation` when ready.
8. Record:
- BitLocker status:
- Password lockout policy:
- Local admin members:
- AutoPlay enabled/disabled:
- One service you would research before disabling:
Linux:
1. Run `id`.
2. Run `sudo -l`.
3. Run `systemctl --type=service --state=running`.
4. Record:
- Groups:
- Sudo access:
- One running service to research:
Hardening scenario:
- A contractor leaves next Friday.
- A laptop is used in airports.
- USB drives are often plugged into shared computers.
- A workstation runs an old unused service.
- A local account still uses a vendor default password.
For each, choose the best hardening action.
## Quick Check Before Quiz
You are ready for the SEC-7 quiz when you can answer these without looking:
- What does full-disk encryption protect?
- Why change default passwords?
- Why disable unused services?
- What does account lockout prevent?
- What does AutoPlay/AutoRun risk involve?
- What should be checked before disabling a service?

232
notes/SEC-8-mobile-device-security.md Normal file
View file

@ -0,0 +1,232 @@
# SEC-8: Mobile Device Security
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.8 Mobile device security
## What You Need To Know
Mobile devices are easy to lose, easy to steal, and often already signed in to email, files, password resets, cloud storage, and work apps.
The exam wants you to know how to protect:
- The device
- The data on the device
- The user account connected to the device
- The company network if the phone is used for work
## Memory Trick
Use **L-E-A-S-H**:
- **L**ock the screen
- **E**ncrypt the device
- **A**pply updates and app controls
- **S**ecure with MDM/BYOD policy
- **H**ave backup, location, and remote wipe ready
Shortcut:
- **Lost phone = lock, locate, backup, wipe if needed.**
## Screen Locks
Common unlock methods:
- PIN
- Password
- Pattern
- Fingerprint
- Face recognition
- Swipe
Exam priority:
- A plain swipe is weak because it does not really authenticate the user.
- PIN, password, fingerprint, and face unlock are stronger choices.
- Biometrics are convenient, but the device still needs a PIN/password fallback.
Failed login controls:
- Devices can delay login attempts after repeated failures.
- Some environments can erase or wipe the device after too many failed attempts.
- This protects stolen devices from repeated guessing attempts.
## Encryption
Full device encryption protects stored data if the device is lost or stolen.
What to remember:
- Modern iOS devices use strong built-in encryption when a passcode is configured.
- Modern Android devices commonly support file-based or full-device encryption.
- Encryption is strongest when paired with a real lock method, not swipe-only access.
Exam clue:
- If the question says the phone was stolen and contains sensitive data, think encryption and remote wipe.
## MDM and Configuration Profiles
Mobile Device Management, or MDM, lets an organization centrally manage phones and tablets.
Common MDM actions:
- Require a passcode
- Require encryption
- Push Wi-Fi, VPN, or email settings
- Install or restrict apps
- Block camera, copy/paste, or cloud sync in some environments
- Enforce OS update requirements
- Locate, lock, or wipe a managed device
Common tools and terms:
- Microsoft Intune
- Apple Configurator
- Apple configuration profiles
- Android Enterprise
BYOD means Bring Your Own Device.
BYOD policy questions usually care about:
- Who owns the device
- What company data is allowed
- Whether the company can wipe only work data or the entire device
- Minimum OS version
- Screen lock requirements
- What happens when employment ends
## Updates and Patching
Mobile updates include:
- Operating system updates
- Security patches
- App updates
Why they matter:
- Updates fix vulnerabilities.
- App updates can fix security bugs in messaging, browsers, email, banking, and work apps.
Exam clue:
- If the question says a device is missing critical security fixes, update the OS or app.
## Anti-Malware
iOS:
- More closed app ecosystem.
- Apps are more isolated.
- Traditional antivirus is less common.
Android:
- More open ecosystem.
- Third-party app sources increase risk.
- Anti-malware tools are more common, especially in business environments.
Best protection:
- Use official app stores.
- Keep the OS updated.
- Avoid sideloading unknown apps.
- Use MDM controls when the device handles company data.
## Content Filtering
Content filtering limits access to unsafe or inappropriate content.
Examples:
- Web filtering
- App restrictions
- Parental controls
- Enterprise browsing controls
Exam clue:
- If the goal is to block categories of websites or unsafe browsing, think content filtering.
## Locator, Remote Lock, Remote Wipe, and Backup
Locator services:
- Help find a lost device.
- Examples: Find My on iPhone, Find My Device on Android.
Remote lock:
- Locks the phone so someone else cannot use it.
Remote message or sound:
- Helps recover a misplaced phone.
Remote wipe:
- Erases data when the device is unlikely to be recovered.
- Use carefully because it removes data from the device.
Remote backup:
- Stores device data in cloud backup.
- Makes replacement and recovery easier.
Exam order for a lost phone:
1. Locate or lock if recovery is likely.
2. Confirm backup status if possible.
3. Wipe if data risk is high or recovery is unlikely.
## Mobile Firewalls
Mobile firewall apps are less common than desktop firewalls.
On mobile devices, network control is often handled by:
- MDM
- VPN apps
- Per-app network rules
- Enterprise security suites
Exam clue:
- If the question says only approved apps should access company data or network resources, think MDM, VPN, or app access control.
## Commands To Enter
This objective is mostly settings-based, so there are not many normal command-line tools for a locked-down phone. Use these commands only to open account/device-security pages from a computer browser.
Windows:
```powershell
start https://account.microsoft.com/devices
```
What it does:
- Opens the Microsoft devices page for the signed-in account in your default browser.
- Use it only to inspect registered devices.
```powershell
start https://myaccount.google.com/security
```
What it does:
- Opens the Google account security page.
- Use it to inspect signed-in devices, security alerts, and recovery options.
macOS:
```bash
open https://appleid.apple.com
```
What it does:
- Opens the Apple ID account page in the default browser.
- Use it to review trusted devices and account security settings.
Linux:
```bash
xdg-open https://myaccount.google.com/security
```
What it does:
- Opens the Google account security page in the default browser.
- Use it to inspect account security if the command is available on your Linux system.
Do not erase, wipe, unenroll, reset, or remove a device from an account during this section.
## Quick Checks
You should be able to answer:
- What protects mobile data at rest?
- What is weak about swipe-only unlock?
- What does MDM enforce?
- Why does BYOD need a policy?
- When would remote wipe be appropriate?
- Why are OS and app updates security controls?
- Why is Android anti-malware more common than iOS anti-malware?

260
notes/SEC-9-data-destruction.md Normal file
View file

@ -0,0 +1,260 @@
# SEC-9: Data Destruction
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.9 Data destruction
## What You Need To Know
Data destruction means making stored data unrecoverable before a device is reused, recycled, sold, returned, or thrown away.
The exam wants you to match the method to the situation:
- Reuse the drive: securely wipe it.
- Dispose of the drive: physically destroy it.
- Magnetic hard drive: degaussing can work.
- SSD or flash storage: degaussing does not work.
- Legal or regulated data: keep a certificate of destruction.
## Memory Trick
Use **W-D-S-C**:
- **W**ipe if you want to reuse it
- **D**estroy if you want it gone forever
- **S**SDs do not degauss
- **C**ertificate proves destruction
Shortcut:
- **Reuse = wipe. Retire = destroy. Regulated = certificate.**
## Deleting Is Not Destruction
Normal delete:
- Removes the file entry from normal view.
- The data may still exist on the storage device.
- Recovery tools may be able to bring it back.
Recycle Bin or Trash:
- Even less final than deletion.
- The user can often restore the file.
Exam clue:
- If the question asks for secure removal, normal delete is not enough.
## Formatting
Quick format:
- Rebuilds the file system structure.
- Usually does not overwrite all old data.
- Data recovery may still be possible.
Regular format:
- Overwrites sectors on modern Windows versions.
- Takes longer than quick format.
- Better for data removal than quick format.
Low-level format:
- Factory-level process.
- Not a normal user or technician procedure on modern drives.
- Usually not the right exam answer for everyday data destruction.
## Secure Erasing and Wiping
File-level overwrite:
- Overwrites a specific file.
- Useful when only one file must be removed.
- Does not wipe the rest of the drive.
Whole-drive wipe:
- Overwrites the entire drive.
- Useful before reusing or repurposing a drive.
- Takes longer but covers all data.
Examples:
- Windows Sysinternals `sdelete` can securely delete files or clean free space.
- DBAN can wipe traditional hard drives.
SSD caution:
- SSDs use wear leveling, so old data may not be overwritten the same way as a spinning hard drive.
- Use manufacturer secure erase tools, OS reset options designed for SSDs, or cryptographic erase when available.
Cryptographic erase:
- Destroys the encryption key instead of overwriting all storage blocks.
- Fast when the device was already fully encrypted.
- Without the key, encrypted data is not practically readable.
## Physical Destruction
Physical destruction makes the drive unusable.
Common methods:
- Drill or hammer through platters/chips
- Shredding
- Incineration
- Degaussing for magnetic media
Use physical destruction when:
- The drive will not be reused.
- The data is highly sensitive.
- Regulations or company policy require destruction.
- You cannot trust a software wipe.
## Degaussing
Degaussing uses a strong magnetic field to destroy data on magnetic media.
Works for:
- Magnetic hard drives
- Some magnetic tapes
Does not work for:
- SSDs
- USB flash drives
- SD cards
- Other flash storage
Exam clue:
- If the device is SSD or flash, do not choose degaussing.
## Certificate of Destruction
A certificate of destruction is proof that a drive or batch of drives was destroyed.
It may include:
- Date
- Serial numbers or asset tags
- Method used
- Vendor name
- Chain-of-custody details
- Signature or confirmation
Use it when:
- A third party destroys the drives.
- Data is regulated.
- The organization needs an audit trail.
## Choosing The Best Method
Scenario shortcuts:
- Old company laptop will be reused: whole-drive wipe or secure erase.
- Failed hard drive with patient records: physical destruction plus certificate.
- Magnetic hard drive disposal: shred, drill, incinerate, or degauss.
- SSD disposal: shred or use SSD secure erase/crypto erase; do not degauss.
- One file must be removed but the drive stays in use: file-level secure delete.
- Drive is encrypted and being retired: crypto erase may be appropriate if policy allows it.
## Commands To Enter
Only run these against disposable test files. Do not run wipe commands against real drives in this course unless you intentionally want to destroy data.
Windows PowerShell:
```powershell
New-Item -ItemType Directory -Path "$env:USERPROFILE\AplusDataDestructionLab"
```
What it does:
- Creates a safe lab folder in your user profile.
```powershell
"Practice data" | Set-Content "$env:USERPROFILE\AplusDataDestructionLab\test.txt"
```
What it does:
- Creates a small test file for the lab.
```powershell
Remove-Item "$env:USERPROFILE\AplusDataDestructionLab\test.txt"
```
What it does:
- Deletes the test file.
- This is normal deletion, not secure destruction.
```powershell
Get-Volume
```
What it does:
- Lists mounted volumes and file systems.
- Use it for inspection only in this section.
Linux:
```bash
mkdir -p ~/aplus-data-destruction-lab
```
What it does:
- Creates a safe lab folder in your home directory.
```bash
printf "Practice data\n" > ~/aplus-data-destruction-lab/test.txt
```
What it does:
- Creates a small test file.
```bash
rm ~/aplus-data-destruction-lab/test.txt
```
What it does:
- Deletes the test file.
- This is normal deletion, not secure destruction.
```bash
lsblk -f
```
What it does:
- Lists block devices and file systems.
- Use it to identify storage types for inspection only.
macOS:
```bash
mkdir -p ~/aplus-data-destruction-lab
```
What it does:
- Creates a safe lab folder on the Mac.
```bash
printf "Practice data\n" > ~/aplus-data-destruction-lab/test.txt
```
What it does:
- Creates a small test file.
```bash
rm ~/aplus-data-destruction-lab/test.txt
```
What it does:
- Deletes the test file.
- This is normal deletion, not secure destruction.
```bash
diskutil list
```
What it does:
- Lists disks and partitions.
- Use it for inspection only.
## Quick Checks
You should be able to answer:
- Why is normal delete not secure destruction?
- What is the difference between quick format and regular format?
- When should you use whole-drive wiping?
- Why does degaussing not work on SSDs?
- When is a certificate of destruction needed?
- What method would you choose for a drive that must be reused?
- What method would you choose for regulated data on a retired drive?

108
notes/TRB-1-windows-os-issues.md Normal file
View file

@ -0,0 +1,108 @@
# TRB-1: Windows OS Issues
Status: not started
Domain:
- 3.0 Software Troubleshooting
Objective alignment:
- 3.1 Troubleshoot common Windows OS problems
## What You Need To Know
Windows troubleshooting questions usually give a symptom and ask for the most likely next step.
Common symptoms:
- Blue screen of death
- Slow performance
- Frequent shutdowns
- Services failing to start
- Application crashes
- Low memory warnings
- USB controller resource warnings
- System instability
- No OS found
- Slow profile load
- Time drift
## Memory Trick
Use **B-S-S-A-D-P-T**:
- **B**oot
- **S**ervices
- **S**torage
- **A**pplications
- **D**rivers
- **P**rofiles
- **T**ime
Shortcut:
- **A Windows symptom usually points to boot, services, storage, drivers, profile, or time.**
## Symptom Matching
No OS found:
- Check boot order.
- Check whether the drive is detected.
- Check boot files and startup repair.
BSOD:
- Suspect drivers, hardware, memory, storage, or recent updates.
- Use Event Viewer, Reliability Monitor, and memory/storage diagnostics.
Slow performance:
- Check Task Manager for CPU, memory, disk, and startup load.
- Check available disk space.
- Review recently installed apps.
Services not starting:
- Check Services console.
- Check dependencies.
- Review Event Viewer.
Slow profile load:
- Suspect large profile data, network profile issues, login scripts, or domain connectivity.
System time drift:
- Check time zone, CMOS battery, and time synchronization.
## Commands To Know
```powershell
sfc /scannow
```
Checks protected Windows system files and attempts repair.
```powershell
DISM /Online /Cleanup-Image /RestoreHealth
```
Repairs the Windows component store used by SFC.
```powershell
chkdsk
```
Checks file system status.
```powershell
eventvwr.msc
```
Opens Event Viewer for logs and error clues.
```powershell
perfmon /rel
```
Opens Reliability Monitor for a timeline of failures.
## Exam Clues
- If Windows cannot find an OS, think boot order, missing boot files, or failed drive.
- If the system fails after a driver update, roll back the driver or boot into Safe Mode.
- If apps crash after system corruption, use DISM and SFC.
- If performance is slow, gather evidence before changing settings.

87
notes/TRB-2-mobile-os-app-issues.md Normal file
View file

@ -0,0 +1,87 @@
# TRB-2: Mobile OS and App Issues
Status: not started
Domain:
- 3.0 Software Troubleshooting
Objective alignment:
- 3.2 Troubleshoot common mobile OS and application problems
## What You Need To Know
Mobile troubleshooting often starts with simple checks:
- Updates
- Storage
- Permissions
- Connectivity
- App cache/data
- Battery health
- Compatibility
Common symptoms:
- App fails to launch
- App fails to close
- App fails to update
- App fails to install
- App crashes
- Slow response
- OS update failure
- Battery drain
- Random reboots
- Bluetooth, Wi-Fi, or NFC problems
- Screen autorotation failure
## Memory Trick
Use **U-S-P-C-R**:
- **U**pdate
- **S**torage
- **P**ermissions
- **C**onnectivity
- **R**estart/reinstall
Shortcut:
- **Most mobile app problems start with update, storage, permission, or connectivity checks.**
## Troubleshooting Flow
App will not launch or crashes:
- Restart the app.
- Restart the device.
- Update the app.
- Update the OS.
- Clear app cache where supported.
- Reinstall the app if needed.
App will not install or update:
- Check storage.
- Check network connectivity.
- Check app store account status.
- Check OS compatibility.
Battery drains quickly:
- Review battery usage by app.
- Check screen brightness.
- Disable unnecessary radios.
- Check for runaway apps.
Connectivity problems:
- Toggle the affected radio.
- Forget and reconnect to the network or device.
- Check range and pairing mode.
- Restart device if needed.
Autorotation fails:
- Check rotation lock.
- Restart the app.
- Test sensors if available.
## Exam Clues
- If an app cannot install, storage and compatibility are high-probability answers.
- If Bluetooth pairing fails, check pairing mode and forget/re-pair.
- If the issue started after an update, check known issues and compatibility.
- If one app is the only problem, focus on that app before resetting the whole phone.

88
notes/TRB-3-mobile-security-issues.md Normal file
View file

@ -0,0 +1,88 @@
# TRB-3: Mobile Security Issues
Status: not started
Domain:
- 3.0 Software Troubleshooting
Objective alignment:
- 3.3 Troubleshoot common mobile device security issues
## What You Need To Know
Mobile security issues often come from risky configuration or untrusted apps.
Risk factors:
- Unofficial app stores
- Sideloaded applications
- Developer mode
- Rooted or jailbroken device
- Unauthorized apps
- Application spoofing
Symptoms:
- High network traffic
- Slow response
- Data usage alerts
- Limited or no internet
- Many ads
- Fake security warnings
- Unexpected app behavior
- Leaked personal data
## Memory Trick
Use **R-U-D-A**:
- **R**oot/jailbreak
- **U**nofficial store
- **D**eveloper mode
- **A**ds/alerts
Shortcut:
- **If the source or control model is untrusted, treat the phone as high risk.**
## What To Check
App source:
- Was the app installed from the official app store?
- Is the developer name correct?
- Are reviews and permissions suspicious?
Device integrity:
- Is the device rooted or jailbroken?
- Is developer mode enabled?
- Are unknown sources allowed?
Network and data:
- Is one app using unusual data?
- Does traffic spike when the app is open?
- Are VPN or proxy settings unexpected?
User symptoms:
- Fake antivirus pop-ups
- Ads outside the browser
- Browser redirects
- Unrecognized apps
## Response Priorities
For personal devices:
- Remove suspicious apps.
- Update OS and apps.
- Run trusted security tools if available.
- Change passwords from a known-clean device if compromise is suspected.
For managed devices:
- Follow company policy.
- Notify support/security.
- Use MDM actions when appropriate.
- Preserve evidence if required.
## Exam Clues
- Rooted or jailbroken devices bypass normal protections.
- Unofficial app stores increase malware risk.
- App spoofing means a fake app pretends to be legitimate.
- High data usage plus ads and fake warnings points to malware or unwanted software.

78
notes/TRB-4-pc-security-symptoms.md Normal file
View file

@ -0,0 +1,78 @@
# TRB-4: PC Security Symptoms
Status: not started
Domain:
- 3.0 Software Troubleshooting
Objective alignment:
- 3.4 Troubleshoot common PC security issues
## What You Need To Know
Security troubleshooting questions often describe symptoms instead of naming malware.
PC symptoms:
- Cannot access the network
- Desktop alerts
- Fake antivirus warnings
- Files are altered, missing, renamed, or inaccessible
- Unwanted OS notifications
- OS update failures
Browser symptoms:
- Frequent pop-ups
- Certificate warnings
- Redirection
- Degraded browser performance
## Memory Trick
Use **FAN-B**:
- **F**iles changed
- **A**lerts are fake
- **N**etwork blocked
- **B**rowser redirects
Shortcut:
- **Fake alerts plus changed files or redirects means assume compromise until verified.**
## Common Causes
Malware:
- Fake antivirus
- Ransomware
- Spyware
- Adware
- Browser hijackers
Misconfiguration:
- Bad proxy setting
- Wrong DNS setting
- Expired certificate or wrong system time
- Firewall or security tool blocking traffic
Compromised account:
- Unexpected sync changes
- Unauthorized browser extensions
- New login alerts
## Response Flow
1. Identify symptoms.
2. Disconnect from the network if active compromise is suspected.
3. Preserve evidence when policy requires it.
4. Run trusted security tools.
5. Remove or quarantine threats.
6. Update OS, browser, and security software.
7. Change passwords from a known-clean device if credentials may be compromised.
8. Document findings and actions.
## Exam Clues
- Pop-ups and redirects point to adware or browser hijacking.
- Inaccessible renamed files point to ransomware.
- Certificate warnings can be malicious, misconfigured, or caused by wrong system time.
- OS update failure may be caused by malware, corruption, or network problems.