kenpat/comptia-a-plus-core2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial Core 2 study project

Browse source
This commit is contained in:
Ken Patmonk 2026-06-11 20:17:44 -05:00
commit 10de90430c
120 changed files with 12696 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.gitignore vendored Normal file
View file

@ -0,0 +1,7 @@
# Generated/local working files
build/
# Extracted full text from copyrighted reference PDFs.
# Keep reference indexes and summarized study materials in git instead.
reference-materials/extracted-text/

333
MEMORY.md Normal file
View file

@ -0,0 +1,333 @@
# CompTIA A+ Core 2 Study Memory
Last updated: 2026-06-11 20:14 CDT
## Goal
Prepare to pass CompTIA A+ Core 2 by June 30, 2026.
Target exam:
- Certification: CompTIA A+ Core 2 V15
- Exam code: 220-1202
- Launch date: March 25, 2025
- Question count: maximum 90
- Time limit: 90 minutes
- Passing score: 700 on a 900-point scale
- Question styles: multiple choice, multiple response, drag-and-drop, performance-based questions
Official domain weights:
- 1.0 Operating Systems: 28%
- 2.0 Security: 28%
- 3.0 Software Troubleshooting: 23%
- 4.0 Operational Procedures: 21%
Source checked:
- CompTIA A+ Core 2 V15 page, accessed 2026-06-10:
https://www.comptia.org/en-us/certifications/a/core-2-v15/
## Study Strategy
Use a fast exam-prep loop:
1. Teach one small topic in plain language.
2. Add a memory trick for the topic.
3. Enter commands when commands are relevant.
4. Explain what each command does and how to interpret the output.
5. Run a Windows or Linux lab when useful.
6. Quiz only after the section has been studied.
7. Log mistakes by domain and objective.
8. Re-test weak areas with spaced repetition.
Priority rule:
- Security and Operating Systems receive the most study time because each is 28% of the exam.
- Troubleshooting gets daily scenario practice because it overlaps with performance-based questions.
- Operational Procedures gets frequent short reviews because it is vocabulary-heavy and process-driven.
## Progress State
Current status:
- Study system created.
- Objective 1.1 / OS-5 studied on 2026-06-11; quiz score 7/7. Status: Strong. Lab still pending.
- Baseline quiz replaced by section quizzes after study.
- OS-1 lesson/lab/quiz created: Windows editions and system information.
- OS-2 lesson/lab/quiz created: Windows installation, boot, and recovery.
- OS-3 lesson/lab/quiz created: Windows administrative tools.
- OS-4 lesson/lab/quiz created: Windows command line.
- OS-5 lesson/lab/quiz created: OS types and file systems.
- OS-6 lesson/lab/quiz created: Windows Control Panel and Settings.
- OS-7 lesson/lab/quiz created: Windows networking.
- User reference materials found in `/home/kenpatmonk/Downloads/`.
- Reference PDFs extracted to `reference-materials/extracted-text/`.
- `Downloads/core2.html` contains an objective-level map from 1.1 through 4.10 and should guide the HTML status map.
- `mind-maps/core2-status.html` upgraded to objective-level tracking from 1.1 through 4.10.
- OS-1 updated from reference material to include Windows 11 TPM/UEFI/Secure Boot clues, `msinfo32`, and `tpm.msc`.
- User does not personally have a Mac, but a friend has a Mac the user can use for macOS labs.
- Labs should include Windows/Linux options and optional macOS labs when macOS is exam-relevant.
- Weak domains unknown.
- User prefers quizzes after each study section, not before.
- User can sometimes access a friend's Mac. Do not block progress on Mac access, but include real Mac labs for objective 1.8.
Next action:
- User should run the OS-5 lab when convenient, then continue to objective 1.2: OS installation and upgrade.
- If skipping the OS-5 lab for now, begin OS-2 study and quiz for objective 1.2.
- OS-3 is ready after OS-2: Windows administrative tools.
- OS-1 quiz now has 7 questions.
- OS-4 is ready after OS-3: Windows command line.
- OS-5 is ready and covers objective 1.1. It can be studied before OS-1 if starting from fundamentals.
- OS-6 is ready after OS-4: Windows Control Panel and Settings.
- OS-7 is ready after OS-6: Windows networking.
- OS-8 lesson/lab/quiz created: macOS tools and features. Mac lab is available when user can use friend's Mac; otherwise use comparison practice.
- OS-9 lesson/lab/quiz created: Linux client tools.
- OS-10 lesson/lab/quiz created: application installation requirements.
- OS-11 lesson/lab/quiz created: cloud productivity tools.
- Domain 1 Operating Systems now has ready lessons/labs/quizzes for objectives 1.1 through 1.11.
- SEC-1 lesson/lab/quiz created: security controls for objective 2.1.
- SEC-2 lesson/lab/quiz created: Windows security settings for objective 2.2.
- SEC-3 lesson/lab/quiz created: wireless security for objective 2.3.
- SEC-4 lesson/lab/quiz created: malware and security tools for objective 2.4.
- SEC-5 lesson/lab/quiz created: social engineering and attacks for objective 2.5.
- SEC-6 lesson/lab/quiz created: malware removal process for objective 2.6.
- SEC-7 lesson/lab/quiz created: workstation hardening for objective 2.7.
- SEC-8 lesson/lab/quiz created: mobile device security for objective 2.8.
- SEC-9 lesson/lab/quiz created: data destruction for objective 2.9.
- SEC-10 lesson/lab/quiz created: SOHO network security for objective 2.10.
- SEC-11 lesson/lab/quiz created: browser security for objective 2.11.
- Domain 2 Security now has ready lessons/labs/quizzes for objectives 2.1 through 2.11.
- TRB-1 lesson/lab/quiz created: Windows OS issues for objective 3.1.
- TRB-2 lesson/lab/quiz created: mobile OS and app issues for objective 3.2.
- TRB-3 lesson/lab/quiz created: mobile security issues for objective 3.3.
- TRB-4 lesson/lab/quiz created: PC security symptoms for objective 3.4.
- Domain 3 Software Troubleshooting now has ready lessons/labs/quizzes for objectives 3.1 through 3.4.
- OPS-1 lesson/lab/quiz created: documentation and support systems for objective 4.1.
- OPS-2 lesson/lab/quiz created: change management for objective 4.2.
- OPS-3 lesson/lab/quiz created: backup and recovery for objective 4.3.
- OPS-4 lesson/lab/quiz created: safety procedures for objective 4.4.
- OPS-5 lesson/lab/quiz created: environmental controls for objective 4.5.
- OPS-6 lesson/lab/quiz created: policy, privacy, and licensing for objective 4.6.
- OPS-7 lesson/lab/quiz created: professionalism for objective 4.7.
- OPS-8 lesson/lab/quiz created: scripting basics for objective 4.8.
- OPS-9 lesson/lab/quiz created: remote access for objective 4.9.
- OPS-10 lesson/lab/quiz created: AI concepts for objective 4.10.
- Domain 4 Operational Procedures now has ready lessons/labs/quizzes for objectives 4.1 through 4.10.
- All quiz answer keys were audited on 2026-06-10; correct answers are mixed across A, B, C, and D instead of always using A.
## Teaching Rules
Each section should stay small and easy to understand:
- What it is
- Why it matters on the exam
- Memory trick
- Commands to enter, if applicable
- What each command does
- Mini lab
- Quiz after study
Quiz remediation rule:
- If the user misses a quiz question, explain the correct answer.
- Explain why the selected answer was wrong.
- Explain what each answer choice does or means.
- Update `quiz-log.md` and the HTML mind map status.
Quiz design rule:
- Do not make every correct answer the same letter.
- Mix correct answers across A, B, C, and D to prevent pattern guessing.
- After creating or editing a quiz, verify the answer key distribution.
Mind map rule:
- Use `mind-maps/core2-status.html` as the visual progress map.
- Track status for each objective topic with levels:
- Not started
- Studying
- Needs review
- Good
- Strong
## Memory Protocol
Before context limits or long sessions, update this file with:
- Date and time
- Topics completed
- Quiz scores and missed concepts
- Labs completed
- Weak areas
- Next recommended action
Use these files:
- `SCHEDULE.md`: day-by-day plan through June 30
- `quiz-log.md`: quiz attempts and mistake patterns
- `lab-log.md`: hands-on exercises completed
- `mind-maps/core2-overview.md`: overview map of the exam
- `mind-maps/core2-status.html`: HTML objective status mind map
- `reference-materials/`: user-provided Core 2 books/files/reference materials
- `reference-materials/REFERENCE_INDEX.md`: index of processed references
## Reference Material Workflow
User may provide PDFs, EPUBs, images, text files, or unknown formats such as `.atm`.
When reference files are added:
- Inspect filenames first.
- Use `file` to identify unknown formats.
- Extract or read text when possible.
- Use references to improve original study materials.
- Do not copy long copyrighted passages into notes.
- Update lessons, labs, quizzes, and the HTML mind map from summarized concepts.
- Track processed files in `reference-materials/REFERENCE_INDEX.md`.
Indexed references:
- `/home/kenpatmonk/Downloads/Professor Messers A+ Core 2 Course Notes-1.pdf`
- `/home/kenpatmonk/Downloads/Professor Messers CompTIA A+ Core 2 Practice Exams.pdf`
- `/home/kenpatmonk/Downloads/core2.html`
## Created Sections
Operating Systems:
- OS-5: OS types and file systems
- Lesson: `notes/OS-5-os-types-filesystems.md`
- Lab: `labs/OS-5-os-filesystem-lab.md`
- Quiz: `quizzes/OS-5-quiz.md`
- OS-1: Windows editions and system information
- Lesson: `notes/OS-1-windows-editions-system-info.md`
- Lab: `labs/OS-1-system-inventory-lab.md`
- Quiz: `quizzes/OS-1-quiz.md`
- OS-2: Windows installation, boot, and recovery
- Lesson: `notes/OS-2-windows-installation-recovery.md`
- Lab: `labs/OS-2-recovery-info-lab.md`
- Quiz: `quizzes/OS-2-quiz.md`
- OS-3: Windows administrative tools
- Lesson: `notes/OS-3-windows-admin-tools.md`
- Lab: `labs/OS-3-admin-tools-lab.md`
- Quiz: `quizzes/OS-3-quiz.md`
- OS-4: Windows command line
- Lesson: `notes/OS-4-windows-command-line.md`
- Lab: `labs/OS-4-command-line-lab.md`
- Quiz: `quizzes/OS-4-quiz.md`
- OS-6: Windows Control Panel and Settings
- Lesson: `notes/OS-6-windows-control-panel-settings.md`
- Lab: `labs/OS-6-settings-lab.md`
- Quiz: `quizzes/OS-6-quiz.md`
- OS-7: Windows networking
- Lesson: `notes/OS-7-windows-networking.md`
- Lab: `labs/OS-7-windows-networking-lab.md`
- Quiz: `quizzes/OS-7-quiz.md`
- OS-8: macOS tools and features
- Lesson: `notes/OS-8-macos-tools-features.md`
- Lab: `labs/OS-8-macos-tools-lab.md`
- Quiz: `quizzes/OS-8-quiz.md`
- OS-9: Linux client tools
- Lesson: `notes/OS-9-linux-client-tools.md`
- Lab: `labs/OS-9-linux-client-tools-lab.md`
- Quiz: `quizzes/OS-9-quiz.md`
- OS-10: Application installation requirements
- Lesson: `notes/OS-10-application-installation-requirements.md`
- Lab: `labs/OS-10-application-installation-lab.md`
- Quiz: `quizzes/OS-10-quiz.md`
- OS-11: Cloud productivity tools
- Lesson: `notes/OS-11-cloud-productivity-tools.md`
- Lab: `labs/OS-11-cloud-productivity-lab.md`
- Quiz: `quizzes/OS-11-quiz.md`
Security:
- SEC-1: Security controls
- Lesson: `notes/SEC-1-security-controls.md`
- Lab: `labs/SEC-1-security-controls-lab.md`
- Quiz: `quizzes/SEC-1-quiz.md`
- SEC-2: Windows security settings
- Lesson: `notes/SEC-2-windows-security-settings.md`
- Lab: `labs/SEC-2-windows-security-settings-lab.md`
- Quiz: `quizzes/SEC-2-quiz.md`
- SEC-3: Wireless security
- Lesson: `notes/SEC-3-wireless-security.md`
- Lab: `labs/SEC-3-wireless-security-lab.md`
- Quiz: `quizzes/SEC-3-quiz.md`
- SEC-4: Malware and security tools
- Lesson: `notes/SEC-4-malware-security-tools.md`
- Lab: `labs/SEC-4-malware-response-lab.md`
- Quiz: `quizzes/SEC-4-quiz.md`
- SEC-5: Social engineering and attacks
- Lesson: `notes/SEC-5-social-engineering-attacks.md`
- Lab: `labs/SEC-5-social-engineering-scenario-lab.md`
- Quiz: `quizzes/SEC-5-quiz.md`
- SEC-6: Malware removal process
- Lesson: `notes/SEC-6-malware-removal-process.md`
- Lab: `labs/SEC-6-malware-removal-tabletop-lab.md`
- Quiz: `quizzes/SEC-6-quiz.md`
- SEC-7: Workstation hardening
- Lesson: `notes/SEC-7-workstation-hardening.md`
- Lab: `labs/SEC-7-workstation-hardening-lab.md`
- Quiz: `quizzes/SEC-7-quiz.md`
- SEC-8: Mobile device security
- Lesson: `notes/SEC-8-mobile-device-security.md`
- Lab: `labs/SEC-8-mobile-device-security-lab.md`
- Quiz: `quizzes/SEC-8-quiz.md`
- SEC-9: Data destruction
- Lesson: `notes/SEC-9-data-destruction.md`
- Lab: `labs/SEC-9-data-destruction-lab.md`
- Quiz: `quizzes/SEC-9-quiz.md`
- SEC-10: SOHO network security
- Lesson: `notes/SEC-10-soho-network-security.md`
- Lab: `labs/SEC-10-soho-network-security-lab.md`
- Quiz: `quizzes/SEC-10-quiz.md`
- SEC-11: Browser security
- Lesson: `notes/SEC-11-browser-security.md`
- Lab: `labs/SEC-11-browser-security-lab.md`
- Quiz: `quizzes/SEC-11-quiz.md`
Software Troubleshooting:
- TRB-1: Windows OS issues
- Lesson: `notes/TRB-1-windows-os-issues.md`
- Lab: `labs/TRB-1-windows-os-issues-lab.md`
- Quiz: `quizzes/TRB-1-quiz.md`
- TRB-2: Mobile OS and app issues
- Lesson: `notes/TRB-2-mobile-os-app-issues.md`
- Lab: `labs/TRB-2-mobile-os-app-issues-lab.md`
- Quiz: `quizzes/TRB-2-quiz.md`
- TRB-3: Mobile security issues
- Lesson: `notes/TRB-3-mobile-security-issues.md`
- Lab: `labs/TRB-3-mobile-security-issues-lab.md`
- Quiz: `quizzes/TRB-3-quiz.md`
- TRB-4: PC security symptoms
- Lesson: `notes/TRB-4-pc-security-symptoms.md`
- Lab: `labs/TRB-4-pc-security-symptoms-lab.md`
- Quiz: `quizzes/TRB-4-quiz.md`
Operational Procedures:
- OPS-1: Documentation and support systems
- Lesson: `notes/OPS-1-documentation-support-systems.md`
- Lab: `labs/OPS-1-documentation-support-systems-lab.md`
- Quiz: `quizzes/OPS-1-quiz.md`
- OPS-2: Change management
- Lesson: `notes/OPS-2-change-management.md`
- Lab: `labs/OPS-2-change-management-lab.md`
- Quiz: `quizzes/OPS-2-quiz.md`
- OPS-3: Backup and recovery
- Lesson: `notes/OPS-3-backup-recovery.md`
- Lab: `labs/OPS-3-backup-recovery-lab.md`
- Quiz: `quizzes/OPS-3-quiz.md`
- OPS-4: Safety procedures
- Lesson: `notes/OPS-4-safety-procedures.md`
- Lab: `labs/OPS-4-safety-procedures-lab.md`
- Quiz: `quizzes/OPS-4-quiz.md`
- OPS-5: Environmental controls
- Lesson: `notes/OPS-5-environmental-controls.md`
- Lab: `labs/OPS-5-environmental-controls-lab.md`
- Quiz: `quizzes/OPS-5-quiz.md`
- OPS-6: Policy, privacy, and licensing
- Lesson: `notes/OPS-6-policy-privacy-licensing.md`
- Lab: `labs/OPS-6-policy-privacy-licensing-lab.md`
- Quiz: `quizzes/OPS-6-quiz.md`
- OPS-7: Professionalism
- Lesson: `notes/OPS-7-professionalism.md`
- Lab: `labs/OPS-7-professionalism-lab.md`
- Quiz: `quizzes/OPS-7-quiz.md`
- OPS-8: Scripting basics
- Lesson: `notes/OPS-8-scripting-basics.md`
- Lab: `labs/OPS-8-scripting-basics-lab.md`
- Quiz: `quizzes/OPS-8-quiz.md`
- OPS-9: Remote access
- Lesson: `notes/OPS-9-remote-access.md`
- Lab: `labs/OPS-9-remote-access-lab.md`
- Quiz: `quizzes/OPS-9-quiz.md`
- OPS-10: AI concepts
- Lesson: `notes/OPS-10-ai-concepts.md`
- Lab: `labs/OPS-10-ai-concepts-lab.md`
- Quiz: `quizzes/OPS-10-quiz.md`

33
README.md Normal file
View file

@ -0,0 +1,33 @@
# CompTIA A+ Core 2 Study Project
Private study workspace for CompTIA A+ Core 2 `220-1202`.
## Goal
Prepare to pass Core 2 by June 30, 2026.
## How To Continue
Start with `MEMORY.md` for the current state, progress, and next action.
Useful files:
- `SCHEDULE.md`: day-by-day study plan
- `quiz-log.md`: quiz attempts and missed concepts
- `lab-log.md`: hands-on lab progress
- `mind-maps/core2-status.html`: visual objective status map
- `notes/`: lessons by objective
- `labs/`: hands-on exercises
- `quizzes/`: section quizzes
- `reference-materials/REFERENCE_INDEX.md`: processed reference inventory
## Current Flow
1. Study one objective from `notes/`.
2. Run the matching lab from `labs/` when practical.
3. Take the matching quiz from `quizzes/`.
4. Update `quiz-log.md`, `lab-log.md`, `MEMORY.md`, and `mind-maps/core2-status.html`.
## Reference Policy
Full extracted text from commercial PDFs is intentionally not committed. Use summarized project notes and the reference index for continuity.

93
SCHEDULE.md Normal file
View file

@ -0,0 +1,93 @@
# CompTIA A+ Core 2 Schedule
Dates: June 10 through June 30, 2026
## Phase 1: Baseline and Operating Systems
June 10:
- Review exam structure and domain map.
- Study small section OS-1: Windows editions and system information.
- Enter system information commands.
- Lab: identify system edition, version, build, CPU, RAM, and architecture.
- Quiz: OS-1 only, after study.
June 11:
- Windows command-line tools: `ipconfig`, `ping`, `tracert`, `netstat`, `nslookup`, `chkdsk`, `sfc`, `dism`, `gpupdate`, `gpresult`, `shutdown`.
- Lab: collect network and system info from a Windows or Linux machine.
June 12:
- Windows administrative tools: Task Manager, Services, Event Viewer, Disk Management, Device Manager, System Configuration, Local Users and Groups, Performance Monitor.
- Quiz: Operating Systems set 1.
June 13:
- Linux basics: file systems, terminal commands, app installation, permissions, backups, system settings.
- Lab: Linux command practice.
June 14:
- Mobile operating systems: Android/iOS settings, accounts, synchronization, app management, connectivity, backups.
- Quiz: Operating Systems set 2.
## Phase 2: Security
June 15:
- Security fundamentals: authentication, authorization, least privilege, MFA, password policies, account types.
June 16:
- Malware types, symptoms, removal process, browser security, social engineering.
- Lab: malware response tabletop.
June 17:
- Wireless security, SOHO router hardening, encryption, firewalls, physical security.
- Quiz: Security set 1.
June 18:
- Data protection: backups, recovery, EFS, BitLocker/FileVault concepts, secure disposal, privacy.
June 19:
- Security review and mixed PBQ-style scenarios.
- Quiz: Security set 2.
## Phase 3: Software Troubleshooting
June 20:
- Windows symptoms: boot issues, BSOD, services failing, application crashes, slow performance.
June 21:
- Application, browser, and network-related software issues.
- Lab: troubleshooting decision tree.
June 22:
- Mobile app, OS, connectivity, and security troubleshooting.
- Quiz: Software Troubleshooting set 1.
June 23:
- Mixed troubleshooting scenarios with root cause analysis.
## Phase 4: Operational Procedures
June 24:
- Documentation, ticketing, change management, asset management, incident handling.
June 25:
- Safety, ESD, environmental controls, professionalism, communication.
- Quiz: Operational Procedures set 1.
June 26:
- Backup types, recovery testing, disaster recovery, remote access etiquette.
## Phase 5: Final Review
June 27:
- Full mixed practice exam 1.
- Review every missed question.
June 28:
- Targeted weak-domain labs and flash review.
June 29:
- Full mixed practice exam 2.
- Final cram sheet.
June 30:
- Light review only.
- Focus on missed-question log, acronyms, command syntax, and PBQ strategy.

137
flashcards/OPS-flashcards.json Normal file
View file

@ -0,0 +1,137 @@
{
"OPS-1": [
{"front": "What is the U-D-I-S-R memory trick for tickets?", "back": "User, Device, Issue, Severity, Resolution - the core fields a support ticket should capture."},
{"front": "What is the shortcut phrase for why documentation matters?", "back": "If it is not documented, the next tech cannot trust what happened."},
{"front": "What information should a ticket record besides user, device, and issue?", "back": "Category, severity, escalation level, progress notes, and resolution."},
{"front": "What is a CMDB?", "back": "A configuration management database used as part of asset management to track inventory and configuration details."},
{"front": "What does asset management track about a device?", "back": "Inventory, asset tags and IDs, procurement life cycle, warranty and licensing, and assigned users."},
{"front": "What is an SOP?", "back": "A standard operating procedure - a repeatable, documented process for performing a task."},
{"front": "What is an SLA?", "back": "A service level agreement that defines the expected level of service, such as response or resolution times."},
{"front": "What is the purpose of a knowledge base article?", "back": "It helps future technicians solve known issues by documenting solutions to past problems."},
{"front": "Name three document types used in IT operations besides SOPs.", "back": "Incident reports, onboarding/offboarding checklists, and SLAs (knowledge base articles and package installation procedures are also examples)."},
{"front": "Why are asset tags important?", "back": "They connect devices to users, warranty information, and lifecycle records."},
{"front": "Why do tickets need enough detail for handoff?", "back": "So another technician can pick up the issue and continue work, and so trends can be analyzed across many tickets."},
{"front": "What is the procurement life cycle in asset management?", "back": "The stages a device goes through from purchase/acquisition through use to retirement or disposal."}
],
"OPS-2": [
{"front": "What is the P-S-R-B-R memory trick for change management?", "back": "Purpose, Scope, Risk, Backup, Rollback - key elements of a change plan."},
{"front": "What is the shortcut phrase about rollback plans?", "back": "A change without rollback is a bet, not a plan."},
{"front": "What is a standard change?", "back": "A low-risk, preapproved, repeatable change."},
{"front": "What is a normal change?", "back": "A planned change that requires review and approval before implementation."},
{"front": "What is an emergency change?", "back": "An urgent change made to fix a major risk or outage; it may happen faster but still needs documentation afterward."},
{"front": "What should a change plan include besides purpose, scope, and risk level?", "back": "Change type, schedule, affected systems, responsible staff, approvals, backup, rollback plan, sandbox testing, implementation steps, peer review, and end-user acceptance."},
{"front": "What is the purpose of sandbox testing in change management?", "back": "It lets a change be tested in an isolated environment before being applied to production systems."},
{"front": "Why is peer review part of change planning?", "back": "It helps catch mistakes before the change is implemented."},
{"front": "What is a maintenance window?", "back": "A scheduled time period for making changes that reduces impact on users."},
{"front": "What is a change freeze?", "back": "A period during which noncritical changes are blocked, typically during sensitive business periods."},
{"front": "Scenario: A technician needs to update server software but the update could cause downtime. What should be prepared before implementing the change?", "back": "A backup and a rollback plan should be prepared, along with approvals and a scheduled maintenance window, so the system can be restored if the change fails."},
{"front": "Scenario: A critical production server is down and needs an immediate fix outside the normal approval process. What type of change is this, and what must still happen afterward?", "back": "This is an emergency change; even though it bypasses normal advance approval, it must still be documented after the fact."}
],
"OPS-3": [
{"front": "What does the F-I-D-S memory trick stand for?", "back": "Full, Incremental, Differential, Synthetic full - the four backup types."},
{"front": "What is the shortcut phrase about backups and restores?", "back": "Backups are promises; restore tests prove them."},
{"front": "What is a full backup?", "back": "A backup that backs up all selected data."},
{"front": "What is an incremental backup?", "back": "A backup that backs up changes since the last backup of any type (full or incremental)."},
{"front": "What is a differential backup?", "back": "A backup that backs up changes since the last full backup."},
{"front": "What is a synthetic full backup?", "back": "A full backup built from previous backup data rather than copying all data again from the source."},
{"front": "What is the trade-off of incremental backups?", "back": "They are small and fast, but the restore chain can be longer because multiple incremental backups must be applied in sequence."},
{"front": "What happens to differential backups over time?", "back": "They grow larger until the next full backup is performed."},
{"front": "What does the 3-2-1 backup rule mean?", "back": "Three copies of data, on two different media types, with one copy stored offsite."},
{"front": "What is grandfather-father-son backup rotation?", "back": "A backup rotation scheme using a hierarchy of backup sets (e.g., monthly, weekly, daily) to retain different backup ages."},
{"front": "What are the two restore options mentioned for recovering data?", "back": "Restore in place (to the original location) or restore to an alternate location."},
{"front": "Why should restore tests be performed on a defined schedule?", "back": "Because backups only matter if they can actually be restored, and testing verifies that the backup data is usable."}
],
"OPS-4": [
{"front": "What does the P-E-C memory trick stand for?", "back": "Power off, ESD control, Cables managed - key safety steps before working on equipment."},
{"front": "What is the shortcut phrase for safety priorities?", "back": "Protect people first, then parts."},
{"front": "Name the main ESD controls.", "back": "Antistatic wrist strap, ESD mat, antistatic bags, proper grounding, and proper component handling."},
{"front": "Can ESD damage components even if you do not feel a shock?", "back": "Yes, ESD can damage components even when the discharge is too small to be felt."},
{"front": "What is the purpose of antistatic bags?", "back": "They protect components from electrostatic discharge during storage and transport."},
{"front": "What personal safety practices should a technician follow?", "back": "Disconnect power before repairs, use proper lifting technique, know fire safety procedures, and use safety goggles or air filter masks when needed."},
{"front": "When should power be disconnected before repairs?", "back": "Before internal repairs, unless a specific procedure requires the device to remain powered."},
{"front": "How should heavy equipment be lifted?", "back": "Using proper lifting technique, or with two people if the equipment is too heavy for one person."},
{"front": "What workspace safety practices help prevent accidents?", "back": "Cable management, clear walkways, stable equipment placement, and compliance with local rules."},
{"front": "What does proper grounding accomplish in ESD prevention?", "back": "It safely discharges static electricity from the technician and equipment to prevent damage to sensitive components."},
{"front": "When might safety goggles or an air filter mask be needed?", "back": "When working in environments with dust, debris, or particles that could harm the eyes or lungs."}
],
"OPS-5": [
{"front": "What does the P-H-D-P memory trick stand for?", "back": "Power, Heat and humidity, Dust, Proper disposal - the key environmental factors to manage."},
{"front": "What is the shortcut phrase about environmental issues?", "back": "Bad power, heat, dust, or disposal can turn a simple support issue into a safety issue."},
{"front": "What is an SDS or MSDS used for?", "back": "It provides safety data on chemicals and materials, including handling and disposal guidance."},
{"front": "How should batteries and toner be handled at end of life?", "back": "They require proper disposal or recycling rather than regular trash disposal."},
{"front": "What does a UPS protect against?", "back": "Short power outages, and it gives time for a safe shutdown of equipment."},
{"front": "What do surge suppressors protect against?", "back": "Voltage spikes (surges) that could damage equipment."},
{"front": "What is the difference between a brownout and a blackout?", "back": "A brownout is a low-voltage event, while a blackout is a complete loss of power."},
{"front": "What environmental factors should be controlled in an equipment area?", "back": "Temperature, humidity, ventilation, equipment placement, and dust."},
{"front": "How should dust be cleaned from computer equipment?", "back": "Using compressed air and vacuums designed for electronics."},
{"front": "What categories of items require special asset/device disposal procedures?", "back": "Batteries, toner, and devices/assets in general at end of life."},
{"front": "Why is equipment placement an environmental control consideration?", "back": "Proper placement ensures adequate airflow, ventilation, and protection from heat, humidity, and physical hazards."}
],
"OPS-6": [
{"front": "What does the C-D-P-L memory trick stand for?", "back": "Chain of custody, Data privacy, Policies, Licensing - core policy and incident handling concepts."},
{"front": "What is the shortcut phrase for what policy controls?", "back": "Policy decides what you can touch, copy, disclose, and install."},
{"front": "What is chain of custody?", "back": "The documented tracking of evidence handling to preserve its integrity for incident response or legal purposes."},
{"front": "What does order of volatility mean?", "back": "It means collecting the most temporary (volatile) evidence first during incident response."},
{"front": "What is a EULA?", "back": "An End User License Agreement, which defines the terms under which software may be used."},
{"front": "Does open-source software have no license?", "back": "No, open-source does not mean no license - it still has license terms that must be followed."},
{"front": "What is the difference between an NDA and an MNDA?", "back": "An NDA is a non-disclosure agreement between two parties, while an MNDA is a mutual non-disclosure agreement where both parties agree not to disclose each other's information."},
{"front": "What is regulated data?", "back": "Data that may require special handling and retention due to legal or regulatory requirements."},
{"front": "What is data retention policy concerned with?", "back": "How long data must be kept and when it can or must be deleted, based on policy or regulation."},
{"front": "What is an acceptable use policy (AUP)?", "back": "A policy that defines how users are allowed to use company systems and resources."},
{"front": "Why might drive copies be made during incident response?", "back": "To preserve the integrity of original evidence while allowing analysis to be performed on a copy."},
{"front": "What is the purpose of a login banner or splash screen in policy enforcement?", "back": "It communicates acceptable use terms or legal notices to users before they access a system."}
],
"OPS-7": [
{"front": "What does the L-E-D-F memory trick stand for?", "back": "Listen, Explain expectations, Document, Follow up - core professional behaviors."},
{"front": "What is the shortcut phrase for professionalism?", "back": "Fix the problem without making the user the problem."},
{"front": "What type of questions should a technician ask first when troubleshooting with a user?", "back": "Open-ended questions, to gather information about the issue."},
{"front": "Why should a technician restate the issue back to the user?", "back": "To confirm understanding of the problem before proceeding."},
{"front": "Name three behaviors a technician should avoid.", "back": "Arguing, being defensive, and dismissing or judging the user (also avoid sharing confidential information)."},
{"front": "What professional practices show respect for the user?", "back": "Appropriate appearance and language, respect for user time, active listening, cultural sensitivity, and discretion."},
{"front": "Why is setting clear expectations important?", "back": "It helps the user understand realistic timelines and what will happen next, and supports follow-up."},
{"front": "What should a technician do regarding confidentiality?", "back": "Protect confidential information and never share it inappropriately."},
{"front": "Scenario: A user is frustrated and blames the technician for a recurring problem. What is the best response?", "back": "Listen actively without arguing or being defensive, restate the issue to confirm understanding, and focus on resolving the problem rather than blaming the user."},
{"front": "Scenario: A technician discovers sensitive personal files while fixing a user's computer. What should the technician do?", "back": "Maintain discretion and confidentiality - do not share or discuss what was found with anyone outside of what policy requires."},
{"front": "Scenario: A repair is going to take longer than expected. What should the technician do?", "back": "Communicate status clearly, set realistic updated expectations, document the situation, and follow up with the user."},
{"front": "Scenario: A user asks a vague question like 'my computer is broken.' How should the technician respond?", "back": "Ask open-ended questions to gather more details about the issue before attempting to diagnose or fix it."}
],
"OPS-8": [
{"front": "What does the A-R-I-B-D memory trick stand for?", "back": "Automate, Restart, Install, Back up, Data gathering - common scripting use cases."},
{"front": "What is the shortcut phrase about scripts?", "back": "Scripts are force multipliers for both fixes and mistakes."},
{"front": "What file extension is used for PowerShell scripts?", "back": ".ps1"},
{"front": "What file extension is commonly used for Bash shell scripts?", "back": ".sh"},
{"front": "What file extension is used for batch files?", "back": ".bat"},
{"front": "Name three script types used in IT support besides .ps1, .bat, and .sh.", "back": ".vbs (VBScript), .js (JavaScript), and .py (Python)."},
{"front": "What are common use cases for scripts in IT support?", "back": "Automation, restarting machines, remapping drives, application installs, backups, data gathering, and updates."},
{"front": "What risks do scripts pose if used carelessly?", "back": "They can introduce malware, change system settings, delete data, crash browsers or systems, and mishandle resources."},
{"front": "Why should scripts be tested before broad deployment?", "back": "Because a script can quickly apply mistakes across many systems, so testing limits the impact of errors before wide rollout."},
{"front": "Why should scripts from unknown sources be reviewed before running?", "back": "Because they could contain malware or unintended commands that could harm the system."},
{"front": "What is one risk of running an automated script that remaps drives or changes settings across many machines?", "back": "A small mistake in the script could be applied to every machine it runs on, causing widespread issues."}
],
"OPS-9": [
{"front": "What does the E-A-L-L memory trick stand for?", "back": "Encryption, Authentication, Least privilege, Logging - key remote access security considerations."},
{"front": "What is the shortcut phrase for remote access?", "back": "Remote access should be approved, authenticated, encrypted, and logged."},
{"front": "What is RDP commonly used for?", "back": "Remote desktop access to Windows systems."},
{"front": "What is SSH commonly used for?", "back": "Secure command-line access to remote systems."},
{"front": "What does a VPN provide?", "back": "An encrypted path into a private network."},
{"front": "What are RMM tools used for?", "back": "Remote monitoring and management - supporting managed monitoring and administration of systems."},
{"front": "List the remote access methods mentioned in the lesson.", "back": "RDP, VPN, VNC, SSH, RMM, SPICE, WinRM, third-party screen sharing, videoconferencing, file transfer, and desktop management tools."},
{"front": "Why is least privilege important for remote access accounts?", "back": "It limits what a remote user or session can do, reducing the impact if the access is misused or compromised."},
{"front": "What should happen with screen sharing sessions due to data exposure risk?", "back": "Get user permission before starting, and close the session afterward to avoid exposing sensitive data."},
{"front": "Why is logging important for remote access?", "back": "It creates a record of who accessed a system remotely and what they did, supporting security and accountability."},
{"front": "What security considerations apply to remote access overall?", "back": "Encryption, authentication, least privilege, user approval, logging, data exposure, and session termination."}
],
"OPS-10": [
{"front": "What does the P-B-H-D memory trick stand for?", "back": "Policy, Bias, Hallucinations, Data privacy - core AI concept areas."},
{"front": "What is the shortcut phrase for AI output?", "back": "AI output is a draft until verified."},
{"front": "What does hallucination mean in the context of AI?", "back": "It means the AI produces confident but false output."},
{"front": "What does bias mean in the context of AI output?", "back": "It means the output can reflect unfair or skewed training data."},
{"front": "Why might public AI tools be a data privacy concern?", "back": "Public AI tools may expose private data depending on policy and configuration."},
{"front": "For what types of content does AI accuracy matter most?", "back": "Technical, legal, medical, financial, and security content."},
{"front": "Name three things a technician should do when using AI tools.", "back": "Follow company AI policy, verify important output, and protect private data (also check source quality and be transparent when policy requires)."},
{"front": "Name three things a technician should NOT do when using AI tools.", "back": "Paste confidential data into unapproved public tools, treat AI output as automatically accurate, or ignore bias and hallucination risk."},
{"front": "Should AI-generated work be submitted as original?", "back": "Not if doing so would violate policy - this relates to plagiarism concerns with AI use."},
{"front": "What AI concept areas does Core 2 expect technicians to be aware of?", "back": "Application integration, policy, appropriate use, plagiarism, bias, hallucinations, accuracy, private vs. public data, and data source concerns."},
{"front": "Why should the source quality of data used by or with AI tools be checked?", "back": "Because data source concerns affect the reliability and appropriateness of AI output, and poor sources can contribute to inaccurate or biased results."}
]
}

234
flashcards/TRB-flashcards.json Normal file
View file

@ -0,0 +1,234 @@
{
"TRB-1": [
{
"front": "A user reports that Windows displays No OS found at startup. What should you check first?",
"back": "Check the boot order in firmware/BIOS, confirm the drive is detected, and check the boot files and startup repair options."
},
{
"front": "A user reports a blue screen of death (BSOD). What should you suspect first?",
"back": "Suspect drivers, hardware, memory, storage, or recent updates, and use Event Viewer, Reliability Monitor, and memory/storage diagnostics to investigate."
},
{
"front": "A user reports that Windows is running slowly overall. What should you check first?",
"back": "Check Task Manager for CPU, memory, disk, and startup load, check available disk space, and review recently installed apps."
},
{
"front": "A user reports that a Windows service is failing to start. What should you check first?",
"back": "Check the Services console for the service status, check its dependencies, and review Event Viewer for related errors."
},
{
"front": "A user reports that their Windows profile takes a very long time to load at sign-in. What should you suspect?",
"back": "Suspect a large profile data set, network profile issues, login scripts, or domain connectivity problems."
},
{
"front": "A user reports that the system clock keeps drifting and showing the wrong time. What should you check?",
"back": "Check the time zone setting, the CMOS battery, and time synchronization settings."
},
{
"front": "A system fails to boot correctly right after a driver update was installed. What is the likely fix?",
"back": "Roll back the driver, or boot into Safe Mode to remove or fix the problematic driver."
},
{
"front": "Applications are crashing and you suspect system file corruption. What two tools should you use?",
"back": "Use SFC (System File Checker) and DISM to repair corrupted system files and the Windows component store."
},
{
"front": "A user reports slow performance and asks you to immediately start changing system settings. What should you do first?",
"back": "Gather evidence first (e.g., Task Manager, disk space, recently installed apps) before making any changes."
},
{
"front": "What's the memory trick for diagnosing common Windows OS problems?",
"back": "B-S-S-A-D-P-T: Boot, Services, Storage, Applications, Drivers, Profiles, Time. A Windows symptom usually points to boot, services, storage, drivers, profile, or time."
},
{
"front": "What does sfc /scannow do? (Windows command)",
"back": "It checks protected Windows system files and attempts to repair any that are corrupted."
},
{
"front": "What does DISM /Online /Cleanup-Image /RestoreHealth do? (Windows command)",
"back": "It repairs the Windows component store, which SFC relies on to repair system files."
},
{
"front": "What does chkdsk do? (Windows command)",
"back": "It checks the file system status of a drive."
},
{
"front": "What does eventvwr.msc do? (Windows command)",
"back": "It opens Event Viewer, which provides logs and error clues for troubleshooting."
},
{
"front": "What does perfmon /rel do? (Windows command)",
"back": "It opens Reliability Monitor, which shows a timeline of system failures and changes."
},
{
"front": "If a Windows system reports low memory warnings or USB controller resource warnings, which category of the B-S-S-A-D-P-T memory trick does this most likely fall under?",
"back": "These point toward storage and drivers (resource and driver-related issues), part of the B-S-S-A-D-P-T framework for Windows symptoms."
}
],
"TRB-2": [
{
"front": "A mobile app fails to launch or repeatedly crashes. What is the troubleshooting flow?",
"back": "Restart the app, restart the device, update the app, update the OS, clear the app cache where supported, and reinstall the app if needed."
},
{
"front": "A mobile app will not install or update. What should you check first?",
"back": "Check available storage, network connectivity, app store account status, and OS compatibility."
},
{
"front": "A user reports their mobile device's battery is draining quickly. What should you check?",
"back": "Review battery usage by app, check screen brightness, disable unnecessary radios, and check for runaway apps."
},
{
"front": "A user reports Bluetooth or Wi-Fi connectivity problems on a mobile device. What is the troubleshooting flow?",
"back": "Toggle the affected radio, forget and reconnect to the network or device, check range and pairing mode, and restart the device if needed."
},
{
"front": "A user reports that screen autorotation is not working on their mobile device. What should you check?",
"back": "Check if rotation lock is enabled, restart the app, and test the device sensors if available."
},
{
"front": "An app cannot be installed on a mobile device. Which two causes are high-probability answers on the exam?",
"back": "Insufficient storage and OS/app compatibility issues."
},
{
"front": "A mobile device fails to pair with a Bluetooth accessory. What should you check?",
"back": "Check that the accessory is in pairing mode, and try forgetting the device and re-pairing it."
},
{
"front": "A mobile issue started right after an OS or app update. What should you investigate?",
"back": "Check for known issues with the update and verify compatibility between the app and the new OS version."
},
{
"front": "Only one app is misbehaving on a mobile device. What should you do before resetting the entire phone?",
"back": "Focus troubleshooting on that specific app (cache, update, reinstall) before considering a full device reset."
},
{
"front": "What's the memory trick for troubleshooting mobile OS and app issues?",
"back": "U-S-P-C-R: Update, Storage, Permissions, Connectivity, Restart/reinstall. Most mobile app problems start with update, storage, permission, or connectivity checks."
},
{
"front": "A user reports random reboots on their mobile device. Under which category of mobile troubleshooting checks would you start investigating?",
"back": "Start with the basic checks: updates, storage, permissions, connectivity, and battery health, since these are the common starting points for most mobile symptoms."
},
{
"front": "What basic checks should be performed for nearly any mobile OS or app problem according to the lesson?",
"back": "Updates, storage, permissions, connectivity, app cache/data, battery health, and compatibility."
},
{
"front": "A user reports an OS update failure on their mobile device. What category of issue does this fall under, and what should you check?",
"back": "It falls under update-related issues; check storage space, network connectivity, and compatibility, similar to app install/update failures."
}
],
"TRB-3": [
{
"front": "What is application spoofing on a mobile device?",
"back": "Application spoofing means a fake app pretends to be a legitimate app, often to trick users into installing malware or giving up data."
},
{
"front": "A user's phone has high network traffic, data usage alerts, and many ads outside the browser. What should you suspect?",
"back": "Suspect malware or unwanted/unauthorized software, and check which app is causing the unusual data usage."
},
{
"front": "A user reports fake antivirus pop-ups and browser redirects on their mobile device. What should you check first?",
"back": "Check the app source - whether apps were installed from the official app store, whether developer names are correct, and whether permissions/reviews look suspicious."
},
{
"front": "Why are rooted or jailbroken devices considered high risk?",
"back": "Rooted or jailbroken devices bypass the normal protections built into the mobile OS, making them more vulnerable to malware and unauthorized access."
},
{
"front": "A managed (company) mobile device is suspected of being compromised. What should you do?",
"back": "Follow company policy, notify support/security, use MDM actions when appropriate, and preserve evidence if required."
},
{
"front": "A personal mobile device is suspected of being compromised by malware. What is the response?",
"back": "Remove suspicious apps, update the OS and apps, run trusted security tools if available, and change passwords from a known-clean device if compromise is suspected."
},
{
"front": "Why do unofficial app stores increase mobile security risk?",
"back": "Apps from unofficial app stores are not vetted the same way as official store apps, which increases the risk of installing malware."
},
{
"front": "What should you check regarding device integrity when investigating a mobile security issue?",
"back": "Check whether the device is rooted or jailbroken, whether developer mode is enabled, and whether installation from unknown sources is allowed."
},
{
"front": "What network and data clues suggest a mobile app may be malicious?",
"back": "One app using unusual amounts of data, traffic spiking when that app is open, or unexpected VPN/proxy settings."
},
{
"front": "What's the memory trick for mobile security issues?",
"back": "R-U-D-A: Root/jailbreak, Unofficial store, Developer mode, Ads/alerts. If the source or control model is untrusted, treat the phone as high risk."
},
{
"front": "A user's mobile device shows leaked personal data and unrecognized apps. What should be the immediate concern?",
"back": "This suggests an unauthorized or malicious app has been installed; check the app source, device integrity (root/jailbreak), and remove suspicious apps."
},
{
"front": "What does it mean for a mobile device's control model to be untrusted, and what should you do if it is?",
"back": "An untrusted control model means the device's source of apps or its root/jailbreak status cannot be trusted; treat the phone as high risk per the lesson's shortcut."
},
{
"front": "List the four main risk factors for mobile security issues mentioned in the lesson.",
"back": "Unofficial app stores, sideloaded applications, developer mode, and rooted or jailbroken devices (also unauthorized apps and application spoofing)."
}
],
"TRB-4": [
{
"front": "A user reports files on their PC are altered, missing, renamed, or inaccessible. What should you suspect?",
"back": "This points to ransomware as the likely cause."
},
{
"front": "A user reports frequent pop-ups and browser redirects. What should you suspect?",
"back": "This points to adware or browser hijacking."
},
{
"front": "A user reports certificate warnings in their browser. What are the possible causes?",
"back": "Certificate warnings can be caused by something malicious, a misconfiguration, or the wrong system time/date on the PC."
},
{
"front": "A PC cannot access the network at all. What should you check?",
"back": "Check for misconfiguration causes such as a bad proxy setting, wrong DNS setting, or a firewall/security tool blocking traffic; also consider malware as a cause."
},
{
"front": "A user reports fake antivirus warnings appearing on their desktop. What should you suspect first?",
"back": "Suspect fake antivirus malware (scareware), and assume compromise until verified."
},
{
"front": "An OS update keeps failing on a PC. What are the possible causes?",
"back": "OS update failure may be caused by malware, file/system corruption, or network problems."
},
{
"front": "A user's web browser has new extensions they didn't install, plus unexpected sync changes and login alerts. What should you suspect?",
"back": "Suspect a compromised account - check for unauthorized browser extensions, unexpected sync changes, and new login alerts."
},
{
"front": "What is the first step in the response flow for a suspected PC security compromise?",
"back": "Identify the symptoms."
},
{
"front": "After identifying symptoms of a suspected active compromise on a PC, what is the next step?",
"back": "Disconnect the PC from the network if active compromise is suspected."
},
{
"front": "After running trusted security tools and removing or quarantining threats from a compromised PC, what should be done next?",
"back": "Update the OS, browser, and security software, then change passwords from a known-clean device if credentials may be compromised, and document findings and actions."
},
{
"front": "What's the memory trick for PC security symptoms?",
"back": "FAN-B: Files changed, Alerts are fake, Network blocked, Browser redirects. Fake alerts plus changed files or redirects means assume compromise until verified."
},
{
"front": "List the categories of common causes for PC security symptoms described in the lesson.",
"back": "Malware (fake antivirus, ransomware, spyware, adware, browser hijackers), misconfiguration (bad proxy, wrong DNS, expired certificate or wrong system time, firewall blocking traffic), and compromised account (unexpected sync changes, unauthorized extensions, new login alerts)."
},
{
"front": "Why might evidence preservation be part of the response flow for a PC security incident?",
"back": "Because policy may require preserving evidence of the compromise before remediation, especially in managed or business environments."
},
{
"front": "A user's PC shows degraded browser performance along with unwanted OS notifications. What should you consider?",
"back": "Consider malware (such as adware or browser hijackers) as well as possible misconfiguration; treat it as a possible compromise per the FAN-B memory trick."
}
]
}

18
lab-log.md Normal file
View file

@ -0,0 +1,18 @@
# Lab Log
## OS-5 Lab: OS and File-System Identification
- Date: 2026-06-11 20:14 CDT
- Lab: OS-5 / Objective 1.1 operating system and file-system identification
- Domain: 1.0 Operating Systems
- Completed: no
- Notes: Quiz completed after study session; hands-on Windows/Linux filesystem identification lab still pending.
- Follow-up: Run the OS-5 lab commands and record OS version, kernel/build, root or main-drive filesystem, and main disk.
Record format:
- Date:
- Lab:
- Domain:
- Completed:
- Notes:
- Follow-up:

42
labs/OPS-1-documentation-support-systems-lab.md Normal file
View file

@ -0,0 +1,42 @@
# Lab OPS-1: Build a Good Ticket
Domain:
- 4.0 Operational Procedures
## Goal
Practice writing a useful ticket from a support scenario.
## Scenario
A user named Jordan says their Windows laptop is slow after sign-in. The device is asset tag LAP-2048. The issue started yesterday after a software update. They need the laptop for a client call in two hours.
## Ticket Fields
Fill in:
- User:
- Device:
- Asset tag:
- Issue summary:
- Category:
- Severity:
- Business impact:
- Troubleshooting steps:
- Escalation needed:
- Resolution:
- Follow-up:
## Asset Check
Record what you would verify:
- Warranty:
- Assigned user:
- Installed software:
- Recent changes:
- Replacement availability:
## What You Should Learn
- Good tickets include user, device, impact, steps, and resolution.
- Asset records support warranty, lifecycle, licensing, and ownership decisions.

35
labs/OPS-10-ai-concepts-lab.md Normal file
View file

@ -0,0 +1,35 @@
# Lab OPS-10: AI Use Decision Practice
Domain:
- 4.0 Operational Procedures
## Goal
Decide whether AI use is appropriate in support scenarios.
## Scenarios
For each, answer allowed, not allowed, or needs approval:
1. Summarize a public vendor knowledge base article.
2. Paste a customer's medical record into a public chatbot.
3. Draft a ticket response without including private data.
4. Ask AI for a PowerShell script, then run it without reading it.
5. Use AI output as a final answer for a security incident without verification.
6. Ask AI to explain a generic error code.
## Verification Checklist
For AI-assisted work, record:
- Data sensitivity:
- Approved tool:
- Source checked:
- Output verified:
- Bias or hallucination risk:
- Policy followed:
## What You Should Learn
- AI can help with drafts and explanations.
- Private data, accuracy, and policy control whether AI use is acceptable.

32
labs/OPS-2-change-management-lab.md Normal file
View file

@ -0,0 +1,32 @@
# Lab OPS-2: Write a Change Request
Domain:
- 4.0 Operational Procedures
## Goal
Practice building a simple change request.
## Scenario
You need to update a department printer driver on 24 workstations.
Fill in:
- Purpose:
- Scope:
- Change type:
- Affected systems:
- Risk level:
- Maintenance window:
- Backup or restore point needed:
- Test plan:
- Rollback plan:
- Approver:
- User communication:
- Success criteria:
## What You Should Learn
- Changes need scope, risk, schedule, approval, testing, and rollback.
- Standard, normal, and emergency changes follow different approval paths.

36
labs/OPS-3-backup-recovery-lab.md Normal file
View file

@ -0,0 +1,36 @@
# Lab OPS-3: Backup Plan Design
Domain:
- 4.0 Operational Procedures
## Goal
Design a backup and recovery plan for a small office.
## Scenario
A five-person office stores contracts, invoices, and customer records on one shared PC.
Fill in:
- Data to back up:
- Backup type:
- Backup schedule:
- Onsite copy:
- Offsite copy:
- Encryption needed:
- Restore test frequency:
- Restore location:
- Responsible person:
## Scenario Questions
1. What happens if the PC drive fails?
2. What happens if ransomware encrypts local files?
3. What happens if the office loses power during backup?
4. How will you prove restores work?
## What You Should Learn
- Backup design must match business risk.
- The restore process must be tested before an emergency.

37
labs/OPS-4-safety-procedures-lab.md Normal file
View file

@ -0,0 +1,37 @@
# Lab OPS-4: Workspace Safety Check
Domain:
- 4.0 Operational Procedures
## Goal
Inspect a work area for safety and ESD risks.
## Checklist
Record:
- Power cords are safe:
- Walkways are clear:
- Cables are managed:
- Food or liquid near equipment:
- ESD mat available:
- Antistatic bag available:
- Heavy items stored safely:
- Fire extinguisher location known:
- Ventilation adequate:
## Scenario Practice
Choose the safe action:
1. Replacing RAM in a desktop.
2. Moving a heavy laser printer.
3. Cleaning dust from inside a PC.
4. Finding a frayed power cord.
5. Storing a removed motherboard.
## What You Should Learn
- Safety procedures reduce injury and equipment damage.
- ESD controls are part of normal component handling.

38
labs/OPS-5-environmental-controls-lab.md Normal file
View file

@ -0,0 +1,38 @@
# Lab OPS-5: Environmental Risk Walkthrough
Domain:
- 4.0 Operational Procedures
## Goal
Identify environmental risks in a home or office workspace.
## Checklist
Record:
- Equipment has ventilation:
- Dust buildup visible:
- Devices near heat source:
- Devices near liquid:
- Surge suppressor present:
- UPS present:
- Battery disposal plan:
- Toner disposal plan:
- Cable airflow blocked:
- Room temperature reasonable:
## Scenario Practice
Choose the best control:
1. Frequent brief power outages.
2. Printer toner replacement.
3. Dust inside desktop vents.
4. Equipment near a heater.
5. Low-voltage events during storms.
## What You Should Learn
- Environmental controls reduce failures and safety risk.
- Power protection, ventilation, cleanup, and disposal are part of IT operations.

26
labs/OPS-6-policy-privacy-licensing-lab.md Normal file
View file

@ -0,0 +1,26 @@
# Lab OPS-6: Policy Decision Practice
Domain:
- 4.0 Operational Procedures
## Goal
Practice deciding which policy concept applies to a scenario.
## Scenarios
For each, identify the policy concept:
1. A technician images a drive for investigation.
2. A user wants to install personally purchased software on a company laptop.
3. A vendor asks for confidential project details.
4. A company must keep financial records for seven years.
5. A login screen warns that activity may be monitored.
6. A technician finds customer medical records.
7. A program is free to download but has redistribution rules.
## What You Should Learn
- Privacy, licensing, evidence, and acceptable use are operational controls.
- Technicians should follow policy instead of improvising on sensitive data.

34
labs/OPS-7-professionalism-lab.md Normal file
View file

@ -0,0 +1,34 @@
# Lab OPS-7: Support Conversation Practice
Domain:
- 4.0 Operational Procedures
## Goal
Practice professional responses to difficult support moments.
## Scenarios
Write a professional response:
1. A user is angry because their laptop failed during a meeting.
2. A user asks you to share another employee's files.
3. A user says, "I'm terrible with computers."
4. A repair will take longer than expected.
5. You need to ask clarifying questions.
## Checklist
Your responses should:
- Acknowledge the issue.
- Avoid blame.
- Ask useful questions.
- Set expectations.
- Protect confidentiality.
- Document next steps.
## What You Should Learn
- Professionalism is part of technical support.
- Communication should reduce confusion, protect privacy, and set clear expectations.

49
labs/OPS-8-scripting-basics-lab.md Normal file
View file

@ -0,0 +1,49 @@
# Lab OPS-8: Script Recognition
Domain:
- 4.0 Operational Procedures
Works on:
- Windows
- Linux
- Optional macOS
## Goal
Recognize common script types and safe script habits.
## Part 1: Match Extensions
Match the extension to the common language:
1. `.ps1`
2. `.bat`
3. `.sh`
4. `.py`
5. `.js`
6. `.vbs`
## Part 2: Safe Review
Before running a script, record:
- Source:
- Purpose:
- Systems affected:
- Required permissions:
- Backup or rollback:
- Test result:
## Part 3: Use Case Practice
Choose a script use case:
1. Install the same app on 40 PCs.
2. Collect hostname and IP address.
3. Restart a service nightly.
4. Copy user files to backup storage.
## What You Should Learn
- Scripts can automate support tasks.
- Unknown scripts should be reviewed and tested before execution.

40
labs/OPS-9-remote-access-lab.md Normal file
View file

@ -0,0 +1,40 @@
# Lab OPS-9: Remote Support Safety Checklist
Domain:
- 4.0 Operational Procedures
## Goal
Build a safe checklist for remote access support.
## Scenario
A user needs help configuring email on a company laptop while working from home.
Fill in:
- Remote access tool:
- User approval method:
- Authentication method:
- Encryption present:
- Least privilege account:
- Sensitive windows closed:
- File transfer needed:
- Session logged:
- Session ended:
- Ticket updated:
## Tool Matching
Match the tool:
1. Secure command line to Linux.
2. Windows graphical remote desktop.
3. Encrypted access into private network.
4. Managed monitoring and administration.
5. User-facing screen sharing.
## What You Should Learn
- Remote access is useful but can expose data.
- Permission, authentication, encryption, and logging are key controls.

71
labs/OS-1-system-inventory-lab.md Normal file
View file

@ -0,0 +1,71 @@
# Lab OS-1: System Inventory
Domain:
- 1.0 Operating Systems
Works on:
- Windows
- Linux
Does not require:
- macOS
## Goal
Build the habit of collecting basic system identity information before troubleshooting.
## Windows Steps
Run:
```powershell
winver
systeminfo
hostname
whoami
wmic os get caption,version,buildnumber,osarchitecture
msinfo32
tpm.msc
```
Record:
- Windows edition:
- Version/build:
- Architecture:
- Host name:
- Current user:
- Total RAM:
- BIOS mode:
- Secure Boot state:
- TPM status/version:
## Linux Steps
Run:
```bash
cat /etc/os-release
uname -a
hostname
whoami
free -h
```
Record:
- Distribution:
- Kernel:
- Architecture:
- Host name:
- Current user:
- Memory:
## What You Should Learn
- `winver` is a quick Windows version check.
- `systeminfo` is a fuller Windows inventory command.
- `hostname` identifies the machine.
- `whoami` identifies the current user.
- `cat /etc/os-release` identifies the Linux distribution.
- `uname -a` shows kernel and architecture details.
- `msinfo32` shows detailed Windows system and firmware information.
- `tpm.msc` checks TPM status and version.

96
labs/OS-10-application-installation-lab.md Normal file
View file

@ -0,0 +1,96 @@
# Lab OS-10: Application Installation Readiness
Domain:
- 1.0 Operating Systems
Works on:
- Windows
- Linux
- Optional macOS
## Goal
Practice checking whether a system meets application requirements before installing software.
## Hypothetical Application
Requirements:
- 64-bit OS
- 8 GB RAM
- 20 GB free storage
- Modern CPU
- Dedicated GPU preferred
- Internet access
- Vendor download or approved package manager
## Windows Steps
Run:
```powershell
systeminfo
wmic os get osarchitecture
Get-Volume
winget --version
```
Record:
- OS:
- Architecture:
- RAM:
- CPU:
- Free storage:
- Package manager available:
- Meets requirements:
- Risk/impact notes:
## Linux Steps
Run:
```bash
cat /etc/os-release
uname -m
lscpu
free -h
df -h
which apt
which dnf
```
Record:
- Distribution:
- Architecture:
- RAM:
- CPU:
- Free storage:
- Package manager:
- Meets requirements:
- Risk/impact notes:
## Optional macOS Steps
Run:
```bash
sw_vers
uname -m
system_profiler SPHardwareDataType
```
Record:
- macOS version:
- Architecture:
- RAM:
- CPU/chip:
- Meets requirements:
- Risk/impact notes:
## What You Should Learn
- Always check OS, architecture, CPU, RAM, storage, and graphics requirements.
- Use trusted distribution methods.
- ISO files are mountable disk images.
- Image deployment can install a full prepared system build.
- Business-critical apps require planning, testing, communication, and rollback.

76
labs/OS-11-cloud-productivity-lab.md Normal file
View file

@ -0,0 +1,76 @@
# Lab OS-11: Cloud Productivity Recognition
Domain:
- 1.0 Operating Systems
Works on:
- Windows
- Linux
- Optional macOS
## Goal
Identify cloud productivity services, sync behavior, identity context, and license-related symptoms.
## Local Inspection Steps
Windows:
```powershell
whoami
hostname
ipconfig /all
dir $env:USERPROFILE
```
Linux:
```bash
whoami
hostname
ip addr
ls ~
```
macOS:
```bash
whoami
hostname
ls ~
```
Record:
- Current user:
- Device name:
- Cloud storage folders found:
- Cloud email service used:
- Collaboration tools used:
- Identity/account used for cloud tools:
## Scenario Practice
Answer in short notes:
1. A user can sign in to the portal but cannot use the spreadsheet app.
- Likely check:
2. A file saved on a laptop does not appear on another device.
- Likely check:
3. A new user was created locally but does not appear in cloud apps.
- Likely check:
4. A department changed tools and several users lost access.
- Likely check:
5. A user wants files available without internet access.
- Likely setting:
## What You Should Learn
- Cloud productivity includes email, storage, sync, collaboration, identity, and licensing.
- Sync settings control whether files are local, online-only, or downloaded on demand.
- Identity sync connects accounts across directories and cloud apps.
- License assignment controls app/service access.

64
labs/OS-2-recovery-info-lab.md Normal file
View file

@ -0,0 +1,64 @@
# Lab OS-2: Recovery and Disk Information
Domain:
- 1.0 Operating Systems
Works on:
- Windows
- Linux
Does not require:
- macOS
## Goal
Practice safe commands that help identify recovery status, file corruption, boot configuration, and disk layout.
## Windows Steps
Run:
```powershell
reagentc /info
sfc /scannow
bcdedit
```
Optional repair command:
```powershell
DISM /Online /Cleanup-Image /RestoreHealth
```
Record:
- Is Windows RE enabled?
- Did SFC find integrity violations?
- What boot loader description appears in `bcdedit`?
- Did DISM complete successfully, if you ran it?
Do not edit BCD settings in this lab.
## Linux Steps
Run:
```bash
lsblk
df -h
```
Record:
- Main disk name:
- Root filesystem:
- Root filesystem free space:
- Any mounted removable drives:
## What You Should Learn
- `reagentc /info` checks Windows Recovery Environment status.
- `sfc /scannow` checks and repairs protected Windows system files.
- `DISM /Online /Cleanup-Image /RestoreHealth` repairs the Windows image/component store.
- `bcdedit` displays boot configuration.
- `lsblk` shows disks and partitions.
- `df -h` shows mounted filesystem usage.

76
labs/OS-3-admin-tools-lab.md Normal file
View file

@ -0,0 +1,76 @@
# Lab OS-3: Administrative Tool Matching
Domain:
- 1.0 Operating Systems
Works on:
- Windows
- Linux comparison practice
Does not require:
- macOS
## Goal
Practice opening the right tool for the right troubleshooting symptom.
## Windows Steps
Run:
```powershell
taskmgr
eventvwr.msc
devmgmt.msc
diskmgmt.msc
services.msc
resmon
perfmon
taskschd.msc
```
Optional, if supported:
```powershell
lusrmgr.msc
```
Record the best tool:
- App is frozen:
- Service failed to start:
- USB device has driver error:
- Need to assign drive letter:
- Need live disk activity:
- Need performance counters over time:
- Need a script to run every day:
- Need to check local group membership:
## Linux Comparison Steps
Run:
```bash
ps aux
top
systemctl status
journalctl -p err
lsblk
```
Record:
- Command for running processes:
- Command for live resource usage:
- Command for service status:
- Command for error logs:
- Command for disks/partitions:
## What You Should Learn
- Event Viewer is for logs.
- Device Manager is for hardware and drivers.
- Services is for background services.
- Disk Management is for partitions, volumes, and drive letters.
- Resource Monitor shows live resource usage.
- Performance Monitor tracks counters over time.
- Task Scheduler automates tasks.

87
labs/OS-4-command-line-lab.md Normal file
View file

@ -0,0 +1,87 @@
# Lab OS-4: Command-Line Troubleshooting
Domain:
- 1.0 Operating Systems
Works on:
- Windows
- Linux
Does not require:
- macOS
## Goal
Build comfort entering commands and interpreting basic troubleshooting output.
## Windows Steps
Run:
```powershell
hostname
whoami
winver
ipconfig
ipconfig /all
ping 127.0.0.1
nslookup example.com
netstat -ano
sfc /scannow
ipconfig /?
```
Record:
- Computer name:
- Current user:
- Windows version/build:
- IPv4 address:
- Default gateway:
- DNS server:
- Loopback ping successful:
- DNS lookup successful:
- One active/listening port:
- SFC result:
## Linux Steps
Run:
```bash
hostname
whoami
ip addr
ping -c 4 127.0.0.1
df -h
ps aux
top
```
Press `q` to exit `top`.
Record:
- Hostname:
- Current user:
- IP address:
- Root filesystem free space:
- One running process:
## Safety Notes
Do not run destructive disk commands in this lab.
Know these for the exam, but do not experiment casually:
- `format`
- `diskpart`
- `robocopy` with mirror/delete options
- `chkdsk /f` or `chkdsk /r` on important disks without planning
## What You Should Learn
- `ipconfig /all` gives detailed IP configuration.
- `ping` tests reachability.
- `nslookup` tests DNS.
- `netstat -ano` shows connections, ports, and process IDs.
- `sfc /scannow` repairs protected Windows system files.
- `/?` shows command help.

66
labs/OS-5-os-filesystem-lab.md Normal file
View file

@ -0,0 +1,66 @@
# Lab OS-5: OS and File-System Identification
Domain:
- 1.0 Operating Systems
Works on:
- Windows
- Linux
Does not require:
- macOS
## Goal
Identify OS family, OS version, and file-system type.
## Windows Steps
Run:
```powershell
winver
wmic logicaldisk get caption,filesystem,size,freespace
Get-Volume
```
Optional:
```powershell
fsutil fsinfo drives
fsutil fsinfo volumeinfo C:
```
Record:
- Windows version:
- Main drive:
- Main drive file system:
- Free space:
- Any removable drives:
## Linux Steps
Run:
```bash
cat /etc/os-release
uname -a
df -T
lsblk -f
```
Record:
- Distribution:
- Kernel:
- Root filesystem:
- Main disk:
- Any removable drives:
## What You Should Learn
- NTFS is the normal modern Windows file system.
- ext4 and XFS are common Linux file systems.
- exFAT is useful for cross-platform removable storage.
- FAT32 is compatible but limited by its 4 GB max file size.
- APFS is Apple's modern file system, but this lab does not require a Mac.

75
labs/OS-6-settings-lab.md Normal file
View file

@ -0,0 +1,75 @@
# Lab OS-6: Windows Settings and Control Panel
Domain:
- 1.0 Operating Systems
Works on:
- Windows
- Linux comparison practice
Does not require:
- macOS
## Goal
Practice opening common Windows configuration areas and matching each area to an exam scenario.
## Windows Steps
Run:
```powershell
control
ms-settings:
appwiz.cpl
ncpa.cpl
firewall.cpl
powercfg.cpl
inetcpl.cpl
control printers
control folders
devmgmt.msc
```
Record the right tool or settings area:
- Uninstall or change a desktop app:
- Turn Windows features on/off:
- Change DNS settings on an adapter:
- Allow an app through Windows Firewall:
- Change sleep/hibernate behavior:
- Change laptop lid behavior:
- Show hidden files:
- Show file extensions:
- Manage a printer:
- Update or roll back a driver:
- Change date/time:
- Change language:
- Set default apps:
## Linux Comparison Steps
Run:
```bash
timedatectl
```
Optional, if available:
```bash
gnome-control-center
nm-connection-editor
```
Record:
- Time zone:
- Desktop settings command available:
- Network editor command available:
## What You Should Learn
- Control Panel still matters for many classic tools.
- Settings is the modern configuration interface.
- `.cpl` commands open Control Panel applets directly.
- `.msc` commands open Microsoft Management Console tools.

74
labs/OS-7-windows-networking-lab.md Normal file
View file

@ -0,0 +1,74 @@
# Lab OS-7: Windows Networking
Domain:
- 1.0 Operating Systems
Works on:
- Windows
- Linux comparison practice
Does not require:
- macOS
## Goal
Practice basic network identification and map common network scenarios to the right Windows settings.
## Windows Steps
Run:
```powershell
ipconfig
ipconfig /all
ping 127.0.0.1
nslookup example.com
net use
ncpa.cpl
firewall.cpl
```
Record:
- IPv4 address:
- Subnet mask:
- Default gateway:
- DNS server:
- DHCP enabled:
- Network adapter name:
- Any mapped drives:
- Current firewall profiles visible:
Scenario matching:
- Need to map `H:` to `\\server\share`:
- Need to remove mapped drive `H:`:
- Need to change DNS manually:
- Need to allow an app through firewall:
- Need stricter settings on public Wi-Fi:
- Need to reduce data usage on a hotspot:
## Linux Comparison Steps
Run:
```bash
ip addr
ip route
cat /etc/resolv.conf
ping -c 4 127.0.0.1
```
Record:
- IP address:
- Default gateway:
- DNS server:
- Loopback test successful:
## What You Should Learn
- `ipconfig /all` gives detailed Windows network settings.
- `169.254.x.x` usually means DHCP failed and APIPA was assigned.
- `net use` displays or maps network drives.
- `ncpa.cpl` opens adapter settings.
- `firewall.cpl` opens Windows Defender Firewall.
- Public network profile is stricter than Private.

69
labs/OS-8-macos-tools-lab.md Normal file
View file

@ -0,0 +1,69 @@
# Lab OS-8: macOS Tools and Feature Recognition
Domain:
- 1.0 Operating Systems
Works on:
- macOS, when available
- Windows/Linux comparison practice when a Mac is unavailable
## Goal
Identify macOS tools and map them to familiar Windows/Linux concepts.
## macOS Steps
Open or inspect:
- Finder
- System Settings
- Spotlight
- Disk Utility
- Terminal
- Time Machine settings
- FileVault settings
- Privacy settings
Run in Terminal:
```bash
sw_vers
whoami
uname -a
ls /Applications
ls /Users
diskutil list
tmutil status
fdesetup status
```
Record:
- macOS version:
- Current user:
- Kernel/architecture:
- One app in `/Applications`:
- FileVault status:
- Time Machine status:
- Main disk/volume:
- Where camera/microphone permissions are controlled:
## Windows/Linux Comparison Steps
Record the closest equivalent:
- Finder:
- System Settings:
- Terminal:
- Disk Utility:
- Time Machine:
- FileVault:
- Spotlight:
- Keychain:
## What You Should Learn
- Finder is the macOS file manager.
- Time Machine is macOS backup.
- FileVault is macOS full disk encryption.
- Keychain stores passwords, certificates, and keys.
- Spotlight is macOS search.
- Disk Utility manages disks and images.

89
labs/OS-9-linux-client-tools-lab.md Normal file
View file

@ -0,0 +1,89 @@
# Lab OS-9: Linux Client Tools
Domain:
- 1.0 Operating Systems
Works on:
- Linux
- Windows comparison practice
## Goal
Practice Linux commands that commonly appear on Core 2.
## Linux Steps
Run:
```bash
cat /etc/os-release
whoami
pwd
ls -l
cat /etc/passwd
cat /etc/hosts
cat /etc/resolv.conf
cat /etc/fstab
ip addr
ip route
df -h
du -h
ps aux
top
```
Press `q` to quit `top`.
Practice file commands:
```bash
mkdir linux-practice
cd linux-practice
echo "Core 2 Linux practice" > notes.txt
cp notes.txt copy.txt
mv copy.txt renamed.txt
grep Linux notes.txt
chmod u+x renamed.txt
ls -l
cd ..
rm -r linux-practice
```
Record:
- Distribution:
- Current user:
- Current directory:
- DNS server:
- Default gateway:
- Root filesystem free space:
- One process name:
- Permission string before/after `chmod u+x`:
## Windows Comparison Steps
Run:
```powershell
dir
taskmgr
nslookup example.com
tracert example.com
```
Record Linux equivalents:
- `dir`:
- Task Manager process view:
- `nslookup`:
- `tracert`:
## What You Should Learn
- `/etc/passwd` lists users.
- `/etc/shadow` stores password hashes and is protected.
- `/etc/hosts` maps names to IPs locally.
- `/etc/resolv.conf` shows DNS resolver settings.
- `/etc/fstab` controls startup mounts.
- `chmod` changes permissions.
- `top` and `ps` show processes.
- `df` and `du` show storage usage.

86
labs/SEC-1-security-controls-lab.md Normal file
View file

@ -0,0 +1,86 @@
# Lab SEC-1: Security Controls and Account Privileges
Domain:
- 2.0 Security
Works on:
- Windows
- Linux
- Optional macOS
## Goal
Practice identifying local account privileges and matching security controls to risks.
## Windows Steps
Run:
```powershell
whoami
whoami /groups
whoami /priv
net user
net localgroup
net localgroup administrators
```
Record:
- Current user:
- Is the user in Administrators?
- One group membership:
- One privilege listed:
- Any account/group that seems high risk:
## Linux Steps
Run:
```bash
whoami
id
groups
sudo -l
```
Record:
- Current user:
- UID:
- Groups:
- Sudo allowed:
## Optional macOS Steps
Run:
```bash
whoami
id
groups
```
Record:
- Current user:
- UID:
- Groups:
## Control Matching
Match the best control:
- Stop vehicles from reaching a building:
- Prevent one person from following another through a secure door:
- Store privileged passwords and grant temporary admin access:
- Stop confidential files from being emailed:
- Require phones to use PINs and allow remote wipe:
- Authenticate once and access multiple cloud apps:
- Give users only the access required for their work:
## What You Should Learn
- Local group membership affects privileges.
- Least privilege reduces risk.
- MFA proves identity using multiple factor types.
- DLP protects sensitive data from leakage.
- MDM centrally manages mobile devices and policies.
- PAM/JIT control privileged access.

119
labs/SEC-10-soho-network-security-lab.md Normal file
View file

@ -0,0 +1,119 @@
# Lab SEC-10: SOHO Network Security Inspection
Domain:
- 2.0 Security
Works on:
- Windows
- Linux
- Optional macOS
## Goal
Inspect local network information and practice SOHO hardening decisions without changing router settings.
Do not change router settings, passwords, firmware, port forwarding, guest networks, or Wi-Fi settings during this lab unless you own/administer the router and intentionally choose to do that outside the lab.
## Windows Steps
Run:
```powershell
ipconfig
Get-NetConnectionProfile
netsh wlan show interfaces
```
Record:
- IPv4 address:
- Default gateway:
- Network profile:
- Wi-Fi SSID:
- Wi-Fi authentication type:
- Wi-Fi cipher:
What the commands show:
- `ipconfig` shows IP address and default gateway.
- `Get-NetConnectionProfile` shows whether Windows treats the network as Public or Private.
- `netsh wlan show interfaces` shows connected Wi-Fi details.
## Linux Steps
Run:
```bash
ip route
nmcli connection show --active
nmcli dev wifi list
```
Record:
- Default gateway:
- Active connection:
- Connected SSID, if shown:
- Security type for your Wi-Fi, if shown:
What the commands show:
- `ip route` shows the path to the router.
- `nmcli connection show --active` shows active NetworkManager connections.
- `nmcli dev wifi list` shows Wi-Fi networks and security, when supported.
If `nmcli` is not installed, record that and continue.
## Optional macOS Steps
Run:
```bash
route -n get default
networksetup -getairportnetwork en0
system_profiler SPAirPortDataType
```
Record:
- Default gateway:
- Connected Wi-Fi network:
- Security type, if shown:
What the commands show:
- `route -n get default` shows the default router.
- `networksetup -getairportnetwork en0` shows the connected Wi-Fi network on many Macs.
- `system_profiler SPAirPortDataType` shows detailed Wi-Fi information.
## Router Hardening Checklist
Answer based on your own router if you administer it, or as a paper exercise if you do not.
Record:
- Was the default admin password changed?
- Is firmware update status known?
- Is remote administration disabled or restricted?
- Is UPnP disabled unless needed?
- Is Wi-Fi using WPA2 or WPA3?
- Is the SSID non-personal and non-default?
- Is guest network disabled or isolated?
- Are router and network devices physically protected?
- Is content filtering or parental control needed?
## Scenario Matching
Choose the best SOHO security action:
1. A router still uses the factory admin password.
2. A router has a known security vulnerability.
3. A game console requires inbound connectivity, but UPnP is currently enabled for every device.
4. Visitors need Internet but should not access office computers.
5. A Wi-Fi network is open with no password.
6. A router admin page is reachable from the Internet.
7. A business hosts a public service but wants to separate it from internal PCs.
## What You Should Learn
- The default gateway is usually the router.
- Router admin credentials must not remain default.
- Firmware updates patch router vulnerabilities.
- WPA2/WPA3 protects Wi-Fi better than open access.
- UPnP can open inbound ports without approval.
- Guest networks should be isolated and encrypted.
- A screened subnet separates public services from internal systems.

122
labs/SEC-11-browser-security-lab.md Normal file
View file

@ -0,0 +1,122 @@
# Lab SEC-11: Browser Security Inspection
Domain:
- 2.0 Security
Works on:
- Windows
- Linux
- Optional macOS
## Goal
Inspect browser security settings and practice safe browser decisions without deleting important data.
Do not clear saved passwords, reset the browser, remove profiles, or uninstall extensions during this lab unless you intentionally choose to do that outside the lab.
## Part 1: Version and Update Check
Open your main browser and inspect:
- Browser name:
- Browser version:
- Update status:
- Whether automatic updates appear enabled:
Common paths:
- Chrome: Menu > Help > About Google Chrome
- Edge: Menu > Help and feedback > About Microsoft Edge
- Firefox: Menu > Help > About Firefox
- Safari: Apple menu > System Settings > General > Software Update
## Part 2: Extension Review
Inspect installed extensions.
Record:
- Number of installed extensions:
- One extension name:
- Why it is needed:
- Whether its source appears trusted:
- One permission it has, if shown:
Do not remove anything during the lab unless you know the impact.
## Part 3: Privacy and Site Data
Inspect privacy settings.
Record:
- Pop-up blocker status:
- Third-party cookie or tracking protection setting:
- Saved passwords area found:
- Clear browsing data area found:
- Browser sync status:
- Notification permissions area found:
Do not clear saved passwords or reset settings.
## Part 4: Commands
Windows PowerShell:
```powershell
start ms-settings:dateandtime
Get-FileHash "$env:USERPROFILE\Downloads\example.exe"
```
Record:
- Date/time appears correct:
- What happened when checking the example file:
If the example file does not exist, record that. Do not download a random file just for this lab.
Linux:
```bash
date
sha256sum ~/Downloads/example-file
```
Record:
- Date/time output:
- What happened when checking the example file:
If the example file does not exist, record that. Do not download a random file just for this lab.
Optional macOS:
```bash
date
shasum -a 256 ~/Downloads/example-file
open -b com.apple.Safari
```
Record:
- Date/time output:
- What happened when checking the example file:
- Safari opened:
If the example file does not exist, record that. Do not download a random file just for this lab.
## Part 5: Scenario Matching
Choose the best browser security action:
1. A user downloaded a browser installer from an unfamiliar third-party website.
2. A browser warns that a banking site certificate is invalid.
3. A user has 18 extensions and cannot explain why most are installed.
4. A site is broken after a recent update and keeps loading old content.
5. A user thinks private browsing hides activity from the employer network.
6. A company wants browser traffic filtered and logged centrally.
7. A user reuses the same password on many websites.
## What You Should Learn
- Browser installers should come from trusted sources.
- Hashes verify file integrity when a known-good hash is provided.
- Updates patch browser vulnerabilities.
- Extensions are useful but can be dangerous.
- Certificate warnings should be investigated.
- Private browsing protects local session traces, not full network privacy.
- Browser sync and password managers need strong account protection.

99
labs/SEC-2-windows-security-settings-lab.md Normal file
View file

@ -0,0 +1,99 @@
# Lab SEC-2: Windows Security Settings
Domain:
- 2.0 Security
Works on:
- Windows
- Linux/macOS comparison where available
## Goal
Inspect Windows security settings without weakening protections.
## Windows Steps
Run:
```powershell
windowsdefender:
firewall.cpl
wf.msc
whoami
whoami /groups
net user
net localgroup administrators
manage-bde -status
gpresult /r
cipher /?
```
Record:
- Defender status:
- Defender definition/update status:
- Active firewall profile:
- Current user:
- Local users visible:
- Administrators group members:
- BitLocker status:
- Group Policy result available:
- What `cipher` is used for:
## Permissions Review
Create or choose a non-critical test folder.
1. Open folder Properties.
2. Open the Security tab.
3. View groups/users.
4. View Advanced permissions.
5. Check whether inheritance is enabled.
Do not remove permissions in this lab.
Record:
- One group/user:
- One allowed permission:
- Inheritance enabled:
- Owner:
## Linux Comparison
Run:
```bash
whoami
id
groups
```
Record:
- Current user:
- Groups:
- Sudo/admin indication:
## macOS Comparison
Run if you have Mac access:
```bash
whoami
id
groups
fdesetup status
```
Record:
- Current user:
- Groups:
- FileVault status:
## What You Should Learn
- Defender and Firewall are managed from Windows Security/Control Panel tools.
- NTFS permissions apply locally and over the network.
- Share permissions apply only over the network.
- BitLocker protects volumes.
- EFS protects individual NTFS files/folders.
- Group Policy is checked with `gpresult` and refreshed with `gpupdate`.

92
labs/SEC-3-wireless-security-lab.md Normal file
View file

@ -0,0 +1,92 @@
# Lab SEC-3: Wireless Security Inspection
Domain:
- 2.0 Security
Works on:
- Windows
- Linux
- Optional macOS
## Goal
Inspect wireless security settings without changing router configuration.
## Windows Steps
Run:
```powershell
netsh wlan show interfaces
netsh wlan show profiles
ipconfig /all
ncpa.cpl
```
Record:
- SSID:
- Authentication:
- Cipher:
- Wi-Fi adapter name:
- DHCP enabled:
- DNS server:
## Linux Steps
Run:
```bash
nmcli device status
nmcli connection show
ip addr
```
Optional:
```bash
iw dev
```
Record:
- Wireless interface:
- Active connection:
- IP address:
- Tool availability:
## Optional macOS Steps
Run:
```bash
networksetup -listallhardwareports
```
Optional, if available:
```bash
airport -I
```
Record:
- Wi-Fi hardware port:
- SSID/security details if visible:
## Scenario Matching
Choose the best answer:
- Home network, newest supported security:
- Business Wi-Fi with individual user login:
- Legacy setting that should be replaced:
- Strong encryption used with WPA2:
- Authentication server for 802.1X:
- Microsoft domain authentication:
- Cisco/network device admin authentication:
## What You Should Learn
- WEP and TKIP are weak/legacy choices.
- WPA2-AES is a common secure baseline.
- WPA3 is preferred when supported.
- Personal mode uses a shared password.
- Enterprise mode uses individual authentication, usually with RADIUS.

84
labs/SEC-4-malware-response-lab.md Normal file
View file

@ -0,0 +1,84 @@
# Lab SEC-4: Malware Recognition and Safe Inspection
Domain:
- 2.0 Security
Works on:
- Windows
- Linux
- Optional macOS
## Goal
Practice safe inspection commands and malware/tool matching. Do not download or run malware.
## Windows Steps
Run:
```powershell
windowsdefender:
taskmgr
resmon
eventvwr.msc
netstat -ano
Get-Process | Sort-Object CPU -Descending | Select-Object -First 10
```
Record:
- Defender status:
- Highest CPU process:
- Highest memory process:
- One listening port or connection:
- One log area you would inspect after suspected malware:
## Linux Steps
Run:
```bash
top
ps aux
ss -tulpn
journalctl -p err
```
Record:
- Highest CPU process:
- One listening service:
- One recent error:
- One process you would investigate further:
## Optional macOS Steps
Run:
```bash
top
ps aux
```
Record:
- Highest CPU process:
- One unfamiliar process to research:
## Tabletop Scenarios
For each, write likely malware/tool/next action.
1. User files are encrypted and a payment note appears.
2. A free installer added browser toolbars and pop-up ads.
3. CPU stays near 100% while the system is idle.
4. A laptop shows signs of surveillance: location tracking, microphone access, screenshots.
5. A system has a suspected boot-level infection and normal tools cannot remove it.
6. Users receive malicious email attachments before endpoint tools can stop them.
7. Security team wants endpoint behavior detection and isolation.
## What You Should Learn
- Malware type is identified by behavior.
- EDR responds on endpoints.
- MDR is managed by a third party.
- XDR correlates endpoint/network/cloud data.
- Severe persistent infections may require reimage/reinstall.

63
labs/SEC-5-social-engineering-scenario-lab.md Normal file
View file

@ -0,0 +1,63 @@
# Lab SEC-5: Social Engineering and Attack Scenario Matching
Domain:
- 2.0 Security
Works on:
- Windows
- Linux
- Scenario/tabletop practice
## Goal
Recognize common social engineering and attack patterns. This lab does not perform attacks.
## Safe Inspection Commands
Windows:
```powershell
arp -a
netstat -ano
ipconfig /all
whoami /groups
```
Linux:
```bash
ip neigh
ss -tulpn
ip route
id
```
Record:
- Default gateway:
- One ARP/neighbor entry:
- One listening port or active connection:
- Current user/group context:
## Scenario Matching
For each scenario, identify the attack and one mitigation.
1. A text message says your package cannot be delivered unless you click a link.
2. A caller says they are from IT and need your MFA code.
3. An email to payroll requests changing direct deposit information.
4. An attacker sets up a fake coffee shop Wi-Fi network with the same name as the real one.
5. A user lets someone into a locked building because they say they forgot their badge.
6. A website comment field stores malicious JavaScript that runs for every visitor.
7. A login system is attacked with millions of password guesses.
8. A vendor update installs a backdoor.
9. A web form lets an attacker change a database query.
10. A service is unavailable because thousands of systems flood it with traffic.
## What You Should Learn
- Social engineering attacks exploit trust and urgency.
- Web attacks often target unsafe input handling.
- DDoS uses many attack sources.
- Evil twins imitate trusted Wi-Fi.
- Supply chain attacks abuse trusted vendors or updates.

76
labs/SEC-6-malware-removal-tabletop-lab.md Normal file
View file

@ -0,0 +1,76 @@
# Lab SEC-6: Malware Removal Process Tabletop
Domain:
- 2.0 Security
Works on:
- Windows
- Tabletop/scenario practice
## Goal
Practice the malware removal order without working on live malware.
## Safe Windows Inspection
Run or open:
```powershell
windowsdefender:
taskmgr
resmon
SystemPropertiesProtection
```
Optional reboot command to know, but do not run unless you are ready to restart:
```powershell
shutdown /r /o /t 0
```
Record:
- Defender status:
- Highest CPU process:
- System Protection enabled:
- Where you would find Advanced Startup:
## Process Drill
Write the 10 steps from memory:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
## Next-Step Scenarios
Identify the next correct step.
1. User reports browser redirects and fake security alerts.
2. You verify symptoms and identify likely malware.
3. The infected system is still on the network.
4. The system is quarantined.
5. System Restore is disabled.
6. Remediation is complete.
7. Anti-malware is updated.
8. Scan/removal fails and system trust is low.
9. Known-good image is restored.
10. Scheduled scans and updates are enabled.
11. System Protection is re-enabled.
## What You Should Learn
- Quarantine comes early.
- Disable System Restore before remediation.
- Update anti-malware before scanning/removal.
- Reimage/reinstall when cleanup cannot be trusted.
- Re-enable System Protection only after cleanup.
- User education is part of the process.

94
labs/SEC-7-workstation-hardening-lab.md Normal file
View file

@ -0,0 +1,94 @@
# Lab SEC-7: Workstation Hardening Inspection
Domain:
- 2.0 Security
Works on:
- Windows
- Linux
- Optional macOS
## Goal
Inspect workstation hardening settings without weakening the system.
## Windows Steps
Run:
```powershell
manage-bde -status
net accounts
net user
net localgroup administrators
services.msc
ms-settings:autoplay
```
Optional, when ready to test locking:
```powershell
rundll32.exe user32.dll,LockWorkStation
```
Record:
- BitLocker status:
- Password expiration/lockout settings:
- Local users:
- Local Administrators group:
- AutoPlay setting:
- One running service to research:
Do not disable services in this lab unless you know the impact.
## Linux Steps
Run:
```bash
id
sudo -l
systemctl --type=service --state=running
lsblk -f
```
Record:
- User/group identity:
- Sudo permissions:
- One running service:
- Disk/filesystem info:
## Optional macOS Steps
Run:
```bash
fdesetup status
id
groups
```
Record:
- FileVault status:
- User/group identity:
## Scenario Matching
Choose the best hardening action:
1. A laptop is lost in an airport.
2. A shared workstation allows automatic login.
3. A router still uses admin/admin.
4. USB drives automatically open when inserted.
5. A contractor account should stop working next week.
6. A user is a local administrator but only needs standard access.
7. An unused remote service is listening on the network.
## What You Should Learn
- Hardening reduces attack surface.
- Encryption protects data at rest.
- Screen locks protect unattended devices.
- Strong passwords and lockout reduce brute force risk.
- Unused services and default accounts/passwords increase risk.

117
labs/SEC-8-mobile-device-security-lab.md Normal file
View file

@ -0,0 +1,117 @@
# Lab SEC-8: Mobile Device Security Inspection
Domain:
- 2.0 Security
Works on:
- Android phone or tablet
- iPhone or iPad
- Optional Windows, Linux, or macOS browser for account-security review
## Goal
Inspect mobile device security settings without changing risky controls.
Do not erase, wipe, reset, unenroll, remove accounts, remove trusted devices, or turn off security features during this lab.
## Android Steps
Settings names vary by manufacturer. Look for the closest match.
Inspect and record:
- OS version:
- Security patch level:
- Screen lock type:
- Whether fingerprint or face unlock is enabled:
- Whether device encryption is shown as enabled:
- Find My Device status:
- Backup status:
- App update setting in Google Play:
- Unknown app install or sideloading setting:
- Any work profile or device management entry:
- Content restriction or parental control setting, if present:
Useful paths to check:
- Settings > Security and privacy
- Settings > Lock screen
- Settings > Passwords and accounts
- Settings > Google > Find My Device
- Settings > System > System update
- Settings > Apps > Special app access > Install unknown apps
- Google Play > Profile icon > Settings > Network preferences > Auto-update apps
## iPhone or iPad Steps
Inspect and record:
- iOS or iPadOS version:
- Screen lock type:
- Face ID or Touch ID status:
- Find My status:
- iCloud Backup status:
- Automatic updates status:
- App update setting:
- VPN & Device Management profiles, if present:
- Content & Privacy Restrictions status:
Useful paths to check:
- Settings > General > About
- Settings > Face ID & Passcode or Touch ID & Passcode
- Settings > Apple Account > Find My
- Settings > Apple Account > iCloud > iCloud Backup
- Settings > General > Software Update > Automatic Updates
- Settings > App Store > App Updates
- Settings > General > VPN & Device Management
- Settings > Screen Time > Content & Privacy Restrictions
## Optional Computer Account Review
Use only the account that belongs to you.
Windows:
```powershell
start https://account.microsoft.com/devices
start https://myaccount.google.com/security
```
Linux:
```bash
xdg-open https://myaccount.google.com/security
```
macOS:
```bash
open https://appleid.apple.com
```
Record:
- One registered device:
- One security alert or recent activity item, if any:
- Whether recovery email/phone is configured:
- Whether two-factor or multifactor authentication is enabled:
Do not remove devices or change recovery settings during this lab unless you intentionally choose to do that later outside the lab.
## Scenario Matching
Choose the best mobile security action:
1. A user loses a company phone that contains email and files.
2. A company wants all phones to require passcodes and encryption.
3. A personal phone is allowed to access company email.
4. A phone has not received security patches for months.
5. A user installed an app from an unknown website.
6. A parent wants to block adult websites on a child device.
7. A phone is probably stolen and cannot be recovered.
## What You Should Learn
- Mobile security starts with lock method and encryption.
- MDM centrally enforces mobile security settings.
- BYOD requires clear policy because personal and company data share one device.
- Locator, lock, backup, and wipe are the main lost-device responses.
- OS and app updates are security controls.
- Sideloading increases malware risk, especially on Android.

122
labs/SEC-9-data-destruction-lab.md Normal file
View file

@ -0,0 +1,122 @@
# Lab SEC-9: Data Destruction Decision Practice
Domain:
- 2.0 Security
Works on:
- Windows
- Linux
- Optional macOS
## Goal
Practice data destruction decisions and safely demonstrate the difference between deletion and secure destruction concepts.
Do not wipe, format, shred, degauss, reset, or destroy any real drive for this lab.
## Part 1: Safe File Deletion Demo
Windows PowerShell:
```powershell
New-Item -ItemType Directory -Path "$env:USERPROFILE\AplusDataDestructionLab"
"Practice data" | Set-Content "$env:USERPROFILE\AplusDataDestructionLab\test.txt"
Get-ChildItem "$env:USERPROFILE\AplusDataDestructionLab"
Remove-Item "$env:USERPROFILE\AplusDataDestructionLab\test.txt"
Get-ChildItem "$env:USERPROFILE\AplusDataDestructionLab"
```
Record:
- Folder created:
- Test file visible before deletion:
- Test file visible after deletion:
- Why this was not secure destruction:
Linux:
```bash
mkdir -p ~/aplus-data-destruction-lab
printf "Practice data\n" > ~/aplus-data-destruction-lab/test.txt
ls -l ~/aplus-data-destruction-lab
rm ~/aplus-data-destruction-lab/test.txt
ls -l ~/aplus-data-destruction-lab
```
Record:
- Folder created:
- Test file visible before deletion:
- Test file visible after deletion:
- Why this was not secure destruction:
Optional macOS:
```bash
mkdir -p ~/aplus-data-destruction-lab
printf "Practice data\n" > ~/aplus-data-destruction-lab/test.txt
ls -l ~/aplus-data-destruction-lab
rm ~/aplus-data-destruction-lab/test.txt
ls -l ~/aplus-data-destruction-lab
```
Record:
- Folder created:
- Test file visible before deletion:
- Test file visible after deletion:
- Why this was not secure destruction:
## Part 2: Storage Inspection
Windows:
```powershell
Get-Volume
```
Record:
- Main drive letter:
- File system:
- Any removable drives listed:
Linux:
```bash
lsblk -f
```
Record:
- Main device name:
- File system:
- Any removable drives listed:
Optional macOS:
```bash
diskutil list
```
Record:
- Main disk identifier:
- File system or container type:
- Any removable drives listed:
## Part 3: Method Matching
Choose the best destruction method:
1. A laptop hard drive will be reused by another employee.
2. A failed hard drive contains financial records and will be discarded.
3. An SSD contains sensitive data and is being retired.
4. A magnetic tape backup must be destroyed.
5. A vendor destroys 200 company drives.
6. A single sensitive file must be removed while the computer remains in service.
7. A user quick-formatted a drive and wants to know whether the data is safely gone.
## What You Should Learn
- Delete removes normal access, but it is not secure data destruction.
- Quick format is not the same as a full overwrite.
- Whole-drive wiping is for reuse.
- Physical destruction is for disposal.
- Degaussing is for magnetic media, not SSDs or flash.
- A certificate of destruction provides an audit trail.

72
labs/TRB-1-windows-os-issues-lab.md Normal file
View file

@ -0,0 +1,72 @@
# Lab TRB-1: Windows OS Troubleshooting Evidence
Domain:
- 3.0 Software Troubleshooting
Works on:
- Windows
- Linux comparison optional
## Goal
Practice gathering evidence for Windows OS symptoms without making risky changes.
## Part 1: Resource Check
Windows:
```powershell
taskmgr
perfmon /rel
eventvwr.msc
```
Record:
- Highest CPU process:
- Highest memory process:
- One Reliability Monitor event:
- One Windows log you opened:
## Part 2: System Repair Commands
Do not interrupt these commands if you run them.
```powershell
sfc /verifyonly
DISM /Online /Cleanup-Image /CheckHealth
chkdsk
```
Record:
- SFC result:
- DISM result:
- CHKDSK result:
## Part 3: Startup and Services
Open:
- Task Manager > Startup apps
- Services console
Record:
- One enabled startup app:
- One stopped service:
- Whether the stopped service appears normal or suspicious:
## Part 4: Scenario Practice
Match the next step:
1. Windows says no OS found.
2. A service fails to start after boot.
3. A system blue-screens after a driver update.
4. A user reports the PC is slow after login.
5. The clock keeps drifting.
## What You Should Learn
- Troubleshooting starts with symptoms and evidence.
- Event Viewer and Reliability Monitor help build a timeline.
- SFC, DISM, and CHKDSK support repair decisions.
- Startup apps, services, drivers, storage, and time settings are common Windows issue areas.

56
labs/TRB-2-mobile-os-app-issues-lab.md Normal file
View file

@ -0,0 +1,56 @@
# Lab TRB-2: Mobile App Troubleshooting Checklist
Domain:
- 3.0 Software Troubleshooting
Works on:
- Android
- iOS
## Goal
Practice safe mobile troubleshooting checks without deleting personal data.
## Part 1: Pick One App
Choose a noncritical app.
Record:
- App name:
- App version if visible:
- Last update status:
- Storage used by the app:
- Permissions granted:
## Part 2: Battery and Storage
Record:
- Available device storage:
- Top battery-using app:
- Battery saver mode status:
- OS update status:
## Part 3: Connectivity
Record:
- Wi-Fi connected:
- Bluetooth enabled:
- NFC enabled, if present:
- Airplane mode off:
## Part 4: Scenario Matching
Choose the best first checks:
1. App will not install.
2. Bluetooth headphones will not pair.
3. Phone battery drains quickly.
4. Screen will not rotate.
5. App crashes after launch.
## What You Should Learn
- Mobile troubleshooting is usually low-risk checks first.
- Storage, updates, permissions, and connectivity solve many app issues.
- Avoid factory reset unless simpler steps fail and data is backed up.

54
labs/TRB-3-mobile-security-issues-lab.md Normal file
View file

@ -0,0 +1,54 @@
# Lab TRB-3: Mobile Security Inspection
Domain:
- 3.0 Software Troubleshooting
Works on:
- Android
- iOS
## Goal
Inspect mobile security signals without installing or removing apps.
## Part 1: App Source Review
Pick three installed apps and record:
- App name:
- Source or store if visible:
- Developer name if visible:
- Permissions that seem sensitive:
## Part 2: Device Controls
Record:
- OS update status:
- Unknown sources or sideloading status if visible:
- Developer mode status if visible:
- VPN status:
- Device management profile or MDM status if visible:
## Part 3: Data and Battery Signals
Record:
- Highest mobile data user:
- Highest battery user:
- Any app you do not recognize:
- Any unexpected ads, redirects, or warnings:
## Part 4: Scenario Practice
Choose the risk:
1. User installed a bank app from a link in a text message.
2. Phone shows ads when no browser is open.
3. Device is jailbroken.
4. A weather app uses large amounts of background data.
5. Fake virus warnings appear repeatedly.
## What You Should Learn
- Mobile compromise often looks like odd app behavior, ads, or data usage.
- Rooting, jailbreaking, sideloading, and unofficial stores raise risk.
- Managed devices should follow organization policy and MDM procedures.

53
labs/TRB-4-pc-security-symptoms-lab.md Normal file
View file

@ -0,0 +1,53 @@
# Lab TRB-4: PC Security Symptom Triage
Domain:
- 3.0 Software Troubleshooting
Works on:
- Windows
- Linux comparison optional
## Goal
Practice security symptom triage without changing browser profiles or deleting files.
## Part 1: Browser Checks
Record:
- Browser extension count:
- Default search engine:
- Proxy setting location found:
- Certificate warning seen on normal sites, yes or no:
- Pop-up and notification permissions location found:
## Part 2: Windows Checks
Windows:
```powershell
Get-ComputerInfo | Select-Object OsName,OsVersion
Get-Date
netsh winhttp show proxy
```
Record:
- OS version:
- System date/time:
- Proxy status:
## Part 3: Scenario Triage
For each symptom, list likely cause and first action:
1. Files are renamed and cannot be opened.
2. Browser searches redirect to an unfamiliar site.
3. Fake antivirus warnings demand payment.
4. Windows Update fails on a previously infected PC.
5. A banking site certificate warning appears.
## What You Should Learn
- Security troubleshooting starts with symptoms and risk.
- Some symptoms require isolation before normal repair.
- Browser settings, proxy settings, date/time, and extensions can explain many security symptoms.

37
mind-maps/core2-overview.md Normal file
View file

@ -0,0 +1,37 @@
# Core 2 Overview Mind Map
```text
CompTIA A+ Core 2 220-1202
|
|-- 1.0 Operating Systems (28%)
| |-- Windows installation and upgrade
| |-- Windows tools and settings
| |-- Command-line tools
| |-- macOS basics
| |-- Linux basics
| |-- Mobile OS configuration
|
|-- 2.0 Security (28%)
| |-- Authentication and authorization
| |-- Malware types and removal
| |-- Wireless and SOHO security
| |-- Device hardening
| |-- Data protection and encryption
| |-- Social engineering
|
|-- 3.0 Software Troubleshooting (23%)
| |-- Windows startup and OS symptoms
| |-- Application crashes and performance
| |-- Browser and network software issues
| |-- Mobile app and connectivity problems
| |-- Malware symptoms
|
|-- 4.0 Operational Procedures (21%)
|-- Documentation and ticketing
|-- Change management
|-- Safety and ESD
|-- Backup and recovery
|-- Professional communication
|-- Remote support practices
```

225
mind-maps/core2-status.html Normal file
View file

@ -0,0 +1,225 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>CompTIA A+ Core 2 Status Mind Map</title>
<style>
:root {
--bg: #f7f8fb;
--ink: #17202a;
--muted: #5d6978;
--line: #cfd6df;
--not-started: #e6e9ee;
--studying: #ffe08a;
--needs-review: #ffb3a7;
--good: #9ed8ff;
--strong: #9be7b0;
--card: #ffffff;
}
* { box-sizing: border-box; }
body {
margin: 0;
font-family: Arial, Helvetica, sans-serif;
color: var(--ink);
background: var(--bg);
}
header {
padding: 24px;
border-bottom: 1px solid var(--line);
background: var(--card);
}
h1 {
margin: 0 0 8px;
font-size: 28px;
letter-spacing: 0;
}
.meta {
color: var(--muted);
font-size: 14px;
}
.legend {
display: flex;
flex-wrap: wrap;
gap: 10px;
margin-top: 16px;
}
.pill {
display: inline-flex;
align-items: center;
gap: 8px;
border: 1px solid var(--line);
border-radius: 6px;
padding: 6px 9px;
background: var(--card);
font-size: 13px;
}
.dot {
width: 12px;
height: 12px;
border-radius: 50%;
border: 1px solid rgba(0,0,0,.18);
}
main {
padding: 24px;
max-width: 1280px;
margin: 0 auto;
}
.map {
display: grid;
grid-template-columns: repeat(4, minmax(220px, 1fr));
gap: 16px;
}
section {
background: var(--card);
border: 1px solid var(--line);
border-radius: 8px;
overflow: hidden;
}
section h2 {
margin: 0;
padding: 14px 16px;
font-size: 18px;
border-bottom: 1px solid var(--line);
}
.weight {
display: block;
margin-top: 4px;
color: var(--muted);
font-size: 13px;
font-weight: normal;
}
ul {
list-style: none;
margin: 0;
padding: 12px;
}
li {
border: 1px solid var(--line);
border-radius: 6px;
padding: 10px;
margin-bottom: 8px;
min-height: 58px;
}
li:last-child { margin-bottom: 0; }
.topic {
display: block;
font-weight: bold;
font-size: 14px;
}
.status {
display: block;
margin-top: 5px;
color: var(--muted);
font-size: 12px;
}
.not-started { background: var(--not-started); }
.studying { background: var(--studying); }
.needs-review { background: var(--needs-review); }
.good { background: var(--good); }
.strong { background: var(--strong); }
@media (max-width: 1000px) {
.map { grid-template-columns: repeat(2, minmax(220px, 1fr)); }
}
@media (max-width: 560px) {
main, header { padding: 16px; }
.map { grid-template-columns: 1fr; }
h1 { font-size: 23px; }
}
</style>
</head>
<body>
<header>
<h1>CompTIA A+ Core 2 Status Mind Map</h1>
<div class="meta">Exam: 220-1202 | Last updated: 2026-06-10 | Quizzes happen after study sections.</div>
<div class="legend" aria-label="Status legend">
<span class="pill"><span class="dot not-started"></span>Not started</span>
<span class="pill"><span class="dot studying"></span>Studying</span>
<span class="pill"><span class="dot needs-review"></span>Needs review</span>
<span class="pill"><span class="dot good"></span>Good</span>
<span class="pill"><span class="dot strong"></span>Strong</span>
</div>
</header>
<main>
<div class="map">
<section>
<h2>Operating Systems <span class="weight">28% | Current: studying OS-1</span></h2>
<ul>
<li class="strong"><span class="topic">1.1 OS types and file systems</span><span class="status">Strong: studied 2026-06-11, quiz 7/7; lab pending</span></li>
<li class="not-started"><span class="topic">1.2 OS installation and upgrade</span><span class="status">Ready: OS-2 lesson, lab, and quiz created</span></li>
<li class="studying"><span class="topic">1.3 Windows editions and requirements</span><span class="status">Studying: OS-1 lesson created, quiz pending</span></li>
<li class="not-started"><span class="topic">1.4 Windows tools</span><span class="status">Ready: OS-3 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">1.5 Windows command line</span><span class="status">Ready: OS-4 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">1.6 Windows Control Panel and Settings</span><span class="status">Ready: OS-6 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">1.7 Windows networking</span><span class="status">Ready: OS-7 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">1.8 macOS tools and features</span><span class="status">Ready: OS-8 lesson, optional Mac lab, and quiz created</span></li>
<li class="not-started"><span class="topic">1.9 Linux client tools</span><span class="status">Ready: OS-9 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">1.10 Application installation requirements</span><span class="status">Ready: OS-10 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">1.11 Cloud productivity tools</span><span class="status">Ready: OS-11 lesson, lab, and quiz created</span></li>
</ul>
</section>
<section>
<h2>Security <span class="weight">28% | Current: not started</span></h2>
<ul>
<li class="not-started"><span class="topic">2.1 Security controls</span><span class="status">Ready: SEC-1 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">2.2 Windows security settings</span><span class="status">Ready: SEC-2 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">2.3 Wireless security</span><span class="status">Ready: SEC-3 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">2.4 Malware and security tools</span><span class="status">Ready: SEC-4 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">2.5 Social engineering and attacks</span><span class="status">Ready: SEC-5 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">2.6 Malware removal process</span><span class="status">Ready: SEC-6 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">2.7 Workstation hardening</span><span class="status">Ready: SEC-7 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">2.8 Mobile device security</span><span class="status">Ready: SEC-8 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">2.9 Data destruction</span><span class="status">Ready: SEC-9 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">2.10 SOHO network security</span><span class="status">Ready: SEC-10 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">2.11 Browser security</span><span class="status">Ready: SEC-11 lesson, lab, and quiz created</span></li>
</ul>
</section>
<section>
<h2>Software Troubleshooting <span class="weight">23% | Current: not started</span></h2>
<ul>
<li class="not-started"><span class="topic">3.1 Windows OS issues</span><span class="status">Ready: TRB-1 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">3.2 Mobile OS and app issues</span><span class="status">Ready: TRB-2 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">3.3 Mobile security issues</span><span class="status">Ready: TRB-3 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">3.4 PC security symptoms</span><span class="status">Ready: TRB-4 lesson, lab, and quiz created</span></li>
</ul>
</section>
<section>
<h2>Operational Procedures <span class="weight">21% | Current: not started</span></h2>
<ul>
<li class="not-started"><span class="topic">4.1 Documentation and support systems</span><span class="status">Ready: OPS-1 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">4.2 Change management</span><span class="status">Ready: OPS-2 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">4.3 Backup and recovery</span><span class="status">Ready: OPS-3 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">4.4 Safety procedures</span><span class="status">Ready: OPS-4 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">4.5 Environmental controls</span><span class="status">Ready: OPS-5 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">4.6 Policy, privacy, and licensing</span><span class="status">Ready: OPS-6 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">4.7 Professionalism</span><span class="status">Ready: OPS-7 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">4.8 Scripting basics</span><span class="status">Ready: OPS-8 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">4.9 Remote access</span><span class="status">Ready: OPS-9 lesson, lab, and quiz created</span></li>
<li class="not-started"><span class="topic">4.10 AI concepts</span><span class="status">Ready: OPS-10 lesson, lab, and quiz created</span></li>
</ul>
</section>
</div>
</main>
</body>
</html>

61
notes/OPS-1-documentation-support-systems.md Normal file
View file

@ -0,0 +1,61 @@
# OPS-1: Documentation and Support Systems
Status: not started
Domain:
- 4.0 Operational Procedures
Objective alignment:
- 4.1 Documentation, ticketing, asset management, and support systems
## What You Need To Know
Operational questions often test whether you record the right information and follow process.
Ticketing details:
- User information
- Device information
- Issue description
- Category
- Severity
- Escalation level
- Progress notes
- Resolution
Asset management:
- Inventory
- CMDB
- Asset tags and IDs
- Procurement life cycle
- Warranty and licensing
- Assigned users
Document types:
- Incident reports
- SOPs
- Package installation procedures
- Onboarding and offboarding checklists
- SLAs
- Knowledge base articles
## Memory Trick
Use **U-D-I-S-R** for tickets:
- **U**ser
- **D**evice
- **I**ssue
- **S**everity
- **R**esolution
Shortcut:
- **If it is not documented, the next tech cannot trust what happened.**
## Exam Clues
- Tickets need enough detail for handoff and trend analysis.
- Asset tags connect devices to users, warranty, and lifecycle records.
- SOPs are repeatable procedures.
- SLAs define expected service levels.
- Knowledge base articles help future technicians solve known issues.

59
notes/OPS-10-ai-concepts.md Normal file
View file

@ -0,0 +1,59 @@
# OPS-10: AI Concepts
Status: not started
Domain:
- 4.0 Operational Procedures
Objective alignment:
- 4.10 Artificial intelligence concepts
## What You Need To Know
Core 2 expects basic AI awareness for support environments.
AI concepts:
- Application integration
- Policy
- Appropriate use
- Plagiarism
- Bias
- Hallucinations
- Accuracy
- Private vs. public data
- Data source concerns
## Memory Trick
Use **P-B-H-D**:
- **P**olicy
- **B**ias
- **H**allucinations
- **D**ata privacy
Shortcut:
- **AI output is a draft until verified.**
## Practical Rules
Do:
- Follow company AI policy.
- Verify important output.
- Protect private data.
- Check source quality.
- Be transparent when policy requires it.
Do not:
- Paste confidential data into unapproved public tools.
- Treat AI output as automatically accurate.
- Ignore bias or hallucination risk.
- Submit AI-generated work as original if that violates policy.
## Exam Clues
- Hallucination means confident but false output.
- Bias means output can reflect unfair or skewed training data.
- Public AI tools may expose private data depending on policy and configuration.
- Accuracy matters most for technical, legal, medical, financial, and security content.

55
notes/OPS-2-change-management.md Normal file
View file

@ -0,0 +1,55 @@
# OPS-2: Change Management
Status: not started
Domain:
- 4.0 Operational Procedures
Objective alignment:
- 4.2 Change management
## What You Need To Know
Change management reduces risk when systems are modified.
Change planning should include:
- Purpose
- Scope
- Change type
- Schedule
- Affected systems
- Risk level
- Responsible staff
- Approvals
- Backup
- Rollback plan
- Sandbox testing
- Implementation steps
- Peer review
- End-user acceptance
Change types:
- Standard: low-risk, preapproved, repeatable
- Normal: planned change requiring review and approval
- Emergency: urgent change to fix major risk or outage
## Memory Trick
Use **P-S-R-B-R**:
- **P**urpose
- **S**cope
- **R**isk
- **B**ackup
- **R**ollback
Shortcut:
- **A change without rollback is a bet, not a plan.**
## Exam Clues
- Maintenance windows reduce user impact.
- Change freezes block noncritical changes during sensitive periods.
- Emergency changes may be faster but still need documentation afterward.
- Peer review helps catch mistakes before implementation.

48
notes/OPS-3-backup-recovery.md Normal file
View file

@ -0,0 +1,48 @@
# OPS-3: Backup and Recovery
Status: not started
Domain:
- 4.0 Operational Procedures
Objective alignment:
- 4.3 Backup and recovery
## What You Need To Know
Backups only matter if they can be restored.
Backup types:
- Full: backs up all selected data.
- Incremental: backs up changes since the last backup of any type.
- Differential: backs up changes since the last full backup.
- Synthetic full: builds a full backup from previous backup data.
Rotation concepts:
- Onsite and offsite
- Grandfather-father-son
- 3-2-1 rule
Restore options:
- Restore in place
- Restore to alternate location
## Memory Trick
Use **F-I-D-S**:
- **F**ull
- **I**ncremental
- **D**ifferential
- **S**ynthetic full
Shortcut:
- **Backups are promises; restore tests prove them.**
## Exam Clues
- Incremental backups are small and fast but restore chains can be longer.
- Differential backups grow until the next full backup.
- 3-2-1 means three copies, two media types, one offsite copy.
- Test restores on a defined schedule.

52
notes/OPS-4-safety-procedures.md Normal file
View file

@ -0,0 +1,52 @@
# OPS-4: Safety Procedures
Status: not started
Domain:
- 4.0 Operational Procedures
Objective alignment:
- 4.4 Safety procedures
## What You Need To Know
Safety questions test whether you protect people, equipment, and data.
ESD controls:
- Antistatic wrist strap
- ESD mat
- Antistatic bags
- Proper grounding
- Proper component handling
Personal safety:
- Disconnect power before repairs.
- Use proper lifting technique.
- Know fire safety procedures.
- Use safety goggles when needed.
- Use air filter masks when needed.
Workspace safety:
- Cable management
- Clear walkways
- Stable equipment placement
- Compliance with local rules
## Memory Trick
Use **P-E-C**:
- **P**ower off
- **E**SD control
- **C**ables managed
Shortcut:
- **Protect people first, then parts.**
## Exam Clues
- ESD can damage components even when you do not feel a shock.
- Antistatic bags protect components during storage and transport.
- Heavy equipment should be lifted safely or by two people.
- Disconnect power before internal repairs unless a procedure specifically requires power.

49
notes/OPS-5-environmental-controls.md Normal file
View file

@ -0,0 +1,49 @@
# OPS-5: Environmental Controls
Status: not started
Domain:
- 4.0 Operational Procedures
Objective alignment:
- 4.5 Environmental controls
## What You Need To Know
Environmental controls protect equipment and people.
Key topics:
- MSDS or SDS documentation
- Battery disposal
- Toner disposal
- Device and asset disposal
- Temperature
- Humidity
- Ventilation
- Equipment placement
- Dust cleanup
- Compressed air and vacuums
- UPS
- Surge suppressors
- Surges, brownouts, and blackouts
## Memory Trick
Use **P-H-D-P**:
- **P**ower
- **H**eat and humidity
- **D**ust
- **P**roper disposal
Shortcut:
- **Bad power, heat, dust, or disposal can turn a simple support issue into a safety issue.**
## Exam Clues
- Use SDS/MSDS for chemical and material safety guidance.
- Toner and batteries require proper disposal or recycling.
- UPS protects against short outages and gives time for safe shutdown.
- Surge suppressors protect against voltage spikes.
- Brownouts are low-voltage events; blackouts are power loss.

55
notes/OPS-6-policy-privacy-licensing.md Normal file
View file

@ -0,0 +1,55 @@
# OPS-6: Policy, Privacy, and Licensing
Status: not started
Domain:
- 4.0 Operational Procedures
Objective alignment:
- 4.6 Policy, privacy, licensing, and incident handling
## What You Need To Know
Policies tell technicians what they are allowed to do and what must be protected.
Incident response concepts:
- Chain of custody
- Informing management or law enforcement when required
- Drive copies for integrity and preservation
- Documentation
- Order of volatility
Policy and privacy concepts:
- Valid licenses
- DRM
- EULA
- Perpetual licensing
- Personal vs. corporate licensing
- Open-source licensing
- NDA and MNDA
- Regulated data
- Data retention
- Acceptable use policy
- Compliance
- Splash screens and login banners
## Memory Trick
Use **C-D-P-L**:
- **C**hain of custody
- **D**ata privacy
- **P**olicies
- **L**icensing
Shortcut:
- **Policy decides what you can touch, copy, disclose, and install.**
## Exam Clues
- Chain of custody tracks evidence handling.
- Order of volatility means collect the most temporary evidence first.
- EULAs define software use terms.
- Open-source does not mean no license.
- Regulated data may require special handling and retention.

56
notes/OPS-7-professionalism.md Normal file
View file

@ -0,0 +1,56 @@
# OPS-7: Professionalism
Status: not started
Domain:
- 4.0 Operational Procedures
Objective alignment:
- 4.7 Professionalism and communication
## What You Need To Know
Professional behavior is tested directly on Core 2.
Use:
- Appropriate appearance
- Appropriate language
- Respect for user time
- Active listening
- Cultural sensitivity
- Discretion
- Confidentiality
- Open-ended questions
- Restating the issue
- Clear expectations
- Status communication
- Documentation
- Follow-up
Avoid:
- Arguing
- Being defensive
- Dismissing the user
- Judging the user
- Sharing confidential information
## Memory Trick
Use **L-E-D-F**:
- **L**isten
- **E**xplain expectations
- **D**ocument
- **F**ollow up
Shortcut:
- **Fix the problem without making the user the problem.**
## Exam Clues
- Ask open-ended questions first.
- Restate the issue to confirm understanding.
- Do not blame the user.
- Protect confidential information.
- Set realistic timelines and follow up.

59
notes/OPS-8-scripting-basics.md Normal file
View file

@ -0,0 +1,59 @@
# OPS-8: Scripting Basics
Status: not started
Domain:
- 4.0 Operational Procedures
Objective alignment:
- 4.8 Scripting languages, use cases, and risks
## What You Need To Know
Scripts automate repeated tasks, but they can also break systems quickly.
Script types:
- `.bat`
- `.ps1`
- `.vbs`
- `.sh`
- `.js`
- `.py`
Use cases:
- Automation
- Restarting machines
- Remapping drives
- Application installs
- Backups
- Data gathering
- Updates
Risks:
- Introducing malware
- Changing system settings
- Deleting data
- Crashing browsers or systems
- Mishandling resources
## Memory Trick
Use **A-R-I-B-D**:
- **A**utomate
- **R**estart
- **I**nstall
- **B**ack up
- **D**ata gathering
Shortcut:
- **Scripts are force multipliers for both fixes and mistakes.**
## Exam Clues
- PowerShell scripts use `.ps1`.
- Bash shell scripts commonly use `.sh`.
- Batch files use `.bat`.
- Test scripts before broad deployment.
- Review scripts from unknown sources before running.

56
notes/OPS-9-remote-access.md Normal file
View file

@ -0,0 +1,56 @@
# OPS-9: Remote Access
Status: not started
Domain:
- 4.0 Operational Procedures
Objective alignment:
- 4.9 Remote access technologies and security considerations
## What You Need To Know
Remote access lets technicians support systems without being physically present.
Methods:
- RDP
- VPN
- VNC
- SSH
- RMM
- SPICE
- WinRM
- Third-party screen sharing
- Videoconferencing
- File transfer
- Desktop management tools
Security considerations:
- Encryption
- Authentication
- Least privilege
- User approval
- Logging
- Data exposure
- Session termination
## Memory Trick
Use **E-A-L-L**:
- **E**ncryption
- **A**uthentication
- **L**east privilege
- **L**ogging
Shortcut:
- **Remote access should be approved, authenticated, encrypted, and logged.**
## Exam Clues
- RDP is common for Windows remote desktop access.
- SSH is common for secure command-line access.
- VPN creates an encrypted path into a private network.
- RMM tools support managed monitoring and administration.
- Screen sharing may expose sensitive data, so get permission and close sessions.

179
notes/OS-1-windows-editions-system-info.md Normal file
View file

@ -0,0 +1,179 @@
# OS-1: Windows Editions and System Information
Status: studying
Domain:
- 1.0 Operating Systems
Objective alignment:
- 1.3 Windows editions and requirements
- 1.5 Windows command-line/system information basics
## What You Need To Know
Windows comes in different editions. For A+ Core 2, focus on what features separate home-user editions from business editions.
Common exam distinction:
- Windows Home: basic consumer edition.
- Windows Pro: adds business features such as joining a domain, BitLocker, Remote Desktop host, Group Policy tools, and Hyper-V support.
- Windows Pro for Workstations: high-end workstation edition with expanded CPU/RAM/storage feature support.
- Windows Enterprise/Education: organization-managed editions with more advanced deployment and security controls.
The exam often asks which edition is needed for a business feature. If the feature sounds like centralized management, encryption, domain access, or remote administration, think Pro or higher.
Windows 11 requirement clues:
- TPM 2.0: security chip/firmware feature used by Windows security features.
- UEFI: modern firmware replacement for legacy BIOS.
- Secure Boot: helps prevent untrusted boot loaders from starting before the OS.
Exam shortcut:
- If the question says a PC cannot upgrade to Windows 11, check TPM 2.0, UEFI, Secure Boot capability, CPU/RAM/storage, and edition compatibility.
## Memory Trick
Remember: **Pro = Professional workplace features**.
The "PRO" clue:
- **P**olicies: Group Policy management
- **R**emote Desktop host
- **O**rganization login: domain join / business identity features
BitLocker also belongs in the "workplace/security" bucket, so associate it with Pro or higher.
## Commands To Enter
Enter these on Windows PowerShell or Command Prompt:
```powershell
winver
```
What it does:
- Opens a Windows dialog showing the Windows version and build.
- Use it when you need a fast human-readable version check.
```powershell
systeminfo
```
What it does:
- Prints detailed system information.
- Useful fields include OS Name, OS Version, System Type, BIOS Version, Total Physical Memory, and install date.
```powershell
hostname
```
What it does:
- Shows the computer name.
- Useful when documenting a device or confirming you are connected to the right machine.
```powershell
whoami
```
What it does:
- Shows the currently signed-in user.
- Useful when checking whether you are using the expected account.
```powershell
wmic os get caption,version,buildnumber,osarchitecture
```
What it does:
- Shows Windows edition, version, build number, and whether the OS is 32-bit or 64-bit.
- WMIC is older, but it still appears in exam-style command questions.
```powershell
tpm.msc
```
What it does:
- Opens TPM Management.
- Use it to check TPM status and version on Windows.
```powershell
msinfo32
```
What it does:
- Opens System Information.
- Use it to check BIOS Mode, Secure Boot State, system model, CPU, RAM, and OS details.
Enter these on Linux:
```bash
hostname
```
What it does:
- Shows the Linux system's host name.
```bash
whoami
```
What it does:
- Shows the current logged-in user.
```bash
uname -a
```
What it does:
- Shows kernel and architecture information.
- Useful for identifying whether the system is 64-bit and what kernel it is running.
```bash
cat /etc/os-release
```
What it does:
- Shows the Linux distribution name and version.
- This is one of the quickest ways to identify the Linux OS.
## Mini Lab
Goal:
- Identify and document your system's OS edition/version, architecture, host name, current user, CPU, and RAM.
On Windows:
1. Run `winver`.
2. Run `systeminfo`.
3. Run `hostname`.
4. Run `whoami`.
5. Run `msinfo32`.
6. Optional: run `tpm.msc`.
7. Record:
- Windows edition
- Version/build
- 32-bit or 64-bit
- Host name
- Current user
- Installed RAM
- BIOS mode
- Secure Boot state
- TPM version/status, if available
On Linux:
1. Run `cat /etc/os-release`.
2. Run `uname -a`.
3. Run `hostname`.
4. Run `whoami`.
5. Optional: run `free -h` to view memory.
6. Record:
- Distribution
- Kernel
- 32-bit or 64-bit architecture
- Host name
- Current user
- Installed/available memory
## Quick Check Before Quiz
You are ready for the OS-1 quiz when you can answer these without looking:
- Which edition is usually needed for domain join and Group Policy?
- Which command quickly displays Windows version/build in a GUI dialog?
- Which command gives detailed Windows inventory information?
- Which Linux file commonly identifies the distribution?
- Which Windows 11 upgrade clues point to firmware/security requirements?

280
notes/OS-10-application-installation-requirements.md Normal file
View file

@ -0,0 +1,280 @@
# OS-10: Application Installation Requirements
Status: not started
Domain:
- 1.0 Operating Systems
Objective alignment:
- 1.10 Application installation requirements
## What You Need To Know
Application install questions are usually about compatibility and impact.
Before installing or upgrading software, check:
- OS compatibility
- 32-bit vs. 64-bit requirements
- CPU requirements
- RAM requirements
- Storage requirements
- Graphics/GPU/VRAM requirements
- External hardware token requirements
- Distribution method
- Impact to the device, network, operations, and business
## Memory Trick
Use **O-CRaSH-G-DIB**:
- **O**S compatibility
- **C**PU
- **Ra**M
- **S**torage
- **H**ardware token
- **G**raphics/GPU
- **D**istribution method
- **I**mpact
- **B**usiness risk
If the app will not install or runs badly, think:
- Wrong OS
- Wrong architecture
- Not enough RAM/storage
- Missing GPU/VRAM
- Missing driver
- Missing hardware token
- Bad source or corrupted installer
## Platform and Architecture
32-bit vs. 64-bit:
- A 32-bit OS cannot run 64-bit apps.
- A 64-bit OS can usually run many 32-bit apps.
- 64-bit Windows uses:
- `C:\Program Files` for 64-bit apps
- `C:\Program Files (x86)` for 32-bit apps
Driver compatibility:
- Drivers are OS-specific and architecture-specific.
- A driver for the wrong Windows version or architecture may fail.
## Hardware Requirements
CPU:
- Some apps require a minimum CPU generation, speed, or instruction set.
RAM:
- Apps may install but perform poorly if RAM is too low.
Storage:
- Check both install size and working data size.
- Some apps need much more space after install.
Graphics:
- Integrated graphics shares system memory.
- Dedicated/discrete GPU has its own VRAM.
- High-end apps may require dedicated GPU and minimum VRAM.
External hardware tokens:
- Some professional software requires a USB license dongle or hardware security key.
- If the token is missing, the software may not run.
## Distribution Methods
Download:
- Get from vendor or trusted app store.
- Avoid random third-party download sites.
Physical media:
- USB or optical disc.
- Less common now, but still possible.
ISO:
- Disk image file.
- Can be mounted by the OS and used like a virtual disc.
Image deployment:
- Installs a prepared system image, often with OS, drivers, and apps included.
- Common in business and virtual machine deployments.
Package managers:
- Linux examples: `apt`, `dnf`.
- Windows examples: Microsoft Store, winget in some environments.
## Impact Questions
Impact to device:
- App may slow the computer, break existing apps, overwrite files, or require reboot.
Impact to network:
- App may need internal services, firewall exceptions, bandwidth, or file share permissions.
Impact to operations:
- A workflow may change after an upgrade.
- A time-sensitive job may be interrupted.
Impact to business:
- Critical applications can affect revenue, customer service, compliance, or production.
Exam shortcut:
- If the app affects business-critical work, test first, schedule downtime, communicate, and have rollback.
## Commands To Enter
Windows:
```powershell
systeminfo
```
What it does:
- Shows OS, architecture, CPU, memory, and system details.
```powershell
wmic os get osarchitecture
```
What it does:
- Shows whether Windows is 32-bit or 64-bit.
```powershell
Get-ComputerInfo | Select-Object OsName, OsArchitecture, CsProcessors, CsTotalPhysicalMemory
```
What it does:
- PowerShell summary of OS name, architecture, CPU, and RAM.
```powershell
Get-Volume
```
What it does:
- Shows volume/file-system information and free space.
```powershell
winget --version
```
What it does:
- Shows whether Windows Package Manager is installed and its version.
```powershell
Get-AppxPackage | Select-Object -First 5 Name, Version
```
What it does:
- Shows installed Microsoft Store/UWP-style app package names and versions.
Linux:
```bash
uname -m
```
What it does:
- Shows system architecture, such as `x86_64`.
```bash
lscpu
```
What it does:
- Shows CPU details.
```bash
free -h
```
What it does:
- Shows memory usage in human-readable units.
```bash
df -h
```
What it does:
- Shows filesystem free space.
```bash
which apt
which dnf
```
What it does:
- Checks whether `apt` or `dnf` package manager commands exist.
macOS, if available:
```bash
sw_vers
uname -m
system_profiler SPHardwareDataType
```
What it does:
- Shows macOS version, architecture, and hardware summary.
## Mini Lab
Goal:
- Decide whether a computer can run a hypothetical app.
Hypothetical app requirements:
- 64-bit OS
- 8 GB RAM
- 20 GB free storage
- Modern CPU
- Dedicated GPU preferred
- Internet download from vendor site
Windows:
1. Run `systeminfo`.
2. Run `wmic os get osarchitecture`.
3. Run `Get-Volume`.
4. Optional: run `winget --version`.
5. Record:
- OS:
- Architecture:
- RAM:
- Free storage:
- CPU:
- Package manager available:
- Meets requirements? Why or why not?
Linux:
1. Run `cat /etc/os-release`.
2. Run `uname -m`.
3. Run `lscpu`.
4. Run `free -h`.
5. Run `df -h`.
6. Run `which apt` and `which dnf`.
7. Record:
- Distribution:
- Architecture:
- RAM:
- Free storage:
- CPU:
- Package manager:
- Meets requirements? Why or why not?
macOS, if available:
1. Run `sw_vers`.
2. Run `uname -m`.
3. Run `system_profiler SPHardwareDataType`.
4. Record:
- macOS version:
- Architecture:
- RAM:
- CPU/chip:
- Meets requirements? Why or why not?
## Quick Check Before Quiz
You are ready for the OS-10 quiz when you can answer these without looking:
- Can a 32-bit OS run a 64-bit application?
- Which folder holds 32-bit apps on 64-bit Windows?
- What is an ISO?
- Why does VRAM matter?
- Why should business impact be checked before app updates?

232
notes/OS-11-cloud-productivity-tools.md Normal file
View file

@ -0,0 +1,232 @@
# OS-11: Cloud Productivity Tools
Status: not started
Domain:
- 1.0 Operating Systems
Objective alignment:
- 1.11 Cloud productivity tools
## What You Need To Know
Cloud productivity tools move everyday business services from local servers and local apps into cloud-managed services.
Common examples:
- Email
- Cloud storage
- File synchronization
- Collaboration tools
- Spreadsheets
- Word processing
- Presentations
- Videoconferencing
- Instant messaging/chat
- Identity synchronization
- License assignment
## Memory Trick
Use **E-S-C-I-L**:
- **E**mail
- **S**torage and sync
- **C**ollaboration
- **I**dentity synchronization
- **L**icense assignment
If the question says "user can access from anywhere," "syncs across devices," or "assign a license to a user," think cloud productivity.
## Email Systems
Cloud email:
- Mailbox is hosted by a cloud provider.
- Common examples include Microsoft 365/Exchange Online and Google Workspace/Gmail.
- Often includes spam filtering, malware filtering, redundancy, backups, and centralized management.
Exam clue:
- If the user can sign in from multiple devices and mail is stored on the provider's servers, it is cloud email.
## Storage and Synchronization
Cloud storage:
- Files are stored in a cloud service.
- Common examples include OneDrive, Google Drive, Dropbox, and iCloud Drive.
Synchronization:
- A local file can be uploaded to the cloud and synced to other devices.
- Sync clients may let you choose which folders are local, cloud-only, or always available offline.
Memory trick:
- **Sync = same files across systems.**
Important distinction:
- Local-only file: stored on one device.
- Synced file: copied between local device and cloud.
- Streaming/cloud-only file: visible locally but downloaded on demand.
## Collaboration Tools
Collaboration tools let users work together in real time or near real time.
Examples:
- Shared documents
- Spreadsheets
- Presentations
- Videoconferencing
- Instant messaging
- Shared calendars
- Comments and version history
Exam clue:
- If multiple users edit or communicate together through the same service, it is collaboration.
## Identity Synchronization
Identity synchronization connects user identities across systems.
Examples:
- Microsoft Entra ID
- Google Identity
- Okta
- Directory sync from on-premises identity to cloud identity
Why it matters:
- Create or update a user once, and the change can appear in connected cloud services.
- Password and account state may be synchronized depending on configuration.
Exam clue:
- If the question says "same account works across cloud apps" or "new users appear automatically," think identity sync.
## License Assignment
Cloud services often use per-user licenses.
License assignment:
- Admin assigns a license to a user account.
- The user receives access to apps/services.
- Licenses can often be moved between users.
Why it matters:
- Easier than tracking physical license keys.
- Prevents wasting unused licenses.
- Centralized license management helps audits and cost control.
Exam clue:
- If a user can sign in but cannot access an app, check whether the correct license is assigned.
## Commands To Enter
Cloud productivity is usually managed in web admin portals, but you can still inspect local sync and network basics.
Windows:
```powershell
whoami
```
What it does:
- Shows the currently signed-in user.
- Useful when checking identity or account context.
```powershell
hostname
```
What it does:
- Shows the device name.
```powershell
ipconfig /all
```
What it does:
- Shows network and DNS details needed for cloud service connectivity.
```powershell
dir $env:USERPROFILE
```
What it does:
- Lists folders in the current user's profile.
- Look for cloud sync folders such as OneDrive, Dropbox, or Google Drive if installed.
Linux:
```bash
whoami
```
What it does:
- Shows current user.
```bash
hostname
```
What it does:
- Shows device name.
```bash
ip addr
```
What it does:
- Shows network interface/IP address information.
```bash
ls ~
```
What it does:
- Lists folders in the current user's home directory.
- Look for cloud sync folders if a sync client is installed.
macOS, if available:
```bash
whoami
hostname
ls ~
```
What it does:
- Shows user, device name, and home folder contents.
- Look for iCloud Drive, OneDrive, Dropbox, or Google Drive folders if configured.
## Mini Lab
Goal:
- Recognize cloud productivity components and local sync behavior.
Windows/Linux/macOS:
1. Identify the signed-in user.
2. Identify the device name.
3. Check basic network connectivity.
4. Look in the user's home/profile folder for any cloud sync folders.
5. If you use a cloud storage app, identify whether files are local, online-only, or synced.
Record:
- Current user:
- Device name:
- Cloud email service used, if any:
- Cloud storage service used, if any:
- Sync folder path:
- Is there an online-only or streaming file option?
- What collaboration tools do you use?
- What account identity do those tools use?
Admin scenario practice:
- A new employee can sign in but cannot open the company spreadsheet app. What should you check?
- A user saved a file locally but it does not appear on another device. What sync settings should you inspect?
- A user changed departments and now needs a different app set. What licensing/admin action may be needed?
## Quick Check Before Quiz
You are ready for the OS-11 quiz when you can answer these without looking:
- What does cloud file synchronization do?
- What is identity synchronization?
- What does license assignment control?
- Why are cloud email services centrally managed?
- What should you check if a user can sign in but cannot use a licensed app?

142
notes/OS-2-windows-installation-recovery.md Normal file
View file

@ -0,0 +1,142 @@
# OS-2: Windows Installation, Boot, and Recovery
Status: not started
Domain:
- 1.0 Operating Systems
## What You Need To Know
Windows installation questions usually test which method fits the situation.
Core install types:
- **Clean install**: wipes or replaces the existing OS. Best when starting fresh or when the old OS is badly damaged.
- **Upgrade install**: keeps compatible apps, files, and settings while moving to a newer Windows version.
- **Repair install / in-place repair**: reinstalls Windows system files while trying to keep user data and applications.
- **Image deployment**: applies a prepared OS image to one or many computers. Common in business environments.
- **Network boot / PXE**: boots a computer from the network to install or deploy an OS.
Boot and recovery questions usually test the first tool to try.
Common recovery tools:
- **Windows RE**: Windows Recovery Environment. This is the recovery menu used for repair options.
- **Startup Repair**: use when Windows will not boot correctly.
- **System Restore**: rolls system files/settings back to a restore point. It does not restore personal files.
- **Uninstall updates**: useful after a bad Windows update breaks startup.
- **Reset this PC**: reinstalls Windows and can keep or remove user files, depending on the option selected.
- **System image recovery**: restores the computer from a full system image backup.
## Memory Tricks
Install choices:
- **Clean = clear the old system.**
- **Upgrade = up but keep stuff.**
- **Image = identical installs.**
- **PXE = Preboot eXecution Environment = boot before local OS.**
Recovery choices:
- **Startup Repair starts the system again.**
- **System Restore restores settings, not documents.**
- **Image Recovery returns the whole picture.**
- **Reset is the bigger hammer when repair tools fail.**
## Commands To Enter
Enter these on Windows PowerShell or Command Prompt:
```powershell
reagentc /info
```
What it does:
- Shows whether Windows Recovery Environment is enabled.
- Useful when checking whether local recovery tools are available.
```powershell
shutdown /r /o /t 0
```
What it does:
- Restarts Windows directly into Advanced Startup options.
- `/r` means restart.
- `/o` means go to advanced boot options.
- `/t 0` means wait zero seconds.
```powershell
bcdedit
```
What it does:
- Displays Boot Configuration Data.
- Useful for viewing boot loader entries.
- Be careful: changing BCD settings can break boot if done incorrectly.
```powershell
sfc /scannow
```
What it does:
- Scans protected Windows system files and repairs corrupted files when possible.
- Use for suspected Windows system file corruption.
```powershell
DISM /Online /Cleanup-Image /RestoreHealth
```
What it does:
- Repairs the Windows component store used by SFC.
- If SFC cannot repair corruption, DISM is often used before running SFC again.
Enter these on Linux for comparison practice:
```bash
lsblk
```
What it does:
- Lists block devices such as drives and partitions.
- Useful for understanding disk layout before installation or recovery work.
```bash
df -h
```
What it does:
- Shows mounted file systems and disk usage in human-readable units.
```bash
sudo reboot
```
What it does:
- Restarts the Linux system.
- `sudo` runs the command with administrative privileges.
## Mini Lab
Goal:
- Recognize recovery options and practice safe information-gathering commands.
Windows:
1. Run `reagentc /info`.
2. Record whether Windows RE is enabled.
3. Run `sfc /scannow`.
4. Record whether Windows found integrity violations.
5. Optional: run `DISM /Online /Cleanup-Image /RestoreHealth`.
6. Do not change `bcdedit` settings. Only run `bcdedit` to view current boot entries.
Linux:
1. Run `lsblk`.
2. Identify the main disk.
3. Run `df -h`.
4. Identify the root filesystem and free space.
## Quick Check Before Quiz
You are ready for the OS-2 quiz when you can answer these without looking:
- What install type wipes the old OS?
- What install type keeps compatible files/apps/settings?
- Which recovery tool fixes common boot problems?
- What does System Restore affect?
- What command restarts Windows into Advanced Startup?

200
notes/OS-3-windows-admin-tools.md Normal file
View file

@ -0,0 +1,200 @@
# OS-3: Windows Administrative Tools
Status: not started
Domain:
- 1.0 Operating Systems
## What You Need To Know
The exam often describes a problem and expects you to pick the right Windows tool.
Core tools:
- **Task Manager**: view running apps/processes, resource use, startup apps, and end unresponsive tasks.
- **Services**: start, stop, restart, disable, or change startup type for Windows services.
- **Event Viewer**: read logs for errors, warnings, failed services, application crashes, security events, and system events.
- **Device Manager**: manage hardware devices, drivers, disabled devices, and driver rollback.
- **Disk Management**: create, format, extend, shrink, and assign drive letters to partitions/volumes.
- **System Configuration (`msconfig`)**: troubleshooting startup configuration and boot options.
- **Local Users and Groups**: manage local users and local group membership.
- **Performance Monitor**: collect detailed performance counters over time.
- **Resource Monitor**: live view of CPU, memory, disk, and network activity.
- **Task Scheduler**: run programs or scripts automatically based on time or events.
## Memory Tricks
Use the problem wording:
- **"What happened?" = Event Viewer**
- **"What hardware/driver?" = Device Manager**
- **"What starts with Windows?" = Task Manager or System Configuration**
- **"What service is stopped?" = Services**
- **"What partition/drive letter?" = Disk Management**
- **"What account/group?" = Local Users and Groups**
- **"What is slow right now?" = Resource Monitor**
- **"What is slow over time?" = Performance Monitor**
- **"Run this automatically" = Task Scheduler**
## Commands To Enter
Enter these on Windows PowerShell or Command Prompt:
```powershell
taskmgr
```
What it does:
- Opens Task Manager.
- Use it to view processes, performance, startup apps, and signed-in users.
```powershell
services.msc
```
What it does:
- Opens the Services console.
- Use it to start, stop, restart, disable, or change startup type for services.
```powershell
eventvwr.msc
```
What it does:
- Opens Event Viewer.
- Use it to investigate system, application, setup, and security logs.
```powershell
devmgmt.msc
```
What it does:
- Opens Device Manager.
- Use it to check hardware status and manage drivers.
```powershell
diskmgmt.msc
```
What it does:
- Opens Disk Management.
- Use it to manage partitions, volumes, and drive letters.
```powershell
msconfig
```
What it does:
- Opens System Configuration.
- Use it for boot and startup troubleshooting.
```powershell
lusrmgr.msc
```
What it does:
- Opens Local Users and Groups on supported Windows editions.
- Use it to manage local accounts and group membership.
- This is not available on all Home editions.
```powershell
perfmon
```
What it does:
- Opens Performance Monitor.
- Use it for detailed performance counters and longer-term monitoring.
```powershell
resmon
```
What it does:
- Opens Resource Monitor.
- Use it for live CPU, memory, disk, and network activity.
```powershell
taskschd.msc
```
What it does:
- Opens Task Scheduler.
- Use it to create, view, and troubleshoot scheduled tasks.
Linux comparison commands:
```bash
ps aux
```
What it does:
- Lists running processes.
```bash
top
```
What it does:
- Shows live process and resource usage.
```bash
systemctl status
```
What it does:
- Shows systemd service manager status.
- You can also check a specific service, such as `systemctl status ssh`.
```bash
journalctl -p err
```
What it does:
- Shows systemd journal entries with error priority.
```bash
lsblk
```
What it does:
- Lists disks and partitions.
## Mini Lab
Goal:
- Match tools to symptoms and practice safe viewing commands.
Windows:
1. Open Task Manager with `taskmgr`.
2. Open Event Viewer with `eventvwr.msc`.
3. In Event Viewer, view Windows Logs > System.
4. Open Device Manager with `devmgmt.msc`.
5. Open Disk Management with `diskmgmt.msc`.
6. Open Resource Monitor with `resmon`.
7. Record which tool you would use for:
- Failed service startup:
- Missing driver:
- Drive letter change:
- Slow disk right now:
- Long-term CPU tracking:
Linux:
1. Run `ps aux`.
2. Run `top`, then press `q` to quit.
3. Run `systemctl status`.
4. Run `journalctl -p err`.
5. Run `lsblk`.
6. Record the Linux command closest to:
- Task Manager:
- Event Viewer:
- Services:
- Disk Management:
## Quick Check Before Quiz
You are ready for the OS-3 quiz when you can answer these without looking:
- Which tool shows Windows logs?
- Which tool manages drivers?
- Which tool manages partitions and drive letters?
- Which tool shows live resource usage?
- Which tool runs jobs automatically?

343
notes/OS-4-windows-command-line.md Normal file
View file

@ -0,0 +1,343 @@
# OS-4: Windows Command Line
Status: not started
Domain:
- 1.0 Operating Systems
Objective alignment:
- 1.5 Windows command-line tools
- 1.7 Windows networking basics
- 3.1 Windows troubleshooting support
## What You Need To Know
Core 2 command questions usually ask, "Which command would you use?"
Think in buckets:
- **Navigation**: move around files and folders.
- **Network**: check IP address, connectivity, DNS, routes, and connections.
- **Disk/file repair**: check file systems and system files.
- **Identity/system info**: computer name, signed-in user, Windows version.
- **Group Policy**: update or report applied policies.
- **Help**: find command syntax.
Some commands are safe to run anytime. Others can change disks or files, so use them carefully.
## Memory Tricks
- **`ipconfig` = IP configuration.**
- **`ping` = "Are you alive?"**
- **`tracert` = trace route.**
- **`nslookup` = name server lookup.**
- **`netstat` = network statistics.**
- **`chkdsk` = check disk.**
- **`sfc` = system file checker.**
- **`gpupdate` = Group Policy update.**
- **`gpresult` = Group Policy result.**
- **`/?` = "How do I use this?"**
## Commands To Enter
Enter these on Windows PowerShell or Command Prompt.
### Navigation
```powershell
dir
```
What it does:
- Lists files and folders in the current directory.
- Similar Linux command: `ls`.
```powershell
cd
```
What it does:
- Shows or changes the current directory.
- `cd ..` moves up one folder.
```powershell
mkdir test-folder
```
What it does:
- Creates a folder named `test-folder`.
- `md` does the same thing.
```powershell
rmdir test-folder
```
What it does:
- Removes an empty folder.
- `rd` does the same thing.
### Network
```powershell
ipconfig
```
What it does:
- Shows IP address, subnet mask, and default gateway for network adapters.
```powershell
ipconfig /all
```
What it does:
- Shows detailed adapter info, including MAC address, DNS servers, DHCP status, and lease details.
```powershell
ping 127.0.0.1
```
What it does:
- Tests the local TCP/IP stack using the loopback address.
- If this fails, the local networking stack has a problem.
```powershell
ping 8.8.8.8
```
What it does:
- Tests basic IP connectivity to an external address.
- If this works but names do not, suspect DNS.
```powershell
nslookup example.com
```
What it does:
- Queries DNS for a hostname.
- Useful when websites fail by name but IP connectivity works.
```powershell
tracert example.com
```
What it does:
- Shows the router hops toward a destination.
- Useful for finding where a path may stop.
```powershell
pathping example.com
```
What it does:
- Combines route tracing with packet-loss statistics.
- Takes longer than `tracert`.
```powershell
netstat -ano
```
What it does:
- Shows active connections and listening ports.
- `-a` shows all connections/listeners.
- `-n` keeps addresses numeric.
- `-o` shows process IDs.
### Disk and File Repair
```powershell
chkdsk
```
What it does:
- Checks the disk file system status.
```powershell
chkdsk /f
```
What it does:
- Fixes logical file system errors.
- May need to run at startup if the drive is locked.
```powershell
chkdsk /r
```
What it does:
- Looks for bad sectors and recovers readable information.
- Includes `/f`.
- Can take a long time.
```powershell
sfc /scannow
```
What it does:
- Scans protected Windows system files and repairs them when possible.
### Identity and System Info
```powershell
hostname
```
What it does:
- Shows the computer name.
```powershell
whoami
```
What it does:
- Shows the current user.
```powershell
whoami /all
```
What it does:
- Shows current user, groups, privileges, and security identifier details.
```powershell
winver
```
What it does:
- Opens the Windows version/build dialog.
### Group Policy
```powershell
gpupdate /force
```
What it does:
- Forces a Group Policy refresh.
- Most relevant on domain-joined business systems.
```powershell
gpresult /r
```
What it does:
- Shows Resultant Set of Policy summary for the user/computer.
- Use it to verify what policies applied.
### Help
```powershell
ipconfig /?
```
What it does:
- Shows help and syntax for `ipconfig`.
- Most Windows commands support `/?`.
```powershell
help dir
```
What it does:
- Shows help for the `dir` command.
## Commands To Know But Treat Carefully
```powershell
format
```
What it does:
- Formats a volume.
- Warning: this can erase data.
```powershell
diskpart
```
What it does:
- Opens a powerful disk partitioning tool.
- Warning: incorrect commands can erase partitions or make a system unbootable.
```powershell
robocopy
```
What it does:
- Copies files and folders robustly.
- Useful for backups and migrations.
- Be careful with mirror options because they can delete destination files.
## Linux Comparison Commands
```bash
ls
pwd
cd
mkdir test-folder
rmdir test-folder
ip addr
ping 127.0.0.1
traceroute example.com
dig example.com
df -h
du -h
ps aux
top
```
Why this matters:
- Linux command practice helps you understand the same troubleshooting ideas across operating systems.
- Exact commands differ, but the goal is often the same: identify the system, check network state, inspect storage, and view running processes.
## Mini Lab
Goal:
- Practice safe command-line troubleshooting.
Windows:
1. Run `hostname`.
2. Run `whoami`.
3. Run `winver`.
4. Run `ipconfig`.
5. Run `ipconfig /all`.
6. Run `ping 127.0.0.1`.
7. Run `nslookup example.com`.
8. Run `netstat -ano`.
9. Run `sfc /scannow`.
10. Run `ipconfig /?`.
Record:
- Computer name:
- Current user:
- IPv4 address:
- Default gateway:
- DNS server:
- Did loopback ping work?
- Did DNS lookup work?
- One listening port from `netstat -ano`:
Linux:
1. Run `hostname`.
2. Run `whoami`.
3. Run `ip addr`.
4. Run `ping -c 4 127.0.0.1`.
5. Run `df -h`.
6. Run `ps aux`.
7. Run `top`, then press `q`.
Record:
- Hostname:
- Current user:
- IP address:
- Root filesystem free space:
- One running process:
## Quick Check Before Quiz
You are ready for the OS-4 quiz when you can answer these without looking:
- Which command shows full Windows IP configuration?
- Which command tests DNS name resolution?
- Which command shows active connections and process IDs?
- Which command repairs protected Windows system files?
- Which command forces Group Policy refresh?
- Which commands can erase data if misused?

186
notes/OS-5-os-types-filesystems.md Normal file
View file

@ -0,0 +1,186 @@
# OS-5: OS Types and File Systems
Status: strong
Domain:
- 1.0 Operating Systems
Objective alignment:
- 1.1 Operating system types and file systems
## What You Need To Know
An operating system sits between the user, applications, and hardware.
It handles:
- Files and folders
- Application support
- Memory use
- Input and output devices
- Drivers
- User interface
- System settings and updates
For the exam, know the personality of each OS family.
## OS Type Shortcuts
Windows:
- Common in business and consumer PCs.
- Broad hardware and software support.
- Big target for malware because it is widely used.
Linux:
- Open-source and common on servers, development systems, and technical workstations.
- Many distributions, such as Ubuntu, Debian, Fedora, and Red Hat.
- Strong command-line culture.
macOS:
- Apple desktop/laptop OS.
- Runs on Apple hardware.
- You need conceptual knowledge, but no Mac lab is required for our study plan.
ChromeOS:
- Google OS based on the Linux kernel.
- Web/cloud-focused.
- Common on Chromebooks.
iOS/iPadOS:
- Apple mobile/tablet OS.
- Apps normally come through Apple's App Store.
Android:
- Linux-based mobile OS.
- Used by many manufacturers.
- Apps can come from Google Play and, depending on policy/settings, other app stores.
## Memory Trick
Use **W-L-M-C-I-A**:
- **W**indows: workplace and wide support
- **L**inux: lots of distributions
- **M**ac: manufactured by Apple
- **C**hromeOS: cloud-centered
- **I**OS/iPadOS: inside Apple's app store
- **A**ndroid: available across many manufacturers
## File Systems
A file system is the format used to organize data on a storage device.
Common file systems:
- **NTFS**: modern Windows file system. Supports permissions, encryption, compression, large files, and recoverability.
- **ReFS**: newer Microsoft file system focused on resiliency and large storage use cases.
- **FAT32**: older and broadly compatible, but has a 4 GB max file size.
- **exFAT**: good for flash drives and cross-platform file transfer; supports files larger than 4 GB.
- **ext4**: common Linux file system.
- **XFS**: high-performance Linux file system, often used for large-scale storage.
- **APFS**: Apple file system for modern macOS/iOS/iPadOS devices.
## File System Memory Tricks
- **NTFS = New Technology For Security**: Windows permissions and encryption.
- **FAT32 = Four GB wall**: single files cannot exceed 4 GB.
- **exFAT = EXternal flash-friendly FAT**: good for USB drives across OSs.
- **ext4 = Linux everyday default**: common Linux file system.
- **APFS = Apple Prefers Flash Storage**: Apple modern file system.
- **ReFS = Resilient File System**: built for resiliency.
## Commands To Enter
Windows:
```powershell
fsutil fsinfo drives
```
What it does:
- Lists available drives.
```powershell
fsutil fsinfo volumeinfo C:
```
What it does:
- Shows file-system information for the C: volume.
- You may need an elevated terminal.
```powershell
wmic logicaldisk get caption,filesystem,size,freespace
```
What it does:
- Lists drive letters, file systems, sizes, and free space.
```powershell
Get-Volume
```
What it does:
- PowerShell command that shows volumes, drive letters, labels, file systems, and health status.
Linux:
```bash
df -T
```
What it does:
- Shows mounted file systems and their types.
```bash
lsblk -f
```
What it does:
- Lists block devices with file-system information.
```bash
cat /etc/os-release
```
What it does:
- Shows Linux distribution information.
```bash
uname -a
```
What it does:
- Shows kernel and architecture information.
## Mini Lab
Goal:
- Identify the OS family and file system in use.
Windows:
1. Run `winver`.
2. Run `wmic logicaldisk get caption,filesystem,size,freespace`.
3. Run `Get-Volume` in PowerShell.
4. Record:
- Windows version:
- Main drive letter:
- Main drive file system:
- Free space:
Linux:
1. Run `cat /etc/os-release`.
2. Run `uname -a`.
3. Run `df -T`.
4. Run `lsblk -f`.
5. Record:
- Distribution:
- Kernel:
- Root file system type:
- Main disk/partition:
## Quick Check Before Quiz
You are ready for the OS-5 quiz when you can answer these without looking:
- Which file system is common for modern Windows?
- Which file system has a 4 GB single-file limit?
- Which file system is common for Linux?
- Which OS is cloud/browser-centered?
- Which mobile OS is used by many manufacturers?

248
notes/OS-6-windows-control-panel-settings.md Normal file
View file

@ -0,0 +1,248 @@
# OS-6: Windows Control Panel and Settings
Status: not started
Domain:
- 1.0 Operating Systems
Objective alignment:
- 1.6 Windows Control Panel and Settings
## What You Need To Know
This objective is about knowing where to configure Windows features.
Windows has two major configuration areas:
- **Control Panel**: older interface, still used for many classic tools.
- **Settings app**: newer interface, used for most daily configuration.
Exam questions usually describe a task and ask where you should go.
## Memory Trick
Use **"Old Control, New Settings"**:
- If it sounds like an older Windows admin item, think Control Panel or `.cpl`.
- If it sounds like modern user preferences, think Settings.
Another shortcut:
- **Hardware problem? Device Manager.**
- **Power/sleep/lid? Power Options.**
- **Hidden files/extensions? File Explorer Options.**
- **Installed apps? Apps / Programs and Features.**
- **Printers? Devices and Printers or Settings > Bluetooth & devices.**
- **Windows updates? Update and Security / Windows Update.**
- **Clock/language? Time and Language.**
## Control Panel Areas To Know
Internet Options:
- Browser-related legacy settings such as security zones, privacy, and connections.
Devices and Printers:
- View and manage printers and connected devices.
Programs and Features:
- Uninstall or change installed desktop applications.
- Turn Windows features on or off.
Network and Sharing Center:
- View network status and adapter settings.
Windows Defender Firewall:
- Enable/disable firewall profiles and allow apps through the firewall.
User Accounts:
- Manage local user account settings.
Device Manager:
- Manage hardware and drivers.
Indexing Options:
- Choose locations Windows indexes for faster search.
Power Options:
- Sleep, hibernate, lid behavior, power plans, USB selective suspend, and Fast Startup.
File Explorer Options:
- Show hidden files, show file extensions, and change search/view behavior.
Ease of Access:
- Accessibility settings for display, keyboard, mouse, narrator, and other input/output needs.
## Settings App Areas To Know
System:
- Display, sound, notifications, power, storage, and about information.
Bluetooth and devices:
- Bluetooth, printers, mouse, typing, pen, and connected devices.
Network and Internet:
- Wi-Fi, Ethernet, VPN, proxy, metered network, and IP settings.
Personalization:
- Wallpaper, colors, lock screen, themes, and Start/taskbar preferences.
Apps:
- Installed apps, default apps, optional features, and app settings.
Accounts:
- Microsoft account/local account, email accounts, sign-in options, PIN, password, and security key.
Time and Language:
- Date/time, region, language, and keyboard options.
Privacy and Security:
- App permissions, privacy controls, Windows Security, and security-related settings.
Windows Update:
- Updates, active hours, update history, and restart scheduling.
## Commands To Enter
Windows commands:
```powershell
control
```
What it does:
- Opens Control Panel.
```powershell
ms-settings:
```
What it does:
- Opens the Windows Settings app.
```powershell
appwiz.cpl
```
What it does:
- Opens Programs and Features.
- Use this to uninstall or change classic desktop apps.
```powershell
ncpa.cpl
```
What it does:
- Opens Network Connections.
- Use this to view or change network adapters.
```powershell
firewall.cpl
```
What it does:
- Opens Windows Defender Firewall.
```powershell
powercfg.cpl
```
What it does:
- Opens Power Options.
```powershell
inetcpl.cpl
```
What it does:
- Opens Internet Options.
```powershell
control printers
```
What it does:
- Opens Devices and Printers.
```powershell
control folders
```
What it does:
- Opens File Explorer Options.
```powershell
devmgmt.msc
```
What it does:
- Opens Device Manager.
Linux comparison commands:
```bash
gnome-control-center
```
What it does:
- Opens GNOME Settings on Linux systems that use GNOME.
- May not be installed on every Linux distribution.
```bash
nm-connection-editor
```
What it does:
- Opens a graphical network connection editor on many Linux desktops.
- May not be installed on every Linux distribution.
```bash
timedatectl
```
What it does:
- Shows or configures Linux time/date settings.
## Mini Lab
Goal:
- Learn where Windows settings live.
Windows:
1. Run `control`.
2. Run `ms-settings:`.
3. Run `appwiz.cpl`.
4. Run `ncpa.cpl`.
5. Run `firewall.cpl`.
6. Run `powercfg.cpl`.
7. Run `control printers`.
8. Run `control folders`.
9. Run `devmgmt.msc`.
Record the best place to configure:
- Uninstall a desktop app:
- Change a network adapter:
- Allow an app through firewall:
- Change what closing a laptop lid does:
- Show hidden files:
- Manage a printer:
- Fix a driver problem:
- Change date/time or language:
- Change default apps:
Linux:
1. Run `timedatectl`.
2. If using GNOME, run `gnome-control-center`.
3. Optional: run `nm-connection-editor`.
Record:
- Current time zone:
- Network settings tool available:
- Desktop settings tool available:
## Quick Check Before Quiz
You are ready for the OS-6 quiz when you can answer these without looking:
- Where do you uninstall classic desktop apps?
- Where do you change adapter settings?
- Where do you show hidden files and extensions?
- Where do you change sleep/hibernate/lid behavior?
- Where do you manage drivers?

283
notes/OS-7-windows-networking.md Normal file
View file

@ -0,0 +1,283 @@
# OS-7: Windows Networking
Status: not started
Domain:
- 1.0 Operating Systems
Objective alignment:
- 1.7 Windows networking
- 1.5 Windows network command-line support
## What You Need To Know
Windows networking questions usually describe one of these tasks:
- Join or compare a workgroup/domain.
- Share a folder or printer.
- Map a network drive.
- Configure firewall exceptions.
- Configure IP settings.
- Choose public/private network profile.
- Configure VPN, Wi-Fi, proxy, WWAN, or metered connection.
## Memory Tricks
Use **D-S-F-I-P**:
- **D**omain/workgroup: who manages login?
- **S**hares: folder/printer access.
- **F**irewall: allow/block traffic.
- **I**P settings: address, mask, gateway, DNS.
- **P**rofile/proxy/VPN: how traffic is treated.
Network profile:
- **Private = trusted = sharing allowed.**
- **Public = untrusted = sharing restricted.**
IP troubleshooting:
- **169.254 = APIPA = DHCP failed.**
- **127.0.0.1 = loopback = local TCP/IP test.**
## Workgroup vs Domain
Workgroup:
- Small peer-to-peer network.
- Each PC manages its own local users and permissions.
- No centralized authentication.
Domain:
- Business network with centralized authentication and management.
- Usually uses Active Directory.
- Supports Group Policy.
- Requires Windows Pro or higher to join a domain.
## Shared Resources
Shared folder:
- Makes a folder available over the network.
- Uses a UNC path like `\\server\share`.
Mapped drive:
- Assigns a drive letter to a network share.
- Example: map `H:` to `\\server\shared`.
Hidden share:
- Share name ends in `$`.
- Example: `\\server\share$`.
- It hides the share from browsing but is not real security.
Shared printer:
- Makes a printer available to other users.
- Can be added from Settings, Control Panel, or a shared path.
## Firewall Concepts
Windows Defender Firewall should normally stay enabled.
Firewall exception types:
- Allow an app or feature.
- Allow/block a port.
- Use a predefined rule.
- Create a custom rule.
Network profiles:
- Public profile: stricter, for public Wi-Fi.
- Private profile: more trusted, allows more discovery/sharing.
## IP Addressing
DHCP:
- Automatically assigns IP settings.
- Default behavior on most clients.
Static IP:
- Manually configured IP address, subnet mask, gateway, and DNS.
- Used when a device needs a fixed address.
APIPA:
- Automatic Private IP Addressing.
- Address range starts with `169.254`.
- Means the client did not get DHCP and usually has no internet access.
Core fields:
- IP address: device address.
- Subnet mask: local network boundary.
- Default gateway: route off the local network.
- DNS server: converts names to IP addresses.
## Connection Types
Wired:
- Ethernet cable.
- Usually stable and fast.
Wireless:
- Wi-Fi using SSID, security type, encryption, and key.
VPN:
- Encrypted connection to a private network.
- Often used for work access.
- May use MFA such as smart card, authenticator app, or token.
WWAN:
- Cellular data connection.
- May use built-in modem, USB modem, tethering, or hotspot.
Proxy:
- A go-between for web/internet traffic.
- Configured in Settings > Network and Internet or Internet Options.
Metered connection:
- Tells Windows to reduce data use.
- Useful for cellular/hotspot/limited data networks.
## Commands To Enter
Windows:
```powershell
ipconfig
```
What it does:
- Shows IP address, subnet mask, and default gateway.
```powershell
ipconfig /all
```
What it does:
- Shows detailed network configuration, including DNS, DHCP, and MAC address.
```powershell
ping 127.0.0.1
```
What it does:
- Tests local TCP/IP stack.
```powershell
ping 8.8.8.8
```
What it does:
- Tests external IP connectivity.
```powershell
nslookup example.com
```
What it does:
- Tests DNS name resolution.
```powershell
net use
```
What it does:
- Shows mapped network drives and network connections.
```powershell
net use H: \\server\share
```
What it does:
- Maps drive `H:` to a network share.
- Replace `\\server\share` with a real share in your environment.
```powershell
net use H: /delete
```
What it does:
- Removes the mapped drive `H:`.
```powershell
ncpa.cpl
```
What it does:
- Opens Network Connections.
```powershell
firewall.cpl
```
What it does:
- Opens Windows Defender Firewall.
Linux comparison:
```bash
ip addr
```
What it does:
- Shows Linux network interfaces and IP addresses.
```bash
ip route
```
What it does:
- Shows routing table, including default gateway.
```bash
cat /etc/resolv.conf
```
What it does:
- Shows DNS resolver configuration on many Linux systems.
```bash
ping -c 4 127.0.0.1
```
What it does:
- Tests local TCP/IP stack.
## Mini Lab
Goal:
- Identify IP settings, network profile concepts, firewall location, and mapped-drive syntax.
Windows:
1. Run `ipconfig`.
2. Run `ipconfig /all`.
3. Run `ping 127.0.0.1`.
4. Run `nslookup example.com`.
5. Run `net use`.
6. Run `ncpa.cpl`.
7. Run `firewall.cpl`.
Record:
- IPv4 address:
- Subnet mask:
- Default gateway:
- DNS server:
- DHCP enabled:
- Any mapped drives:
- Current network adapter name:
- Where firewall profile settings are located:
Linux:
1. Run `ip addr`.
2. Run `ip route`.
3. Run `cat /etc/resolv.conf`.
4. Run `ping -c 4 127.0.0.1`.
Record:
- IP address:
- Default gateway:
- DNS server:
- Loopback ping result:
## Quick Check Before Quiz
You are ready for the OS-7 quiz when you can answer these without looking:
- What does a `169.254.x.x` address usually mean?
- Which network profile is safest for public Wi-Fi?
- What does `net use` do?
- What settings are required for a static IP?
- What does DNS do?

253
notes/OS-8-macos-tools-features.md Normal file
View file

@ -0,0 +1,253 @@
# OS-8: macOS Tools and Features
Status: not started
Domain:
- 1.0 Operating Systems
Objective alignment:
- 1.8 macOS tools and features
## What You Need To Know
You may not use macOS daily, but the exam expects you to recognize common macOS tools, file types, folders, and features.
Focus on matching the macOS term to its job.
## Memory Trick
Use **F-D-T-K-S-I**:
- **F**inder: files
- **D**isk Utility: disks
- **T**ime Machine: backups
- **K**eychain: passwords/certificates
- **S**potlight: search
- **I**Cloud: sync
Security shortcut:
- **FileVault = full disk encryption**
- **Privacy = app permissions**
- **Rapid Security Response = urgent Apple security patches**
## macOS File Types
`.dmg`:
- Apple disk image.
- Mounts like a virtual drive.
`.pkg`:
- Installer package.
- Runs an installation process.
`.app`:
- Application bundle.
- Often removed by dragging to Trash, though some apps include uninstallers.
## macOS Folders
`/Applications`:
- Installed apps.
`/Users`:
- User home folders.
`/Library`:
- System-wide support files.
`~/Library`:
- User-specific support files and preferences.
- `~` means the current user's home folder.
`/System`:
- Core operating system files.
## macOS Tools and Features
System Settings:
- macOS equivalent of the Windows Settings app/Control Panel.
- Used for display, network, privacy, accessibility, updates, accounts, and more.
Finder:
- macOS file manager.
- Similar idea to Windows File Explorer.
Dock:
- Quick app launcher and running-app indicator.
Spotlight:
- Search for apps, files, settings, and information.
- Shortcut: `Command-Space`.
Mission Control:
- Shows open windows and desktops.
Spaces:
- Multiple virtual desktops.
Keychain Access:
- Stores passwords, certificates, keys, and secure notes.
iCloud:
- Apple cloud sync for files, photos, contacts, calendars, messages, device backup, and cross-device integration.
Time Machine:
- Built-in macOS backup tool.
- Creates automatic backups and removes oldest backups when the backup disk fills.
Disk Utility:
- Manage disks, partitions, images, erasing, verifying, and repairing file systems.
FileVault:
- Full disk encryption for macOS.
Terminal:
- Command-line access to macOS.
Force Quit:
- Stops an unresponsive application.
- Shortcut: `Command-Option-Escape`.
Continuity:
- Apple cross-device features such as AirDrop, iPhone camera use, message forwarding, and handoff-style workflows.
Gestures:
- Trackpad actions such as swiping, pinching, and multi-finger controls.
Remote Disc:
- Uses an optical drive from another computer.
- Mostly a legacy feature, but still an exam term.
## Commands To Enter On A Mac
Run these in Terminal when you have access to your friend's Mac.
```bash
sw_vers
```
What it does:
- Shows macOS product name, version, and build.
```bash
uname -a
```
What it does:
- Shows kernel and architecture information.
```bash
whoami
```
What it does:
- Shows the current user.
```bash
pwd
```
What it does:
- Shows the current directory.
```bash
ls /Applications
```
What it does:
- Lists installed applications in `/Applications`.
```bash
ls /Users
```
What it does:
- Lists user home folders.
```bash
diskutil list
```
What it does:
- Lists disks and partitions.
```bash
tmutil status
```
What it does:
- Shows Time Machine backup status.
```bash
fdesetup status
```
What it does:
- Shows whether FileVault is enabled.
## Windows/Linux Comparisons
Finder:
- Windows comparison: File Explorer.
- Linux comparison: Files/Nautilus, Dolphin, or another file manager.
System Settings:
- Windows comparison: Settings and Control Panel.
- Linux comparison: GNOME Settings or KDE System Settings.
Terminal:
- Windows comparison: Command Prompt, PowerShell, Windows Terminal.
- Linux comparison: Terminal.
Disk Utility:
- Windows comparison: Disk Management.
- Linux comparison: `lsblk`, `fdisk`, GNOME Disks.
Time Machine:
- Windows comparison: File History, Backup and Restore, system image concepts.
- Linux comparison: distribution-specific backup tools or `rsync`-based workflows.
FileVault:
- Windows comparison: BitLocker.
- Linux comparison: LUKS/disk encryption.
## Mini Lab
Goal:
- Recognize macOS tools by doing safe lookups and comparisons.
On macOS:
1. Open Finder and identify `/Applications` and `/Users`.
2. Open System Settings.
3. Search System Settings for `FileVault`.
4. Search System Settings for `Time Machine`.
5. Open Spotlight with `Command-Space` and search for `Disk Utility`.
6. Open Terminal.
7. Run `sw_vers`.
8. Run `diskutil list`.
9. Run `tmutil status`.
10. Run `fdesetup status`.
Record:
- macOS version:
- Current user:
- FileVault status:
- Time Machine status:
- Main disk name:
- Where app privacy permissions are configured:
Without a Mac:
1. Review the macOS term list.
2. Match each macOS term to a Windows or Linux equivalent.
3. Practice the OS-8 quiz.
## Quick Check Before Quiz
You are ready for the OS-8 quiz when you can answer these without looking:
- What does Time Machine do?
- What does FileVault do?
- What does Keychain store?
- What is Finder comparable to in Windows?
- Which shortcut opens Force Quit?
- Which command shows macOS version?

347
notes/OS-9-linux-client-tools.md Normal file
View file

@ -0,0 +1,347 @@
# OS-9: Linux Client Tools
Status: not started
Domain:
- 1.0 Operating Systems
Objective alignment:
- 1.9 Linux client tools
## What You Need To Know
Linux questions on Core 2 usually test:
- Basic file navigation
- Permissions and ownership
- Important configuration files
- Package managers
- Network commands
- Process and disk usage commands
- The difference between normal user and root/admin actions
## Memory Tricks
Command buckets:
- **Files**: `ls`, `pwd`, `mv`, `cp`, `rm`, `find`, `cat`
- **Permissions**: `chmod`, `chown`, `sudo`, `su`
- **Network**: `ip`, `ping`, `curl`, `dig`, `traceroute`
- **System**: `top`, `ps`, `df`, `du`, `mount`, `fsck`
- **Help**: `man`
Key files:
- `/etc/passwd`: user account list
- `/etc/shadow`: password hashes
- `/etc/hosts`: local name-to-IP mappings
- `/etc/resolv.conf`: DNS resolver settings
- `/etc/fstab`: file systems mounted at boot
Memory hook:
- **PASS users, SHADOW passwords, HOSTS names, RESOLV DNS, FSTAB mounts.**
## Linux Concepts
Root:
- The all-powerful administrative account.
- User ID `0`.
`sudo`:
- Runs one command with elevated privileges.
- Safer than staying logged in as root.
`su`:
- Switches to another user, often root.
- You remain that user until you exit.
Kernel:
- Core of the operating system.
- Manages hardware, memory, and processes.
Bootloader:
- Starts the operating system during boot.
systemd:
- System and service manager.
- Starts and manages services, login sessions, logging, and other system processes.
## Commands To Enter
Safe commands:
```bash
pwd
```
What it does:
- Prints the current working directory.
```bash
ls
```
What it does:
- Lists files and directories.
```bash
ls -l
```
What it does:
- Lists files with permissions, owner, group, size, and date.
```bash
cat /etc/os-release
```
What it does:
- Shows Linux distribution details.
```bash
cat /etc/passwd
```
What it does:
- Shows local user account entries.
- Each line includes username, UID, GID, home directory, and shell.
```bash
cat /etc/hosts
```
What it does:
- Shows local hostname-to-IP mappings.
```bash
cat /etc/resolv.conf
```
What it does:
- Shows DNS resolver settings.
```bash
cat /etc/fstab
```
What it does:
- Shows file systems configured to mount at startup.
```bash
grep root /etc/passwd
```
What it does:
- Searches `/etc/passwd` for lines containing `root`.
```bash
find . -name "*.txt"
```
What it does:
- Finds `.txt` files under the current directory.
```bash
ip addr
```
What it does:
- Shows network interfaces and IP addresses.
```bash
ip route
```
What it does:
- Shows routes, including the default gateway.
```bash
ping -c 4 127.0.0.1
```
What it does:
- Sends four pings to the local loopback address.
```bash
curl https://example.com
```
What it does:
- Retrieves data from a URL.
```bash
dig example.com
```
What it does:
- Queries DNS for detailed domain information.
- If `dig` is not installed, try `nslookup example.com`.
```bash
traceroute example.com
```
What it does:
- Shows the route packets take to a destination.
- If not installed, use `tracepath example.com` if available.
```bash
top
```
What it does:
- Shows live process and resource usage.
- Press `q` to quit.
```bash
ps aux
```
What it does:
- Shows running processes.
```bash
df -h
```
What it does:
- Shows mounted file systems and free space in human-readable units.
```bash
du -h
```
What it does:
- Shows disk usage for files/directories.
```bash
man grep
```
What it does:
- Opens the manual page for `grep`.
- Press `q` to quit.
## Practice File Commands
Use these in a temporary folder:
```bash
mkdir linux-practice
cd linux-practice
echo "Core 2 Linux practice" > notes.txt
cp notes.txt copy.txt
mv copy.txt renamed.txt
ls -l
grep Linux notes.txt
chmod u+x renamed.txt
ls -l
cd ..
rm -r linux-practice
```
What they do:
- `mkdir` creates a directory.
- `cd` changes directory.
- `echo ... > file` writes text to a file.
- `cp` copies a file.
- `mv` moves or renames a file.
- `grep` searches inside a file.
- `chmod u+x` adds execute permission for the owner.
- `rm -r` removes a directory and its contents.
## Admin Commands To Know
Do not run these casually on important systems:
```bash
sudo chown user:group file
```
What it does:
- Changes file owner/group.
```bash
sudo apt update
sudo apt install package-name
```
What it does:
- Updates package lists and installs software on Debian/Ubuntu-based systems.
```bash
sudo dnf install package-name
```
What it does:
- Installs software on Fedora/Red Hat-based systems.
```bash
sudo fsck /dev/device
```
What it does:
- Checks and repairs a file system.
- Usually run on unmounted or read-only volumes.
```bash
sudo mount /dev/device /mnt
```
What it does:
- Mounts a storage device to a directory.
## Windows Comparisons
- `ls` is like `dir`.
- `pwd` is like checking your current path in Command Prompt/PowerShell.
- `top` and `ps` are like Task Manager process views.
- `df -h` is like checking drive free space.
- `fsck` is like `chkdsk`.
- `traceroute` is like Windows `tracert`.
- `dig` is like `nslookup`, but usually more detailed.
## Mini Lab
Goal:
- Practice common Linux commands safely.
Linux:
1. Run `cat /etc/os-release`.
2. Run `pwd`.
3. Run `ls -l`.
4. Run `cat /etc/passwd`.
5. Run `cat /etc/hosts`.
6. Run `cat /etc/resolv.conf`.
7. Run `ip addr`.
8. Run `ip route`.
9. Run `df -h`.
10. Run `ps aux`.
11. Run `top`, then press `q`.
12. Create and remove the `linux-practice` folder from the practice command section.
Record:
- Distribution:
- Current directory:
- Current user:
- DNS server:
- Default gateway:
- Root filesystem free space:
- One running process:
- What permission changed after `chmod u+x`:
Windows comparison:
1. Run `dir`.
2. Run `taskmgr`.
3. Run `tracert example.com`.
4. Run `nslookup example.com`.
5. Record which Linux commands match those Windows tools.
## Quick Check Before Quiz
You are ready for the OS-9 quiz when you can answer these without looking:
- Which file lists user accounts?
- Which file stores password hashes?
- Which command changes file permissions?
- Which command shows live process/resource usage?
- Which command shows disk free space?
- Which package manager is common on Ubuntu/Debian?
- Which command gives help/manual pages?

291
notes/SEC-1-security-controls.md Normal file
View file

@ -0,0 +1,291 @@
# SEC-1: Security Controls
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.1 Security controls
## What You Need To Know
Security controls reduce risk. Core 2 expects you to match the control to the problem.
Main groups:
- Physical security controls
- Physical access controls
- Logical security controls
- Authentication and access management
- Data and device management controls
## Memory Trick
Use **P-L-A-D**:
- **P**hysical: stop bodies, cars, theft, and entry
- **L**ogical: permissions, trust, and network/software rules
- **A**uthentication: prove who you are
- **D**ata/device controls: protect data and managed devices
MFA factors:
- **Know**: password, PIN
- **Have**: smart card, key fob, phone, token
- **Are**: fingerprint, face, retina
- **Where**: location
## Physical Security Controls
Bollards:
- Posts/barriers that stop vehicles.
- Exam clue: prevent cars/trucks from reaching a building.
Access control vestibule:
- Two-door controlled entry area.
- One door opens while the other remains locked.
- Exam clue: prevent tailgating or control one-person-at-a-time entry.
Badge reader:
- Reads magnetic stripe, RFID, NFC, or similar badge.
- Exam clue: employee door access or time clock.
Video surveillance/CCTV:
- Cameras and recording.
- Exam clue: monitor entrances, review incidents, license plates, faces, motion.
Alarm systems:
- Door/window/fence circuits, motion detection, duress buttons.
- Exam clue: alert when perimeter or protected area is breached.
Locks:
- Conventional key, deadbolt, electronic PIN, token-based, biometric, multifactor.
Equipment locks:
- Lock racks, cabinets, laptops, or devices.
Guards and access lists:
- Human verification of ID and visitor access.
- Often includes visitor log.
Fences and lighting:
- Fences create perimeter.
- Lighting deters attackers and improves camera visibility.
Magnetometers:
- Detect metal objects.
- Exam clue: weapons screening.
## Physical Access Factors
Key fob:
- Small RFID/proximity key.
Smart card:
- Certificate-based card, usually part of MFA.
Mobile digital key:
- Phone acts as key for building, hotel, car, or office.
Biometrics:
- Fingerprint, retina, palm, face, or voice.
- Strong but not easily changed if compromised.
## Logical Security Controls
Least privilege:
- Users get only the access needed to do their job.
- Exam clue: reduce damage from mistakes or malware.
Zero Trust:
- Trust nothing automatically.
- Verify users, devices, apps, and requests continuously.
ACL:
- Access Control List.
- Allows or denies traffic or file access based on rules.
## Authentication and Access
MFA:
- Multi-factor authentication.
- Requires two or more different factor types.
OTP:
- One-time password.
- Used once for a login/session.
TOTP:
- Time-based one-time password.
- Common authenticator app code that changes every 30 seconds.
SMS/voice codes:
- Codes sent by text or phone call.
- Better than password only, but weaker than authenticator apps or hardware tokens.
Authentication app:
- Generates codes or push approvals.
SAML:
- Security Assertion Markup Language.
- Standard for authentication/authorization between identity provider and service.
SSO:
- Single sign-on.
- Authenticate once and access multiple approved resources.
Just-in-time access:
- Grants elevated/admin access only temporarily.
- Exam clue: reduce standing admin privileges.
PAM:
- Privileged Access Management.
- Broader system for controlling, vaulting, auditing, and granting privileged access.
## Data and Device Controls
MDM:
- Mobile Device Management.
- Centrally manages phones/tablets/laptops, policies, screen lock, apps, wipe, and BYOD controls.
DLP:
- Data Loss Prevention.
- Detects/prevents sensitive data from leaving approved locations.
- Exam clue: block SSNs, credit cards, medical records, or confidential files from being emailed/uploaded.
IAM:
- Identity and Access Management.
- Gives the right access to the right identities at the right time.
Directory services:
- Central database of users, computers, groups, printers, and resources.
- Windows example: Active Directory.
## Commands To Enter
Windows:
```powershell
whoami
```
What it does:
- Shows the current signed-in user.
```powershell
whoami /groups
```
What it does:
- Shows groups for the current user.
- Useful for checking whether the user has elevated group membership.
```powershell
whoami /priv
```
What it does:
- Shows privileges assigned to the current user.
```powershell
net user
```
What it does:
- Lists local user accounts.
```powershell
net localgroup
```
What it does:
- Lists local groups.
```powershell
net localgroup administrators
```
What it does:
- Shows members of the local Administrators group.
- Use this to check for excessive admin access.
Linux:
```bash
whoami
```
What it does:
- Shows current user.
```bash
id
```
What it does:
- Shows user ID, group ID, and group membership.
```bash
groups
```
What it does:
- Shows groups for the current user.
```bash
sudo -l
```
What it does:
- Shows what commands the current user can run with `sudo`, if allowed.
macOS, if available:
```bash
whoami
id
groups
```
What it does:
- Shows user and group identity information.
## Mini Lab
Goal:
- Identify authentication factors and local privilege level.
Windows:
1. Run `whoami`.
2. Run `whoami /groups`.
3. Run `whoami /priv`.
4. Run `net localgroup administrators`.
5. Record whether your user appears to have admin rights.
Linux:
1. Run `whoami`.
2. Run `id`.
3. Run `groups`.
4. Run `sudo -l`.
5. Record whether your user has sudo/admin rights.
Physical control walk-through:
1. Pick a building you know.
2. Identify one physical control, such as lock, camera, guard, badge reader, or lighting.
3. Identify what risk it reduces.
4. Identify what it does not protect against.
Scenario practice:
- A user needs admin access for 30 minutes to patch a server. Which control fits?
- A company wants to stop credit card numbers from being emailed. Which control fits?
- A company wants all phones to require PINs and allow remote wipe. Which control fits?
## Quick Check Before Quiz
You are ready for the SEC-1 quiz when you can answer these without looking:
- What does least privilege mean?
- What is the difference between SSO and MFA?
- What does DLP protect against?
- What does MDM manage?
- What is just-in-time access?
- Which physical control stops vehicles?

277
notes/SEC-10-soho-network-security.md Normal file
View file

@ -0,0 +1,277 @@
# SEC-10: SOHO Network Security
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.10 SOHO network security
## What You Need To Know
SOHO means Small Office/Home Office. On the exam, this usually means a small router or wireless access point that combines routing, switching, firewall, and Wi-Fi.
Your job is to harden the router so attackers cannot easily control it, join the wireless network, or open paths into the network.
Core protections:
- Change default admin credentials
- Update firmware
- Use WPA2/WPA3 encryption
- Disable UPnP unless required
- Disable remote management unless required
- Use guest networks carefully
- Place network equipment securely
- Use content/IP filtering when needed
## Memory Trick
Use **P-F-W-U-G**:
- **P**asswords: change defaults
- **F**irmware: keep updated
- **W**i-Fi: WPA2/WPA3, not open
- **U**PnP: usually disable
- **G**uest: disable or isolate and secure
Shortcut:
- **If it manages the network, protect the login first.**
## Default Passwords
Routers and access points often ship with known default usernames and passwords.
Why it matters:
- Admin access gives full control of the device.
- Defaults are easy to find online.
- Attackers can change DNS, Wi-Fi settings, firewall rules, and port forwarding.
Best practice:
- Change the admin password during setup.
- Use a strong unique password.
- Store it in a password manager if possible.
## Firmware Updates
Firmware is the router's built-in software.
Updates can include:
- Security patches
- Bug fixes
- Stability fixes
- New features
Exam clue:
- If a router has known vulnerabilities, update firmware from the manufacturer.
## Secure Management Access
Router management access should be limited.
Good settings:
- Strong admin password
- Multifactor authentication if available
- Local management only
- Disable Internet-facing remote administration unless required
- Limit management access by IP address if supported
Cloud management:
- Some routers use cloud accounts.
- Protect the cloud account with a strong password and MFA.
Exam clue:
- If a question says management is exposed to the Internet, disable remote management or restrict access.
## Wi-Fi Security
SSID:
- The wireless network name.
- Change obvious default names such as LINKSYS or NETGEAR.
- Do not use personal information in the SSID.
SSID broadcast:
- Hiding the SSID is not strong security.
- The SSID can still be discovered with wireless tools.
- Use real encryption instead.
Encryption:
- Open network: no password, weak security.
- WPA2-Personal or WPA3-Personal: common SOHO choice with a pre-shared key.
- WPA2/WPA3-Enterprise: uses individual user authentication with a server, usually in larger organizations.
Best SOHO choice:
- WPA3-Personal when supported.
- WPA2-Personal if WPA3 is not available.
- Strong Wi-Fi passphrase.
## UPnP
UPnP means Universal Plug and Play.
What it does:
- Lets internal apps/devices automatically open inbound ports on the router.
- Common with gaming, media, and peer-to-peer apps.
Risk:
- Apps may open ports without approval.
- This can expose internal services to the Internet.
Best practice:
- Disable UPnP unless a required app needs it.
## IP Filtering and Content Filtering
Allow list:
- Only approved traffic or destinations are allowed.
- More restrictive.
Deny list:
- Blocks known bad traffic, sites, domains, or IPs.
- More flexible but less strict.
Content filtering:
- Blocks traffic by URL, category, malware reputation, or content type.
- Used for parental controls, business policy, and malware protection.
Exam clue:
- If the goal is to block inappropriate websites, use content filtering.
- If the goal is to permit only known systems or destinations, use an allow list.
## Screened Subnet
A screened subnet is a separate network area for public-facing services.
Older term:
- DMZ
Purpose:
- Keeps public systems separated from the internal private network.
- Adds a layer between the Internet and internal devices.
SOHO example:
- A router may have a DMZ host option.
- Be careful: placing a device in a DMZ can expose it heavily.
## Guest Networks
Guest networks can be useful, but they must be controlled.
Best practice:
- Disable guest network if not needed.
- If enabled, use WPA2/WPA3.
- Isolate guests from internal devices.
- Use a separate password.
Common uses:
- Visitors
- IoT devices
- Lab or test devices
Exam clue:
- If visitors need Internet but should not access internal PCs, use an isolated guest network.
## Physical Placement
Network devices should be physically protected.
Reasons:
- A person with physical access may reset the router.
- A person may unplug cables or connect unauthorized devices.
- Wireless access points need good placement for coverage.
Best practice:
- Keep routers, switches, and access points in a secure location.
- Place wireless access points high and central when possible.
- Plan power and access for maintenance.
## Commands To Enter
These commands inspect your local network. They do not change router settings.
Windows PowerShell:
```powershell
ipconfig
```
What it does:
- Shows IP address information.
- Look for Default Gateway; that is usually your router.
```powershell
Get-NetConnectionProfile
```
What it does:
- Shows the current network profile.
- Public is more restrictive; Private is used for trusted local networks.
```powershell
netsh wlan show interfaces
```
What it does:
- Shows Wi-Fi connection details, including SSID and authentication type.
Linux:
```bash
ip route
```
What it does:
- Shows the default route.
- The `default via` address is usually your router.
```bash
nmcli dev wifi list
```
What it does:
- Lists nearby Wi-Fi networks if NetworkManager is installed.
- Shows SSIDs and security types.
```bash
nmcli connection show --active
```
What it does:
- Shows active network connections.
macOS:
```bash
route -n get default
```
What it does:
- Shows the default gateway router.
```bash
networksetup -getairportnetwork en0
```
What it does:
- Shows the connected Wi-Fi network on many Macs.
- Some Macs may use a different interface than `en0`.
```bash
system_profiler SPAirPortDataType
```
What it does:
- Shows detailed Wi-Fi information.
Do not log in to a router you do not own or administer. Do not change router settings in this section unless you understand the impact.
## Quick Checks
You should be able to answer:
- Why change default router passwords?
- Why keep firmware updated?
- Why is WPA2/WPA3 better than an open network?
- Why is hiding the SSID not strong security?
- Why is UPnP risky?
- When should you use a guest network?
- What is the purpose of a screened subnet?

314
notes/SEC-11-browser-security.md Normal file
View file

@ -0,0 +1,314 @@
# SEC-11: Browser Security
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.11 Browser security
## What You Need To Know
Browsers are a major security target because users access email, banking, cloud apps, password resets, downloads, and work systems through them.
The exam wants you to know how to secure:
- Browser installation sources
- Updates and patches
- Extensions and plug-ins
- Password storage
- Certificates and secure connections
- Pop-ups, ads, cache, cookies, and private browsing
- Browser sync and proxy settings
## Memory Trick
Use **D-U-E-C-P**:
- **D**ownload from trusted sources
- **U**pdate the browser
- **E**xtensions only from trusted stores
- **C**ertificates must be valid
- **P**rivacy data can be cleared
Shortcut:
- **Browser trust starts before install and continues with updates.**
## Trusted Browser Downloads
Safe browser installation:
- Go directly to the vendor website or official app store.
- Avoid links in email.
- Avoid random third-party download sites.
- Verify downloads with hashes or signatures when provided.
Hash verification:
- A hash is a fingerprint of a file.
- If the downloaded file hash matches the posted hash, the file likely did not change.
- If it does not match, do not install it.
Exam clue:
- If a user needs to install a browser safely, choose trusted source and hash/signature verification.
## Browser Updates
Browsers need frequent updates because browser vulnerabilities are heavily targeted.
Updates may come from:
- The browser itself
- The operating system update process
- An enterprise software management tool
Best practice:
- Keep automatic updates enabled when possible.
- Restart the browser after updates if required.
Exam clue:
- If the browser has security vulnerabilities or degraded behavior from an old version, update it.
## Extensions and Plug-ins
Extensions add browser features, but they can also steal data.
Trusted sources:
- Official browser extension stores
- Microsoft Store
- Chrome Web Store
- Known vendor websites
Untrusted sources:
- Random websites
- Email links
- Pop-up prompts
- Extensions installed by malware
Possible malicious extension behavior:
- Credential theft
- Screenshot capture
- Keylogging
- Redirecting searches
- Data exfiltration
Best practice:
- Install only necessary extensions.
- Remove unused extensions.
- Review permissions before installing.
## Password Managers
Password managers store credentials in an encrypted vault.
Benefits:
- Unique passwords for each site
- Strong generated passwords
- Easier password hygiene
- Sync across devices when configured
Risk:
- The vault must be protected with a strong master password.
- Browser-saved passwords may be less controlled than enterprise password managers.
Exam clue:
- If the issue is password reuse across many websites, use a password manager.
## Secure Connections and Certificates
HTTPS uses certificates to prove the site identity and protect traffic.
Browser certificate warnings may mean:
- Certificate is expired
- Certificate is for the wrong domain
- Certificate is signed by an untrusted authority
- System date/time is wrong
- A captive portal or inspection device is interfering
Best practice:
- Do not ignore certificate warnings on sensitive sites.
- Check certificate details.
- Check the system date and time.
Exam clue:
- If a browser shows invalid certificate warnings, investigate before entering credentials.
## Pop-Up Blockers and Notifications
Pop-up blockers stop unwanted browser windows or prompts.
Best practice:
- Keep pop-up blocking enabled.
- Allow pop-ups only for trusted sites that require them.
- Disable only temporarily for troubleshooting.
Browser notifications:
- Websites may request permission to send notifications.
- Malicious or low-quality sites can abuse notification prompts.
- Disable unwanted site notifications.
## Clearing Private Data
Browser data can include:
- History
- Cookies
- Cache
- Download list
- Saved form data
- Saved passwords
Cache:
- Stores parts of websites locally.
- Can speed up browsing.
- Can cause stale-page or troubleshooting issues.
Cookies:
- Store session and site data.
- Can keep users signed in.
- Can also be used for tracking.
Best practice:
- Clear cache/cookies when troubleshooting site problems.
- Be careful before clearing saved passwords.
## Private Browsing Mode
Private browsing does not save normal local session history after the window closes.
It can remove:
- Browsing history for that session
- Download history list
- Temporary cache/cookies for that private session
It does not make you invisible to:
- Websites
- Employer/school networks
- Internet provider
- Network logging tools
Exam clue:
- Private browsing is local privacy, not full anonymity.
## Browser Data Synchronization
Browser sync can share data across devices.
Synced items may include:
- Bookmarks
- History
- Extensions
- Passwords
- Settings
Risk:
- A compromised browser account can expose synced data.
- Unwanted extensions may appear on multiple devices.
Best practice:
- Protect sync accounts with MFA.
- Disable sync for sensitive categories if policy requires it.
## Ad Blockers and Proxies
Ad blockers:
- Can reduce ads and some malicious ad risks.
- May break some websites.
- Should come from trusted extension stores.
Proxy:
- Sits between the browser and the destination site.
- Can cache content.
- Can enforce access control.
- Can filter traffic.
- Can be configured manually or by policy.
Exam clue:
- If browsing must be filtered or logged centrally, think proxy or content filtering.
## Commands To Enter
Windows PowerShell:
```powershell
Get-FileHash "$env:USERPROFILE\Downloads\example.exe"
```
What it does:
- Calculates a hash for a downloaded file.
- Replace `example.exe` with a real file name only when you intentionally want to check it.
```powershell
start ms-settings:dateandtime
```
What it does:
- Opens Windows date and time settings.
- Wrong date/time can cause certificate warnings.
```powershell
start chrome://settings/privacy
```
What it does:
- Opens Chrome privacy settings if Chrome is installed.
Linux:
```bash
sha256sum ~/Downloads/example-file
```
What it does:
- Calculates a SHA-256 hash for a downloaded file.
- Replace `example-file` with a real file name only when checking a download.
```bash
date
```
What it does:
- Shows the system date and time.
- Incorrect date/time can cause certificate warnings.
```bash
xdg-open chrome://settings/privacy
```
What it does:
- Attempts to open Chrome privacy settings.
- Works only if a compatible browser handles the URL.
macOS:
```bash
shasum -a 256 ~/Downloads/example-file
```
What it does:
- Calculates a SHA-256 hash for a downloaded file.
```bash
date
```
What it does:
- Shows the system date and time.
```bash
open -b com.apple.Safari
```
What it does:
- Opens Safari.
- Use Safari Settings to inspect privacy, extensions, passwords, and website permissions.
Do not clear saved passwords, remove profiles, or reset browser settings during this section unless you intentionally want those changes.
## Quick Checks
You should be able to answer:
- Why download browsers from trusted sources?
- What does a file hash prove?
- Why do browser updates matter?
- Why are extensions risky?
- What does a certificate warning mean?
- What does private browsing protect, and what does it not protect?
- Why protect browser sync with MFA?

321
notes/SEC-2-windows-security-settings.md Normal file
View file

@ -0,0 +1,321 @@
# SEC-2: Windows Security Settings
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.2 Windows security settings
## What You Need To Know
Windows security questions often ask where to configure or verify a protection.
Core areas:
- Microsoft Defender Antivirus
- Windows Defender Firewall
- Windows Security app
- Local, Microsoft, and domain accounts
- Users and groups
- Login options and Windows Hello
- UAC and Run as administrator
- NTFS vs. share permissions
- BitLocker and BitLocker To Go
- EFS
- Active Directory basics
- Group Policy basics
## Memory Trick
Use **A-F-U-P-E-D-G**:
- **A**ntivirus: Defender
- **F**irewall: network profiles and exceptions
- **U**sers: local/Microsoft/domain accounts
- **P**ermissions: NTFS/share
- **E**ncryption: BitLocker/EFS
- **D**irectory: Active Directory
- **G**roup Policy: centralized settings
Encryption shortcut:
- **BitLocker = whole volume**
- **BitLocker To Go = removable drive**
- **EFS = individual files/folders on NTFS**
## Defender Antivirus
Microsoft Defender Antivirus:
- Built into Windows.
- Managed from Windows Security > Virus & threat protection.
- Uses real-time protection.
- Needs updated definitions/signatures.
Exam clue:
- If the task is scan/update/check Windows antivirus, go to Windows Security or Defender.
## Windows Defender Firewall
Windows Defender Firewall:
- Should normally remain enabled.
- Has separate profiles such as Public and Private.
- Can allow an app, allow/block a port, use predefined rules, or create custom rules.
Exam clue:
- If an app cannot receive network traffic, check firewall exception/rule.
- Public profile should be stricter than Private.
## Windows Accounts
Local account:
- Exists only on one Windows computer.
Microsoft account:
- Cloud-linked personal/work account.
- Can sync settings and integrate with Microsoft services.
Domain account:
- Centrally managed by Active Directory.
- Used in business environments.
User types/groups:
- Administrator: elevated control.
- Standard user: normal daily use.
- Guest: limited access.
- Groups simplify permissions.
## Login Options
Common options:
- Password
- PIN
- Fingerprint
- Facial recognition
- Security key
- Windows Hello
- Domain/SSO login
Passwordless authentication:
- Uses methods such as biometrics, PIN, or security key instead of a traditional password.
## UAC and Run As Administrator
UAC:
- User Account Control.
- Limits automatic administrative access.
- Prompts before elevated actions.
Run as administrator:
- Starts an app with elevated permissions.
- Needed for tasks like installing services, changing system files, or editing protected settings.
Memory trick:
- **Admin account is not always elevated. UAC asks before elevation.**
## NTFS vs. Share Permissions
NTFS permissions:
- Apply locally and over the network.
- Stored on NTFS volumes.
Share permissions:
- Apply only when accessing through a network share.
Rule:
- The most restrictive effective permission wins.
- Deny usually overrides allow.
Inheritance:
- Permissions can flow from parent folder to child files/folders.
Explicit permissions:
- Set directly on the object.
## BitLocker vs. EFS
BitLocker:
- Encrypts an entire volume.
- Protects data if a device or drive is stolen.
BitLocker To Go:
- Encrypts removable drives such as USB flash drives.
EFS:
- Encrypting File System.
- Encrypts individual files/folders on NTFS.
- Tied to user credentials/certificates.
- Password reset problems can make EFS files inaccessible if recovery is not planned.
## Active Directory and Group Policy
Active Directory:
- Central database of users, computers, groups, printers, shares, and other objects.
- Domain controllers store/manage the domain database.
Domain:
- Group of managed users, computers, and resources.
OU:
- Organizational Unit.
- Container used to organize AD objects and apply policies.
Group Policy:
- Centralized settings for users/computers.
- Can configure security settings, login scripts, folder redirection, and more.
Security groups:
- Assign permissions to a group, then add users to the group.
Folder redirection:
- Redirects folders such as Desktop/Documents to a network location.
## Commands To Enter
Windows:
```powershell
windowsdefender:
```
What it does:
- Opens Windows Security.
```powershell
firewall.cpl
```
What it does:
- Opens Windows Defender Firewall.
```powershell
wf.msc
```
What it does:
- Opens Windows Defender Firewall with Advanced Security.
```powershell
whoami
```
What it does:
- Shows current user.
```powershell
whoami /groups
```
What it does:
- Shows group membership for the current user.
```powershell
net user
```
What it does:
- Lists local users.
```powershell
net localgroup administrators
```
What it does:
- Lists local Administrators group members.
```powershell
gpupdate /force
```
What it does:
- Forces Group Policy refresh.
- Most useful on domain-joined systems.
```powershell
gpresult /r
```
What it does:
- Shows applied Group Policy summary.
```powershell
manage-bde -status
```
What it does:
- Shows BitLocker status.
```powershell
cipher /?
```
What it does:
- Shows help for the `cipher` command used with EFS and encryption-related tasks.
Linux comparison:
```bash
whoami
id
groups
```
What it does:
- Shows current user and group identity.
macOS comparison, if available:
```bash
fdesetup status
```
What it does:
- Shows FileVault disk encryption status on macOS.
## Mini Lab
Goal:
- Identify Windows security status and account privilege context.
Windows:
1. Run `windowsdefender:`.
2. Open Virus & threat protection and find protection update status.
3. Run `firewall.cpl`.
4. Identify active firewall profiles.
5. Run `wf.msc`.
6. Locate inbound and outbound rules.
7. Run `whoami`.
8. Run `whoami /groups`.
9. Run `net localgroup administrators`.
10. Run `manage-bde -status`.
11. Run `gpresult /r`.
Record:
- Defender protection status:
- Defender update status:
- Firewall profile active:
- Current user:
- Admin group membership:
- BitLocker status:
- Group Policy result available:
Permissions scenario:
1. Create a test folder.
2. Right-click > Properties > Security.
3. View permissions only.
4. Do not remove permissions.
Record:
- One user/group listed:
- One permission listed:
- Whether permissions are inherited:
## Quick Check Before Quiz
You are ready for the SEC-2 quiz when you can answer these without looking:
- What is the difference between NTFS and share permissions?
- Which encryption protects an entire Windows volume?
- Which encryption protects individual NTFS files/folders?
- What does UAC do?
- What does `gpupdate /force` do?
- Where do you check Defender status?

251
notes/SEC-3-wireless-security.md Normal file
View file

@ -0,0 +1,251 @@
# SEC-3: Wireless Security and Authentication Methods
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.3 Wireless security
## What You Need To Know
Wireless security questions usually ask which encryption/authentication method is safest or most appropriate.
Core ideas:
- WEP is obsolete and should not be used.
- WPA was a temporary improvement over WEP.
- WPA2 with AES is still common and acceptable.
- WPA3 is newer and stronger.
- Personal/PSK uses one shared password.
- Enterprise/802.1X authenticates users individually, usually with RADIUS.
## Memory Trick
Use **3 beats 2, AES beats TKIP, Enterprise beats shared password**.
Order to remember:
- **WEP = Weak**
- **WPA = temporary**
- **WPA2-AES = solid**
- **WPA3 = strongest common choice**
Mode shortcut:
- **Personal = shared pre-shared key**
- **Enterprise = individual user authentication**
## Wireless Encryption
WEP:
- Wired Equivalent Privacy.
- Broken/obsolete.
- Do not choose it unless the question asks what should be replaced.
WPA:
- Wi-Fi Protected Access.
- Temporary replacement for WEP.
- Uses TKIP.
TKIP:
- Older encryption method used with WPA.
- Avoid when better options exist.
WPA2:
- Stronger replacement for WPA.
- Uses AES.
AES:
- Advanced Encryption Standard.
- Stronger than TKIP.
WPA3:
- Newer than WPA2.
- Improves encryption and key exchange.
- Best default answer when supported.
## Wireless Modes
Open:
- No password.
- Avoid for private/business networks.
WPA2/WPA3-Personal:
- Uses a pre-shared key.
- Good for home/SOHO networks.
- Everyone uses the same Wi-Fi password.
WPA2/WPA3-Enterprise:
- Uses 802.1X.
- Authenticates users individually.
- Usually uses RADIUS.
- Best for business networks when supported.
## Authentication Methods
RADIUS:
- Remote Authentication Dial-in User Service.
- Centralized AAA service.
- Common for VPN, wireless 802.1X, network devices, and server authentication.
TACACS+:
- Authentication protocol common with Cisco/network device administration.
- Exam clue: network device admin authentication, especially Cisco.
Kerberos:
- Ticket-based network authentication.
- Common in Microsoft/Active Directory environments.
- Supports SSO-style access in Windows domains.
MFA:
- Multi-factor authentication.
- Uses more than one factor type:
- Something you know
- Something you have
- Something you are
- Somewhere you are
- Something you do
## Scenario Shortcuts
Home Wi-Fi:
- WPA3-Personal if supported.
- WPA2-AES if WPA3 is not available.
Business Wi-Fi:
- WPA3-Enterprise or WPA2-Enterprise with 802.1X/RADIUS.
Legacy weak network:
- Replace WEP/WPA/TKIP.
VPN authentication server:
- RADIUS is a common answer.
Cisco/network device admin authentication:
- TACACS+ is a common answer.
Microsoft domain authentication:
- Kerberos is a common answer.
## Commands To Enter
Windows:
```powershell
netsh wlan show interfaces
```
What it does:
- Shows current Wi-Fi interface, SSID, authentication, and cipher details.
- Works only if Wi-Fi is present and connected.
```powershell
netsh wlan show profiles
```
What it does:
- Lists saved Wi-Fi profiles.
```powershell
ipconfig /all
```
What it does:
- Shows network adapter details, including DHCP and DNS information.
```powershell
ncpa.cpl
```
What it does:
- Opens Network Connections.
Linux:
```bash
nmcli device status
```
What it does:
- Shows network devices and connection state when NetworkManager is installed.
```bash
nmcli connection show
```
What it does:
- Shows configured network connections when NetworkManager is installed.
```bash
iw dev
```
What it does:
- Shows wireless interface information if wireless tools are installed.
```bash
ip addr
```
What it does:
- Shows network interfaces and IP addresses.
macOS, if available:
```bash
networksetup -listallhardwareports
```
What it does:
- Lists network hardware ports, including Wi-Fi.
```bash
airport -I
```
What it does:
- Shows current Wi-Fi details on many macOS systems.
- On some macOS versions, the `airport` command path may require lookup or may be deprecated.
## Mini Lab
Goal:
- Identify current wireless mode/security without changing router settings.
Windows:
1. Connect to a known Wi-Fi network.
2. Run `netsh wlan show interfaces`.
3. Run `netsh wlan show profiles`.
4. Run `ipconfig /all`.
5. Record:
- SSID:
- Authentication:
- Cipher:
- DHCP enabled:
- DNS server:
Linux:
1. Run `nmcli device status`.
2. Run `nmcli connection show`.
3. Run `ip addr`.
4. Optional: run `iw dev`.
5. Record:
- Wireless interface name:
- Active connection:
- IP address:
Router review, if you own/admin the network:
1. Look at Wi-Fi security mode.
2. Confirm WEP/TKIP are not used.
3. Prefer WPA3 or WPA2-AES.
4. Do not change settings unless you understand the impact.
## Quick Check Before Quiz
You are ready for the SEC-3 quiz when you can answer these without looking:
- Which wireless security should be avoided?
- Which is stronger: TKIP or AES?
- Which mode uses one shared password?
- Which mode uses 802.1X/RADIUS?
- Which authentication protocol is common in Microsoft domains?
- Which authentication protocol is common for VPN/wireless AAA?

275
notes/SEC-4-malware-security-tools.md Normal file
View file

@ -0,0 +1,275 @@
# SEC-4: Malware and Security Tools
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.4 Malware and security tools
## What You Need To Know
Malware questions usually ask you to identify the type of malware or choose the right security tool.
Do not memorize only definitions. Tie each malware type to its behavior.
## Memory Trick
Use **RATS-VCK-BFP**:
- **R**ansomware: ransom after encryption
- **A**dware/PUP: ads or unwanted extras
- **T**rojan: tricks you by pretending to be useful
- **S**pyware/stalkerware: surveillance
- **V**irus: needs execution and can replicate
- **C**ryptominer: steals CPU/GPU cycles
- **K**eylogger: captures keystrokes
- **B**oot sector virus: starts before/with OS boot
- **F**ileless malware: lives in memory
- **P**ersistent/rootkit: hides deep in the system
## Malware Types
Trojan:
- Pretends to be legitimate software.
- Does not need to self-replicate.
- Often opens the door for other malware.
Rootkit:
- Hides deep in the OS, kernel, drivers, or boot process.
- May not appear in normal tools like Task Manager.
- Often requires special tools or reinstall/reimage.
Virus:
- Replicates by infecting files or systems.
- Usually needs a program to run.
Spyware:
- Watches user activity.
- May track browsing, personal data, or behavior.
Ransomware:
- Encrypts or locks user data and demands payment.
- Strong backup strategy is critical.
Keylogger:
- Captures keystrokes.
- Can steal passwords even when websites use encryption.
Cryptominer:
- Uses CPU/GPU resources to mine cryptocurrency.
- Clue: unexplained high CPU/GPU use, heat, fan noise.
Boot sector virus:
- Infects boot code.
- Starts before or during OS boot.
- Secure Boot helps reduce this risk.
Fileless malware:
- Runs from memory or trusted scripting tools.
- Avoids writing a normal malware file to disk.
Stalkerware:
- Surveillance software, often on mobile devices.
- Tracks location, messages, microphone, camera, screenshots, or activity.
PUP:
- Potentially Unwanted Program.
- Often bundled with other installs.
- May include adware, toolbars, or browser hijackers.
## Security Tools
Windows Recovery Environment:
- Used when Windows will not start normally or malware blocks normal repair.
- Powerful and risky.
- Last-resort style tool for boot repair, command prompt, service/device startup changes, or file replacement.
Antivirus/anti-malware:
- Detects, blocks, quarantines, and removes malware.
- Should use real-time protection and updated definitions.
EDR:
- Endpoint Detection and Response.
- Detects behavior, investigates endpoint threats, and can isolate/quarantine/respond.
MDR:
- Managed Detection and Response.
- Third-party managed service that monitors and responds to EDR/security events.
XDR:
- Extended Detection and Response.
- Correlates endpoint, network, cloud, and other security data.
Email security gateway:
- Filters inbound/outbound email.
- Blocks phishing, malware, spam, and suspicious attachments before reaching users.
Software firewall:
- Monitors and controls local network communication.
- Can stop malware from calling out.
Anti-phishing training:
- Teaches users to identify phishing and social engineering.
- Important because technology alone cannot stop every attack.
End-user education:
- Broader security awareness: links, downloads, reporting, password hygiene, safe behavior.
OS reinstallation/reimage:
- Most reliable way to remove severe or persistent malware.
- Must ensure backups/images are clean.
## Tool Matching Shortcut
- Email threat before user sees it: **email security gateway**
- Suspicious endpoint behavior: **EDR**
- Outsourced endpoint monitoring: **MDR**
- Endpoint plus network/cloud correlation: **XDR**
- Local app calling out unexpectedly: **software firewall**
- Persistent/rootkit/severe infection: **reimage/reinstall**
- User keeps clicking bad links: **anti-phishing training**
- Windows will not boot or malware blocks repair: **Windows RE**
## Commands To Enter
Windows inspection commands:
```powershell
windowsdefender:
```
What it does:
- Opens Windows Security.
- Use it to check Virus & threat protection.
```powershell
taskmgr
```
What it does:
- Opens Task Manager.
- Use it to look for high CPU, memory, disk, or suspicious processes.
```powershell
resmon
```
What it does:
- Opens Resource Monitor.
- Gives more detailed live CPU, memory, disk, and network activity.
```powershell
eventvwr.msc
```
What it does:
- Opens Event Viewer.
- Use it to inspect logs for crashes, service issues, and security-related events.
```powershell
netstat -ano
```
What it does:
- Shows active connections/listening ports and process IDs.
- Useful for spotting unexpected network connections.
```powershell
Get-Process | Sort-Object CPU -Descending | Select-Object -First 10
```
What it does:
- Lists the top processes by CPU use in PowerShell.
Linux inspection commands:
```bash
top
```
What it does:
- Shows live process/resource usage.
```bash
ps aux
```
What it does:
- Lists running processes.
```bash
ss -tulpn
```
What it does:
- Shows listening network sockets and associated processes when permissions allow.
```bash
journalctl -p err
```
What it does:
- Shows systemd journal errors.
macOS, if available:
```bash
top
ps aux
```
What it does:
- Shows running processes and resource usage.
## Mini Lab
Goal:
- Practice safe inspection and tool selection.
Windows:
1. Open Windows Security with `windowsdefender:`.
2. Check whether Virus & threat protection is enabled.
3. Open Task Manager with `taskmgr`.
4. Sort by CPU and memory.
5. Open Resource Monitor with `resmon`.
6. Run `netstat -ano`.
7. Record:
- Antivirus status:
- Highest CPU process:
- Any listening ports:
- One unexpected thing you would investigate further:
Linux:
1. Run `top`, then press `q`.
2. Run `ps aux`.
3. Run `ss -tulpn`.
4. Run `journalctl -p err`.
5. Record:
- Highest CPU process:
- One listening service:
- One error log theme:
Tabletop scenarios:
- Files are encrypted and a payment note appears.
- Browser homepage changes and toolbars appear after installing free software.
- CPU is high even when no apps are open.
- A system keeps reinfecting after cleanup.
- Users are receiving malicious attachments by email.
For each scenario, identify:
- Malware type or likely issue
- Best tool or response
- What evidence you would collect
## Quick Check Before Quiz
You are ready for the SEC-4 quiz when you can answer these without looking:
- What malware encrypts user files for payment?
- What malware captures keystrokes?
- What malware hides deep in the OS?
- What tool filters malicious email?
- What is the difference between EDR, MDR, and XDR?
- When is reimage/reinstall the right answer?

306
notes/SEC-5-social-engineering-attacks.md Normal file
View file

@ -0,0 +1,306 @@
# SEC-5: Social Engineering and Attacks
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.5 Social engineering and attacks
## What You Need To Know
This objective is scenario-heavy. The exam describes an attack and expects you to identify the type or best prevention.
Think in categories:
- Human manipulation
- Availability attacks
- Spoofing/on-path attacks
- Password attacks
- Web app attacks
- Insider/supply chain risks
- Vulnerable systems
## Memory Trick
Use **PHISH-DOS-PASS-WEB-SUPPLY**:
- **PHISH**: phishing, vishing, smishing, QR phishing, spear phishing, whaling
- **DOS**: DoS and DDoS
- **PASS**: brute force, dictionary, plaintext passwords
- **WEB**: SQL injection and XSS
- **SUPPLY**: service provider, hardware, software supply chain
Physical/social trick:
- **Tailgating = no consent**
- **Piggybacking = with consent**
## Phishing Variants
Phishing:
- Fraud messages that trick users into clicking, logging in, paying, or sharing data.
- Often uses spoofed email, fake sites, urgency, or suspicious links.
Vishing:
- Voice phishing by phone or voicemail.
Smishing:
- SMS/text phishing.
QR code phishing:
- Malicious QR code points to a fake or harmful site.
Spear phishing:
- Targeted phishing aimed at a specific person or group.
Whaling:
- Spear phishing aimed at executives or high-value targets.
Business Email Compromise (BEC):
- Attacker uses email trust to request money, gift cards, payroll changes, or wire transfers.
- Prevention: verify requests through a separate trusted channel.
## Physical/Social Attacks
Shoulder surfing:
- Watching someone enter or view sensitive information.
- Prevention: privacy screens, awareness, monitor placement.
Tailgating:
- Unauthorized person follows through a secure door without consent.
Piggybacking:
- Authorized person knowingly lets someone follow them in.
Impersonation:
- Pretending to be someone trusted, such as help desk, vendor, executive, or employee.
Dumpster diving:
- Searching trash for information useful in later attacks.
- Prevention: shredding, secure disposal, clean desk policy.
## Availability Attacks
DoS:
- Denial of Service.
- One system/attack source makes a service unavailable.
DDoS:
- Distributed Denial of Service.
- Many systems, often botnets, attack at once.
Prevention/mitigation:
- ISP filtering
- Cloud DDoS protection
- Firewall/rate-limit patterns
- Redundancy
## Spoofing and On-Path Attacks
On-path attack:
- Attacker intercepts/redirects traffic between victim and destination.
- Formerly called man-in-the-middle.
ARP poisoning:
- Local network attack that tricks devices about MAC-to-IP mappings.
Evil twin:
- Fake Wi-Fi access point that looks legitimate.
- Prevention: VPN, HTTPS, avoid unknown Wi-Fi, verify SSID, use enterprise authentication.
On-path browser attack:
- Malware in the browser proxies or manipulates traffic from the victim's own machine.
## Zero-Day Attacks
Zero-day:
- Exploit for a vulnerability not yet known or patched by the vendor.
Exam clue:
- No patch exists yet, or the vulnerability was unknown before exploitation.
Mitigation:
- Defense in depth, least privilege, behavior detection, segmentation, rapid patching when fixes arrive.
## Password Attacks
Plaintext password storage:
- Passwords stored unencrypted.
- Bad design.
Hashing:
- One-way representation of a password.
- Used for password storage.
Brute force:
- Try every possible password combination.
Dictionary attack:
- Try likely words/password lists and substitutions.
Mitigation:
- Long passwords
- MFA
- Account lockout/rate limiting
- Strong hashing
- Password managers
## Web App Attacks
SQL injection:
- Attacker modifies database queries through unsafe input.
- Example effect: view, change, or delete database data.
- Prevention: input validation, parameterized queries, secure coding.
XSS:
- Cross-site scripting.
- Attacker injects scripts into trusted web pages or links.
- Can steal cookies/session tokens or act as the user.
- Prevention: input validation/output encoding, secure coding, browser updates.
Memory trick:
- **SQL injection attacks the database.**
- **XSS attacks the user's browser trust.**
## Insider and Supply Chain
Insider threat:
- Employee, contractor, or trusted person misuses access.
- May be malicious or careless.
Supply chain attack:
- Attacker compromises a vendor, provider, update, hardware, or software source.
- Trusted relationship becomes the attack path.
Service provider risk:
- Third-party providers may have access to internal systems.
Mitigation:
- Vendor audits
- Least privilege
- Contract security requirements
- Monitor provider access
- Verify software signatures
## Vulnerable Systems
Non-compliant systems:
- Do not meet organization standards.
Unpatched systems:
- Missing security updates.
Unprotected systems:
- Security controls disabled or absent.
EOL/EOSL:
- End of life/end of service life.
- No normal security patches or support.
BYOD:
- Bring Your Own Device.
- User-owned device accessing company data.
- Needs policy, MDM, data separation, and security requirements.
## Commands To Enter
Windows:
```powershell
arp -a
```
What it does:
- Shows ARP cache entries.
- Useful conceptually for ARP poisoning discussions.
```powershell
netstat -ano
```
What it does:
- Shows active network connections and listening ports.
```powershell
ipconfig /all
```
What it does:
- Shows IP, DNS, gateway, and adapter information.
```powershell
whoami /groups
```
What it does:
- Shows group membership and helps discuss insider/privilege risk.
Linux:
```bash
ip neigh
```
What it does:
- Shows neighbor/ARP table entries.
```bash
ss -tulpn
```
What it does:
- Shows listening sockets and processes when allowed.
```bash
ip route
```
What it does:
- Shows routes, including default gateway.
## Mini Lab
Goal:
- Practice identifying attack types safely.
Windows:
1. Run `arp -a`.
2. Run `netstat -ano`.
3. Run `ipconfig /all`.
4. Record:
- Default gateway:
- One ARP entry:
- One active/listening connection:
Linux:
1. Run `ip neigh`.
2. Run `ss -tulpn`.
3. Run `ip route`.
4. Record:
- Default gateway:
- One neighbor entry:
- One listening service:
Scenario practice:
1. A CFO gets an email asking for a wire transfer.
2. A user scans a QR code on a parking meter and lands on a fake payment site.
3. A fake Wi-Fi network copies the hotel SSID.
4. An attacker tries every possible password.
5. A vendor software update is compromised.
6. A website search box runs attacker-supplied JavaScript.
7. A database query is manipulated through form input.
For each:
- Name the attack.
- Name one prevention or mitigation.
## Quick Check Before Quiz
You are ready for the SEC-5 quiz when you can answer these without looking:
- What is the difference between phishing, vishing, smishing, spear phishing, and whaling?
- What is the difference between tailgating and piggybacking?
- What does an evil twin imitate?
- What is the difference between SQL injection and XSS?
- What is a supply chain attack?
- What is the difference between DoS and DDoS?

247
notes/SEC-6-malware-removal-process.md Normal file
View file

@ -0,0 +1,247 @@
# SEC-6: Malware Removal Process
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.6 Malware removal process
## What You Need To Know
The exam expects the malware removal process in order. Do not just know the steps individually; know what comes next.
Important idea:
- Full wipe/reimage from known-good media is the cleanest answer for severe malware.
- Remediation is sometimes done to recover data or restore enough function to continue business.
## Memory Trick
Use **I-Q-D-R-U-S-R-S-E-E**:
1. **I**nvestigate and verify symptoms
2. **Q**uarantine infected systems
3. **D**isable System Restore/System Protection
4. **R**emediate infected systems
5. **U**pdate anti-virus/anti-malware
6. **S**can and remove
7. **R**eimage/reinstall if needed
8. **S**chedule scans and run updates
9. **E**nable System Protection and create restore point
10. **E**ducate the end user
Short phrase:
- **Investigate, Quarantine, Disable, Remediate, Update, Scan, Reimage, Schedule, Enable, Educate.**
## Step 1: Investigate and Verify Symptoms
Look for:
- Odd error messages
- Fake security alerts
- Application failures
- Slow boot
- Slow applications
- Browser redirects
- Files encrypted/renamed/missing
- Unknown processes
Goal:
- Confirm there is a real problem before changing anything.
## Step 2: Quarantine Infected Systems
Actions:
- Disconnect from network.
- Disable Wi-Fi/Bluetooth if needed.
- Isolate removable media.
- Prevent file transfer from the infected system.
Goal:
- Stop spread.
## Step 3: Disable System Restore/System Protection
Why:
- Malware can hide in restore points.
- Restoring later could bring the infection back.
Exam clue:
- Disable before remediation, re-enable after cleanup.
## Step 4: Remediate Infected Systems
Actions:
- Remove/quarantine malicious files.
- Remove malicious startup entries.
- Remove suspicious apps/extensions.
- Repair changed settings.
Goal:
- Remove the infection or reduce damage.
## Step 5: Update Anti-Virus/Anti-Malware
Actions:
- Update signatures/definitions.
- Update scanning engine.
- If malware blocks updates, use a trusted clean system or offline media.
Goal:
- Make sure tools recognize current threats.
## Step 6: Scan and Remove
Techniques:
- Normal scan
- Safe Mode scan
- Offline/preinstallation environment scan
- Bootable rescue media
Goal:
- Detect and remove malware using updated tools.
## Step 7: Reimage/Reinstall If Needed
When:
- Rootkit/persistent infection.
- Cleanup fails.
- System integrity is not trusted.
- Time-sensitive business recovery needs a known-good image.
Goal:
- Return to a clean known-good state.
## Step 8: Schedule Scans and Run Updates
Actions:
- Enable scheduled scans.
- Enable automatic definition updates.
- Run OS updates.
- Run application updates.
Goal:
- Reduce reinfection risk.
## Step 9: Enable System Protection
Actions:
- Re-enable System Protection/System Restore.
- Create a clean restore point.
Goal:
- Restore recovery capability after the system is clean.
## Step 10: Educate The End User
Topics:
- Avoid suspicious links.
- Avoid unknown downloads.
- Report symptoms early.
- Validate pop-ups and security alerts.
- Use approved software sources.
Goal:
- Reduce repeat infection.
## Commands To Enter
Windows inspection commands:
```powershell
windowsdefender:
```
What it does:
- Opens Windows Security.
```powershell
taskmgr
```
What it does:
- Opens Task Manager for process/resource review.
```powershell
resmon
```
What it does:
- Opens Resource Monitor for detailed activity.
```powershell
rstrui.exe
```
What it does:
- Opens System Restore.
- For this lab, view only. Do not restore.
```powershell
SystemPropertiesProtection
```
What it does:
- Opens System Protection settings.
- For this lab, view only. Do not disable protection unless working a real guided incident.
```powershell
shutdown /r /o /t 0
```
What it does:
- Restarts into Advanced Startup options.
- This is how you can reach recovery tools.
- Do not run unless you are ready to reboot.
Linux/macOS comparison:
```bash
top
ps aux
```
What it does:
- Shows running processes and resource usage.
## Mini Lab
Goal:
- Practice the process order and safe inspection.
Windows:
1. Open Windows Security with `windowsdefender:`.
2. Open Task Manager with `taskmgr`.
3. Open Resource Monitor with `resmon`.
4. Open System Protection with `SystemPropertiesProtection`.
5. Do not disable System Protection during practice.
6. Record:
- Defender status:
- Highest CPU process:
- System Protection state:
- Where Advanced Startup is located:
Tabletop:
For each scenario, write the next step:
1. User reports fake antivirus pop-ups and slow performance.
2. You confirm malware symptoms.
3. The system is disconnected from the network.
4. System Restore is disabled.
5. Malicious files are removed.
6. Anti-malware signatures are updated.
7. Scan fails to remove a suspected rootkit.
8. Clean image is restored.
9. Updates and scheduled scans are configured.
10. Clean restore point is created.
## Quick Check Before Quiz
You are ready for the SEC-6 quiz when you can answer these without looking:
- What is step 1?
- What comes after verifying symptoms?
- When do you disable System Restore?
- When do you re-enable System Protection?
- Why educate the user?
- When should you reimage/reinstall?

307
notes/SEC-7-workstation-hardening.md Normal file
View file

@ -0,0 +1,307 @@
# SEC-7: Workstation Hardening
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.7 Workstation hardening
## What You Need To Know
Hardening means reducing the attack surface. On the exam, choose the setting that makes the workstation harder to misuse, steal from, or compromise.
Core hardening areas:
- Data encryption
- Password policy
- Password managers
- Account management
- Screen lock and failed login controls
- Default account/password changes
- BIOS/UEFI passwords
- AutoRun/AutoPlay
- Unused services
- Physical device security
## Memory Trick
Use **E-P-A-L-D-S**:
- **E**ncrypt data
- **P**asswords strong and managed
- **A**ccounts limited
- **L**ock screen/login controls
- **D**isable defaults and AutoPlay
- **S**ervices reduced
Attack surface shortcut:
- **If you do not need it, disable it.**
## Data Encryption
Full-disk encryption:
- Encrypts the whole drive/volume.
- Windows example: BitLocker.
- macOS example: FileVault.
File-system encryption:
- Encrypts individual files/folders.
- Windows example: EFS on NTFS.
Removable media encryption:
- Protects USB drives.
- Windows example: BitLocker To Go.
Key backup:
- Encryption is only useful if recovery keys are protected and available.
- Lost keys can mean lost data.
## Password Controls
Password complexity:
- Mix character types.
- Avoid obvious words and reused passwords.
Password length:
- Longer is usually stronger.
- Passphrases are easier to remember and harder to brute force.
Password age/expiration:
- Controls how long passwords can be used.
- Some environments require periodic changes.
Password history:
- Prevents users from reusing recent passwords.
Default passwords:
- Change default usernames/passwords on devices, routers, apps, and admin portals.
No blank passwords:
- Always require passwords.
No automatic login:
- Do not let systems bypass authentication.
Password managers:
- Store many unique passwords in an encrypted vault.
- Enterprise password managers can support recovery and central policy.
## Account Management
Least privilege:
- Users should not run as administrators for daily work.
Groups:
- Assign permissions to groups, then add users to groups.
Disable unnecessary accounts:
- Disable guest or unused accounts.
- Disable interactive login for service accounts when possible.
Login time restrictions:
- Limit when accounts can sign in.
- Useful for contractors or temporary workers.
Account expiration:
- Automatically disable temporary accounts after a date.
Failed login lockout:
- Locks account after too many failed attempts.
- Reduces online brute force attacks.
## Locking and Physical Security
Screen lock:
- Automatically lock after inactivity.
- Require password/PIN/biometric to unlock.
Secure critical hardware:
- Use cable locks, locked rooms, asset tracking, and physical controls for laptops and sensitive devices.
Privacy screens:
- Reduce shoulder surfing.
## BIOS/UEFI Passwords
Supervisor/administrator password:
- Prevents unauthorized firmware setting changes.
User/boot password:
- Can prevent booting without credentials.
Exam clue:
- If the attacker might change boot order or firmware settings, think BIOS/UEFI password.
## AutoRun and AutoPlay
AutoRun:
- Automatically runs instructions from removable media.
- Legacy risk.
AutoPlay:
- Prompts or acts when removable media is inserted.
- Disable or restrict to reduce removable-media risk.
## Disable Unnecessary Services
Every service is potential attack surface.
Examples:
- Remote access service not used
- Old print/file sharing service
- Vendor updater no longer needed
- Unused web/database service
Rule:
- Disable only after confirming business impact.
## Commands To Enter
Windows:
```powershell
manage-bde -status
```
What it does:
- Shows BitLocker encryption status.
```powershell
net user
```
What it does:
- Lists local user accounts.
```powershell
net accounts
```
What it does:
- Shows local password and lockout policy.
```powershell
net localgroup administrators
```
What it does:
- Shows local Administrators group members.
```powershell
services.msc
```
What it does:
- Opens Services.
- Use it to inspect services. Do not disable services without knowing impact.
```powershell
ms-settings:autoplay
```
What it does:
- Opens AutoPlay settings.
```powershell
rundll32.exe user32.dll,LockWorkStation
```
What it does:
- Locks the workstation.
Linux:
```bash
id
```
What it does:
- Shows user and group identity.
```bash
sudo -l
```
What it does:
- Shows sudo privileges if allowed.
```bash
systemctl --type=service --state=running
```
What it does:
- Lists running services.
```bash
lsblk -f
```
What it does:
- Shows block devices and filesystem details.
macOS, if available:
```bash
fdesetup status
```
What it does:
- Shows FileVault encryption status.
```bash
id
groups
```
What it does:
- Shows user/group identity.
## Mini Lab
Goal:
- Inspect workstation hardening without making risky changes.
Windows:
1. Run `manage-bde -status`.
2. Run `net accounts`.
3. Run `net user`.
4. Run `net localgroup administrators`.
5. Run `services.msc`.
6. Run `ms-settings:autoplay`.
7. Lock the workstation with `rundll32.exe user32.dll,LockWorkStation` when ready.
8. Record:
- BitLocker status:
- Password lockout policy:
- Local admin members:
- AutoPlay enabled/disabled:
- One service you would research before disabling:
Linux:
1. Run `id`.
2. Run `sudo -l`.
3. Run `systemctl --type=service --state=running`.
4. Record:
- Groups:
- Sudo access:
- One running service to research:
Hardening scenario:
- A contractor leaves next Friday.
- A laptop is used in airports.
- USB drives are often plugged into shared computers.
- A workstation runs an old unused service.
- A local account still uses a vendor default password.
For each, choose the best hardening action.
## Quick Check Before Quiz
You are ready for the SEC-7 quiz when you can answer these without looking:
- What does full-disk encryption protect?
- Why change default passwords?
- Why disable unused services?
- What does account lockout prevent?
- What does AutoPlay/AutoRun risk involve?
- What should be checked before disabling a service?

232
notes/SEC-8-mobile-device-security.md Normal file
View file

@ -0,0 +1,232 @@
# SEC-8: Mobile Device Security
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.8 Mobile device security
## What You Need To Know
Mobile devices are easy to lose, easy to steal, and often already signed in to email, files, password resets, cloud storage, and work apps.
The exam wants you to know how to protect:
- The device
- The data on the device
- The user account connected to the device
- The company network if the phone is used for work
## Memory Trick
Use **L-E-A-S-H**:
- **L**ock the screen
- **E**ncrypt the device
- **A**pply updates and app controls
- **S**ecure with MDM/BYOD policy
- **H**ave backup, location, and remote wipe ready
Shortcut:
- **Lost phone = lock, locate, backup, wipe if needed.**
## Screen Locks
Common unlock methods:
- PIN
- Password
- Pattern
- Fingerprint
- Face recognition
- Swipe
Exam priority:
- A plain swipe is weak because it does not really authenticate the user.
- PIN, password, fingerprint, and face unlock are stronger choices.
- Biometrics are convenient, but the device still needs a PIN/password fallback.
Failed login controls:
- Devices can delay login attempts after repeated failures.
- Some environments can erase or wipe the device after too many failed attempts.
- This protects stolen devices from repeated guessing attempts.
## Encryption
Full device encryption protects stored data if the device is lost or stolen.
What to remember:
- Modern iOS devices use strong built-in encryption when a passcode is configured.
- Modern Android devices commonly support file-based or full-device encryption.
- Encryption is strongest when paired with a real lock method, not swipe-only access.
Exam clue:
- If the question says the phone was stolen and contains sensitive data, think encryption and remote wipe.
## MDM and Configuration Profiles
Mobile Device Management, or MDM, lets an organization centrally manage phones and tablets.
Common MDM actions:
- Require a passcode
- Require encryption
- Push Wi-Fi, VPN, or email settings
- Install or restrict apps
- Block camera, copy/paste, or cloud sync in some environments
- Enforce OS update requirements
- Locate, lock, or wipe a managed device
Common tools and terms:
- Microsoft Intune
- Apple Configurator
- Apple configuration profiles
- Android Enterprise
BYOD means Bring Your Own Device.
BYOD policy questions usually care about:
- Who owns the device
- What company data is allowed
- Whether the company can wipe only work data or the entire device
- Minimum OS version
- Screen lock requirements
- What happens when employment ends
## Updates and Patching
Mobile updates include:
- Operating system updates
- Security patches
- App updates
Why they matter:
- Updates fix vulnerabilities.
- App updates can fix security bugs in messaging, browsers, email, banking, and work apps.
Exam clue:
- If the question says a device is missing critical security fixes, update the OS or app.
## Anti-Malware
iOS:
- More closed app ecosystem.
- Apps are more isolated.
- Traditional antivirus is less common.
Android:
- More open ecosystem.
- Third-party app sources increase risk.
- Anti-malware tools are more common, especially in business environments.
Best protection:
- Use official app stores.
- Keep the OS updated.
- Avoid sideloading unknown apps.
- Use MDM controls when the device handles company data.
## Content Filtering
Content filtering limits access to unsafe or inappropriate content.
Examples:
- Web filtering
- App restrictions
- Parental controls
- Enterprise browsing controls
Exam clue:
- If the goal is to block categories of websites or unsafe browsing, think content filtering.
## Locator, Remote Lock, Remote Wipe, and Backup
Locator services:
- Help find a lost device.
- Examples: Find My on iPhone, Find My Device on Android.
Remote lock:
- Locks the phone so someone else cannot use it.
Remote message or sound:
- Helps recover a misplaced phone.
Remote wipe:
- Erases data when the device is unlikely to be recovered.
- Use carefully because it removes data from the device.
Remote backup:
- Stores device data in cloud backup.
- Makes replacement and recovery easier.
Exam order for a lost phone:
1. Locate or lock if recovery is likely.
2. Confirm backup status if possible.
3. Wipe if data risk is high or recovery is unlikely.
## Mobile Firewalls
Mobile firewall apps are less common than desktop firewalls.
On mobile devices, network control is often handled by:
- MDM
- VPN apps
- Per-app network rules
- Enterprise security suites
Exam clue:
- If the question says only approved apps should access company data or network resources, think MDM, VPN, or app access control.
## Commands To Enter
This objective is mostly settings-based, so there are not many normal command-line tools for a locked-down phone. Use these commands only to open account/device-security pages from a computer browser.
Windows:
```powershell
start https://account.microsoft.com/devices
```
What it does:
- Opens the Microsoft devices page for the signed-in account in your default browser.
- Use it only to inspect registered devices.
```powershell
start https://myaccount.google.com/security
```
What it does:
- Opens the Google account security page.
- Use it to inspect signed-in devices, security alerts, and recovery options.
macOS:
```bash
open https://appleid.apple.com
```
What it does:
- Opens the Apple ID account page in the default browser.
- Use it to review trusted devices and account security settings.
Linux:
```bash
xdg-open https://myaccount.google.com/security
```
What it does:
- Opens the Google account security page in the default browser.
- Use it to inspect account security if the command is available on your Linux system.
Do not erase, wipe, unenroll, reset, or remove a device from an account during this section.
## Quick Checks
You should be able to answer:
- What protects mobile data at rest?
- What is weak about swipe-only unlock?
- What does MDM enforce?
- Why does BYOD need a policy?
- When would remote wipe be appropriate?
- Why are OS and app updates security controls?
- Why is Android anti-malware more common than iOS anti-malware?

260
notes/SEC-9-data-destruction.md Normal file
View file

@ -0,0 +1,260 @@
# SEC-9: Data Destruction
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.9 Data destruction
## What You Need To Know
Data destruction means making stored data unrecoverable before a device is reused, recycled, sold, returned, or thrown away.
The exam wants you to match the method to the situation:
- Reuse the drive: securely wipe it.
- Dispose of the drive: physically destroy it.
- Magnetic hard drive: degaussing can work.
- SSD or flash storage: degaussing does not work.
- Legal or regulated data: keep a certificate of destruction.
## Memory Trick
Use **W-D-S-C**:
- **W**ipe if you want to reuse it
- **D**estroy if you want it gone forever
- **S**SDs do not degauss
- **C**ertificate proves destruction
Shortcut:
- **Reuse = wipe. Retire = destroy. Regulated = certificate.**
## Deleting Is Not Destruction
Normal delete:
- Removes the file entry from normal view.
- The data may still exist on the storage device.
- Recovery tools may be able to bring it back.
Recycle Bin or Trash:
- Even less final than deletion.
- The user can often restore the file.
Exam clue:
- If the question asks for secure removal, normal delete is not enough.
## Formatting
Quick format:
- Rebuilds the file system structure.
- Usually does not overwrite all old data.
- Data recovery may still be possible.
Regular format:
- Overwrites sectors on modern Windows versions.
- Takes longer than quick format.
- Better for data removal than quick format.
Low-level format:
- Factory-level process.
- Not a normal user or technician procedure on modern drives.
- Usually not the right exam answer for everyday data destruction.
## Secure Erasing and Wiping
File-level overwrite:
- Overwrites a specific file.
- Useful when only one file must be removed.
- Does not wipe the rest of the drive.
Whole-drive wipe:
- Overwrites the entire drive.
- Useful before reusing or repurposing a drive.
- Takes longer but covers all data.
Examples:
- Windows Sysinternals `sdelete` can securely delete files or clean free space.
- DBAN can wipe traditional hard drives.
SSD caution:
- SSDs use wear leveling, so old data may not be overwritten the same way as a spinning hard drive.
- Use manufacturer secure erase tools, OS reset options designed for SSDs, or cryptographic erase when available.
Cryptographic erase:
- Destroys the encryption key instead of overwriting all storage blocks.
- Fast when the device was already fully encrypted.
- Without the key, encrypted data is not practically readable.
## Physical Destruction
Physical destruction makes the drive unusable.
Common methods:
- Drill or hammer through platters/chips
- Shredding
- Incineration
- Degaussing for magnetic media
Use physical destruction when:
- The drive will not be reused.
- The data is highly sensitive.
- Regulations or company policy require destruction.
- You cannot trust a software wipe.
## Degaussing
Degaussing uses a strong magnetic field to destroy data on magnetic media.
Works for:
- Magnetic hard drives
- Some magnetic tapes
Does not work for:
- SSDs
- USB flash drives
- SD cards
- Other flash storage
Exam clue:
- If the device is SSD or flash, do not choose degaussing.
## Certificate of Destruction
A certificate of destruction is proof that a drive or batch of drives was destroyed.
It may include:
- Date
- Serial numbers or asset tags
- Method used
- Vendor name
- Chain-of-custody details
- Signature or confirmation
Use it when:
- A third party destroys the drives.
- Data is regulated.
- The organization needs an audit trail.
## Choosing The Best Method
Scenario shortcuts:
- Old company laptop will be reused: whole-drive wipe or secure erase.
- Failed hard drive with patient records: physical destruction plus certificate.
- Magnetic hard drive disposal: shred, drill, incinerate, or degauss.
- SSD disposal: shred or use SSD secure erase/crypto erase; do not degauss.
- One file must be removed but the drive stays in use: file-level secure delete.
- Drive is encrypted and being retired: crypto erase may be appropriate if policy allows it.
## Commands To Enter
Only run these against disposable test files. Do not run wipe commands against real drives in this course unless you intentionally want to destroy data.
Windows PowerShell:
```powershell
New-Item -ItemType Directory -Path "$env:USERPROFILE\AplusDataDestructionLab"
```
What it does:
- Creates a safe lab folder in your user profile.
```powershell
"Practice data" | Set-Content "$env:USERPROFILE\AplusDataDestructionLab\test.txt"
```
What it does:
- Creates a small test file for the lab.
```powershell
Remove-Item "$env:USERPROFILE\AplusDataDestructionLab\test.txt"
```
What it does:
- Deletes the test file.
- This is normal deletion, not secure destruction.
```powershell
Get-Volume
```
What it does:
- Lists mounted volumes and file systems.
- Use it for inspection only in this section.
Linux:
```bash
mkdir -p ~/aplus-data-destruction-lab
```
What it does:
- Creates a safe lab folder in your home directory.
```bash
printf "Practice data\n" > ~/aplus-data-destruction-lab/test.txt
```
What it does:
- Creates a small test file.
```bash
rm ~/aplus-data-destruction-lab/test.txt
```
What it does:
- Deletes the test file.
- This is normal deletion, not secure destruction.
```bash
lsblk -f
```
What it does:
- Lists block devices and file systems.
- Use it to identify storage types for inspection only.
macOS:
```bash
mkdir -p ~/aplus-data-destruction-lab
```
What it does:
- Creates a safe lab folder on the Mac.
```bash
printf "Practice data\n" > ~/aplus-data-destruction-lab/test.txt
```
What it does:
- Creates a small test file.
```bash
rm ~/aplus-data-destruction-lab/test.txt
```
What it does:
- Deletes the test file.
- This is normal deletion, not secure destruction.
```bash
diskutil list
```
What it does:
- Lists disks and partitions.
- Use it for inspection only.
## Quick Checks
You should be able to answer:
- Why is normal delete not secure destruction?
- What is the difference between quick format and regular format?
- When should you use whole-drive wiping?
- Why does degaussing not work on SSDs?
- When is a certificate of destruction needed?
- What method would you choose for a drive that must be reused?
- What method would you choose for regulated data on a retired drive?

108
notes/TRB-1-windows-os-issues.md Normal file
View file

@ -0,0 +1,108 @@
# TRB-1: Windows OS Issues
Status: not started
Domain:
- 3.0 Software Troubleshooting
Objective alignment:
- 3.1 Troubleshoot common Windows OS problems
## What You Need To Know
Windows troubleshooting questions usually give a symptom and ask for the most likely next step.
Common symptoms:
- Blue screen of death
- Slow performance
- Frequent shutdowns
- Services failing to start
- Application crashes
- Low memory warnings
- USB controller resource warnings
- System instability
- No OS found
- Slow profile load
- Time drift
## Memory Trick
Use **B-S-S-A-D-P-T**:
- **B**oot
- **S**ervices
- **S**torage
- **A**pplications
- **D**rivers
- **P**rofiles
- **T**ime
Shortcut:
- **A Windows symptom usually points to boot, services, storage, drivers, profile, or time.**
## Symptom Matching
No OS found:
- Check boot order.
- Check whether the drive is detected.
- Check boot files and startup repair.
BSOD:
- Suspect drivers, hardware, memory, storage, or recent updates.
- Use Event Viewer, Reliability Monitor, and memory/storage diagnostics.
Slow performance:
- Check Task Manager for CPU, memory, disk, and startup load.
- Check available disk space.
- Review recently installed apps.
Services not starting:
- Check Services console.
- Check dependencies.
- Review Event Viewer.
Slow profile load:
- Suspect large profile data, network profile issues, login scripts, or domain connectivity.
System time drift:
- Check time zone, CMOS battery, and time synchronization.
## Commands To Know
```powershell
sfc /scannow
```
Checks protected Windows system files and attempts repair.
```powershell
DISM /Online /Cleanup-Image /RestoreHealth
```
Repairs the Windows component store used by SFC.
```powershell
chkdsk
```
Checks file system status.
```powershell
eventvwr.msc
```
Opens Event Viewer for logs and error clues.
```powershell
perfmon /rel
```
Opens Reliability Monitor for a timeline of failures.
## Exam Clues
- If Windows cannot find an OS, think boot order, missing boot files, or failed drive.
- If the system fails after a driver update, roll back the driver or boot into Safe Mode.
- If apps crash after system corruption, use DISM and SFC.
- If performance is slow, gather evidence before changing settings.

87
notes/TRB-2-mobile-os-app-issues.md Normal file
View file

@ -0,0 +1,87 @@
# TRB-2: Mobile OS and App Issues
Status: not started
Domain:
- 3.0 Software Troubleshooting
Objective alignment:
- 3.2 Troubleshoot common mobile OS and application problems
## What You Need To Know
Mobile troubleshooting often starts with simple checks:
- Updates
- Storage
- Permissions
- Connectivity
- App cache/data
- Battery health
- Compatibility
Common symptoms:
- App fails to launch
- App fails to close
- App fails to update
- App fails to install
- App crashes
- Slow response
- OS update failure
- Battery drain
- Random reboots
- Bluetooth, Wi-Fi, or NFC problems
- Screen autorotation failure
## Memory Trick
Use **U-S-P-C-R**:
- **U**pdate
- **S**torage
- **P**ermissions
- **C**onnectivity
- **R**estart/reinstall
Shortcut:
- **Most mobile app problems start with update, storage, permission, or connectivity checks.**
## Troubleshooting Flow
App will not launch or crashes:
- Restart the app.
- Restart the device.
- Update the app.
- Update the OS.
- Clear app cache where supported.
- Reinstall the app if needed.
App will not install or update:
- Check storage.
- Check network connectivity.
- Check app store account status.
- Check OS compatibility.
Battery drains quickly:
- Review battery usage by app.
- Check screen brightness.
- Disable unnecessary radios.
- Check for runaway apps.
Connectivity problems:
- Toggle the affected radio.
- Forget and reconnect to the network or device.
- Check range and pairing mode.
- Restart device if needed.
Autorotation fails:
- Check rotation lock.
- Restart the app.
- Test sensors if available.
## Exam Clues
- If an app cannot install, storage and compatibility are high-probability answers.
- If Bluetooth pairing fails, check pairing mode and forget/re-pair.
- If the issue started after an update, check known issues and compatibility.
- If one app is the only problem, focus on that app before resetting the whole phone.

88
notes/TRB-3-mobile-security-issues.md Normal file
View file

@ -0,0 +1,88 @@
# TRB-3: Mobile Security Issues
Status: not started
Domain:
- 3.0 Software Troubleshooting
Objective alignment:
- 3.3 Troubleshoot common mobile device security issues
## What You Need To Know
Mobile security issues often come from risky configuration or untrusted apps.
Risk factors:
- Unofficial app stores
- Sideloaded applications
- Developer mode
- Rooted or jailbroken device
- Unauthorized apps
- Application spoofing
Symptoms:
- High network traffic
- Slow response
- Data usage alerts
- Limited or no internet
- Many ads
- Fake security warnings
- Unexpected app behavior
- Leaked personal data
## Memory Trick
Use **R-U-D-A**:
- **R**oot/jailbreak
- **U**nofficial store
- **D**eveloper mode
- **A**ds/alerts
Shortcut:
- **If the source or control model is untrusted, treat the phone as high risk.**
## What To Check
App source:
- Was the app installed from the official app store?
- Is the developer name correct?
- Are reviews and permissions suspicious?
Device integrity:
- Is the device rooted or jailbroken?
- Is developer mode enabled?
- Are unknown sources allowed?
Network and data:
- Is one app using unusual data?
- Does traffic spike when the app is open?
- Are VPN or proxy settings unexpected?
User symptoms:
- Fake antivirus pop-ups
- Ads outside the browser
- Browser redirects
- Unrecognized apps
## Response Priorities
For personal devices:
- Remove suspicious apps.
- Update OS and apps.
- Run trusted security tools if available.
- Change passwords from a known-clean device if compromise is suspected.
For managed devices:
- Follow company policy.
- Notify support/security.
- Use MDM actions when appropriate.
- Preserve evidence if required.
## Exam Clues
- Rooted or jailbroken devices bypass normal protections.
- Unofficial app stores increase malware risk.
- App spoofing means a fake app pretends to be legitimate.
- High data usage plus ads and fake warnings points to malware or unwanted software.

78
notes/TRB-4-pc-security-symptoms.md Normal file
View file

@ -0,0 +1,78 @@
# TRB-4: PC Security Symptoms
Status: not started
Domain:
- 3.0 Software Troubleshooting
Objective alignment:
- 3.4 Troubleshoot common PC security issues
## What You Need To Know
Security troubleshooting questions often describe symptoms instead of naming malware.
PC symptoms:
- Cannot access the network
- Desktop alerts
- Fake antivirus warnings
- Files are altered, missing, renamed, or inaccessible
- Unwanted OS notifications
- OS update failures
Browser symptoms:
- Frequent pop-ups
- Certificate warnings
- Redirection
- Degraded browser performance
## Memory Trick
Use **FAN-B**:
- **F**iles changed
- **A**lerts are fake
- **N**etwork blocked
- **B**rowser redirects
Shortcut:
- **Fake alerts plus changed files or redirects means assume compromise until verified.**
## Common Causes
Malware:
- Fake antivirus
- Ransomware
- Spyware
- Adware
- Browser hijackers
Misconfiguration:
- Bad proxy setting
- Wrong DNS setting
- Expired certificate or wrong system time
- Firewall or security tool blocking traffic
Compromised account:
- Unexpected sync changes
- Unauthorized browser extensions
- New login alerts
## Response Flow
1. Identify symptoms.
2. Disconnect from the network if active compromise is suspected.
3. Preserve evidence when policy requires it.
4. Run trusted security tools.
5. Remove or quarantine threats.
6. Update OS, browser, and security software.
7. Change passwords from a known-clean device if credentials may be compromised.
8. Document findings and actions.
## Exam Clues
- Pop-ups and redirects point to adware or browser hijacking.
- Inaccessible renamed files point to ransomware.
- Certificate warnings can be malicious, misconfigured, or caused by wrong system time.
- OS update failure may be caused by malware, corruption, or network problems.

22
quiz-log.md Normal file
View file

@ -0,0 +1,22 @@
# Quiz Log
## OS-5 Quiz: OS Types and File Systems
- Date: 2026-06-11 20:14 CDT
- Quiz: OS-5 / Objective 1.1 operating system types and file systems
- Score: 7/7
- Missed questions: none
- Weak concepts: none from quiz; use exact exam term `ext4` instead of general `ext`
- Next review: quick spaced review before starting the next Operating Systems block
## Baseline Quiz
Status: not started
Record format:
- Date:
- Quiz:
- Score:
- Missed questions:
- Weak concepts:
- Next review:

51
quizzes/OPS-1-quiz.md Normal file
View file

@ -0,0 +1,51 @@
# OPS-1 Quiz: Documentation and Support Systems
Take this after studying `notes/OPS-1-documentation-support-systems.md`.
Reply with answers like:
`1B 2A 3D 4C 5B 6A 7D`
## Questions
1. Which information belongs in a support ticket?
A. Only the technician's favorite tool
B. User, device, issue, severity, steps, and resolution
C. Only the desktop background
D. Only the weather
2. What does an asset tag help identify?
A. The user's password
B. The monitor color temperature
C. The managed device in inventory records
D. The browser homepage
3. What is an SLA?
A. A service level agreement defining expected support terms
B. A screen layout assistant
C. A backup cable
D. A command prompt shortcut
4. What is a knowledge base article used for?
A. Storing private passwords
B. Replacing all tickets
C. Disabling escalation
D. Reusing documented solutions to known issues
5. What is an SOP?
A. A wireless antenna type
B. A repeatable standard operating procedure
C. A disk partition format
D. A certificate warning
## Answer Key For Instructor
1. B
2. C
3. A
4. D
5. B

51
quizzes/OPS-10-quiz.md Normal file
View file

@ -0,0 +1,51 @@
# OPS-10 Quiz: AI Concepts
Take this after studying `notes/OPS-10-ai-concepts.md`.
Reply with answers like:
`1B 2A 3D 4C 5B`
## Questions
1. What is an AI hallucination?
A. A confident but false or unsupported output
B. A verified source citation
C. A backup rotation method
D. A remote desktop protocol
2. What should you do before entering private company data into an AI tool?
A. Post it publicly
B. Disable all logs
C. Check company policy and approval
D. Ignore data sensitivity
3. Why can AI output be biased?
A. Because backups are encrypted
B. Because RDP is enabled
C. Because toner is low
D. Because output may reflect skewed training data or assumptions
4. What should you do with AI-generated technical steps before using them?
A. Trust them automatically
B. Verify them before acting
C. Delete the ticket
D. Skip testing
5. Which AI use is highest risk?
A. Explaining a public error code
B. Pasting sensitive customer data into an unapproved public AI tool
C. Drafting a generic checklist
D. Summarizing public documentation
## Answer Key For Instructor
1. A
2. C
3. D
4. B
5. B

51
quizzes/OPS-2-quiz.md Normal file
View file

@ -0,0 +1,51 @@
# OPS-2 Quiz: Change Management
Take this after studying `notes/OPS-2-change-management.md`.
Reply with answers like:
`1B 2A 3D 4C 5B`
## Questions
1. What should a change plan include in case the update fails?
A. Wallpaper plan
B. Rollback plan
C. Keyboard shortcut list
D. Browser favorites
2. What type of change is usually low-risk, repeatable, and preapproved?
A. Emergency
B. Unknown
C. Standard
D. Unauthorized
3. Why use a maintenance window?
A. To reduce impact on users and operations
B. To avoid documenting the change
C. To remove approval requirements
D. To skip backups
4. What is a change freeze?
A. A file compression method
B. A hardware cooling feature
C. A command-line shell
D. A period when noncritical changes are restricted
5. What should happen after an emergency change?
A. Delete all records
B. Document and review it according to policy
C. Ignore user impact
D. Disable ticketing
## Answer Key For Instructor
1. B
2. C
3. A
4. D
5. B

51
quizzes/OPS-3-quiz.md Normal file
View file

@ -0,0 +1,51 @@
# OPS-3 Quiz: Backup and Recovery
Take this after studying `notes/OPS-3-backup-recovery.md`.
Reply with answers like:
`1B 2A 3D 4C 5B`
## Questions
1. Which backup includes all selected data?
A. Incremental
B. Full
C. Differential
D. Synthetic only
2. Which backup saves changes since the last full backup?
A. Incremental only
B. Firmware
C. Differential
D. Proxy
3. What does the 3-2-1 rule include?
A. Three copies, two media types, one offsite copy
B. Three passwords, two users, one printer
C. Three browsers, two tabs, one cache
D. Three updates, two drivers, one cable
4. Why test restores?
A. To reduce screen brightness
B. To change the hostname
C. To remove asset tags
D. To verify backup data can actually be recovered
5. Which backup type saves changes since the last backup of any type?
A. Full
B. Incremental
C. Differential
D. Manual only
## Answer Key For Instructor
1. B
2. C
3. A
4. D
5. B

51
quizzes/OPS-4-quiz.md Normal file
View file

@ -0,0 +1,51 @@
# OPS-4 Quiz: Safety Procedures
Take this after studying `notes/OPS-4-safety-procedures.md`.
Reply with answers like:
`1B 2A 3D 4C 5B`
## Questions
1. What protects components from electrostatic discharge?
A. Louder speakers
B. Antistatic wrist strap and ESD mat
C. More browser tabs
D. Dark wallpaper
2. What should be done before opening a desktop for repair?
A. Disable all tickets
B. Clear browser cache
C. Disconnect power according to procedure
D. Change the SLA
3. How should a removed motherboard be stored?
A. In an antistatic bag
B. On carpet
C. Under a drink cup
D. In a printer tray
4. What is proper action for moving a heavy printer?
A. Drag it by cables
B. Balance it on one hand
C. Ignore manufacturer guidance
D. Use proper lifting technique or get assistance
5. Why manage cables?
A. To increase malware risk
B. To reduce trip hazards and improve organization
C. To disable grounding
D. To block ventilation
## Answer Key For Instructor
1. B
2. C
3. A
4. D
5. B

52
quizzes/OPS-5-quiz.md Normal file
View file

@ -0,0 +1,52 @@
# OPS-5 Quiz: Environmental Controls
Take this after studying `notes/OPS-5-environmental-controls.md`.
Reply with answers like:
`1B 2A 3D 4C 5B`
## Questions
1. What device provides short-term battery power during an outage?
A. Surge suppressor
B. UPS
C. Toner cartridge
D. Patch panel
2. What document gives safety guidance for chemicals or materials?
A. SDS or MSDS
B. SLA
C. SSID
D. RDP
3. What is a brownout?
A. Complete loss of power
B. A malware alert
C. A low-voltage power condition
D. A browser redirect
4. How should used toner be handled?
A. Thrown anywhere
B. Washed down a sink
C. Stored in RAM slots
D. Recycled or disposed of according to policy
5. Why does equipment need ventilation?
A. To reduce overheating risk
B. To improve password length
C. To disable updates
D. To remove asset tags
## Answer Key For Instructor
1. B
2. A
3. C
4. D
5. A

52
quizzes/OPS-6-quiz.md Normal file
View file

@ -0,0 +1,52 @@
# OPS-6 Quiz: Policy, Privacy, and Licensing
Take this after studying `notes/OPS-6-policy-privacy-licensing.md`.
Reply with answers like:
`1B 2A 3D 4C 5B`
## Questions
1. What does chain of custody document?
A. Evidence handling and transfer history
B. Screen brightness
C. Toner density
D. Wi-Fi channel width
2. What does order of volatility help decide?
A. Which monitor to replace first
B. Which evidence to collect first
C. Which font to use
D. Which wallpaper to deploy
3. What is an EULA?
A. Emergency user login account
B. Ethernet uplink layer adapter
C. End-user license agreement
D. External USB logging app
4. What does an acceptable use policy define?
A. Rules for appropriate use of company systems
B. Backup cable length
C. Printer tray order
D. Screen resolution
5. Which statement about open-source software is correct?
A. It never has license terms
B. It may still have license requirements
C. It cannot be used by businesses
D. It disables compliance
## Answer Key For Instructor
1. A
2. B
3. C
4. A
5. B

52
quizzes/OPS-7-quiz.md Normal file
View file

@ -0,0 +1,52 @@
# OPS-7 Quiz: Professionalism
Take this after studying `notes/OPS-7-professionalism.md`.
Reply with answers like:
`1B 2A 3D 4C 5B`
## Questions
1. What is the best first response to an unclear user issue?
A. Ask open-ended questions
B. Blame the user
C. Close the ticket
D. Delete the profile
2. Why restate the user's issue?
A. To avoid documenting it
B. To confirm understanding
C. To prove the user is wrong
D. To skip troubleshooting
3. A repair will take longer than expected. What should you do?
A. Say nothing
B. Hide the delay
C. Communicate status and reset expectations
D. Delete the ticket
4. A user requests access to another user's files. What matters most?
A. File size
B. Screen brightness
C. Wallpaper policy
D. Authorization and confidentiality
5. Which behavior should be avoided?
A. Active listening
B. Dismissing or judging the user
C. Follow-up
D. Documentation
## Answer Key For Instructor
1. A
2. B
3. C
4. D
5. B

52
quizzes/OPS-8-quiz.md Normal file
View file

@ -0,0 +1,52 @@
# OPS-8 Quiz: Scripting Basics
Take this after studying `notes/OPS-8-scripting-basics.md`.
Reply with answers like:
`1B 2A 3D 4C 5B`
## Questions
1. Which extension is commonly used for PowerShell scripts?
A. `.bat`
B. `.ps1`
C. `.jpg`
D. `.xlsx`
2. Which extension is commonly used for Bash shell scripts?
A. `.sh`
B. `.docx`
C. `.png`
D. `.iso`
3. What is a common scripting use case?
A. Physically lifting a printer
B. Replacing toner
C. Automating software installation
D. Cleaning a monitor
4. What is a risk of running an unknown script?
A. It may change settings or introduce malware
B. It always improves security
C. It cannot affect files
D. It disables all permissions
5. What should you do before broad script deployment?
A. Skip testing
B. Test and review the script
C. Delete all backups
D. Disable rollback
## Answer Key For Instructor
1. B
2. A
3. C
4. A
5. B

51
quizzes/OPS-9-quiz.md Normal file
View file

@ -0,0 +1,51 @@
# OPS-9 Quiz: Remote Access
Take this after studying `notes/OPS-9-remote-access.md`.
Reply with answers like:
`1B 2A 3D 4C 5B`
## Questions
1. Which protocol is commonly used for secure command-line access?
A. RDP
B. SSH
C. VNC
D. SPICE
2. What does a VPN provide?
A. Encrypted access into a private network
B. Toner recycling
C. Screen cleaning
D. File deletion only
3. What should happen before starting user screen sharing?
A. Ignore the user
B. Disable authentication
C. Get user approval
D. Publish the session
4. What security principle limits technician access to only what is needed?
A. Highest privilege
B. Open access
C. Anonymous access
D. Least privilege
5. Which tool category supports managed monitoring and administration?
A. MSDS
B. EULA
C. RMM
D. GFS
## Answer Key For Instructor
1. B
2. A
3. C
4. D
5. C

67
quizzes/OS-1-quiz.md Normal file
View file

@ -0,0 +1,67 @@
# OS-1 Quiz: Windows Editions and System Information
Take this after studying `notes/OS-1-windows-editions-system-info.md`.
Reply with answers like:
`1B 2A 3D 4C 5B 6A 7D`
## Questions
1. A small business needs Windows computers to join a domain and use Group Policy. Which Windows edition is the best minimum choice?
A. Windows Home
B. Windows Pro
C. Windows SE
D. Windows IoT
2. Which command opens a graphical dialog showing the Windows version and build?
A. `whoami`
B. `hostname`
C. `ping`
D. `winver`
3. Which command is best for collecting detailed Windows inventory information such as OS version, BIOS version, system type, and memory?
A. `systeminfo`
B. `ipconfig`
C. `netstat`
D. `gpupdate`
4. Which Linux command or file is commonly used to identify the distribution name and version?
A. `chmod`
B. `ping 127.0.0.1`
C. `cat /etc/os-release`
D. `net use`
5. A technician wants to verify which user account is currently active before making changes. Which command should they use on Windows or Linux?
A. `hostname`
B. `whoami`
C. `uname -a`
D. `tracert`
6. A PC cannot upgrade to Windows 11 because it does not meet a security hardware requirement. Which item should the technician check?
A. exFAT
B. Telnet
C. POP3
D. TPM 2.0
7. Which Windows tool can show BIOS Mode and Secure Boot State?
A. Disk Cleanup
B. Services
C. System Information
D. Resource Monitor
## Answer Key For Instructor
1. B
2. D
3. A
4. C
5. B
6. D
7. C

68
quizzes/OS-10-quiz.md Normal file
View file

@ -0,0 +1,68 @@
# OS-10 Quiz: Application Installation Requirements
Take this after studying `notes/OS-10-application-installation-requirements.md`.
Reply with answers like:
`1B 2A 3D 4C 5B 6A 7D`
## Questions
1. Can a 32-bit operating system run a 64-bit application?
A. Yes, always
B. Only if the app is installed from an ISO
C. Only if the system has enough RAM
D. No
2. On 64-bit Windows, where are many 32-bit desktop applications installed by default?
A. `C:\Program Files (x86)`
B. `C:\Windows\System32`
C. `C:\Users\Public`
D. `C:\Drivers`
3. An application requires a dedicated GPU with 4 GB VRAM. Which requirement is being described?
A. Storage
B. Network
C. Graphics
D. Package manager
4. What is an ISO file?
A. A compressed user profile
B. A disk image that can be mounted like a virtual disc
C. A firewall rule
D. A password database
5. A company wants new PCs deployed with the OS, drivers, and standard apps already installed. Which method fits best?
A. Manual registry editing
B. APIPA
C. Safe Mode
D. Image deployment
6. Why should business impact be considered before upgrading a critical application?
A. It changes the MAC address
B. It disables DNS automatically
C. The app may affect workflows, downtime, or dependent processes
D. It always removes user accounts
7. Which Linux command shows memory usage in human-readable units?
A. `dig`
B. `free -h`
C. `chmod`
D. `pwd`
## Answer Key For Instructor
1. D
2. A
3. C
4. B
5. D
6. C
7. B

68
quizzes/OS-11-quiz.md Normal file
View file

@ -0,0 +1,68 @@
# OS-11 Quiz: Cloud Productivity Tools
Take this after studying `notes/OS-11-cloud-productivity-tools.md`.
Reply with answers like:
`1B 2A 3D 4C 5B 6A 7D`
## Questions
1. Which cloud productivity feature keeps files available across multiple devices?
A. File synchronization
B. APIPA
C. Disk defragmentation
D. Secure Boot
2. A user can sign in to the company portal but cannot open the licensed presentation app. What should the technician check?
A. Drive letter assignment
B. BIOS time
C. License assignment
D. File system type
3. Which concept allows user account changes in one directory to appear in connected cloud services?
A. Disk imaging
B. Identity synchronization
C. Local formatting
D. File compression
4. Which is an example of a cloud collaboration tool?
A. Disk cleanup
B. Device Manager
C. Local-only Notepad file
D. Shared online document editing
5. What does an online-only cloud file usually mean?
A. The file is stored only in BIOS
B. The file cannot be shared
C. The file appears locally but downloads when opened
D. The file is a printer driver
6. Why are cloud licenses easier to manage than physical license keys?
A. They disable MFA
B. They can be centrally assigned and moved between users
C. They replace DNS
D. They require FAT32
7. Which service is commonly included in cloud productivity suites?
A. POST beep codes
B. RAID controller firmware
C. Thermal paste management
D. Email
## Answer Key For Instructor
1. A
2. C
3. B
4. D
5. C
6. B
7. D

52
quizzes/OS-2-quiz.md Normal file
View file

@ -0,0 +1,52 @@
# OS-2 Quiz: Windows Installation, Boot, and Recovery
Take this after studying `notes/OS-2-windows-installation-recovery.md`.
Reply with answers like:
`1B 2A 3D 4C 5B`
## Questions
1. A technician needs to install Windows on a used PC and remove the previous operating system and data. Which installation type is best?
A. Upgrade install
B. In-place repair
C. Clean install
D. PXE boot only
2. A user wants to move to a newer supported Windows version while keeping compatible apps and files. Which installation type fits best?
A. Clean install
B. Upgrade install
C. System image recovery
D. Low-level format
3. Windows fails to boot after a power loss. Which recovery option should the technician try first for common startup issues?
A. Disk Cleanup
B. Device Manager
C. Credential Manager
D. Startup Repair
4. Which statement best describes System Restore?
A. It restores personal documents from cloud storage.
B. It securely erases the drive.
C. It rolls system files and settings back to a restore point.
D. It changes the computer name.
5. Which command restarts Windows directly into Advanced Startup options?
A. `shutdown /s /t 0`
B. `shutdown /r /o /t 0`
C. `sfc /scannow`
D. `ipconfig /release`
## Answer Key For Instructor
1. C
2. B
3. D
4. C
5. B

52
quizzes/OS-3-quiz.md Normal file
View file

@ -0,0 +1,52 @@
# OS-3 Quiz: Windows Administrative Tools
Take this after studying `notes/OS-3-windows-admin-tools.md`.
Reply with answers like:
`1B 2A 3D 4C 5B`
## Questions
1. A Windows service failed to start during boot. Which tool should the technician check first for detailed logged errors?
A. Disk Management
B. Event Viewer
C. Device Manager
D. Task Scheduler
2. A user installed a printer, but Windows shows a driver problem. Which tool should the technician use?
A. Performance Monitor
B. Disk Cleanup
C. Local Security Policy
D. Device Manager
3. A technician needs to assign a new drive letter to a partition. Which tool should they use?
A. Resource Monitor
B. Task Manager
C. Disk Management
D. Event Viewer
4. A computer is slow right now, and the technician wants to see live CPU, memory, disk, and network activity. Which tool fits best?
A. System Restore
B. Resource Monitor
C. Local Users and Groups
D. Windows Defender Firewall
5. A technician needs a script to run automatically every night. Which tool should they use?
A. Services
B. Device Manager
C. System Information
D. Task Scheduler
## Answer Key For Instructor
1. B
2. D
3. C
4. B
5. D

68
quizzes/OS-4-quiz.md Normal file
View file

@ -0,0 +1,68 @@
# OS-4 Quiz: Windows Command Line
Take this after studying `notes/OS-4-windows-command-line.md`.
Reply with answers like:
`1B 2A 3D 4C 5B 6A 7D`
## Questions
1. Which command shows detailed Windows network adapter information, including DNS and DHCP details?
A. `ping`
B. `hostname`
C. `winver`
D. `ipconfig /all`
2. A user can ping `8.8.8.8` but cannot browse to `example.com`. Which command should the technician use to test DNS resolution?
A. `chkdsk /f`
B. `gpupdate /force`
C. `nslookup example.com`
D. `format`
3. Which command shows active connections, listening ports, and process IDs?
A. `sfc /scannow`
B. `netstat -ano`
C. `dir`
D. `whoami`
4. Which command scans protected Windows system files and repairs them when possible?
A. `tracert`
B. `net use`
C. `pathping`
D. `sfc /scannow`
5. Which command forces Group Policy to refresh on a Windows system?
A. `gpupdate /force`
B. `gpresult /r`
C. `winver`
D. `hostname`
6. Which command-line tool can manage partitions and is dangerous if misused?
A. `whoami`
B. `nslookup`
C. `diskpart`
D. `help dir`
7. Which command displays syntax help for many Windows commands?
A. `..`
B. `/?`
C. `127.0.0.1`
D. `C:`
## Answer Key For Instructor
1. D
2. C
3. B
4. D
5. A
6. C
7. B

68
quizzes/OS-5-quiz.md Normal file
View file

@ -0,0 +1,68 @@
# OS-5 Quiz: OS Types and File Systems
Take this after studying `notes/OS-5-os-types-filesystems.md`.
Reply with answers like:
`1B 2A 3D 4C 5B 6A 7D`
## Questions
1. Which file system is the normal modern choice for Windows system drives?
A. ext4
B. APFS
C. NTFS
D. XFS
2. Which file system is broadly compatible but has a 4 GB maximum single-file size?
A. NTFS
B. FAT32
C. ReFS
D. APFS
3. Which file system is commonly used by Linux systems?
A. HFS+
B. exFAT
C. NTFS
D. ext4
4. Which operating system is most associated with Chromebooks and cloud/web-based workflows?
A. ChromeOS
B. Windows Server
C. iPadOS
D. Android
5. Which mobile operating system is Linux-based and used by many device manufacturers?
A. iOS
B. macOS
C. Android
D. ChromeOS
6. Which file system is Apple's modern file system for macOS, iOS, and iPadOS?
A. ReFS
B. APFS
C. FAT32
D. XFS
7. Which command on Linux shows mounted file systems and their file-system types?
A. `whoami`
B. `ping 127.0.0.1`
C. `gpupdate /force`
D. `df -T`
## Answer Key For Instructor
1. C
2. B
3. D
4. A
5. C
6. B
7. D

68
quizzes/OS-6-quiz.md Normal file
View file

@ -0,0 +1,68 @@
# OS-6 Quiz: Windows Control Panel and Settings
Take this after studying `notes/OS-6-windows-control-panel-settings.md`.
Reply with answers like:
`1B 2A 3D 4C 5B 6A 7D`
## Questions
1. A technician needs to uninstall a classic desktop application. Which tool is the best fit?
A. Device Manager
B. Programs and Features
C. Event Viewer
D. Resource Monitor
2. A user wants Windows to show hidden files and file extensions. Which area should the technician open?
A. Power Options
B. Windows Defender Firewall
C. Devices and Printers
D. File Explorer Options
3. A laptop user wants closing the lid to do nothing while connected to a docking station. Which area should be configured?
A. Power Options
B. Internet Options
C. Indexing Options
D. User Accounts
4. Which command opens Network Connections so a technician can view or change adapter settings?
A. `appwiz.cpl`
B. `firewall.cpl`
C. `ncpa.cpl`
D. `powercfg.cpl`
5. A printer needs to be managed from the classic Control Panel interface. Which command can open the right area?
A. `control folders`
B. `control printers`
C. `msconfig`
D. `perfmon`
6. A technician needs to manage a device driver. Which tool should they use?
A. Disk Cleanup
B. Task Scheduler
C. Indexing Options
D. Device Manager
7. Which command opens the Windows Settings app?
A. `eventvwr.msc`
B. `chkdsk`
C. `ms-settings:`
D. `whoami`
## Answer Key For Instructor
1. B
2. D
3. A
4. C
5. B
6. D
7. C

Some files were not shown because too many files have changed in this diff Show more