Master Set #2 - Core 2
VFAT
virtual file allocation table - file system for linux
jitter
variation in delay
shell
An interface between the user and computer and software
adobe illustrator file
.ai
AIF audio file
.aif
MS-DOS command file
.com
Comma separated value file
.csv
macOS X disk image
.dmg
GIF image
.gif
Java Archive file
.jar
PSD image
.psd
Scalable Vector Graphics file
.svg
Toast disc image
.toast
WAV file
.wav
WMA audio file
.wma
Windows Media Player playlist
.wpl
Which shutdown command switch enables aborting a system shutdown?
/a
What ipconfig parameter allows you to view the physical address of a Network Interface Card?
/all
Which copy command switch verifies that the new files are written correctly?
/v
How many Gigabytes (GB) of system Ram does Windows 7 or 10 (32-bit) require?
1 GB
In order to use BitLocker Drive Encryption, how much free space will be required on your system partition?
1.5GB
sector
512 bytes on a disk
This Script file syntax redirects the output of a comment
>>
Event Viewer
A management console snap in for viewing and managing system logs (accessed through computer managment, administrative tools, or eventvwr.msc)
crontab -1
Add or delete a scheduled job in cron
Symmetric multiprocessing is not supported in which Edition of Windows 8?
Core
mstsc is used to...
Create RDP connections to remote servers
chkdsk C: /x
Dismounts volume C:
What tool provided by Microsoft allows for the encryption of individual files?
Encryption File System (EFS)
The Security and Maintenance applet in Windows Control Panel provides access to Windows Firewall (Windows 7) / Windows Defender Firewall (Windows 8/8.1/10) configuration settings. T or F
False
WEP uses a encryption and decryption cipher known as?
RC4
Setup
Records events generated during installation
To configure wireless options and IP addresses on a router what tab do you need to click on?
Settings
Which Microsoft Windows tool can be used by system administrators to find and isolate problems that might prevent the OS from starting correctly?
System Configuration (msconfig.exe)
Top Secret
The highest level of classification
kernel
The software component that provides the core set of operating system functions
TPM stands for
Trusted Platform Module
What is the weakest wireless encryption standard?
WEP
JavaScript escape character
\
Rootkits
a set of software tools that enable an unauthorized user to gain control of a computer system without being detected.
vi/vim
a text file editor in linux
Command
apple equivalent of Ctrl button
.sh
Linex shell script
The ext3 and ext4 file systems are associated with the _____ operating system.
Linux
ext3 and ext4 are examples file systems used by what Operating System?
Linux
Diagnostic start up
Load basic devices and services only
What Windows tool can be used to customize security policies for a workstation that's not part of a domain?
Local Security Policy
An interactive interface used by the Operating System instead of a command line interface.
Graphical User Interface (GUI)
shutdown -h
Halt or power off the system
What type of antivirus software will learn from a network that has been infected with malware and hopefully use that information to prevent future occurrences?
Heuristic analysis
What can you enable to reject specific device access to a router?
MAC Filtering
What will only allow specific clients to access a Wireless LAN?
MAC filtering
Name 2 common types of attacks that are designed to subvert switches.
MAC flooding and ARP Poisoning
The two main partitioning schemes are ___ and ___.
MBR and GPT
What are the DOS commands to make and remove a directory?
MD, RD
MMC stands for...
Microsoft Management Console
NAS stands for?
Network Attached Storage
NTFS
New Technology File System - proprietary file system used exclusively with Windows
Incremental backup
New files and files modified since last backup(low backup time, high restore time uses multiple tape sets)
CDs, DVDs, and Blu-ray discs players are listed as what in a computer's firmware?
Optical Drives
A filesystem designed by Microsoft for flash storage is _____.
exFAT
In the event that you have to copy the installation media to a computer's fixed disk what is the tool you use to copy code to make the partition bootable?
bootsect
OU
Organizational Unit - Provide a way of dividing up a domain into different administrative realms
Eavesdropping
capturing and reading data packets as they move over a network
fsck
checks partition errors (partition should be unmounted before running this tool)
Which of the following commands launches a command interpreter utility in Windows?
cmd
Change management six steps Step 3 Examine all change requests to determine: Change request prioritization Resource requirements for implementing the change Impact to the system Back-out procedures Schedule of implementation
Plan for implementation of changes
Force Quit
in Apple menu or press command+option+esc
When moving a file from one folder to another on the same partition, explicit NTFS permissions are _____
kept
taskkill /PID #### /T
kills the Process ID by number and any child processes which were started by it from the cmd prompt
taskkill /im application
kills the process by image name from the cmd prompt
Standby/Sleep Mode
saves current session to memory and put the computer into a minimal power state
If you plan to reuse a computer what type of formatting method is the most appropriate for ensuring data has been removed?
standard formatting
In this type of VDI at the end of a session, user desktop reverts to its original state
non-persistent
In this type of VDI Each user runs their own copy of virtual desktop
persistent
A command to view running processes in Linux is ____.
ps
secure boot
restricts OS installation to trusted software
A file containing configuration information for setting up a new installation is referred to as?
unattended installation
apt-get upgrade
update all packages with latest versions
asymmetric encryption
used in public key encryption, it is scheme in which the key to encrypt data is different from the key to decrypt.(uses an RSA cipher)
In order to join a Windows Domain you must follow these steps: 9. You must authenticate yourself using a ____ and ____. Then click OK.
username and password
Default Programs
An applet to set the programs you wish to use, or choosing which application is used to open files of a particular extension
Time Machine
Apple equivalent of system restore
.vbs
VBScript
.py
Python
LPL
Windows Logo'd Product List- catalog of tested devices and drivers
Which of the following would you install to redress issues of laptops disappearing?
Cable locks
This is a anti-piracy technology for Windows
Microsoft Product Activation
Which of the following actions should you take before repurposing a hard disk?
Perform low level format
Which of the Windows Task Manager tabs in Windows 8/8.1/10 includes the information about the network resources usage listed under Networking tab in previous releases of the Microsoft OS?
Performance
This type of diagram will, ideally, show the network topology exactly as it is: with all of the devices and the connections between them.
Physical network diagram
This is a reserved part of a Windows disk that is identified by a drive letter
Primary Partition
Under the Administrative Tools folder what utility can administer print devices?
Print Management
Where can you find printer devices in Microsoft Windows Control Panel prior to Windows 7?
Printer applet
Which of the following allow for administering print devices in Microsoft Windows?
Printers applet in Control Panel in Windows OSs prior to Windows 7 / Devices and Printers applet in Control Panel in Windows 7 and newer Microsoft OSs / Print Management utility in the Administrative Tools folder.
A Windows Internet Properties applet tab containing an option for managing pop-up windows displayed by websites is called:
Privacy
The pop-up blocker can be enabled for IE under the _______ tab of Internet Properties.
Privacy
SSID
Service Set IDentifier
The System Configuration utility tab containing a list of background applications that can be enabled/disabled during system startup is called:
Services
An MS Windows Administrative Tools folder applet for managing background applications is called:
Services (services.msc)
This MS Windows Administrative Tool applet is used for the management of background applications.
Services (services.msc)
Print Management
Set properties and monitor local printers and manage print sharing on a network
Transmit Power
Sets radio power level, typically set to the highest level by default
Which of the volume types available in Windows Disk Management utility do not offer fault tolerance?
Simple volume / Spanned volume / Striped volume
An Apple proprietary voice recondition system and personal assistant
Siri
Services
Start, stop, and pause services
dir/w
lists files using a wide format with no file details
Windows 7 Editions
- Windows 7 Starter - Windows 7 Home Basic - Windows 7 Home Premium - Windows 7 Ultimate - Windows 7 Professional - Windows 7 Enterprise
Windows 8/8.1 Editions
- Windows 8/8.1 (Core) - Windows 8/8.1 Pro - Windows 8/8.1 Enterprise
Except for Education and Enterprise September feature updates are scheduled for how many months until they are retired?
18
MM
specifies the month in numerical or text format in cron
What is the maximum amount of RAM supported by 64-bit Microsoft Windows 7 Enterprise Edition?
192 GB
format D: /a:512
specifies the size of allocation units
What is the maximum amount of RAM supported by 64-bit Microsoft Windows 7 Professional Edition?
192 GB
taskkill /im
specify image name to kill
What is the maximum limitation of RAM for Windows 7 Enterprise 64-bit?
192GB
What is the maximum limitation of RAM for Windows 7 Professional 64-bit?
192GB
Remote Disc
A feature of OS X that gives other computers on the network access to the Mac's optical drive. system preferences -> Sharing
Windows 7 starter edition has a limit of how much Physical Ram?
2GB
On a basic disk how many primary partitions can Windows 7 and later have at maximum?
3
Which of the following netstat parameters displays addresses and port numbers in numerical form?
-n
The optimal humidity range for computer equipment is between ___ and ___ percent.
40,60
Wireless encryption
-All wireless computers are radio transmitters and receivers • Anyone can listen in -Solution: Encrypt the data • Everyone gets the password (shared password) • Or they get their own password -Only people with the password can transmit and listen • WPA and WPA2 are two common forms of wireless encryption
System updates (Linux)
-Command line tools • Depending on linux distro, either "apt-get" or "yum" will be used -Graphical update managers • Software updater -Patch management • Updates can be scheduled -Software center is used to install applications • The Linux "App Store"
What CLI program can be used to partition and format hard drives in Windows?
DISKPART
Scanning emails for strings of numbers matching "###-##-####" and preventing them from being sent outside an organization is an example of ____.
DLP
Services tab
- Can enable and disable Windows services • Determine what starts during boot -Easier to manage than the Services applet • Click/unclick -Useful for trial and error • It may take many reboots to find your problem
Dim display (Troubleshooting Mobile Apps)
- If difficult to see the screen, even in low light -Check the brightness setting located at: • iOS: Settings / Display and brightness • Android: Settings / Display / Brightness level -If issue is not fixed, then replace the bad display - most likely a backlight issue
Network setup
- Located in Control Panel under "Network and Sharing Center" • can set up a new connection or network -Step-by-step wizard - Confirmation during the process • Many different connections such as Direct, VPN, dial-up, etc.
Apple iOS history
-Apple iPhone and Apple iPad OS • Based on Unix • Closed-source - No access to source code • Exclusive only to Apple products -iOS Apps • Apps are developed with iOS SDK on Mac OS X • Apps must be approved by Apple before release • Apps are available to users in the Apple App Store
Host-based firewalls (Logical Security)
-"Personal" firewalls • Software-based -Included in many operating systems • 3rd-party solutions also available -Stops unauthorized network access • "Stateful" firewall • Can allow or deny traffic by application through the network interface -Windows Firewall • Can filter traffic by allowing/denying through the port number and/or application
PowerShell escape character
--%, ', \,
0
---
1
--x
Windows 8/8.1 Core
-A basic version for the home • x86 and x64 versions -Microsoft account integrates into the OS • Login to your computer and all of your services -Includes Windows Defender • Integrated anti-virus and anti-malware -Uses Windows Media Player to Play audio CDs and DVDs -Does not support EFS, Bitlocker, Domain Member, AppLocker, BranchCache -Available in 32-bit (Max 4 GB RAM) and 64-bit (Max 128 GB RAM)
Non-compliant systems
-A constant challenge to stay in compliance when systems are deployed • There are always changes and updates -Standard operating environments (SOE) • A set of tested and approved hardware/software systems • Often a standard operating system image -Operating system and application updates • Must have patches to be in compliance • OS updates, anti-virus signatures • Needs to be checked and verified before access is given
Mapping drives
-Access a share • This PC / Map network drive -Local drive letter and share name • May require additional authentication -Or use the command line: • e.g. "net use x: \\sg-server\mission-reports"
Services
-Background process • No user interaction • File indexing, anti-virus, network browsing, etc. -Useful when troubleshooting the startup process • Many services startup automatically -Command-line control • Can start/stop services with the net start/net stop command -Services is located in Control Panel under Administrative Tools • Type in "services.msc" through search or cmd prompt
Malware network symptoms (Troubleshooting Security Issues)
-Can slow performance or cause lock-ups • Malware isn't the best written code -Can cause Internet connectivity issues • Malware likes to control everything • You go where it wants you to go • You can't protect yourself if you can't download anti-malware software -Can also keep OS updates from installing • Malware keeps you vulnerable • Some malware uses multiple communication paths -Reload or clean to remove malware • Either use a malware cleaner or recover from known good backup
chown (Linux Command)
-Changes file owner and group • Modifies file settings -sudo chown [OWNER:GROUP] file • "> sudo chown professor script.sh" changes the owner of the file "script.sh" to "professor"
Windows 7 Ultimate
-Complete functionality -Supports the following: • DVD playback • Windows Aero • Internet Connection Sharing • IIS Web Server -Supports all enterprise technologies: • Can join a domain • Bitlocker support • EFS (Encrypting File System) -Same features as Windows 7 Enterprise • But for the home user -x86 version supports 4gb RAM -x64 version supports 192gb RAM
Maintain confidentiality (Professionalism)
-Concerns regarding privacy • You'll have access to sensitive information • Both professional and private • Whether on the computer, desktop, printer, mobile phone, desk -You have professional responsibilities • IT professionals have access to a lot of corporate data • Must maintain confidentiality -Be respectful of personal information • Treat people as you would want to be treated
Batch files (Scripting)
-Contains a ".bat" file extension • Scripting for Windows at the command line • Legacy goes back to DOS and OS/2
Wireless connections
-Contains the Network name • such as the SSID (Service Set Identification) -Security type • Encryption method -Encryption type • TKIP or AES -Security key • WPA2-Personal - a Pre-shared key method (password) • WPA2-Enterprise - a 802.1X authentication method (username and password)
Locking cabinets (Physical Security)
-Data center hardware is often managed by different groups • Responsibility lies with the owner -Racks can be installed together • placed Side-to-side -Enclosed cabinets with locks • Ventilation on front, back, top, and bottom
Tools tab
-Easy access to popular administrative tools • UAC settings, System Information, Computer Management, etc. -Faster than searching through menus or typing • A static (but comprehensive) list
Python (Scripting)
-General-purpose scripting language • Contains a ".py" file extension -Popular in many technologies • Broad appeal and support in many operating systems
Black screen (Troubleshooting Windows)
-If you get no login dialog or no desktop • issue might be driver corruption or corruption with OS system files -If changes were recently made to video settings or new video drivers were installed • Start in VGA mode for lower resolution • Press F8 for startup options -If you believe the issue is related to the OS system files • Run SFC - System File Checker • Runs from recovery console • If SFC finds any invalid files, it will replace that file and boot the system with the recovered files -If the problem is related to a video driver • Update driver in Safe Mode or VGA Mode • Download from known good source -Repair/Refresh or recover from good known backup
mkdir
-Makes a directory • Create a folder for file storage -mkdir DIRECTORY • To create a directory called "notes", you use the command "> mkdir notes"
Prepare the boot drive
-Know your drive • Is there data on the drive? • Has the drive been formatted? • What partitions are on the drive? -Backup any old data - You may need that back someday -Most partitioning and formatting can be completed during the installation • Clear the drive and start fresh
Windows at work
-Large-scale support • Thousands of devices supported by IT -Security concerns • Mobile devices with important data that needs to stay safe • Local file shares -Wide varieties of purposes such as the Accounting Dept. working on a spreadsheet • Or Marketing Dept. having the need to play videos -Geographical sprawl - Not all systems are in the same building • Need a way to managed cache data between the sites slow WAN connections
Limited connectivity (Troubleshooting Windows)
-Limited or no connectivity: The connection has limited or no connectivity. You might be unable to access the Internet or some network resources. The connection is limited -Check Local issues • Wireless signal might be weak or might be a disconnected cable • Check IP address configuration • Reboot -External issues • Wireless router rebooted/turned off • Ping your default gateway and external IP
System Configuration (msconfig)
-Manages boot processes • Windows startup applications • Windows services -There are 5 tabs in system configuration • General • Boot • Services • Startup • Tools • Located in Control Panel under Administrative Tools • OR type "msconfig.exe" in cmd prompt or in search bar
Policies and best practices (Privacy, Licensing, and Policies)
-Policies • These are general IT guidelines • Determines how technology should be used • Provides processes for handling important technology decisions -Security best practices • Some security techniques are accepted standards within the industry • Covers both processes and technologies • For example: You need a firewall. Use WPA2. Use strong passwords • Create steps to follow if there's a breach
WARNING (Safety Procedures)
-Power is dangerous -Remove all power sources before working -Never touch ANYTHING if you aren't sure -Replace entire power supply units • Never repair internal components -The devices contain a high voltage • Power supplies, displays, laser printers, etc...
sfc (System File Checker) command
-Scans the integrity of all protected system files • sfc /scannow
Tokens and cards (Physical Security)
-Smart card • Integrates with devices • May require a PIN -USB token • Certificate is on the USB device -Hardware or software tokens • Generates pseudo-random authentication codes -Your phone • SMS a code to your phone
Scheduled backups for Mac OS
-Time Machine - Included with Mac OS X -Hourly backups for the past 24 hours -Daily backups are done for the past month -Weekly backups - All previous months -Starts deleting oldest information when disk is full
A "friendly" DoS
-Unintentional DoSing • It's not always a ne'er-do-well -Network DoS • Layer 2 loop without Spanning Tree Protocol -Bandwidth DoS • Downloading multi-gigabyte Linux distributions over a DSL line -The water line breaks on a higher floor which water would leak from the ceiling into the computer room • This prompts all computer equipment to be turned off and stored away as prevention from further damage
Notepad
-View and edit text files • You'll use a lot of text files -Included with almost any version of Windows
Gestures (Mac OS Features)
-You can do more than just point and click • Extend the capabilities of your trackpad -Use one, two, three fingers • Swipe, pinch, click -Customization • Can enable/disable preferences under System Preferences > Trackpad
File management
-dir • Lists files and directories in cmd prompt -cd • Change working directory in cmd prompt • Include the backslash (\) to specify volume or folder name -.. • Two dots/periods in cmd prompt (e.g. cd..) takes you back up one folder level
pwd vs. passwd (Linux Command)
-pwd • Print Working Directory • Displays the current working directory path • Useful when changing directories often -passwd • Change a user account password • Yours or another • "passwd" to change your own password • "passwd [username]" to change password for a specific user
2
-w-
How many gigahertz (GHz) does a CPU running Windows (32-bit) have to have at minimum?
1 GHz
How many gigahertz (GHz) does a CPU running Windows 7 or 10 (64-bit) systems have to have at minimum?
1 GHz
What AP channels should you use in a 2.4 GHz network to avoid interference?
1,6,11
A computer with at least two Operating Systems installed is called a ______ system
Multiboot
malware removal process
1. Identify and research malware symptoms 2. Quarantine infected systems 3. Disable system restore 4. Remediate infected systems: -update anti-malware software -scan and use removal techniques 5. Schedule scans and run updates 6. Enable system restore 7. Educate end user
In order to join a Windows Domain you must follow these steps: 7. On the Set up a work or school account select join this device to a local ___ ____ ___
Active Director Domain
How many Gigabytes (GB) of storage space does a system running Windows 7 (32-bit) require?
16 GB
What is the maximum amount of RAM supported by 64-bit Microsoft Windows 7 Home Premium Edition?
16 GB
What is the maximum limitation of RAM for Windows 7 Home Premium 64-bit?
16GB
IPv4 Loopback Address
127.0.0.1
Loopback address
127.0.0.1
What is the maximum amount of RAM supported by 64-bit Microsoft Windows 10 Home?
128 GB
What is the maximum amount of RAM supported by 64-bit Microsoft Windows Core 8/8.1?
128 GB
What is the maximum limitation of RAM for Windows 10 Home 64-bit?
128GB
What is the maximum limitation of RAM for Windows 8 Core 64-bit?
128GB
How much disk space does Windows 7 use?
16gb
AES
Advanced Encryption Standard
How many Gigabytes (GB) of system Ram do Windows 7 and 10 (64-bit) systems require?
2 GB
How many Gigabytes (GB) of system Ram do Windows 8 and 8.1 (64-bit) systems require?
2 GB
What type of, and how many, partitions are required for BitLocker on a TPM compliant computer?
2 NTFS partitions
What is the maximum amount of RAM supported by 64-bit Microsoft Windows 10 Education?
2 TB
What is the maximum amount of RAM supported by 64-bit Microsoft Windows 10 Pro?
2 TB
What is the maximum limitation of RAM for any Windows 32-bit?
4GB
Windows versions are given how many years of mainstream support? They are also given the same number of years in extended support
5
What is the maximum amount of RAM supported by 64-bit Microsoft Windows Enterprise 8/8.1?
512 GB
What is the maximum amount of RAM supported by 64-bit Microsoft Windows Professional 8/8.1?
512 GB
What is the maximum limitation of RAM for Windows 8 Professional and Enterprise 64-bit editions?
512GB
What is the maximum amount of RAM supported by 64-bit Microsoft Windows 10 Enterprise?
6 TB
exFAT
64 bit Extended File Allocation Table used for large capacity removable hard drives and flash media.
What is the maximum limitation of RAM for Windows 10 Enterprise 64-bit?
6TB
What is the maximum limitation of RAM for Windows 7 Home Basic 64-bit?
8GB
Windows Batch file comment
::
What is vi?
A Linux command-line text editor
robocopy (robust file copy)
A Windows command that is similar to and more powerful than the xcopy command, used to copy files and folders.
diskpart
A Windows command to manage hard drives, partitions, and volumes.
service
A Windows process that does not require any sort of user interaction and so runs in the background
swap partition
A disk partition disignated for swap space in linux
Authenticated Users Group
All user accounts that have been authenticated to access the system
What is the macOS equivalent of a BSOD?
A pinwheel of death!
Boot Camp
A utility on macOS that allows a full windows installation to be made on a Mac. Applications ->Utilities folder
regsvr32
A utility that is used to register component services used by an installed application.
zero-day exploit
A vulnerability that is exploited before the software creator/vendor is even aware of its existence.
WPA2 replaces the encryption and decryption cipher used before with a new one known as?
AES
An organizations information security policies dictating how devices can or cannot be used when using company provided services is defined under what legal document?
Acceptable Use Policy
The policy that explains what users can and can't do on company equipment is an ___.
Acceptable Use Policy (AUP)
Where are folder and file permissions and denials for individuals and groups kept?
Access Control List (ACL)
The Active Directory service that manages the process that allows a user to sign on to a network from any computer on the network and get access to the resources that Active Directory allows.
Active Directory Domain Service (AD DS)
You are a network administrator given the task of setting up server backups to be saved locally to NAS. You want to ensure that the backups will work properly. What can you set up in order to get information about this?
Alert on failure
Differential backup
All data modified since last full backup(moderate backup time, moderate restore time uses no more than two tape sets)
full backup
All selected data regardless of when it was previously backed up (high backup, time low restore time uses one tape set)
What is the difference between an IDS and an IPS?
An IDS only detects intrusion, whereas an IPS can act to stop intrusions
Business client
An OS designed to work as a client in a business network
LocalSystem account
An account in which if a process is executed it is unrestricted in terms of making changes to the system configuration and file system (better than administrator account)
NetworkService
An account that has the same privileges as LocalService but can access the network using the computer's machine account's credentials
System Information
An application used to provide detailed diagnostic information about your mac
A smartphone and tablet OS developed by Open Handset Alliance and Google..
Android
Examples of companies who use this OS are: Oppo Samsung Sony Motorola LG Acer Asus
Android
Which mobile operating system is built on open-source software?
Android
A customer calls to complain that his android smartphone is locked and he cannot unlock it. You ask him if he has a google account tied to the phone and he confirms he does. What application can you advice him to use to help trouble shoot this problem?
Android Device Manager
Power Users
Appears in legacy applications but is deprecated because the rights allocated to this account type can be abused to allow the user Administrative or System privileges
This is a OS designed to work as a client on business networks
Business Client
Disk Utility
App in macOS used to verify or repair a disk or file system
The official app stores on iOS and Android are called _______ and _______, respectively.
App Store and Google Play Store
Which of the following best describes the Principle of Least Privilege?
Assign users the least permission level required to do their jobs
bootrec
Attempts to fix startup problems.
Step 4 in creating a custom image for deployment of Windows 7 is to: Start the computer in this mode to remove account and profiled users from it.
Audit
What do you need to configure in order for a computer to boot from a Windows 7 Repair disk?
BIOS settings
What Windows CLI program can be used to fix boot problems?
BOOTREC
This is a vital step if you are replacing a existing installation.
Back up data
If your phone becomes hot to the touch what can you disable to hopefully correct this issue?
Background Functions
-can be used to measure changes in Performance over the lifetime of an IT Service -can be used to enable the IT Infrastructure to be restored to a known Configuration if a Change or Release fails. -An ITSM can be used as a starting point to measure the effectiveness of a Service Improvement Plan
Baseline
A RAID utility should be configured and its volumes created at what time in the OS installation?
Before
Control panel
Best place to configure your system in Windows 7
A retina scan is an example of _______ authentication.
Biometric
This is a full volume disk drive encryption feature included with Microsoft Windows.
BitLocker
An encryption tool Microsoft offers for removable flash drives is called __________.
BitLocker-To-Go
___________________ is a Microsoft application that allows you to encrypt removable media such as USB flash drives.
Bitlocker-to-Go
You can manage the maximum amount of RAM to be used in a chosen OS in a multiboot environment under what MSConfig tab?
Boot
Trying every possible combination of characters to crack a password is known as a __________ attack.
Brute force
What is the DOS command to change directories?
CD
A file system commonly used on CDs is ____.
CDFS
Upgrade Windows 8.1 Enterprise to Windows 10
Can upgrade to: • Windows 10 Enterprise Cannot upgrade to (requires clean installation): • Windows 10 Home • Windows 10 Pro
Upgrade Windows 7 Home Basic to Windows 10
Can upgrade to: • Windows 10 Home • Windows 10 Pro Cannot upgrade to (requires clean installation): • Windows 10 Enterprise
Upgrade Windows 7 Home Premium to Windows 10
Can upgrade to: • Windows 10 Home • Windows 10 Pro Cannot upgrade to (requires clean installation): • Windows 10 Enterprise
Laser printer process: step two. the photosensitive drum is given a negative charge
Charging
This is a feature of Windows 8 which provides access to Windows Search, Sharing, Start menu, Devices, and Settings. The menu appears when the mouse cursor is positioned at the top-right or bottom-right corner of the Windows 8 GUI, or the keyboard shortcut Windows key + C is pressed.
Charms (or Charms Bar)
During a Full Format the sectors of a drive are ______ for bad sectors.
Checked
What tool allows for the checking of logical and physical file systems while attempting to repair any errors found?
Chkdsk
A proprietary OS derived from Linux. Developed by Google. Runs on specific laptops and PC hardware
Chrome OS
An operating system used primarily for web based applications
Chrome OS
This is the method of installing a fresh copy of a OS to a new system or overwriting an old system with a new one.
Clean install
ipconfig /flushdns
Clears the DNS resolver cache
To repair a Windows 7 installation there are 4 steps this is step 3
Click Install Now
The number of bits allocated to define colors on a monitor is referred to as ________.
Color depth
The key combination to force quit on a Mac is...
Command-Option-Esc
CIA
Confidentiality, Integrity, Availability
System Log
Contains information about service load failures, hardware conflicts, and driver load failures
Application Log
Contains information regarding the application errors
Network Group
Contains user accounts of any users connected to a computer over the network
This is a management interface for configuring Windows 7 (and beyond) settings
Control Panel
What utility file can be used to convert a FAT partition into a NTFS partition but can not do the reverse?
Convert.exe
Windows must be installed in what type or style of file partition?
NTFS (New Technology File System)
A _____ server assigns hosts IP addresses and other network parameters.
DHCP
What kind of server provides hosts with IP addresses and network information when they connect to a network?
DHCP server
Script file syntax. This Visual Basic Script syntax will allow you to declare a variable value
DIM
What command declares variables in visual basic programming?
DIM
What is the DOS command to list the contents of a directory?
DIR
A _____ server helps hosts translate domain names into IP addresses.
DNS
Workgroups employ a __________ architecture whereas domains employ a __________ architecture.
Decentralized, centralized
Using a strong magnetic field to wipe a hard drive is referred to as ________.
Degaussing
Which of the following settings are used for establishing a dial-up connection in Windows?
Dial-up phone number / User name / Password.
Downloading a list of millions of previously leaked passwords and running them against a website is a _________ attack.
Dictionary
This displays a report and determines its ability to support 3D graphics and sound in a Windows system
DirectX Diagnostic Tool
______ graphics device with Windows Display Driver Model 1.0 or higher driver is a requirement for Windows (32-bit) systems.
Directx 9
net user dmartin /active:no
Disables dmartin account
You can inspect and configure disks, partitions, and file systems using this Windows tool console.
Disk Management
Which of the following macOS utilities allows to create/restore a disk image?
Disk Utility
What tool allows you to log and view hard disk activity?
DiskMon
What command prompt can covert partitions to GPT or MBR?
Diskpart
What is a utility file that is used to create partitions on a disk and can convert a basic disk into a dynamic one and the reverse?
Diskpart.exe
ipconfig /all
Displays DHCP, DNS server, MAC address, and NetBIOS status
Full Control
Do anything with the object, including change its permissions and its owner
The System Configuration utility in MS Windows can be launched by:
Double-clicking on the System Configuration icon shortcut in the Administrative Tools folder / Typing msconfig (or msconfig.exe) in the Command Prompt and pressing Enter / Pressing simultaneously the Windows and R keys, typing msconfig (or msconfig.exe) in the Run window, and pressing Enter
in order to manage a hard disk the computer setup program must have an appropriate
Driver
This is the ACRONYM used in referring to the term used with respect to a product supplied to customers, indicating that the product is in the end of its useful life (from the vendor's point of view), and a vendor stops marketing, selling, or rework sustaining it
EOL (End of Life)
Where can you find information about how a particular type of software can and cannot be used?
EULA
You often cannot use software unless you enter into this agreement. Acronym
EULA (End User Licence Agreement)
Malware Removal steps: Step 7
Educate the end user
The BranchCache feature is available in Windows Enterprise and what other edition?
Education
man/ --help
Either parameter will generate a detailed explanation of the command in Linux
WiFi protected setup requires that the SSID broadcast is___
Enabled
In order to operate, an integrated component such as Network Interface Card (NIC) may need to be first:
Enabled in the advanced BIOS settings menu
format D: /fs:NTFS /x
Enables file compression using NTFS
Drive wiping
Ensures old data on a hard drive is destroyed by writing zereos or a random patter to each location on the drive. Makes disk suitable for re-use
This is an agreement often used for corporations and large businesses that allows distribution of software company wide.
Enterprise License.
Data is ____ during a Full Format
Erased
A system partition that is used by UEFI computers uses a type of formatting style called
FAT
What Windows utility can be utilized to determine if a service is causing a cascading failure?
Event Viewer
Windows Security logs can be found under what tool set?
Event Viewer
Local Group Policy(gpedit.msc)
Exposes the whole registry configuration using a dialog-based interface(Offers a wider range of settings than Local Security Policy)
Laser printer process: step 3. Wherever the intended page has words or images to display the negative charge is removed or neutralized from the photo sensitive drum.
Exposing
Although Windows partitions in a multiboot environment must be NTFS in order for other OSs such as Linux to communicate with them what style format is recommended so long as file transfers are kept below 4GB?
FAT32
In addition to a NTFS data drive what is another common type of data drive BitLocker can encrypt?
FAT32
The 4 GB maximum file size limit and 2 TB maximum volume size limit are the characteristic features of:
FAT32
This is a partition that can be used to restore an OS environment to the same state in which it first arrived.
Factory recovery partition (also known as a Recovery or Rescue Disc)
The file manager in macOS is called...
Finder
Which of the following are examples of inheritance possession (something you are) to support multi factor authentication?
Fingerprint reader Retinal scanner
ipconfig /renew AdapterName
Forced DHCP client to renew lease it has for an IP address(if AdapterName is omitted it releases or renews ALL adapters on the network)
In Windows Disk Management utility on a local computer, a dynamic disk that has been moved from another computer and found by the OS is labeled as:
Foreign
The ability for communication to occur in both directions on a wire simultaneously is called __________.
Full duplex
Laser printer process step 6. Heat and pressure are used to permanently affix the toner to the paper
Fusing
In order for you to boot a computer to UEFI mode what type of partition must the hard disks partitions be set or converted to?
GPT (GUID Partition Table)
GPT
GUID Partition Table, part of EUFI, successor to MBR. Windows allows up to 128 partitions at 2TB each. It also has a back up copy for parition entries
Step 5 in creating a custom image for deployment of Windows 7 is to: Remove unique information from your Windows installation by _______ the computer
Generalizing
popular linux GUIs
Gnome, KDE, Cinnamon, Xfce
The I/O, IRQ and memory address settings used by the CPU for component communications are contained here
Hardware Resources
ID badges and smart cards are examples of something you ______.
Have
This OS is designed to work on standalone or work group PCs in a home or small office environment.
Home client
Change management six steps Step 4 At this stage, apply the change and monitor the results. If the desired outcome is not achieved, or if other systems or applications are negatively affected, back out the changes.
Implement and monitor the changes; back out changes if necessary
A file is failing to open in Windows. What's a common reason for this?
Improper extension is causing the wrong program to open it
Local Security Policy(secpol.msc)
In administrative tools. You would use this to configure password and account policies with out going into the registry
An installation that is written on top of a existing OS that retains the applications, user setting and data files is called?
In-place upgrade
This is a type of record that contains: What happened? What was required for recovery? Who was involved? What follow-up actions are needed? What lessons were learned?
Incident documentation
Event types
Information Warning Error Critical Successful Audit Failure Audit
ICM
Information Content Management - the process of managing information over its life cycle
footprinting
Information gathering threat in which the attacker attempts to learn about the configuration of the network and security systems
Footprinting
Information gathering threat in which the attacker attempts to learn about the configuration of the network and security systems.
When copying a file from one folder to another on the same partition, explicit NTFS permissions are ____
Inherited
To repair a Windows 7 installation there are 4 steps this is step 1
Insert DVD
Which of the following locations in MS Windows provide(s) access to the Internet Properties (inetcpl.cpl) system utility?
Internet Options applet in Windows Control Panel / Network and Sharing Center applet in Windows Control Panel / Windows Run dialog box (after typing in inetcpl.cpl and pressing Enter) / Internet Options menu item in Internet Explorer's Tools menu.
Which of the following settings are used for establishing a VPN connection in Windows?
Internet address (domain name or IPv4/IPv6 address) / Destination name / Smart card (optional).
A communication channel between a hardware device and the system processor:
Interrupt Request (IRQ)
.js
JavaScript
GPT allows for ________ drivers and _______ partitions than MBR.
Larger and more
Assigning only the permissions a user needs to perform his or her job is known as the principle of ___________.
Least privilege
32-bit editions of Windows need to be installed in what type of mode?
Legacy BIOS mode
Guests
Limited rights such as browsing network and shutdown, but they cannot save changes made to the desktop
What device helps protect against brownouts and power spikes, while providing steady live voltage frequencies to equipment?
Line Conditioner
In the case that your computer has legacy firmware and does not recognize the disk or volume you can use what option in the Where do you want to install Windows dialog box in set up?
Load Driver
Normal Startup
Load all device drivers and services
The command to open a Remote Desktop session is...
MSTSC
Which of the following answers refers to the MS Windows client application for Remote Desktop Services (RDS)?
MSTSC
What tab should you click on to update a router's firmware?
Management
What tab will allow you to update a router's firmware?
Management
Computer Management
Management console with multiple snap-ins to configure local users and groups, disks, services, and devices
The user interface introduced with Windows 8 is called _________.
Metro UI
What are frequent causes of BSODs?
Missing or corrupt files and drivers, malfunctioning hardware
A macOS system feature providing single-screen thumbnail preview of all open windows and applications is known as:
Mission Control
This type of enterprise software can be used by administrators to restrict the use of apps, monitor device use and even allow or deny use of built in device features such as camera and microphone usage while on company networks.
Mobile Device Management (MDM)
Change management six steps Step 6 You may need to modify the entire change management process to make it more effective. Consider reexamining your change management discipline if: Changes are not being applied on time. Not enough changes are being processed. Too many changes are being backed out. Changes are affecting the system availability. Not all changes are being covered.
Modify change management plan if necessary
Moving files and folders to a FAT or FAT32 partition
Modify permission is required for the destination folder. All permissions and NTFS attributes(such as encryption) are lost, FAT does not support permissions or special attributes
Where can you fix misalignment between screens when using multiple monitors?
Monitors can be arranged and oriented in Display Settings
A customer wants an application to start up as soon as he turns the computer on. What Windows tool do you recommend he utilizes to accomplish this goal?
Msconfig
What is the RAM benefit of using 64-bit architectures over 32-bit architectures?
Much more memory is supported
A password and smart card are examples of what type of security system?
Multi-Factor Authentication
Requiring both a password and time-based PIN to log into a website is an example of ________ authentication.
Multifactor
This is a technology used in CPUs to segregate areas of memory for use by either storage of processor instructions (code) or for storage of data: -it helps protect code against Malware attacks that overflow a system with garbage data
NX bit (no execute)
MacOS uses this network boot method
NetBoot
A technology from Apple which enables Macs with capable firmware (i.e. New World ROM) to boot from a network.
Netboot
NLA
Network Level Authentication - Authenticates user before committing any resources to RDP session preventing denial of service attacks
Name that OS type: an OS designed to run on servers in business networks
Network Operating System
What type of configuration info is used for setting up a wireless connection in Windows?
Network name / Encryption type / Security type / Security key
Do MAC address filtering or disabling SSID broadcast provide strong security?
No, MAC addresses can be spoofed and WiFi networks can be found whether or not they are broadcasting an SSID
Data is ______ during a quick format
Not Erased
During a Quick Format the sectors of a drive are ___ for bad sectors
Not checked
Control
Not the apple equivalent of the Ctrl button
When you use MSconfig to generate a boot log on startup what is the name of that log created?
Ntbtlog.txt
What configuration utility in Windows is used to facilitate communication between applications and varying types of databases?
ODBC Data Sources (odbcad32.exe)
What is the best way to stay ahead of previously unknown vulnerabilities in PC devices?
OS updates
Which of the following disk status options in Windows Disk Management utility indicates that a dynamic disk might be corrupted or intermittently unavailable?
Offline
chkdsk C: /i /c
On NTFS volumes only skips part of the checking process
What is the correct sequence of steps required to close a non-responsive user application in Task Manager in Windows 7?
On the Applications tab, right-click the program that isn't responding, click End Task button
Which of the following answers describes the correct sequence of steps required to close a non-responsive user application or process in Task Manager in Windows 8/8.1/10?
On the Processes tab, right-click the program/process that isn't responding, click End Task button
Microsoft's cloud storage solution is called ________.
OneDrive
In Windows Disk Management utility, a normal disk status indicating that the disk is ready for read/write operations is labeled as:
Online
Which of the following disk status options in Windows Disk Management utility indicates Input/Output (I/O) errors on a dynamic disk/volume?
Online (Errors) / Healthy (At Risk)
Which of the following allows to view hidden files, folders, and drives in Windows 8/8.1/10?
Open the File Explorer Options applet in Windows Control Panel, then select Show hidden files, folders, and drives in the Advanced settings on the View tab.
Windows key + r
Opens the Run dialog box
dir/o:d
Order by date
Its best to allow Windows Setup to ___ ____ ___ when installing from a UEFI DVD.
Partition the drive
The boot method of a Internal hard drive may either have its boot records consolidated into a singular one of these or spread across many.
Partition(s)
The practice of dividing hard disk space into isolated logical storage units that behave like separate disk drives is known as:
Partitioning
Company A calls tech support to complain that Company B a couple doors down is piggybacking on their open wireless connection that have for guest use. They want to keep the connection open for guests but want a solution to prevent Company B from using it. What configuration settings can allow this be accomplished?
Power levels
In Windows Disk Management utility, a dynamic disk status set to Offline/Missing indicates that the missing disk may be:
Powered down / Corrupted / Disconnected
Regular backups, disk maintenance, and software updates are all best ______.
Practices
taskkill /pid
Process ID used to specify a process to kill
In Windows 8 and later editions what Task Manager tab allows you to to close a application that isn't responding by right click the program and selecting the End Task button?
Processes
PHI
Protected Health Information - medical and insurance records, plus hospital lab results
msinfo32
Provides information about hardware resources, components, and thesoftware environment. Also known as System Information.
Which of the following describe(s) the function of Windows Task Manager?
Provides real-time reports on how a computer running Windows OS is using system resources (CPU/RAM/HDD/Network usage) / Allows system administrators for managing the currently logged-in users / Displays information on programs, processes, and services that are currently running on the computer / Allows to close a non-responsive application in Windows
Windows periodically has ___ ___ which do not usually make radical changes to Windows. However it may include new features and occasionally cause compatibility problems with some hardware devices and software apps.
Quality Updates
Malware Removal steps: Step 2
Quarantine the system
nslookup -Option Host Server
Queries a dns server about a host
What is the fastest way to prepare it for a full Windows operating system installation?
Quick Format
Malware that encrypts your files and demands payment for the decryption key is called ________.
Ransomware
This is a type of malware that may appear real. It could have a official seeming symbol, and state that your computer has been seen doing something illegal. The malware then states that you must pay to unlock your system.
Ransomware
Write
Read a file and change it, or create a file within a folder, but not to delete it
A error that says "Cannot read from the source disk". What is this a symptom of
Read/write Failure
shutdown -r
Reboot after shutdown
Change management six steps Step 2 Receive all requests for changes, ideally through a single change coordinator. Change requests can be submitted on a change request form that includes the date and time of the request.
Receive change requests
RSSI
Received Signal Strength Indicator - an index level calcuated from signal strength. If it the connection speed is below the RSSI minimum the wireless adapter will drop the signal
The number of times a screen can update itself per second is called the ___________.
Refresh rate
RADIUS stands for?
Remote Authentication Dial-In User Service
RADIUS
Remote Authentication Dial-In User Service - a type of authentication suitable for server and domain based networks
RADIUS
Remote Authentication Dial-In User Service - under this protocol Authentication, Authorization, and Accounting are performed by a seperate server
What type of application will help prevent data loss in the event that your phone is stolen or lost?
Remote Backup
If Windows slow performance and cannot find a single cause it may become necessary to perform this type of installation.
Repair Install
This is a snapshot that allows a computer to return to the point in time in which it was captured
Restore Point
Script file syntax. This batch file syntax will allow you to declare a local value that is defined only while the batch is executing
SET
What batch file command will declare a variable only while the batch is executing?
SET
Script file syntax. This batch file syntax will allow you to declare a persistent environmental variable value
SETX
If you are using a Hybrid SSD what area of it should you install the boot partition to improve performance?
SSD
This is a name to identify a WLAN by. You should change it to something you can recognize easily.
SSID
If your computer's antivirus identifies a infection but is unable to remove it because the program is in use, what mode that limits start up services and running program can you boot into = to try to run the antivirus again in order to remove it?
Safe Mode
You can set IE's security level for individual zones under the ______ tab of Internet Properties.
Security
SAM
Security Accounts Manager - where the local accounts are stored
A computer resource made available from one host to other hosts on a computer network is called a
Shared Resource (or Network Resource)
A type of user interface that enables the execution of operating system commands is commonly referred to as:
Shell
netstat -b
Shows the process that has opened the port
Three most effective types of physical data destruction?
Shredding, Incineration, Degaussing
This is a power-saving state that allows a computer to quickly resume full-power operation (typically within several seconds) when you want to start working again.
Sleep (Mode)
A power management mode in Windows that draws small amount of power, saves the system state in RAM, and allows for quick resuming of full-power operation with the use of a power button or on command is known as:
Sleep/suspend / Standby
Which of the following are samples of authentication possession (something you have) to support multi factor authentication?
Smart card Key fob
Information including drivers, environment settings, and network connections can be found under here
Software Environment
This is a type of social engineering email based attack that targets a specific individual, organization or business in the attempt to obtain personal information or to direct them to a website where their systems can become infected with malware.
Spear phishing
Which of the following is a macOS system search utility?
Spotlight
Which volume type in Windows Disk Management utility uses RAID 5 setup for performance gains and fault tolerance?
Striped with parity volume
Windows 7 Professional
Supports the following: • DVD playback • Windows Aero • Internet Connection Sharing • IIS Web Server -Supports all enterprise technologies: • Can join a domain • EFS (Encrypting File System) • Supports Remote Desktop Host -Missing enterprise technologies • BitLocker is NOT supported -x86 version supports 4gb RAM -x64 version supports 192gb RAM
A hidden file (or files) on the hard disk that Windows uses to hold parts of programs and data files that cannot be stored in RAM due to the insufficient memory space is called:
Swap file / Paging file / Virtual memory
A business owner wants encrypt the disk of her Windows 7 laptop to add a extra layer of security in case of loss or theft. She wants to encrypt the OS using BitLocker and require verification of early boot components and configuration data. What are the two requirements her laptop meet in order to accomplish this task in Windows 7?
TPM version 1.2 and Two NTFS partitions
cd/
Takes you back to the root of the cmd prompt
You need to back up a Linux system from command line. What prompt should you use?
Tar
In Windows 8 and newer releases of the Microsoft OS, contents of the MSConfig's Startup tab can be viewed and managed via:
Task Manage
A computer running Windows 10 is experiencing performance issues. What do you need to configure so that only select applications are launched after it has been restarted?
Task Manager
What Windows tool can be used to run a program every weekend?
Task Scheduler
TKIP
Temporal Key Integrity Protocol
Which of the following system utilities provides access to different command-line shells in macOS?
Terminal
AUPs and _____ serve the same purpose for an Internet Service Provider
Terms of Service
_____ groups have been implicated in DDoS attacks (cyber warfare).
Terrorist
system partition
The active partition of the hard drive containing the boot record and the specific files required to start the Windows launch.
Active directory
The database that contains the users, groups, and computer accounts in a Windows Server Domain
Which of the following enable a newly added disk to show up in Windows File Explorer?
The disk needs to be initialized /The disk requires a drive letter / The disk can be mounted as a folder
If an update fails and displays a error message what is the most important piece of information to write down from it?
The error number
Secret
The info is too valuable to permit any risk of its capture. Viewing is severely restricted
latency
The time it takes for a signal to reach the recipient
Destination Unreachable
There is no routing information
boot sector virus
These attack the boot sector, partition table, and file system
Interactive Group
This group contains the user account of the person currently working at the computer
ctrl + shift + enter
To run as admin, search for the application and enter this key command
The System Configuration tab in MS Windows providing access to MMC snap-ins is called:
Tools
Laser printer process Step 5. The transfer roller transfers the toner from the drum to the paper
Transferring
Disabling your SSID broadcast and reducing ___ ___ can help increase security by making your wireless network less visible.
Transmit Power
Which of the following best describes the kind of malware that infected the CFO's laptop after he downloaded and installed a popular file sharing app?
Trojan
Regulatory (Documentation Best Practices)
Types of regulating bodies: -Sarbanes-Oxley Act (SOX) • The Public Company Accounting Reform and Investor Protection Act of 2002 -The Health Insurance Portability and Accountability Act (HIPAA) • Extensive healthcare standards for storage, use, and transmission of health care information -The Gramm-Leach-Bliley Act of 1999 (GLBA) • Disclosure of privacy information from financial institutions
When set what will allow you to prevent anyone from being able to boot a Windows 10 PC?
UEFI user password
An installation that doesn't need to be supervised is called a(n) ________ installation.
Unattended
This is the full name for the modern replacement to the old Basic Input/Output System firmware in computers.
Unified Extensible Firmware Interface
UTM stands for...
Unified Threat Management
Which of the following disk status options in Windows Disk Management utility indicates that a basic or dynamic disk is not accessible and might have experienced hardware failure, corruption, or I/O errors?
Unreadable
Malware Removal steps: Step 3
Update anti malware software
Before you scan a suspected malware or virus infected computer what step should you take?
Update virus definitions
This automated software allows you to check if a computer's existing hardware and some software will be comparable with a newer version of Windows.
Upgrade Advisor
System Configuration Utility(msconfig)
Used to modify settings and files that effect the affect the way the computer boots in windows
Microsoft Windows User Accounts in Control Panel and what other component allow system administrators to enable/disable user accounts?
User Account Control (UAC)
This is a Windows Security System designed to restrict access to all but those with administrator privileges.
User Account Control (UAC)
UAC
User Account Control. Informs you when a program makes a change that requires administrator-level permission, also adjusts the permission level of your user accounts
What is a simple function for Janice to set that will prevent her children from being able to access her computer?
User Password
What Task Manager tab in MS Windows allows system administrators to disconnect a user (invoke a Windows lock screen) or to sign them off (force a user to log off).
Users
Malware Removal steps: Step 1:
Verify the infection
Read/list/execute
View the contents of a file or folder or start a program
Reliability and Performance Monitoring
View the performance of the local computer
Swap partition, Extended partition and what other option can be used as an Random Access Memory extension?
Virtual Memory
What is an area of a hard disk allocated to contain pages of memory called?
Virtual Memory
VNC
Virtual Network Computing - freeware that works over TCP port 5900 with similary functionality to RDP. Screen Sharing is based on VNC
VPN stands for
Virtual Private Network
What has replaced Multiboot as a much simpler way of achieving having multiple operating systems readily available and exceeded it by allowing them to be used concurrently?
Virtualization
In order to keep ahead of malware and virus threats its important to keep these up to date and perform regular scans of systems.
Virus Definitions
Macro viruses
Virus that takes advantage of the macro programming languages built into some software.(affect an Office Document)
Name the only edition of Windows 7 that can upgrade to Windows 10 Enterprise without requiring a new installation:
Windows 7 Ultimate
What will allow a network packet such as one used by a network attached printer to switch a computer from a dormant state to an active one?
Wake on LAN (WOL)
WoL
Wake on LAN - Allows you to start up the computer remotely
WoWLAN
Wake on Wireless LAN
What command is used to perform backups and restores of operating systems, drive volumes, computer files, folders, and applications from a command-line interface?
Wbadmin
Low Level Format
When a new harddisk leaves the manufacturer, creates cylinders, tracks and sectors on the platters
Although it is available in earlier versions of Windows the support for BitLocker started with which WIndows OS?
Windows 8
What type of connections use less power and help save battery life on a smartphone but often need to be set up first?
WiFi
Windows 10 Editions
Windows 10 Home Windows 10 Pro Windows 10 Education Windows 10 Enterprise
This version of Windows imposed significant user interface changes. These changes were primarily centered on providing support for touchscreens. It was not popular with users who used previous versions of Windows.
Windows 8 (and Windows 8.1)
Which of the following locations provide access to proxy settings in Windows?
Windows Settings menu -> Network & Internet -> Proxy / Windows Control Panel -> Internet Options -> Connections tab -> LAN settings -> Proxy server.
Which of the following locations in Windows 10 provide access to configuration options for connecting a network printer to a PC (network printer mapping)?
Windows Start button -> Settings -> Devices -> Printers & scanners -> Add printers & scanners -> Add a printer or scanner -> select a printer -> Add Device / Control Panel -> Devices and Printers applet -> Add a printer.
Which of the following locations in Windows 10 provide access to configuration options that allow to share a local printer with other PCs on a network?
Windows Start button -> Settings -> Devices -> Printers & scanners -> select a printer -> Manage -> Printer Properties -> Sharing tab /Control Panel -> Devices and Printers applet -> right-click on a selected printer -> Printer Properties -> Sharing tab.
.bat
Windows batch file
This is the step by step instructions for performing installation or configuration tasks using specific product or technology and credentials.
Work instruction
What is the term for a computer infected with malware that can be used to perform malicious tasks of one sort or another under remote direction.
Zombie
Python escape character
\
Bitlocker
a microsoft utility to encrypt a drive
Which of the MS Windows command-line commands lists the user accounts for the computer?
net user
*WHALING*
a phishing attack that targets people who are known/believed to be WEALTHY, such as CEO's or the "Big Dogs" of a company
*SPEAR PHISHING*
a targeted attack where the attacker has some information that makes the target more likely to be fooled.
*Eavesdropping* (sniffing)
a threat that captures and reads data packets as they move over a network (often using "packet sniffers" like Wireshark which captures the live network traffic
Tailgating can be done without the targets knowledge, but it can also be done WITH their knowledge in order to...
allow someone access to the area without having to record it in the buildings Entry Log.
answer file
an xml text file that contains all the instructions a Windows Setup program would need to install and configure an OS with out any administrator intervention
*LOGICAL TOKEN*
assigned to a user or computer when they authenticate to some service (example: web cookie)
dd
can be used to specify that date within the month(0-31) in cron
In order to join a Windows Domain you must follow these steps: 6. Under connect to work or school select
connect
Data Sources
control connection to databases set up on the local computer
Remote Settings location
control panel -> system properties -> remote settings
In Linux, a command to transfer exact copies of data from one place to another is ______.
dd
After an OS has been installed its a good idea to set the internal fixed disk, or the boot partition on it, to the _____ boot device and disable any other boot devices.
default
In order to get a PC that is taking a long time to boot you have already removed applications from startup but this did little to help. What else can you do to the hard disk drive to correct this issue?
defragment
What is the top level of the user interface displayed on screen when Windows starts and the user logs on known as?
desktop
What command line command launches the Device Manager tool in Microsoft Windows?
devmgmt.msc
Which of the following launches the Device Manager tool in Microsoft Windows?
devmgmt.msc
Digital rights management (DMR) controls what a purchaser can ___ or ___ ___ with hardware and media.
do, not do
Windows does not allow you to join this type of networking model during an unattended installation but otherwise it must be accessed in System properties.
domain
Social engineering depends on _____ factors rather than technology.
human
Apple's cloud storage service is called...
iCloud
___ is the operating system for iPhone smartphones and and iPads tablets
iOS
script file
is a text document containing commands for the operating system. The commands are run in the order they are listed
dd
linux command that makes a copy of an input file to an output file
FOR creates a ____ in a windows batch file
loop
Step 7 in creating a custom image file for image deployment of Windows is to Create new Windows 7 installation ____ for the custom image on the technician computer.
media
Ways of mitigating Social Engineering attacks include training employees to...
only release info using standard procedures identify PHISHING-style attacks (plus any new styles that develop in the future) not release ANY work-related info on third-party sites or social media NEVER reuse work account passwords
mstsc
opens a Remote Desktop connection from command line
devmgmt.msc
opens device manager from runline
John visits his email provider's website daily to check his email. Today however he received an unusual message that states the site's certificate is not from a trusted source and asked if he wishes to continue to the site or exit. John quickly realizes that the site may have been hacked and redirected to another site and exits. What type of site has he realized he was most likely redirected to?
phishing site
When preparing for malware recovery in a company environment it is a good idea to prepare response polices and ___ as a first step.
procedures
virtual memory
process of optimizing RAM storage by borrowing hard drive space
In Linux, to switch to the root user, run _____. To switch to any other user, run _____.
ps, ps <user>
What Linux command tells you where you are currently in the filesystem?
pwd
control + C
quits a running program in command prompt
4
r--
5
r-x
shutdown now, +10
reboot 10 minutes from now
Social Engineering is best mitigated by training users on how to _____ and _____ to certain situation.
recognize, respond
popular linux distros
redhat/CentOS, SUSE, Debian/Ubuntu, Knoppix
apt-get update
refresh the local database with information about the packages available from the repository
To open the Registry Editor, press Win+R and enter _______.
regedit
Which of the following system utilities in MS Windows provides access to a database containing system configuration information?
regedit
Which other command-line command besides regedit can be used to launch registry editor in Windows?
regedt32
Another way to mitigate Social Engineering attacks is to establish a ______ _____ for suspected attacks.
reporting system
In order to join a Windows Domain you must follow these steps: 11. after you've done all the other steps you must do this common first step in any IT process
restart PC
6
rw-
*CRYPTOGRAPHIC HASH*
scrambles the data in a way that the original plain-text password is *normally* unrecoverable
In a multiboot environment where should each OS be installed?
separate boot partitions
Activation Lock/Device Protection
services that work in the device firmware that prevents restores or the disabling of location services
weekday
sets the day of the week in cron in either numerical or text format
What allows a single user account to log onto any computer within a domain in which they are authorized?
shared central user account database
tasklist /svc
shows a list of services within each process
Resource Monitor
shows an enhanced version of the sort of snapshot monitoring provided by task manager
net user dmartin
shows the properties of the dmartin account
Obtaining a logical token or software token can allow attackers to perform a _____ attack.
spoofing
*RISK*
the LIKELIHOOD and IMPACT (or consequence) of a threat actor exercising a vulnerability
*THREAT*
the POTENTIAL for a threat agent/actor to "exercise" a vulnerability (security breach)
*IMPERSONATION*
the attacker pretends to be someone else
confidential
the information is highly sensative, for viewing only by approved persons within the organization
802.1x
the standard that defines a Port-based Network Access Control mechanism
network mapping
tools used to gather information about the way a network is built and configured
*CYBER WARFARE*
the use of IT services and devices to disrupt national, state, or organization activities, especially when used for military purposes
bootrec /fixboot
to attempt repair of the boot sector
You've updated a new device driver and your computer stops running properly. What is the quickest way to tell your computer to dump the new driver and use the old one?
use Last Known Good Configuration
xcopy
utility that allows you to copy the contents of more than one directory at a time and retain the directory structure
In order to join a Windows Domain you must follow these steps: 1. to connect to a domain network you must be using a ____ connection
wired
Joining a domain
• Cannot be a Windows Home edition • Needs to be Pro or better • managed in Control Panel / System • Need proper rights to add the computer to the domain
Upgrading from Windows 7
• Keeps Windows settings, personal files, and applications • Must upgrade to a similar Edition
DiskPart command
• Manage disk configurations • "diskpart" - start the DiskPart command interpreter at the cmd prompt
Another PHISHING attack technique includes spawning a _____ when a user visits a genuine site in an attempt to get the user to enter their credentials into it.
"pop-up" window
Bash shell script comment
#
PowerShell Script comment
#
python comment
#
ch modes (Linux Command)
# Permission r w x 7 Read, Write, Execute r w x 6 Read, Write r w 5 Read, Execute r - x 4 Read only r - - 3 Write, Execute - w x 2 Write only - w - 1 Execute only - - x 0 none - - -
Example of a script (Scripting)
#!/bin/sh // Add the first input string INPUT_STRING=hello // Keep looping if the string isn't equal to bye while [ "$INPUT_STRING" != "bye" ] do echo "Please type something in (bye to quit)" read INPUT_STRING echo "You typed: $INPUT_STRING" done
windows batch file escape character
%%
VBScript comment
'
Which of the following is a file system designed for optical media?
(CDFS) Compact Disc File System
A type of proprietary file system used in Apple OSs is known as:
(HFS) Heirarchical File System
shutdown 17:30
shutdown at 5:30
shutdown /r
shuts down and restarts a pc from the cmd prompt
shutdown -t 30
shuts the computer down in 30 seconds
*FINGERPRINTING*
similar to Footprinting, but the attacker is trying to learn the configuration of a particular host instead of the entire network
*PORT SCANNING*
software that lists TCP/UDP ports on a target system that accepting connections
mm
specifies minutes past the hour in cron(0-59)
hh
specifies the hour in cron(0-23)
It has been determined by IT personnel that several computers at XYZ company have been infected with malware that has sent personal and network information to a remote location outside the company. What is this type of malware called?
spyware
*SHOULDER SURFING*
stealing secure information including a PIN or password by watching an individual type it
kill
stops a process using its Process ID
A command to run a single command with root privileges in Linux is _____.
sudo
The system preparation tool command line prompt that will allow you to remove any unique information from your Windows installation
sysprep /generalize
Which of the answers listed below refers to the correct syntax for a Windows Command Prompt taskkill command that would allow to close notepad.exe by providing its imagename?
taskkill /im notepad.exe
Provided that the process ID of notepad.exe obtained with the tasklist command is 1230, which of the following answers lists the correct syntax for a Windows Command Prompt taskkill command that would allow to close this application?
taskkill /pid 1230
Which of the following command-line commands in Windows displays a list of currently running processes on a local or remote host?
tasklist
image
template containing the OS and required software
taskkill /f /pid processid
terminates process without any user notification
Windows + Ctrl + Shift + B
tests whether or not a system is responsive
multiboot
the capability for choosing between two or more operating systems to boot from when a computer is turned on. A separate partition is required for each operating system.
*DICTIONARY ATTACK*
the use of a password cracker to match the hash of those found in ordinary dictionary words (such as user or company names, pets names, or other data that people naively use as passwords)
*BRUTE FORCE ATTACK*
the use of password cracking software that tries to match the hash against one of every possible combination it could be
taskkill
to terminate a tasks by process id (PID) or image name from the cmd prompt
bootsect
tool to copy code to make the parition bootable
diskpart
tool to setup partitions on a hard drive. Sets up active partition
WIndows Memory Diagnostic
tool to test the memory chips for errors
*NETWORK MAPPING*
tools used to gather info about the way a network is build and configured, including the current status of hosts
*ZOMBIES*
unauthorized software that directs the devices to launch a DDoS attack
Logical controls
user authentication login, firewalls, anti-virus software
The dangers of using a recovery disc tool is:
user data loss
ugo
user group others
linux user commands
useradd, usermod, userdel
printenv or env command
view and change environment variables
classified
viewing is restricted to the owner organization or to third parties under a Non-disclosure Agreement
VMM
virtual memmory monitor - manages the memmory mappings and assignments
shutdown /s /t nn
waits seconds before shutting down pc from the cmd prompt
A server that operates on port 80 and/or 443 is a _____ server.
web
A *specific* example of a REPLAY ATTACK might be...
when a user is on a website that requires authentication and closes the window without clicking "log off" before hand and an attacker quickly reopens that session and gains access.
*TAILGATING*
when an unauthorized individual enters a secure area by following closely behind an individual who is allowed to open the door or enter the checkpoint
What is a Microsoft peer-to-peer networking model that groups together computers with shared access and resources called?
workgroup
In order for users to access network resources in a server a network administrator must first grant ____ ____ on the mapped drive.
write/delete permissions
xcopy command
• Copies files and directory trees • xcopy /s Documents m:\backups -- Copies directories and subdirectories except empty ones in the documents folders to drive "M:\backups" folder
WPA (Wi-Fi Protected Access)
• Created in 2002: WPA was the replacement for serious cryptographic weaknesses in WEP (Wired Equivalent Privacy) • Don't use WEP on any wireless networks -WPA was a short-term bridge between itself and whatever would be the successor • This encryption could run on existing hardware and provide a level of security above the capabilities of WEP • WPA: RC4 with TKIP (Temporal Key Integrity Protocol) • Contained a larger Initialization Vector (IV) than WEP and added an encrypted hash • Every packet would get a unique 128-bit encryption key for security
Upgrading from Windows 8.1
• Keeps Windows settings, personal files, and applications • Must upgrade to a similar Edition • You cannot upgrade directly from Windows 8 to Windows 10
MBR partition style
• MBR (Master Boot Record) • The old standby, with all of the old limitations -Primary partition • Bootable partitions • Maximum of four primary partitions per hard disk • One of the primary partitions can be marked as Active -Extended partition • Used for extending the maximum number of partitions • One extended partition per hard disk (optional) • Contains additional logical partitions • Logical partitions inside an extended partition are not bootable
dism (Deployment Image Servicing and Management tool)
• Manages Windows Imaging Format (WIM) files -You can make changes to your image with DISM • Get information about an image • Update applications • Manage drivers • Manage updates • Mount an image -All command-line based • Many different options • Easy to automate
Workgroups
• Non-centralized • Small departments • Each computer maintains its own user information • Managed in Control Panel / System
Programs and Features Applet
• Shows Installed applications • Can Uninstall applications, view size and version -Can also enable/dislable Windows features that were/were not installed by default
ping
• Test reachability of a device • Can determine round-trip time • Uses Internet Control Message Protocol (ICMP) -One of your primary troubleshooting tools • Can you reach the host? -Written by Mike Muuss in 1983 • Named similar to the sound made by sonar • Not an acronym for Packet INternet Groper
ping
• Test reachability of a device • Determine round-trip time • Uses Internet Control Message Protocol (ICMP) -One of your primary troubleshooting tools • Can you ping the host? -Written by Mike Muuss in 1983 • Named similar to the sound made by sonar • Not an acronym for Packet INternet Groper
Preventing static discharge (Managing Electrostatic Discharge)
-An Anti-static strap • This connects your wrist to a metal part of the computer -An Anti-static pad • A workspace for the computer -An Anti-static mat • A grounded mat for standing or sitting -An Anti-static bag • Allows you to safely move or ship components
Windows Firewall configuration
-Can block all incoming connections • Ignores your exception list • Useful when you security is needed -Modify notification - App blocking
Proxy settings
-Changes the traffic flow • An Internet go-between -Located in Control Panel > Internet Properties • Can define addresses and exceptions • Proxies won't work for everything
2. Quarantine infected systems (Removing Malware)
-Disconnect from the network • Keep it contained -Isolate/remove all removable media • Everything should be contained -Prevent the spread • Don't transfer files, don't try to backup • That ship has sailed
Unintended Bluetooth pairing (Troubleshooting Mobile Device Security)
-Do not connect with a device that isn't yours • This isn't a good idea -Remove the Bluetooth device • You will need to re-pair to access again -Disable Bluetooth radio to prevent any data is being sent • No Bluetooth communication at all -Run an anti-malware scan if possible • Make sure there are no malicious apps
Incident response: Documentation (Privacy, Licensing, and Policies)
-Documentation must be available • No questions -Gather as much information as possible • Written notes • Taking pictures • Screenshots -Documentation always changes • Constant updating • Have a process in place • Use the wiki model
Windows post-installation
-Does it work? • If it doesn't boot, there are bigger problems • Some testing is useful for unknown hardware configurations -Additional installations • Service packs • Security patches • Security applications • Driver updates • Application updates
Standard OS features
-File management • You can Add, Delete, Rename files -Application support • Memory management, swap file management -Input and Output support • Printers, keyboards, hard drives, USB drives -Operating system configuration and management tools
Network-based firewalls (Logical Security)
-Filters traffic by port number • HTTP is 80, SSH is 22 • Next-generation firewalls can identify the application -Can encrypt traffic into/out of the network • Protect your traffic between sites using a VPN tunnel -Can proxy traffic • A common security technique -Most firewalls can be configured as layer 3 devices (routers) • Usually sits on the ingress/egress of the network
Format command
-Formats a disk for use with Windows • format c: • BE CAREFUL - YOU CAN LOSE DATA
Google Android history
-Google Android • Open Handset Alliance • Open-source OS, based on Linux • Supported on many different manufacturer's devices -Android Apps • Apps are developed on Windows, Mac OS X, and Linux with the Android SDK • Apps available from Google Play • Apps also available from third-party sites (i.e., Amazon Appstore)
Chrome OS history
-Google's operating system • Based on the Linux kernel -Centers around Chrome web browser • Most apps are web-based -Many different manufacturers - Relatively less expensive -Relies on the cloud - connect to the Internet
Chrome OS history
-Google's operating system • Based on the Linux kernel -Centers around Chrome web browser • Most apps are web-based -Many different manufacturers - Relatively less expensive -Relies on the cloud - requires connectivity to the Internet
Managing Group Policy
-Group Policy • Manage computers in an Active Directory Domain • Group Policy is usually updated at login -gpupdate • Forces a Group Policy update • gpupdate /target:{computer|user} /force • gpupdate /target:professor /force -gpresult • Verify policy settings for a computer or user • gpresult /r -- generic command • gpresult /user sgc/professor /v -- a more specific comand for gpresult
PHI - Protected Health Information (Privacy, Licensing, and Policies)
-Health information associated with an individual • Personal records showing health status, health care records, payments for health care, and much more -Data between healthcare providers must maintain similar security requirements -HIPAA regulations • Health Insurance Portability and Accountability Act of 1996
Screen sharing (Mac OS Tools)
-Integrated into the operating system • Can also be viewed with VNC (Virtual Network Computing) -Available devices appear in the Finder • Or access by IP address or name
Disable startup services / apps (Troubleshooting Solutions)
-It's difficult to tell what application might be a problem child • Since much of the underlying OS operations are hidden from view -Trial and error method • Disable all startup apps and services • Or disable one at a time • This might take quite a few restarts -Manage startup processes in Windows 7, 8 or 10 • Located in Task Manager or in Control Panel > Administrative Tools > Services
Backup testing (Disaster Recovery)
-It's not enough to perform the backup • You have to be able to restore -Disaster recovery testing • Simulate a disaster situation • Restore from a backup -Confirm the restoration • Test the restored application and data by the end-users to make sure the everything is working as expected -Perform periodic audits • To make sure the backups are working properly and the data is stored as expected.
Other considerations
-Load alternate third party drivers when necessary • Disk controller drivers, etc. -Workgroup vs. Domain setup • Home vs. business -Time/date/region/language settings • Where are you? -Driver installation, software and windows updates • Load video drivers, install apps, update the OS -Factory recovery partition • This can help you later
Slow system performance (Troubleshooting Windows)
-Look in Task Manager • Check for high CPU utilization and I/O • Check Processes Tab for memory usage • Check Performance Tab for spikes -If you think issues may be related to applications and software • Run Windows Updates • To get the latest patches and drivers • To update software and applications -Check Disk space • Check for available hard drive space and defrag (if needed) -Laptops may be using power-saving mode • This throttles the CPU which can cause slowness -Perform Anti-virus and anti-malware • Scan for possible bad guys
nslookup
-Lookup information from DNS servers • Canonical names, IP addresses, cache timers, etc. -Lookup names and IP addresses • Many different options
Disk formatting
-Low-level formatting • Done at the factory • Not performed by the user -Standard formatting / Quick format • Sets up the file system, installs a boot sector • Clears the master file table but not the data • Can be recovered with the right software -Standard formatting / Regular format • Overwrites every sector with zeros • Available in Windows Vista and later • Can't recover the data
Spyware
-Malware that spies on you • Presents you with advertising • Waits for you to log into a bank account (identity theft) • Captures credit card numbers (affiliate fraud) -Can trick you into installing • Peer to peer software, fake security software -Browser monitoring • Captures surfing habits -Keyloggers • Captures every keystroke (such as username and password) and sends it back to the mothership/creator
Disk Management
-Manages disk or volumes in windows • Individual computers and file servers -Computer Management is located in Control Panel under Administrative Tools then Storage and Disk Management -WARNING- Data can be erased and unrecoverable
Disk Utility (Mac OS Tools)
-Manages disks and images • Used to resolve issues -File system utilities • Verify and repair file systems • Modify partition details • Erase disks -Can Manage RAID arrays • Restore a disk image to a volume -Create, convert, and restore images • Manage the image structure
Zero-day vulnerabilities
-March 2017 • CVE-2017-0199 - Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API • The vulnerability would take effect by a user opening a Microsoft Office or WordPad file • SophosLabs documented these attacks since November 2016 (patch was released March 2017) -May 2019 • CVE-2019-0863 - Windows Error Reporting Service • Elevation of privilege vulnerability • Windows Error Reporting interacting with files allowed a standard user with administrator rights and permissions • Access was elevated on compromised systems • Regular accounts were able to run with admin access • Vulnerability has been around for at least 10 yrs. (discovered in the wild) • Considered a Zero-Day Attack
Backups (Linux tools)
-May be built-in to the Linux distribution • Check with the documentation to see which options are available -Graphical interface • Can backup and restore • Can schedule a backup -Command-line options - rsync • A common utility used to sync files between devices -There are many different options • That's the beauty (and challenge) of Linux
Component Services
-Microsoft COM+ • Component Object Model -Distributed applications • Designed for the enterprise -Manage COM+ apps • Device COM+ Management • Event Viewer • Services -Located in Control Panel under Administrative Tools
mmc.exe
-Microsoft Management Console • Can build your own management framework • Choose from list of available "snap-ins" -Framework used for many built-in management tools - Located under C:\Windows\System32 • Can also open through the cmd line or Run cmd
Surge suppressor (Disaster Recovery)
-Not all power is "clean" from the main power • Self-inflicted power spikes and noise • Storms, power grid changes -Diverts spikes to the ground -Contains noise filters to remove line noise • Decibel (Db) levels at a specified frequency • Higher Db is better
Sound Applet
-Output options • Multiple sound devices may be available -Set input/output levels for speakers and microphone
Network locations in Windows 8/8.1/10
-Private • Sharing and connect to devices -Public • No sharing or connectivity -Network and Internet Status • can change connection properties
Windows 10 history
-Released on July 29, 2015 • Windows 9 was skipped -A single platform that works on desktops, laptops, tablets, phones, all-in-one devices -Upgrades were free for the first year • From Windows 7 and Windows 8.1 -Microsoft calls Windows 10 a "service" • Periodic updates to the OS • Instead of completely new versions
Screen locks (Mobile Devices)
-Restrict access to the device •By Fingerprint through the built-in fingerprint reader •With Face Unlock through Face recognition •A swipe by choosing a pattern •With a passcode by choosing a PIN or adding complexity -After many failed attempts: • iOS will erase everything after 10 failed attempts • Android will lock the device and require a Google login
Least privilege (Logical Security)
-Rights and permissions should be set to the bare minimum • You only get exactly what's needed to complete your objective -All user accounts must be limited • Applications should run with minimal privileges -Don't allow users to run with administrative privileges • Limit the scope of malicious behavior
Botnets
-Robot networks • Skynet is self-aware -Once your machine is infected, it becomes a bot • You may not even know -How does it get on your computer? • Trojan Horse (I just saw a funny video of you! Click here.) or you run a program or click an ad you THOUGHT was legit, but... • OS or application vulnerability -A day in the life of a bot • Sits around. Checks in with the mothership. Waits for instructions from a 3rd party
Virus alerts and hoaxes (Troubleshooting Security Issues)
-Rogue antivirus • May include recognizable logos and language -They may require money to "unlock" your PC • Or to "subscribe" to their service -Often requires a specific anti-malware removal utility or technique • Very difficult to remove once the virus is embedded into the system
Windows 7 Professional
-Same features as Home Premium -Can connect to a Windows Domain -Supports Remote Desktop Host and EFS -Missing enterprise technologies - no BitLocker is supported -Available as a x64 version and supports 192 GB of RAM
Windows 10 processor requirements
-Same requirements as Windows 8/8.1 -PAE (Physical Address Extension) • 32-bit processors can use more than 4 GB of physical memory -NX (NX Processor Bit) • Protects against malicious software -SSE2 (Streaming SIMD Extensions 2) • A standard processor instruction set • Used by third-party applications and drivers
Task Scheduler
-Schedules an application or batch file to run • Plan ahead -Includes predefined schedules - Click and go -Organized - Managed through folders -Located in Control Panel under Administrative Tools
Screen sharing (Linux tools)
-Screen access to remote devices • Manage from your desk -Many options available - Like most of Linux -May be included with your distribution • Such as UltraVNC or Remmina
JavaScript (Scripting)
-Scripting inside of your browser • Contains a ".js" file extension -Adds interactivity to HTML and CSS • Used on almost every web site -JavaScript is not Java • Different developers and origins • Very different use and implementation
Shell script (Scripting)
-Scripting the Unix/Linux shell • Automate and extend the command line -Starts with a shebang or a hash-bang #! • Often has a ".sh" file extension
Guards and access lists (Physical Security)
-Security guard • Physical protection • Validates identification of existing employees • Provides guest access -ID badge • Picture, name, other details • Must be worn at all times -Access list • Physical list of names • Enforced by security guard
Network and Sharing Center Applet
-Shows all network adapters • Wired, wireless, etc. -All network configs • Shows the HomeGroup option (n/a in Windows 10) • Can change Adapter settings • Can change network addressing
shutdown (Linux Command)
-Shuts the system down • Safely turn off the computer in software • Similar to the Windows shutdown command -sudo shutdown 2 • Shuts down and turns off the computer in two minutes -sudo shutdown -r 2 • Shuts down and reboots in two minutes • Important when you're not on site • "Ctrl-C" or "shutdown -c" to cancel shutdown process
Printer shares
-Similar to sharing a folder • But it's a printer instead • Can be shared through the "Sharing" tab under the printers properties -Can add a printer through Windows Explorer through "Devices and Printers"
SOHO firewalls (Securing SOHO Network)
-Small office / home office appliances • Generally has reduced throughput requirements -Usually includes multiple functions • Wireless access point, router, firewall, content filter -May not provide advanced capabilities • Dynamic routing • Remote support -Always install the latest software • Update and upgrade the firmware for the firewalls, routers, switches, etc.
Windows 7 Enterprise
-Sold only with volume licenses • Designed for very large organizations -Multilingual User Interface packages -Supports full disk encryption with bitlocker drive encryption -Supports DVD playback, Aero, ICS, Windows Domain, EFS, etc...
su / sudo (Linux Command)
-Some command require elevated rights • There are some things normal users can't do -su command • Become super user (similar to administrator account in windows) • Or change to a different user • By not entering a user after the "su" command, it assumes that you want to be in the shell as the root user • You continue to be that user until you exit -sudo command • Execute a single command as the super user • Or as a different user ID • Only that command executes as the super user • Once command is done executing, it returns to the normal user
4c. Remediate: Scan and remove (Removing Malware)
-Some malware may prevent you from booting up into the normal desktop -Boot into Safe mode • Load the bare minimum operating system • Just enough to get the OS running • Can also prevent the bad stuff from running -Another option is Pre-installation environment (WinPE) • Recovery Console, bootable CD/DVDs/USBs • Build your own from the Windows Assessment and Deployment Kit (ADK) -Removing the malware infection may require the repair of boot records and sectors within WinPE
Bluescreens and spontaneous shutdowns (Troubleshooting Windows)
-Startup and shutdown BSOD • Possible bad hardware, bad drivers, or bad application -If problem is related to a recent change •You can use Last Known Good, System Restore, or Rollback Driver • Try Safe mode -Re-seat or remove any hardware changes or if the pc was recently moved • May be a possible loose connections -If issue may be related to hardware • Run hardware diagnostics • Provided by the manufacturer • BIOS may have hardware diagnostics
What is electrostatic discharge? (Managing Electrostatic Discharge)
-Static electricity • Its electricity that doesn't move -Static electricity isn't harmful to computers • It's the discharge that gets them -ESD can be very damaging to computer components • Silicon is very sensitive to high voltages -If you've ever felt static discharge when touching a doorknob is around ~3,500 volts • Damage to an electronic component is only 100 volts or less
System Applet
-System properties • Provides Computer information • Including version and edition -Remote settings can be turned on or off for Remote Assistance and Remote Desktop -System protection • Can enable/disable System Restore • Select drives to allocate additional space for system restore -Performance settings located under Advance System Settings can be set for: • Configuring Virtual Memory • Configuring Visual Effects • Configuring Data Execution Prevention (DEP)
Don't minimize problems (Professionalism)
-Technical issues can be traumatic • Often when money and/or jobs on the line -Even the smallest problems can seem huge • Especially when things aren't working -Be part technician, part counselor • Computers don't have problems • People have problems
TACACS
-Terminal Access Controller Access-Control System • Remote authentication protocol • Created to control access to dial-up lines to ARPANET -TACACS+ • The latest version of TACACS • More authentication requests and response codes • Released as an open standard in 1993
Device Manager Applet
-The OS doesn't know how to talk directly to most hardware • You need drivers -Manage devices • Add, remove, disable -This is the first place to go when hardware isn't working • Instant feedback
Windows 10 Pro
-The business version of Windows • Contains additional management features -Remote Desktop host • Remote control each computer -Supports: • Hyper-V • Bitlocker (Full Disk Encryption (FDE)) • Can join a Windows domain (Can be managed by group policy) -Does not support: • AppLocker • BranchCache -Max x86 RAM 4 GB -Max x64 RAM 2048 GB (2 TB)
Finder (Mac OS Features)
-The central OS file manager • Compare with Windows Explorer -File management • Launch, delete, rename, etc. -Integrated access to other devices • File servers • Remote storage • Screen sharing
Windows 7 Home Premium
-The consumer edition • DVD playback, • Windows Aero • Internet Connection Sharing • IIS Web Server -No enterprise technologies • No domain connection, BitLocker, EFS, etc. -Available as a x64 version and supports 16 GB of RAM and 2 processors
Disk partitioning
-The first step when preparing disks • May already be partitioned • Existing partitions may not always be compatible with your new operating system -An MBR-style hard disk can have up to four partitions -GUID partition tables support up to 128 partitions • Requires UEFI BIOS or BIOS-compatibility mode • BIOS-compatibility mode disables UEFI SecureBoot • You'll probably have one partition -BE CAREFUL! • Serious potential for data loss • This is not an everyday occurrence
Brute Force attack
-The password is the key • Secret phrase • Stored hash -Brute force attacks - Online method • Keep trying the login process • Very slow process • Most accounts will lockout after a number of failed attempts • Not very successful -Brute force the hash - Offline method • Obtain the list of users and hashes • Calculate a password hash, compare it to a stored hash • Requires large computational resource requirement
Windows 8/8.1 Pro
-The professional version • Similar to Windows 7 Professional / Ultimate -Full support for BitLocker and EFS • Full-disk and file-level encryption -Can join a Windows Domain • Support for IT management • Group Policy support • Centralized management of Windows devices -Does not support AppLocker or Branchcache -Available in 32-bit (Max 4 GB RAM) and 64-bit (Max 512 GB RAM)
Windows 8/8.1 Pro
-The professional version • Similar to Windows 7 Professional / Ultimate -Full support for BitLocker and EFS • Full-disk and file-level encryption -Can join a Windows Domain • Support for IT management • Group Policy support • Centralized management of Windows devices -Does not support AppLocker or Branchcache -x86 version supports 4gb RAM -x64 version supports 512gb RAM
Security considerations
-There's a reason we are careful when installing applications • Applications have the same rights and permissions as the user • An unknown application can cause significant issues -Impact to device with unknown application • Application upgrade stops working • Slowdowns • Deleted files -Impact to network with unknown application • Access to internal services • Rights and permissions to file shares
Impersonation
-They pretend to be someone they are not • Halloween for the fraudsters -They use details that can be obtained from the dumpster • They can say "You can trust me, I'm with your help desk" -They attack the victim as someone with a higher rank than them • Such as "Office of the Vice President for Scamming" -They throw tons of technical details around • Such as "Catastrophic feedback due to the depolarization of the differential magnetometer" -They try to act like your buddy • How about those Cubs?
Unauthorized camera / microphone use (Troubleshooting Mobile Device Security)
-Third-party apps can capture intimate information • Ethical and legal issues -If any suspicion an app is capturing this info, run an anti-malware scan • Try to identify the source of the breach -Confirm that loaded apps are legitimate • Check with a third-party scanner -Factory reset will allow you to remove malicious software • Completely reset and start from the beginning
Dumpster diving
-This is mobile garbage bin • United States term is "Dumpster" • Similar to a rubbish skip -Important information can be thrown out with the trash -Details that are gathered can be used for different attacks • Can be used to Impersonate names or use phone numbers -Timing is important • Just after end of month or end of quarter • Based on a pickup schedule
Account lockout and disablement (Documentation Best Practices)
-Too many bad passwords will cause a lockout • This should be normal for most users • This can cause big issues for service accounts (you do not want this) -Disable accounts for users who leave the organization • Part of the normal change process • You don't want to delete accounts • At least not initially
UPS (Environmental Impacts)
-Uninterruptible Power Supply • Provides backup power • Protects against blackouts, brownouts, surges -UPS types • Standby UPS (switches to battery when power is out) • Line-interactive UPS (provides battery power when power dips below required levels) • On-line UPS (Always on, no switching between power and batteries) -Also contain additional features • Auto shutdown, battery capacity, outlets, phone line suppression
Email filtering (Logical Security)
-Unsolicited email • Stop it at the gateway before it reaches the user • Can be On-site or cloud-based -Scan and block malicious software • can identify executables or known vulnerabilities • Phishing attempts • Other unwanted content
Upgrading to Windows 10
-Upgrade from the Windows 10 installation media • Downloadable versions are available from Microsoft • Includes a media creation tool -You cannot upgrade x86 to x64 OR x64 to x86 • Applies to all Windows versions • You'll have to migrate instead
Why upgrade?
-Upgrade vs. Install • Upgrade - Keep files in place • Install - Start over completely fresh -Upgrading allows you to maintain consistency • Upgrades save hours of time • Can keep customized configurations and multiple local user accounts on the PC • Avoids application reinstallations • Keeps user data intact • Get up and running quickly • Seamless and fast • Run from the DVD-ROM or USB flash
Closing Programs (Linux)
-Use terminal • sudo for proper permissions -killall • e.g. "sudo killall firefox" ends all firefox instances -xkill • Graphical kill -"kill <pid>" ends that specific instance by process id if you are working at the command line
Trojan horse
-Used by the Greeks to capture Troy from the Trojans • A digital wooden horse -Software that pretends to be something else • So it can conquer your computer • Doesn't really care much about replicating -Circumvents your existing security • The end-user is the one who installs the software • Anti-virus may catch it when it runs • The better trojans are built to avoid and disable the anti-virus -Once it's inside it has free reign • And it may open the gates for other programs
grep (Linux Command)
-Used to find text in a file • Search through one or many files at a time -grep PATTERN [FILE] • "> grep failed auth.log" command would match all the lines for the word "failed" within the file "auth.log" • command is case sensitive
Power level controls (Securing SOHO Network)
-Usually a wireless configuration • Set it as low as you can -How low is low? • This might require some additional study -Consider the receiver • High-gain antennas can hear a lot • Location, location, location
Microsoft Visual Basic Scripting Edition (Scripting)
-VBScript • Contains ".vbs" file extension -General purpose scripting in Windows • Can manage back-end web server scripting • Can run scripts on the Windows desktop • Most common types of scripting are found inside of Microsoft Office applications
Third-party tools (Remote Access Technologies)
-VNC (Virtual Network Computing) • Uses the Remote Frame Buffer (RFB) protocol • Clients for many operating systems • Many are open source -Commercial solutions available • Such as TeamViewer, LogMeIn, etc. -Allows for screen sharing • Controls the desktop • Can file share • Or transfer files between devices
Scheduled disk maintenance (Linux)
-Very little disk maintenance required • As long as there is space and resources -can perform file system check • File systems can't be mounted • Done automatically every X number of reboots • If system does not reboot often, force after reboot by adding a file to the root : sudo touch /forcefsck -Clean up log space commonly kept in /var/log
Windows 10 Education and Enterprise
-Very similar features in both • Minor features differences • Both are managed by using Windows Volume licensing -Granular User Experience (UX) control • an administrator can define the user environment • Useful for kiosk and workstation customization -Supports: • Hyper-V • Bitlocker • Can join a domain • AppLocker (an administrator can control what applications can run) • BranchCache (remote site file caching) -Max x86 RAM 4 GB -Max x64 RAM 2048 GB (2 TB)
Windows Media Center
-Video, music, and television portal • Perfect for watching at home • Can record shows from a TV tuner • Can Play music and watch DVDs -The center of your home entertainment center • Cable companies and other technologies were strong competition -Discontinued by Microsoft • Not officially available in Windows 10
Media Center
-Video, music, and television portal • Perfect for watching at home • Record shows from a TV tuner • Play music • Watch DVDs -The center of your home entertainment center • Cable companies and other technologies were strong competition -Discontinued by Microsoft • Not officially available in Windows 10
Plan for change (Change Management)
-What does it take to make the change? • Provide detailed information • Describes the technical process to other technical people -Others can help identify unforeseen risk • Gives a complete picture -Scheduling the change • Time of day, day of week • Also includes completion timeframes
Acceptable use policies (AUP) (Documentation Best Practices)
-What is acceptable use of company assets? • Detailed documentation such as employee handbook • May also be documented in the employee "Rules of Behavior" -This covers many topics such as: • Company Internet usage • How telephones, computers, mobile devices, etc. are used. -Used by an organization to limit legal liability • If someone is dismissed, these are the well-documented reasons why
Performance Tab
-What's happening? • Can view CPU, memory, etc. -Statistical views • Historical, real-time -Newer versions include CPU, memory, disk, Bluetooth, and network in the Performance tab
Ransomware
-Where the bad guys want your money • They'll take (lock) your computer in the meantime -May be a fake ransom such as: • your computer is locked "by the police" -The ransom may be avoided by a security professional who may be able to remove these kinds of malware
Starting the console
-Windows 7 - System Recovery Options / Command Prompt • need to boot from the installation media • Or select from F8 Advanced Boot Menu -Windows 8/8.1/10 • Troubleshoot / Advanced Options / Command Prompt • need to boot from the installation media
Windows 8 and 8.1 history
-Windows 8 • Available October 26, 2012 • New user interface - no traditional "Start" button -Windows 8.1 • Released October 17, 2013 • A free update to Windows 8 - not an upgrade -Mainstream support ended January 9, 2018 • Extended support ends January 10, 2023
Explorer
-Windows Explorer / File Explorer (Windows 10) • File management -View, copy, launch files from File Explorer • Granular control -Easy access to network resources • Browse and view
Organizing network devices
-Windows HomeGroup • Can share files, photos, video, etc. between all devices • Works on a single private network only -Windows Workgroups • Logical groups of network devices • Each device is a standalone system, everyone is a peer • Single subnet -Windows Domain • Business network • Centralized authentication and device access • Supports thousands of devices across many networks
msinfo32.exe
-Windows System Information • A wealth of knowledge -Shows information on Hardware Resources • Memory, DMA, IRQs, conflicts -Shows information on Components • Multimedia, display, input, network -Shows information on the Software Environment • Drivers, print jobs, running tasks - Located under C:\Windows\System32 • Can also open through the cmd line or Run cmd
Reimage or reload OS (Troubleshooting Solutions)
-Windows is big • And complex -You can spend time trying to find the needle • Or simply build a new haystack -Many organizations have pre-built images • Where you don't have to waste time researching issues • Much faster to re-image than trying to find the root cause of an issue • Windows 8/8.1 and 10 includes a reset option if no pre-built images are available (home computers) • Located at Settings > Update & Security > Recovery
net command
-Windows network commands -Views network resources • net view \\<servername> • net view /workgroup:<workgroupname> -Map a network share to a drive letter • net use h: \\<servername>\<sharename> -View user account information and reset passwords • net user <username> • net user <username> * /domain
Active Directory
-Windows networks can be centrally managed • Active Directory Domain Services (AD DS) -Can create and delete accounts • Add users to the domain • Remove user accounts -Can reset passwords and unlock accounts -Can disable accounts • Off-boarding or security processes
MSDS info (Environmental Impacts)
-You'll get the product name and company information -Will help you understand the composition / ingredients inside of the product -Provides a breakdown of the hazard information if it comes in contact with a human -First aid measures -Fire-fighting measures -Provides information if accidental release / leaking occurs with the product -Provides information on handling and Storage -And much more
Enabling and disabling Windows Firewall
-Your firewall should always be enabled • Sometimes you need to troubleshoot -Can be temporarily disabled from the main screen • Turn Windows Firewall on or off • Requires elevated permissions -Different settings for each network type • Can customize Public / Private profile
Keyloggers
-Your keystrokes contain valuable information • Web site login URLs, passwords, email messages -Saves all of your input • Sends it to the bad guys -Circumvents encryption protections • Your keystrokes are in the clear -Other data logging • Clipboard logging, screen logging, instant messaging, search engine queries
Which netstat parameter allows to display all connections and listening ports?
-a
The Windows command line
-cmd • The "other" Windows • Can start utilities from the cmd line • Many options available under the hood • Faster to do tasks on the cmd line compared to GUI
Other file systems
-ext3 • Third extended file system • Commonly used by the Linux OS -ext4 • Fourth extended file system • An update to ext3 • Commonly seen in Linux and Android OS -NFS • Network File System • Access files across the network as if they were local • NFS clients is available across many operating systems -HFS+ / HFS Plus • Hierarchical File System • Also called Mac OS Extended • Replaced by Apple File System (AFPS) in Mac OS High Sierra (10.13) -Swap partition • Memory management • Frees memory by moving unused pages onto disk • Copies back to RAM when needed • Usually a fast drive or SSD
iwconfig / ifconfig (Linux Command)
-iwconfig • Views or changes wireless network configuration • Shows essid, frequency/channel, mode, rate, etc. • Requires some knowledge of the wireless network • "iwconfig eth0 essid studio-wireless" is an example on how to change the SSID of the WiFi adapter -ifconfig • Shows or configures a network interface and IP configuration, Subnet masking, etc. • "ifconfig eth0" is the command to show network information -Slowly being replaced by ip (ip address)
cd (Linux Command)
-used to change current directory • Nearly identical to Windows command line • Uses forward slashes instead of backward -cd <directory> • To change directories to the "/var/log" directory, you enter "> cd /var/log" at the cmd prompt
7-zip compressed file
.7z
DISM reads the contents a drive and writes the output to what type of file format?
.WIM (Windows Image File)
android package file
.apk
ARJ compressed file
.arj
batch file
.bat
Binary disc image
.bin
binary file
.bin
Executable file
.exe
windows font file
.fnt
generic font file
.fon
Windows Gadget
.gadget
python file
.py
RAR file
.rar
Linux/Unix tarball file archive
.tar
Tarball compressed file
.tar.gz
TIFF image two of them
.tif, .tiff
TrueType font file
.ttf
Virtual CD
.vcd
JavaScript comment
//
What ipconfig command parameter is used for displaying the full TCP/IP configuration information for all adapters?
/all
Which of the answers listed below refers to an ipconfig command parameter used for displaying the full TCP/IP configuration information for all adapters?
/all
HOSTS file location in Linux
/etc/hosts
Which shutdown command switch in Microsoft Windows Command Prompt forces full system shutdown and restart of a Windows host?
/r
Which sfc switch enables a type of file check that scans integrity of all protected system files and repairs corrupted files when possible?
/scannow
In general terms the least amount of memory needed for a installation of Linux
16mb
What is the maximum amount of RAM supported by 64-bit Microsoft Windows 7 Ultimate Edition?
192 GB
What is the maximum limitation of RAM for Windows 10 Education 64-bit?
2TB
What is the maximum limitation of RAM for Windows 10 Pro 64-bit?
2TB
How many partitions can be supported on a BIOS-based Windows 7?
3 primary partitions and 1 extended
September feature updates for Enterprise and Education editions are given how many months until they are retired?
30
Since May 2019 the minimum hard disk space required by Windows 10 increased to how many GBs?
32 GB
A basic disk can have up to how many partitions?
4
security group
A collection of user accounts that can be assigned permissionsin the same way as a single user object
environment variable
A storage location in the environment of the operating systems command shell.
net localgroup Administrators dmartin /add
Add dmartin to the Administrators local group
net user dmartin Pa$$w0rd /add /fullname: "David Martin" /Logonpasswordchg:yes
Adds a new user account and forces user to change password at first logon (have to enter these commands in administrative command prompt)
Under what tab can you find the Computer Management tool set for your computer?
Administrative Tools
Newer OSs should be installed ____ older OSs
After
The owner of a Android phone is unable to unlock it. Aside from a hard reset, which would erase any of the owners data, what application can you advise the owner to access through Google.com to assist them in unlocking the device?
Android Device Manager
Administrators
Can perform all management tasks and generally has very high access to all files and objects
Upgrade Windows 7 Enterprise to Windows 10
Can upgrade to: • Windows 10 Enterprise Cannot upgrade to (requires clean installation): • Windows 10 Home • Windows 10 Pro
Upgrade Windows 7 Starter to Windows 10
Can upgrade to: • Windows 10 Home • Windows 10 Pro Cannot upgrade to (requires clean installation): • Windows 10 Enterprise
Upgrade Windows 7 Professional to Windows 10
Can upgrade to: • Windows 10 Pro • Windows 10 Enterprise Cannot upgrade to (requires clean installation): • Windows 10 Home
Upgrade Windows 8.1 Professional to Windows 10
Can upgrade to: • Windows 10 Pro • Windows 10 Enterprise Cannot upgrade to (requires clean installation): • Windows 10 Home
In Windows Disk Management utility, a disk status set to Failed indicates that the basic or dynamic volume:
Cannot be started automatically / Is damaged / Contains corrupted file system.
A storage device destruction company may issue a ____________ verifying that a device was destroyed.
Certificate of destructions
What is the process name for the means of putting policies in place to reduce the risk of disruption of or to work environments when identifying, planning and performing updates to a companies Information communication technology infrastructures?
Change Management (also may be known as Configuration Management)
What MS Windows utility is designed both for system administrators and for application developers?
Component Services (dcomcnfg.exe)
Which of the following is an MS Windows utility designed both for system administrators and for application developers?
Component Services (dcomcnfg.exe)
This directory within WIndows Settings contains a detailed list of all running devices and information such as IRQ
Components
Performance Monitor
Configures detailed reports on different system statistics and log performance over time(can be accessed through administrative tools, Computer Management or perfmon.exe command line)
The Internet Properties applet tab containing an option for configuring VPN settings is called:
Connections
Which of the Windows Internet Properties system utility tabs provides access to proxy settings?
Connections
Which of the following answers describes the correct sequence of steps for accessing the magic packet settings of an Ethernet adapter in MS Windows?
Control Panel (Icon view) -> Network and Sharing Center applet -> Change adapter settings -> right-click on the device -> select Properties from the pop-up menu -> click the Configure... button -> On the Advanced tab, select the Magic Packet settings.
remote settings location
Control Panel ->System -> Advanced system settings ->System Properties->Remote Settings
Laser printer process step 4. Toner is then transferred to those areas that have been naturalized in the previous step
Developing
A system is experiencing critical system errors resulting in Stop Errors. If it is not the failure of the hardware what other common cause could this stem from?
Device Drivers
After Windows has fully installed it may be a good idea to check this application to confirm that all hardware has been recognized.
Device Manager
Drivers can be viewed, updated, and rolled back from the _____________ program.
Device Manager
If a device in Windows fails after driver update, the driver can be restored to the previously installed version in:
Device Manager
This Windows function allows you to view and edit of installed hardware. You can update drivers and change settings or resolve any known issues with devices.
Device Manager
Where can you find printer devices in Microsoft Windows Control Panel in Windows 7 and newer Windows editions?
Devices and Printer's Applet
Which of the locations listed below enable access to computer display configuration settings in Windows 7/8/8.1?
Display settings pop-up menu launched after right-clicking on the Windows Desktop screen area / Appearance and Personalization menu of the Windows Control Panel (Category view) / The Display applet icon in Windows Control Panel (Icons view)
Netstat is a command-line utility used for:
Displaying active TCP/IP connections / Displaying network protocol statistics.
ipconfig /displaydns
Displays DNS resolver cache
Reliability Monitor
Displays a log of "system reliability" events
netstat -a
Displays all connections and listening ports.
netstat -n
Displays ports and addresses in numerical format. Skipping name resolution speeds up each query
gpresult
Displays the RSoP for a computer and user account /s - specifies a host name by name or IP address /u - specifies a host name by user account /p - specifies a host name by password
apple menu items
Displays, Storage, Service
What is the term describing when multiple malware infected computers are being forced to flood a targeted victim in the attempt to overload its systems and prevent any legitimate requests from reaching it.
Distributed Denial of Service (DDoS)
DDoS Attack
Distributed denial of service attacks that overwhelm a web server and shut it down
A user must supply a single set of credentials when logging into a Windows network _____
Domain
A Windows server that has Active Directory installed and is responsible for allowing client computers access to domain resources.
Domain Controller
Malware Removal steps: Step 6
Enable System restore and create a restore point
File or folder level encryption included in many Windows Operating Systems.
Encrypting File System (EFS)
EFS
Encrypting File System. A feature within NTFS on Windows systems that supports encrypting individual files or folders for confidentiality.
Information about how software can and cannot be used is documented in what type of agreement?
End user License agreement
Change management six steps Step 5 Provide feedback on all changes to the change coordinator, whether they were successful or not. The change coordinator is responsible for examining trends in the application of changes, to see if: Change implementation planning was sufficient. Changes to certain resources are more prone to problems. When a change has been successfully made, it is crucial that the corresponding system information store be updated to reflect them.
Evaluate and report on changes implemented
You suspect a computer is having system errors and want confirm this. Using what tool allows you to see entries of events in your system?
Event viewer
Intel designed this to protect their computer products against certain buffer overflow attacks:
Execute Disable Bit
HFS Plus
Extended Hierarchical File System - the file system older macOS uses
This allows for more then four drives on a single physical disk.
Extended Partition
Virtual memory, Swap partition and what other option can be used as an Random Access Memory extension?
Extended partition
Swap partitioning, Virtual memory, and Page Filing can be used as an
Extension of RAM
After you've cleaned a USB device containing Windows 7 what type of format should the active partition be if you do not wish to use NTFS?
FAT32
Which of the following locations in Windows 8/8.1/10 allows to create a shortcut to a shared folder or computer on a network?
File Explorer -> This PC -> Computer tab -> Map Network drive.
Which of the following provides access to file/folder management settings in Windows 10?
File Explorer Options applet in Windows Control Panel
Fragmentation
Files written in non contiguous clusters reducing read performance
This is the name for something that represents the security boundary within which users, computers, groups, and other objects that share a common global catalog, directory schema, logical structure, and directory configuration are accessible.
Forest
You can set the IE homepage under the ______ tab of Internet Properties.
General
This is used in places where the risk of a hazardous shock could occur like the bathroom. It quickly disconnects an AC outlet from power when conditions are warranted.
Ground Fault Interrupter (GFI)
What type of user has the least amount of OS privileges?
Guest
This a type of mechanical air filter that works by forcing air through a fine mesh that traps harmful particles. It can be used to help keep dust down in server rooms.
HEPA filter
A customer is going on vacation and does not want to exceed his data limit. What can you advice the customer to enable so he receives a notification warning him he is near the limit?
Hard Data Limit
If a customer's touch screen on their mobile phone is totally unresponsive and a soft reset does not fix this issue what action can you advise the customer to perform next?
Hard Reset
What is the only edition of Windows 10 that does not support Symmetric multiprocessing?
Home
When a Windows desktop creates a hibernation file and then goes into a standby state what is that state or mode called?
Hybrid Sleep
This is a power-saving state that puts any open documents and programs in memory and on your hard disk and then puts your computer into a low-power state so that you can quickly resume your work later.
Hybrid sleep (Mode)
A security technician was asked to configure a firewall so that the protected system would not send echo reply packets. What type of traffic should be blocked on the firewall to accomplish this task?
ICMP
What is an installation type method, that some refer to as cloning, which enables you to efficiently and rapidly set up multiple computers that need to be configured the same way and with the same software?
Image Deployment
Step 6 in creating a custom image for deployment of Windows 7 is to: Use a program such as _____ to capture an image
ImageX
Common Social engineering exploits include:
Impersonation, phishing, spear phishing, pharming, dumpster diving, tailgating, and shoulder surfing
When copying a file from one partition to another on a different partition explicit NTFS permissions are ____
Inherited
IDE
Integrated Development Environment - programming environment that includes features to help you write and edit code as well as debugging tools
Under a cloud based data center's change management protocols what department's primary responsibility is to identify specific changes to be made?
Internal IT personnel
Core files of a Operating system are also called the ____
Kernel
A password management system in macOS is known as:
Keychain
This is a type of malware that is used to log anything you might type into a keyboard.
Keylogger
This is used to ensure clean power is supplied to computers, peripherals and related office devices in large work environments.
Line conditioner
Based on UNIX. Open source. Can be used as a Desktop or Server OS.
Linux
These are examples of what OS? SUSE Red Hat CentOS Fedora Debian Ubuntu Mint
Linux
This type of OS dominates the web server market as well as the OS for "smart" applicances and Internet of Things (IoT) devices
Linux
This is a Microsoft Management Console (MMC) snap-in included in Windows 10 and is used to create and manage users and groups that are stored locally on a computer.
Local Users and Groups
In order to join a Windows Domain you must follow these steps: 2. you must sign into the computer using a ____ ____ ___
Local administrator account
The /r switch of the chkdsk command-line utility in Windows:
Locates bad sectors and recovers readable information / Fixes errors on the disk.
An extended partition is divided into ______ partitions.
Logical
Extended partitions can be divided into?
Logical Drives
This type of diagram illustrates how data flows within a network. It will usually include information about how nodes in a network communicate.
Logical Topology
This partition divides itself into three volumes or block devices . One for the OS system files (Root), one for a swap partition, and one for user data (home)
Logical Volume Manager (LVM)
For workers with regular schedules, a _________ can be used to prevent their account from being used during off-hours.
Login time restriction
You want to only allow specific devices on your access point internet access. What should you enable?
MAC Filtering
In Windows 7, where can you prevent programs from starting on boot?
MSCONFIG, Startup tab
domain
Microsoft client/server network model that groups computers together for security and to centralize administration
workgroup
Microsoft peer to peer network model in which computers are grouped together with access to shared resources
DISM
Microsoft's Deployment Image Servicing and Management - a tool that reads the contents of a drive and writes the output to a .WIM format file.
Sysprep
Microsoft's System Perperation Tool - a utility to be run before imaging a disk to solve possible configuration problems
MDM
Mobile Device Management - a class of enterprise software designed to apply security policies to the use of smartphones and tablets in a business network
This is a common SOHO network hardware that connects to the service provider's cabling and transfers frames over the link.
Modem
This is a name for a OS that is designed to run on servers on a business network.
NOS
NAC
Network Access Control - allows administrators to devise policies or profiles defining the minimum security configuration required of devices for network access
NOS
Network Operating System - an OS designed to run on servers in business networks
If you receive a error message stating that Windows update cannot check for updates because the service is not running, what can you restart to correct the issue?
Network Services
A simple diagram containing limited information about how the elements of a computer network are arranged is known as a:
Network Topology
NTFS stands for
New Technology File System
This is an agreement that allows you to alter and redistribute source code. Often utilized to make different Linux OS.
Open Source
Which of the following allows to view hidden files, folders, and drives in Windows 7?
Open the Folder Options applet in Windows Control Panel, then select Show hidden files, folders, and drives in the Advanced settings on the View tab.
This handles interaction with system hardware and input/ouput
Operating System (OS)
A CD-ROM/DVD/Blu-ray is media type technology recognized by the OS as a:
Optical Drive
dir/o:s
Order by size
What is a hierarchical container that allows administrators to divide up or place users, groups, and computers within a domain, that can then be used with Group policy objects (GPOs) to allow or deny permissions to anything contained within the subdivision?
Organizational Unit (OU)
In the firmware setup program an SSD may be on a SATA, M.2 and what other type of port?
PCIe
The difference between PHISHING and PHARMING is
PHARMING relies on DNS spoofing so the victims computer actually routes the user to the corrupt site, whereas PHISHING relies on the victim clicking on the link and entering in their credentials (usually the site has things that aren't quite right about it)
A method of installing an OS from the network is called ___.
PXE
A technology that allows networked computers that are not yet loaded with an operating system to be configured and booted remotely by an administrator.
PXE
What is the a common form of unattended remote networking installation methods referred to as?
PXE (Preboot Execution Environment)
When the operating system doesn't have sufficient physical ram to accomplish a task it creates an area of memory on a hard disk. The memory contained here is sorted and stored until enough RAM is freed up for it to be used again. This is known as what?
Page Filing
Bluetooth devices are linked together in a process called...
Pairing
The operating system and bundled application files from the installation media are found on what target of a computer's fixed disk?
Partition
What tool allows you to capture, display and collect system performance data through the use of counters?
Performance Monitor
What tools in MS Windows can be used to examine (both in real time and by collecting log data for later analysis) how programs that are run affect a computer's performance?
Performance Monitor
Which of the following tools in MS Windows is used to examine (both in real time and by collecting log data for later analysis) how programs that are run affect a computer's performance?
Performance Monitor (perfmon.exe)
Which of the following answers describe the features of Windows Remote Desktop tool?
Permanent remote access / Access based on local password (local user account password) / Windows tool used for connecting remotely to the user's own computer
Paula's calls tech support reporting that her smartphone is constantly making camera noises but no photos are taken. What application setting is the first step to check when trouble shooting this issue?
Permissions
Full name, date of birth, place of birth, mother's maiden name, are examples of?
Personal Identifiable Information (PII)
PII
Personally Identifiable Information - data that is used to identify, contact, locate, or impersonate an individual
The act of sending an email designed to entice recipients to visit a malicious website is called ________.
Phishing
This a diagram that illustrates the placement of the various components of a network such as cables and device locations.
Physical Topology
PNAC
Port-based network access control - means that the switch or router performs authentification of the attached device before activating the port
.ps1
PowerShell
This a form of WiFi authentication that is generally used for personal, home or a small office use. Users must input a passphrase on any device to receive access.
Pre Shared Key(PSK)
PSK
Pre-Shared Key - 256 bit cryptographic hash generated from a passphrase. This authentication method is suitable for SOHO networks
A feature of a network adapter that allows a computer to boot through an appropriately configured networked attached server is known as?
Preboot Execution Environment (PXE)
This is the means by which Windows operating systems install an OS via a network with a suitably configured server onto a computer with a usable partition on its hard drive.
Preboot eXecution Environment (PXE)
Step 2 in creating a custom image file for image deployment of Windows 7 is to: Create a Windows ____ environment startup disk
Preinstallation
What is the name of a Windows Internet Properties applet tab providing access to advanced cookie management options?
Privacy
An organization owns its own cloud infrastructure, and only uses it internally. This is a ______ cloud infrastructure.
Private
In Windows 8 and newer releases of the Microsoft OS, the real-time information about resources used by user applications and system processes in Task Manager can be found grouped in one place under what tab?
Processes
Laser printer process Step one. Data is sent to the printer
Processing
Windows 8/8.1 Minimum Hardware Requirements (x64)
Processor/CPU - 1 GHz processor with support for PAE, NX, and SSE2 Memory - 2 GB RAM Free disk space - 20 GB Video - Microsoft DirectX 9 graphics device with WDDM* driver *Windows Display Driver Model -Win8/8.1 64-bit
64 bit application files location
Program Files
32 bit application files location
Program Files(x86)
Windows Registry
Provides remotely accessible database for storing, operating system, device, and software application configuration information
A Windows network profile that hides a computer from other devices on the network and makes it unavailable for file and printer sharing is known as:
Public
What Windows option allows a computer to return to its factor image but preserves user data, accounts, Windows Store apps, and applications that came pre-installed on the system?
Push Button Refresh
The touch screen on a customer's phone is not responding accurately. You've tried restarting the phone but the problem still persists. What can you try next?
Recalibrate the screen
Step 3 in creating a custom image for deployment of Windows 7 is to: install and customize a installation of windows 7 on a computer known as the _____ computer
Reference
ping -a IPaddress
Resolves address to hostnames
RSoP
Resultant Set of Policies
Your computer is experiencing BSOD because of a unknown device driver issue. What action can you take to quickly restore the computer to a working state?
Run System Restore
In order to remove a virus and restore a Windows computer to working order what must you do after you've already tried running several up to date virus scans over multiple and different anti virus programs while Disabling System Restore and in Safe mode?
Run a clean install of Windows
What kind of cloud service is Office 365?
SaaS (software as a service)
In order to join a Windows Domain you must follow these steps: 3 From the Start Menu, select _____
Settings
Network reset in Windows 10
Settings->Network&Internet->Status
Tethering allows your phone to...
Share its internet connection with other devices
Which of the following provide access to virtual memory (a.k.a. paging file) configuration options in Windows?
System applet in Control Panel -> Advanced system settings -> Performance -> Settings -> Advanced -> Virtual memory / Windows Run dialog box -> type in sysdm.cpl + press Enter -> Advanced tab -> Performance -> Settings -> Advanced -> Virtual memory
You need the PID for a specific app in Windows. What CLI command can provide this?
TASKLIST
boot partition
The hard drive partition where the Windows OS is stored. The system partition and the boot partition may be different partitions.
No reply (request timed out)
The host cannot route a reply back to your computer
Apple's built-in backup solution for macOS is called...
Time Machine
Which of the following best describes the function of Organizational Units?
To organize like managed object in the directory
This is a type of malware that disguises or hides itself in or as something else like software, or a game you want to install. Once installed then can have fairly free access to do anything it wants. It is normally used as a backdoor to allow other forms of malware infection to occur.
Trojan horse
In Windows 8 and newer releases of the Microsoft OS, the real-time information about resources used by user applications and system processes in Task Manager can be found grouped in one place under the Processes tab. T or F
True
Prior to Windows 8, the MSConfig Startup tab contained a list of user applications that could be enabled/disabled during system boot. The contents of this tab are not available in the MSConfig utility shipped with Windows 8/8.1/10. T or F
True
Which of the following can be used as an extension of RAM?
Virtual memory / Paging file / Swap partition
What is the best wireless encryption standard currently available?
WPA2
Which wireless security solution should you choose?
WPA2 (AES)
A printer has an option for allowing simplified connections to a network through the push of a button on the router. What first needs to be enabled on the router to allow for this type of access?
WiFi Protected Setup
This OS is designed to maintain a consistent user experience across different types of devices, including desktops, laptops, smartphones, and tablets.
Windows 10
Name this edition of Windows 10: ____ Long Term Servicing Channel. designed for large volume licensing by medium and large business.
Windows 10 Enterprise
Name this edition of Windows 10: designed for domestic consumers and SOHO business uses. This edition cannot be used to join a Windows Domain Network
Windows 10 Home
What is the only edition of Windows 10 that does NOT support Symmetric MultiProcessing (SMP)?
Windows 10 Home
Name this edition of Windows 10: designed for small and medium-sized businesses. It comes with networking and management features designed to allow network administrators more control over client devices.
Windows 10 Pro
This is a very popular version of Windows and still widely used even though it is no longer being officially supported by Microsoft. Extended support will still be provided until January 14, 2020
Windows 7
What edition of Windows 7 do NOT support Symmetric MultiProcessing (SMP)?
Windows 7 Home (and Windows 7 Home Premium)
What edition of Windows 8 and 8.1 does NOT support Symmetric MultiProcessing (SMP)?
Windows 8 Core
The "look" of Windows Vista and 7 is called _______.
Windows Aero
Step 1 in creating a custom image file for image deployment of Windows 7 is to: Install the _____ on the technicians computer
Windows Automated Installation Kit (Windows AIK)
Which of the following locations/steps allows to view network shares in Windows?
Windows Command Prompt -> net share -> Enter (all network shares) / Windows Run dialog box -> \computer name -> Enter (user shares only) / Shared Folders menu in the Computer Management utility (all network shares) / Windows Command Prompt -> net view \\computer name -> Enter (user shares only) /Windows Command Prompt -> net view \\computer name/ all -> Enter (all network shares).
What Windows option allows you to restore your OS from a previously created backup?
Windows Complete PC Restore
In Windows 8/8.1/10, Windows Defender Firewall can be enabled/disabled in:
Windows Defender Firewall Control Panel applet / Firewall & network protection menu in Windows Settings (accessed via Start menu) / Windows Defender Firewall Control Panel applet -> Advanced settings -> right-click on Windows Defender Firewall with Advanced Security -> Properties.
Which of the following locations provides access to Windows Defender Firewall settings in Windows 8/8.1/10?
Windows Defender Firewall applet in Control Panel / Windows Start button -> Settings -> Update & Security -> Windows Security -> Firewall & network protection.
This tool can be a useful resource for the creation and deployment of custom images for Windows.
Windows Deployment Services (WDS)
What is the modern day graphic driver architecture for video card drivers running Microsoft Windows versions called?
Windows Display Driver Model (WDDM)
Name this edition of Windows 10: meant for use in a school environment rather than a business
Windows Education (and Windows Pro Education)
Which of the following locations in Windows 7 allows to create a shortcut to a shared folder or computer on a network?
Windows Explorer -> Computer -> Map network drive.
Which of the following is a Windows built-in software component that monitors network traffic and depending on the configuration settings applied to each data packet either blocks it or allows it to pass through?
Windows Firewall
Which of the following Control Panel applets provides access to the Windows Firewall with Advanced Security tool?
Windows Firewall (Advanced settings)
In Windows 7, Windows Firewall can be enabled/disabled in:
Windows Firewall Control Panel applet / Windows Firewall Control Panel applet -> Advanced settings -> right-click on Windows Firewall with Advanced Security -> Properties.
Which of the following locations provides access to Windows Firewall settings in Windows 7?
Windows Firewall applet in Control Panel
A Microsoft app allowing the computer to be used as a sort of home entertainment appliance.
Windows Media Center
This Windows memory testing and error detection record tool is accessed through the Windows Recovery mode:
Windows Memory Diagnostic
What Windows mode will allow you to troubleshoot your computer, run memory diagnostic tools, and allows access to Push Button Reset and Refresh?
Windows Recovery Environment (Windows RE)
What feature do you need to access to disable Autorun in optical drives in a Windows 7 OS?
Windows Registry Editor
WSUS
Windows Server Update Services - a program on a server that allows the network administrator to approve updates for certain groups
This is an application for configuring and managing a Windows 10 computer
Windows Settings
Which of the following key combinations can be used to launch Windows Explorer (Windows 7) / File Explorer (Windows 8/8.1/10) in MS Windows?
Windows logo key + E
In Linux, iwconfig and ifconfig display information about the _______ and ______, respectively.
Wireless NIC, all NICS
A user is able to stream video while his smartphone is vertical but when he tilts it into landscape the streaming quickly stops. What could this problem be a symptom of?
Wireless Router Antenna Placement
A Distributed Denial of Service attack often use this type of insidious malware to infect computers, many times without user intervention, and use them as Zombies to attack other network systems.
Worm
Moving files and folders to a different NTFS volume
Write permission is required for the destination folder and Modify for the source folder. NTFS permissions are inherited from the destination folder and the user becomes the Creator/Owner
Moving files and folders on the same NTFS volume
Write permission is required for the destination folder and Modify for the source folder. NTFS permissions are retained
Copying files and folders on the same NTFS volume or different volumes
Write permission is required for the destination folder and read for the source folder. NTFS permissions are inherited from the destination folder and the user becomes the Creator/Owner
Which of the following commands in Windows can be used to display help information related to a specific command-line utility?
[command name] help / [command name] /?
*DISTRIBUTED DoS ATTACK*
a DoS attack that uses multiple compromised computers (a "botnet" of "zombies") to launch the attack
A *Logical* "open port", is described as...
a TCP or UDP network application port
*VULNERABILITY*
a WEAKNESS (design flaw) that could be triggered accidentally or exploited intentionally to cause a security breach
*PHISHING*
a combination of social engineering and spoofing where the attacker tries to obtain user authentication or financial information through a fraudulent request for information.
*LEGACY*
a computer system that is no longer supported by its vendor and so is no longer provided with security updates and patches
Mission Control
a feature of macOS that enables a user to set up one more desktops with different sets of apps and backgrounds
*HACKER COLLECTIVES*
a group of hackers, working together, to target an organization as part of a cyber warfare campaign
cluster
a group of sectors
*SOCIAL ENGINEERING*
a hacking technique of getting users to reveal confidential information or allowing some sort of access to the organization that should not have been authorized
Rootkit
a set of tools designed to gain control of a computer without revealing its prescence
symmetric encryption
a single key is used to encrypt and decrypt data
A *specific* example of PHARMING would be...
a victim enter in mybank.com and instead of pointing to the IP address l.m.n.o, the victims computer points it to a.b.c.d which is a malicious site because of DNS spoofing
A *Physical* "open port", is described as...
an Ethernet port that allows any computer to connect to the switch
*MAC FLOODING*
an attack meant to prevent genuine devices from connecting to a switch and potentially forcing it into "hub" or "flood" mode by OVERLOADING the switch's MAC cache using such tools as Dsniff or Ettercap
*DENIAL OF SERVICE (DoS) ATTACK*
an attack that causes a service at a given host to fail or become unavailable to legitimate users
ARP poisoning
an attack that convinces the network that the attacker's MAC address is the one associated with an allowed address so that traffic is wrongly sent to the attacker's machine
*PHARMING*
an attack that corrupts the way the targets computer performs internet name resolutions through DNS Spoofing
*ARP (Address Resolution Protocol) POISONING*
an attack where a switch's ARP table is poisoned with a false MAC-IP address map, which typically allows the attacker to masquerade as the subnet's default gateway used in a variety of attacks such as DoS, Man-in-the-Middle, and spoofing
Option
apple equivalent of Alt
On Ubuntu, the command to install or upgrade software is ______.
apt-get
bootrec /fixmbr
attempts to repair MBR
Which of the following is a Windows, OS/2 and DOS command-line tool used for checking the file system and status of the system's hard drives?
chkdsk
The command to change a file's permissions on Linux is ______
chmod
The command to change a file's owner on Linux is ______
chown
Although it is derived from UNIX, iOS is has what type of operating system making it's code confidential and only modifiable by Apple?
closed source (operating system)
CDFS
compact disc file system - legacy file system used for optical disc media
copy /y
copy command that suppresses the prompt to confirm if you want to overwrite an existing destination file
copy /v
copy command that verifies that new files are written correctly
The command to copy a file on Linux is _____
cp
Most passwords are stored or sent over a network using some kind of _____ protection.
cryptographic
Which Windows Command Prompt commands can be used to list all directory's files and subdirectories contained in the current directory?
dir / dir *.*
To help prevent logical "open ports" from being exploited, all unnecessary/unused protocols, services, and applications should be _____.
disabled
dir *.*
displays all files and directories in the current directory
dir *.doc
displays all files with the DOC extension in the current directory
dir let *.doc
displays all files with the DOC extension that start with the letters LET
dir let *.doc /s
displays all files with the DOC extension that start with the letters LET and searches for subdirectories
dir *.
displays all files without an extension.
what is a client/server networking model that groups computers together for security and centralized administration called?
domain
A External drive can use USB and what other type of connection to boot from ?
eSATA
This is an answer text file language used in unattended installations that contains all of the instructions that windows Setup will need to install and configure an OS without administrator intervention.
eXtensible Markup Language (XML)
crontab -e
enters the editor
A Microsoft-proprietary file system optimized for flash drives is known as?
exFAT
*DUMPSTER DIVING*
finding useful information about an organization/individual by looking through their garbage (this may also include files stored on discarded removable media)
Port scanning can be blocked by some _____ and _____.
firewalls, IDS
Sometimes you have to access this setup program on a computer in order to ensure a particular boot method is enabled or even available
firmware
chkdsk /f
fixes logical file system errors on the disk from the cmd prompt
Scan engine/components
fixes problems and makes improvements to the scan software itself
format D: /fs:EXFAT
formats D drive to an exfat file system
Social engineering attacks come in various methods including: _____, _____, and _____.
in person, email, phone
Procedural controls
incident response processes, management oversight, security awareness, and training
When moving a file from one folder to another on a different partition, explicit NTFS permissions are _____
inherited
swapon
linux command used to activate the partition swap space
grep
linux command used to search and filter contents of files displaying the lines that match the search string
fdisk
linux command-line program used to create and manage partitions on a hard disk
mkfs
linux command-line program used to format a partition
mkswap
linux command-line program used to format a swap partition
ext
linux file system
cron
linux task scheduler
You can find hardware and driver support at this website for Linux
linux-drivers.org
A website that contains information on Linux products compatibility and a yearly comparison of the various OS distributions is? .... don't think to hard on this one
linux.com
dir/t:c
list by date created
dir/o:e
list by extension
dir/t:w
list by last modified
dir/t:a
list by last time accessed
dir/w/p
lists both wide format and one screen at a time
Component Services
located in Administrative Tools, enables you to register new server applications or reconfigure security permissions for existing services
It's a good thing to remember that attacks can be staged over _____ periods of time and several _____ attacks can lead to the end goal of a large attack.
long small (that's what she said) LOL
What is the Linux command to list the contents of a directory?
ls
*EXPLOIT*
malicious code that can successfully use a vulnerability to compromise a host
*SPOOFING*
misrepresents/disguises oneself online examples include: IP spoofing where the attacker changes their IP address; phishing where an attacker sets up a false website
Provides an interface to some Windows configuration setting within the registry. (even if you are using a 64bit version of Windows it is still named the same)
msinfo32
You need to view the processor information and workstation model on a computer. You hit Win+R and enter _______.
msinfo32
What utility can be used to edit a Remote Desktop Connection file?
mstsc
A MitM attack can be defeated using ______ _____.
mutual authentication (where both server and client exchange secure credentials)
The command to move a file on Linux is _____
mv
MAC flooding
overloading a switch's MAC cache preventing genuine devices from connecting and forcing the switch into "hub" or "flooding" mode
DoS attacks tend to focus on _____ a service or _____ design failures or other vulnerabilities in application software.
overloading, exploiting
What is the Linux command to change your password?
passwd
PCI DSS
payment card industry data security standard - governs the processing of credit card and other bank payments
format D: /fs:EXFAT /q
performs a quick format that doesn't scan for boot sectors
In this type of VDI at the end of a session, user data and personal settings are save
persistent
A *specific* example of TAILGATING might be...
persuading someone to hold the door open, using the excuse "I forgot my badge/key"
To help prevent physical "open ports" from being exploited, they should be _____ or _____ disabled.
physically, administratively
A command-line utility used for checking the reachability of a remote network host is known as:
ping
On Linux, pwd is for _______, and passwd is for ______.
pwd prints current directory, passwd is for changing passwords
rm -r
removes a directory and its contents recursively
A classic example of an IMPERSONATION attack is for the attacker to phone a department claiming they have to adjust something on the users system remotely and get the user to _____.
reveal their password
The command to remove a file on Linux is _____
rm
rstrui
runline command for system restore
Disabling unnecessary accounts
-All operating systems include other accounts • guest, root, mail, etc. -Not all accounts are necessary • Disable/remove the unnecessary • Disable the guest account -Disable any interactive logins • Not all accounts need to login -Change the default usernames / passwords • User:admin Password:admin • Helps with brute-force attacks
A tool used in Network Mapping is having unauthorized hosts connect to the network through _____ _____ (which are either Physical or Logical).
"open ports"
Task Manager
- Provides Real-time system statistics • CPU, memory, disk access, etc. -Starting the Task Manager: • Ctrl-Alt-Del, select Task manager • Right mouse click the taskbar and select Task Manager • Ctrl-Shift-Esc -Enhancements since Windows 7 • More information and features
Password expiration and recovery
-All passwords should expire • Change every 30 days, 60 days, 90 days -Critical systems might change more frequently • Every 15 days or every week -The recovery (password reset) process should not be trivial! • Some organizations have a very formal process
Image recovery (Mac OS Tools)
-Build a disk image in Disk Utility • Creates an Apple Disk Image (.dmg) file -Mount on any Mac OS X system • Appears as a normal file system • Copy files from the image -Use the restore feature in Disk utility • Restore a disk image to a volume
HomeGroup
-Can easily share information • Available in Windows 7 / Windows 8/8.1 • HomeGroup support was removed from Windows 10 • Documents, pictures, music, video -A network for the home • Must be set to "Home" in Windows -Enable HomeGroup - A single password for everyone
BIOS settings network settings
-Can enable/disable network adapters • On and off - Not much nuance • Might show up as "integrated devices" > "Onboard LAN controller"
Full device encryption (Mobile Devices)
-Can encrypt all device data • Phone keeps the key -In iOS 8 and later • Personal data is encrypted with your passcode -In Android - Full device encryption can be turned on
RDP (Remote Desktop Protocol) (Remote Access Technologies)
-Can share a desktop from a remote location over tcp/3389 -Remote Desktop Services available on many Windows versions -Can connect to an entire desktop or just an application -Clients for Windows, MacOS, Linux, Unix, iPhone, and others
The Run line
-Can start an application as a command • Instead of the graphical interface -Can use the run/search or command prompt • Options can be specified as part of the command
Domains
-Central database • Active Directory Domain Services • Designed for the enterprise -User accounts are managed centrally • Devices are added to the domain -Manage all devices and users • Deploy software • Manage the operating system -Managed in Control Panel / System
Content filtering (Securing SOHO Network)
-Controls traffic based on data within the content • Data in the packets -Corporate can control outbound and inbound data that contains sensitive materials -Controls inappropriate content • Not safe for work, parental controls -Can protect against evil • Anti-virus, anti-malware
Cloud Storage (Disaster Recovery)
-Data is available anywhere, anytime, on any device • If you have a network, you have your data -Advantages over local backups • No tape drives to manage • No offsite storage processing -Disadvantages over local backups • Data is not under your direct control • Strong encryption mechanisms are critical
User Accounts Applet
-Local user accounts • Located in Control Panel under "User Accounts" • Domains accounts are stored elsewhere -Creating local account requires account name and type • Can change password • Can change picture • Can associate a certificate information for a particular user
Print Management
-Located in Control Panel under Administrative Tools -Can manage printers • Share printers from one central console -Add and manage printer drivers • Central management of 32-bit and 64-bit drivers
iCloud (Mac OS Features)
-Integrates Apple technologies - Mac OS, iOS -Share across systems • Calendars, photos, documents, contacts, etc. -Can backup iOS devices to never lose data again -Store files in an iCloud drive • Similar to Google Drive, Dropbox • Integrated into the operating systems
gpedit.msc
group policy snap in
Which of the following command-line commands in MS Windows are used for resetting the DHCP configuration settings for all adapters?
ipconfig /release / ipconfig /renew
command
the command or script to run along with the full path to the file
Where are the log files stored?
%SystemRoot%\System32\Winevt\Logs folder
telnet
port 23
File management
-dir • Lists files and directories in cmd prompt -cd • Change working directory in cmd prompt • Use backslash \ to specify volume or folder name -.. • Two dots/periods in cmd prompt • The folder above the current folder
What MSConfig tab allows you to access Safe boot options?
Boot
In order for Windows Setup to repartition a hard disk you first need to boot to _____ in _____ mode
DVD, UEFI
Which of the following is an MS Windows diagnostic tool for detecting display, sound, and input related problems?
DxDiag
There appears to be an issue with DirectX on your home computer. What tool might help diagnose the issue?
DxDiag.exe
You need to distribute an application across all clients in a Active Directory Domain which you maintain spread over several geographic locations. What allows you to assign this to domain users or computers and install the application automatically?
Group Policy
What is a collection of settings that define what a system will look like and how it will behave for a specific set or group of users called?
Group Policy Object (GPO)
GPO
Group Policy Object - a means of applying security settings and other administrative settings across a range of computers and users
GPO
Group Policy Objects - a windows policy in which a computer remotely installs an application from a network folder without any administrator intervention
Users
Group is able to perform most common tasks such as shutdown, running applications, and using printers. They can also change time zone and install printers
The boot method of a Internal fixed disk is found on the:
HHD or SSD
To make an IMPERSONATION attack more convincing, attackers will intimidate and coax their targets by:
pretending to be someone senior in rank, using technical arguments and jargon, alarming them with a hoax, or engaging with them and putting them at ease.
SMP stands for?
Symmetric multiprocessing
to adjust settings of an apple track pad
System Preferences -> Trackpad
apt-get (Linux Command)
-Advanced Packaging Tool • Handles the management of application packages • Applications and utilities -Install, update, remove software • "> sudo apt-get install wireshark" shows the command installing wireshark
Networking Tab
-Can view network performance • Separate tab in Windows 7 • Integrated into the Performance tab in Windows 8/8.1/10 -View utilization, link speeds, and interface connection state
General tab
-Controls the startup process • Normal, Diagnostic, Selective -Normal startup • Nothing to see here, go about your business -Diagnostic startup • Similar to Safe Mode, but not quite the same -Selective startup • You decide what to load
Copy command
-Copy files from one location to another • copy (/v, /y) -copy /v • Verifies that new files are written correctly -copy /y • Suppresses prompting to confirm you want to overwrite an existing destination file
Memory diagnostics
-Is your memory working? • I don't remember -May be launch automatically • Or launched manually - Will run multiple passes • Will Try to find the bad chip/module -Located in Control Panel under Administrative Tools
Temporal Key Integrity Protocol (TKIP)
-It mixed the keys • It combined the secret root key with the Initialization Vector (IV) -Provided a sequence counter • Prevents traffic from replaying in the wireless network -Implemented a 64-bit Message Integrity Check • To protect against wireless data tampering as it went across the wireless network -TKIP also had it's own set of vulnerabilities • Was removed from the 802.11-standard in 2012
Physical security (Securing SOHO Network)
-Physical access • A relatively easy hack • Highly secure data centers -Door access • Lock and key • Electronic keyless -Biometric • Eyeballs and fingers -Must be a well documented process that can be applied to any SOHO locations
Robust Copy
-robocopy • A better xcopy • Has the ability to resume a file transfer if it is interrupted • Looks and acts similar to xcopy • Most syntax is the same as xcopy • Shows results, time taken, and throughput of the copy process -Included with Windows 7, 8.1, and 10
Shutdown command
-shutdown • Shutdown a computer • And optionally restart "shutdown /r" -shutdown /s /t nn • Wait nn seconds, then shutdown -shutdown /r /t nn • Shutdown and restart after nn seconds -shutdown /a • Abort the countdown!
3
-wx
CD audio track file
.cda
What command line prompt when added to copy will allow you to suppress any prompting to confirm you want to overwrite an existing destination file.
/y
Which of the copy command switches suppresses the confirmation prompt displayed when Windows is about to overwrite the contents of an existing file?
/y
There is generally how many extended partitions a basic disk really needs?
1
LocalService
A limited account used to run services that cannot make system wide changes. Also it can access the network anonymously
diskmgmt.msc
opens disk management console from runline
What tool allows you to use Group Policy to edit all networked computers in order to disable functions such as Autorun:
Registry Editor
HOSTS file location in Windows
%SYSTEMROOT%\System32\drivers\etc\hosts
WWAN
(Wireless Wide Area Network) A computer network that enables users to wirelessly connect to their offices or the Internet via a cellular network. Sometimes referred to as wireless broadband.
Apple iOS history
-Apple iPhone and Apple iPad OS • Based on Unix • Closed-source - No access to source code • Exclusive to Apple products -iOS Apps • Apps are developed with iOS SDK on Mac OS X • Apps must be approved by Apple before release • Apps are available to users in the Apple App Store
Repair application (Troubleshooting Solutions)
-Application issues • Problems with the application files or its configurations -Each application might have its own repair process • To fix missing files • To replace corrupted files • Can fix application shortcuts • Can repair registry entries • Or just update or reconfigure drivers -Not all applications have a repair option
Critical application backups (Disaster Recovery)
-Application software • Might be a simple backup • Or often distributed across multiple servers -Application data • Store in a single databases • Or data is stored throughout the application servers -Location of data • Might be stored locally and/or cloud-based -All of these are needed when doing a restore • They all work together
Account recovery options (Disaster Recovery)
-Apps won't work if users can't login • Your Windows Domain will most likely be the foundation of your recovery efforts -Consider other authentication requirements • Multi-factor authentication validation • Additional authentication databases such as RADIUS or TACACS -Another good reason for centralized administration • No local accounts
Clarify customer statements (Communication)
-Ask pertinent questions • Drill-down into the details • Avoid an argument • Avoid being judgmental -Repeat your understanding of the problem back to the customer • Did you understand the customer correctly? • Repeating information might allow for other details to arise -Keep an open mind • Ask clarifying questions, even if the issue seems obvious • Never make assumptions
Effective social engineering
-Attacks are constantly changing • You never know what they'll use next -Attacks may involve a single person or multiple people • May involve one organization or multiple organizations • There are ties that may connect many organizations -May be in person or electronic: • Phone calls from aggressive "customers" • Emails for funeral notifications of a friend or associate
5. Schedule scans and run updates (Removing Malware)
-Built into the antivirus software • Automated signature updates and scans -If Anti-Malware software does not have a way to automatically update, use Task scheduler • Run any task including signature updates -Check Windows operating system updates • Make sure its enabled and working
Windows 7 Starter
-Built for netbooks -No DVD playback or Windows Media Center -No Windows Aero -No Internet Connection Sharing (ICS) -No IIS Web Server -Does not support enterprise technologies • Cannot join a domain • No BitLocker support • No EFS (Encrypting File System) support -Only available as x86, maximum of 2 GB of RAM -Not supported in x64 bit version
Windows 7 Starter
-Built for netbooks -No DVD playback or Windows Media Center -No Windows Aero -No Internet Connection Sharing (ICS) -No IIS Web Server -No enterprise technologies • No Domain connection, BitLocker, EFS, etc. -Only a 32-bit version, maximum of 2 GB of RAM • Not supported in 64-bit version
Vendor-specific limitations
-End-of-life • Different companies set their own EOL policies -Software Updates • iOS, Android, and Windows 10 check and prompt for updates • Chrome OS will update automatically -Compatibility between OS's • Some movies and music can be shared -Almost no direct application compatibility • Fortunately, many apps have been built to run on different OS's • Some data files can be moved across systems • Web-based apps have potential
Vendor-specific limitations
-End-of-life • Different companies set their own EOL policies -Updating • iOS, Android, and Windows 10 check and prompt for updates • Chrome OS will update automatically -Compatibility between operating systems • Some movies and music can be shared -Almost no direct application compatibility • Fortunately, many apps have been built to run on different OSes • Some data files can be moved across systems • Web-based apps have potential
Dock (Mac OS Features)
-Fast access to apps • Quickly launch programs -View running applications • Dot underneath the icon -Keep folders in the dock • Easy access to files -Move to different sides of the screen • Auto-hide or always display
NTFS vs. Share permissions
-File access is controlled by either NTFS permissions or Share permissions -NTFS permissions apply from local and network connections -Share permissions only apply to connections over the network • A "network share" -The most restrictive setting wins • Deny access beats allow access -NTFS permissions are inherited from the parent object • Will keep the same permissions if the data is moved within the same volume • If data is moved to a different volume, then the permissions will be associated with where its placed in that volume.
services.msc
-Located in Control Panel under Administrative Tools as Services • Can also open through the cmd line or Run cmd -Useful when troubleshooting the startup process -Control background applications -Services can reveal dependencies between applications
Deleting Windows profiles (Troubleshooting Solutions)
-Login to the computer with Domain Administrator rights -Rename the \Users\name folder such as user.old • This will save important files -Backup the user's registry • HKLM\SOFTWARE\Microsoft\Windows NT\ CurrentVersion\ProfileList • Right-click and Export • Delete the registry entry - (You have a backup) • Restart the computer
Reconstructing Windows profiles (Troubleshooting Solutions)
-Login to the computer with the user account • The profile will be rebuilt with no files • This will recreate the \Users\name folder -Once the account is created, log out of the user account and login as Domain Administrator • Copy over any important files from the old profile such as documents located under "Desktop" or "My Documents" -Do not copy the entire profile • Corrupted files might exist in the old profile -Logout as Domain Administrator, Log back in with the user account
Startup tab
-Manages which programs start with a Windows login • Easily toggle on and off -Multiple reboots needed before locating the troublesome application during troubleshooting (You'll find it) -This feature has moved to the Task Manager in Windows 8/8.1/10
Zero-day attacks
-Many OS's or applications have vulnerabilities • They just haven't discovered them yet -Someone is working hard to find the next big vulnerability • The good guys share these with the developer -Bad guys keep these yet-to-be-discovered holes to themselves • They want to use these vulnerabilities for personal gain or to sell -Zero-day • The vulnerability has not been detected or published • Zero-day exploits are increasingly common -Known vulnerabilities can be found at Common Vulnerabilities and Exposures (CVE) • http://cve.mitre.org/
Multi-factor authentication (Logical Security)
-More than one factor of authentication • Something you are (biometric = fingerprint) • Something you have (smartcard or mobile phone) • Something you know (password) • Somewhere you are (GPS check) • Something you do (signature) -Can be expensive when implementing • assigning separate hardware tokens that generates a random number -Inexpensive methods include: • Free smartphone applications • Software-based token generator
NTFS and CDFS
-NTFS - NT File System • Extensive improvements over FAT32 • Quotas, file compression, encryption, symbolic links, large file support, security, recoverability -CDFS - Compact Disk File System • ISO 9660 standard • All operating systems can read the CD
Directory permissions (Logical Security)
-NTFS permissions • Much more granular than FAT • Owner of a file can lock down access • Prevents accidental modification or deletion • Some information shouldn't be seen -User permissions • Everyone isn't an Administrator • Can assign proper rights and permissions • This may be an involved audits ran by security administrators
6. Enable System Protection (Removing Malware)
-Now that you're clean • Put things as they were • Turn on System Protection -Create a restore point manually • Start populating again
ODBC Data Sources
-ODBC - Open Database Connectivity -Application independence • Database and OS doesn't matter -Configure in Control Panel / Administrative Tools • Users probably won't need this -Located in Control Panel under Administrative Tools
1. Identifying malware symptoms (Removing Malware)
-Odd error messages may appear • Application failures • Security alerts -May cause system performance issues • Slow boot-up • Slow applications -Research the malware • Research the messages to now what you're dealing with • Research any fake applications that appear
Setting expectations (Communication)
-Offer different options • Repair • Replace • Let the user make the decision -Document everything • Leave no room for questions • Useful when different scenarios are expected -Keep everyone informed • Even if the status is unchanged -Follow up afterwards • Verify satisfaction
Trusted vs. untrusted sources (Mobile Devices)
-Once malware is on a phone, it has a huge amount of access • In Android OS, Don't install APK files from an untrusted source -iOS • All apps are curated by Apple -Android • Apps can be downloaded from Google Play or sideloaded (3rd party) • 3rd party installs are where problems can occur
End user education
-One on one with end users • Personal training -Posters and signs as reminders • High visibility -Message board posting • The real kind -Login messages • These become invisible -Intranet page resources • Always available to the user
Protecting against non-compliant systems
-Operating system control to make sure they stay in compliance • Apply policies that will prevent non-compliant software -Monitor the network for application traffic • Next-generation firewalls with application visibility -Perform periodic scans and compliance checks • Login systems can scan for non-compliance • Requires correction before the system is given access • If the scan shows the system is not in compliance, a message can be shown to guide the user on bringing them back into compliance
Mobile Device Management (MDM) (Logical Security)
-Can manage company-owned and user-owned devices • User owned devices are referred to BYOD (Bring Your Own Device) -Centralized management of the mobile devices • Specialized functionality -Can set policies on apps, data, camera, etc. • Controls the remote device • Can control the entire device or a "partition" when managing company data and personal data -Manage access control • Forces screen locks and PINs on these single user devices
Mission Control and Spaces (Mac OS Features)
-Can quickly view everything that's running • Spread out the desktop into a viewable area • Swipe upwards with three fingers or Control-Up arrow -Spaces • Multiple desktops • Add Spaces inside of Mission Control
Malware OS symptoms (Troubleshooting Security Issues)
-Can renamed or delete system files -Files disappear or are deleted • Or even encrypted -Can cause file permissions to change • Protections are modified -Access denied • Malware locks itself away • It doesn't leave easily -Use a malware cleaner or restore from known good backup • Some malware is exceptionally difficult to remove
Terminal (Mac OS Tools)
-Command line access to the operating system • Manage the OS without a graphical interface -OS access • Run scripts, manage files • Configure OS and application settings
Windows PowerShell (Scripting)
-Command line for system administrators • Conains a ".ps1" file extension • Included with Windows 8/8.1 and 10 -Extends command-line functions • Uses and referred to as cmdlets (command-lets) • Can run as powerShell scripts and functions or standalone executables -System administrators can use Windows PowerShell to automate and integrate the OS and workstations into an AD infrastructure
Windows 7 Ultimate
-Complete functionality -Domain support, Remote Desktop, EFS -Supports all enterprise technologies • Including BitLocker -Available as a x64 version and supports 192 GB of RAM -Same features as Windows 7 Enterprise • But for the home user
Port security example (Logical Security)
-Configure a maximum number of source MAC addresses on an interface • You decide how many is too many • You can also configure specific MAC addresses -The switch monitors the number of unique MAC addresses • Maintains a list of every source MAC address -Once you exceed the maximum, port security activates • Default is to disable the interface
Wireless security modes
-Configure the authentication on your wireless access point / wireless router -Open System wireless configuration • No authentication password is required Home wireless configuration: -WPA2-Personal / WPA2-PSK • WPA2 with a pre-shared key • Everyone uses the same 256-bit key Business/Company wireless configuration: -WPA2-Enterprise / WPA2-802.1X • Authenticates users individually with an authentication server (i.e., RADIUS, TACACS+) • It adds additional factors such as disable/enabling user accounts or not having to manage other WiFi passphrases
Incident response: Chain of custody (Privacy, Licensing, and Policies)
-Control evidence • Maintain integrity -Everyone who contacts the evidence • Avoid tampering • Use hashes -Label and catalog everything • Seal, store, and protect • User digital signatures to avoid tampering
Privacy filters (Physical Security)
-Control your input • Be aware of your surroundings -Use privacy filters to lower the viewable screen -Keep your monitor out of sight • Away from windows and hallways
Boot tab
-Controls the boot location • Multiple locations and operating systems -Advanced options • Number of processors, maximum memory, etc. -Boot options • Safe boot, remove the GUI, create a boot log file, base video, OS boot information (shows drivers as they load), set timeout for booting
Boot tab
-Controls the boot location • Multiple locations and operating systems -Advanced options • Number of processors, maximum memory, etc. -Boot options • Safe boot, remove the GUI, create a log file, base video, OS boot information (shows drivers as they load), set timeout for booting
Why do you need an OS?
-Controls the interaction between components • Memory, hard drives, keyboard, CPU -A common platform for applications -A way for humans to interact with the machine • The "user interface" (either command line or GUI) • Hardware can't do everything! Software is required
Why do you need an OS?
-Controls the interaction between the components • Such as the memory, hard drives, keyboard, CPU -A common platform for applications -A way for humans to interact with the machine • Contains a "user interface" (either by command line or GUI) • Hardware can't do everything! It needs software to tell it what to do
Types of door access controls (Physical Security)
-Conventional method • Lock and key -Deadbolt method • Physical bolt -Electronic method • Keyless, RFID badge -Token-based method • Magnetic swipe card or key fob -Biometric method • Hand, fingers or retina -Multi-factor method • Smart card and PIN
Avoid being judgmental (Professionalism)
-Cultural sensitivity at work • Use appropriate professional titles -You're the teacher • Not the warden • Leave insults on the playground -Make people smarter by spending extra time with teaching the user • They'll be better technologists -You're going to make some BIG mistakes • Remember them so that they happen again
How Windows gets an IP address
-DHCP (Dynamic Host Configuration Protocol) • Automatic IP addressing • This is the default -APIPA (Automatic Private IP Addressing) • There's no static address or DHCP server • Communicates locally (link-local address) • Assigns IP range of 169.254.1.0 to 169.254.254.255 • No Internet connectivity -Static address • Assigns all IP address parameters manually • Specific details will need to known
IP addressing (Securing SOHO Network)
-DHCP (automatic) IP addressing vs. manual IP addressing -IP addresses are easy to see in a unencrypted network -If the encryption is broken, the IP addresses will be obvious -Configuring a static IP address is not a security technique • Security through obscurity
BitLocker and EFS
-Data confidentiality is the most important asset • Encrypt important information -Encrypting File System • Protect individual files and folders • Built-in to the NTFS file system -BitLocker • Full Disk Encryption (FDE) • Everything on the drive is encrypted • Even the operating system -Home and business use • Especially on mobile devices
BitLocker and EFS
-Data confidentiality is the most important asset • Important information needs to be encrypted -Encrypting File System (EFS) protects individual files and folders • Built-in to the NTFS file system -BitLocker • Full Disk Encryption (FDE) • Everything on the drive is encrypted • Even the operating system -Home and business use • Especially on mobile devices
The WPS hack (Securing SOHO Network)
-December 2011 - WPS has a design flaw • It was built wrong from the beginning -PIN is an eight-digit number • Really seven digits and a checksum • Seven digits, 10,000,000 possible combinations -The WPS process validates each half of the PIN • First half, 4 digits. Second half, 3 digits. • First half, 10,000 possibilities. • Second half, 1,000 possibilities -It takes about four hours to go through all of them if no lockout process was implemented • Most devices now include a lockout function in newer devices • Most people disable WPS completely
Environment variables (Scripting)
-Describes the environment the operating system is working under • Scripts use these to make decisions -Common environment variables • Location of the Windows installation • The search path • The name of the computer • The drive letter and path of the user's home directory
Network topology diagrams (Documentation Best Practices)
-Describes the network layout • May be a logical diagram • Can include physical rack locations
Windows 10 Home
-Designed for home user, retail customer -Integrates with Microsoft account • Microsoft OneDrive can be used to backup your files -Windows Defender is included • Anti-virus and anti-malware software -Cortana is included • Allows you to talk to your OS -Does not support: • Hyper-V • Bitlocker • Cannot join the domain • AppLocker • BranchCache -Max x86 RAM 4 GB -Max x64 RAM 128 GB
Windows 10 Home
-Designed for home user, retail customer -Integrates with Microsoft account • Microsoft OneDrive is used to backup your files -Windows Defender is included • Anti-virus and anti-malware -Cortana is included • Talk to your operating system -Does not support: • Hyper-V • Bitlocker • Cannot join the domain • AppLocker • BranchCache -Max x86 RAM 4 GB -Max x64 RAM 128 GB
Certificate of destruction
-Destruction is often done by a 3rd party • 3rd parties usually have the drills and degaussers to perform the work -Need confirmation that your data is destroyed • Service should include a certificate (If not, request one) -A paper trail of broken data will be needed for future auditing purposes • You know exactly what happened
Scope the change (Change Management)
-Determine the effect of the change • May be limited to a single server • Or an entire site -A single change can be far reaching • Changes at the switch which can affect multiple applications • Internet connectivity changes • Changes in remote site access • Changes in external customer access -How long will this change last? • Will it have no impact • Or hours of downtime
3. Disable System Restore (Removing Malware)
-Restore points make it easy to rewind • Malware infects restore points -Disable System Protection to delete all previous restore points • No reason to save an infected config -Delete all restore points • Remove all infection locations
BitLocker (Windows Security Settings)
-Encrypts an entire volume • Not just a single file • Protects all of your data, including the OS -What If the laptop is lost? • Doesn't matter without the password -Data is always protected • Even if the physical drive is moved to another computer -BitLocker To Go • Encrypts removable USB flash drives
EFS (Encrypting File System)
-Encrypts at the file system level on NTFS -Supported operating systems • 7 Professional, Enterprise and Ultimate • 8 and 8.1 Pro and Enterprise • 10 Pro, Enterprise, and Education -Uses password and username to encrypt the key • Administrative resets will cause EFS files to be inaccessible
WWAN connections
-Wireless Wide Area Network • Built-in mobile technology -Hardware adapter is installed on computer • Antenna connections -Can be USB connected or 802.11 wireless • Tether • Hotspot -Might require third-party software • Each provider is different
Mitigating DDoS attacks
-You may be able to filter out traffic patterns • Stopping the traffic at your firewall -Internet service provider may have anti-DDoS systems • These can help "turn down" the DDoS volume -Third-party technologies available • Such as CloudFlare, etc.
Anti-virus and anti-malware
-You need both -Real-time options • Not just an on-demand scan -Modern anti-malware recognizes malicious activity • Doesn't require a specific set of signatures
Shoulder surfing
-You probably have access to important information that many people want to see • Causes curiosity, industrial espionage, competitive advantage -Surprisingly easy to do • At Airports / Flights • With hallway-facing monitors • Coffee shops -Surfing from afar • by using Binoculars / Telescopes • Easy in the big city -Webcam monitoring
Disabling ports (Securing SOHO Network)
-disable physical ports • Conference rooms or break rooms -Administratively disable unused ports which would prevent someone going into a wiring closet and connecting to the network • More to maintain, but more secure -Network Access Control (NAC) • 802.1X controls • You can't communicate unless you are authenticated
What MSConfig tab allows you to select the default OS to load in a multiboot environment?
Boot
A multiboot utility provided by Apple that allows dual-booting macOS and Windows is...
Boot Camp
BCD
Boot Configuration Data
If you screw up the order of installing multiboot operating systems what utility can you use to reconfigure it manually following installations of OSs?
Boot Manager
A computer running Windows 8.1 hangs after its OS has been updated and restarted. What should you do first to correct this issue?
Boot into Safe Mode
Which of the configuration features listed below can be managed through the MSConfig Boot tab?
Boot logging / Default OS to load in a multiboot environment / Amount of hardware resources to be used by the chosen OS in a multiboot environment (e.g. the maximum amount of RAM) / Safe boot options
If Startup repair fails what other option can you chose to use to repair a corrupt MBR?
Bootrec.exe
Windows 8 is encountering a problem while booting. It reports an invalid disk error when starting. After you boot to the Recovery Environment (RE) what command line tool will allow you to attempt to repair a corrupt boot record?
Bootrec.exe
A centralized cache of information for computers installed in different geographic locations.
BranchCache
Name that OS type: an OS designed to work as a client in business networks
Business Client
A file system designed for optical media is called?
CDFS
What CLI program in Windows can find and repair filesystem and disk problems?
CHKDSK
The GPT can check if it is corrupted using a ____.
CRC (cyclic redundancy check)
Upgrade Windows 8.1 Core to Windows 10
Can upgrade to: • Windows 10 Home • Windows 10 Pro Cannot upgrade to (requires clean installation): • Windows 10 Enterprise
Upgrade Windows 7 Ultimate to Windows 10
Can upgrade to: • Windows 10 Pro Cannot upgrade to (requires clean installation): • Windows 10 Home • Windows 10 Enterprise
gpupdate /force
Causes all policies(new and old to be reapplied)
This OS is designed to work with handheld portable devices. The OSs must have touch-operated interface
Cell phone/Tablet
CA
Certificate Authority - a third party that vouches for certificates
When disposing of hardware storage devices, which of the following may you be required to obtain to ensure regulatory compliance for data security?
Certificate of Destruction
chkdsk
Check Disk - checks the integrity of disks and can repair any problems detected
To repair a Windows 7 installation there are 4 steps this is step 4
Click Upgrade
Windows Domains are based on what networking architecture?
Client-Server
Which of the following statements describing features of Windows HomeGroups are true?
Communication between HomeGroup computers is encrypted with a pre-shared password / An ad hoc home networking system for file and printer sharing / HomeGroups are available only in Windows 7/8/8.1 and early versions of Windows 10.
What is a MS Windows utility designed both for system administrators and for application developers to configure COM components, COM+ applications, and more?
Component Services
Many of the utilities available in the Administrative Tools menu in Windows Control Panel are implemented as the so-called Microsoft Management Console (MMC) snap-ins. The most prominent MMC component in this menu (which contains a collection of other MMC snap-ins such as Device Manager, Disk Management, and Event Viewer) is called:
Computer Management (compmgmt.msc)
Which of the following can be used to launch the Disk Management utility in Windows?
Computer Management / Windows Run dialog box / Quick Access Menu (displayed after right-clicking on the Windows Start button).
Which of the following locations provide direct access to the Device Manager applet in MS Windows?
Computer Management utility in the Administrative Tools folder in Windows Control Panel / Windows Run dialog box (after typing in devmgmt.msc and pressing Enter) / Windows Control Panel.
ITIL (Information Technology Infrastructure Library): This is any service component, infrastructure element, or other item that needs to be managed in order to ensure the successful delivery of services
Configuration Item (CI)
This is an ITIL database used by an organization to store information about hardware and software assets.
Configuration Management DataBase (CMDB)
The tools and databases that collect, store, manage, update and preset information about CIs.
Configuration Management System (CMS)
What Internet Option utility will allow you to configure a proxy server?
Connections
Which of the following answers describes the correct sequence of steps for accessing the Speed & Duplex settings of an Ethernet adapter in MS Windows?
Control Panel (Icon view) -> Network and Sharing Center applet -> Change adapter settings -> right-click on the device -> select Properties from the pop-up menu -> click the Configure... button -> On the Advanced tab, select the Speed & Duplex settings.
Which Control Panel applet in Windows allows to manage usernames and passwords for websites, connected applications and networks?
Credential Manager
Virtual memory, Extended partition and what other option can be used as an Random Access Memory extension?
Swap partition
This is a common SOHO network hardware that allows local computers to connect to the network via RJ-45 ports.
Switch
Windows 7 home and home premium do not support the use of Multiple CPUs. What is this process known as?
Symmetric multiprocessing
What Microsoft Windows tool can be used by system administrators to find and isolate problems that might prevent the OS from starting correctly
System Configuration
A virus has damaged several device drivers on your system. After properly removing the virus you still need to restore the drivers to working order. What tool will allow you to do so?
System File Checker
A Windows 8 computer is having AC power issues and you suspect the System Files have become corrupted. What tool allows you to check for this type of corruption?
System File Checker (SFC)
sfc
System File Checker - a utility that provides a manual interface for verifying system files and restoring them from cache if they are corrupt or damaged
What system management tool is used to configure answer files for unattended installations?
System Image Manager
In a multiboot environment what separate partition must be accessible to all Operating Systems?
System Partition
adding a new account in MacOS
System Preferences ->users and groups
Both Startup Repair and Bootrec.exe are accessed through which Windows options screen?
System Recovery
An MS Windows system utility that allows to roll back system files and settings to an earlier point in time is called:
System Restore
If a device driver that was installed recently is causing system errors what can a technician perform to correct this problem relatively quickly?
System Restore
This System information application contains summaries about the operating system, firmware versions and registration details.
System Summary
end-of-life system
System for which vendors have dropped all support for security updates due to the system's age.
This is a template containing OS and other software information generally used in corporate network environment installations:
System image
A computer that has image deployment tools such as Windows Automated Installation Kit and Windows Preinstallation Environment is known as a _____ computer
Technician
Creator Owner Group
The account that created or "owns" an object, usually a user account.
Slow profile loads (Troubleshooting Windows)
-Roaming user profile • Your desktop follows you to any computer • Changes are synchronized -Network latency to the domain controller • Slows login script transfers • Slow to apply computer and user policies • May require many hundreds (or thousands) of LDAP queries -Client workstation picks a remote domain controller instead of local DC • Problems with local infrastructure
Incident response: Documentation (Documentation Best Practices)
-Security policy • An ongoing challenge • Covers every aspect of IT security for the company -Documentation must be available for everyone • Any employee can access that information • Commonly posted on the intranet -Documentation always changes • Constant updating • A process needs to be in place • Use the wiki model so that changes can be made quickly and seen by everyone in the organization
The disk partition
-Separates the physical drive into logical pieces • Useful to keep data separated • Multiple partitions are not always necessary -Useful for maintaining separate operating systems • Windows, Linux, etc. -Formatted partitions are called volumes • Microsoft's nomenclature • Volume and Partition mean the same thing
The Task Manager utility in Windows 8/8.1/10 contains a tab previously included as part of the System Configuration (MSConfig) utility. The tab allows system administrators to control user applications that should be enabled/disabled during system boot. This tab is called:
Startup
Bootrec.exe should be used to repair a corrupt MBR after using which other option?
Startup Repair
What Windows option allows you to restore a missing or repair a corrupt bootrec.exe file?
Startup Repair
Which volume type in Windows Disk Management utility uses RAID 0 setup for performance gains?
Striped volume
Which of the following locations in Windows 8/8.1/10 provides access to configuration options that would allow to create an exception for a TCP or UDP port?
Windows Defender Firewall applet in Control Panel -> Advanced settings -> right-click on Inbound/Outbound Rules -> New Rule... -> Port
SSID management (Securing SOHO Network)
-Service Set Identifier • Name of the wireless network • Common SSID's : LINKSYS, DEFAULT, NETGEAR -You have the option to change the SSID to something not-so obvious -You can also disable SSID broadcast • SSID is easily determined through wireless network analysis • Security through obscurity
Restart services (Troubleshooting Solutions)
-Services • Applications that run in the background • No user interaction -Similar issues as a normal process • Resource utilization • Memory leaks • Crashes -View status in Task Manager • Under Services tab • You can right-click to start, stop, or restart • You can open service to get more info
legal and regulatory or compliance controls
privacy laws, policies, and clauses
Certificate-based authentication (Logical Security)
-Smart card • Private key is on the card -PIV (Personal Identity Verification) card • US Federal Government smart card • Picture and identification information -CAC (Common Access Card) • US Department of Defense smart card • Picture and identification -IEEE 802.1X • Gain access to the network using a certificate • Stored on the device or separate physical device (e.g. USB key)
Email security (Troubleshooting Security Issues)
-Spam • Any unsolicited email messages • Advertisements • Phishing attacks • Spread viruses via attachments within the email • Spam filters can be helpful to filter out unwanted emails -If the email is hijacked • Infected computers can become email spammers • You'll receive odd replies from other users • You'll receive bounced messages from unknown email addresses -Scan for malware to see if malware can be identified
Room control (Environmental Impacts)
-Specific temperature level • Devices need constant cooling (So do humans) -Humidity level • High humidity promotes condensation • Low humidity promotes static discharges • 50% is a good number but might be difficult to maintain -Proper ventilation is needed • Computers generate heat • Don't put everything in a closet • Need a method to get hot air out and cool air in
Mitigating man-in-the-middle
-Use encrypted protocols to mitigate MITM attacks • use HTTPS (not HTTP) if using a browser • use SSH (not telnet) if connecting to a console -Communicate over a secure channel • Client-based VPN -Use encrypted wireless networks • Avoid insecure networks such as Public WiFis or Hotel WiFi's
Standard OS features
-Used for file management • You can Add, Delete, Rename files -For application support • Manages memory or swap file (swap space or pagefile) -Input and Output support • Printers, keyboards, hard drives, USB drives -Operating system configuration and management tools
Access Control Lists (ACLs) (Logical Security)
-Used to allow or deny traffic • Also used for NAT, QoS, etc. -Defined on the ingress or egress of an interface • Often on a router or switch • Can be configured to either view Incoming or outgoing traffic or both -ACLs evaluate on certain criteria • Identify traffic based on Source IP, Destination IP, • Either on TCP port numbers, UDP port numbers, • Certain protocol, such as ICMP -Can deny or permit if the criteria is met • What happens when an ACL matches the traffic?
Scripting basics(Scripting)
-Variables • Can associate a name with an area of memory -Variable "x=1" • x=1. y=x+7. Therefore, y=8. • Variable "pi" can hold the value of "3.14" • pi=3.14 • Variable "greeting" can hold text values "Hello and welcome." • greeting="Hello and welcome."
Scripting data types (Scripting)
-Variables are associated with the data type depending on the information that is being stored -String data types • Variable "name" can store the string/text information "Professor Messer" • name="Professor Messer" -Integer data types • Contains whole numbers (not fractions or decimals) • 42 can be stored as an integer data type with the variable x • x=42 • Can perform mathematical calculations that can be used in the script -Floating point data types • Contains numbers with decimal points • The variable pi is a floating point data type that contains the number 3.14
xml file
.xml
Z compressed File
.z
Zip compressed file
.zip
Which of the following commands in Windows Command Prompt changes the current directory to the root directory?
cd \
chown
change ownership in linux
chmod
change permission modifiers in linux
chgrp
changes the group in linux
format D: /v: E
changes the name of drive D to drive E
Bitmap Image
.bmp
hash
A number generated by an algorithm from a text string.
secpol.msc
Local Security Policy snap in
Malware Removal steps: Step 4
Scan and remove infection
Security Log
This log holds the audit data for the system
Laser printer process step 7. excess toner is removed from the drum
cleaning
sfc /scannow
runs a scan immediately
Which ipconfig parameter allows to view the physical address of a Network Interface Card (NIC)?
/all
What addition to the command line prompt copy will allow you to verify that new files are written correctly?
/v
What router tab allows you to access Firewall features?
Advanced
You must do this to existing MBR partitions before installing a UEFI enabled copy of Windows.
Delete
7
rwx
Hard drive security
-2019 study from Blancco and Ontrack on 159 storage drives from eBay •66 drives had data, 25 drives with Personal Identifiable Information •Some contained personal documents, video from a hospital monitoring system and more -Use 3rd party utilities if doing a regular format is not an option -File level overwriting •Sdelete - Windows Sysinternals -Whole drive wipe secure data removal • DBAN - Darik's Boot and Nuke -Physical drive destruction • One-off or industrial removal and destroy
Operating system technologies
-32-bit vs. 64-bit • Processor specific -32-bit processors can store 2³² = 4,294,967,296 values -64-bit processors can store 2⁶⁴ = 18,446,744,073,709,551,616 values • 4 GB vs. 17 billion GB • The OS has a maximum supported value -Hardware drivers are also specific to the installed OS version (32-bit or 64-bit) • 32-bit (x86), 64-bit (x64) -32-bit OS cannot run 64-bit apps • But 64-bit OS can run 32-bit apps -Location of programs in a Windows 64-bit OS • 32-bit apps: \Program Files (x86) • 64-bit apps: \Program Files
Operating system technologies
-32-bit vs. 64-bit • Processor specific -32-bit processors can store 2³² = 4,294,967,296 values -64-bit processors can store 2⁶⁴ = 18,446,744,073,709,551,616 values • 4 GB vs. 17 billion GB • The OS has a maximum supported value -Hardware drivers are specific to the OS version (32-bit / 64-bit) • 32-bit (x86), 64-bit (x64) -32-bit OS cannot run 64-bit apps • But 64-bit OS can run 32-bit apps -Apps in a 64-bit Windows OS • 32-bit apps: \Program Files (x86) • 64-bit apps: \Program Files
Windows 8/8.1 Core
-A basic version for the home user • available in x86 and x64 versions -Integrates a microsoft account into the OS • Ability to log into your computer and all of your services -Includes Windows Defender • An integrated anti-virus and anti-malware -Supports the following: • Windows Media Player -Does not support: • Cannot join a domain • EFS (Encrypting File System) • Bitlocker • AppLocker • BranchCache -x86 version supports 4gb RAM -x64 version supports 128gb RAM
Slow data speeds (Troubleshooting Mobile Device Security)
-A malicious application can cause the data network to go slow • Causes unusual network activity • Unintended WiFi connections • Data transmissions can go over the limit -Check your network connection • Run a WiFi analyzer • Make sure you are on a trusted WiFi network -Check network speed with a 3rd party app • Run a speed check / cell tower analyzer -Examine running apps for unusual activity • Such as large file transfers or constant network activity
Crypto-malware
-A new generation of ransomware • Your data is unavailable until you pay for the decryption key -Malware encrypts your data files • Pictures, documents, music, movies, etc. • Malware cannot be simply removed • Your OS remains available • They want you running, but not working • All personal data has been encrypted by the bad guys -You must pay the bad guys to obtain the decryption key • This encryption is powerful and cannot be brute forced • Ransom is charged through an untraceable payment system • An unfortunate use of public-key cryptography -Make sure you have an offline backup of your files in case you are infected
Computer Management
-A pre-built Microsoft Management Console • A predefined mix of plugins • Control Panel / Administrative Tools - To create your own Microsoft Management Console, you can do the following: • Go to "C:\Windows\System32" and click on "mmc.exe" • Click on Start and search for mmc.exe • cmd prompt and type in mmc.exe • You can add or remove snap-ins as needed -A handy starting point • Events • User accounts • Storage management • Services • And more!
Inventory management (Documentation Best Practices)
-A record of every asset • Routers, switches, cables, fiber modules, etc. -Required for financial records, audits, depreciation • information such as make/model, configuration, purchase date, etc. -Tag the asset once added to the database • Barcode, RFID, visible tracking number • Tagging an asset can help track the device no matter where it happens to go
HomeGroup Applet
-A way to easily share information • Windows 7 / Windows 8 • No HomeGroup options on Windows 10 • Documents, pictures, music, video -A network for the home • Must be set to "Home" in Windows -Enable HomeGroup • A single password is created for everyone to use
Storage spaces
-A windows feature -Storage primarily designed for data centers, cloud infrastructures to easily add storage space • Multiple tiers of available spaces • Different types of administrative control that can be assigned to those spaces -Storage pool • A group of storage drives • Can combine different storage devices into a single pool • Easy to add or remove space in the pool -Storage space • Virtual disks are allocated from available space in the pool • Can specify if its a standalone, mirrored, or striped virtual disk • Includes options for mirroring and parity • Hot spare available as a replacement drive
Cannot broadcast to monitor (Troubleshooting Mobile Apps)
-Ability to broadcast to a TV • Apple TV, Xbox, Playstation, Chromecast, etc. -Check the app requirements • Every broadcast device is different -All devices must be on the same wireless network • Can't mix your private and guest network -Signal strength is important • Between the phone and television • Between the television and the Internet
Domain Services
-Active Directory Domain Services • Large database of your network • Contains info. on users, computers, and the systems they connect to. -Distributed architecture • Many servers • Not suitable for home use -Everything documented/managed in one place • User accounts, servers, volumes, printers -Many different uses • Authentication • Centralized management
Domain Services
-Active Directory Domain Services • Large database of your network • Contains info. on users, computers, and the systems they connect to. -Distributed architecture • Many servers • Not suitable for home use -Everything documented/managed in one place • User accounts, servers, volumes, printers -Many different uses such as authentication • Can be managed from a centralized location
Shared files and folders
-Administrative shares • These shares are created automatically by the OS during installation process • Most of these shares are hidden from view (i.e., C$) • Local shares are created by users • Any share with a $ sign at the end of it is automatically hidden by the OS -System files and folders • C$ - \ • ADMIN$ - \Windows • PRINT$ - Printers folder -To view the shares available on the system: • Go to Computer Management > Shared Folders > Share • Or go to the cmd prompt and type in "net share"
Run as administrator
-Administrators have special rights and permissions • Editing system files, installing services -Uses the rights and permissions of the administrator • You don't get these by default, even if you're in the Administrators group -To Run as Administrator: • Right-click the application • Run as administrator (Or Ctrl-Shift-Enter)
Default usernames and passwords (Securing SOHO Network)
-All access points have default usernames and passwords • Change yours ASAP! -The right credentials provide full control • Administrator access -Very easy to find the defaults for your WAP or router • http://www.routerpasswords.com
Patching/OS updates (Mobile Devices)
-All devices need updates - Even mobile devices -Device patches •Security updates need to be up-to-date to close any vulnerabilities -Operating system updates •Can contain new features or fix any bugs -Don't get behind! •Updates are done automatically to avoid security problems
Wireless encryption (Securing SOHO Network)
-All wireless computers are radio transmitters and receivers • Anyone can listen in -Solution: Encrypt the data • Everyone gets the password -Only people with the password can transmit and listen • WPA2 encryption
Windows Firewall with Advanced Security
-Allows for a more detailed control of inbound/outbound traffic -Can configure: • Inbound rules • Outbound rules • Connection security rules -Can also configure granular rules to specify: • Program • Port number • Predefined services • Custom Variables -Custom variables can include options for the rule such as: • Program • Protocol/Port • Scope • Action • Profile
Scripting and automation (Scripting)
-Allows you to automate tasks • You don't have to be there • Solve problems in your sleep • Monitor and resolve problems before they happen -The need for speed • The script is as fast as the computer • No typing or delays • No human error -Automate mundane tasks • You can do something more productive with your time
Driver/firmware updates for Mac OS
-Almost invisible in Mac OS X • Designed to be that way -Can get hardware Information by looking in the hardware section in System Information • Detailed hardware list broken down by category -View/Read only mode • No changes can be made to the settings • This is by design
Backup / restore
-Always have a backup to recover from a malware infection • This is the best insurance policy ever -Image backup built into Windows • In Windows 8/10 it's called Backup and Restore (Windows 7) • In Windows 7 it's called Backup and Restore -This is the only way to be 100% sure that malware has been removed • Seriously. Cleaning isn't 100%.
Maintain positive attitude (Professionalism)
-Always have a positive tone of voice • Partner with your customer • Project confidence -Problems can't always be fixed • Do your best • Provide helpful options -Your attitude has a direct impact on the overall customer experience
Rainbow tables
-An optimized, pre-built set of hashes • Doesn't need to contain every hash • The calculations have already been done -Remarkable speed increase • Especially with longer password lengths -Need different tables for different hashing methods • Windows passwords are stored differently than MySQL passwords • Different applications store passwords in different ways -Rainbow tables won't work with salted hashes • A salted hash adds an additional random value to the original hash
Anti-virus and anti-malware (Logical Security)
-Anti-malware software runs on the computer • Each device manages its own protection -Updates must be completed on all devices • This becomes a scaling issue -Large organizations need enterprise management • Track updates, push updates, confirm updates, manage engine updates -Mobile devices adds to the challenge • Need additional management
PII - Personally identifiable information (Privacy, Licensing, and Policies)
-Any data that can identify an individual • Part of a company privacy policy - How will PII be handled? -Not everyone realizes the importance of this data • It becomes a "normal" part of the day • It can be easy to forget its importance -Example of a breach - July 2015 • U.S. Office of Personnel Management (OPM) • Personal identifiable information was compromised • Compromised information contained Personnel file information; name, SSN, date of birth, job assignments, etc. • Approximately 21.5 million people were affected
Anti-virus and Anti-malware (Mobile Devices)
-Apple iOS • Closed environment, tightly regulated OS • Malware has to find a vulnerability -Android • More open, apps can be installed from anywhere • Easier for malware to find its way in -Apps on mobile devices run in a "sandbox" • You can control what data an app can view
User authentication
-Authentication • Prove you are the valid account holder • Username / Password • Perhaps additional credentials are required -Single sign-on (SSO) • Built into the Windows Domain • Provide credentials one time (No additional pop-ups or interruptions) • Managed through Kerberos
Social engineering principles
-Authority • The social engineer is in charge • Social engineer might say they are calling from the help desk/office of the CEO/police -Intimidation • There will be bad things if you don't help • Social engineer might save "If you don't help me, the payroll checks won't be processed" -Consensus / Social proof • Convince based on what's normally expected • Social engineer might say "Your co-worker Jill did this for me last week" -Scarcity • The situation will not be this way for long • Social engineer might say "the changes need to be made before the time expires" -Urgency • Works alongside scarcity • Social engineer wants you to act quickly without thinking or verify the information -Familiarity / Liking • Someone you know, we have common friends • Social engineer might say "i'm a friend of yours or a friend of a friend" -Trust • Someone who is safe • Social engineer might say "I'm from IT, and I'm here to help"
Time Machine backups (Mac OS Tools)
-Automatically does backups and easy to use • Familiar Finder UI -Dates along the right side to locate the correct date • Files in the middle -Mac OS takes snapshots if the Time Machine storage isn't available • You can restore from the snapshot
Network locations in Windows 7
-Automatically sets security levels • You don't even have to remember to set the level -Home • The network is trusted -Work • You can see other devices, but can't join a HomeGroup -Public (most restrictive) • Airport, coffee shop • You are invisible
Knowledge base and articles (Documentation Best Practices)
-Available from external sources • Manufacturer knowledge base (e.g. Microsoft, Cisco, etc...) • Internet communities such as forums -Internal documentation • Institutional knowledge • Usually part of help desk software -Helps find the solution quickly • Contains a searchable archive • It can automatically search with keywords placed in the helpdesk ticket
Windows 8/8.1 Enterprise
-Available to "Software Assurance" customers • Large volume licenses -Supports enterprise features • AppLocker • Windows To Go • DirectAccess • BranchCache • EFS • Bitlocker • Can join Windows domain -Available in 32-bit (Max 4 GB RAM) and 64-bit (Max 512 GB RAM)
Windows 8/8.1 Enterprise
-Available to "Software Assurance" customers • Large volume licenses -Supports enterprise features such as: • Joining a windows domain • AppLocker • Windows To Go • DirectAccess • BranchCache • EFS (Encrypting File System) • Bitlocker -x86 version supports 4gb RAM -x64 version supports 512gb RAM
Avoid jargon (Communication)
-Avoid abbreviations and TLAs • Three Letter Acronyms -Avoid acronyms and slang • Be the translator for others -Communicate in terms that everyone can understand • Normal conversation puts everyone at ease • Decisions are based on what you say -Abbreviations, acronyms, and slang are the easiest problems to avoid
Services
-Background process • No user interaction • File indexing, anti-virus, network browsing, etc. -Useful when troubleshooting the startup process • Many services startup automatically -Command-line control • net start, net stop -Services is located in Control Panel under Administrative Tools • Type in "services.msc" through search or cmd prompt
Handling toxic waste (Safety Procedures)
-Batteries from Uninterruptible Power Supplies • Needs to be disposed of at your local hazardous waste facility -CRTs • Cathode ray tubes - there's a few of those left • Glass contains lead • Dispose at your local hazardous waste facility -Toner Cartridges • Can be recycled and reused • Many printer manufacturers provide a return box • Some office supply companies will provide a discount for each cartridge
Browser security alerts (Troubleshooting Security Issues)
-Be aware of security alerts and invalid certificates • Something isn't quite right • Should raise your interest -Look at the certificate details • Click the lock icon for more information • May be expired or the wrong domain name • The certificate may not be properly signed (untrusted certificate authority)
File systems
-Before data can be written to the partition, it must be formatted -Operating systems expect data to be written in a particular format • FAT32 and NTFS is popular -Many operating systems can read (and perhaps write) multiple file system types • FAT, FAT32, NTFS, exFAT, etc.
File systems
-Before data can be written to the partition, it must be formatted -Operating systems expect data to be written in a particular format • FAT32 and NTFS is popular -Many operating systems can read (and perhaps write) multiple file system types • FAT, FAT32, NTFS, exFAT, etc.
Local Security Policy
-Big companies have big security policies • Managed through Active Directory Group Policies • Affects many computers at once -Stand-alone computers aren't managed through AD • Local policies are managed by Local Security Policy -Not available in Home editions • Available in Pro, Ultimate, & Enterprise editions -Local Security Policy is located at: • C:\Windows\system32 and click on secpol.msc • Click on Start and search for secpol.msc or local security policy • cmd prompt and type in secpol.msc
Local Security Policy
-Big companies have big security policies • Managed through Active Directory Group Policies • Affects many computers at once -Stand-alone computers aren't managed through AD • Local policies are managed by Local Security Policy -Not available in Home editions • Available in Professional / Pro, Ultimate, Enterprise -Local Security Policy is located at: • C:\Windows\system32 and click on secpol.msc • Click on Start and search for secpol.msc or local security policy • cmd prompt and type in secpol.msc
Biometrics (Physical Security)
-Biometric authentication • Fingerprint, iris, voiceprint -Usually stores a mathematical representation of your biometric • Your actual fingerprint isn't usually saved -Difficult to change • You can change your password • You can't change your fingerprint -Used in very specific situations • Not foolproof
Avoid interrupting (Communication)
-But I know the answer! Why do we interrupt? • We want to solve problems quickly • We want to show how smart we are • Can be considered rude -Actively listen, take notes • Build a relationship with the customer (they'll need help again someday) • Don't miss a key piece of information • Especially useful over the phone when you are not able to physical see the user -This skill takes time to perfect • The better you are, the more time you'll save later
BranchCache
-Caching for branch offices • Without additional hardware or external services -Conserves bandwidth over slower links • Seamless to the end-user • Same protocols • Same network connection • Same authentication methods -Activates when round-trip latency exceeds 80 milliseconds
BranchCache
-Caching for branch offices • Without additional hardware or external services -Conserves bandwidth over slower links • Seamless to the end-user • Same protocols • Same network connection • Same authentication methods -Activates when round-trip latency exceeds 80 milliseconds
Folder Options / File Explorer Options Applet
-Can Manage Windows Explorer • Many options -General Tab • Can change how folders open in each Window • How folders expand • Can set privacy settings -View Tab • Advanced settings for files and folders (can view hidden files, can hide extensions, etc..) -Search Tab • Can configure how the search Index is used when searching for files • Search Options when searching for files • Options when searching non-indexed areas
Creating a firewall exception
-Can allow an app or feature through Windows Firewall • The more secure exception -Can allow or disallow via the Port number • Block or allow - Very broad -Can create predefined exceptions • List of common exceptions -Custom rule can be combined to create a detailed rule • Every firewall option -To view/create custom rules, click on "advance settings" under Windows Firewall
Terminal (Linux tools)
-Command line access to the operating system • Common to manage in Linux -OS maintenance • Can run scripts and manage files • Can configure OS and application settings
Scheduled backups (Linux)
-Can be scheduled by either command line and/or graphical interface • a number of these utilities are built into the distributions -tar (commonly used) • Stands for "Tape Archive" • Easy to script into a backup schedule from cmd line • Can backup or restore from tar utility -rsync • Stands for "Remote Sync" • Sync files between storage devices • Instant synchronization or scheduled
Performance Monitor
-Can gather long-term statistics • Located in the Control Panel under Administrative Tools -Provides OS metrics - Disk, memory, CPU, etc. -Can set an alert and automated actions - can monitor and act •Counters are added to monitor metrics -Can store statistics to analyze any long-term trends -Built-in reports allows you to create detailed reports from the data -To bring up Performance Monitor: • Go to "C:\Windows\system32" and click on perfmon.msc • Click on Start and search for perfmon.msc • cmd prompt and type in perfmon.msc
Network shares
-Can make a folder available across the network • "Share" with others, view in Windows Explorer -Assign (map) a drive letter to a share • can set to reconnect automatically -Shares ending with a dollar sign ($) are "hidden" • Not a security feature -Located in Control Panel / Administrative Tools / Computer Management to view shared folders
VPN connections
-Can use the built-in VPN client • Included with Windows -Can Integrate a smart card • Multi-factor authentication • Something you know (password) • Something you have (smartcard) • Something you are (fingerprint reader) -Connect from the network status icon once the VPN connection is created • Will need to click and provide credentials
Processes Tab
-Can view all running processes • Interactive and system tray apps • View services and processes from other accounts -Manage the view • Can move columns, add metrics -Later versions combine all apps, processes, and services into a single tab • Easy to view and sort
ps (Linux Command)
-Can view the current processes • And the process ID (PID) • Similar to the Windows Task Manager -View current user processes • "ps" command -View all processes • "ps -e | more" command
Event Viewer
-Central event consolidation • What happened? -Broken down into different categories • Application • Security • Setup • System -Then each one is broken down into a different priority such as: • Information • Warning • Error • Critical • Successful Audit • Failure Audit -Can obtain detailed information when troubleshooting an application or OS
Active Directory (Logical Security)
-Centralized management • Windows Domain Services • Limit and control access -Run login scripts • Can map network drives • Can update security software signatures • Can update application software -Run Group Policy/Updates • Set specific pre-define policies • Set the password complexity • Contain login restrictions -Separated Organizational Units (OU's) • Active Directory can be structured to real world departments • Can be based on the company (locations, departments) -Can set a Home Folder • Assign a network share as the user's home • e.g. \\server1\users\professormesser -Can set group policy to assign Folder redirection • Instead of a local folder, redirect to the server • Store the Documents folder on \\server1 • Access files from anywhere
Credential Manager Applet
-Centralized management of web and Windows credentials • Each site can have a different username and password -Can add additional Windows credentials • Such as Certificates
System updates / App store in Mac OS
-Centralized updates - For both OS and apps in one utility -App Store application - The "Updates" option -Automatic updates • Can also be set to manual install -Patch management - Install and view previous updates
Password best practices
-Change any default usernames/passwords • All new devices have defaults • There are many web sites that document these -BIOS/UEFI passwords • Supervisor/Administrator password: Prevent BIOS changes • User password: Prevent booting -Requiring passwords • Always require passwords • No blank passwords or automated logins
Change management
-Change control • A formal process for managing change such as application upgrades, security patches, updates to a switch configuration, etc... • This is to avoid downtime, confusion, and/or mistakes -Nothing changes without the process • Determine the scope of the change • Analyze the risk associated with the change • Create a plan • Get end-user approval • Present the proposal to the change control board • Have a backout plan (plan b) if the change doesn't work • Document the changes
chmod (Linux Command)
-Change mode of a file system object • r=read, w=write, x=execute • Can also use octal notation • Set for the file owner (u), the group(g), others(o), or all(a) -chmod mode FILE • > chmod 744 script.sh • The above chmod gives the following permissions "User:rwx", "Group:r--", "Others:r--" -chmod 744 first.txt • User gets read, write execute • Group gets read only • Other gets read only -chmod a-w first.txt • All users, no writing to first.txt • Sets all users permissions with the no writing to text file "first.txt" -chmod u+x script.sh • The owner of script.sh can execute the file • Sets the owner with execute permission to the "script.sh" file
Before the installation
-Check minimum OS requirements • Memory, disk space, etc. • And the recommended requirements -Run a hardware compatibility check • Runs when you perform an upgrade • Run manually from the Windows setup screen • Windows 10 Upgrade Checker -Plan for installation questions • Drive/partition configuration, license keys, etc. -Application compatibility - Check with the app developer
Dust and debris (Environmental Impacts)
-Cleaning outside of device (computer/printer) • Use neutral detergents • No ammonia-based cleaning liquids • Avoid isopropyl alcohol -Vacuum • Use a "computer" vacuum (maintain ventilation) -Use a compressed air pump (environmental friendly) • Try not to use compressed air in a can
Licensing / EULA (Privacy, Licensing, and Policies)
-Closed source / Commercial • Source code is private • End user gets compiled executable -Free and Open Source (FOSS) • Source code is freely available • End user can compile their own executable -End User Licensing Agreement • Determines how the software can be used -Digital Rights Management (DRM) • Used to manage the use of software
Trust/untrusted software sources (Logical Security)
-Consider the source • May not have access to the source code • Even then, may not have the time to audit (do you trust the person providing the software?) -Trusted sources • Internal applications (In-House developers) • Well-known publishers • Digitally-signed applications -Untrusted sources • Applications from third-party sites • Links from an email • Pop-up/drive-by downloads when visiting a website
Locator applications and remote wipe (Mobile Devices)
-Contains built-in GPS • And location "helpers" • 802.11 can be used to triangulate location -Can assist with finding phone on a map -Have control from afar • Can make a sound • Can display a message -Can send command to wipe everything if you are not able to gain access to the phone • This is done to protect your data
Risk analysis (Change Management)
-Determine the risk value of a change • i.e., high, medium, low -The risks can be minor or far-reaching • The "fix" didn't actually fix anything • The fix ends up breaking something else • Operating system failure • Data corruption -What's the risk with NOT making the change? • Are systems are open to security vulnerabilities? • Will applications become unavailable? • Or unexpected downtime to other services
tracert
-Determines the route a packet takes to a destination • Maps the entire path -Takes advantage of ICMP Time to Live Exceeded message • The time in TTL refers to hops, not seconds or minutes • TTL=1 is the first router, TTL=2 is the second router, etc. -Not all devices will reply with ICMP Time Exceeded • Some firewalls filter ICMP • ICMP is low-priority for many devices
The password file
-Different across operating systems • All contain different hash methods • One-way cryptographic process e.g. Jumper Bay: 1001::42e2f19c31c9ff73cb97eb1b26c10f54::: Carter: 1007::cf4eb977a6859c76efd21f5094ecf77d::: Jackson: 1008::e1f757d9cdc06690509e04b5446317d2::: O'Neill: 1009::78a8c423faedd2f002c6aef69a0ac1af::: Teal 'c: 1010::bf84666c81974686e50d300bc36aea01:::
Users and Groups
-Different levels of user accounts are built into the Windows OS -Users • Administrator (The Windows super-user) • Guest (Limited access) (Disabled by default) • Standard Users (majority of users who will be logging into Windows) -Windows OS also contains different groups • Administrator, Power Users, Users, etc... • Adding a Standard User into the Power Users Group will not give that much more control than a regular user
Remote Backup (Mobile Devices)
-Difficult to backup something that's always moving • Do a backup to the cloud -Constant backup - No manual process -You can backup without wires by using the existing network • Either through the service provider or through 802.11 network -Can restore with one click on the new phone • Restores everything • Authenticate and wait
dxdiag.exe
-DirectX Diagnostic Tool • Manage your DirectX installation • It is an application programming interface used by developers to create applications that requires multimedia or graphics within Windows -Multimedia API Overview for: • System • Display (3D graphics) • Audio • Input options -Also makes a very nice generic diagnostic tool when having issues with graphics or sound • Not just for testing DirectX - Located under C:\Windows\System32 • Can also open through the cmd line or Run cmd
Scheduled disk maintenance in Mac OS
-Disk Utility - Disk maintenance •Rarely needed - No ongoing maintenance • Use as needed -Other Functions: • First Aid • Partition a new drive • Erase a drive • Restore a drive • Unmount a drive -Use the "First Aid" function if having disk problems • Similar to Windows Check Disk • Will examine the drive • Checks all permissions are set properly
defrag.exe
-Disk defragmentation • Moves file fragments so they are contiguous (so that they can be stored next to each other) • Improves read and write time on spinning hard drives -Not necessary for solid state drives • Windows won't defrag an SSD • Option will not be available -Graphical version in the drive properties -Requires elevated permissions at the command line to run • defrag <volume> • defrag C: - Located under C:\Windows\System32 • Can also open through the cmd line or Run cmd • Graphical version in the drive properties
defrag.exe
-Disk defragmentation • Moves file fragments so they are contiguous (so that they can be stored next to each other) • Improves read and write time on spinning hard drives -Not necessary for solid state drives • Windows won't defrag an SSD • Option will not be available -Graphical version in the drive properties -Requires elevated permissions at the command line to run • defrag <volume> • defrag C: - Located under C:\Windows\System32 • Can also run through the cmd line or run cmd • Graphical version in the drive properties
Windows post-installation
-Does it work? • If it doesn't boot, there are bigger problems • Some testing is useful for unknown hardware configurations -Additional installations include: • Service packs • Security patches • Security applications • Driver updates • Application updates
Be on time and avoid distractions (Professionalism)
-Don't allow interruptions • No personal calls, no texting, no Twitter • Don't talk to co-workers -Apologize for delays and unintended distractions -Create an environment for conversation -In person • Be open and inviting • Candy bowl can be magical -On the phone • Quiet background, clear audio • Stay off the speakerphone
SSH (Secure Shell) (Remote Access Technologies)
-Encrypted console communication - tcp/22 • Exactly like telnet -Looks and acts the same as Telnet - tcp/23
Signal drop / weak signal (Troubleshooting Mobile Device Security)
-Drops and weak signals prevent traffic flow • Location is everything -Make sure you're connecting to a trusted WiFi network • Use a VPN if you are not • Never trust a public WiFi Hotspot • Tether with your own device (Hotspot) -Run a speed test if you are unsure you have good connection • Run a cell tower analyzer and test
Boot Camp (Mac OS Features)
-Dual-boot into Windows on Mac hardware -Requires Apple device drivers • Run Windows on Apple's Intel CPU architecture -Everything is managed through the Boot Camp Assistant • Builds a Boot Camp partition • Installs Windows OS and drivers
Change board and approvals (Change Management)
-Either "Go or no go" • Lots of discussion takes place -All important parts of the organization are represented • Potential changes can affect the entire company -Some changes have priority • The change board makes the schedule • Some changes happen quickly • Some take time -This is the last step • The actual work comes next
Protection from airborne particles (Environmental Impacts)
-Enclosures • Protect computers on a manufacturing floor • Protect from dust, oil, smoke -Air filters and masks to protect yourself • Protect against airborne particles • Dust in computer cases, laser printer toner
Mantraps (Physical Security)
-Entry for one at a time and in controlled groups • Manage control through an area -All doors are normally unlocked • Opening one door causes others to lock -All doors normally locked • Unlocking one door prevents others from being unlocked -One door is open / the other is locked • When one is open, the other cannot be unlocked
Local government regulations (Environmental Impacts)
-Environmental regulations requirements • May have very specific controls -The obvious requirements • Hazardous waste • Batteries • Computer components -The not-as-obvious requirements • Paper disposal
Wired connections
-Ethernet cable • Direct connection -Fastest connection is the default determined by Windows • Ethernet, Wireless, WWAN -Alternate configurations when DHCP isn't available in Windows • Located in "Local Area Connection Properties" window > TCP/IPv4 Properties > Alternate Configuration tab
GDPR - General Data Protection Regulation (Privacy, Licensing, and Policies)
-European Union regulation • Data protection and privacy for individuals in the EU • Protects name, address, photo, email address, bank details, posts on social networking websites, medical information, a computer's IP address, etc. -Controls export of personal data by the user • Users can decide where their data goes -Gives individuals control of their personal data • A right to be forgotten (User can have all information deleted) -Located on the site's privacy policy • Shows all details of the privacy rights for a user
Devices and Printers Applet
-Everything on the network • Desktops, laptops, printers, multimedia devices, storage -Quick and easy access • Much less complex than Device Manager • Can right mouse click and view Properties and make device configurations
Explicit and inherited permissions
-Explicit permissions • Sets default permissions for a share • Setting manual permissions makes it explicit -Inherited permissions • Propagated from the parent object to the child object • Set a permission once so that it applies to everything underneath -Explicit permissions take precedence over inherited permissions • Even inherits deny permissions • Parent object can have deny permissions but can set allow permissions to a child object of the parent object (Explicit permissions)
Mounting drives
-Extend available storage space • Mount a separate storage device as a folder -Mount in an empty folder • Instant storage space • Seamless to the user -Configuration done in Disk Management: • Right click on the new drive • Change drive letter and paths • Select "mount" option and browse to the location
Installing applications
-Extend the functionality of your operating system • Specialized applications extend system functionality such as word processing, spreadsheets, graphics capabilities, etc... -Available everywhere • Find the application you need • Install on your operating system -Not every computer can run every application • Some simple checks can help manage your desktop
Secure DNS services
-External/Hosted DNS service • Provides additional security services -Real-time domain blocking • Sites containing malware are not resolvable -Blocks harmful websites • Phishing sites, parked domains -Runs on a secure platform •Avoids poisoning attacks to the DNS cache
Safe Mode - Windows 10 (Troubleshooting Solutions)
-F8 probably won't work • Windows Fast Startup in Windows 8/8.1 and 10 prevents a complete shutdown -From the Windows desktop • Hold down shift when clicking Restart • Or choose Settings > Update & Security > Recovery > Advanced startup > Restart now • This configuration can also be enabled in System Configuration (msconfig) -If you dont have access to the desktop, Interrupt normal boot three times so the system can present the boot option screen
Spotlight (Mac OS Features)
-Find files, apps, images, etc. • Similar to Windows search -Magnifying glass in upper right • Or press Command-Space -Type anything in - See what you find -Define search categories in System Preferences / Spotlight • Enable/disable categories • Can change the order of categories • Can enable/disable categories
Check Disk (chkdsk) command
-Fixes logical file system errors on the disk • chkdsk /f -Locates bad sectors and recovers readable information • chkdsk /r • Implies /f -If volume is locked, run during startup
Local user permissions for application installs
-Folder/file access will be required • Installation programs will be copying a lot of files -The user needs permission to write application files to the storage drive • This may not be the default in an office -May need to run as Administrator • Some applications will install additional drivers or services • Be careful when allowing this level of access!
Denial of service
-Forces a service to fail • Caused by overloading the service -Takes advantage of a design failure or vulnerability • Keep your systems patched! -Causes a system to be unavailable • An attack to give a competitive advantage -Can create a smokescreen for some other exploit • A precursor to a DNS spoofing attack -Doesn't have to be complicated • Simply turning off the power can be considered a denial of service
Linux History
-Free Unix-compatible software system • Unix-like, but not Unix -Many (many) different distributions • Such as Ubuntu, Debian, Red Hat / Fedora -Advantages • Cost. Free! • Works on wide variety of hardware • Has a Passionate and active user community -Disadvantages • Limited driver support, especially with laptops • Limited support options
Linux history
-Free Unix-compatible software system • Unix-like, but not Unix -Many (many) different distributions • Ubuntu, Debian, Red Hat / Fedora -Advantages • Cost. Free! • Works on wide variety of hardware • Passionate and active user community -Disadvantages • Limited driver support, especially with laptops • Limited support options
BitLocker
-Full Disk Encryption • The operating system and all files -A TPM is recommended on the motherboard • Trusted Platform Module • Use a flash drive or password if there's no TPM -Runs Seamlessly • Works in the background • You never know it's there • Used for laptops or mobile devices
Data encryption
-Full-disk encryption • Encrypts the entire drive -File system encryption (EFS) • Individual files and folders -Encrypt removable media • Protect those USB flash drives -Key backups are critical • You always need to have a copy • This may be integrated into Active Directory • You'll want to keep the key handy
GPT partition style
-GPT (GUID Partition Table) • Globally Unique Identifier • The latest partition format standard -Requires a UEFI BIOS • Can have up to 128 primary partitions • No need for extended partitions or logical drives
Performance Monitor
-Gather long-term statistics • Located in the Control Panel under Administrative Tools -Provides OS metrics - Disk, memory, CPU, etc. -Can set an alert and automated actions -Monitor and act •Counters are added to monitor metrics -Store statistics to analyze any long-term trends -Built-in reports allows you to create detailed reports from the data -To bring up Performance Monitor: • Go to "C:\Windows\system32" and click on perfmon.msc • Click on Start and search for perfmon.msc • cmd prompt and type in perfmon.msc
Internet Options Applet
-General Tab • Basic display • Shows options for browser such as home page, how the browser starts up, and change the display of the tabs -Security Tab • Contains zones where security levels are set (Internet, Local Intranet, Trusted Sites, Restricted Sites) • Different security levels for each zone (Between High and Low) -Privacy Tab • Can control settings for cookies, pop-up blocker, InPrivate browsing -Content Tab • Can view information on encryption and identification certificates • Can view auto-complete information -Connections Tab • Can configure VPN, proxy settings, and LAN settings -Programs Tab • Can manage how the browser opens links • Can set default browser • Manage add-ons, plugins, etc. -Advanced Tab • Detailed configuration options for the browser • Can reset all settings back to default
Google Android history
-Google Android • Open Handset Alliance • Open-source OS, based on Linux • Supported on many different manufacturer's devices -Android Apps • Apps are developed on Windows, Mac OS X, and Linux with the Android SDK • Apps are available from Google Play • Apps are also available from third-party sites (i.e., Amazon Appstore)
System requirements for application installs
-Hard Drive space • Initial installation space required • Application use space required • Some applications use a LOT of drive space after installation -RAM • This would be above and beyond the OS requirements • Very dependent on the application • Consider all of the other running applications -OS compatibility • Operating system (Windows, macOS, Linux) • Version of the OS
System requirements for application installs
-Hard Drive space • Initial installation space required • Space required for application use • Some applications use a LOT of drive space after installation -RAM • This would be above and beyond the OS requirements • Very dependent on the application • Consider all of the other running applications -OS compatibility • Operating system (Windows, Mac OS, Linux) • Version of the OS
Microsoft Windows history
-Has a major market presence -Has many different versions • Windows 10, Windows Server 2016 -Advantages • Large industry support • Broad selections of OS options • Wide variety of software support -Disadvantages • Large install base provides a big target for security exploitation • Large hardware support can create challenging integration exercises
Reboot (Troubleshooting Solutions)
-Have you tried turning it off and on again? • There's a reason it works -If a bug is in your router software • Reboot the router to return to a known good state -If an application is using too many resources • Stops the app -a memory leak slowly consumes all available RAM • Clears the RAM and starts again
Disk status
-Healthy • The volume is working normally -Healthy (At Risk) • The volume has experienced I/O errors • Drive may be failing -Initializing • Normal startup message for a new drive -Failed • Cannot be started automatically • The disk is damaged, or the file system is corrupted -Failed redundancy • A drive has failed in a RAID 1 or RAID 5 array -Resynching • Mirrored (RAID 1) volume is synching data between the drives -Regenerating • RAID 5 volume is recreating the data based on the parity data
Man-in-the-middle (MITM) attack
-How can a bad guy watch without you knowing? • This is a Man-in-the-middle attack -This attack is designed to get the attacker between the user and the other device • It redirects your traffic • Then passes it on to the destination • You never know your traffic was redirected -A common way to perform a MITM attack is through ARP poisoning • ARP has no security
TCP/IP host addresses
-IP Address - Unique identifier • Subnet mask - Identifies the subnet • Gateway - The route off the subnet to the rest of the world -DNS - Domain Name Services • Converts domain names to IP addresses -DHCP - Dynamic Host Configuration Protocol • Automates the IP address configuration • Addresses can be dynamic or static -Loopback address - 127.0.0.1 - It's always there!
User authentication (Logical Security)
-Identifier • Something unique • In Windows, every account has a Security Identifier (SID) -Credentials • This information is used to authenticate the user on their system • A password, smart card, PIN code, etc. -A profile is associated to the user once logged in • Stores information about the user • Contains name, contact information, group memberships, etc.
Pop-ups (Troubleshooting Security Issues)
-If Pop-ups appear in your browser • It may look like a legitimate application • Might be a malware infection -Update your browser • Use the latest version • Check pop-up block feature -Scan for malware • Consider a cleaning (Not a guarantee) • Rebuild from scratch or known good backup to guarantee removal
Starting the system (Troubleshooting Windows)
-If a device is not starting • Check Device Manager and Event Viewer • Often a bad driver • Remove or replace driver -If "One or more services failed to start" • Could be a bad/incorrect driver, bad hardware • Try starting the service manually in services.msc • Check account permissions • Confirm/Check service dependencies • Windows service; check system files • Application service; reinstall the application
Application crashes (Troubleshooting Windows)
-If application stops working • May provide an error message • May just disappear -Check the Event Log • Often includes useful reconnaissance -Check the Reliability Monitor • A history of application problems • Checks for resolutions -Reinstall the application • If reinstalling does not work, contact application support
Application crashes (Troubleshooting Security Issues)
-If application stops working • May provide an error message • May just disappear -Check the Event Log • Often includes useful reconnaissance -Check the Reliability Monitor • Application might have a history of problems • Check for resolutions -Reinstall the application • OR contact application support if problem persists
App issues (Troubleshooting Mobile Apps)
-If apps are not loading or performance is slow -Restart the phone - Hold power button, power off -Stop the app and restart • In iPhone: Double-tap home button, slide app up • In Android: Settings/Apps, select app, Force stop -Also update the app - Get the latest version
Slow boot (Troubleshooting Windows)
-If boot process hangs or takes longer than normal • No activity, no drive lights -Manage the startup apps • Control what loads during the boot process -Check Task Manager • under Startup tab • Startup impact, Right-click / Disable -Or Disable everything • And load them back one at a time
Wireless connectivity (Troubleshooting Mobile Apps)
-If getting Intermittent connectivity • Move closer to access point • Try a different access point -If not getting any wireless connectivity • Check/Enable WiFi on the system • Check security key configuration • Hard reset can restart wireless subsystem -IF no Bluetooth connectivity • Check/Enable Bluetooth • Check/Pair Bluetooth components • Hard reset to restart Bluetooth subsystem
Startup Repair (Troubleshooting Windows)
-If missing NTLDR • The main Windows boot loader is missing • Run Startup Repair or replace manually and reboot • Disconnect removable media -If missing operating system • Boot Configuration Data (BCD) may be incorrect • Run Startup Repair or manually configure BCD store -If booting into Safe Mode • Windows is not starting normally • Run Startup Repair
No sound from speakers (Troubleshooting Mobile Apps)
-If no sound from a particular app • Check volume settings - Both app and phone settings • Possible bad software > delete and reload • Try headphones to test if its the device speakers or there is no audio at all -Sound starts but then stops • Might have dueling apps / keep on app in foreground -No speaker sound from any app (no alarm, no music, no audio) • Load latest software device software • Or perform factory reset
System lock up (Troubleshooting Security Issues)
-If system completely stops • Check Caps Lock and Num Lock indicator lights for a status to verify if the system is responding -May still be able to terminate bad apps once you are logged in • In Windows and Linux Task Manager (Ctrl-Alt-Del / Task Manager) • In Mac OS X Force Quit (Command-Option-Esc) -Check system logs when restarting • May have some clues about what's happening -May be a security issue • Perform a virus/malware scan -Perform a hardware diagnostic • System issues can be a factor
Inaccurate touch screen response (Troubleshooting Mobile Apps)
-If the screen responds incorrectly or is unresponsive -Close some apps - Low memory can cause resource contention -Restart the device • Perform a soft reset, unless a hard reset is required -May require a hardware fix • Replace the digitizer / reseat cables
Non-responsive touchscreen (Troubleshooting Mobile Apps)
-If touchscreen completely black or touchscreen not responding to input • Buttons and screen presses do not register -Restart the Apple iOS device • Hold power button, slide to power off, press power button (soft reset) • Hold down power button and Home button for 10 seconds (hard reset) -Restart the Android device • Remove battery, put back in, power on • Hold down power and volume down until restart • Some phones have different key combinations • Some phones DO NOT HAVE a key-based reset
Leaked information (Troubleshooting Mobile Device Security)
-If unauthorized access was made to your device such as: • Unauthorized account access • Unauthorized root access • Leaked personal files and data -Determine cause of data breach • Find the source of the leak • Perform an app scan, run anti-malware scan -Perform a factory reset and clean install if the breach was done on the actual device • This is obviously a huge issue -Breach might've been done where the device stores it data (cloud). Check online data sources such as: • Apple iTunes/iCloud/Apple Configurator • Google Sync • Microsoft OneDrive -CHANGE PASSWORDS
Incident response: First response (Privacy, Licensing, and Policies)
-If you are the first to Identify the issue • You might have log information • You might've seen the incident in person • You might have monitoring data -Report the incident to the proper channels • Don't delay -Collect and protect information relating to an event • Many different data sources and protection mechanisms
Boot errors (Troubleshooting Windows)
-If you can't find operating system • Bootup shows the OS is missing -Or a Boot loader is replaced or changed • Due to multiple OSes installed -Check your boot drives • BIOS might be configured to boot from a DVD-rom or USB drive • Remove any media such as USB drives or check the DVD-Drive -Startup Repair utility included in Windows • Checks every step along the boot process • Identifies problems and corrects them -May need to perform manual configuration to modify the Windows Boot Configuration Database (BCD) from the command prompt • Formerly boot.ini • Recovery Console: "bootrec /rebuildbcd" will look for installed versions of windows. Gives the option to add to its list if any are found.
Short battery life (Troubleshooting Mobile Apps)
-If you get bad reception tends to decrease battery life • Device is always searching for signal • Acts as airplane mode on the ground -Disable unnecessary features • 802.11 wireless, Bluetooth, GPS -Check application battery usage • iPhone: Settings/General/Usage • Android: Settings/Battery -Might be an aging battery - There's only so many recharges
Backup strategies (Disaster Recovery)
-Image level backup • Incorporates everything in a server or device and creates a single image from all of that data • Can use a bare metal (server with no OS) and apply this image backup • Consists of volume snapshots or hypervisor snapshots (VM) of the operating system • Can recover the entire system at once • Image level backup allows you to make an exact duplicate of the server -File level backup • Only copies important files • Copies individual files to a backup • May not necessarily store all system files • May need to rebuild the OS and then perform a file restore
Is it legal to dive in a dumpster?
-In the United States, it's legal • Unless there's a local restriction -If it's in the trash, it's open season • Nobody owns it -If dumpsters are on private property or show "No Trespassing" signs then it may be restricted • You can't break the law to get to the rubbish -If you have questions? Talk to a legal professional.
Upgrade methods
-In-place upgrade • Upgrades the existing OS • Keeps all applications, documentations, and settings • Start the setup from inside the existing OS -Clean install • Wipes everything and reload • Backup your files • Start the setup by booting from the installation media
Firewall settings (Securing SOHO Network)
-Inbound traffic • Extensive filtering and firewall rules • Allow only required traffic • Configure port forwarding to map TCP/UDP ports to a device • Consider building a DMZ -Outbound traffic • Blacklist - Allow all traffic, stop only unwanted traffic • Whitelist - Block all traffic, only allow certain traffic types
Kill tasks (Troubleshooting Solutions)
-Instead of rebooting, find the problem • And kill it -Done in Task Manager under the Processes tab -Sort by resource - CPU, memory, disk, network -Right-click to end task • Trial and error
Browser redirection (Troubleshooting Security Issues)
-Instead of your Google result, your browser goes somewhere else • This should not ever happen -Malware is the most common cause • This makes money for the bad guys -Use an anti-malware/anti-virus cleaner • This is not the best option -OR Restore from a good known backup • The only way to guarantee removal
Windows (Defender) Firewall
-Integrated into the operating system -Located in Control Panel / Windows Firewall In Windows 7 & 8 -Located in Control Panel / Windows Defender Firewall in Windows 10 -Windows Firewall with Advanced Security • Click "Advanced settings" -Fundamental firewall rules (basic functionality) • Allows apps to send/receive traffic • Based on applications • No detailed control -No scope can be set • All traffic applies (inbound/outbound) -No connection security rules • Can't encrypt with IPsec tunnels
Surge suppressor specs (Environmental Impacts)
-Joule ratings • Surge absorption • 200=good, 400=better • Look for over 600 joules of protection -Surge amp ratings • Higher is better -UL 1449 voltage let-through ratings • Ratings at 500, 400, and 330 volts • Lower is better
4a. Remediate: Update anti-virus (Removing Malware)
-Keep signatures and engine updated • The engine - the guts of the machine • Signature updates - constantly updated -Automatic vs. manual • Manual updates are almost pointless since it updates automatically -Your malware may prevent the update process • Download from another computer and copy onto a removable drive to install into infected pc
Patch and update management
-Keep the OS and applications updated • Security and stability improvements -Built-in to the operating system for standalone systems (home systems) • Updates are deployed as available • Deployment may be managed internally by the organization -Many applications include their own updater • Check for updates when starting -Always stay up to date • Security vulnerabilities are exploited quickly
Controlling ESD (Managing Electrostatic Discharge)
-Keeping humidity over 60% helps control ESD • Won't prevent all possible ESD • Keeping an air conditioned room at 60% humidity isn't very practical and uncomfortable to work in -Use your hand to self-ground • Touch the exposed metal chassis before touching a component • Always unplug the power connection • Do not connect yourself to an electrical ground! -Try not to touch components directly • Card edges only • Do not touch any components of the card
Windows Update
-Keeps your OS up to date - Security patches, bug fixes -Can be configured to be installed automatically - Updates are always installed -Can be configured to download but wait for install - You control the time -Can be configured to check but not to download • Saves bandwidth -Can be configured to never check - Don't do this -Windows 10 has the option to schedule a restart after updates are completed.
Distributed Denial of Service (DDoS)
-Launches an army of computers to bring down a service • Uses all the bandwidth or resources - causes a traffic spike -This is why the bad guys have botnets • Thousands or millions of computers at your command • At its peak, Zeus botnet infected over 3.6 million PCs • Attacks are coordinated -The attackers are zombies • Many people have no idea they are participating in a botnet • Users might not know they are running malware on their computer
Storage types
-Layered on top of the partition and file system • A Windows thing -Basic disk storage • Available in DOS and Windows versions • Primary/extended partitions, logical drives • Basic disk partitions can't span separate physical disks -Dynamic disk storage • Available in all modern Windows versions • Span multiple disks to create a large volume • Split data across physical disks (striping) • Duplicate data across physical disks (mirroring) • Not all Windows versions support all capabilities
Network adapter properties
-Link speed and duplex • Auto negotiation doesn't always negotiate • Both sides must match -Wake on LAN • Computer sleeps until needed • Useful for late-night software updates
Disk maintenance (Linux tools)
-Linux doesn't require a lot of maintenance • You probably already know this -Clean up log space • All logs are stored in /var/log -File system check • Done automatically every X number of reboots • to Force file system check after reboot, add a file to the root : sudo touch /forcefsck
ls (Linux Command)
-Lists directory contents • Similar to the dir command in Windows -Lists files, directories • May support color coding; Blue is a directory, red is an archive file, etc. -For long output, pipe through more: • > ls -l | more (use q or Ctrl-c to exit)
Applications Tab
-Lists user-interactive applications in use • Apps on the desktop -Administratively control apps • End task, start new task -Combined with the Processes tab in Windows 8/8.1/10
Application Installation methods
-Local installation • Downloadable executable • CD-ROM / DVD-ROM, Optical media -USB • Very compatible with most devices • Supports large installation programs -Network-based installation • The default in most organizations • Applications are staged and deployed from a central server • Can be centrally managed
Scripting characteristic (Scripting)
-Loops • Perform a process over and over • Loop a certain number of times • Loop until something happens -Comments • Annotate the code as its being created • Allows for others to understand what it does
Apple Mac OS history
-Mac OS • Desktop OS running on Apple hardware -Advantages • Easy to use • Extremely compatible • Relatively fewer security concerns -Disadvantages • Requires Apple hardware • Less industry support than the PC platform • Higher initial hardware cost
Anti-virus/Anti-malware updates for Mac OS
-Mac OS does not include anti-virus • Or anti-malware -Many 3rd-party options are available • From the usual companies • Can be installed into Mac OS -An emerging threat • Still doesn't approach Windows • It's all about the number of desktops -Automate your signature updates • Make sure all new updates are installed to be secured from threats every hour/day
BITS
Background Intelligent Transfer Service - a protocol in which the computer is enabled to browse update.microsoft.com and select updates for download and installation
Microsoft Windows history
-Major market presence -Many different versions • Windows 10, Windows Server 2016 -Advantages • Large industry support • Broad selections of OS options • Wide variety of software support -Disadvantages • Large install base provides a big target for security exploitation • Large hardware support can create challenging integration exercises
Sync Center
-Make files available, even when you're not online • Automatically syncs when back online • Contains built-in sync conflict management -Not available in Home editions • Needs offline file functionality • Only available in Pro and higher -Mark files "Always available offline" to use this capability
Document changes (Change Management)
-Make sure everyone knows a change has been made • Everyone needs to know -Help desk documentation that needs to be updated such as: • Version numbers, network diagram, new server names -Track changes over time • Cross-reference against help desk tickets -Track before and after statistics • Has it been better or worse?
Local government regulations (Safety Procedures)
-Make sure you are compliant with health and safety laws • These vary widely depending on your location • Keep the workplace hazard-free -Building codes is an example • Need to make sure you are compliant with fire prevention • Need to make sure you are compliant with electrical codes -Follow the environmental regulations to dispose of high-tech waste safely
Password complexity and length
-Make your password strong • No single words • No obvious passwords (What's the name of your dog?) • Mix upper and lower case • Use special characters (don't replace a "o" with a "0", a "t" with a "7") -A strong password is at least 8 characters • Consider a phrase or set of words -Set password expiration, requires change • System will remember its password history which will require a unique password(s)
Virus
-Malware that can reproduce itself with your assistance • It needs you to execute a program -Reproduces through file systems or the network • Just running a program can spread a virus -May or may not cause problems • Some viruses are invisible, some are annoying -Anti-virus is very common • Thousands of new viruses every week • Make sure your anti-virus software is updated
List some common causes of slow system performance.
Background processes, insufficient RAM, excessive disk fragementation, malware
Worms
-Malware that self-replicates • Doesn't need you to do anything • Uses the network as a transmission medium • Self-propagates and spreads quickly -Worms are pretty bad things • Can take over many systems very quickly -Firewalls and IDS/IPS can mitigate many worm infestations • Doesn't help much once the worm gets inside • Make sure to keep anti-malware updated
Policies and procedures (Mobile Devices)
-Manage company-owned and user-owned mobile devices • BYOD - Bring Your Own Device where you can use your personal device for work -Centralized management of the mobile devices • Specialized functionality/Mobile Device Manager (MDM) -MDM can set policies on apps, data, camera, etc. • Control the remote device • The entire device or a "partition" -Can manage access control • Force screen locks and PINs on these single user devices
TaskList and TaskKill command
-Manage tasks from the command line • No Task Manager required! -tasklist • Displays a list of currently running processes • Local or remote machine -taskkill • Terminate tasks by process id (PID) or image name • TASKKILL /IM notepad.exe - kills the notepad.exe process by image name • TASKKILL /PID 1234 /T - kills the process identifier (PID) by number
Internal operating procedures (Documentation Best Practices)
-Many Organizations have different business objectives • Different processes and procedures -Different operational procedures • Different requirements for downtime notifications • Different way of handling facilities issues -Software upgrades • Different ways of testing new version of software • Different ways of rolling out software with change control -Documentation is the key • Everyone can review and understand the policies with centralized documentation
Driver/firmware updates (Linux)
-Many drivers are in the kernel • Updated when the kernel updates -Additional drivers are managed with software updates or at the command line • Update those yourself
System / application log errors (Troubleshooting Security Issues)
-Many errors go undetected • The details are in the log (Event Viewer) -It may take some work to find them • Filter and research -Find security issues • Improper logins • Unexpected application use • Failed login attempts
Data Loss Prevention (DLP) (Logical Security)
-Many organizations deal with sensitive information such as Social Security numbers, credit card numbers, medical records • Security admin wants to limit the type of information is transferred across the network. -Stop the data before the bad guys get it • common to use this software and hardware to monitor what traffic is being transferred across the network and why type of info. is attached inside any emails. • Protects against this type of data "leakage" -So many sources, so many destinations • Often requires multiple solutions in different places
MAC address filtering (Securing SOHO Network)
-Media Access Control • The "hardware" address -Can limit access through the physical hardware address • Keeps the neighbors out of the network • Additional administration with visitors -Easy to find working MAC addresses through wireless LAN analysis • MAC addresses can be spoofed by free open-source software -An example of Security through obscurity
MAC filtering (Logical Security)
-Media Access Control • The "hardware" address -Limit access through the physical hardware address • Keeps the neighbors out • Additional administration with visitors -Easy to find MAC addresses through wireless LAN analysis • MAC addresses can be spoofed with open-source software -Refer to as Security through Osbcurity • If the security method is known, it can easily be circumvented
Security considerations (Remote Access Technologies)
-Microsoft Remote Desktop • An open port tcp/3389 is a big tell • Brute force attack is common -Third-party remote desktops • Often secured with just a username and password • There's a LOT of username/password re-use -Once you're in, you're in • The desktop is all yours • Easy to jump to other systems • Personal information, bank details can be obtained • Make purchases from the user's browser
mstsc.exe
-Microsoft Terminal Services Client • Remote Desktop Connection • Can also open through the cmd line or Run cmd -Access a desktop on another computer • Or connect to a Terminal Server -Common for management on servers without a keyboard or monitor connected to them • "Headless" servers - Located under C:\Windows\System32 • Can also open through the cmd line or Run cmd
Windows on a mobile device
-Microsoft Windows 10 • Fully-featured tablets -Many different manufacturers • Touchscreen computer • Keyboards • Pen stylus -Windows Mobile • No longer in active development • No support after December 2019
4b. Remediate: Scan and remove (Removing Malware)
-Microsoft, Symantec, McAfee • The big anti-virus apps -Malwarebytes Anti-Malware • Malware-specific -Stand-alone removal apps • Check with your anti-virus company -There's really no way to know if it's really gone • End result may be to delete and rebuild to guarantee 100% removal
Firewalls (Mobile Devices)
-Mobile phones don't include a firewall • Most activity is outbound, not inbound -Some mobile firewall apps are available • Mostly for Android • None seem to be widely used -Enterprise environments can control mobile apps • Firewalls can allow or disallow access
Dialup connections
-Modem connection • Standard phone lines -Configuration will require: • Authentication • Phone number -Can connect/disconnect from network status icon
Software firewalls
-Monitors the local computer • Alert on unknown or unauthorized network communication -Prevents malware communication • Downloads after infection • Botnet communication -Use Windows Firewall • At a minimum -Runs by default • Constantly monitoring any network connection
Equipment grounding (Safety Procedures)
-Most computer products connect to ground • Divert any electrical faults away from people -This also applies to equipment racks in the data center • Large ground wire -Don't remove the ground connection • It's there to protect you -NEVER connect yourself to an electrical ground • This is not a way to prevent ESD • Never connect yourself to any source with voltage on it
App log errors (Troubleshooting Mobile Apps)
-Most log information is hidden • You'll need developer tools to view it -Contains a wealth of information • If you can decipher it • This might take a bit of research -To view these logs • For iOS, you can use Xcode • For Android, you can use Logcat
ipconfig
-Most of your troubleshooting starts with your IP address • Ping your local router/gateway -Determine TCP/IP and network adapter information • And some additional IP details such as IP address, subnet mask, default gateway -View additional configuration details with typing "ipconfig /all" • Shows details for DNS servers, DHCP server, etc
mv (Linux Command)
-Move a file • used to rename a file -mv SOURCE DEST • to rename first.txt to second.txt, you use the command "> mv first.txt second.txt"
Defragmentation (Troubleshooting Solutions)
-Moves file fragments so they are contiguous • So they can share a common border • Improves read and write time • Only applicable to spinning hard drives -Graphical version located in the drive properties • Type "defrag" at the command line to show options -Already added to the weekly schedule • Control Panel / Administrative Tools / Task Scheduler
Biometric authentication (Mobile Devices)
-Multi-factor authentication • Combining different methods of authentication • Can use a passcode, password, or swipe pattern • Also use a fingerprint, face, or iris -A phone is always with you • And you're a good source of data -We're just figuring this out (Its not perfect) • Biometrics have a long way to go for security • Always use as many factors as necessary
A backup for the DHCP server
-Multiple DHCP servers should be configured for redundancy • So that one is always be one available -If a DHCP server isn't available, Windows uses the Alternate Configuration (Only if DHCP is not available) • The default is APIPA addressing -You can also configure a static IP address
Smart cards (Logical Security)
-Must have physical card to provide digital access • A digital certificate -Can contain multiple factors • A card with PIN or fingerprint
Compliance (Documentation Best Practices)
-Must meet the standards of laws, policies, and regulations -A healthy catalog of rules • Across many aspects of business and life • Many are industry-specific or situational -Penalties can be imposed on organizations that dont follow these laws, such as: • Fines • Loss of employment • Incarceration -Scope of regulations • Some regulations can be specific to a region or a country • Some regulations can be worldwide • Understand the exact scope of the regulations and how they apply to your organization
NTFS and CDFS
-NTFS - NT File System • Extensive improvements over FAT32 • Can set quotas, file compression, encryption • Contains symbolic links, large file support, security, recoverability -CDFS - Compact Disk File System • ISO 9660 standard • All operating systems can read the CD
What allows a organization to centralize the management and configuration of operating systems, applications, and users' settings in an Active Directory environment?
Group Policy
netstat
-Network statistics • Utility available on many different operating systems -netstat -a • Shows all active connections -netstat -b • Shows binaries (Windows) that may be sending/receiving information • Requires elevation -netstat -n • Does not resolve DNS names
Backout plan (Change Management)
-Never believe the change will work perfectly and nothing will ever go bad • Prepare for the worse -Always have a way to revert your changes • Prepare for the worst, hope for the best -This isn't as easy as it sounds • Some changes are difficult to revert • Always have a backup plan AND always have backups
Surge suppressor (Environmental Impacts)
-Not all power is "clean" • Self-inflicted power spikes and noise • Storms, power grid changes -Spikes are diverted to ground -Noise filters remove line noise • Decibel (Db) levels at a specified frequency • Higher Db is better
Flavors of traceroute
-Not all traceroutes are the same • Minor differences in the transmitted payload -Windows commonly sends ICMP echo requests • Receives ICMP time exceeded messages • And an ICMP echo reply from the final/destination device • Unfortunately, outgoing ICMP is commonly filtered -Some operating systems allow you to specify the protocol used • Linux, Unix, Mac OS, etc. -IOS devices send UDP datagrams over port 33434 • The port number can be changed with extended options
Privileges
-Not all users can run all commands • Some tasks are for the administrator only -Standard privileges • Run applications as normal user • This works fine for many commands -Administrative/elevated privileges • You must be a member of the Administrators group • Right-click Command Prompt, choose "Run as Administrator" • OR by searching for cmd.exe, then pressing "Ctrl+Shift+Enter" to run as Administrator
Image recovery (Linux tools)
-Not as many options as Windows • But still some good ones available -dd is built-in to Linux • Can convert and copy a file • Can backup and restore a partition • Very powerful -Other 3rd-party utilities can image drives • GNU Parted and Clonezilla are two examples
End-user acceptance (Change Management)
-Nothing will happen without a sign-off • The end users of the application / network need to be aware of a change, possible downtime, and timeframe -One of your jobs is to make them successful • They ultimately decide if a change is worth it to them -Ideally, this is a formality • Of course, they have been involved throughout the entire process • There's constant communication before and after
Frozen system (Troubleshooting Mobile Apps)
-Nothing works - No screen or button response -Perform a Soft reset - Hold power down and turn off -Perform a Hard reset • In iOS: Hold power and home button for 10 seconds • In Android: Combinations of power, home, and volume -Ongoing problems may require a factory reset
Update network settings (Troubleshooting Solutions)
-One configuration mismatch can cause significant network slowdowns • Know the speed and duplex configuration between the device and the connected switch • make sure they match on both -Most auto negotiations work fine • Device and Switch will choose the best setting for speed and duplex and confirm they match on both sides • Does not work 100% of the time due to certain chipsets or network configurations -Driver properties may not show the negotiated value of auto negotiation • For that info, look in network details at the command line or filter through the Event Viewer -Device should match the switch • Both sides should be identical • Any mismatches will cause errors or slowdowns across the network
FAT (File Allocation Table)
-One of the first PC-based file systems (circa 1980) -FAT32 - File Allocation Table • Larger (2 terabyte) volume sizes • Maximum file size of 4 gigabytes • Most common file type -exFAT - Extended File Allocation Table • Microsoft flash drive file system • Files can be larger than 4 gigabytes
RADIUS (Remote Authentication Dial-in User Service)
-One of the more common AAA (Authenticaion, Authorization, Accounting) protocols • Supported on a wide variety of platforms and devices • Not just for dial-in -Centralizes authentication for users on a single server • Routers, switches, firewalls communicate and authenticate to the AAA server using the Radius protocol • Server authentication • Remote VPN access • Commonly seen on 802.1X network access -RADIUS services available on almost any server operating system
Communication skills (Communication)
-One of the most useful skills for the troubleshooter -One of the most difficult skills to master -A skilled communicator is incredibly marketable
7. Educate the end user (Removing Malware)
-One on one personal training -Place posters and signs in high visibility -Physical message board postings -Login messages as a quick reminder (switch often) -On the Intranet page that explains more about malware and what should be done if you suspect you are infected with malware
Rootkits
-Originally a Unix technique • The "root" in rootkit -Modifies core system files • Becomes part of the kernel -Can be invisible to the operating system • Won't see it in Task Manager -Also invisible to traditional anti-virus utilities • If you can't see it, you can't stop it
Windows 8/8.1 processor requirements
-PAE (Physical Address Extension) • 32-bit processors can use more than 4 GB of physical memory -NX (NX Processor Bit) • Allows CPU to protect against malicious software from running -SSE2 (Streaming SIMD Extensions 2) • A standard processor instruction set • Used by third-party applications and drivers
Keychain (Mac OS Features)
-Password management • Passwords, notes, certificates, etc. -Integrated into the OS - Keychain Access -Passwords and Secure Notes are encrypted with 3DES • Login password is the key
Password policy (Documentation Best Practices)
-Passwords should be complex, and all passwords should expire • Change every 30 days, 60 days, 90 days -Critical systems might change more frequently • Every 15 days or every week -The recovery process should not be trivial! • Some organizations may have a very formal process
PCI DSS (Privacy, Licensing, and Policies)
-Payment Card Industry Data Security Standard (PCI DSS) • A standard for protecting credit cards -This standard consists of six control objectives • Build and Maintain a Secure Network and Systems • Protect Cardholder Data • Maintain a Vulnerability Management Program • Implement Strong Access Control Measures • Regularly Monitor and Test Networks • Maintain an Information Security Policy
Dictionary attacks
-People use common words as passwords • You can find them in the dictionary -If you're using brute force, you should start with the easy ones • common passwords such as 123456, password, ninja, football -Many common word-lists available on the 'net • Some are customized by language or line of work -This will catch the low-hanging fruit • You'll need some smarter attacks for the smarter people
Licenses (Privacy, Licensing, and Policies)
-Personal license • Designed for the home user • Usually associated with a single device • Or small group of devices owned by the same person • Perpetual (one time) purchase -Enterprise license • Per-seat purchase or a site license • The software may be installed everywhere • Requires annual renewal
Spear phishing
-Phishing with inside information • Targets a more specific group (e.g. AP dept.) • Makes the attack more believable • Spear phishing the CEO is "whaling" -April 2011 - Epsilon was targeted • Less than 3,000 email addresses attacked • 100% of emails targeted operations staff • This attack downloaded anti-virus disabler, keylogger, and remote admin tool for those users who clicked on the link -April 2011 - Oak Ridge National Laboratory • Email was received from the "Human Resources Department" • 530 employees were targeted, 57 people clicked, 2 were infected • This attack downloaded data and infected servers with malware from users who clicked on the link
Overheating (Troubleshooting Mobile Apps)
-Phone will automatically shut down to avoid damage caused by overheating -Heat comes from charging/discharging the battery, CPU usage, display light • All of them create heat -Check app usage - Some apps can use a lot of CPU -Avoid direct sunlight - Quickly overheats
Safe Mode -Win 7 and 8/8.1 (Troubleshooting Solutions)
-Press F8 on boot • Advanced Boot Options -Safe Mode • Only the necessary drivers to get started -Safe Mode with Networking • Includes drivers for network connectivity -Safe Mode with Command Prompt • No Windows Explorer - quick and dirty -Enable low-resolution (VGA Mode) • Recover from bad video driver installations
Spoofing
-Pretends to be something you aren't • A Fake web server or a fake DNS server, etc. -Email address spoofing • The sending address of an email isn't really the sender -Caller ID spoofing • The incoming call information is completely fake -Man-in-the-middle attacks • The person in the middle of the conversation pretends to be both endpoints
USB locks (Physical Security)
-Prevent access to a USB port • Physically place a lock inside of the USB interface -A secondary security option is disabling the interface in BIOS and/or operating system • Not truly inaccessible, there's always a way around security controls -Relatively simple locks • Defense in depth
Port security (Logical Security)
-Prevents unauthorized users from connecting to a switch interface • Alert or disable the port -prevents access based on the source MAC address • Even if its forwarded from elsewhere -Each port has its own config • Unique rules for every interface
Testing the printer (Troubleshooting Windows)
-Print or scan a test page • Built into Windows printer properties • Not the application -Use diagnostic tools • Can be web-based utilities (Built into the printer) • Can be Vendor specific (Download from the web site) • Or Generic (Available in LiveCD form)
Quality of Service (QoS)
-Prioritize network traffic • Applications, VoIP, and Video -Infrastructure must support QoS • Differentiated Services Code Points (DSCP) field in the IP header • IPv4 - Type of Service (ToS) field • IPv6 - Traffic Class octet -Manage through Local Computer Policy or Group policy (C:\Windows\System32 > gpedit.msc) OR run > gpedit.msc • Located under Computer Configuration / Windows Settings / Policy-based QoS
Windows 7 Minimum Hardware Requirements (x64)
-Processor/CPU - 1 GHz processor -Memory - 2 GB RAM -Free disk space - 20 GB -Video - DirectX 9 graphics device with WDDM* 1.0 or higher driver *Windows Display Driver Model -Win7 64-bit
Rebuild Windows profiles (Troubleshooting Solutions)
-Profiles can become corrupted • The User Profile Service failed the logon. User Profile cannot be loaded. • User documents may be "missing" (temp. profile) -If a profile doesn't exist, it's recreated • We're going to delete the profile and force the rebuilding process -It's not as easy as copying a file • Create registry backups in case modifications are made
Virus types
-Program viruses • It's part of the application -Boot sector viruses • Exists in the boot sector • Virus is executed when the OS starts up • No OS is needed -Script viruses • e.g. Java Script • Operating system and browser-based -Macro viruses • Common in Microsoft Office
Windows (Defender) Firewall Applet
-Protect from attacks • Scans for malicious software • Helps prevent access to resources on the local pc -Integrated into the operating system - Located in Control Panel under Windows (Defender) Firewall
Unable to decrypt email (Troubleshooting Mobile Apps)
-Protects your email with encrypted communication channels -This is built-in to corporate email systems • Microsoft Outlook • Each user has a private key on their mobile device • You can't decrypt without the key -System administrators will use Mobile Device Manager (MDM) to install individual private keys on every mobile device
Authenticator apps (Mobile Devices)
-Pseudo-random token generators • A useful authentication factor -Use to carry around physical token devices -You're carrying your phone around • And it's pretty powerful which can have the app installed • Don't need to carry around physical hardware
Quick format vs. full format
-Quick format • Creates a new file table • Looks like data is erased, but it's not • No additional checks -Quick format in Windows 7, 8/8.1, and 10 • Use diskpart for a full format within windows 7, 8/8.1/10 -Full format • Writes zeros to the whole disk • Your data is unrecoverable • Checks the disk for bad sectors - Time consuming
Quick format vs. full format
-Quick format • Creates a new file table • Looks like data is erased, but it's not • No additional checks -Quick format in Windows 7, 8/8.1, and 10 • Use diskpart for a full format within windows 7, 8/8.1/10 -Full format • Writes zeros to the whole disk • Your data is unrecoverable • Checks the disk for bad sectors which is time consuming
Disposal procedures (Environmental Impacts)
-Read your Material Safety Data Sheets (MSDS) to know how/where to dispose of computer equipment • Mandated by United States Department of Labor and/or Occupational Safety and Health Administration (OSHA) • http://www.osha.gov, Index page -This provides information for all hazardous chemicals • Batteries, display devices / CRTs, chemical solvents and cans, toner and ink cartridges -Sometimes abbreviated as Safety Data Sheet (SDS) • Might have a different name depending on what country you are in
Unauthorized location tracking (Troubleshooting Mobile Device Security)
-Real-time tracking information and historical tracking details • This should be as protected as your other data -If any suspicion an app is tracking your location, run an anti-malware scan • Malicious apps can capture many data points -Check apps with an offline app scanner • Get some insight into what's running -Perform a factory reset if tracking is occurring • Restore from a known-good backup
Anti-virus/Anti-malware updates (Linux)
-Relatively few viruses and malware for Linux • Still important to keep updated -ClamAV • Open source antivirus engine -Same best practice as any other OS • Always update signature database • Always provide on-demand scanning
Windows 7 history
-Released October 22, 2009 • Mainstream support ended January 13, 2005 • Extended support until January 14, 2020 -Very similar to Windows Vista • Maintained the look and feel of Vista • Used the same hardware and software • Increased performance over Windows Vista -Updated features • Libraries • HomeGroup • Pinned taskbar
Windows 7 history
-Released October 22, 2009 • Mainstream support ended January 13, 2015 • Extended support until January 14, 2020 -Very similar to Windows Vista • Maintained the look and feel of Vista • Used the same hardware and software • Increased performance over Windows Vista -Updated features • Libraries • HomeGroup • Pinned taskbar
Software tokens (Logical Security)
-Relies on pseudo-random number generator • Can't guess it • Changes constantly -Can save money • Can be a free smartphone app with no cost associated • No separate hardware needed to assign and/or lose
Remote access
-Remote Assistance • Commonly seen in Home editions • One-time remote access • Single-use password • Chat, diagnostics, NAT traversal -Remote Desktop Connection • Non-Home editions • Ongoing access • Local authentication options • May require port forwarding
Personal safety (Safety Procedures)
-Remove any jewelry and/or name badge neck straps that can cause you to get stuck • Or use breakaway straps -Lifting technique • Lift with your legs, keep your back straight • Don't carry overweight items/devices • Equipment can be available that can help you to lift -Electrical fire safety • Don't use water or foam • Use carbon dioxide, FM-200, or other dry chemicals • Always remove from the power source -Cable management • Avoid trip hazards • Use cable ties or velcro -Safety goggles • Useful when working with chemicals • Useful for printer repair, toner, batteries -Air filter mask • Computer could be dusty • Useful when working with printer toner
Roll back (Troubleshooting Solutions)
-Restore points • Rewind to an earlier point in time • Time travel without erasing your work -Application updates • Restore point is created automatically during application installations -Device Drivers • These can break Windows • You can roll back from the Windows start menu (F8)
rm (Linux Command)
-Remove files or directories • Deletes the files -Does not remove directories by default • Directories must be empty to be removed or must be removed with -r option
Desktop security
-Require a screensaver password • Integrated with login credentials • Can be administratively enforced • Automatically locks after a timeout -Disable autorun • autorun.inf in Vista (No Autorun available in Windows 7, 8/8.1, or 10) • Disabled through the registry -Consider changing AutoPlay • Get the latest security patches (updates to autorun.inf and AutoPlay)
Volume sizes
-Resize a volume • Right-click the volume for options • Can shrink or extend -Can split the hard drive space into 2 volumes • e.g. 120GB into 2 60GB volumes • Can Shrink a volume • Can format unallocated space -Can also create mirrored volumes -Configuration done in Disk Management
Display Applet
-Resolution options • Important for LCD monitor native resolutions -Can configure the color depth and refresh rate • Located in Control Panel > Display > Adjust Resolution > Advanced Settings > Adapter "list all modes" -In Windows 10, it is located in Settings > System > then choose the Display option • Different settings available
Phishing
-Social engineering with a touch of spoofing • Often delivered by spam, IM, etc. • Very remarkable when well done -Don't be fooled • Check the URL -Usually there's something not quite right • Mistakes with spelling, fonts, or graphics -Vishing (Voice Phishing) which is done over the phone • Callers might say they are from the IRS and they need money • They dont ask for cash, they ask for gift cards • Fake security checks or bank updates
Windows 7 Enterprise
-Sold only with volume licenses • Designed for very large organizations -Multilingual User Interface packages -Supports the following: • DVD playback • Windows Aero • Internet Connection Sharing • IIS Web Server -Supports all enterprise technologies: • Can join a domain • Bitlocker support • EFS (Encrypting File System) -x86 version supports 4gb RAM -x64 version supports 192gb RAM
Troubleshooting Applet
-Some problems can be easily fixed • Have you tried turning it off and on again? -Automate some of the most common fixes • Troubleshooting option are categorized -May require elevated account access to enable/disable hardware and features
Force Quit (Mac OS Tools)
-Stop an application from executing • Some applications are badly written -Command-Option-Esc • Lists the application to quit • Select the application to "Force Quit" -Another way to "Force Quit" is to hold the option key when right-clicking the app icon in the dock • Continue holding the "Option" key to view the "Force Quit" option. Letting go of the "Option" key changes it to only "Quit"
System Applet
-System properties • Provides Computer information • Including version and edition -Remote settings can be turned on or off for Remote Assistance and Remote Desktop -System protection • Can enable/disable System Restore • Select drives to allocate additional space for system restore -Performance Options located under Advance System Settings can be set for: • Configuring Virtual Memory • Configuring Visual Effects • Configuring Data Execution Prevention (DEP)
IP address spoofing
-Takes someone else's IP address • Takes the IP address from the actual device to make it seem like the data is coming from the legitimate device • Pretends to be somewhere you are not -Can be for a legitimate reason • Load balancing • Load testing -For illegitimate reasons such as: • ARP poisoning • DNS amplification / DDoS -Easier to identify than MAC address spoofing • Apply rules to prevent invalid traffic, enable switch security • IP addresses are known on the network and if inbound traffic is detected from a location where that IP address should not be then you can suspect IP Spoofing is occurring.
Difficult situations (Professionalism)
-Technical problems can be stressful -Don't argue or be defensive • Don't dismiss • Don't contradict -Diffuse a difficult situation with listening and questions • Relationship-building • User might just want to vent (just listen) -Communicate • Even if there's no update -Never take the situation to social media
Telnet (Remote Access Technologies)
-Telnet - Telecommunication Network - tcp/23 -Login to devices remotely • Console access -Unencrypted communication • Not the best choice for production systems
Cable locks (Physical Security)
-Temporary security • Connect your hardware to something solid -Cable works almost anywhere • Useful when mobile -Most devices have a standard connector • contains a reinforced notch -Not designed for long-term protection • Those cables are pretty thin and can be cut
This type of malware watches for and logs types of traffic you might be doing on your computer, such as logging into a bank account. It may monitor what websites your browser visits as well.
Spyware
Device Manager
-The OS doesn't know how to talk directly to most hardware -Device drivers are hardware specific and operating system specific • Windows 7 device drivers may not necessarily work in Windows 10 -Technical Support FAQ starting point • "Have you updated the drivers?" -Complete control of the hardware • Can update, uninstall, or disable drivers • Can scan for hardware changes OR dive into the driver properties -Computer Management or devmgmt.msc
regedit.exe
-The Windows Registry • The big huge master database • Hierarchical structure • Use to configure different parts in Windows • Use to configure different applications in Windows -Used by almost everything in Windows • Kernel, Device drivers • Services • Security Account Manager (SAM) • User Interface, Applications -Backup your registry! • Also called a hive • Use "export" to backup the registry • Built into regedit - Located under C:\Windows • Can also open through the cmd line or Run cmd
Windows 10 Pro
-The business version of Windows • Additional management features -Remote Desktop host • Remote control each computer -Supports: • Hyper-V • Bitlocker (Full Disk Encryption (FDE)) • Can join a Windows domain (Group Policy management) -Does not support: • AppLocker • BranchCache -Max x86 RAM 4 GB -Max x64 RAM 2048 GB
Linux commands
-The command line - Terminal, XTerm, or similar -Commands are similar in both Linux and Mac OS • Mac OS derived from BSD (Berkeley Software Distribution) Unix • This section is specific to Linux -Download a Live CD or install a virtual machine to see its functions • Many pre-made Linux distributions are available to download and install • Ubuntu can be used in a virtual machine • Use the "man" command for help • Stands for an online manual • If you would like to know more about "grep" enter "> man grep" in the cmd line to learn more about grep.
Windows 7 Home Premium
-The consumer edition; contains: • DVD playback • Windows Aero • Internet Connection Sharing • IIS Web Server -Does not support enterprise technologies • Cannot join a domain • No BitLocker support • No EFS (Encrypting File System) support -x86 version supports 4gb RAM -x64 version supports 16gb RAM and 2 processors
Physical destruction
-Through an industrial shredder • Heavy machinery • Complete destruction -Drill / Hammer if destroying hardware on your own • Quick and easy • All the way through the platters -Electromagnetic (degaussing) • Remove the magnetic field • Destroys the drive data and the electronics -Incineration • Hot fire
Account lockout and disablement
-Too many bad passwords will cause a lockout • This should be normal for most users • This can cause big issues for service accounts (some orgs. will disable the lockout process for service accounts. OR have a different process to change the password and keep the service account from not logging in) -Disable user accounts • Part of the normal change process • You don't want to delete accounts (at least not initially) • Deleting the account can delete important information.
System lockout (Troubleshooting Mobile Apps)
-Too many incorrect unlock attempts -In iOS: Erases the phone after 10 failed attempts • Will need to restore from itunes/icloud backup • Automatic erase can be disabled. With each failed attempt, delays start to add up (timewise) -Android: Locks or wipes the phone after failed attempts • Uses google login to unlock the phone
Update boot order (Troubleshooting Solutions)
-Trying to boot from a USB drive but it doesn't even try • Boots directly to the primary drive -Check BIOS to determine which physical device will be used during boot • And in which order -Each BIOS is a bit different • But the configuration is in there somewhere -It's an easy one to miss • Usually the first thing to check and change to modify the boot order
Boot methods
-USB storage • USB drive must be bootable • Computer must support booting from USB drive -CD-ROM and DVD-ROM • A common media -PXE ("Pixie") - Preboot eXecution Environment • Performs a remote network installation • Computer must support booting with PXE -NetBoot • Apple technology to boot Mac OS from the network • Similar concept to PXE boot -If you need to install many types of OS's • Considered using external media that connects via USB • Solid state drives / hard drives • Store many OS installation files -External / hot swappable drive • Some external drives can mount an ISO (DVD-ROM image) which the PC will see as a DVD-ROM drive • Can boot from USB -Installing on the Internal hard drive • Install and boot from separate drive • Create and boot from new partition
Boot methods
-USB storage • USB drive must be bootable • Computer must support booting from USB drive -CD-ROM and DVD-ROM • A common media -PXE ("Pixie") - Preboot eXecution Environment • Performs a remote network installation • Computer must support booting with PXE -NetBoot • Apple technology to boot macOS from the network • Similar concept to PXE boot -If you need to install many types of OS's • Considered using external media that connects via USB • Solid state drives / hard drives • Store many OS installation files -External / hot swappable drive • Some external drives can mount an ISO (DVD-ROM image) which the PC will see as a DVD-ROM drive • Can boot from USB -Installing on the Internal hard drive • Install and boot from separate drive • Create and boot from new partition
Types of installations
-Unattended installation • Answers Windows questions in a file (unattend.xml) • No installation interruptions • No user intervention -In-place upgrade • Maintain existing applications and data -Clean install • Data backup required • Wipe the slate clean and reinstall • Migration tool can help -Image • Deploy a clone on every computer • Quick installation on many computers -Repair installation • Fixes problems with the Windows OS • Does not modify user files • Re-installs the OS • Multiboot • Run two or more operating systems from a single computer -Recovery partition • Creates hidden partition with a copy of Windows installation files • Commonly used with repair installation • Installation media not needed -Refresh / restore • Windows 8/10 feature to clean things up • Requires a recovery partition • No installation media needed
Types of installations
-Unattended installation • Answers Windows questions in a file (unattend.xml) • No installation interruptions • No user intervention -In-place upgrade • Maintain existing applications and data -Clean install • Data backup required • Wipe the slate clean and reinstall • Migration tool can help -Image • Deploy a clone on every computer • Quick installation on many computers -Repair installation • Fixes problems with the Windows OS • Does not modify user files • Re-installs the OS • Multiboot • Run two or more operating systems from a single computer • Can you 2 OS's from 1 hard drive -Recovery partition • Creates hidden partition with a copy of Windows installation files • Commonly used with repair installation • Installation media not needed -Refresh / restore • Windows 8/10 feature to clean things up • Requires a recovery partition • No installation media needed
UPS (Disaster Recovery)
-Uninterruptible Power Supply • Short-term backup power • Protects you from blackouts, brownouts, surges, spikes, etc... -UPS types • Offline/Standby UPS watches the voltage from the main power. If not power, it switch from offline/standby to online. Online provides the power from the UPS • Line-interactive UPS slowly provides more power if the main power experiences a brownout. • On-line/Double-conversion UPS runs in many data centers. UPS is always running from the battery. There is no switching over if main power is lost. The Main power charges the batteries, batteries power the device. No delay with power switching. -UPS features on different models • Auto shutdown • Battery capacity • Outlets • Phone line suppression
Command line troubleshooting
-Use "help" if you're not sure • > help dir • > help chkdsk -Also use: • [command] /? -Close the prompt with exit -Useful when additional information is needed for a certain command
Remote Disk (Mac OS Features)
-Use an optical drive from another computer • Has become more important over time • Designed for copying files or data transfer • Will not work with audio CDs or video DVDs -Set up sharing in System Preferences • Sharing options • Appears in the Finder
Restricting user permissions
-User permissions • Everyone isn't an Administrator • Assign proper rights and permissions • This may be an involved audit -Assign rights based on groups • More difficult to manage per-user rights • Becomes more useful as you grow -Set login time restrictions • Only login during working hours • Restrict after-hours activities
Local users and groups
-Users • Administrator - the Windows super-user • Guest -Limited access • Most users are "Regular" Users -Groups • Administrators, Users, Backup Operators, Power Users, etc. • Users can be added to groups • Permissions are easier to manager by groups instead of individual user access.
Tailgating
-Uses someone else to gain access to a building • Not by accident -Johnny Long book in "No Tech Hacking" explains how to tailgate in these environments • By blending in with clothing • A 3rd-party with a legitimate reason • Temporarily take up smoking and makes friends with people who then can be followed back into the building • Or be someone who brings boxes of doughnuts where people might help you enter even if you don't have an access card -Once inside, there's little to stop you • Most security stops at the border
Windows Recovery Environment
-Very powerful front-end that gives you access to the OS -Also very dangerous way to start manipulating the OS • Last resort -Does give you complete control of the OS • Fix your problems before the system starts • Can remove malicious software -Requires additional information • Use, copy, rename, or replace operating system files and folders • Enable or disable services or devices at startup • Can repair the file system boot sector or the master boot record (MBR)
Windows 10 Education and Enterprise
-Very similar features in both • Minor features differences • Both are managed by using Windows Volume licensing -Granular User Experience (UX) control • an administrator can define the user environment • Useful for kiosk and workstation customization -Supports: • Hyper-V • Bitlocker • Can join a domain • AppLocker (an administrator can control what applications can run) • BranchCache (remote site file caching) -Max x86 RAM 4 GB -Max x64 RAM 2048 GB
VPN Concentrator (Logical Security)
-Virtual Private Network • can encrypt (private) data traversing a public network -Concentrator (a hardware device) • designed to Encrypt/decrypt access from any device at a remote location -Many deployment options • Specialized cryptographic hardware • Software-based options available -Used with 3rd party client software or sometimes built into the OS
vi (Linux Command)
-Visual mode editor • Full screen editing with copy, paste, and more -vi FILE • "> vi script.sh" starts the editor for the file script.sh -To insert text • Enter "i" and then <text> • Exit insert mode with Esc -Save (write) the file and quit vi • ":wq" command
WPA2 and CCMP
-WPA2 certification began in 2004 • AES (Advanced Encryption Standard) replaced RC4 • CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) replaced TKIP -CCMP block cipher mode • Uses AES for data confidentiality • 128-bit key and a 128-bit block size • Requires additional computing resources -CCMP security services • Data confidentiality (AES), includes authentication, and access control
Strong passwords (Logical Security)
-Weak passwords can be difficult to protect against • Interactive brute force • Hashed passwords can be brute forced offline -Passwords need to have some complexity and refreshed constantly • This reduces the chance of a brute force • Reduce the scope if a password is found -Annual password analysis from SplashData examines leaked password files. Pretty much what you'd expect on commonly used passwords: • #1: 123456 • #2: password • #3: 12345 • #4: 12345678 • #5: qwerty
Power drain (Troubleshooting Mobile Device Security)
-When power drains faster than normal might be a security issue • Heavy application usage • Increased network activity than normal • High resource utilization than normal • Its a Denial of Service (DoS) -Check the application before installation • Use an App scanner to verify if its legitimate (e.g. Zscaler Application Profiler) • Force stop that running app if its acting unusual -Some mobile devices allow you to run anti-malware • This checks for malicious activity -Perform a clean install if you are unsure • Perform a factory reset and reinstall the apps
Users Tab
-Who is connected? What are they doing? -Provides a User list Windows 7 which allows you to: • Disconnect • Logoff • Send message -In Windows 8/8.1/10, Users tab provides: • Separate processes for each user • Performance statistics for each user
Using WPS (Securing SOHO Network)
-Wi-Fi Protected Setup • Originally called Wi-Fi Simple Config -The goal was to allow "easy" setup of a mobile device • A passphrase can be complicated to a novice -Different ways to connect • PIN configured on access point must be entered on the mobile device • Push a button on the access point • Near-field communication - Bring the mobile device close to the access point • USB method - no longer used
dd (Linux Command)
-Will convert and copy a file • Also backups and restores an entire partition • > dd if=<source file name> of=<target file name> [Options] -Creating a disk image • > dd if=/dev/sda of=/tmp/sda-image.img -Restoring from an image • > dd if=/tmp/sda-image.img of=/dev/sda
Update and patch (Troubleshooting Solutions)
-Windows Update • A centralized OS and driver updates -Lots of flexibility on updating Windows • Change the active hours • Manage metered connections where it doesnt download over slow connections -Applications must be patched • Security issues don't stop at the OS • Download from the publisher or within the application
System Restore
-Windows creates frequent restore points • Goes back-in-time to correct problems • Creates restore points after a windows update or after installing new software -Start by pressing F8 - Advanced Boot Options - Repair -In Windows 7/8/8.1/10 it is located in Control Panel under Recovery -Doesn't guarantee recovery from viruses and spyware/malware • All restore points might be infected
Mobile device disposal (Safety Procedures)
-Wipe your data, if possible • This isn't always an option due to a broken screen -Manufacturer or phone service provider may have a recycling program or an upgrade program -Dispose at a local hazardous waste facility • Do not throw in the trash
MAC spoofing
-Your Ethernet device has a MAC address • A unique burned-in address • Most drivers allow you to change this address -Changing the MAC address can be legitimate • Internet provider expects a certain MAC address • Certain applications require a particular MAC address -If changing the MAC address for illegitimate reasons • To circumvent MAC-based ACLs • Fake-out a wireless address filter -This is very difficult to detect • How would you know it's not the original device?
Desktop styles
-Your computer has many different uses • Those change depending on where you are -Work styles • Standard desktop • Common user interface • Customization is very limited • You can work at any computer due to Active Directory -Home • Complete flexibility; No restrictions • Can change background photos, colors, UI sizing.
Desktop styles
-Your computer has many different uses • Those change depending on where you are -Work styles • Standard desktop • Common user interface • Customization very limited • You can work at any computer due to Active Directory -Home • Complete flexibility; No restrictions • Background photos, colors, UI sizing
windows script file
.wsf
Other file systems
-ext3 • Third extended file system • Commonly used by the Linux OS -ext4 • Fourth extended file system • An update to ext3 • Commonly seen in Linux and Android OS -NFS • Network File System • Access files across the network as if they were local • NFS clients is available across many operating systems -HFS+ / HFS Plus • Hierarchical File System • Also called Mac OS Extended • Replaced by Apple File System (AFPS) in macOS High Sierra (10.13) -Swap partition • Memory management • Frees memory by moving unused pages onto disk • Copies back to RAM when needed • Usually a fast drive or SSD
Apple macOS history
-macOS • Desktop OS running on Apple hardware -Advantages • Easy to use • Extremely compatible • Relatively fewer security concerns -Disadvantages • Requires Apple hardware • Less industry support than the PC platform • Higher initial hardware cost
perl script file there are two
.cgi, .pl
data file
.dat
Database file there are two
.db, .dbf
Debian software package file
.deb
ISO disc image
.iso
JPEG image two of them
.jpeg, jpg
log file
.log
Microsoft Access database file
.mdb
MIDI audio file there are two separate with a comma (,)
.mid, .midi
MP3 audio file
.mp3
MPEG-2 audio file
.mpa
Ogg Vorbis audio file
.ogg
open type font file
.otf
Package file
.pkg
PNG image
.png
PostScript File
.ps
Read Hat Package Manager
.rpm
Save file (e.g., game safe file
.sav
SQL database file
.sql
What is the maximum limitation of RAM for Windows 7 Ultimate 64-bit?
192GB
What is the maximum partition size for Fat32?
2 TB
How many Gigabytes (GB) of storage space does a system running Windows (64-bit) require?
20 GB
in general terms the least amount of disk space needed for a installation of Linux
250mb
In general, __-bit applications can be run on __-bit systems, but not vice-versa.
32, 64
All Windows 7 editions other then Starter, have a limit of how much physical RAM?
4 GB
What is maximum physical memory for all editions of 32-bit Windows 10?
4 GB
What is maximum physical memory for all editions of 32-bit Windows 8/8.1?
4 GB
What is the maximum individual file size for Fat32?
4 GB
What is the maximum amount of RAM supported by 64-bit Microsoft Windows 7 Home Basic Edition?
8 GB
Script file syntax. These two syntax will allow you to insert a comment in a script file. Separate them with a comma (,)
::, REM
set command
A command used to view all variables in the shell, except special variables.
tasklist
A command-line version of the Task Manager
Local Users and Groups
A managment console that provides an interface for managing user and group accounts.(not available in Starter or Home editions)
BranchCache
A new feature of Windows 7 that enables users to rapidly access data from remotely located file and web servers. This enables users at a small branch to cache copies of frequently accessed files from head office servers on a local computer.
Factory Recovery Partition
A partition that contains an image of the bootable partition created when the computer was built.(Restores OS to factory settings)
Spotlight Search
A search tool in the macOS
Replay Attack
A type of network attack where an attacker captures network traffic and stores it for retransmission at a later time to gain unauthorized access to a network.
This is a common SOHO network hardware that allows hosts to connect to the network over WIFI
Access Point
Which of the following answers refer(s) to the Windows Remote Assistance utility?
Access based on one-time password / Temporal remote access / The host and invited user can both see the host's screen / The host and invited user share control over host's mouse and keyboard / Windows tool used for assisted remote troubleshooting.
ACL
Access control list. Rules applied by packet filter firewalls that filter data by IP address, Protocol ID, and Port Numbers
In order to join a Windows Domain you must follow these steps: 5. while in accounts click on ____ ____ ___ ___
Access work or school
Which of the following answers apply to Windows BitLocker?
Accessed via BitLocker Drive Encryption applet in Windows Control Panel / Does not require a TPM microcontroller to work / Not included in basic versions of Windows 8/8.1/10 (Windows 8/8.1 Core and Windows 10 Home)
A drive letter in Windows can be changed by:
Accessing Disk Management, right-clicking on a drive and selecting Change Drive Letter and Paths from the context menu
In order to join a Windows Domain you must follow these steps: 4. While in settings click on _____
Accounts
This is a notification area where you can often find important security settings and issues as well as system information in a Windows OS.
Action Center
bootrec /rebuildbcd
Adds missing Windows installations to the BCD
A shortcut icon to the Windows Memory Diagnostic tool (mdsched.exe) can be found in:
Administrative Tools folder in Control Panel
Windows Task Scheduler (taskschd.msc) is a component of Microsoft Windows that provides the capability to schedule the launch of programs or scripts at pre-defined times or after specified time intervals. Which of the following locations contains the application icon shortcut used for launching the Task Scheduler MMC snap-in?
Administrative Tools menu in Windows Control Panel
In order to join a Windows Domain you must follow these steps: 10. In the User account window, type your user name. From the account type drop down list you must then select ____ and afterwards click Next
Administrator
Very granular control over web elements can be configured for IE under the ________ tab of Internet Properties.
Advanced
What tab will allow you to enable quality of service policies on a router?
Advanced
Its best to check your it is enabled but almost all chipsets support this power management standard:
Advanced Configuration and Power Interface (ACPI)
AES is a WIFI encryption method and considered the most secure today. What does AES stand for?
Advanced Encryption Method
A phone uses a lot of battery power to search for and connect to cellular service while in low service areas. What mode can you enable to keep the battery strong?
Airplane
counter logs
Allow you to collect statistics about resources such as memory, disk, and processor
Event Viewer
Allows monitoring of Windows logs. System, security, application, and service events are recorded in these logs
The Devices and Printers applet in Windows:
Allows to add/remove wired and wireless devices / Provides a simplified view of all connected devices / Allows to troubleshoot a device that isn't working properly.
Local Security Policy
Allows you to view and edit currenty security policy
Credential Manager
Allows you to view cached passwords for websites and Windows/network accounts
Home Client
An OS designed to work on standalone or workgroup PCs in a home or small office
You and your team are working on a business's wireless network. You've compiled a Statement of Work (SOW) for the business you are working for and diagrammed the network, and the locations of the needed equipment. What critical data do you need to include next in your SOW?
Backout Plan
phishing
An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information
Phishing
An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information(combination of spoofing and social engineering)
Which of the following locations in macOS provides access to application updates menu?
App Store
APFS
Apple File System - used in macOS High Sierra or later which supports native file encryption
Finder
Apple equivalent of file explorer in Windows
Activity Monitor
Apple verstion of performance monitor
In Windows 7 what Task Manager tab allows you to close a application that isn't responding by right click the program and selecting the End Task button?
Applications
gpupdate
Applies a new or changed policy to a computer immediately
What is the role of management in Change Management?
Approving the plan and budget
Remote Assistance
Assigns a port dynamically from an ephemoral range
A good security protocol to implement in a public workspace on your computer or laptop is to put it into sleep/hibernation and require ____
Authentication on Wake-up
AAA
Authentication, Authorization, and Accounting
This feature helps keep a device's screen visible but as it constantly scans lighting situations can use more battery power when enabled.
Automatic Dimming
WiFi, GPS and Bluetooth are causing a customer's phone to overheat even while not in use. What are these functions referred to in this circumstance?
Background Functions
This is an improved version of a specific type of malware. It will encrypt your computers files until such a time as you pay the bad guys to have them unlock it by sending you a decryption key.
Crypto malware
Windows Task Manager can be launched by:
Ctrl+Shift+Esc key combination / Pressing Ctrl+Alt+Delete and selecting the Task Manager option from the menu screen / Right-clicking on the Windows Taskbar and selecting Task Manager / Typing taskmgr (or taskmgr.exe) in the Command Prompt and pressing Enter / Pressing simultaneously the Windows and R keys, typing taskmgr (or taskmgr.exe) in the Run window, and pressing Enter
After booting to UEFI mode the next step to completing a Windows installation is to select a _____ ____
Custom Installation
DoS attacks might be a precursor to a wider attack such as a _____ spoofing attack.
DNS
Paul bought a copy of Windows 10 that allowed him to install it onto only three different PCs. What type of agreement prevented him from installing it on a fourth PC?
DRM
This is a acronym for the restrictions placed on how software might only be used on a particular provider's phone.
DRM (Digital Rights Management)
Change management six steps Step 1. Procedures for handling changes Roles and responsibilities of the IT support staff Measurements for change management Tools to be used Type of changes to be handled and how to assign priorities Back-out procedures
Define change management process and practices
DoS attack
Denial of Service Attack - causes a service at a given host to fail or become unavailable to legitimate users
Windows Logo'd Product List (LPL) catalog contains information of what type of products known to work on their systems?
Devices and drivers
What is a bit referenced or called that is associated with a block of computer memory and indicates whether or not the corresponding block of memory has been modified?
Dirty bit
After identifying a malware infection and quarantining a computer you should first do this step before rebooting into Safe Mode and scanning for viruses to prevent possible reinfection.
Disable System Restore
List some common causes of failure to boot.
Disconnected SATA cable, corrupted boot sectors, BIOS/UEFI misconfigurations
You are using a USB device to install Windows 7 what do you need to run to clean it first?
DiskPart
Modify
Do most things with an object but not to change its permissions or owner
A group of computers and devices on a network that are administered as a unit with common rules and procedures is referred to as a?
Domain
A group of computers that share a directory database is known as?
Domain Network
Windows 10 greatly simplified installation of the operating system by undergoing massive changes to
Driver detection
The App Store menu in macOS provides access to:
Driver updates / Firmware updates / Antivirus updates / Anti-malware updates.
This takes into consideration the budget, security , and customer contract standards for performing a task and identifies the lines of responsibility and authorization for performing it.
Standard Operating Procedure (SOP)
This is a basic type of email security that screens emails as they come in and blocks suspicious ones.
Email Filtering
What can you do to keep a network connection open but still restrict what devices have access to it?
Enable MAC filtering
EFS
Encrypting File System - a windows feature that can encrpyt a folder or a file
What is a common way of mitigating password guessing attacks?
Failed attempts lockout
After Windows 10 Microsoft no longer releases new versions of Windows but instead maintains the OS with ____ ____
Feature Updates
In a multiboot environment when should you install older an OS?
First
Which of the following macOS utilities can be used for detecting and repairing disk-related problems?
First Aid (in Disk Utility)
The /f switch of the chkdsk command-line utility in MS Windows:
Fixes errors on the disk
chkdsk C: /f
Fixes file system errors on the disk drive C
What command would you use to convert a NTFS partition into a FAT32 partition?
Format
What tab of the MSConfig utility in Windows lists choices for startup configuration modes?
General
Which of the following tabs of the Windows Internet Properties applet provides an option for deleting temporary Internet files, cookies, web browsing history, Internet Explorer saved passwords, and saved data typed into web forms?
General
Which of the tabs of the System Configuration utility in Windows contains the Diagnostic startup option?
General
Which tab of the MSConfig utility in Windows lists choices for startup configuration modes?
General
The digitizer on a smartphone is completely unresponsive. You have tried restarting the phone but it has not helped. What should you try next?
Hard Reset
This ACPI mode referred to as S4 saves any open files (data) in memory to disk then turns power off.
Hibernate/Suspend to Disk
This is a power-saving state that puts your open documents and programs on your hard disk and then turns off your computer.
Hibernation (Mode)
A proprietary file system developed Apple is known as what?
Hierarchical File System (HFS)
What tab on a router's software allows you to check network status and see a map of connections?
Home
What tab on a router's software will allow you to check the status of the network and a map of connections on the network?
Home
Name that OS type: an OS designed to work on standalone or workgroup PCs in a home or small office
Home Client
The network connection says it is connected but no web pages are able to load. The next step to help trouble this situation is to ping an internet site by ___ ____
IP address
This type of file contains contents from an optical disc. It is often used to install OSs on virtual machines:
ISO file
This is a popular method of good practices and policies for delivering IT services:
IT Infrastructure Library (ITIL)
A cloud service that allows you to install and manage your own OS is a _____ service.
IaaS
Screen Sharing
In OS X, a utility to remotely view and control a Mac and is similar to Remote Assistance in Windows.
This ACPI mode cuts power to most devices but retains power to memory. It is referred to as ACPI S1-S3
Standby/Suspend to Ram
Windows Settings
Interface for managing a Windows 10 computer
Administrative Tools
Located in Control Panel in Windows 7, is a collection of predefined Microsoft Management Consoles
Hierarchical File System (HFS) is a proprietary file system for use on what type of Operating Systems?
MacOS
screen sharing
MacOS version of remote desktop functionality
This is the best source of information about the safe disposal of hazardous components.
Material Safety Data Sheet (MSDS)
_____ is a Microsoft-designed file system that offers encryption and ACLs.
NTFS
NFS
Network File System - used to mount storage devices into a local file system in linux
Windows 7 Minimum Hardware Requirements (x86)
Processor/CPU - 1 GHz processor Memory - 1 GB RAM Free disk space - 16 GB Video - DirectX 9 graphics device with WDDM* 1.0 or higher driver *Windows Display Driver Model
Windows 7 Minimum Hardware Requirements (x86)
Processor/CPU - 1 GHz processor Memory - 1 GB RAM Free disk space - 16 GB Video - DirectX 9 graphics device with WDDM* 1.0 or higher driver *Windows Display Driver Model -Win7 32-bit
Windows 7 Minimum Hardware Requirements (x64)
Processor/CPU - 1 GHz processor Memory - 2 GB RAM Free disk space - 20 GB Video - DirectX 9 graphics device with WDDM* 1.0 or higher driver *Windows Display Driver Model
Windows 10 Minimum Hardware Requirements (x86)
Processor/CPU - 1 GHz processor with support for PAE, NX, and SSE2 Memory - 1 GB RAM Free disk space - 16 GB Video - Microsoft DirectX 9 graphics device with WDDM* driver *Windows Display Driver Model
Windows 8/8.1 7 Minimum Hardware Requirements (x86)
Processor/CPU - 1 GHz processor with support for PAE, NX, and SSE2 Memory - 1 GB RAM Free disk space - 16 GB Video - Microsoft DirectX 9 graphics device with WDDM* driver *Windows Display Driver Model
Windows 10 Minimum Hardware Requirements (x86)
Processor/CPU - 1 GHz processor with support for PAE, NX, and SSE2 Memory - 1 GB RAM Free disk space - 16 GB Video - Microsoft DirectX 9 graphics device with WDDM* driver *Windows Display Driver Model -Win10 32-bit
Windows 8/8.1 Minimum Hardware Requirements (x86)
Processor/CPU - 1 GHz processor with support for PAE, NX, and SSE2 Memory - 1 GB RAM Free disk space - 16 GB Video - Microsoft DirectX 9 graphics device with WDDM* driver *Windows Display Driver Model -Win8/8.1 32-bit
Windows 10 Minimum Hardware Requirements (x64)
Processor/CPU - 1 GHz processor with support for PAE, NX, and SSE2 Memory - 2 GB RAM Free disk space - 20 GB Video - Microsoft DirectX 9 graphics device with WDDM* driver *Windows Display Driver Model
Windows 8/8.1 7 Minimum Hardware Requirements (x64)
Processor/CPU - 1 GHz processor with support for PAE, NX, and SSE2 Memory - 2 GB RAM Free disk space - 20 GB Video - Microsoft DirectX 9 graphics device with WDDM* driver *Windows Display Driver Model
Windows 10 Minimum Hardware Requirements (x64)
Processor/CPU - 1 GHz processor with support for PAE, NX, and SSE2 Memory - 2 GB RAM Free disk space - 20 GB Video - Microsoft DirectX 9 graphics device with WDDM* driver *Windows Display Driver Model -Win10 64-bit
A Windows Internet Properties system utility tab containing an option for managing Internet Explorer web browser add-ons is called:
Programs
An organization owns its own cloud infrastructure, and sells it to whoever needs it. This is a ______ cloud infrastructure.
Public
Which network profile in Windows by default disables the network discovery feature?
Public
Which of the Windows network profiles imposes the strongest security settings?
Public
What Windows feature allows a computer to return to its factor image at the cost of any data and installed applications?
Push Button Reset
Prioritizing network traffic based on a set of rules is called...
QoS
file attributes
R - read only H - hidden S - system, can not be deleted A - archive, modified since last backup
Enterprise mode replaces PSK with a ______ server for authentication.
RADIUS
This type of wireless authentication has users supply information to approved client devices such as wireless access points. The client device then transmits the data to a AAA server which must approve the request.
RADIUS
Which of the following should you install to support wireless authentication and network access?
RADIUS server
WPA uses a encryption and decryption cipher and key generator known as?
RC4/TKIP
Which of the following record types must your add to DNS to implement DNSSEC?
RRSIG DSNKEY
A feature involving using a USB flash drive as a cache to improve Windows performance is called ______.
Ready boost
This allows you to return a computer to its factory settings on most modern computers
Recovery Partition
Installation files for an OS are sometimes stored on the hard drive in the _____________.
Recovery partition
This repair option in Windows products recopies the system files and reverts most system settings to their default settings, but it can preserve user data and many apps installed via the Windows Store.
Refresh/Restore installation
What tool allows for the registering and unregistering of DLLs (Dynamic-Link Library)?
Regsrv32
ipconfig /release AdapterName
Release the IP address obtained from a DHCP server so the network adapter will no longer have an IP address
RDP
Remote Desktop Protocol - Runs on on TCP port 3389.
John's personal phone was stolen recently. He has work related data stored on his device. What common BYOD company policy will help prevent the loss of this data?
Remote Wipe
If a doctor loses an iPhone with patient information on it, what should be the first course of action to protect patient information?
Remote wipe
In order to ensure maximum security for your corporate owned mobile devices, which of the following should you make certain the device supports before you make your buying decisions?
Remote wipe Your MDM policies Lockout policies
crontab -r
Removes jon from a scheduled list in cron
ren
Renames a file or directory
Pharming
Reroutes requests for legitimate websites to false websites
pharming
Reroutes requests for legitimate websites to false websites
A customer calls and tells you that his smartphone's touch screen is not responding accurately. What can you advise him to do first?
Restart the phone
A customer calls you to ask why his printer which worked yesterday can no longer print from his Windows computer today. The customer needs to print his document as quickly as possible. You realize that this is most likely related to the new Windows patch that came out this morning. What can you advise the customer to do to fix this issue?
Roll back updates
Once it is on an infected computer this type of malware creates a backdoor for an attacker to connect to the computer from a remote location.
Rootkit
What type of malware infection will allow many background applications to run unnoticed until it affects PC performance?
Rootkit
This is a common SOHO network hardware that forwards packets over the WAN interface if they do not have a destination IP address.
Router
A customer brings you his computer and complains that its performance has been compromised during disk intensive activities. What can you do to correct this issue on his hard disk drive?
Run Defrag
To repair a Windows 7 installation there are 4 steps this is step 2
Run Setup
What batch file command allows you to declare a persistent environmental variable?
SETX
What command when added to System File Checker allows the tool to scan for files without attempting to fix them? Give the full read out.
SFC /verifyonly
What is the CLI program in Windows to find and repair corrupted system files?
SFC.exe
One security issue with system cloning is that since it is an exact copy of the original PC (known as the reference machine) it also copies this unique PC identifier
SID (security Identifier)
Which of the following macOS features allows to create switchable desktop environments?
Spaces
Which of the following best describes the activity of an intruder on the network who has changed the MAC address of their laptop to gain access to a network with MAC Filtering enabled?
Spoofing
This utility seeks to solve the issues of Drive Cloning by allowing for the generation of new computer names, unique SIDs, and custom driver cache databases.
SYSPREP
In a scenario where an abundance of computer resources are preventing it from fully loading its operating system booting into what might allow you to start trouble shooting it?
Safe Mode
After a OS update your computer is only displaying a black screen. You've reset the computer many times but it still persists. You want to roll the updates back but first you will need to boot into this mode in order to do so
Safe mode
The sfc command-line utility in MS Windows:
Scans the integrity of all protected system files and replaces incorrect versions with correct Microsoft versions.
Malware Removal steps: Step 5
Schedule ongoing updates
What option of a Unified Extensible Firmware Interface (UEFI) restricts OS installations only to trusted software
Secure Boot
SSH
Secure Shell is a network protocol for secure transfer of data between computers on port 22
This is a validation and encryption tool, part of the HTTPS protocol, which secures and encrypts data going back and forth between the server and the client browser.
Security Certificate
ITIL (Information Technology Infrastructure Library): things, processes, or people that contribute to the delivery of an IT service
Service Asset
Name that OS type: an OS designed to work with a handheld portable device. -Must have a touch-operated interface
Smartphone (also could be a Tablet or cellphone)
In Windows Disk Management utility, a volume status set to Failed Redundancy indicates that the data on a mirrored or RAID 5 volume is no longer fault tolerant because one of the underlying disks is not online.
True
In macOS, the term "local snapshot" refers to a backup copy of all personal and system files stored on the local machine instead of the preferred external drive. T or F
True
Introduced in Windows Vista, Windows Firewall with Advanced Security MMC snap-in offers more detailed configuration options allowing system administrators to execute more granular control over inbound and outbound network traffic. T or F
True
The -b netstat parameter in Microsoft Windows allows to display the name of an application involved in creating each connection or listening port. T or F
True
The function of the ODBC Data Sources (odbcad32.exe) configuration utility in Windows is to facilitate communication between applications and varying types of databases. T or F
True
Transmission carried out in one direction only is described as a simplex mode. Communication that takes place only in one direction at a time is referred to as half-duplex mode. Two devices communicating with each other in both directions simultaneously are said to be in full-duplex mode. Network devices supporting autonegotiation feature automatically configure best mode supported by both devices. Duplex mismatch is the term used for a situation where two devices communicate with each other using different duplex modes. T or F
True
Windows Memory Diagnostic Tool (mdsched.exe) cannot be run inside Windows. This utility requires a system restart and is launched during next boot before loading the operating system. T or F
True
he Task Manager's Users tab in MS Windows allows system administrators to disconnect a user (invoke a Windows lock screen) or to sign them off (force a user to log off). T or F
True
Hyper-V is a type ___ hypervisor.
Type I
You want to prevent anyone from being able to boot a computer that uses a software program tied into the computer's firmware to connect to the operating system. What security feature do you need to enable?
UEFI Password
All of these types of OS share a kernel and shell architecture. The Kernel provides the core functions and the shell the user interface
UNIX
Aside from Windows and macOS what is another type of Operating System "family" widely used around the world?
UNIX
MacOS and OS X were re-developed from the kernel of a operating system called?
UNIX
Unlike other types of Operating Systems this one is portable to different hardware platforms and can run on everything from personal computers to mainframes, etc.
UNIX
A Flash drive typically uses what type of boot connection method?
USB
What is required for BitLocker to be used in the case where a computer does not have Trusted Platform Module support?
USB drive startup key
Windows Easy Transfer is good for small migrations, but what tool is recommended for migrations of large groups of computers?
USMT (User State Migration Tool)
The Programs and Features Windows Control Panel applet can be used for:
Uninstalling applications / Conducting repair installation of a malfunctioning program / Adding/removing Windows components / Managing installed updates.
UDF
Universal Disk Format - updated file system for optical media with support for multi-session writing
UPnP
Universal Plug and Play: Enables network-ready devices to discover each other automatically. Also allows configurations for devices to work with firewalls
Which of the following is a non-proprietary RDP alternative that enables control over another computer on the network with the use of a graphical user interface?
VNC
A ___ creates a virtual (typically encrypted) tunnel between sites.
VPN
This extends a private secure encrypted path (or network) across a public network(and less secure path) like the internet, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network
VPN
Which of the following locations in Windows 8/8.1/10 provides access to configuration options that would allow to block incoming echo requests?
Windows Defender Firewall applet in Control Panel -> Advanced settings -> right-click on Inbound Rules -> New Rule... -> Custom -> All programs (or a single app)
BranchCache feature to optimize content delivery over what type of network? Acronym
WAN
This from of WiFi Security encryption uses a cipher for and a flawed 64-bit or 128-bit encryption key generator. The flaw lays in the way the key is generated and how an attacker can use a network capture or "packet sniffer" tool to capture this key fairly easily.
WEP (Wired Equivalent Privacy)
This is a form of WiFi Security encryption that uses the same cipher but a mechanism called Temporal Key Integrity Protocol to fix issues with better key generation than in previous forms of encryption.
WPA (WiFi Protected Access)
This from of WiFI Security encryption that uses previous upgrades to its key generation features but replaces the cipher with one that is much stronger then previous methods.
WPA2
What type of WIFI encryption method should you enable if you intend to use a Radius server for authentication?
WPA2 Enterprise
What type of WIFI encryption method should you use for Pre-Shared Key (PSK) authentication?
WPA2 Personal
New operating system updates (also known as OS Versions) can sometimes cause software or hardware device drivers to not work properly. Cloud services along with what other tool can help to mitigate these compatibility concerns?
Web Applications
Which of the following locations in Windows 8/8.1/10 provide access to configuration options for managing apps or features allowed through Windows Defender Firewall?
Windows Defender Firewall applet in Control Panel -> Turn Windows Defender Firewall on or off menu item / Windows Start button -> Settings -> Update & Security -> Windows Security -> Firewall & network protection -> Allow an app through firewall / Windows Defender Firewall applet in Control Panel -> Allow an app or feature through Windows Defender Firewall.
You suspect there is faulty RAM in a system. What Windows tool can be used to confirm this?
Windows Memory Diagnostics Tool
In order to update device drivers on Windows computers you can either drivers provided by the device manufacturer or this built in feature:
Windows Update
Which of the following sources allow for obtaining, installing, and updating device drivers used by Microsoft Windows OSs?
Windows Update / Device manufacturer
Everyone Group
Windows group that includes all users
This type of malware does not need user intervention or manipulation to spread once it is on a network.
Worm
Linux Bash shell script escape character
\
homegroup
a feature to secure access to shared folders and printers. (exists in windows 7 and 8 but not in later versions of windows 10)
ISO file
a file that contains all the contents of an optical disc
*REPLAY ATTACK*
a network attack where attackers intercept some authentication data and reuse it to try to re-establish a session
*BOTNET*
a network of computers that have been compromised by a Trojan, rootkit, or worm malware established by compromising 1 or 2 machines and using them as "handlers" or "masters"
*THREAT AGENT/THREAT ACTOR*
a person or event that triggers a vulnerability accidentally or exploit it intentionally
Trojan Horse
a program that appears desirable but actually contains something harmful
Worm
a software program capable of reproducing itself that can spread from one computer to the next over a network
*MAN-IN-THE-MIDDLE (MitM) ATTACK*
a specific type of spoofing attack when an attacker intercepts communication between two hosts in an attempt to gain access to authentication and network infrastructure information for future attacks or to gain direct access to packet contents
*RAINBOW TABLE*
a tool for speeding up attacks against Windows passwords a pre-computed table of all probable plain-text passwords (from the dictionary) and their matching hashes/"chains"(only the first and last values of the "chains" are stored, otherwise the table would require too much memory)
workgroup
a windows peer-to-peer network
shutdown -a
aborts command prompt shutdown
Computer systems are protected by_____ and accounts are protected by _____, typically passwords.
accounts, credentials
WOW64
acts as the emulator for allowing 32-bit applications to run seamlessly on a Windows 64-bit OS
*ZERO-DAY EXPLOIT*
an attack that exploits a vulnerability in software that is unknown to the software vendor and users and can be very destructive as it takes time for vendors to create patches, leaving the system vulnerable for days, weeks, or even years
*FOOTPRINTING*
an information-gathering threat where attackers try to learn the configuration of the network and security system (topology) through social engineering or software-based tools
This contains any information necessary to install files so the OS can be unattended during the setup process. Such as product key, disk partitions, computer name, language and networking settings.
answer file
Theses are 2 examples of SPEAR PHISHING:
attacker might know the name of a document the target is working on and send them a malicious copy attacker sends the target an email that shows the targets full name, job title, telephone #, or other details to help convince them that the communication is genuine
Rainbow Table Attack
attempts to discover the password from the hash using databases of precomputed hashes
A user inputs the configuration information in response to prompts from the set up program is called?
attended installtion
Applications that stream video and audio consume a lot of data and should be ____ if you do not wish to incur additional charges while using 3G or 4G connections.
avoided
After a BOT is installed, the attacker has a _____ to the device and can install and trigger zombies to launch attacks.
backdoor
hive
binary files that store the registry database
There are many ways of "watching", in reference to SHOULDER SURFING, which can include looking over their shoulder, high powered _____, and _____ to directly obverse the target from a remote location
binoculars, CCTV
ext3 vs ext4
both 64 bit file systems that suppor journaling but ext 4 delivers better performance
dock
bottom of screen gives one-click access to favorite apps and files in macOS
trace logs
can collect statistics about services, providing detailed reports about about resource behavior
shutdown /a
cancels the pc shutdown from the cmd prompt
What is the Linux command to change the current directory?
cd
What is the command-line command used for directory traversal?
cd
What cd command in Windows moves the command-line prompt one folder up in the directory tree?
cd ..
Which parameter of the cd command in Windows moves the command-line prompt one folder up in the directory tree (sets the prompt at the parent folder of the current folder)?
cd ..
What command in Windows Command Prompt changes the current directory to the root directory?
cd \
df and du
check free space and report usage by directories and files
cls
clears the command prompt screen
Adapter properties
clients - Provide connections to types of file servers such as Linux, Unix, or Windows Protocols - Provide the format for addressing and delivering data messages between systems Services - Allow your machine to provide network functionality to other machines
A *specific* example of PHISHING might be ...
creating spoofed "secure" financial or e-commerce website, emailing genuine users of that website telling them they must update their information and supplying them with the spoofed website link which will capture their log on credentials once entered.
format c:
formats a disk for use with Windows from the cmd prompt; Potentially data loss if it has any
A *specific* example of a PHYSICAL DoS attack would be...
cutting telephone lines or network cabling
Cryptographic hash functions might be vulnerable to _____ attacks and _____ _____ attacks, which are types of password attacks.
dictionary, brute force
If Windows can be deployed to multiple machines with similar hardware specifications what is a common method of deployment software used to clone an installation from one PC to the rest?
disk imaging software
What command prompt launches a GUI system utility for managing HDDs in Windows?
diskmgmt.msc
In the event that you have to copy the installation media to a computer's fixed disk what is the tool you use to set the partition as active?
diskpart
Which of the following commands in Windows Command Prompt launches a text-based command-line partitioning utility?
diskpart
A Windows command-line tool used for preparing and modifying contents of Windows images is known as:
dism
Deployment Image Servicing and Management is known as the acronym
dism
tasklist
displays a list of currently running processes from the cmd prompt
ps
displays linux processes that are currently running
ifconfig/iwconfig
displays the current state of network interfaces within linux
Hardware requirements for Linux depend upon the unique _____ of Linux you have chosen
distribution
Host Firewall
firewall implemented as software on the individual host computer
format D: /fs:NTFS /x
forces the volume to dismount
For a newly added hard drive, this command allows to configure it with a file system so that Windows can store information on the disk.
format
What command line prompt will automatically check a disk volume for errors the next time the computer is restarted?
fsutil
In order to join a Windows Domain you must follow these steps: 8. In the Join a domain window you must enter the ___ ___ ___ and then select OK
full domain name
A command-line command in MS Windows that displays Group Policy information for a machine or user is known as:
gpresult
What command line prompt allows an administrator to see how a system behaves for a group of users?
gpresult
Which of the command-line commands listed below allows for updating multiple Group Policy settings in MS Windows?
gpupdate
What is the CLI command to forcibly apply a new Group Policy update?
gpupdate /force
What is the Linux cocmmand to search for a matching string of text in a file?
grep
linux group commands
groupadd, groupmod, groupdel
taskkill /t /pid processid
halts any child processes
This type of feedback enables a touch screen device such as a smartphone to vibrate indicating a key has been touched when using its virtual keyboard.
haptic
Of the three major mobile OS's, Android is open-source whereas ________ and _______ are closed source.
iOS and Windows Phone
apt-get install (package name)
install new application
The way in which the installation program and settings are loaded onto the PC is referred to as:
installation boot method
clean install
installing an new OS that completely replaces the old one
in-place upgrade
installing on top of an existing version of OS
What is the name of an MS Windows command-line utility that can be used to display TCP/IP configuration settings?
ipconfig
Network resent in Windows 7/8
ipconfig /flushdns netsh int ip reset resetlog.txt netsh winsock reset
route
linux command that shows the default gateway because ifconfig does not
help netsat
lists all switches for the netstat command
netstat /?
lists all switches for the netstat command
dir/p
lists files one screen at a time
chkdsk /r
locates bad sectors and recovers readable information from the cmd prompt; also implies /f
In a BRUTE FORCE attack, a password that is under 7 characters and non-complex (using only letter) can be cracked in _____.
minutes
What command line command launches on startup services in Microsoft Windows systems?
msconfig.exe
What Command Prompt commands in Windows is used for listing a computer's connections to shared resources?
net share
What command prompt in Windows is used for listing a computer's connections to shared resources?
net use
Which of the following Command Prompt commands in Windows is used for listing a computer's connections to shared resources?
net use
What MS Windows command-line commands lists the user accounts for the computer
net user
Port Scanning on a Windows/Linux machine include the _____ command, which would list open connections on the local computer.
netstat
The _____ command is a more advanced probing tool that can give the attacker a great deal more information about the host
nmap
In this type of VDI virtual desktop is shared among multiple users
non-persistent
Social engineering usually takes advantage of _____, but can also take advantage of _____ pretending to be a user who needs help.
non-technical users, tech support staff
Which of the following CLI tools can be used for troubleshooting DNS-related problems?
nslookup
compmgmt.msc
opens the Computer Management console from runline
privacy screen
prevents anyone but the user from viewing the screen
Gordon calls the help desk for advice about moving his files from a older disk to a new disk. He wants to preserve the time stamps of the files he's been working on. What utility can you advise him to use to accomplish this task?
robocopy /mir
UNIX and Linux password storage mechanisms use _____.
salt (a random value added to plain-text to make passwords more secure and slowing down speed of rainbow table attacks)
hibernate mode
saves the current session to disk before powering off the computer
chkdsk C: /r
scans and attempts to recover bad sectors on drive C
sfc /scanonce
schedules a scan when the computer is next restarted
sfc /scanboot
schedules scans whenever the PC boots
You want to disable unecessary services on your Windows workstation. You press Win+R. What do you type to configure services?
services.msc
The following command can be used to shut down or restart a local or remote host running MS Windows.
shutdown
What is the Linux command to power down or restart a computer?
shutdown
The command to restart a Windows machine via the command prompt is _____________.
shutdown /r
What is the Windows CLI command to restart a computer?
shutdown /r
Which of the following command-line commands enables a full system shutdown and restart of an MS Windows host after a time-out period of two minutes?
shutdown /r /t 120
Which of the following is the correct command for setting the time-out period of 60 seconds before powering off a Windows host?
shutdown /s /t 60
system protection tab
tab in system properties that provides option for system restore
What command line prompt allows you to duplicate all files, folders and sub-folders from a hard drive to a back up device?
xcopy
Which of the Microsoft Windows command-line commands allow for copying multiple files or entire directory trees from one directory to another and for copying files across a network?
xcopy / robocopy
FAT
• FAT - File Allocation Table • One of the first PC-based file systems (circa 1980) -FAT32 - File Allocation Table • Larger (2 terabyte) volume sizes • Maximum file size of 4 gigabytes • Most common file type -exFAT - Extended File Allocation Table • Microsoft flash drive file system • Files can be larger than 4 gigabytes
Power options Applet
• Power plans • Power usage can be customized -Sleep (standby) Option • Open apps are stored in memory • Save power, startup quickly • Switches to hibernate if power is low -Hibernate Option • Open docs and apps are saved to disk, allows system to shutdown completely • Common on laptops
cp (Linux Command)
• Used to make a copy a file • Duplicate files or directories • cp SOURCE DEST • to create a copy of first.txt and name it second.txt, you use the command "> cp first.txt second.txt"
