Master Set #2 - Core 2

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

VFAT

virtual file allocation table - file system for linux

jitter

variation in delay

shell

An interface between the user and computer and software

adobe illustrator file

.ai

AIF audio file

.aif

MS-DOS command file

.com

Comma separated value file

.csv

macOS X disk image

.dmg

GIF image

.gif

Java Archive file

.jar

PSD image

.psd

Scalable Vector Graphics file

.svg

Toast disc image

.toast

WAV file

.wav

WMA audio file

.wma

Windows Media Player playlist

.wpl

Which shutdown command switch enables aborting a system shutdown?

/a

What ipconfig parameter allows you to view the physical address of a Network Interface Card?

/all

Which copy command switch verifies that the new files are written correctly?

/v

How many Gigabytes (GB) of system Ram does Windows 7 or 10 (32-bit) require?

1 GB

In order to use BitLocker Drive Encryption, how much free space will be required on your system partition?

1.5GB

sector

512 bytes on a disk

This Script file syntax redirects the output of a comment

>>

Event Viewer

A management console snap in for viewing and managing system logs (accessed through computer managment, administrative tools, or eventvwr.msc)

crontab -1

Add or delete a scheduled job in cron

Symmetric multiprocessing is not supported in which Edition of Windows 8?

Core

mstsc is used to...

Create RDP connections to remote servers

chkdsk C: /x

Dismounts volume C:

What tool provided by Microsoft allows for the encryption of individual files?

Encryption File System (EFS)

The Security and Maintenance applet in Windows Control Panel provides access to Windows Firewall (Windows 7) / Windows Defender Firewall (Windows 8/8.1/10) configuration settings. T or F

False

WEP uses a encryption and decryption cipher known as?

RC4

Setup

Records events generated during installation

To configure wireless options and IP addresses on a router what tab do you need to click on?

Settings

Which Microsoft Windows tool can be used by system administrators to find and isolate problems that might prevent the OS from starting correctly?

System Configuration (msconfig.exe)

Top Secret

The highest level of classification

kernel

The software component that provides the core set of operating system functions

TPM stands for

Trusted Platform Module

What is the weakest wireless encryption standard?

WEP

JavaScript escape character

\

Rootkits

a set of software tools that enable an unauthorized user to gain control of a computer system without being detected.

vi/vim

a text file editor in linux

Command

apple equivalent of Ctrl button

.sh

Linex shell script

The ext3 and ext4 file systems are associated with the _____ operating system.

Linux

ext3 and ext4 are examples file systems used by what Operating System?

Linux

Diagnostic start up

Load basic devices and services only

What Windows tool can be used to customize security policies for a workstation that's not part of a domain?

Local Security Policy

An interactive interface used by the Operating System instead of a command line interface.

Graphical User Interface (GUI)

shutdown -h

Halt or power off the system

What type of antivirus software will learn from a network that has been infected with malware and hopefully use that information to prevent future occurrences?

Heuristic analysis

What can you enable to reject specific device access to a router?

MAC Filtering

What will only allow specific clients to access a Wireless LAN?

MAC filtering

Name 2 common types of attacks that are designed to subvert switches.

MAC flooding and ARP Poisoning

The two main partitioning schemes are ___ and ___.

MBR and GPT

What are the DOS commands to make and remove a directory?

MD, RD

MMC stands for...

Microsoft Management Console

NAS stands for?

Network Attached Storage

NTFS

New Technology File System - proprietary file system used exclusively with Windows

Incremental backup

New files and files modified since last backup(low backup time, high restore time uses multiple tape sets)

CDs, DVDs, and Blu-ray discs players are listed as what in a computer's firmware?

Optical Drives

A filesystem designed by Microsoft for flash storage is _____.

exFAT

In the event that you have to copy the installation media to a computer's fixed disk what is the tool you use to copy code to make the partition bootable?

bootsect

OU

Organizational Unit - Provide a way of dividing up a domain into different administrative realms

Eavesdropping

capturing and reading data packets as they move over a network

fsck

checks partition errors (partition should be unmounted before running this tool)

Which of the following commands launches a command interpreter utility in Windows?

cmd

Change management six steps Step 3 Examine all change requests to determine: Change request prioritization Resource requirements for implementing the change Impact to the system Back-out procedures Schedule of implementation

Plan for implementation of changes

Force Quit

in Apple menu or press command+option+esc

When moving a file from one folder to another on the same partition, explicit NTFS permissions are _____

kept

taskkill /PID #### /T

kills the Process ID by number and any child processes which were started by it from the cmd prompt

taskkill /im application

kills the process by image name from the cmd prompt

Standby/Sleep Mode

saves current session to memory and put the computer into a minimal power state

If you plan to reuse a computer what type of formatting method is the most appropriate for ensuring data has been removed?

standard formatting

In this type of VDI at the end of a session, user desktop reverts to its original state

non-persistent

In this type of VDI Each user runs their own copy of virtual desktop

persistent

A command to view running processes in Linux is ____.

ps

secure boot

restricts OS installation to trusted software

A file containing configuration information for setting up a new installation is referred to as?

unattended installation

apt-get upgrade

update all packages with latest versions

asymmetric encryption

used in public key encryption, it is scheme in which the key to encrypt data is different from the key to decrypt.(uses an RSA cipher)

In order to join a Windows Domain you must follow these steps: 9. You must authenticate yourself using a ____ and ____. Then click OK.

username and password

Default Programs

An applet to set the programs you wish to use, or choosing which application is used to open files of a particular extension

Time Machine

Apple equivalent of system restore

.vbs

VBScript

.py

Python

LPL

Windows Logo'd Product List- catalog of tested devices and drivers

Which of the following would you install to redress issues of laptops disappearing?

Cable locks

This is a anti-piracy technology for Windows

Microsoft Product Activation

Which of the following actions should you take before repurposing a hard disk?

Perform low level format

Which of the Windows Task Manager tabs in Windows 8/8.1/10 includes the information about the network resources usage listed under Networking tab in previous releases of the Microsoft OS?

Performance

This type of diagram will, ideally, show the network topology exactly as it is: with all of the devices and the connections between them.

Physical network diagram

This is a reserved part of a Windows disk that is identified by a drive letter

Primary Partition

Under the Administrative Tools folder what utility can administer print devices?

Print Management

Where can you find printer devices in Microsoft Windows Control Panel prior to Windows 7?

Printer applet

Which of the following allow for administering print devices in Microsoft Windows?

Printers applet in Control Panel in Windows OSs prior to Windows 7 / Devices and Printers applet in Control Panel in Windows 7 and newer Microsoft OSs / Print Management utility in the Administrative Tools folder.

A Windows Internet Properties applet tab containing an option for managing pop-up windows displayed by websites is called:

Privacy

The pop-up blocker can be enabled for IE under the _______ tab of Internet Properties.

Privacy

SSID

Service Set IDentifier

The System Configuration utility tab containing a list of background applications that can be enabled/disabled during system startup is called:

Services

An MS Windows Administrative Tools folder applet for managing background applications is called:

Services (services.msc)

This MS Windows Administrative Tool applet is used for the management of background applications.

Services (services.msc)

Print Management

Set properties and monitor local printers and manage print sharing on a network

Transmit Power

Sets radio power level, typically set to the highest level by default

Which of the volume types available in Windows Disk Management utility do not offer fault tolerance?

Simple volume / Spanned volume / Striped volume

An Apple proprietary voice recondition system and personal assistant

Siri

Services

Start, stop, and pause services

dir/w

lists files using a wide format with no file details

Windows 7 Editions

- Windows 7 Starter - Windows 7 Home Basic - Windows 7 Home Premium - Windows 7 Ultimate - Windows 7 Professional - Windows 7 Enterprise

Windows 8/8.1 Editions

- Windows 8/8.1 (Core) - Windows 8/8.1 Pro - Windows 8/8.1 Enterprise

Except for Education and Enterprise September feature updates are scheduled for how many months until they are retired?

18

MM

specifies the month in numerical or text format in cron

What is the maximum amount of RAM supported by 64-bit Microsoft Windows 7 Enterprise Edition?

192 GB

format D: /a:512

specifies the size of allocation units

What is the maximum amount of RAM supported by 64-bit Microsoft Windows 7 Professional Edition?

192 GB

taskkill /im

specify image name to kill

What is the maximum limitation of RAM for Windows 7 Enterprise 64-bit?

192GB

What is the maximum limitation of RAM for Windows 7 Professional 64-bit?

192GB

Remote Disc

A feature of OS X that gives other computers on the network access to the Mac's optical drive. system preferences -> Sharing

Windows 7 starter edition has a limit of how much Physical Ram?

2GB

On a basic disk how many primary partitions can Windows 7 and later have at maximum?

3

Which of the following netstat parameters displays addresses and port numbers in numerical form?

-n

The optimal humidity range for computer equipment is between ___ and ___ percent.

40,60

Wireless encryption

-All wireless computers are radio transmitters and receivers • Anyone can listen in -Solution: Encrypt the data • Everyone gets the password (shared password) • Or they get their own password -Only people with the password can transmit and listen • WPA and WPA2 are two common forms of wireless encryption

System updates (Linux)

-Command line tools • Depending on linux distro, either "apt-get" or "yum" will be used -Graphical update managers • Software updater -Patch management • Updates can be scheduled -Software center is used to install applications • The Linux "App Store"

What CLI program can be used to partition and format hard drives in Windows?

DISKPART

Scanning emails for strings of numbers matching "###-##-####" and preventing them from being sent outside an organization is an example of ____.

DLP

Services tab

- Can enable and disable Windows services • Determine what starts during boot -Easier to manage than the Services applet • Click/unclick -Useful for trial and error • It may take many reboots to find your problem

Dim display (Troubleshooting Mobile Apps)

- If difficult to see the screen, even in low light -Check the brightness setting located at: • iOS: Settings / Display and brightness • Android: Settings / Display / Brightness level -If issue is not fixed, then replace the bad display - most likely a backlight issue

Network setup

- Located in Control Panel under "Network and Sharing Center" • can set up a new connection or network -Step-by-step wizard - Confirmation during the process • Many different connections such as Direct, VPN, dial-up, etc.

Apple iOS history

-Apple iPhone and Apple iPad OS • Based on Unix • Closed-source - No access to source code • Exclusive only to Apple products -iOS Apps • Apps are developed with iOS SDK on Mac OS X • Apps must be approved by Apple before release • Apps are available to users in the Apple App Store

Host-based firewalls (Logical Security)

-"Personal" firewalls • Software-based -Included in many operating systems • 3rd-party solutions also available -Stops unauthorized network access • "Stateful" firewall • Can allow or deny traffic by application through the network interface -Windows Firewall • Can filter traffic by allowing/denying through the port number and/or application

PowerShell escape character

--%, ', \,

0

---

1

--x

Windows 8/8.1 Core

-A basic version for the home • x86 and x64 versions -Microsoft account integrates into the OS • Login to your computer and all of your services -Includes Windows Defender • Integrated anti-virus and anti-malware -Uses Windows Media Player to Play audio CDs and DVDs -Does not support EFS, Bitlocker, Domain Member, AppLocker, BranchCache -Available in 32-bit (Max 4 GB RAM) and 64-bit (Max 128 GB RAM)

Non-compliant systems

-A constant challenge to stay in compliance when systems are deployed • There are always changes and updates -Standard operating environments (SOE) • A set of tested and approved hardware/software systems • Often a standard operating system image -Operating system and application updates • Must have patches to be in compliance • OS updates, anti-virus signatures • Needs to be checked and verified before access is given

Mapping drives

-Access a share • This PC / Map network drive -Local drive letter and share name • May require additional authentication -Or use the command line: • e.g. "net use x: \\sg-server\mission-reports"

Services

-Background process • No user interaction • File indexing, anti-virus, network browsing, etc. -Useful when troubleshooting the startup process • Many services startup automatically -Command-line control • Can start/stop services with the net start/net stop command -Services is located in Control Panel under Administrative Tools • Type in "services.msc" through search or cmd prompt

Malware network symptoms (Troubleshooting Security Issues)

-Can slow performance or cause lock-ups • Malware isn't the best written code -Can cause Internet connectivity issues • Malware likes to control everything • You go where it wants you to go • You can't protect yourself if you can't download anti-malware software -Can also keep OS updates from installing • Malware keeps you vulnerable • Some malware uses multiple communication paths -Reload or clean to remove malware • Either use a malware cleaner or recover from known good backup

chown (Linux Command)

-Changes file owner and group • Modifies file settings -sudo chown [OWNER:GROUP] file • "> sudo chown professor script.sh" changes the owner of the file "script.sh" to "professor"

Windows 7 Ultimate

-Complete functionality -Supports the following: • DVD playback • Windows Aero • Internet Connection Sharing • IIS Web Server -Supports all enterprise technologies: • Can join a domain • Bitlocker support • EFS (Encrypting File System) -Same features as Windows 7 Enterprise • But for the home user -x86 version supports 4gb RAM -x64 version supports 192gb RAM

Maintain confidentiality (Professionalism)

-Concerns regarding privacy • You'll have access to sensitive information • Both professional and private • Whether on the computer, desktop, printer, mobile phone, desk -You have professional responsibilities • IT professionals have access to a lot of corporate data • Must maintain confidentiality -Be respectful of personal information • Treat people as you would want to be treated

Batch files (Scripting)

-Contains a ".bat" file extension • Scripting for Windows at the command line • Legacy goes back to DOS and OS/2

Wireless connections

-Contains the Network name • such as the SSID (Service Set Identification) -Security type • Encryption method -Encryption type • TKIP or AES -Security key • WPA2-Personal - a Pre-shared key method (password) • WPA2-Enterprise - a 802.1X authentication method (username and password)

Locking cabinets (Physical Security)

-Data center hardware is often managed by different groups • Responsibility lies with the owner -Racks can be installed together • placed Side-to-side -Enclosed cabinets with locks • Ventilation on front, back, top, and bottom

Tools tab

-Easy access to popular administrative tools • UAC settings, System Information, Computer Management, etc. -Faster than searching through menus or typing • A static (but comprehensive) list

Python (Scripting)

-General-purpose scripting language • Contains a ".py" file extension -Popular in many technologies • Broad appeal and support in many operating systems

Black screen (Troubleshooting Windows)

-If you get no login dialog or no desktop • issue might be driver corruption or corruption with OS system files -If changes were recently made to video settings or new video drivers were installed • Start in VGA mode for lower resolution • Press F8 for startup options -If you believe the issue is related to the OS system files • Run SFC - System File Checker • Runs from recovery console • If SFC finds any invalid files, it will replace that file and boot the system with the recovered files -If the problem is related to a video driver • Update driver in Safe Mode or VGA Mode • Download from known good source -Repair/Refresh or recover from good known backup

mkdir

-Makes a directory • Create a folder for file storage -mkdir DIRECTORY • To create a directory called "notes", you use the command "> mkdir notes"

Prepare the boot drive

-Know your drive • Is there data on the drive? • Has the drive been formatted? • What partitions are on the drive? -Backup any old data - You may need that back someday -Most partitioning and formatting can be completed during the installation • Clear the drive and start fresh

Windows at work

-Large-scale support • Thousands of devices supported by IT -Security concerns • Mobile devices with important data that needs to stay safe • Local file shares -Wide varieties of purposes such as the Accounting Dept. working on a spreadsheet • Or Marketing Dept. having the need to play videos -Geographical sprawl - Not all systems are in the same building • Need a way to managed cache data between the sites slow WAN connections

Limited connectivity (Troubleshooting Windows)

-Limited or no connectivity: The connection has limited or no connectivity. You might be unable to access the Internet or some network resources. The connection is limited -Check Local issues • Wireless signal might be weak or might be a disconnected cable • Check IP address configuration • Reboot -External issues • Wireless router rebooted/turned off • Ping your default gateway and external IP

System Configuration (msconfig)

-Manages boot processes • Windows startup applications • Windows services -There are 5 tabs in system configuration • General • Boot • Services • Startup • Tools • Located in Control Panel under Administrative Tools • OR type "msconfig.exe" in cmd prompt or in search bar

Policies and best practices (Privacy, Licensing, and Policies)

-Policies • These are general IT guidelines • Determines how technology should be used • Provides processes for handling important technology decisions -Security best practices • Some security techniques are accepted standards within the industry • Covers both processes and technologies • For example: You need a firewall. Use WPA2. Use strong passwords • Create steps to follow if there's a breach

WARNING (Safety Procedures)

-Power is dangerous -Remove all power sources before working -Never touch ANYTHING if you aren't sure -Replace entire power supply units • Never repair internal components -The devices contain a high voltage • Power supplies, displays, laser printers, etc...

sfc (System File Checker) command

-Scans the integrity of all protected system files • sfc /scannow

Tokens and cards (Physical Security)

-Smart card • Integrates with devices • May require a PIN -USB token • Certificate is on the USB device -Hardware or software tokens • Generates pseudo-random authentication codes -Your phone • SMS a code to your phone

Scheduled backups for Mac OS

-Time Machine - Included with Mac OS X -Hourly backups for the past 24 hours -Daily backups are done for the past month -Weekly backups - All previous months -Starts deleting oldest information when disk is full

A "friendly" DoS

-Unintentional DoSing • It's not always a ne'er-do-well -Network DoS • Layer 2 loop without Spanning Tree Protocol -Bandwidth DoS • Downloading multi-gigabyte Linux distributions over a DSL line -The water line breaks on a higher floor which water would leak from the ceiling into the computer room • This prompts all computer equipment to be turned off and stored away as prevention from further damage

Notepad

-View and edit text files • You'll use a lot of text files -Included with almost any version of Windows

Gestures (Mac OS Features)

-You can do more than just point and click • Extend the capabilities of your trackpad -Use one, two, three fingers • Swipe, pinch, click -Customization • Can enable/disable preferences under System Preferences > Trackpad

File management

-dir • Lists files and directories in cmd prompt -cd • Change working directory in cmd prompt • Include the backslash (\) to specify volume or folder name -.. • Two dots/periods in cmd prompt (e.g. cd..) takes you back up one folder level

pwd vs. passwd (Linux Command)

-pwd • Print Working Directory • Displays the current working directory path • Useful when changing directories often -passwd • Change a user account password • Yours or another • "passwd" to change your own password • "passwd [username]" to change password for a specific user

2

-w-

How many gigahertz (GHz) does a CPU running Windows (32-bit) have to have at minimum?

1 GHz

How many gigahertz (GHz) does a CPU running Windows 7 or 10 (64-bit) systems have to have at minimum?

1 GHz

What AP channels should you use in a 2.4 GHz network to avoid interference?

1,6,11

A computer with at least two Operating Systems installed is called a ______ system

Multiboot

malware removal process

1. Identify and research malware symptoms 2. Quarantine infected systems 3. Disable system restore 4. Remediate infected systems: -update anti-malware software -scan and use removal techniques 5. Schedule scans and run updates 6. Enable system restore 7. Educate end user

In order to join a Windows Domain you must follow these steps: 7. On the Set up a work or school account select join this device to a local ___ ____ ___

Active Director Domain

How many Gigabytes (GB) of storage space does a system running Windows 7 (32-bit) require?

16 GB

What is the maximum amount of RAM supported by 64-bit Microsoft Windows 7 Home Premium Edition?

16 GB

What is the maximum limitation of RAM for Windows 7 Home Premium 64-bit?

16GB

IPv4 Loopback Address

127.0.0.1

Loopback address

127.0.0.1

What is the maximum amount of RAM supported by 64-bit Microsoft Windows 10 Home?

128 GB

What is the maximum amount of RAM supported by 64-bit Microsoft Windows Core 8/8.1?

128 GB

What is the maximum limitation of RAM for Windows 10 Home 64-bit?

128GB

What is the maximum limitation of RAM for Windows 8 Core 64-bit?

128GB

How much disk space does Windows 7 use?

16gb

AES

Advanced Encryption Standard

How many Gigabytes (GB) of system Ram do Windows 7 and 10 (64-bit) systems require?

2 GB

How many Gigabytes (GB) of system Ram do Windows 8 and 8.1 (64-bit) systems require?

2 GB

What type of, and how many, partitions are required for BitLocker on a TPM compliant computer?

2 NTFS partitions

What is the maximum amount of RAM supported by 64-bit Microsoft Windows 10 Education?

2 TB

What is the maximum amount of RAM supported by 64-bit Microsoft Windows 10 Pro?

2 TB

What is the maximum limitation of RAM for any Windows 32-bit?

4GB

Windows versions are given how many years of mainstream support? They are also given the same number of years in extended support

5

What is the maximum amount of RAM supported by 64-bit Microsoft Windows Enterprise 8/8.1?

512 GB

What is the maximum amount of RAM supported by 64-bit Microsoft Windows Professional 8/8.1?

512 GB

What is the maximum limitation of RAM for Windows 8 Professional and Enterprise 64-bit editions?

512GB

What is the maximum amount of RAM supported by 64-bit Microsoft Windows 10 Enterprise?

6 TB

exFAT

64 bit Extended File Allocation Table used for large capacity removable hard drives and flash media.

What is the maximum limitation of RAM for Windows 10 Enterprise 64-bit?

6TB

What is the maximum limitation of RAM for Windows 7 Home Basic 64-bit?

8GB

Windows Batch file comment

::

What is vi?

A Linux command-line text editor

robocopy (robust file copy)

A Windows command that is similar to and more powerful than the xcopy command, used to copy files and folders.

diskpart

A Windows command to manage hard drives, partitions, and volumes.

service

A Windows process that does not require any sort of user interaction and so runs in the background

swap partition

A disk partition disignated for swap space in linux

Authenticated Users Group

All user accounts that have been authenticated to access the system

What is the macOS equivalent of a BSOD?

A pinwheel of death!

Boot Camp

A utility on macOS that allows a full windows installation to be made on a Mac. Applications ->Utilities folder

regsvr32

A utility that is used to register component services used by an installed application.

zero-day exploit

A vulnerability that is exploited before the software creator/vendor is even aware of its existence.

WPA2 replaces the encryption and decryption cipher used before with a new one known as?

AES

An organizations information security policies dictating how devices can or cannot be used when using company provided services is defined under what legal document?

Acceptable Use Policy

The policy that explains what users can and can't do on company equipment is an ___.

Acceptable Use Policy (AUP)

Where are folder and file permissions and denials for individuals and groups kept?

Access Control List (ACL)

The Active Directory service that manages the process that allows a user to sign on to a network from any computer on the network and get access to the resources that Active Directory allows.

Active Directory Domain Service (AD DS)

You are a network administrator given the task of setting up server backups to be saved locally to NAS. You want to ensure that the backups will work properly. What can you set up in order to get information about this?

Alert on failure

Differential backup

All data modified since last full backup(moderate backup time, moderate restore time uses no more than two tape sets)

full backup

All selected data regardless of when it was previously backed up (high backup, time low restore time uses one tape set)

What is the difference between an IDS and an IPS?

An IDS only detects intrusion, whereas an IPS can act to stop intrusions

Business client

An OS designed to work as a client in a business network

LocalSystem account

An account in which if a process is executed it is unrestricted in terms of making changes to the system configuration and file system (better than administrator account)

NetworkService

An account that has the same privileges as LocalService but can access the network using the computer's machine account's credentials

System Information

An application used to provide detailed diagnostic information about your mac

A smartphone and tablet OS developed by Open Handset Alliance and Google..

Android

Examples of companies who use this OS are: Oppo Samsung Sony Motorola LG Acer Asus

Android

Which mobile operating system is built on open-source software?

Android

A customer calls to complain that his android smartphone is locked and he cannot unlock it. You ask him if he has a google account tied to the phone and he confirms he does. What application can you advice him to use to help trouble shoot this problem?

Android Device Manager

Power Users

Appears in legacy applications but is deprecated because the rights allocated to this account type can be abused to allow the user Administrative or System privileges

This is a OS designed to work as a client on business networks

Business Client

Disk Utility

App in macOS used to verify or repair a disk or file system

The official app stores on iOS and Android are called _______ and _______, respectively.

App Store and Google Play Store

Which of the following best describes the Principle of Least Privilege?

Assign users the least permission level required to do their jobs

bootrec

Attempts to fix startup problems.

Step 4 in creating a custom image for deployment of Windows 7 is to: Start the computer in this mode to remove account and profiled users from it.

Audit

What do you need to configure in order for a computer to boot from a Windows 7 Repair disk?

BIOS settings

What Windows CLI program can be used to fix boot problems?

BOOTREC

This is a vital step if you are replacing a existing installation.

Back up data

If your phone becomes hot to the touch what can you disable to hopefully correct this issue?

Background Functions

-can be used to measure changes in Performance over the lifetime of an IT Service -can be used to enable the IT Infrastructure to be restored to a known Configuration if a Change or Release fails. -An ITSM can be used as a starting point to measure the effectiveness of a Service Improvement Plan

Baseline

A RAID utility should be configured and its volumes created at what time in the OS installation?

Before

Control panel

Best place to configure your system in Windows 7

A retina scan is an example of _______ authentication.

Biometric

This is a full volume disk drive encryption feature included with Microsoft Windows.

BitLocker

An encryption tool Microsoft offers for removable flash drives is called __________.

BitLocker-To-Go

___________________ is a Microsoft application that allows you to encrypt removable media such as USB flash drives.

Bitlocker-to-Go

You can manage the maximum amount of RAM to be used in a chosen OS in a multiboot environment under what MSConfig tab?

Boot

Trying every possible combination of characters to crack a password is known as a __________ attack.

Brute force

What is the DOS command to change directories?

CD

A file system commonly used on CDs is ____.

CDFS

Upgrade Windows 8.1 Enterprise to Windows 10

Can upgrade to: • Windows 10 Enterprise Cannot upgrade to (requires clean installation): • Windows 10 Home • Windows 10 Pro

Upgrade Windows 7 Home Basic to Windows 10

Can upgrade to: • Windows 10 Home • Windows 10 Pro Cannot upgrade to (requires clean installation): • Windows 10 Enterprise

Upgrade Windows 7 Home Premium to Windows 10

Can upgrade to: • Windows 10 Home • Windows 10 Pro Cannot upgrade to (requires clean installation): • Windows 10 Enterprise

Laser printer process: step two. the photosensitive drum is given a negative charge

Charging

This is a feature of Windows 8 which provides access to Windows Search, Sharing, Start menu, Devices, and Settings. The menu appears when the mouse cursor is positioned at the top-right or bottom-right corner of the Windows 8 GUI, or the keyboard shortcut Windows key + C is pressed.

Charms (or Charms Bar)

During a Full Format the sectors of a drive are ______ for bad sectors.

Checked

What tool allows for the checking of logical and physical file systems while attempting to repair any errors found?

Chkdsk

A proprietary OS derived from Linux. Developed by Google. Runs on specific laptops and PC hardware

Chrome OS

An operating system used primarily for web based applications

Chrome OS

This is the method of installing a fresh copy of a OS to a new system or overwriting an old system with a new one.

Clean install

ipconfig /flushdns

Clears the DNS resolver cache

To repair a Windows 7 installation there are 4 steps this is step 3

Click Install Now

The number of bits allocated to define colors on a monitor is referred to as ________.

Color depth

The key combination to force quit on a Mac is...

Command-Option-Esc

CIA

Confidentiality, Integrity, Availability

System Log

Contains information about service load failures, hardware conflicts, and driver load failures

Application Log

Contains information regarding the application errors

Network Group

Contains user accounts of any users connected to a computer over the network

This is a management interface for configuring Windows 7 (and beyond) settings

Control Panel

What utility file can be used to convert a FAT partition into a NTFS partition but can not do the reverse?

Convert.exe

Windows must be installed in what type or style of file partition?

NTFS (New Technology File System)

A _____ server assigns hosts IP addresses and other network parameters.

DHCP

What kind of server provides hosts with IP addresses and network information when they connect to a network?

DHCP server

Script file syntax. This Visual Basic Script syntax will allow you to declare a variable value

DIM

What command declares variables in visual basic programming?

DIM

What is the DOS command to list the contents of a directory?

DIR

A _____ server helps hosts translate domain names into IP addresses.

DNS

Workgroups employ a __________ architecture whereas domains employ a __________ architecture.

Decentralized, centralized

Using a strong magnetic field to wipe a hard drive is referred to as ________.

Degaussing

Which of the following settings are used for establishing a dial-up connection in Windows?

Dial-up phone number / User name / Password.

Downloading a list of millions of previously leaked passwords and running them against a website is a _________ attack.

Dictionary

This displays a report and determines its ability to support 3D graphics and sound in a Windows system

DirectX Diagnostic Tool

______ graphics device with Windows Display Driver Model 1.0 or higher driver is a requirement for Windows (32-bit) systems.

Directx 9

net user dmartin /active:no

Disables dmartin account

You can inspect and configure disks, partitions, and file systems using this Windows tool console.

Disk Management

Which of the following macOS utilities allows to create/restore a disk image?

Disk Utility

What tool allows you to log and view hard disk activity?

DiskMon

What command prompt can covert partitions to GPT or MBR?

Diskpart

What is a utility file that is used to create partitions on a disk and can convert a basic disk into a dynamic one and the reverse?

Diskpart.exe

ipconfig /all

Displays DHCP, DNS server, MAC address, and NetBIOS status

Full Control

Do anything with the object, including change its permissions and its owner

The System Configuration utility in MS Windows can be launched by:

Double-clicking on the System Configuration icon shortcut in the Administrative Tools folder / Typing msconfig (or msconfig.exe) in the Command Prompt and pressing Enter / Pressing simultaneously the Windows and R keys, typing msconfig (or msconfig.exe) in the Run window, and pressing Enter

in order to manage a hard disk the computer setup program must have an appropriate

Driver

This is the ACRONYM used in referring to the term used with respect to a product supplied to customers, indicating that the product is in the end of its useful life (from the vendor's point of view), and a vendor stops marketing, selling, or rework sustaining it

EOL (End of Life)

Where can you find information about how a particular type of software can and cannot be used?

EULA

You often cannot use software unless you enter into this agreement. Acronym

EULA (End User Licence Agreement)

Malware Removal steps: Step 7

Educate the end user

The BranchCache feature is available in Windows Enterprise and what other edition?

Education

man/ --help

Either parameter will generate a detailed explanation of the command in Linux

WiFi protected setup requires that the SSID broadcast is___

Enabled

In order to operate, an integrated component such as Network Interface Card (NIC) may need to be first:

Enabled in the advanced BIOS settings menu

format D: /fs:NTFS /x

Enables file compression using NTFS

Drive wiping

Ensures old data on a hard drive is destroyed by writing zereos or a random patter to each location on the drive. Makes disk suitable for re-use

This is an agreement often used for corporations and large businesses that allows distribution of software company wide.

Enterprise License.

Data is ____ during a Full Format

Erased

A system partition that is used by UEFI computers uses a type of formatting style called

FAT

What Windows utility can be utilized to determine if a service is causing a cascading failure?

Event Viewer

Windows Security logs can be found under what tool set?

Event Viewer

Local Group Policy(gpedit.msc)

Exposes the whole registry configuration using a dialog-based interface(Offers a wider range of settings than Local Security Policy)

Laser printer process: step 3. Wherever the intended page has words or images to display the negative charge is removed or neutralized from the photo sensitive drum.

Exposing

Although Windows partitions in a multiboot environment must be NTFS in order for other OSs such as Linux to communicate with them what style format is recommended so long as file transfers are kept below 4GB?

FAT32

In addition to a NTFS data drive what is another common type of data drive BitLocker can encrypt?

FAT32

The 4 GB maximum file size limit and 2 TB maximum volume size limit are the characteristic features of:

FAT32

This is a partition that can be used to restore an OS environment to the same state in which it first arrived.

Factory recovery partition (also known as a Recovery or Rescue Disc)

The file manager in macOS is called...

Finder

Which of the following are examples of inheritance possession (something you are) to support multi factor authentication?

Fingerprint reader Retinal scanner

ipconfig /renew AdapterName

Forced DHCP client to renew lease it has for an IP address(if AdapterName is omitted it releases or renews ALL adapters on the network)

In Windows Disk Management utility on a local computer, a dynamic disk that has been moved from another computer and found by the OS is labeled as:

Foreign

The ability for communication to occur in both directions on a wire simultaneously is called __________.

Full duplex

Laser printer process step 6. Heat and pressure are used to permanently affix the toner to the paper

Fusing

In order for you to boot a computer to UEFI mode what type of partition must the hard disks partitions be set or converted to?

GPT (GUID Partition Table)

GPT

GUID Partition Table, part of EUFI, successor to MBR. Windows allows up to 128 partitions at 2TB each. It also has a back up copy for parition entries

Step 5 in creating a custom image for deployment of Windows 7 is to: Remove unique information from your Windows installation by _______ the computer

Generalizing

popular linux GUIs

Gnome, KDE, Cinnamon, Xfce

The I/O, IRQ and memory address settings used by the CPU for component communications are contained here

Hardware Resources

ID badges and smart cards are examples of something you ______.

Have

This OS is designed to work on standalone or work group PCs in a home or small office environment.

Home client

Change management six steps Step 4 At this stage, apply the change and monitor the results. If the desired outcome is not achieved, or if other systems or applications are negatively affected, back out the changes.

Implement and monitor the changes; back out changes if necessary

A file is failing to open in Windows. What's a common reason for this?

Improper extension is causing the wrong program to open it

Local Security Policy(secpol.msc)

In administrative tools. You would use this to configure password and account policies with out going into the registry

An installation that is written on top of a existing OS that retains the applications, user setting and data files is called?

In-place upgrade

This is a type of record that contains: What happened? What was required for recovery? Who was involved? What follow-up actions are needed? What lessons were learned?

Incident documentation

Event types

Information Warning Error Critical Successful Audit Failure Audit

ICM

Information Content Management - the process of managing information over its life cycle

footprinting

Information gathering threat in which the attacker attempts to learn about the configuration of the network and security systems

Footprinting

Information gathering threat in which the attacker attempts to learn about the configuration of the network and security systems.

When copying a file from one folder to another on the same partition, explicit NTFS permissions are ____

Inherited

To repair a Windows 7 installation there are 4 steps this is step 1

Insert DVD

Which of the following locations in MS Windows provide(s) access to the Internet Properties (inetcpl.cpl) system utility?

Internet Options applet in Windows Control Panel / Network and Sharing Center applet in Windows Control Panel / Windows Run dialog box (after typing in inetcpl.cpl and pressing Enter) / Internet Options menu item in Internet Explorer's Tools menu.

Which of the following settings are used for establishing a VPN connection in Windows?

Internet address (domain name or IPv4/IPv6 address) / Destination name / Smart card (optional).

A communication channel between a hardware device and the system processor:

Interrupt Request (IRQ)

.js

JavaScript

GPT allows for ________ drivers and _______ partitions than MBR.

Larger and more

Assigning only the permissions a user needs to perform his or her job is known as the principle of ___________.

Least privilege

32-bit editions of Windows need to be installed in what type of mode?

Legacy BIOS mode

Guests

Limited rights such as browsing network and shutdown, but they cannot save changes made to the desktop

What device helps protect against brownouts and power spikes, while providing steady live voltage frequencies to equipment?

Line Conditioner

In the case that your computer has legacy firmware and does not recognize the disk or volume you can use what option in the Where do you want to install Windows dialog box in set up?

Load Driver

Normal Startup

Load all device drivers and services

The command to open a Remote Desktop session is...

MSTSC

Which of the following answers refers to the MS Windows client application for Remote Desktop Services (RDS)?

MSTSC

What tab should you click on to update a router's firmware?

Management

What tab will allow you to update a router's firmware?

Management

Computer Management

Management console with multiple snap-ins to configure local users and groups, disks, services, and devices

The user interface introduced with Windows 8 is called _________.

Metro UI

What are frequent causes of BSODs?

Missing or corrupt files and drivers, malfunctioning hardware

A macOS system feature providing single-screen thumbnail preview of all open windows and applications is known as:

Mission Control

This type of enterprise software can be used by administrators to restrict the use of apps, monitor device use and even allow or deny use of built in device features such as camera and microphone usage while on company networks.

Mobile Device Management (MDM)

Change management six steps Step 6 You may need to modify the entire change management process to make it more effective. Consider reexamining your change management discipline if: Changes are not being applied on time. Not enough changes are being processed. Too many changes are being backed out. Changes are affecting the system availability. Not all changes are being covered.

Modify change management plan if necessary

Moving files and folders to a FAT or FAT32 partition

Modify permission is required for the destination folder. All permissions and NTFS attributes(such as encryption) are lost, FAT does not support permissions or special attributes

Where can you fix misalignment between screens when using multiple monitors?

Monitors can be arranged and oriented in Display Settings

A customer wants an application to start up as soon as he turns the computer on. What Windows tool do you recommend he utilizes to accomplish this goal?

Msconfig

What is the RAM benefit of using 64-bit architectures over 32-bit architectures?

Much more memory is supported

A password and smart card are examples of what type of security system?

Multi-Factor Authentication

Requiring both a password and time-based PIN to log into a website is an example of ________ authentication.

Multifactor

This is a technology used in CPUs to segregate areas of memory for use by either storage of processor instructions (code) or for storage of data: -it helps protect code against Malware attacks that overflow a system with garbage data

NX bit (no execute)

MacOS uses this network boot method

NetBoot

A technology from Apple which enables Macs with capable firmware (i.e. New World ROM) to boot from a network.

Netboot

NLA

Network Level Authentication - Authenticates user before committing any resources to RDP session preventing denial of service attacks

Name that OS type: an OS designed to run on servers in business networks

Network Operating System

What type of configuration info is used for setting up a wireless connection in Windows?

Network name / Encryption type / Security type / Security key

Do MAC address filtering or disabling SSID broadcast provide strong security?

No, MAC addresses can be spoofed and WiFi networks can be found whether or not they are broadcasting an SSID

Data is ______ during a quick format

Not Erased

During a Quick Format the sectors of a drive are ___ for bad sectors

Not checked

Control

Not the apple equivalent of the Ctrl button

When you use MSconfig to generate a boot log on startup what is the name of that log created?

Ntbtlog.txt

What configuration utility in Windows is used to facilitate communication between applications and varying types of databases?

ODBC Data Sources (odbcad32.exe)

What is the best way to stay ahead of previously unknown vulnerabilities in PC devices?

OS updates

Which of the following disk status options in Windows Disk Management utility indicates that a dynamic disk might be corrupted or intermittently unavailable?

Offline

chkdsk C: /i /c

On NTFS volumes only skips part of the checking process

What is the correct sequence of steps required to close a non-responsive user application in Task Manager in Windows 7?

On the Applications tab, right-click the program that isn't responding, click End Task button

Which of the following answers describes the correct sequence of steps required to close a non-responsive user application or process in Task Manager in Windows 8/8.1/10?

On the Processes tab, right-click the program/process that isn't responding, click End Task button

Microsoft's cloud storage solution is called ________.

OneDrive

In Windows Disk Management utility, a normal disk status indicating that the disk is ready for read/write operations is labeled as:

Online

Which of the following disk status options in Windows Disk Management utility indicates Input/Output (I/O) errors on a dynamic disk/volume?

Online (Errors) / Healthy (At Risk)

Which of the following allows to view hidden files, folders, and drives in Windows 8/8.1/10?

Open the File Explorer Options applet in Windows Control Panel, then select Show hidden files, folders, and drives in the Advanced settings on the View tab.

Windows key + r

Opens the Run dialog box

dir/o:d

Order by date

Its best to allow Windows Setup to ___ ____ ___ when installing from a UEFI DVD.

Partition the drive

The boot method of a Internal hard drive may either have its boot records consolidated into a singular one of these or spread across many.

Partition(s)

The practice of dividing hard disk space into isolated logical storage units that behave like separate disk drives is known as:

Partitioning

Company A calls tech support to complain that Company B a couple doors down is piggybacking on their open wireless connection that have for guest use. They want to keep the connection open for guests but want a solution to prevent Company B from using it. What configuration settings can allow this be accomplished?

Power levels

In Windows Disk Management utility, a dynamic disk status set to Offline/Missing indicates that the missing disk may be:

Powered down / Corrupted / Disconnected

Regular backups, disk maintenance, and software updates are all best ______.

Practices

taskkill /pid

Process ID used to specify a process to kill

In Windows 8 and later editions what Task Manager tab allows you to to close a application that isn't responding by right click the program and selecting the End Task button?

Processes

PHI

Protected Health Information - medical and insurance records, plus hospital lab results

msinfo32

Provides information about hardware resources, components, and thesoftware environment. Also known as System Information.

Which of the following describe(s) the function of Windows Task Manager?

Provides real-time reports on how a computer running Windows OS is using system resources (CPU/RAM/HDD/Network usage) / Allows system administrators for managing the currently logged-in users / Displays information on programs, processes, and services that are currently running on the computer / Allows to close a non-responsive application in Windows

Windows periodically has ___ ___ which do not usually make radical changes to Windows. However it may include new features and occasionally cause compatibility problems with some hardware devices and software apps.

Quality Updates

Malware Removal steps: Step 2

Quarantine the system

nslookup -Option Host Server

Queries a dns server about a host

What is the fastest way to prepare it for a full Windows operating system installation?

Quick Format

Malware that encrypts your files and demands payment for the decryption key is called ________.

Ransomware

This is a type of malware that may appear real. It could have a official seeming symbol, and state that your computer has been seen doing something illegal. The malware then states that you must pay to unlock your system.

Ransomware

Write

Read a file and change it, or create a file within a folder, but not to delete it

A error that says "Cannot read from the source disk". What is this a symptom of

Read/write Failure

shutdown -r

Reboot after shutdown

Change management six steps Step 2 Receive all requests for changes, ideally through a single change coordinator. Change requests can be submitted on a change request form that includes the date and time of the request.

Receive change requests

RSSI

Received Signal Strength Indicator - an index level calcuated from signal strength. If it the connection speed is below the RSSI minimum the wireless adapter will drop the signal

The number of times a screen can update itself per second is called the ___________.

Refresh rate

RADIUS stands for?

Remote Authentication Dial-In User Service

RADIUS

Remote Authentication Dial-In User Service - a type of authentication suitable for server and domain based networks

RADIUS

Remote Authentication Dial-In User Service - under this protocol Authentication, Authorization, and Accounting are performed by a seperate server

What type of application will help prevent data loss in the event that your phone is stolen or lost?

Remote Backup

If Windows slow performance and cannot find a single cause it may become necessary to perform this type of installation.

Repair Install

This is a snapshot that allows a computer to return to the point in time in which it was captured

Restore Point

Script file syntax. This batch file syntax will allow you to declare a local value that is defined only while the batch is executing

SET

What batch file command will declare a variable only while the batch is executing?

SET

Script file syntax. This batch file syntax will allow you to declare a persistent environmental variable value

SETX

If you are using a Hybrid SSD what area of it should you install the boot partition to improve performance?

SSD

This is a name to identify a WLAN by. You should change it to something you can recognize easily.

SSID

If your computer's antivirus identifies a infection but is unable to remove it because the program is in use, what mode that limits start up services and running program can you boot into = to try to run the antivirus again in order to remove it?

Safe Mode

You can set IE's security level for individual zones under the ______ tab of Internet Properties.

Security

SAM

Security Accounts Manager - where the local accounts are stored

A computer resource made available from one host to other hosts on a computer network is called a

Shared Resource (or Network Resource)

A type of user interface that enables the execution of operating system commands is commonly referred to as:

Shell

netstat -b

Shows the process that has opened the port

Three most effective types of physical data destruction?

Shredding, Incineration, Degaussing

This is a power-saving state that allows a computer to quickly resume full-power operation (typically within several seconds) when you want to start working again.

Sleep (Mode)

A power management mode in Windows that draws small amount of power, saves the system state in RAM, and allows for quick resuming of full-power operation with the use of a power button or on command is known as:

Sleep/suspend / Standby

Which of the following are samples of authentication possession (something you have) to support multi factor authentication?

Smart card Key fob

Information including drivers, environment settings, and network connections can be found under here

Software Environment

This is a type of social engineering email based attack that targets a specific individual, organization or business in the attempt to obtain personal information or to direct them to a website where their systems can become infected with malware.

Spear phishing

Which of the following is a macOS system search utility?

Spotlight

Which volume type in Windows Disk Management utility uses RAID 5 setup for performance gains and fault tolerance?

Striped with parity volume

Windows 7 Professional

Supports the following: • DVD playback • Windows Aero • Internet Connection Sharing • IIS Web Server -Supports all enterprise technologies: • Can join a domain • EFS (Encrypting File System) • Supports Remote Desktop Host -Missing enterprise technologies • BitLocker is NOT supported -x86 version supports 4gb RAM -x64 version supports 192gb RAM

A hidden file (or files) on the hard disk that Windows uses to hold parts of programs and data files that cannot be stored in RAM due to the insufficient memory space is called:

Swap file / Paging file / Virtual memory

A business owner wants encrypt the disk of her Windows 7 laptop to add a extra layer of security in case of loss or theft. She wants to encrypt the OS using BitLocker and require verification of early boot components and configuration data. What are the two requirements her laptop meet in order to accomplish this task in Windows 7?

TPM version 1.2 and Two NTFS partitions

cd/

Takes you back to the root of the cmd prompt

You need to back up a Linux system from command line. What prompt should you use?

Tar

In Windows 8 and newer releases of the Microsoft OS, contents of the MSConfig's Startup tab can be viewed and managed via:

Task Manage

A computer running Windows 10 is experiencing performance issues. What do you need to configure so that only select applications are launched after it has been restarted?

Task Manager

What Windows tool can be used to run a program every weekend?

Task Scheduler

TKIP

Temporal Key Integrity Protocol

Which of the following system utilities provides access to different command-line shells in macOS?

Terminal

AUPs and _____ serve the same purpose for an Internet Service Provider

Terms of Service

_____ groups have been implicated in DDoS attacks (cyber warfare).

Terrorist

system partition

The active partition of the hard drive containing the boot record and the specific files required to start the Windows launch.

Active directory

The database that contains the users, groups, and computer accounts in a Windows Server Domain

Which of the following enable a newly added disk to show up in Windows File Explorer?

The disk needs to be initialized /The disk requires a drive letter / The disk can be mounted as a folder

If an update fails and displays a error message what is the most important piece of information to write down from it?

The error number

Secret

The info is too valuable to permit any risk of its capture. Viewing is severely restricted

latency

The time it takes for a signal to reach the recipient

Destination Unreachable

There is no routing information

boot sector virus

These attack the boot sector, partition table, and file system

Interactive Group

This group contains the user account of the person currently working at the computer

ctrl + shift + enter

To run as admin, search for the application and enter this key command

The System Configuration tab in MS Windows providing access to MMC snap-ins is called:

Tools

Laser printer process Step 5. The transfer roller transfers the toner from the drum to the paper

Transferring

Disabling your SSID broadcast and reducing ___ ___ can help increase security by making your wireless network less visible.

Transmit Power

Which of the following best describes the kind of malware that infected the CFO's laptop after he downloaded and installed a popular file sharing app?

Trojan

Regulatory (Documentation Best Practices)

Types of regulating bodies: -Sarbanes-Oxley Act (SOX) • The Public Company Accounting Reform and Investor Protection Act of 2002 -The Health Insurance Portability and Accountability Act (HIPAA) • Extensive healthcare standards for storage, use, and transmission of health care information -The Gramm-Leach-Bliley Act of 1999 (GLBA) • Disclosure of privacy information from financial institutions

When set what will allow you to prevent anyone from being able to boot a Windows 10 PC?

UEFI user password

An installation that doesn't need to be supervised is called a(n) ________ installation.

Unattended

This is the full name for the modern replacement to the old Basic Input/Output System firmware in computers.

Unified Extensible Firmware Interface

UTM stands for...

Unified Threat Management

Which of the following disk status options in Windows Disk Management utility indicates that a basic or dynamic disk is not accessible and might have experienced hardware failure, corruption, or I/O errors?

Unreadable

Malware Removal steps: Step 3

Update anti malware software

Before you scan a suspected malware or virus infected computer what step should you take?

Update virus definitions

This automated software allows you to check if a computer's existing hardware and some software will be comparable with a newer version of Windows.

Upgrade Advisor

System Configuration Utility(msconfig)

Used to modify settings and files that effect the affect the way the computer boots in windows

Microsoft Windows User Accounts in Control Panel and what other component allow system administrators to enable/disable user accounts?

User Account Control (UAC)

This is a Windows Security System designed to restrict access to all but those with administrator privileges.

User Account Control (UAC)

UAC

User Account Control. Informs you when a program makes a change that requires administrator-level permission, also adjusts the permission level of your user accounts

What is a simple function for Janice to set that will prevent her children from being able to access her computer?

User Password

What Task Manager tab in MS Windows allows system administrators to disconnect a user (invoke a Windows lock screen) or to sign them off (force a user to log off).

Users

Malware Removal steps: Step 1:

Verify the infection

Read/list/execute

View the contents of a file or folder or start a program

Reliability and Performance Monitoring

View the performance of the local computer

Swap partition, Extended partition and what other option can be used as an Random Access Memory extension?

Virtual Memory

What is an area of a hard disk allocated to contain pages of memory called?

Virtual Memory

VNC

Virtual Network Computing - freeware that works over TCP port 5900 with similary functionality to RDP. Screen Sharing is based on VNC

VPN stands for

Virtual Private Network

What has replaced Multiboot as a much simpler way of achieving having multiple operating systems readily available and exceeded it by allowing them to be used concurrently?

Virtualization

In order to keep ahead of malware and virus threats its important to keep these up to date and perform regular scans of systems.

Virus Definitions

Macro viruses

Virus that takes advantage of the macro programming languages built into some software.(affect an Office Document)

Name the only edition of Windows 7 that can upgrade to Windows 10 Enterprise without requiring a new installation:

Windows 7 Ultimate

What will allow a network packet such as one used by a network attached printer to switch a computer from a dormant state to an active one?

Wake on LAN (WOL)

WoL

Wake on LAN - Allows you to start up the computer remotely

WoWLAN

Wake on Wireless LAN

What command is used to perform backups and restores of operating systems, drive volumes, computer files, folders, and applications from a command-line interface?

Wbadmin

Low Level Format

When a new harddisk leaves the manufacturer, creates cylinders, tracks and sectors on the platters

Although it is available in earlier versions of Windows the support for BitLocker started with which WIndows OS?

Windows 8

What type of connections use less power and help save battery life on a smartphone but often need to be set up first?

WiFi

Windows 10 Editions

Windows 10 Home Windows 10 Pro Windows 10 Education Windows 10 Enterprise

This version of Windows imposed significant user interface changes. These changes were primarily centered on providing support for touchscreens. It was not popular with users who used previous versions of Windows.

Windows 8 (and Windows 8.1)

Which of the following locations provide access to proxy settings in Windows?

Windows Settings menu -> Network & Internet -> Proxy / Windows Control Panel -> Internet Options -> Connections tab -> LAN settings -> Proxy server.

Which of the following locations in Windows 10 provide access to configuration options for connecting a network printer to a PC (network printer mapping)?

Windows Start button -> Settings -> Devices -> Printers & scanners -> Add printers & scanners -> Add a printer or scanner -> select a printer -> Add Device / Control Panel -> Devices and Printers applet -> Add a printer.

Which of the following locations in Windows 10 provide access to configuration options that allow to share a local printer with other PCs on a network?

Windows Start button -> Settings -> Devices -> Printers & scanners -> select a printer -> Manage -> Printer Properties -> Sharing tab /Control Panel -> Devices and Printers applet -> right-click on a selected printer -> Printer Properties -> Sharing tab.

.bat

Windows batch file

This is the step by step instructions for performing installation or configuration tasks using specific product or technology and credentials.

Work instruction

What is the term for a computer infected with malware that can be used to perform malicious tasks of one sort or another under remote direction.

Zombie

Python escape character

\

Bitlocker

a microsoft utility to encrypt a drive

Which of the MS Windows command-line commands lists the user accounts for the computer?

net user

*WHALING*

a phishing attack that targets people who are known/believed to be WEALTHY, such as CEO's or the "Big Dogs" of a company

*SPEAR PHISHING*

a targeted attack where the attacker has some information that makes the target more likely to be fooled.

*Eavesdropping* (sniffing)

a threat that captures and reads data packets as they move over a network (often using "packet sniffers" like Wireshark which captures the live network traffic

Tailgating can be done without the targets knowledge, but it can also be done WITH their knowledge in order to...

allow someone access to the area without having to record it in the buildings Entry Log.

answer file

an xml text file that contains all the instructions a Windows Setup program would need to install and configure an OS with out any administrator intervention

*LOGICAL TOKEN*

assigned to a user or computer when they authenticate to some service (example: web cookie)

dd

can be used to specify that date within the month(0-31) in cron

In order to join a Windows Domain you must follow these steps: 6. Under connect to work or school select

connect

Data Sources

control connection to databases set up on the local computer

Remote Settings location

control panel -> system properties -> remote settings

In Linux, a command to transfer exact copies of data from one place to another is ______.

dd

After an OS has been installed its a good idea to set the internal fixed disk, or the boot partition on it, to the _____ boot device and disable any other boot devices.

default

In order to get a PC that is taking a long time to boot you have already removed applications from startup but this did little to help. What else can you do to the hard disk drive to correct this issue?

defragment

What is the top level of the user interface displayed on screen when Windows starts and the user logs on known as?

desktop

What command line command launches the Device Manager tool in Microsoft Windows?

devmgmt.msc

Which of the following launches the Device Manager tool in Microsoft Windows?

devmgmt.msc

Digital rights management (DMR) controls what a purchaser can ___ or ___ ___ with hardware and media.

do, not do

Windows does not allow you to join this type of networking model during an unattended installation but otherwise it must be accessed in System properties.

domain

Social engineering depends on _____ factors rather than technology.

human

Apple's cloud storage service is called...

iCloud

___ is the operating system for iPhone smartphones and and iPads tablets

iOS

script file

is a text document containing commands for the operating system. The commands are run in the order they are listed

dd

linux command that makes a copy of an input file to an output file

FOR creates a ____ in a windows batch file

loop

Step 7 in creating a custom image file for image deployment of Windows is to Create new Windows 7 installation ____ for the custom image on the technician computer.

media

Ways of mitigating Social Engineering attacks include training employees to...

only release info using standard procedures identify PHISHING-style attacks (plus any new styles that develop in the future) not release ANY work-related info on third-party sites or social media NEVER reuse work account passwords

mstsc

opens a Remote Desktop connection from command line

devmgmt.msc

opens device manager from runline

John visits his email provider's website daily to check his email. Today however he received an unusual message that states the site's certificate is not from a trusted source and asked if he wishes to continue to the site or exit. John quickly realizes that the site may have been hacked and redirected to another site and exits. What type of site has he realized he was most likely redirected to?

phishing site

When preparing for malware recovery in a company environment it is a good idea to prepare response polices and ___ as a first step.

procedures

virtual memory

process of optimizing RAM storage by borrowing hard drive space

In Linux, to switch to the root user, run _____. To switch to any other user, run _____.

ps, ps <user>

What Linux command tells you where you are currently in the filesystem?

pwd

control + C

quits a running program in command prompt

4

r--

5

r-x

shutdown now, +10

reboot 10 minutes from now

Social Engineering is best mitigated by training users on how to _____ and _____ to certain situation.

recognize, respond

popular linux distros

redhat/CentOS, SUSE, Debian/Ubuntu, Knoppix

apt-get update

refresh the local database with information about the packages available from the repository

To open the Registry Editor, press Win+R and enter _______.

regedit

Which of the following system utilities in MS Windows provides access to a database containing system configuration information?

regedit

Which other command-line command besides regedit can be used to launch registry editor in Windows?

regedt32

Another way to mitigate Social Engineering attacks is to establish a ______ _____ for suspected attacks.

reporting system

In order to join a Windows Domain you must follow these steps: 11. after you've done all the other steps you must do this common first step in any IT process

restart PC

6

rw-

*CRYPTOGRAPHIC HASH*

scrambles the data in a way that the original plain-text password is *normally* unrecoverable

In a multiboot environment where should each OS be installed?

separate boot partitions

Activation Lock/Device Protection

services that work in the device firmware that prevents restores or the disabling of location services

weekday

sets the day of the week in cron in either numerical or text format

What allows a single user account to log onto any computer within a domain in which they are authorized?

shared central user account database

tasklist /svc

shows a list of services within each process

Resource Monitor

shows an enhanced version of the sort of snapshot monitoring provided by task manager

net user dmartin

shows the properties of the dmartin account

Obtaining a logical token or software token can allow attackers to perform a _____ attack.

spoofing

*RISK*

the LIKELIHOOD and IMPACT (or consequence) of a threat actor exercising a vulnerability

*THREAT*

the POTENTIAL for a threat agent/actor to "exercise" a vulnerability (security breach)

*IMPERSONATION*

the attacker pretends to be someone else

confidential

the information is highly sensative, for viewing only by approved persons within the organization

802.1x

the standard that defines a Port-based Network Access Control mechanism

network mapping

tools used to gather information about the way a network is built and configured

*CYBER WARFARE*

the use of IT services and devices to disrupt national, state, or organization activities, especially when used for military purposes

bootrec /fixboot

to attempt repair of the boot sector

You've updated a new device driver and your computer stops running properly. What is the quickest way to tell your computer to dump the new driver and use the old one?

use Last Known Good Configuration

xcopy

utility that allows you to copy the contents of more than one directory at a time and retain the directory structure

In order to join a Windows Domain you must follow these steps: 1. to connect to a domain network you must be using a ____ connection

wired

Joining a domain

• Cannot be a Windows Home edition • Needs to be Pro or better • managed in Control Panel / System • Need proper rights to add the computer to the domain

Upgrading from Windows 7

• Keeps Windows settings, personal files, and applications • Must upgrade to a similar Edition

DiskPart command

• Manage disk configurations • "diskpart" - start the DiskPart command interpreter at the cmd prompt

Another PHISHING attack technique includes spawning a _____ when a user visits a genuine site in an attempt to get the user to enter their credentials into it.

"pop-up" window

Bash shell script comment

#

PowerShell Script comment

#

python comment

#

ch modes (Linux Command)

# Permission r w x 7 Read, Write, Execute r w x 6 Read, Write r w 5 Read, Execute r - x 4 Read only r - - 3 Write, Execute - w x 2 Write only - w - 1 Execute only - - x 0 none - - -

Example of a script (Scripting)

#!/bin/sh // Add the first input string INPUT_STRING=hello // Keep looping if the string isn't equal to bye while [ "$INPUT_STRING" != "bye" ] do echo "Please type something in (bye to quit)" read INPUT_STRING echo "You typed: $INPUT_STRING" done

windows batch file escape character

%%

VBScript comment

'

Which of the following is a file system designed for optical media?

(CDFS) Compact Disc File System

A type of proprietary file system used in Apple OSs is known as:

(HFS) Heirarchical File System

shutdown 17:30

shutdown at 5:30

shutdown /r

shuts down and restarts a pc from the cmd prompt

shutdown -t 30

shuts the computer down in 30 seconds

*FINGERPRINTING*

similar to Footprinting, but the attacker is trying to learn the configuration of a particular host instead of the entire network

*PORT SCANNING*

software that lists TCP/UDP ports on a target system that accepting connections

mm

specifies minutes past the hour in cron(0-59)

hh

specifies the hour in cron(0-23)

It has been determined by IT personnel that several computers at XYZ company have been infected with malware that has sent personal and network information to a remote location outside the company. What is this type of malware called?

spyware

*SHOULDER SURFING*

stealing secure information including a PIN or password by watching an individual type it

kill

stops a process using its Process ID

A command to run a single command with root privileges in Linux is _____.

sudo

The system preparation tool command line prompt that will allow you to remove any unique information from your Windows installation

sysprep /generalize

Which of the answers listed below refers to the correct syntax for a Windows Command Prompt taskkill command that would allow to close notepad.exe by providing its imagename?

taskkill /im notepad.exe

Provided that the process ID of notepad.exe obtained with the tasklist command is 1230, which of the following answers lists the correct syntax for a Windows Command Prompt taskkill command that would allow to close this application?

taskkill /pid 1230

Which of the following command-line commands in Windows displays a list of currently running processes on a local or remote host?

tasklist

image

template containing the OS and required software

taskkill /f /pid processid

terminates process without any user notification

Windows + Ctrl + Shift + B

tests whether or not a system is responsive

multiboot

the capability for choosing between two or more operating systems to boot from when a computer is turned on. A separate partition is required for each operating system.

*DICTIONARY ATTACK*

the use of a password cracker to match the hash of those found in ordinary dictionary words (such as user or company names, pets names, or other data that people naively use as passwords)

*BRUTE FORCE ATTACK*

the use of password cracking software that tries to match the hash against one of every possible combination it could be

taskkill

to terminate a tasks by process id (PID) or image name from the cmd prompt

bootsect

tool to copy code to make the parition bootable

diskpart

tool to setup partitions on a hard drive. Sets up active partition

WIndows Memory Diagnostic

tool to test the memory chips for errors

*NETWORK MAPPING*

tools used to gather info about the way a network is build and configured, including the current status of hosts

*ZOMBIES*

unauthorized software that directs the devices to launch a DDoS attack

Logical controls

user authentication login, firewalls, anti-virus software

The dangers of using a recovery disc tool is:

user data loss

ugo

user group others

linux user commands

useradd, usermod, userdel

printenv or env command

view and change environment variables

classified

viewing is restricted to the owner organization or to third parties under a Non-disclosure Agreement

VMM

virtual memmory monitor - manages the memmory mappings and assignments

shutdown /s /t nn

waits seconds before shutting down pc from the cmd prompt

A server that operates on port 80 and/or 443 is a _____ server.

web

A *specific* example of a REPLAY ATTACK might be...

when a user is on a website that requires authentication and closes the window without clicking "log off" before hand and an attacker quickly reopens that session and gains access.

*TAILGATING*

when an unauthorized individual enters a secure area by following closely behind an individual who is allowed to open the door or enter the checkpoint

What is a Microsoft peer-to-peer networking model that groups together computers with shared access and resources called?

workgroup

In order for users to access network resources in a server a network administrator must first grant ____ ____ on the mapped drive.

write/delete permissions

xcopy command

• Copies files and directory trees • xcopy /s Documents m:\backups -- Copies directories and subdirectories except empty ones in the documents folders to drive "M:\backups" folder

WPA (Wi-Fi Protected Access)

• Created in 2002: WPA was the replacement for serious cryptographic weaknesses in WEP (Wired Equivalent Privacy) • Don't use WEP on any wireless networks -WPA was a short-term bridge between itself and whatever would be the successor • This encryption could run on existing hardware and provide a level of security above the capabilities of WEP • WPA: RC4 with TKIP (Temporal Key Integrity Protocol) • Contained a larger Initialization Vector (IV) than WEP and added an encrypted hash • Every packet would get a unique 128-bit encryption key for security

Upgrading from Windows 8.1

• Keeps Windows settings, personal files, and applications • Must upgrade to a similar Edition • You cannot upgrade directly from Windows 8 to Windows 10

MBR partition style

• MBR (Master Boot Record) • The old standby, with all of the old limitations -Primary partition • Bootable partitions • Maximum of four primary partitions per hard disk • One of the primary partitions can be marked as Active -Extended partition • Used for extending the maximum number of partitions • One extended partition per hard disk (optional) • Contains additional logical partitions • Logical partitions inside an extended partition are not bootable

dism (Deployment Image Servicing and Management tool)

• Manages Windows Imaging Format (WIM) files -You can make changes to your image with DISM • Get information about an image • Update applications • Manage drivers • Manage updates • Mount an image -All command-line based • Many different options • Easy to automate

Workgroups

• Non-centralized • Small departments • Each computer maintains its own user information • Managed in Control Panel / System

Programs and Features Applet

• Shows Installed applications • Can Uninstall applications, view size and version -Can also enable/dislable Windows features that were/were not installed by default

ping

• Test reachability of a device • Can determine round-trip time • Uses Internet Control Message Protocol (ICMP) -One of your primary troubleshooting tools • Can you reach the host? -Written by Mike Muuss in 1983 • Named similar to the sound made by sonar • Not an acronym for Packet INternet Groper

ping

• Test reachability of a device • Determine round-trip time • Uses Internet Control Message Protocol (ICMP) -One of your primary troubleshooting tools • Can you ping the host? -Written by Mike Muuss in 1983 • Named similar to the sound made by sonar • Not an acronym for Packet INternet Groper

Preventing static discharge (Managing Electrostatic Discharge)

-An Anti-static strap • This connects your wrist to a metal part of the computer -An Anti-static pad • A workspace for the computer -An Anti-static mat • A grounded mat for standing or sitting -An Anti-static bag • Allows you to safely move or ship components

Windows Firewall configuration

-Can block all incoming connections • Ignores your exception list • Useful when you security is needed -Modify notification - App blocking

Proxy settings

-Changes the traffic flow • An Internet go-between -Located in Control Panel > Internet Properties • Can define addresses and exceptions • Proxies won't work for everything

2. Quarantine infected systems (Removing Malware)

-Disconnect from the network • Keep it contained -Isolate/remove all removable media • Everything should be contained -Prevent the spread • Don't transfer files, don't try to backup • That ship has sailed

Unintended Bluetooth pairing (Troubleshooting Mobile Device Security)

-Do not connect with a device that isn't yours • This isn't a good idea -Remove the Bluetooth device • You will need to re-pair to access again -Disable Bluetooth radio to prevent any data is being sent • No Bluetooth communication at all -Run an anti-malware scan if possible • Make sure there are no malicious apps

Incident response: Documentation (Privacy, Licensing, and Policies)

-Documentation must be available • No questions -Gather as much information as possible • Written notes • Taking pictures • Screenshots -Documentation always changes • Constant updating • Have a process in place • Use the wiki model

Windows post-installation

-Does it work? • If it doesn't boot, there are bigger problems • Some testing is useful for unknown hardware configurations -Additional installations • Service packs • Security patches • Security applications • Driver updates • Application updates

Standard OS features

-File management • You can Add, Delete, Rename files -Application support • Memory management, swap file management -Input and Output support • Printers, keyboards, hard drives, USB drives -Operating system configuration and management tools

Network-based firewalls (Logical Security)

-Filters traffic by port number • HTTP is 80, SSH is 22 • Next-generation firewalls can identify the application -Can encrypt traffic into/out of the network • Protect your traffic between sites using a VPN tunnel -Can proxy traffic • A common security technique -Most firewalls can be configured as layer 3 devices (routers) • Usually sits on the ingress/egress of the network

Format command

-Formats a disk for use with Windows • format c: • BE CAREFUL - YOU CAN LOSE DATA

Google Android history

-Google Android • Open Handset Alliance • Open-source OS, based on Linux • Supported on many different manufacturer's devices -Android Apps • Apps are developed on Windows, Mac OS X, and Linux with the Android SDK • Apps available from Google Play • Apps also available from third-party sites (i.e., Amazon Appstore)

Chrome OS history

-Google's operating system • Based on the Linux kernel -Centers around Chrome web browser • Most apps are web-based -Many different manufacturers - Relatively less expensive -Relies on the cloud - connect to the Internet

Chrome OS history

-Google's operating system • Based on the Linux kernel -Centers around Chrome web browser • Most apps are web-based -Many different manufacturers - Relatively less expensive -Relies on the cloud - requires connectivity to the Internet

Managing Group Policy

-Group Policy • Manage computers in an Active Directory Domain • Group Policy is usually updated at login -gpupdate • Forces a Group Policy update • gpupdate /target:{computer|user} /force • gpupdate /target:professor /force -gpresult • Verify policy settings for a computer or user • gpresult /r -- generic command • gpresult /user sgc/professor /v -- a more specific comand for gpresult

PHI - Protected Health Information (Privacy, Licensing, and Policies)

-Health information associated with an individual • Personal records showing health status, health care records, payments for health care, and much more -Data between healthcare providers must maintain similar security requirements -HIPAA regulations • Health Insurance Portability and Accountability Act of 1996

Screen sharing (Mac OS Tools)

-Integrated into the operating system • Can also be viewed with VNC (Virtual Network Computing) -Available devices appear in the Finder • Or access by IP address or name

Disable startup services / apps (Troubleshooting Solutions)

-It's difficult to tell what application might be a problem child • Since much of the underlying OS operations are hidden from view -Trial and error method • Disable all startup apps and services • Or disable one at a time • This might take quite a few restarts -Manage startup processes in Windows 7, 8 or 10 • Located in Task Manager or in Control Panel > Administrative Tools > Services

Backup testing (Disaster Recovery)

-It's not enough to perform the backup • You have to be able to restore -Disaster recovery testing • Simulate a disaster situation • Restore from a backup -Confirm the restoration • Test the restored application and data by the end-users to make sure the everything is working as expected -Perform periodic audits • To make sure the backups are working properly and the data is stored as expected.

Other considerations

-Load alternate third party drivers when necessary • Disk controller drivers, etc. -Workgroup vs. Domain setup • Home vs. business -Time/date/region/language settings • Where are you? -Driver installation, software and windows updates • Load video drivers, install apps, update the OS -Factory recovery partition • This can help you later

Slow system performance (Troubleshooting Windows)

-Look in Task Manager • Check for high CPU utilization and I/O • Check Processes Tab for memory usage • Check Performance Tab for spikes -If you think issues may be related to applications and software • Run Windows Updates • To get the latest patches and drivers • To update software and applications -Check Disk space • Check for available hard drive space and defrag (if needed) -Laptops may be using power-saving mode • This throttles the CPU which can cause slowness -Perform Anti-virus and anti-malware • Scan for possible bad guys

nslookup

-Lookup information from DNS servers • Canonical names, IP addresses, cache timers, etc. -Lookup names and IP addresses • Many different options

Disk formatting

-Low-level formatting • Done at the factory • Not performed by the user -Standard formatting / Quick format • Sets up the file system, installs a boot sector • Clears the master file table but not the data • Can be recovered with the right software -Standard formatting / Regular format • Overwrites every sector with zeros • Available in Windows Vista and later • Can't recover the data

Spyware

-Malware that spies on you • Presents you with advertising • Waits for you to log into a bank account (identity theft) • Captures credit card numbers (affiliate fraud) -Can trick you into installing • Peer to peer software, fake security software -Browser monitoring • Captures surfing habits -Keyloggers • Captures every keystroke (such as username and password) and sends it back to the mothership/creator

Disk Management

-Manages disk or volumes in windows • Individual computers and file servers -Computer Management is located in Control Panel under Administrative Tools then Storage and Disk Management -WARNING- Data can be erased and unrecoverable

Disk Utility (Mac OS Tools)

-Manages disks and images • Used to resolve issues -File system utilities • Verify and repair file systems • Modify partition details • Erase disks -Can Manage RAID arrays • Restore a disk image to a volume -Create, convert, and restore images • Manage the image structure

Zero-day vulnerabilities

-March 2017 • CVE-2017-0199 - Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API • The vulnerability would take effect by a user opening a Microsoft Office or WordPad file • SophosLabs documented these attacks since November 2016 (patch was released March 2017) -May 2019 • CVE-2019-0863 - Windows Error Reporting Service • Elevation of privilege vulnerability • Windows Error Reporting interacting with files allowed a standard user with administrator rights and permissions • Access was elevated on compromised systems • Regular accounts were able to run with admin access • Vulnerability has been around for at least 10 yrs. (discovered in the wild) • Considered a Zero-Day Attack

Backups (Linux tools)

-May be built-in to the Linux distribution • Check with the documentation to see which options are available -Graphical interface • Can backup and restore • Can schedule a backup -Command-line options - rsync • A common utility used to sync files between devices -There are many different options • That's the beauty (and challenge) of Linux

Component Services

-Microsoft COM+ • Component Object Model -Distributed applications • Designed for the enterprise -Manage COM+ apps • Device COM+ Management • Event Viewer • Services -Located in Control Panel under Administrative Tools

mmc.exe

-Microsoft Management Console • Can build your own management framework • Choose from list of available "snap-ins" -Framework used for many built-in management tools - Located under C:\Windows\System32 • Can also open through the cmd line or Run cmd

Surge suppressor (Disaster Recovery)

-Not all power is "clean" from the main power • Self-inflicted power spikes and noise • Storms, power grid changes -Diverts spikes to the ground -Contains noise filters to remove line noise • Decibel (Db) levels at a specified frequency • Higher Db is better

Sound Applet

-Output options • Multiple sound devices may be available -Set input/output levels for speakers and microphone

Network locations in Windows 8/8.1/10

-Private • Sharing and connect to devices -Public • No sharing or connectivity -Network and Internet Status • can change connection properties

Windows 10 history

-Released on July 29, 2015 • Windows 9 was skipped -A single platform that works on desktops, laptops, tablets, phones, all-in-one devices -Upgrades were free for the first year • From Windows 7 and Windows 8.1 -Microsoft calls Windows 10 a "service" • Periodic updates to the OS • Instead of completely new versions

Screen locks (Mobile Devices)

-Restrict access to the device •By Fingerprint through the built-in fingerprint reader •With Face Unlock through Face recognition •A swipe by choosing a pattern •With a passcode by choosing a PIN or adding complexity -After many failed attempts: • iOS will erase everything after 10 failed attempts • Android will lock the device and require a Google login

Least privilege (Logical Security)

-Rights and permissions should be set to the bare minimum • You only get exactly what's needed to complete your objective -All user accounts must be limited • Applications should run with minimal privileges -Don't allow users to run with administrative privileges • Limit the scope of malicious behavior

Botnets

-Robot networks • Skynet is self-aware -Once your machine is infected, it becomes a bot • You may not even know -How does it get on your computer? • Trojan Horse (I just saw a funny video of you! Click here.) or you run a program or click an ad you THOUGHT was legit, but... • OS or application vulnerability -A day in the life of a bot • Sits around. Checks in with the mothership. Waits for instructions from a 3rd party

Virus alerts and hoaxes (Troubleshooting Security Issues)

-Rogue antivirus • May include recognizable logos and language -They may require money to "unlock" your PC • Or to "subscribe" to their service -Often requires a specific anti-malware removal utility or technique • Very difficult to remove once the virus is embedded into the system

Windows 7 Professional

-Same features as Home Premium -Can connect to a Windows Domain -Supports Remote Desktop Host and EFS -Missing enterprise technologies - no BitLocker is supported -Available as a x64 version and supports 192 GB of RAM

Windows 10 processor requirements

-Same requirements as Windows 8/8.1 -PAE (Physical Address Extension) • 32-bit processors can use more than 4 GB of physical memory -NX (NX Processor Bit) • Protects against malicious software -SSE2 (Streaming SIMD Extensions 2) • A standard processor instruction set • Used by third-party applications and drivers

Task Scheduler

-Schedules an application or batch file to run • Plan ahead -Includes predefined schedules - Click and go -Organized - Managed through folders -Located in Control Panel under Administrative Tools

Screen sharing (Linux tools)

-Screen access to remote devices • Manage from your desk -Many options available - Like most of Linux -May be included with your distribution • Such as UltraVNC or Remmina

JavaScript (Scripting)

-Scripting inside of your browser • Contains a ".js" file extension -Adds interactivity to HTML and CSS • Used on almost every web site -JavaScript is not Java • Different developers and origins • Very different use and implementation

Shell script (Scripting)

-Scripting the Unix/Linux shell • Automate and extend the command line -Starts with a shebang or a hash-bang #! • Often has a ".sh" file extension

Guards and access lists (Physical Security)

-Security guard • Physical protection • Validates identification of existing employees • Provides guest access -ID badge • Picture, name, other details • Must be worn at all times -Access list • Physical list of names • Enforced by security guard

Network and Sharing Center Applet

-Shows all network adapters • Wired, wireless, etc. -All network configs • Shows the HomeGroup option (n/a in Windows 10) • Can change Adapter settings • Can change network addressing

shutdown (Linux Command)

-Shuts the system down • Safely turn off the computer in software • Similar to the Windows shutdown command -sudo shutdown 2 • Shuts down and turns off the computer in two minutes -sudo shutdown -r 2 • Shuts down and reboots in two minutes • Important when you're not on site • "Ctrl-C" or "shutdown -c" to cancel shutdown process

Printer shares

-Similar to sharing a folder • But it's a printer instead • Can be shared through the "Sharing" tab under the printers properties -Can add a printer through Windows Explorer through "Devices and Printers"

SOHO firewalls (Securing SOHO Network)

-Small office / home office appliances • Generally has reduced throughput requirements -Usually includes multiple functions • Wireless access point, router, firewall, content filter -May not provide advanced capabilities • Dynamic routing • Remote support -Always install the latest software • Update and upgrade the firmware for the firewalls, routers, switches, etc.

Windows 7 Enterprise

-Sold only with volume licenses • Designed for very large organizations -Multilingual User Interface packages -Supports full disk encryption with bitlocker drive encryption -Supports DVD playback, Aero, ICS, Windows Domain, EFS, etc...

su / sudo (Linux Command)

-Some command require elevated rights • There are some things normal users can't do -su command • Become super user (similar to administrator account in windows) • Or change to a different user • By not entering a user after the "su" command, it assumes that you want to be in the shell as the root user • You continue to be that user until you exit -sudo command • Execute a single command as the super user • Or as a different user ID • Only that command executes as the super user • Once command is done executing, it returns to the normal user

4c. Remediate: Scan and remove (Removing Malware)

-Some malware may prevent you from booting up into the normal desktop -Boot into Safe mode • Load the bare minimum operating system • Just enough to get the OS running • Can also prevent the bad stuff from running -Another option is Pre-installation environment (WinPE) • Recovery Console, bootable CD/DVDs/USBs • Build your own from the Windows Assessment and Deployment Kit (ADK) -Removing the malware infection may require the repair of boot records and sectors within WinPE

Bluescreens and spontaneous shutdowns (Troubleshooting Windows)

-Startup and shutdown BSOD • Possible bad hardware, bad drivers, or bad application -If problem is related to a recent change •You can use Last Known Good, System Restore, or Rollback Driver • Try Safe mode -Re-seat or remove any hardware changes or if the pc was recently moved • May be a possible loose connections -If issue may be related to hardware • Run hardware diagnostics • Provided by the manufacturer • BIOS may have hardware diagnostics

What is electrostatic discharge? (Managing Electrostatic Discharge)

-Static electricity • Its electricity that doesn't move -Static electricity isn't harmful to computers • It's the discharge that gets them -ESD can be very damaging to computer components • Silicon is very sensitive to high voltages -If you've ever felt static discharge when touching a doorknob is around ~3,500 volts • Damage to an electronic component is only 100 volts or less

System Applet

-System properties • Provides Computer information • Including version and edition -Remote settings can be turned on or off for Remote Assistance and Remote Desktop -System protection • Can enable/disable System Restore • Select drives to allocate additional space for system restore -Performance settings located under Advance System Settings can be set for: • Configuring Virtual Memory • Configuring Visual Effects • Configuring Data Execution Prevention (DEP)

Don't minimize problems (Professionalism)

-Technical issues can be traumatic • Often when money and/or jobs on the line -Even the smallest problems can seem huge • Especially when things aren't working -Be part technician, part counselor • Computers don't have problems • People have problems

TACACS

-Terminal Access Controller Access-Control System • Remote authentication protocol • Created to control access to dial-up lines to ARPANET -TACACS+ • The latest version of TACACS • More authentication requests and response codes • Released as an open standard in 1993

Device Manager Applet

-The OS doesn't know how to talk directly to most hardware • You need drivers -Manage devices • Add, remove, disable -This is the first place to go when hardware isn't working • Instant feedback

Windows 10 Pro

-The business version of Windows • Contains additional management features -Remote Desktop host • Remote control each computer -Supports: • Hyper-V • Bitlocker (Full Disk Encryption (FDE)) • Can join a Windows domain (Can be managed by group policy) -Does not support: • AppLocker • BranchCache -Max x86 RAM 4 GB -Max x64 RAM 2048 GB (2 TB)

Finder (Mac OS Features)

-The central OS file manager • Compare with Windows Explorer -File management • Launch, delete, rename, etc. -Integrated access to other devices • File servers • Remote storage • Screen sharing

Windows 7 Home Premium

-The consumer edition • DVD playback, • Windows Aero • Internet Connection Sharing • IIS Web Server -No enterprise technologies • No domain connection, BitLocker, EFS, etc. -Available as a x64 version and supports 16 GB of RAM and 2 processors

Disk partitioning

-The first step when preparing disks • May already be partitioned • Existing partitions may not always be compatible with your new operating system -An MBR-style hard disk can have up to four partitions -GUID partition tables support up to 128 partitions • Requires UEFI BIOS or BIOS-compatibility mode • BIOS-compatibility mode disables UEFI SecureBoot • You'll probably have one partition -BE CAREFUL! • Serious potential for data loss • This is not an everyday occurrence

Brute Force attack

-The password is the key • Secret phrase • Stored hash -Brute force attacks - Online method • Keep trying the login process • Very slow process • Most accounts will lockout after a number of failed attempts • Not very successful -Brute force the hash - Offline method • Obtain the list of users and hashes • Calculate a password hash, compare it to a stored hash • Requires large computational resource requirement

Windows 8/8.1 Pro

-The professional version • Similar to Windows 7 Professional / Ultimate -Full support for BitLocker and EFS • Full-disk and file-level encryption -Can join a Windows Domain • Support for IT management • Group Policy support • Centralized management of Windows devices -Does not support AppLocker or Branchcache -Available in 32-bit (Max 4 GB RAM) and 64-bit (Max 512 GB RAM)

Windows 8/8.1 Pro

-The professional version • Similar to Windows 7 Professional / Ultimate -Full support for BitLocker and EFS • Full-disk and file-level encryption -Can join a Windows Domain • Support for IT management • Group Policy support • Centralized management of Windows devices -Does not support AppLocker or Branchcache -x86 version supports 4gb RAM -x64 version supports 512gb RAM

Security considerations

-There's a reason we are careful when installing applications • Applications have the same rights and permissions as the user • An unknown application can cause significant issues -Impact to device with unknown application • Application upgrade stops working • Slowdowns • Deleted files -Impact to network with unknown application • Access to internal services • Rights and permissions to file shares

Impersonation

-They pretend to be someone they are not • Halloween for the fraudsters -They use details that can be obtained from the dumpster • They can say "You can trust me, I'm with your help desk" -They attack the victim as someone with a higher rank than them • Such as "Office of the Vice President for Scamming" -They throw tons of technical details around • Such as "Catastrophic feedback due to the depolarization of the differential magnetometer" -They try to act like your buddy • How about those Cubs?

Unauthorized camera / microphone use (Troubleshooting Mobile Device Security)

-Third-party apps can capture intimate information • Ethical and legal issues -If any suspicion an app is capturing this info, run an anti-malware scan • Try to identify the source of the breach -Confirm that loaded apps are legitimate • Check with a third-party scanner -Factory reset will allow you to remove malicious software • Completely reset and start from the beginning

Dumpster diving

-This is mobile garbage bin • United States term is "Dumpster" • Similar to a rubbish skip -Important information can be thrown out with the trash -Details that are gathered can be used for different attacks • Can be used to Impersonate names or use phone numbers -Timing is important • Just after end of month or end of quarter • Based on a pickup schedule

Account lockout and disablement (Documentation Best Practices)

-Too many bad passwords will cause a lockout • This should be normal for most users • This can cause big issues for service accounts (you do not want this) -Disable accounts for users who leave the organization • Part of the normal change process • You don't want to delete accounts • At least not initially

UPS (Environmental Impacts)

-Uninterruptible Power Supply • Provides backup power • Protects against blackouts, brownouts, surges -UPS types • Standby UPS (switches to battery when power is out) • Line-interactive UPS (provides battery power when power dips below required levels) • On-line UPS (Always on, no switching between power and batteries) -Also contain additional features • Auto shutdown, battery capacity, outlets, phone line suppression

Email filtering (Logical Security)

-Unsolicited email • Stop it at the gateway before it reaches the user • Can be On-site or cloud-based -Scan and block malicious software • can identify executables or known vulnerabilities • Phishing attempts • Other unwanted content

Upgrading to Windows 10

-Upgrade from the Windows 10 installation media • Downloadable versions are available from Microsoft • Includes a media creation tool -You cannot upgrade x86 to x64 OR x64 to x86 • Applies to all Windows versions • You'll have to migrate instead

Why upgrade?

-Upgrade vs. Install • Upgrade - Keep files in place • Install - Start over completely fresh -Upgrading allows you to maintain consistency • Upgrades save hours of time • Can keep customized configurations and multiple local user accounts on the PC • Avoids application reinstallations • Keeps user data intact • Get up and running quickly • Seamless and fast • Run from the DVD-ROM or USB flash

Closing Programs (Linux)

-Use terminal • sudo for proper permissions -killall • e.g. "sudo killall firefox" ends all firefox instances -xkill • Graphical kill -"kill <pid>" ends that specific instance by process id if you are working at the command line

Trojan horse

-Used by the Greeks to capture Troy from the Trojans • A digital wooden horse -Software that pretends to be something else • So it can conquer your computer • Doesn't really care much about replicating -Circumvents your existing security • The end-user is the one who installs the software • Anti-virus may catch it when it runs • The better trojans are built to avoid and disable the anti-virus -Once it's inside it has free reign • And it may open the gates for other programs

grep (Linux Command)

-Used to find text in a file • Search through one or many files at a time -grep PATTERN [FILE] • "> grep failed auth.log" command would match all the lines for the word "failed" within the file "auth.log" • command is case sensitive

Power level controls (Securing SOHO Network)

-Usually a wireless configuration • Set it as low as you can -How low is low? • This might require some additional study -Consider the receiver • High-gain antennas can hear a lot • Location, location, location

Microsoft Visual Basic Scripting Edition (Scripting)

-VBScript • Contains ".vbs" file extension -General purpose scripting in Windows • Can manage back-end web server scripting • Can run scripts on the Windows desktop • Most common types of scripting are found inside of Microsoft Office applications

Third-party tools (Remote Access Technologies)

-VNC (Virtual Network Computing) • Uses the Remote Frame Buffer (RFB) protocol • Clients for many operating systems • Many are open source -Commercial solutions available • Such as TeamViewer, LogMeIn, etc. -Allows for screen sharing • Controls the desktop • Can file share • Or transfer files between devices

Scheduled disk maintenance (Linux)

-Very little disk maintenance required • As long as there is space and resources -can perform file system check • File systems can't be mounted • Done automatically every X number of reboots • If system does not reboot often, force after reboot by adding a file to the root : sudo touch /forcefsck -Clean up log space commonly kept in /var/log

Windows 10 Education and Enterprise

-Very similar features in both • Minor features differences • Both are managed by using Windows Volume licensing -Granular User Experience (UX) control • an administrator can define the user environment • Useful for kiosk and workstation customization -Supports: • Hyper-V • Bitlocker • Can join a domain • AppLocker (an administrator can control what applications can run) • BranchCache (remote site file caching) -Max x86 RAM 4 GB -Max x64 RAM 2048 GB (2 TB)

Windows Media Center

-Video, music, and television portal • Perfect for watching at home • Can record shows from a TV tuner • Can Play music and watch DVDs -The center of your home entertainment center • Cable companies and other technologies were strong competition -Discontinued by Microsoft • Not officially available in Windows 10

Media Center

-Video, music, and television portal • Perfect for watching at home • Record shows from a TV tuner • Play music • Watch DVDs -The center of your home entertainment center • Cable companies and other technologies were strong competition -Discontinued by Microsoft • Not officially available in Windows 10

Plan for change (Change Management)

-What does it take to make the change? • Provide detailed information • Describes the technical process to other technical people -Others can help identify unforeseen risk • Gives a complete picture -Scheduling the change • Time of day, day of week • Also includes completion timeframes

Acceptable use policies (AUP) (Documentation Best Practices)

-What is acceptable use of company assets? • Detailed documentation such as employee handbook • May also be documented in the employee "Rules of Behavior" -This covers many topics such as: • Company Internet usage • How telephones, computers, mobile devices, etc. are used. -Used by an organization to limit legal liability • If someone is dismissed, these are the well-documented reasons why

Performance Tab

-What's happening? • Can view CPU, memory, etc. -Statistical views • Historical, real-time -Newer versions include CPU, memory, disk, Bluetooth, and network in the Performance tab

Ransomware

-Where the bad guys want your money • They'll take (lock) your computer in the meantime -May be a fake ransom such as: • your computer is locked "by the police" -The ransom may be avoided by a security professional who may be able to remove these kinds of malware

Starting the console

-Windows 7 - System Recovery Options / Command Prompt • need to boot from the installation media • Or select from F8 Advanced Boot Menu -Windows 8/8.1/10 • Troubleshoot / Advanced Options / Command Prompt • need to boot from the installation media

Windows 8 and 8.1 history

-Windows 8 • Available October 26, 2012 • New user interface - no traditional "Start" button -Windows 8.1 • Released October 17, 2013 • A free update to Windows 8 - not an upgrade -Mainstream support ended January 9, 2018 • Extended support ends January 10, 2023

Explorer

-Windows Explorer / File Explorer (Windows 10) • File management -View, copy, launch files from File Explorer • Granular control -Easy access to network resources • Browse and view

Organizing network devices

-Windows HomeGroup • Can share files, photos, video, etc. between all devices • Works on a single private network only -Windows Workgroups • Logical groups of network devices • Each device is a standalone system, everyone is a peer • Single subnet -Windows Domain • Business network • Centralized authentication and device access • Supports thousands of devices across many networks

msinfo32.exe

-Windows System Information • A wealth of knowledge -Shows information on Hardware Resources • Memory, DMA, IRQs, conflicts -Shows information on Components • Multimedia, display, input, network -Shows information on the Software Environment • Drivers, print jobs, running tasks - Located under C:\Windows\System32 • Can also open through the cmd line or Run cmd

Reimage or reload OS (Troubleshooting Solutions)

-Windows is big • And complex -You can spend time trying to find the needle • Or simply build a new haystack -Many organizations have pre-built images • Where you don't have to waste time researching issues • Much faster to re-image than trying to find the root cause of an issue • Windows 8/8.1 and 10 includes a reset option if no pre-built images are available (home computers) • Located at Settings > Update & Security > Recovery

net command

-Windows network commands -Views network resources • net view \\<servername> • net view /workgroup:<workgroupname> -Map a network share to a drive letter • net use h: \\<servername>\<sharename> -View user account information and reset passwords • net user <username> • net user <username> * /domain

Active Directory

-Windows networks can be centrally managed • Active Directory Domain Services (AD DS) -Can create and delete accounts • Add users to the domain • Remove user accounts -Can reset passwords and unlock accounts -Can disable accounts • Off-boarding or security processes

MSDS info (Environmental Impacts)

-You'll get the product name and company information -Will help you understand the composition / ingredients inside of the product -Provides a breakdown of the hazard information if it comes in contact with a human -First aid measures -Fire-fighting measures -Provides information if accidental release / leaking occurs with the product -Provides information on handling and Storage -And much more

Enabling and disabling Windows Firewall

-Your firewall should always be enabled • Sometimes you need to troubleshoot -Can be temporarily disabled from the main screen • Turn Windows Firewall on or off • Requires elevated permissions -Different settings for each network type • Can customize Public / Private profile

Keyloggers

-Your keystrokes contain valuable information • Web site login URLs, passwords, email messages -Saves all of your input • Sends it to the bad guys -Circumvents encryption protections • Your keystrokes are in the clear -Other data logging • Clipboard logging, screen logging, instant messaging, search engine queries

Which netstat parameter allows to display all connections and listening ports?

-a

The Windows command line

-cmd • The "other" Windows • Can start utilities from the cmd line • Many options available under the hood • Faster to do tasks on the cmd line compared to GUI

Other file systems

-ext3 • Third extended file system • Commonly used by the Linux OS -ext4 • Fourth extended file system • An update to ext3 • Commonly seen in Linux and Android OS -NFS • Network File System • Access files across the network as if they were local • NFS clients is available across many operating systems -HFS+ / HFS Plus • Hierarchical File System • Also called Mac OS Extended • Replaced by Apple File System (AFPS) in Mac OS High Sierra (10.13) -Swap partition • Memory management • Frees memory by moving unused pages onto disk • Copies back to RAM when needed • Usually a fast drive or SSD

iwconfig / ifconfig (Linux Command)

-iwconfig • Views or changes wireless network configuration • Shows essid, frequency/channel, mode, rate, etc. • Requires some knowledge of the wireless network • "iwconfig eth0 essid studio-wireless" is an example on how to change the SSID of the WiFi adapter -ifconfig • Shows or configures a network interface and IP configuration, Subnet masking, etc. • "ifconfig eth0" is the command to show network information -Slowly being replaced by ip (ip address)

cd (Linux Command)

-used to change current directory • Nearly identical to Windows command line • Uses forward slashes instead of backward -cd <directory> • To change directories to the "/var/log" directory, you enter "> cd /var/log" at the cmd prompt

7-zip compressed file

.7z

DISM reads the contents a drive and writes the output to what type of file format?

.WIM (Windows Image File)

android package file

.apk

ARJ compressed file

.arj

batch file

.bat

Binary disc image

.bin

binary file

.bin

Executable file

.exe

windows font file

.fnt

generic font file

.fon

Windows Gadget

.gadget

python file

.py

RAR file

.rar

Linux/Unix tarball file archive

.tar

Tarball compressed file

.tar.gz

TIFF image two of them

.tif, .tiff

TrueType font file

.ttf

Virtual CD

.vcd

JavaScript comment

//

What ipconfig command parameter is used for displaying the full TCP/IP configuration information for all adapters?

/all

Which of the answers listed below refers to an ipconfig command parameter used for displaying the full TCP/IP configuration information for all adapters?

/all

HOSTS file location in Linux

/etc/hosts

Which shutdown command switch in Microsoft Windows Command Prompt forces full system shutdown and restart of a Windows host?

/r

Which sfc switch enables a type of file check that scans integrity of all protected system files and repairs corrupted files when possible?

/scannow

In general terms the least amount of memory needed for a installation of Linux

16mb

What is the maximum amount of RAM supported by 64-bit Microsoft Windows 7 Ultimate Edition?

192 GB

What is the maximum limitation of RAM for Windows 10 Education 64-bit?

2TB

What is the maximum limitation of RAM for Windows 10 Pro 64-bit?

2TB

How many partitions can be supported on a BIOS-based Windows 7?

3 primary partitions and 1 extended

September feature updates for Enterprise and Education editions are given how many months until they are retired?

30

Since May 2019 the minimum hard disk space required by Windows 10 increased to how many GBs?

32 GB

A basic disk can have up to how many partitions?

4

security group

A collection of user accounts that can be assigned permissionsin the same way as a single user object

environment variable

A storage location in the environment of the operating systems command shell.

net localgroup Administrators dmartin /add

Add dmartin to the Administrators local group

net user dmartin Pa$$w0rd /add /fullname: "David Martin" /Logonpasswordchg:yes

Adds a new user account and forces user to change password at first logon (have to enter these commands in administrative command prompt)

Under what tab can you find the Computer Management tool set for your computer?

Administrative Tools

Newer OSs should be installed ____ older OSs

After

The owner of a Android phone is unable to unlock it. Aside from a hard reset, which would erase any of the owners data, what application can you advise the owner to access through Google.com to assist them in unlocking the device?

Android Device Manager

Administrators

Can perform all management tasks and generally has very high access to all files and objects

Upgrade Windows 7 Enterprise to Windows 10

Can upgrade to: • Windows 10 Enterprise Cannot upgrade to (requires clean installation): • Windows 10 Home • Windows 10 Pro

Upgrade Windows 7 Starter to Windows 10

Can upgrade to: • Windows 10 Home • Windows 10 Pro Cannot upgrade to (requires clean installation): • Windows 10 Enterprise

Upgrade Windows 7 Professional to Windows 10

Can upgrade to: • Windows 10 Pro • Windows 10 Enterprise Cannot upgrade to (requires clean installation): • Windows 10 Home

Upgrade Windows 8.1 Professional to Windows 10

Can upgrade to: • Windows 10 Pro • Windows 10 Enterprise Cannot upgrade to (requires clean installation): • Windows 10 Home

In Windows Disk Management utility, a disk status set to Failed indicates that the basic or dynamic volume:

Cannot be started automatically / Is damaged / Contains corrupted file system.

A storage device destruction company may issue a ____________ verifying that a device was destroyed.

Certificate of destructions

What is the process name for the means of putting policies in place to reduce the risk of disruption of or to work environments when identifying, planning and performing updates to a companies Information communication technology infrastructures?

Change Management (also may be known as Configuration Management)

What MS Windows utility is designed both for system administrators and for application developers?

Component Services (dcomcnfg.exe)

Which of the following is an MS Windows utility designed both for system administrators and for application developers?

Component Services (dcomcnfg.exe)

This directory within WIndows Settings contains a detailed list of all running devices and information such as IRQ

Components

Performance Monitor

Configures detailed reports on different system statistics and log performance over time(can be accessed through administrative tools, Computer Management or perfmon.exe command line)

The Internet Properties applet tab containing an option for configuring VPN settings is called:

Connections

Which of the Windows Internet Properties system utility tabs provides access to proxy settings?

Connections

Which of the following answers describes the correct sequence of steps for accessing the magic packet settings of an Ethernet adapter in MS Windows?

Control Panel (Icon view) -> Network and Sharing Center applet -> Change adapter settings -> right-click on the device -> select Properties from the pop-up menu -> click the Configure... button -> On the Advanced tab, select the Magic Packet settings.

remote settings location

Control Panel ->System -> Advanced system settings ->System Properties->Remote Settings

Laser printer process step 4. Toner is then transferred to those areas that have been naturalized in the previous step

Developing

A system is experiencing critical system errors resulting in Stop Errors. If it is not the failure of the hardware what other common cause could this stem from?

Device Drivers

After Windows has fully installed it may be a good idea to check this application to confirm that all hardware has been recognized.

Device Manager

Drivers can be viewed, updated, and rolled back from the _____________ program.

Device Manager

If a device in Windows fails after driver update, the driver can be restored to the previously installed version in:

Device Manager

This Windows function allows you to view and edit of installed hardware. You can update drivers and change settings or resolve any known issues with devices.

Device Manager

Where can you find printer devices in Microsoft Windows Control Panel in Windows 7 and newer Windows editions?

Devices and Printer's Applet

Which of the locations listed below enable access to computer display configuration settings in Windows 7/8/8.1?

Display settings pop-up menu launched after right-clicking on the Windows Desktop screen area / Appearance and Personalization menu of the Windows Control Panel (Category view) / The Display applet icon in Windows Control Panel (Icons view)

Netstat is a command-line utility used for:

Displaying active TCP/IP connections / Displaying network protocol statistics.

ipconfig /displaydns

Displays DNS resolver cache

Reliability Monitor

Displays a log of "system reliability" events

netstat -a

Displays all connections and listening ports.

netstat -n

Displays ports and addresses in numerical format. Skipping name resolution speeds up each query

gpresult

Displays the RSoP for a computer and user account /s - specifies a host name by name or IP address /u - specifies a host name by user account /p - specifies a host name by password

apple menu items

Displays, Storage, Service

What is the term describing when multiple malware infected computers are being forced to flood a targeted victim in the attempt to overload its systems and prevent any legitimate requests from reaching it.

Distributed Denial of Service (DDoS)

DDoS Attack

Distributed denial of service attacks that overwhelm a web server and shut it down

A user must supply a single set of credentials when logging into a Windows network _____

Domain

A Windows server that has Active Directory installed and is responsible for allowing client computers access to domain resources.

Domain Controller

Malware Removal steps: Step 6

Enable System restore and create a restore point

File or folder level encryption included in many Windows Operating Systems.

Encrypting File System (EFS)

EFS

Encrypting File System. A feature within NTFS on Windows systems that supports encrypting individual files or folders for confidentiality.

Information about how software can and cannot be used is documented in what type of agreement?

End user License agreement

Change management six steps Step 5 Provide feedback on all changes to the change coordinator, whether they were successful or not. The change coordinator is responsible for examining trends in the application of changes, to see if: Change implementation planning was sufficient. Changes to certain resources are more prone to problems. When a change has been successfully made, it is crucial that the corresponding system information store be updated to reflect them.

Evaluate and report on changes implemented

You suspect a computer is having system errors and want confirm this. Using what tool allows you to see entries of events in your system?

Event viewer

Intel designed this to protect their computer products against certain buffer overflow attacks:

Execute Disable Bit

HFS Plus

Extended Hierarchical File System - the file system older macOS uses

This allows for more then four drives on a single physical disk.

Extended Partition

Virtual memory, Swap partition and what other option can be used as an Random Access Memory extension?

Extended partition

Swap partitioning, Virtual memory, and Page Filing can be used as an

Extension of RAM

After you've cleaned a USB device containing Windows 7 what type of format should the active partition be if you do not wish to use NTFS?

FAT32

Which of the following locations in Windows 8/8.1/10 allows to create a shortcut to a shared folder or computer on a network?

File Explorer -> This PC -> Computer tab -> Map Network drive.

Which of the following provides access to file/folder management settings in Windows 10?

File Explorer Options applet in Windows Control Panel

Fragmentation

Files written in non contiguous clusters reducing read performance

This is the name for something that represents the security boundary within which users, computers, groups, and other objects that share a common global catalog, directory schema, logical structure, and directory configuration are accessible.

Forest

You can set the IE homepage under the ______ tab of Internet Properties.

General

This is used in places where the risk of a hazardous shock could occur like the bathroom. It quickly disconnects an AC outlet from power when conditions are warranted.

Ground Fault Interrupter (GFI)

What type of user has the least amount of OS privileges?

Guest

This a type of mechanical air filter that works by forcing air through a fine mesh that traps harmful particles. It can be used to help keep dust down in server rooms.

HEPA filter

A customer is going on vacation and does not want to exceed his data limit. What can you advice the customer to enable so he receives a notification warning him he is near the limit?

Hard Data Limit

If a customer's touch screen on their mobile phone is totally unresponsive and a soft reset does not fix this issue what action can you advise the customer to perform next?

Hard Reset

What is the only edition of Windows 10 that does not support Symmetric multiprocessing?

Home

When a Windows desktop creates a hibernation file and then goes into a standby state what is that state or mode called?

Hybrid Sleep

This is a power-saving state that puts any open documents and programs in memory and on your hard disk and then puts your computer into a low-power state so that you can quickly resume your work later.

Hybrid sleep (Mode)

A security technician was asked to configure a firewall so that the protected system would not send echo reply packets. What type of traffic should be blocked on the firewall to accomplish this task?

ICMP

What is an installation type method, that some refer to as cloning, which enables you to efficiently and rapidly set up multiple computers that need to be configured the same way and with the same software?

Image Deployment

Step 6 in creating a custom image for deployment of Windows 7 is to: Use a program such as _____ to capture an image

ImageX

Common Social engineering exploits include:

Impersonation, phishing, spear phishing, pharming, dumpster diving, tailgating, and shoulder surfing

When copying a file from one partition to another on a different partition explicit NTFS permissions are ____

Inherited

IDE

Integrated Development Environment - programming environment that includes features to help you write and edit code as well as debugging tools

Under a cloud based data center's change management protocols what department's primary responsibility is to identify specific changes to be made?

Internal IT personnel

Core files of a Operating system are also called the ____

Kernel

A password management system in macOS is known as:

Keychain

This is a type of malware that is used to log anything you might type into a keyboard.

Keylogger

This is used to ensure clean power is supplied to computers, peripherals and related office devices in large work environments.

Line conditioner

Based on UNIX. Open source. Can be used as a Desktop or Server OS.

Linux

These are examples of what OS? SUSE Red Hat CentOS Fedora Debian Ubuntu Mint

Linux

This type of OS dominates the web server market as well as the OS for "smart" applicances and Internet of Things (IoT) devices

Linux

This is a Microsoft Management Console (MMC) snap-in included in Windows 10 and is used to create and manage users and groups that are stored locally on a computer.

Local Users and Groups

In order to join a Windows Domain you must follow these steps: 2. you must sign into the computer using a ____ ____ ___

Local administrator account

The /r switch of the chkdsk command-line utility in Windows:

Locates bad sectors and recovers readable information / Fixes errors on the disk.

An extended partition is divided into ______ partitions.

Logical

Extended partitions can be divided into?

Logical Drives

This type of diagram illustrates how data flows within a network. It will usually include information about how nodes in a network communicate.

Logical Topology

This partition divides itself into three volumes or block devices . One for the OS system files (Root), one for a swap partition, and one for user data (home)

Logical Volume Manager (LVM)

For workers with regular schedules, a _________ can be used to prevent their account from being used during off-hours.

Login time restriction

You want to only allow specific devices on your access point internet access. What should you enable?

MAC Filtering

In Windows 7, where can you prevent programs from starting on boot?

MSCONFIG, Startup tab

domain

Microsoft client/server network model that groups computers together for security and to centralize administration

workgroup

Microsoft peer to peer network model in which computers are grouped together with access to shared resources

DISM

Microsoft's Deployment Image Servicing and Management - a tool that reads the contents of a drive and writes the output to a .WIM format file.

Sysprep

Microsoft's System Perperation Tool - a utility to be run before imaging a disk to solve possible configuration problems

MDM

Mobile Device Management - a class of enterprise software designed to apply security policies to the use of smartphones and tablets in a business network

This is a common SOHO network hardware that connects to the service provider's cabling and transfers frames over the link.

Modem

This is a name for a OS that is designed to run on servers on a business network.

NOS

NAC

Network Access Control - allows administrators to devise policies or profiles defining the minimum security configuration required of devices for network access

NOS

Network Operating System - an OS designed to run on servers in business networks

If you receive a error message stating that Windows update cannot check for updates because the service is not running, what can you restart to correct the issue?

Network Services

A simple diagram containing limited information about how the elements of a computer network are arranged is known as a:

Network Topology

NTFS stands for

New Technology File System

This is an agreement that allows you to alter and redistribute source code. Often utilized to make different Linux OS.

Open Source

Which of the following allows to view hidden files, folders, and drives in Windows 7?

Open the Folder Options applet in Windows Control Panel, then select Show hidden files, folders, and drives in the Advanced settings on the View tab.

This handles interaction with system hardware and input/ouput

Operating System (OS)

A CD-ROM/DVD/Blu-ray is media type technology recognized by the OS as a:

Optical Drive

dir/o:s

Order by size

What is a hierarchical container that allows administrators to divide up or place users, groups, and computers within a domain, that can then be used with Group policy objects (GPOs) to allow or deny permissions to anything contained within the subdivision?

Organizational Unit (OU)

In the firmware setup program an SSD may be on a SATA, M.2 and what other type of port?

PCIe

The difference between PHISHING and PHARMING is

PHARMING relies on DNS spoofing so the victims computer actually routes the user to the corrupt site, whereas PHISHING relies on the victim clicking on the link and entering in their credentials (usually the site has things that aren't quite right about it)

A method of installing an OS from the network is called ___.

PXE

A technology that allows networked computers that are not yet loaded with an operating system to be configured and booted remotely by an administrator.

PXE

What is the a common form of unattended remote networking installation methods referred to as?

PXE (Preboot Execution Environment)

When the operating system doesn't have sufficient physical ram to accomplish a task it creates an area of memory on a hard disk. The memory contained here is sorted and stored until enough RAM is freed up for it to be used again. This is known as what?

Page Filing

Bluetooth devices are linked together in a process called...

Pairing

The operating system and bundled application files from the installation media are found on what target of a computer's fixed disk?

Partition

What tool allows you to capture, display and collect system performance data through the use of counters?

Performance Monitor

What tools in MS Windows can be used to examine (both in real time and by collecting log data for later analysis) how programs that are run affect a computer's performance?

Performance Monitor

Which of the following tools in MS Windows is used to examine (both in real time and by collecting log data for later analysis) how programs that are run affect a computer's performance?

Performance Monitor (perfmon.exe)

Which of the following answers describe the features of Windows Remote Desktop tool?

Permanent remote access / Access based on local password (local user account password) / Windows tool used for connecting remotely to the user's own computer

Paula's calls tech support reporting that her smartphone is constantly making camera noises but no photos are taken. What application setting is the first step to check when trouble shooting this issue?

Permissions

Full name, date of birth, place of birth, mother's maiden name, are examples of?

Personal Identifiable Information (PII)

PII

Personally Identifiable Information - data that is used to identify, contact, locate, or impersonate an individual

The act of sending an email designed to entice recipients to visit a malicious website is called ________.

Phishing

This a diagram that illustrates the placement of the various components of a network such as cables and device locations.

Physical Topology

PNAC

Port-based network access control - means that the switch or router performs authentification of the attached device before activating the port

.ps1

PowerShell

This a form of WiFi authentication that is generally used for personal, home or a small office use. Users must input a passphrase on any device to receive access.

Pre Shared Key(PSK)

PSK

Pre-Shared Key - 256 bit cryptographic hash generated from a passphrase. This authentication method is suitable for SOHO networks

A feature of a network adapter that allows a computer to boot through an appropriately configured networked attached server is known as?

Preboot Execution Environment (PXE)

This is the means by which Windows operating systems install an OS via a network with a suitably configured server onto a computer with a usable partition on its hard drive.

Preboot eXecution Environment (PXE)

Step 2 in creating a custom image file for image deployment of Windows 7 is to: Create a Windows ____ environment startup disk

Preinstallation

What is the name of a Windows Internet Properties applet tab providing access to advanced cookie management options?

Privacy

An organization owns its own cloud infrastructure, and only uses it internally. This is a ______ cloud infrastructure.

Private

In Windows 8 and newer releases of the Microsoft OS, the real-time information about resources used by user applications and system processes in Task Manager can be found grouped in one place under what tab?

Processes

Laser printer process Step one. Data is sent to the printer

Processing

Windows 8/8.1 Minimum Hardware Requirements (x64)

Processor/CPU - 1 GHz processor with support for PAE, NX, and SSE2 Memory - 2 GB RAM Free disk space - 20 GB Video - Microsoft DirectX 9 graphics device with WDDM* driver *Windows Display Driver Model -Win8/8.1 64-bit

64 bit application files location

Program Files

32 bit application files location

Program Files(x86)

Windows Registry

Provides remotely accessible database for storing, operating system, device, and software application configuration information

A Windows network profile that hides a computer from other devices on the network and makes it unavailable for file and printer sharing is known as:

Public

What Windows option allows a computer to return to its factor image but preserves user data, accounts, Windows Store apps, and applications that came pre-installed on the system?

Push Button Refresh

The touch screen on a customer's phone is not responding accurately. You've tried restarting the phone but the problem still persists. What can you try next?

Recalibrate the screen

Step 3 in creating a custom image for deployment of Windows 7 is to: install and customize a installation of windows 7 on a computer known as the _____ computer

Reference

ping -a IPaddress

Resolves address to hostnames

RSoP

Resultant Set of Policies

Your computer is experiencing BSOD because of a unknown device driver issue. What action can you take to quickly restore the computer to a working state?

Run System Restore

In order to remove a virus and restore a Windows computer to working order what must you do after you've already tried running several up to date virus scans over multiple and different anti virus programs while Disabling System Restore and in Safe mode?

Run a clean install of Windows

What kind of cloud service is Office 365?

SaaS (software as a service)

In order to join a Windows Domain you must follow these steps: 3 From the Start Menu, select _____

Settings

Network reset in Windows 10

Settings->Network&Internet->Status

Tethering allows your phone to...

Share its internet connection with other devices

Which of the following provide access to virtual memory (a.k.a. paging file) configuration options in Windows?

System applet in Control Panel -> Advanced system settings -> Performance -> Settings -> Advanced -> Virtual memory / Windows Run dialog box -> type in sysdm.cpl + press Enter -> Advanced tab -> Performance -> Settings -> Advanced -> Virtual memory

You need the PID for a specific app in Windows. What CLI command can provide this?

TASKLIST

boot partition

The hard drive partition where the Windows OS is stored. The system partition and the boot partition may be different partitions.

No reply (request timed out)

The host cannot route a reply back to your computer

Apple's built-in backup solution for macOS is called...

Time Machine

Which of the following best describes the function of Organizational Units?

To organize like managed object in the directory

This is a type of malware that disguises or hides itself in or as something else like software, or a game you want to install. Once installed then can have fairly free access to do anything it wants. It is normally used as a backdoor to allow other forms of malware infection to occur.

Trojan horse

In Windows 8 and newer releases of the Microsoft OS, the real-time information about resources used by user applications and system processes in Task Manager can be found grouped in one place under the Processes tab. T or F

True

Prior to Windows 8, the MSConfig Startup tab contained a list of user applications that could be enabled/disabled during system boot. The contents of this tab are not available in the MSConfig utility shipped with Windows 8/8.1/10. T or F

True

Which of the following can be used as an extension of RAM?

Virtual memory / Paging file / Swap partition

What is the best wireless encryption standard currently available?

WPA2

Which wireless security solution should you choose?

WPA2 (AES)

A printer has an option for allowing simplified connections to a network through the push of a button on the router. What first needs to be enabled on the router to allow for this type of access?

WiFi Protected Setup

This OS is designed to maintain a consistent user experience across different types of devices, including desktops, laptops, smartphones, and tablets.

Windows 10

Name this edition of Windows 10: ____ Long Term Servicing Channel. designed for large volume licensing by medium and large business.

Windows 10 Enterprise

Name this edition of Windows 10: designed for domestic consumers and SOHO business uses. This edition cannot be used to join a Windows Domain Network

Windows 10 Home

What is the only edition of Windows 10 that does NOT support Symmetric MultiProcessing (SMP)?

Windows 10 Home

Name this edition of Windows 10: designed for small and medium-sized businesses. It comes with networking and management features designed to allow network administrators more control over client devices.

Windows 10 Pro

This is a very popular version of Windows and still widely used even though it is no longer being officially supported by Microsoft. Extended support will still be provided until January 14, 2020

Windows 7

What edition of Windows 7 do NOT support Symmetric MultiProcessing (SMP)?

Windows 7 Home (and Windows 7 Home Premium)

What edition of Windows 8 and 8.1 does NOT support Symmetric MultiProcessing (SMP)?

Windows 8 Core

The "look" of Windows Vista and 7 is called _______.

Windows Aero

Step 1 in creating a custom image file for image deployment of Windows 7 is to: Install the _____ on the technicians computer

Windows Automated Installation Kit (Windows AIK)

Which of the following locations/steps allows to view network shares in Windows?

Windows Command Prompt -> net share -> Enter (all network shares) / Windows Run dialog box -> \computer name -> Enter (user shares only) / Shared Folders menu in the Computer Management utility (all network shares) / Windows Command Prompt -> net view \\computer name -> Enter (user shares only) /Windows Command Prompt -> net view \\computer name/ all -> Enter (all network shares).

What Windows option allows you to restore your OS from a previously created backup?

Windows Complete PC Restore

In Windows 8/8.1/10, Windows Defender Firewall can be enabled/disabled in:

Windows Defender Firewall Control Panel applet / Firewall & network protection menu in Windows Settings (accessed via Start menu) / Windows Defender Firewall Control Panel applet -> Advanced settings -> right-click on Windows Defender Firewall with Advanced Security -> Properties.

Which of the following locations provides access to Windows Defender Firewall settings in Windows 8/8.1/10?

Windows Defender Firewall applet in Control Panel / Windows Start button -> Settings -> Update & Security -> Windows Security -> Firewall & network protection.

This tool can be a useful resource for the creation and deployment of custom images for Windows.

Windows Deployment Services (WDS)

What is the modern day graphic driver architecture for video card drivers running Microsoft Windows versions called?

Windows Display Driver Model (WDDM)

Name this edition of Windows 10: meant for use in a school environment rather than a business

Windows Education (and Windows Pro Education)

Which of the following locations in Windows 7 allows to create a shortcut to a shared folder or computer on a network?

Windows Explorer -> Computer -> Map network drive.

Which of the following is a Windows built-in software component that monitors network traffic and depending on the configuration settings applied to each data packet either blocks it or allows it to pass through?

Windows Firewall

Which of the following Control Panel applets provides access to the Windows Firewall with Advanced Security tool?

Windows Firewall (Advanced settings)

In Windows 7, Windows Firewall can be enabled/disabled in:

Windows Firewall Control Panel applet / Windows Firewall Control Panel applet -> Advanced settings -> right-click on Windows Firewall with Advanced Security -> Properties.

Which of the following locations provides access to Windows Firewall settings in Windows 7?

Windows Firewall applet in Control Panel

A Microsoft app allowing the computer to be used as a sort of home entertainment appliance.

Windows Media Center

This Windows memory testing and error detection record tool is accessed through the Windows Recovery mode:

Windows Memory Diagnostic

What Windows mode will allow you to troubleshoot your computer, run memory diagnostic tools, and allows access to Push Button Reset and Refresh?

Windows Recovery Environment (Windows RE)

What feature do you need to access to disable Autorun in optical drives in a Windows 7 OS?

Windows Registry Editor

WSUS

Windows Server Update Services - a program on a server that allows the network administrator to approve updates for certain groups

This is an application for configuring and managing a Windows 10 computer

Windows Settings

Which of the following key combinations can be used to launch Windows Explorer (Windows 7) / File Explorer (Windows 8/8.1/10) in MS Windows?

Windows logo key + E

In Linux, iwconfig and ifconfig display information about the _______ and ______, respectively.

Wireless NIC, all NICS

A user is able to stream video while his smartphone is vertical but when he tilts it into landscape the streaming quickly stops. What could this problem be a symptom of?

Wireless Router Antenna Placement

A Distributed Denial of Service attack often use this type of insidious malware to infect computers, many times without user intervention, and use them as Zombies to attack other network systems.

Worm

Moving files and folders to a different NTFS volume

Write permission is required for the destination folder and Modify for the source folder. NTFS permissions are inherited from the destination folder and the user becomes the Creator/Owner

Moving files and folders on the same NTFS volume

Write permission is required for the destination folder and Modify for the source folder. NTFS permissions are retained

Copying files and folders on the same NTFS volume or different volumes

Write permission is required for the destination folder and read for the source folder. NTFS permissions are inherited from the destination folder and the user becomes the Creator/Owner

Which of the following commands in Windows can be used to display help information related to a specific command-line utility?

[command name] help / [command name] /?

*DISTRIBUTED DoS ATTACK*

a DoS attack that uses multiple compromised computers (a "botnet" of "zombies") to launch the attack

A *Logical* "open port", is described as...

a TCP or UDP network application port

*VULNERABILITY*

a WEAKNESS (design flaw) that could be triggered accidentally or exploited intentionally to cause a security breach

*PHISHING*

a combination of social engineering and spoofing where the attacker tries to obtain user authentication or financial information through a fraudulent request for information.

*LEGACY*

a computer system that is no longer supported by its vendor and so is no longer provided with security updates and patches

Mission Control

a feature of macOS that enables a user to set up one more desktops with different sets of apps and backgrounds

*HACKER COLLECTIVES*

a group of hackers, working together, to target an organization as part of a cyber warfare campaign

cluster

a group of sectors

*SOCIAL ENGINEERING*

a hacking technique of getting users to reveal confidential information or allowing some sort of access to the organization that should not have been authorized

Rootkit

a set of tools designed to gain control of a computer without revealing its prescence

symmetric encryption

a single key is used to encrypt and decrypt data

A *specific* example of PHARMING would be...

a victim enter in mybank.com and instead of pointing to the IP address l.m.n.o, the victims computer points it to a.b.c.d which is a malicious site because of DNS spoofing

A *Physical* "open port", is described as...

an Ethernet port that allows any computer to connect to the switch

*MAC FLOODING*

an attack meant to prevent genuine devices from connecting to a switch and potentially forcing it into "hub" or "flood" mode by OVERLOADING the switch's MAC cache using such tools as Dsniff or Ettercap

*DENIAL OF SERVICE (DoS) ATTACK*

an attack that causes a service at a given host to fail or become unavailable to legitimate users

ARP poisoning

an attack that convinces the network that the attacker's MAC address is the one associated with an allowed address so that traffic is wrongly sent to the attacker's machine

*PHARMING*

an attack that corrupts the way the targets computer performs internet name resolutions through DNS Spoofing

*ARP (Address Resolution Protocol) POISONING*

an attack where a switch's ARP table is poisoned with a false MAC-IP address map, which typically allows the attacker to masquerade as the subnet's default gateway used in a variety of attacks such as DoS, Man-in-the-Middle, and spoofing

Option

apple equivalent of Alt

On Ubuntu, the command to install or upgrade software is ______.

apt-get

bootrec /fixmbr

attempts to repair MBR

Which of the following is a Windows, OS/2 and DOS command-line tool used for checking the file system and status of the system's hard drives?

chkdsk

The command to change a file's permissions on Linux is ______

chmod

The command to change a file's owner on Linux is ______

chown

Although it is derived from UNIX, iOS is has what type of operating system making it's code confidential and only modifiable by Apple?

closed source (operating system)

CDFS

compact disc file system - legacy file system used for optical disc media

copy /y

copy command that suppresses the prompt to confirm if you want to overwrite an existing destination file

copy /v

copy command that verifies that new files are written correctly

The command to copy a file on Linux is _____

cp

Most passwords are stored or sent over a network using some kind of _____ protection.

cryptographic

Which Windows Command Prompt commands can be used to list all directory's files and subdirectories contained in the current directory?

dir / dir *.*

To help prevent logical "open ports" from being exploited, all unnecessary/unused protocols, services, and applications should be _____.

disabled

dir *.*

displays all files and directories in the current directory

dir *.doc

displays all files with the DOC extension in the current directory

dir let *.doc

displays all files with the DOC extension that start with the letters LET

dir let *.doc /s

displays all files with the DOC extension that start with the letters LET and searches for subdirectories

dir *.

displays all files without an extension.

what is a client/server networking model that groups computers together for security and centralized administration called?

domain

A External drive can use USB and what other type of connection to boot from ?

eSATA

This is an answer text file language used in unattended installations that contains all of the instructions that windows Setup will need to install and configure an OS without administrator intervention.

eXtensible Markup Language (XML)

crontab -e

enters the editor

A Microsoft-proprietary file system optimized for flash drives is known as?

exFAT

*DUMPSTER DIVING*

finding useful information about an organization/individual by looking through their garbage (this may also include files stored on discarded removable media)

Port scanning can be blocked by some _____ and _____.

firewalls, IDS

Sometimes you have to access this setup program on a computer in order to ensure a particular boot method is enabled or even available

firmware

chkdsk /f

fixes logical file system errors on the disk from the cmd prompt

Scan engine/components

fixes problems and makes improvements to the scan software itself

format D: /fs:EXFAT

formats D drive to an exfat file system

Social engineering attacks come in various methods including: _____, _____, and _____.

in person, email, phone

Procedural controls

incident response processes, management oversight, security awareness, and training

When moving a file from one folder to another on a different partition, explicit NTFS permissions are _____

inherited

swapon

linux command used to activate the partition swap space

grep

linux command used to search and filter contents of files displaying the lines that match the search string

fdisk

linux command-line program used to create and manage partitions on a hard disk

mkfs

linux command-line program used to format a partition

mkswap

linux command-line program used to format a swap partition

ext

linux file system

cron

linux task scheduler

You can find hardware and driver support at this website for Linux

linux-drivers.org

A website that contains information on Linux products compatibility and a yearly comparison of the various OS distributions is? .... don't think to hard on this one

linux.com

dir/t:c

list by date created

dir/o:e

list by extension

dir/t:w

list by last modified

dir/t:a

list by last time accessed

dir/w/p

lists both wide format and one screen at a time

Component Services

located in Administrative Tools, enables you to register new server applications or reconfigure security permissions for existing services

It's a good thing to remember that attacks can be staged over _____ periods of time and several _____ attacks can lead to the end goal of a large attack.

long small (that's what she said) LOL

What is the Linux command to list the contents of a directory?

ls

*EXPLOIT*

malicious code that can successfully use a vulnerability to compromise a host

*SPOOFING*

misrepresents/disguises oneself online examples include: IP spoofing where the attacker changes their IP address; phishing where an attacker sets up a false website

Provides an interface to some Windows configuration setting within the registry. (even if you are using a 64bit version of Windows it is still named the same)

msinfo32

You need to view the processor information and workstation model on a computer. You hit Win+R and enter _______.

msinfo32

What utility can be used to edit a Remote Desktop Connection file?

mstsc

A MitM attack can be defeated using ______ _____.

mutual authentication (where both server and client exchange secure credentials)

The command to move a file on Linux is _____

mv

MAC flooding

overloading a switch's MAC cache preventing genuine devices from connecting and forcing the switch into "hub" or "flooding" mode

DoS attacks tend to focus on _____ a service or _____ design failures or other vulnerabilities in application software.

overloading, exploiting

What is the Linux command to change your password?

passwd

PCI DSS

payment card industry data security standard - governs the processing of credit card and other bank payments

format D: /fs:EXFAT /q

performs a quick format that doesn't scan for boot sectors

In this type of VDI at the end of a session, user data and personal settings are save

persistent

A *specific* example of TAILGATING might be...

persuading someone to hold the door open, using the excuse "I forgot my badge/key"

To help prevent physical "open ports" from being exploited, they should be _____ or _____ disabled.

physically, administratively

A command-line utility used for checking the reachability of a remote network host is known as:

ping

On Linux, pwd is for _______, and passwd is for ______.

pwd prints current directory, passwd is for changing passwords

rm -r

removes a directory and its contents recursively

A classic example of an IMPERSONATION attack is for the attacker to phone a department claiming they have to adjust something on the users system remotely and get the user to _____.

reveal their password

The command to remove a file on Linux is _____

rm

rstrui

runline command for system restore

Disabling unnecessary accounts

-All operating systems include other accounts • guest, root, mail, etc. -Not all accounts are necessary • Disable/remove the unnecessary • Disable the guest account -Disable any interactive logins • Not all accounts need to login -Change the default usernames / passwords • User:admin Password:admin • Helps with brute-force attacks

A tool used in Network Mapping is having unauthorized hosts connect to the network through _____ _____ (which are either Physical or Logical).

"open ports"

Task Manager

- Provides Real-time system statistics • CPU, memory, disk access, etc. -Starting the Task Manager: • Ctrl-Alt-Del, select Task manager • Right mouse click the taskbar and select Task Manager • Ctrl-Shift-Esc -Enhancements since Windows 7 • More information and features

Password expiration and recovery

-All passwords should expire • Change every 30 days, 60 days, 90 days -Critical systems might change more frequently • Every 15 days or every week -The recovery (password reset) process should not be trivial! • Some organizations have a very formal process

Image recovery (Mac OS Tools)

-Build a disk image in Disk Utility • Creates an Apple Disk Image (.dmg) file -Mount on any Mac OS X system • Appears as a normal file system • Copy files from the image -Use the restore feature in Disk utility • Restore a disk image to a volume

HomeGroup

-Can easily share information • Available in Windows 7 / Windows 8/8.1 • HomeGroup support was removed from Windows 10 • Documents, pictures, music, video -A network for the home • Must be set to "Home" in Windows -Enable HomeGroup - A single password for everyone

BIOS settings network settings

-Can enable/disable network adapters • On and off - Not much nuance • Might show up as "integrated devices" > "Onboard LAN controller"

Full device encryption (Mobile Devices)

-Can encrypt all device data • Phone keeps the key -In iOS 8 and later • Personal data is encrypted with your passcode -In Android - Full device encryption can be turned on

RDP (Remote Desktop Protocol) (Remote Access Technologies)

-Can share a desktop from a remote location over tcp/3389 -Remote Desktop Services available on many Windows versions -Can connect to an entire desktop or just an application -Clients for Windows, MacOS, Linux, Unix, iPhone, and others

The Run line

-Can start an application as a command • Instead of the graphical interface -Can use the run/search or command prompt • Options can be specified as part of the command

Domains

-Central database • Active Directory Domain Services • Designed for the enterprise -User accounts are managed centrally • Devices are added to the domain -Manage all devices and users • Deploy software • Manage the operating system -Managed in Control Panel / System

Content filtering (Securing SOHO Network)

-Controls traffic based on data within the content • Data in the packets -Corporate can control outbound and inbound data that contains sensitive materials -Controls inappropriate content • Not safe for work, parental controls -Can protect against evil • Anti-virus, anti-malware

Cloud Storage (Disaster Recovery)

-Data is available anywhere, anytime, on any device • If you have a network, you have your data -Advantages over local backups • No tape drives to manage • No offsite storage processing -Disadvantages over local backups • Data is not under your direct control • Strong encryption mechanisms are critical

User Accounts Applet

-Local user accounts • Located in Control Panel under "User Accounts" • Domains accounts are stored elsewhere -Creating local account requires account name and type • Can change password • Can change picture • Can associate a certificate information for a particular user

Print Management

-Located in Control Panel under Administrative Tools -Can manage printers • Share printers from one central console -Add and manage printer drivers • Central management of 32-bit and 64-bit drivers

iCloud (Mac OS Features)

-Integrates Apple technologies - Mac OS, iOS -Share across systems • Calendars, photos, documents, contacts, etc. -Can backup iOS devices to never lose data again -Store files in an iCloud drive • Similar to Google Drive, Dropbox • Integrated into the operating systems

gpedit.msc

group policy snap in

Which of the following command-line commands in MS Windows are used for resetting the DHCP configuration settings for all adapters?

ipconfig /release / ipconfig /renew

command

the command or script to run along with the full path to the file

Where are the log files stored?

%SystemRoot%\System32\Winevt\Logs folder

telnet

port 23

File management

-dir • Lists files and directories in cmd prompt -cd • Change working directory in cmd prompt • Use backslash \ to specify volume or folder name -.. • Two dots/periods in cmd prompt • The folder above the current folder

What MSConfig tab allows you to access Safe boot options?

Boot

In order for Windows Setup to repartition a hard disk you first need to boot to _____ in _____ mode

DVD, UEFI

Which of the following is an MS Windows diagnostic tool for detecting display, sound, and input related problems?

DxDiag

There appears to be an issue with DirectX on your home computer. What tool might help diagnose the issue?

DxDiag.exe

You need to distribute an application across all clients in a Active Directory Domain which you maintain spread over several geographic locations. What allows you to assign this to domain users or computers and install the application automatically?

Group Policy

What is a collection of settings that define what a system will look like and how it will behave for a specific set or group of users called?

Group Policy Object (GPO)

GPO

Group Policy Object - a means of applying security settings and other administrative settings across a range of computers and users

GPO

Group Policy Objects - a windows policy in which a computer remotely installs an application from a network folder without any administrator intervention

Users

Group is able to perform most common tasks such as shutdown, running applications, and using printers. They can also change time zone and install printers

The boot method of a Internal fixed disk is found on the:

HHD or SSD

To make an IMPERSONATION attack more convincing, attackers will intimidate and coax their targets by:

pretending to be someone senior in rank, using technical arguments and jargon, alarming them with a hoax, or engaging with them and putting them at ease.

SMP stands for?

Symmetric multiprocessing

to adjust settings of an apple track pad

System Preferences -> Trackpad

apt-get (Linux Command)

-Advanced Packaging Tool • Handles the management of application packages • Applications and utilities -Install, update, remove software • "> sudo apt-get install wireshark" shows the command installing wireshark

Networking Tab

-Can view network performance • Separate tab in Windows 7 • Integrated into the Performance tab in Windows 8/8.1/10 -View utilization, link speeds, and interface connection state

General tab

-Controls the startup process • Normal, Diagnostic, Selective -Normal startup • Nothing to see here, go about your business -Diagnostic startup • Similar to Safe Mode, but not quite the same -Selective startup • You decide what to load

Copy command

-Copy files from one location to another • copy (/v, /y) -copy /v • Verifies that new files are written correctly -copy /y • Suppresses prompting to confirm you want to overwrite an existing destination file

Memory diagnostics

-Is your memory working? • I don't remember -May be launch automatically • Or launched manually - Will run multiple passes • Will Try to find the bad chip/module -Located in Control Panel under Administrative Tools

Temporal Key Integrity Protocol (TKIP)

-It mixed the keys • It combined the secret root key with the Initialization Vector (IV) -Provided a sequence counter • Prevents traffic from replaying in the wireless network -Implemented a 64-bit Message Integrity Check • To protect against wireless data tampering as it went across the wireless network -TKIP also had it's own set of vulnerabilities • Was removed from the 802.11-standard in 2012

Physical security (Securing SOHO Network)

-Physical access • A relatively easy hack • Highly secure data centers -Door access • Lock and key • Electronic keyless -Biometric • Eyeballs and fingers -Must be a well documented process that can be applied to any SOHO locations

Robust Copy

-robocopy • A better xcopy • Has the ability to resume a file transfer if it is interrupted • Looks and acts similar to xcopy • Most syntax is the same as xcopy • Shows results, time taken, and throughput of the copy process -Included with Windows 7, 8.1, and 10

Shutdown command

-shutdown • Shutdown a computer • And optionally restart "shutdown /r" -shutdown /s /t nn • Wait nn seconds, then shutdown -shutdown /r /t nn • Shutdown and restart after nn seconds -shutdown /a • Abort the countdown!

3

-wx

CD audio track file

.cda

What command line prompt when added to copy will allow you to suppress any prompting to confirm you want to overwrite an existing destination file.

/y

Which of the copy command switches suppresses the confirmation prompt displayed when Windows is about to overwrite the contents of an existing file?

/y

There is generally how many extended partitions a basic disk really needs?

1

LocalService

A limited account used to run services that cannot make system wide changes. Also it can access the network anonymously

diskmgmt.msc

opens disk management console from runline

What tool allows you to use Group Policy to edit all networked computers in order to disable functions such as Autorun:

Registry Editor

HOSTS file location in Windows

%SYSTEMROOT%\System32\drivers\etc\hosts

WWAN

(Wireless Wide Area Network) A computer network that enables users to wirelessly connect to their offices or the Internet via a cellular network. Sometimes referred to as wireless broadband.

Apple iOS history

-Apple iPhone and Apple iPad OS • Based on Unix • Closed-source - No access to source code • Exclusive to Apple products -iOS Apps • Apps are developed with iOS SDK on Mac OS X • Apps must be approved by Apple before release • Apps are available to users in the Apple App Store

Repair application (Troubleshooting Solutions)

-Application issues • Problems with the application files or its configurations -Each application might have its own repair process • To fix missing files • To replace corrupted files • Can fix application shortcuts • Can repair registry entries • Or just update or reconfigure drivers -Not all applications have a repair option

Critical application backups (Disaster Recovery)

-Application software • Might be a simple backup • Or often distributed across multiple servers -Application data • Store in a single databases • Or data is stored throughout the application servers -Location of data • Might be stored locally and/or cloud-based -All of these are needed when doing a restore • They all work together

Account recovery options (Disaster Recovery)

-Apps won't work if users can't login • Your Windows Domain will most likely be the foundation of your recovery efforts -Consider other authentication requirements • Multi-factor authentication validation • Additional authentication databases such as RADIUS or TACACS -Another good reason for centralized administration • No local accounts

Clarify customer statements (Communication)

-Ask pertinent questions • Drill-down into the details • Avoid an argument • Avoid being judgmental -Repeat your understanding of the problem back to the customer • Did you understand the customer correctly? • Repeating information might allow for other details to arise -Keep an open mind • Ask clarifying questions, even if the issue seems obvious • Never make assumptions

Effective social engineering

-Attacks are constantly changing • You never know what they'll use next -Attacks may involve a single person or multiple people • May involve one organization or multiple organizations • There are ties that may connect many organizations -May be in person or electronic: • Phone calls from aggressive "customers" • Emails for funeral notifications of a friend or associate

5. Schedule scans and run updates (Removing Malware)

-Built into the antivirus software • Automated signature updates and scans -If Anti-Malware software does not have a way to automatically update, use Task scheduler • Run any task including signature updates -Check Windows operating system updates • Make sure its enabled and working

Windows 7 Starter

-Built for netbooks -No DVD playback or Windows Media Center -No Windows Aero -No Internet Connection Sharing (ICS) -No IIS Web Server -Does not support enterprise technologies • Cannot join a domain • No BitLocker support • No EFS (Encrypting File System) support -Only available as x86, maximum of 2 GB of RAM -Not supported in x64 bit version

Windows 7 Starter

-Built for netbooks -No DVD playback or Windows Media Center -No Windows Aero -No Internet Connection Sharing (ICS) -No IIS Web Server -No enterprise technologies • No Domain connection, BitLocker, EFS, etc. -Only a 32-bit version, maximum of 2 GB of RAM • Not supported in 64-bit version

Vendor-specific limitations

-End-of-life • Different companies set their own EOL policies -Software Updates • iOS, Android, and Windows 10 check and prompt for updates • Chrome OS will update automatically -Compatibility between OS's • Some movies and music can be shared -Almost no direct application compatibility • Fortunately, many apps have been built to run on different OS's • Some data files can be moved across systems • Web-based apps have potential

Vendor-specific limitations

-End-of-life • Different companies set their own EOL policies -Updating • iOS, Android, and Windows 10 check and prompt for updates • Chrome OS will update automatically -Compatibility between operating systems • Some movies and music can be shared -Almost no direct application compatibility • Fortunately, many apps have been built to run on different OSes • Some data files can be moved across systems • Web-based apps have potential

Dock (Mac OS Features)

-Fast access to apps • Quickly launch programs -View running applications • Dot underneath the icon -Keep folders in the dock • Easy access to files -Move to different sides of the screen • Auto-hide or always display

NTFS vs. Share permissions

-File access is controlled by either NTFS permissions or Share permissions -NTFS permissions apply from local and network connections -Share permissions only apply to connections over the network • A "network share" -The most restrictive setting wins • Deny access beats allow access -NTFS permissions are inherited from the parent object • Will keep the same permissions if the data is moved within the same volume • If data is moved to a different volume, then the permissions will be associated with where its placed in that volume.

services.msc

-Located in Control Panel under Administrative Tools as Services • Can also open through the cmd line or Run cmd -Useful when troubleshooting the startup process -Control background applications -Services can reveal dependencies between applications

Deleting Windows profiles (Troubleshooting Solutions)

-Login to the computer with Domain Administrator rights -Rename the \Users\name folder such as user.old • This will save important files -Backup the user's registry • HKLM\SOFTWARE\Microsoft\Windows NT\ CurrentVersion\ProfileList • Right-click and Export • Delete the registry entry - (You have a backup) • Restart the computer

Reconstructing Windows profiles (Troubleshooting Solutions)

-Login to the computer with the user account • The profile will be rebuilt with no files • This will recreate the \Users\name folder -Once the account is created, log out of the user account and login as Domain Administrator • Copy over any important files from the old profile such as documents located under "Desktop" or "My Documents" -Do not copy the entire profile • Corrupted files might exist in the old profile -Logout as Domain Administrator, Log back in with the user account

Startup tab

-Manages which programs start with a Windows login • Easily toggle on and off -Multiple reboots needed before locating the troublesome application during troubleshooting (You'll find it) -This feature has moved to the Task Manager in Windows 8/8.1/10

Zero-day attacks

-Many OS's or applications have vulnerabilities • They just haven't discovered them yet -Someone is working hard to find the next big vulnerability • The good guys share these with the developer -Bad guys keep these yet-to-be-discovered holes to themselves • They want to use these vulnerabilities for personal gain or to sell -Zero-day • The vulnerability has not been detected or published • Zero-day exploits are increasingly common -Known vulnerabilities can be found at Common Vulnerabilities and Exposures (CVE) • http://cve.mitre.org/

Multi-factor authentication (Logical Security)

-More than one factor of authentication • Something you are (biometric = fingerprint) • Something you have (smartcard or mobile phone) • Something you know (password) • Somewhere you are (GPS check) • Something you do (signature) -Can be expensive when implementing • assigning separate hardware tokens that generates a random number -Inexpensive methods include: • Free smartphone applications • Software-based token generator

NTFS and CDFS

-NTFS - NT File System • Extensive improvements over FAT32 • Quotas, file compression, encryption, symbolic links, large file support, security, recoverability -CDFS - Compact Disk File System • ISO 9660 standard • All operating systems can read the CD

Directory permissions (Logical Security)

-NTFS permissions • Much more granular than FAT • Owner of a file can lock down access • Prevents accidental modification or deletion • Some information shouldn't be seen -User permissions • Everyone isn't an Administrator • Can assign proper rights and permissions • This may be an involved audits ran by security administrators

6. Enable System Protection (Removing Malware)

-Now that you're clean • Put things as they were • Turn on System Protection -Create a restore point manually • Start populating again

ODBC Data Sources

-ODBC - Open Database Connectivity -Application independence • Database and OS doesn't matter -Configure in Control Panel / Administrative Tools • Users probably won't need this -Located in Control Panel under Administrative Tools

1. Identifying malware symptoms (Removing Malware)

-Odd error messages may appear • Application failures • Security alerts -May cause system performance issues • Slow boot-up • Slow applications -Research the malware • Research the messages to now what you're dealing with • Research any fake applications that appear

Setting expectations (Communication)

-Offer different options • Repair • Replace • Let the user make the decision -Document everything • Leave no room for questions • Useful when different scenarios are expected -Keep everyone informed • Even if the status is unchanged -Follow up afterwards • Verify satisfaction

Trusted vs. untrusted sources (Mobile Devices)

-Once malware is on a phone, it has a huge amount of access • In Android OS, Don't install APK files from an untrusted source -iOS • All apps are curated by Apple -Android • Apps can be downloaded from Google Play or sideloaded (3rd party) • 3rd party installs are where problems can occur

End user education

-One on one with end users • Personal training -Posters and signs as reminders • High visibility -Message board posting • The real kind -Login messages • These become invisible -Intranet page resources • Always available to the user

Protecting against non-compliant systems

-Operating system control to make sure they stay in compliance • Apply policies that will prevent non-compliant software -Monitor the network for application traffic • Next-generation firewalls with application visibility -Perform periodic scans and compliance checks • Login systems can scan for non-compliance • Requires correction before the system is given access • If the scan shows the system is not in compliance, a message can be shown to guide the user on bringing them back into compliance

Mobile Device Management (MDM) (Logical Security)

-Can manage company-owned and user-owned devices • User owned devices are referred to BYOD (Bring Your Own Device) -Centralized management of the mobile devices • Specialized functionality -Can set policies on apps, data, camera, etc. • Controls the remote device • Can control the entire device or a "partition" when managing company data and personal data -Manage access control • Forces screen locks and PINs on these single user devices

Mission Control and Spaces (Mac OS Features)

-Can quickly view everything that's running • Spread out the desktop into a viewable area • Swipe upwards with three fingers or Control-Up arrow -Spaces • Multiple desktops • Add Spaces inside of Mission Control

Malware OS symptoms (Troubleshooting Security Issues)

-Can renamed or delete system files -Files disappear or are deleted • Or even encrypted -Can cause file permissions to change • Protections are modified -Access denied • Malware locks itself away • It doesn't leave easily -Use a malware cleaner or restore from known good backup • Some malware is exceptionally difficult to remove

Terminal (Mac OS Tools)

-Command line access to the operating system • Manage the OS without a graphical interface -OS access • Run scripts, manage files • Configure OS and application settings

Windows PowerShell (Scripting)

-Command line for system administrators • Conains a ".ps1" file extension • Included with Windows 8/8.1 and 10 -Extends command-line functions • Uses and referred to as cmdlets (command-lets) • Can run as powerShell scripts and functions or standalone executables -System administrators can use Windows PowerShell to automate and integrate the OS and workstations into an AD infrastructure

Windows 7 Ultimate

-Complete functionality -Domain support, Remote Desktop, EFS -Supports all enterprise technologies • Including BitLocker -Available as a x64 version and supports 192 GB of RAM -Same features as Windows 7 Enterprise • But for the home user

Port security example (Logical Security)

-Configure a maximum number of source MAC addresses on an interface • You decide how many is too many • You can also configure specific MAC addresses -The switch monitors the number of unique MAC addresses • Maintains a list of every source MAC address -Once you exceed the maximum, port security activates • Default is to disable the interface

Wireless security modes

-Configure the authentication on your wireless access point / wireless router -Open System wireless configuration • No authentication password is required Home wireless configuration: -WPA2-Personal / WPA2-PSK • WPA2 with a pre-shared key • Everyone uses the same 256-bit key Business/Company wireless configuration: -WPA2-Enterprise / WPA2-802.1X • Authenticates users individually with an authentication server (i.e., RADIUS, TACACS+) • It adds additional factors such as disable/enabling user accounts or not having to manage other WiFi passphrases

Incident response: Chain of custody (Privacy, Licensing, and Policies)

-Control evidence • Maintain integrity -Everyone who contacts the evidence • Avoid tampering • Use hashes -Label and catalog everything • Seal, store, and protect • User digital signatures to avoid tampering

Privacy filters (Physical Security)

-Control your input • Be aware of your surroundings -Use privacy filters to lower the viewable screen -Keep your monitor out of sight • Away from windows and hallways

Boot tab

-Controls the boot location • Multiple locations and operating systems -Advanced options • Number of processors, maximum memory, etc. -Boot options • Safe boot, remove the GUI, create a boot log file, base video, OS boot information (shows drivers as they load), set timeout for booting

Boot tab

-Controls the boot location • Multiple locations and operating systems -Advanced options • Number of processors, maximum memory, etc. -Boot options • Safe boot, remove the GUI, create a log file, base video, OS boot information (shows drivers as they load), set timeout for booting

Why do you need an OS?

-Controls the interaction between components • Memory, hard drives, keyboard, CPU -A common platform for applications -A way for humans to interact with the machine • The "user interface" (either command line or GUI) • Hardware can't do everything! Software is required

Why do you need an OS?

-Controls the interaction between the components • Such as the memory, hard drives, keyboard, CPU -A common platform for applications -A way for humans to interact with the machine • Contains a "user interface" (either by command line or GUI) • Hardware can't do everything! It needs software to tell it what to do

Types of door access controls (Physical Security)

-Conventional method • Lock and key -Deadbolt method • Physical bolt -Electronic method • Keyless, RFID badge -Token-based method • Magnetic swipe card or key fob -Biometric method • Hand, fingers or retina -Multi-factor method • Smart card and PIN

Avoid being judgmental (Professionalism)

-Cultural sensitivity at work • Use appropriate professional titles -You're the teacher • Not the warden • Leave insults on the playground -Make people smarter by spending extra time with teaching the user • They'll be better technologists -You're going to make some BIG mistakes • Remember them so that they happen again

How Windows gets an IP address

-DHCP (Dynamic Host Configuration Protocol) • Automatic IP addressing • This is the default -APIPA (Automatic Private IP Addressing) • There's no static address or DHCP server • Communicates locally (link-local address) • Assigns IP range of 169.254.1.0 to 169.254.254.255 • No Internet connectivity -Static address • Assigns all IP address parameters manually • Specific details will need to known

IP addressing (Securing SOHO Network)

-DHCP (automatic) IP addressing vs. manual IP addressing -IP addresses are easy to see in a unencrypted network -If the encryption is broken, the IP addresses will be obvious -Configuring a static IP address is not a security technique • Security through obscurity

BitLocker and EFS

-Data confidentiality is the most important asset • Encrypt important information -Encrypting File System • Protect individual files and folders • Built-in to the NTFS file system -BitLocker • Full Disk Encryption (FDE) • Everything on the drive is encrypted • Even the operating system -Home and business use • Especially on mobile devices

BitLocker and EFS

-Data confidentiality is the most important asset • Important information needs to be encrypted -Encrypting File System (EFS) protects individual files and folders • Built-in to the NTFS file system -BitLocker • Full Disk Encryption (FDE) • Everything on the drive is encrypted • Even the operating system -Home and business use • Especially on mobile devices

The WPS hack (Securing SOHO Network)

-December 2011 - WPS has a design flaw • It was built wrong from the beginning -PIN is an eight-digit number • Really seven digits and a checksum • Seven digits, 10,000,000 possible combinations -The WPS process validates each half of the PIN • First half, 4 digits. Second half, 3 digits. • First half, 10,000 possibilities. • Second half, 1,000 possibilities -It takes about four hours to go through all of them if no lockout process was implemented • Most devices now include a lockout function in newer devices • Most people disable WPS completely

Environment variables (Scripting)

-Describes the environment the operating system is working under • Scripts use these to make decisions -Common environment variables • Location of the Windows installation • The search path • The name of the computer • The drive letter and path of the user's home directory

Network topology diagrams (Documentation Best Practices)

-Describes the network layout • May be a logical diagram • Can include physical rack locations

Windows 10 Home

-Designed for home user, retail customer -Integrates with Microsoft account • Microsoft OneDrive can be used to backup your files -Windows Defender is included • Anti-virus and anti-malware software -Cortana is included • Allows you to talk to your OS -Does not support: • Hyper-V • Bitlocker • Cannot join the domain • AppLocker • BranchCache -Max x86 RAM 4 GB -Max x64 RAM 128 GB

Windows 10 Home

-Designed for home user, retail customer -Integrates with Microsoft account • Microsoft OneDrive is used to backup your files -Windows Defender is included • Anti-virus and anti-malware -Cortana is included • Talk to your operating system -Does not support: • Hyper-V • Bitlocker • Cannot join the domain • AppLocker • BranchCache -Max x86 RAM 4 GB -Max x64 RAM 128 GB

Certificate of destruction

-Destruction is often done by a 3rd party • 3rd parties usually have the drills and degaussers to perform the work -Need confirmation that your data is destroyed • Service should include a certificate (If not, request one) -A paper trail of broken data will be needed for future auditing purposes • You know exactly what happened

Scope the change (Change Management)

-Determine the effect of the change • May be limited to a single server • Or an entire site -A single change can be far reaching • Changes at the switch which can affect multiple applications • Internet connectivity changes • Changes in remote site access • Changes in external customer access -How long will this change last? • Will it have no impact • Or hours of downtime

3. Disable System Restore (Removing Malware)

-Restore points make it easy to rewind • Malware infects restore points -Disable System Protection to delete all previous restore points • No reason to save an infected config -Delete all restore points • Remove all infection locations

BitLocker (Windows Security Settings)

-Encrypts an entire volume • Not just a single file • Protects all of your data, including the OS -What If the laptop is lost? • Doesn't matter without the password -Data is always protected • Even if the physical drive is moved to another computer -BitLocker To Go • Encrypts removable USB flash drives

EFS (Encrypting File System)

-Encrypts at the file system level on NTFS -Supported operating systems • 7 Professional, Enterprise and Ultimate • 8 and 8.1 Pro and Enterprise • 10 Pro, Enterprise, and Education -Uses password and username to encrypt the key • Administrative resets will cause EFS files to be inaccessible

WWAN connections

-Wireless Wide Area Network • Built-in mobile technology -Hardware adapter is installed on computer • Antenna connections -Can be USB connected or 802.11 wireless • Tether • Hotspot -Might require third-party software • Each provider is different

Mitigating DDoS attacks

-You may be able to filter out traffic patterns • Stopping the traffic at your firewall -Internet service provider may have anti-DDoS systems • These can help "turn down" the DDoS volume -Third-party technologies available • Such as CloudFlare, etc.

Anti-virus and anti-malware

-You need both -Real-time options • Not just an on-demand scan -Modern anti-malware recognizes malicious activity • Doesn't require a specific set of signatures

Shoulder surfing

-You probably have access to important information that many people want to see • Causes curiosity, industrial espionage, competitive advantage -Surprisingly easy to do • At Airports / Flights • With hallway-facing monitors • Coffee shops -Surfing from afar • by using Binoculars / Telescopes • Easy in the big city -Webcam monitoring

Disabling ports (Securing SOHO Network)

-disable physical ports • Conference rooms or break rooms -Administratively disable unused ports which would prevent someone going into a wiring closet and connecting to the network • More to maintain, but more secure -Network Access Control (NAC) • 802.1X controls • You can't communicate unless you are authenticated

What MSConfig tab allows you to select the default OS to load in a multiboot environment?

Boot

A multiboot utility provided by Apple that allows dual-booting macOS and Windows is...

Boot Camp

BCD

Boot Configuration Data

If you screw up the order of installing multiboot operating systems what utility can you use to reconfigure it manually following installations of OSs?

Boot Manager

A computer running Windows 8.1 hangs after its OS has been updated and restarted. What should you do first to correct this issue?

Boot into Safe Mode

Which of the configuration features listed below can be managed through the MSConfig Boot tab?

Boot logging / Default OS to load in a multiboot environment / Amount of hardware resources to be used by the chosen OS in a multiboot environment (e.g. the maximum amount of RAM) / Safe boot options

If Startup repair fails what other option can you chose to use to repair a corrupt MBR?

Bootrec.exe

Windows 8 is encountering a problem while booting. It reports an invalid disk error when starting. After you boot to the Recovery Environment (RE) what command line tool will allow you to attempt to repair a corrupt boot record?

Bootrec.exe

A centralized cache of information for computers installed in different geographic locations.

BranchCache

Name that OS type: an OS designed to work as a client in business networks

Business Client

A file system designed for optical media is called?

CDFS

What CLI program in Windows can find and repair filesystem and disk problems?

CHKDSK

The GPT can check if it is corrupted using a ____.

CRC (cyclic redundancy check)

Upgrade Windows 8.1 Core to Windows 10

Can upgrade to: • Windows 10 Home • Windows 10 Pro Cannot upgrade to (requires clean installation): • Windows 10 Enterprise

Upgrade Windows 7 Ultimate to Windows 10

Can upgrade to: • Windows 10 Pro Cannot upgrade to (requires clean installation): • Windows 10 Home • Windows 10 Enterprise

gpupdate /force

Causes all policies(new and old to be reapplied)

This OS is designed to work with handheld portable devices. The OSs must have touch-operated interface

Cell phone/Tablet

CA

Certificate Authority - a third party that vouches for certificates

When disposing of hardware storage devices, which of the following may you be required to obtain to ensure regulatory compliance for data security?

Certificate of Destruction

chkdsk

Check Disk - checks the integrity of disks and can repair any problems detected

To repair a Windows 7 installation there are 4 steps this is step 4

Click Upgrade

Windows Domains are based on what networking architecture?

Client-Server

Which of the following statements describing features of Windows HomeGroups are true?

Communication between HomeGroup computers is encrypted with a pre-shared password / An ad hoc home networking system for file and printer sharing / HomeGroups are available only in Windows 7/8/8.1 and early versions of Windows 10.

What is a MS Windows utility designed both for system administrators and for application developers to configure COM components, COM+ applications, and more?

Component Services

Many of the utilities available in the Administrative Tools menu in Windows Control Panel are implemented as the so-called Microsoft Management Console (MMC) snap-ins. The most prominent MMC component in this menu (which contains a collection of other MMC snap-ins such as Device Manager, Disk Management, and Event Viewer) is called:

Computer Management (compmgmt.msc)

Which of the following can be used to launch the Disk Management utility in Windows?

Computer Management / Windows Run dialog box / Quick Access Menu (displayed after right-clicking on the Windows Start button).

Which of the following locations provide direct access to the Device Manager applet in MS Windows?

Computer Management utility in the Administrative Tools folder in Windows Control Panel / Windows Run dialog box (after typing in devmgmt.msc and pressing Enter) / Windows Control Panel.

ITIL (Information Technology Infrastructure Library): This is any service component, infrastructure element, or other item that needs to be managed in order to ensure the successful delivery of services

Configuration Item (CI)

This is an ITIL database used by an organization to store information about hardware and software assets.

Configuration Management DataBase (CMDB)

The tools and databases that collect, store, manage, update and preset information about CIs.

Configuration Management System (CMS)

What Internet Option utility will allow you to configure a proxy server?

Connections

Which of the following answers describes the correct sequence of steps for accessing the Speed & Duplex settings of an Ethernet adapter in MS Windows?

Control Panel (Icon view) -> Network and Sharing Center applet -> Change adapter settings -> right-click on the device -> select Properties from the pop-up menu -> click the Configure... button -> On the Advanced tab, select the Speed & Duplex settings.

Which Control Panel applet in Windows allows to manage usernames and passwords for websites, connected applications and networks?

Credential Manager

Virtual memory, Extended partition and what other option can be used as an Random Access Memory extension?

Swap partition

This is a common SOHO network hardware that allows local computers to connect to the network via RJ-45 ports.

Switch

Windows 7 home and home premium do not support the use of Multiple CPUs. What is this process known as?

Symmetric multiprocessing

What Microsoft Windows tool can be used by system administrators to find and isolate problems that might prevent the OS from starting correctly

System Configuration

A virus has damaged several device drivers on your system. After properly removing the virus you still need to restore the drivers to working order. What tool will allow you to do so?

System File Checker

A Windows 8 computer is having AC power issues and you suspect the System Files have become corrupted. What tool allows you to check for this type of corruption?

System File Checker (SFC)

sfc

System File Checker - a utility that provides a manual interface for verifying system files and restoring them from cache if they are corrupt or damaged

What system management tool is used to configure answer files for unattended installations?

System Image Manager

In a multiboot environment what separate partition must be accessible to all Operating Systems?

System Partition

adding a new account in MacOS

System Preferences ->users and groups

Both Startup Repair and Bootrec.exe are accessed through which Windows options screen?

System Recovery

An MS Windows system utility that allows to roll back system files and settings to an earlier point in time is called:

System Restore

If a device driver that was installed recently is causing system errors what can a technician perform to correct this problem relatively quickly?

System Restore

This System information application contains summaries about the operating system, firmware versions and registration details.

System Summary

end-of-life system

System for which vendors have dropped all support for security updates due to the system's age.

This is a template containing OS and other software information generally used in corporate network environment installations:

System image

A computer that has image deployment tools such as Windows Automated Installation Kit and Windows Preinstallation Environment is known as a _____ computer

Technician

Creator Owner Group

The account that created or "owns" an object, usually a user account.

Slow profile loads (Troubleshooting Windows)

-Roaming user profile • Your desktop follows you to any computer • Changes are synchronized -Network latency to the domain controller • Slows login script transfers • Slow to apply computer and user policies • May require many hundreds (or thousands) of LDAP queries -Client workstation picks a remote domain controller instead of local DC • Problems with local infrastructure

Incident response: Documentation (Documentation Best Practices)

-Security policy • An ongoing challenge • Covers every aspect of IT security for the company -Documentation must be available for everyone • Any employee can access that information • Commonly posted on the intranet -Documentation always changes • Constant updating • A process needs to be in place • Use the wiki model so that changes can be made quickly and seen by everyone in the organization

The disk partition

-Separates the physical drive into logical pieces • Useful to keep data separated • Multiple partitions are not always necessary -Useful for maintaining separate operating systems • Windows, Linux, etc. -Formatted partitions are called volumes • Microsoft's nomenclature • Volume and Partition mean the same thing

The Task Manager utility in Windows 8/8.1/10 contains a tab previously included as part of the System Configuration (MSConfig) utility. The tab allows system administrators to control user applications that should be enabled/disabled during system boot. This tab is called:

Startup

Bootrec.exe should be used to repair a corrupt MBR after using which other option?

Startup Repair

What Windows option allows you to restore a missing or repair a corrupt bootrec.exe file?

Startup Repair

Which volume type in Windows Disk Management utility uses RAID 0 setup for performance gains?

Striped volume

Which of the following locations in Windows 8/8.1/10 provides access to configuration options that would allow to create an exception for a TCP or UDP port?

Windows Defender Firewall applet in Control Panel -> Advanced settings -> right-click on Inbound/Outbound Rules -> New Rule... -> Port

SSID management (Securing SOHO Network)

-Service Set Identifier • Name of the wireless network • Common SSID's : LINKSYS, DEFAULT, NETGEAR -You have the option to change the SSID to something not-so obvious -You can also disable SSID broadcast • SSID is easily determined through wireless network analysis • Security through obscurity

Restart services (Troubleshooting Solutions)

-Services • Applications that run in the background • No user interaction -Similar issues as a normal process • Resource utilization • Memory leaks • Crashes -View status in Task Manager • Under Services tab • You can right-click to start, stop, or restart • You can open service to get more info

legal and regulatory or compliance controls

privacy laws, policies, and clauses

Certificate-based authentication (Logical Security)

-Smart card • Private key is on the card -PIV (Personal Identity Verification) card • US Federal Government smart card • Picture and identification information -CAC (Common Access Card) • US Department of Defense smart card • Picture and identification -IEEE 802.1X • Gain access to the network using a certificate • Stored on the device or separate physical device (e.g. USB key)

Email security (Troubleshooting Security Issues)

-Spam • Any unsolicited email messages • Advertisements • Phishing attacks • Spread viruses via attachments within the email • Spam filters can be helpful to filter out unwanted emails -If the email is hijacked • Infected computers can become email spammers • You'll receive odd replies from other users • You'll receive bounced messages from unknown email addresses -Scan for malware to see if malware can be identified

Room control (Environmental Impacts)

-Specific temperature level • Devices need constant cooling (So do humans) -Humidity level • High humidity promotes condensation • Low humidity promotes static discharges • 50% is a good number but might be difficult to maintain -Proper ventilation is needed • Computers generate heat • Don't put everything in a closet • Need a method to get hot air out and cool air in

Mitigating man-in-the-middle

-Use encrypted protocols to mitigate MITM attacks • use HTTPS (not HTTP) if using a browser • use SSH (not telnet) if connecting to a console -Communicate over a secure channel • Client-based VPN -Use encrypted wireless networks • Avoid insecure networks such as Public WiFis or Hotel WiFi's

Standard OS features

-Used for file management • You can Add, Delete, Rename files -For application support • Manages memory or swap file (swap space or pagefile) -Input and Output support • Printers, keyboards, hard drives, USB drives -Operating system configuration and management tools

Access Control Lists (ACLs) (Logical Security)

-Used to allow or deny traffic • Also used for NAT, QoS, etc. -Defined on the ingress or egress of an interface • Often on a router or switch • Can be configured to either view Incoming or outgoing traffic or both -ACLs evaluate on certain criteria • Identify traffic based on Source IP, Destination IP, • Either on TCP port numbers, UDP port numbers, • Certain protocol, such as ICMP -Can deny or permit if the criteria is met • What happens when an ACL matches the traffic?

Scripting basics(Scripting)

-Variables • Can associate a name with an area of memory -Variable "x=1" • x=1. y=x+7. Therefore, y=8. • Variable "pi" can hold the value of "3.14" • pi=3.14 • Variable "greeting" can hold text values "Hello and welcome." • greeting="Hello and welcome."

Scripting data types (Scripting)

-Variables are associated with the data type depending on the information that is being stored -String data types • Variable "name" can store the string/text information "Professor Messer" • name="Professor Messer" -Integer data types • Contains whole numbers (not fractions or decimals) • 42 can be stored as an integer data type with the variable x • x=42 • Can perform mathematical calculations that can be used in the script -Floating point data types • Contains numbers with decimal points • The variable pi is a floating point data type that contains the number 3.14

xml file

.xml

Z compressed File

.z

Zip compressed file

.zip

Which of the following commands in Windows Command Prompt changes the current directory to the root directory?

cd \

chown

change ownership in linux

chmod

change permission modifiers in linux

chgrp

changes the group in linux

format D: /v: E

changes the name of drive D to drive E

Bitmap Image

.bmp

hash

A number generated by an algorithm from a text string.

secpol.msc

Local Security Policy snap in

Malware Removal steps: Step 4

Scan and remove infection

Security Log

This log holds the audit data for the system

Laser printer process step 7. excess toner is removed from the drum

cleaning

sfc /scannow

runs a scan immediately

Which ipconfig parameter allows to view the physical address of a Network Interface Card (NIC)?

/all

What addition to the command line prompt copy will allow you to verify that new files are written correctly?

/v

What router tab allows you to access Firewall features?

Advanced

You must do this to existing MBR partitions before installing a UEFI enabled copy of Windows.

Delete

7

rwx

Hard drive security

-2019 study from Blancco and Ontrack on 159 storage drives from eBay •66 drives had data, 25 drives with Personal Identifiable Information •Some contained personal documents, video from a hospital monitoring system and more -Use 3rd party utilities if doing a regular format is not an option -File level overwriting •Sdelete - Windows Sysinternals -Whole drive wipe secure data removal • DBAN - Darik's Boot and Nuke -Physical drive destruction • One-off or industrial removal and destroy

Operating system technologies

-32-bit vs. 64-bit • Processor specific -32-bit processors can store 2³² = 4,294,967,296 values -64-bit processors can store 2⁶⁴ = 18,446,744,073,709,551,616 values • 4 GB vs. 17 billion GB • The OS has a maximum supported value -Hardware drivers are also specific to the installed OS version (32-bit or 64-bit) • 32-bit (x86), 64-bit (x64) -32-bit OS cannot run 64-bit apps • But 64-bit OS can run 32-bit apps -Location of programs in a Windows 64-bit OS • 32-bit apps: \Program Files (x86) • 64-bit apps: \Program Files

Operating system technologies

-32-bit vs. 64-bit • Processor specific -32-bit processors can store 2³² = 4,294,967,296 values -64-bit processors can store 2⁶⁴ = 18,446,744,073,709,551,616 values • 4 GB vs. 17 billion GB • The OS has a maximum supported value -Hardware drivers are specific to the OS version (32-bit / 64-bit) • 32-bit (x86), 64-bit (x64) -32-bit OS cannot run 64-bit apps • But 64-bit OS can run 32-bit apps -Apps in a 64-bit Windows OS • 32-bit apps: \Program Files (x86) • 64-bit apps: \Program Files

Windows 8/8.1 Core

-A basic version for the home user • available in x86 and x64 versions -Integrates a microsoft account into the OS • Ability to log into your computer and all of your services -Includes Windows Defender • An integrated anti-virus and anti-malware -Supports the following: • Windows Media Player -Does not support: • Cannot join a domain • EFS (Encrypting File System) • Bitlocker • AppLocker • BranchCache -x86 version supports 4gb RAM -x64 version supports 128gb RAM

Slow data speeds (Troubleshooting Mobile Device Security)

-A malicious application can cause the data network to go slow • Causes unusual network activity • Unintended WiFi connections • Data transmissions can go over the limit -Check your network connection • Run a WiFi analyzer • Make sure you are on a trusted WiFi network -Check network speed with a 3rd party app • Run a speed check / cell tower analyzer -Examine running apps for unusual activity • Such as large file transfers or constant network activity

Crypto-malware

-A new generation of ransomware • Your data is unavailable until you pay for the decryption key -Malware encrypts your data files • Pictures, documents, music, movies, etc. • Malware cannot be simply removed • Your OS remains available • They want you running, but not working • All personal data has been encrypted by the bad guys -You must pay the bad guys to obtain the decryption key • This encryption is powerful and cannot be brute forced • Ransom is charged through an untraceable payment system • An unfortunate use of public-key cryptography -Make sure you have an offline backup of your files in case you are infected

Computer Management

-A pre-built Microsoft Management Console • A predefined mix of plugins • Control Panel / Administrative Tools - To create your own Microsoft Management Console, you can do the following: • Go to "C:\Windows\System32" and click on "mmc.exe" • Click on Start and search for mmc.exe • cmd prompt and type in mmc.exe • You can add or remove snap-ins as needed -A handy starting point • Events • User accounts • Storage management • Services • And more!

Inventory management (Documentation Best Practices)

-A record of every asset • Routers, switches, cables, fiber modules, etc. -Required for financial records, audits, depreciation • information such as make/model, configuration, purchase date, etc. -Tag the asset once added to the database • Barcode, RFID, visible tracking number • Tagging an asset can help track the device no matter where it happens to go

HomeGroup Applet

-A way to easily share information • Windows 7 / Windows 8 • No HomeGroup options on Windows 10 • Documents, pictures, music, video -A network for the home • Must be set to "Home" in Windows -Enable HomeGroup • A single password is created for everyone to use

Storage spaces

-A windows feature -Storage primarily designed for data centers, cloud infrastructures to easily add storage space • Multiple tiers of available spaces • Different types of administrative control that can be assigned to those spaces -Storage pool • A group of storage drives • Can combine different storage devices into a single pool • Easy to add or remove space in the pool -Storage space • Virtual disks are allocated from available space in the pool • Can specify if its a standalone, mirrored, or striped virtual disk • Includes options for mirroring and parity • Hot spare available as a replacement drive

Cannot broadcast to monitor (Troubleshooting Mobile Apps)

-Ability to broadcast to a TV • Apple TV, Xbox, Playstation, Chromecast, etc. -Check the app requirements • Every broadcast device is different -All devices must be on the same wireless network • Can't mix your private and guest network -Signal strength is important • Between the phone and television • Between the television and the Internet

Domain Services

-Active Directory Domain Services • Large database of your network • Contains info. on users, computers, and the systems they connect to. -Distributed architecture • Many servers • Not suitable for home use -Everything documented/managed in one place • User accounts, servers, volumes, printers -Many different uses • Authentication • Centralized management

Domain Services

-Active Directory Domain Services • Large database of your network • Contains info. on users, computers, and the systems they connect to. -Distributed architecture • Many servers • Not suitable for home use -Everything documented/managed in one place • User accounts, servers, volumes, printers -Many different uses such as authentication • Can be managed from a centralized location

Shared files and folders

-Administrative shares • These shares are created automatically by the OS during installation process • Most of these shares are hidden from view (i.e., C$) • Local shares are created by users • Any share with a $ sign at the end of it is automatically hidden by the OS -System files and folders • C$ - \ • ADMIN$ - \Windows • PRINT$ - Printers folder -To view the shares available on the system: • Go to Computer Management > Shared Folders > Share • Or go to the cmd prompt and type in "net share"

Run as administrator

-Administrators have special rights and permissions • Editing system files, installing services -Uses the rights and permissions of the administrator • You don't get these by default, even if you're in the Administrators group -To Run as Administrator: • Right-click the application • Run as administrator (Or Ctrl-Shift-Enter)

Default usernames and passwords (Securing SOHO Network)

-All access points have default usernames and passwords • Change yours ASAP! -The right credentials provide full control • Administrator access -Very easy to find the defaults for your WAP or router • http://www.routerpasswords.com

Patching/OS updates (Mobile Devices)

-All devices need updates - Even mobile devices -Device patches •Security updates need to be up-to-date to close any vulnerabilities -Operating system updates •Can contain new features or fix any bugs -Don't get behind! •Updates are done automatically to avoid security problems

Wireless encryption (Securing SOHO Network)

-All wireless computers are radio transmitters and receivers • Anyone can listen in -Solution: Encrypt the data • Everyone gets the password -Only people with the password can transmit and listen • WPA2 encryption

Windows Firewall with Advanced Security

-Allows for a more detailed control of inbound/outbound traffic -Can configure: • Inbound rules • Outbound rules • Connection security rules -Can also configure granular rules to specify: • Program • Port number • Predefined services • Custom Variables -Custom variables can include options for the rule such as: • Program • Protocol/Port • Scope • Action • Profile

Scripting and automation (Scripting)

-Allows you to automate tasks • You don't have to be there • Solve problems in your sleep • Monitor and resolve problems before they happen -The need for speed • The script is as fast as the computer • No typing or delays • No human error -Automate mundane tasks • You can do something more productive with your time

Driver/firmware updates for Mac OS

-Almost invisible in Mac OS X • Designed to be that way -Can get hardware Information by looking in the hardware section in System Information • Detailed hardware list broken down by category -View/Read only mode • No changes can be made to the settings • This is by design

Backup / restore

-Always have a backup to recover from a malware infection • This is the best insurance policy ever -Image backup built into Windows • In Windows 8/10 it's called Backup and Restore (Windows 7) • In Windows 7 it's called Backup and Restore -This is the only way to be 100% sure that malware has been removed • Seriously. Cleaning isn't 100%.

Maintain positive attitude (Professionalism)

-Always have a positive tone of voice • Partner with your customer • Project confidence -Problems can't always be fixed • Do your best • Provide helpful options -Your attitude has a direct impact on the overall customer experience

Rainbow tables

-An optimized, pre-built set of hashes • Doesn't need to contain every hash • The calculations have already been done -Remarkable speed increase • Especially with longer password lengths -Need different tables for different hashing methods • Windows passwords are stored differently than MySQL passwords • Different applications store passwords in different ways -Rainbow tables won't work with salted hashes • A salted hash adds an additional random value to the original hash

Anti-virus and anti-malware (Logical Security)

-Anti-malware software runs on the computer • Each device manages its own protection -Updates must be completed on all devices • This becomes a scaling issue -Large organizations need enterprise management • Track updates, push updates, confirm updates, manage engine updates -Mobile devices adds to the challenge • Need additional management

PII - Personally identifiable information (Privacy, Licensing, and Policies)

-Any data that can identify an individual • Part of a company privacy policy - How will PII be handled? -Not everyone realizes the importance of this data • It becomes a "normal" part of the day • It can be easy to forget its importance -Example of a breach - July 2015 • U.S. Office of Personnel Management (OPM) • Personal identifiable information was compromised • Compromised information contained Personnel file information; name, SSN, date of birth, job assignments, etc. • Approximately 21.5 million people were affected

Anti-virus and Anti-malware (Mobile Devices)

-Apple iOS • Closed environment, tightly regulated OS • Malware has to find a vulnerability -Android • More open, apps can be installed from anywhere • Easier for malware to find its way in -Apps on mobile devices run in a "sandbox" • You can control what data an app can view

User authentication

-Authentication • Prove you are the valid account holder • Username / Password • Perhaps additional credentials are required -Single sign-on (SSO) • Built into the Windows Domain • Provide credentials one time (No additional pop-ups or interruptions) • Managed through Kerberos

Social engineering principles

-Authority • The social engineer is in charge • Social engineer might say they are calling from the help desk/office of the CEO/police -Intimidation • There will be bad things if you don't help • Social engineer might save "If you don't help me, the payroll checks won't be processed" -Consensus / Social proof • Convince based on what's normally expected • Social engineer might say "Your co-worker Jill did this for me last week" -Scarcity • The situation will not be this way for long • Social engineer might say "the changes need to be made before the time expires" -Urgency • Works alongside scarcity • Social engineer wants you to act quickly without thinking or verify the information -Familiarity / Liking • Someone you know, we have common friends • Social engineer might say "i'm a friend of yours or a friend of a friend" -Trust • Someone who is safe • Social engineer might say "I'm from IT, and I'm here to help"

Time Machine backups (Mac OS Tools)

-Automatically does backups and easy to use • Familiar Finder UI -Dates along the right side to locate the correct date • Files in the middle -Mac OS takes snapshots if the Time Machine storage isn't available • You can restore from the snapshot

Network locations in Windows 7

-Automatically sets security levels • You don't even have to remember to set the level -Home • The network is trusted -Work • You can see other devices, but can't join a HomeGroup -Public (most restrictive) • Airport, coffee shop • You are invisible

Knowledge base and articles (Documentation Best Practices)

-Available from external sources • Manufacturer knowledge base (e.g. Microsoft, Cisco, etc...) • Internet communities such as forums -Internal documentation • Institutional knowledge • Usually part of help desk software -Helps find the solution quickly • Contains a searchable archive • It can automatically search with keywords placed in the helpdesk ticket

Windows 8/8.1 Enterprise

-Available to "Software Assurance" customers • Large volume licenses -Supports enterprise features • AppLocker • Windows To Go • DirectAccess • BranchCache • EFS • Bitlocker • Can join Windows domain -Available in 32-bit (Max 4 GB RAM) and 64-bit (Max 512 GB RAM)

Windows 8/8.1 Enterprise

-Available to "Software Assurance" customers • Large volume licenses -Supports enterprise features such as: • Joining a windows domain • AppLocker • Windows To Go • DirectAccess • BranchCache • EFS (Encrypting File System) • Bitlocker -x86 version supports 4gb RAM -x64 version supports 512gb RAM

Avoid jargon (Communication)

-Avoid abbreviations and TLAs • Three Letter Acronyms -Avoid acronyms and slang • Be the translator for others -Communicate in terms that everyone can understand • Normal conversation puts everyone at ease • Decisions are based on what you say -Abbreviations, acronyms, and slang are the easiest problems to avoid

Services

-Background process • No user interaction • File indexing, anti-virus, network browsing, etc. -Useful when troubleshooting the startup process • Many services startup automatically -Command-line control • net start, net stop -Services is located in Control Panel under Administrative Tools • Type in "services.msc" through search or cmd prompt

Handling toxic waste (Safety Procedures)

-Batteries from Uninterruptible Power Supplies • Needs to be disposed of at your local hazardous waste facility -CRTs • Cathode ray tubes - there's a few of those left • Glass contains lead • Dispose at your local hazardous waste facility -Toner Cartridges • Can be recycled and reused • Many printer manufacturers provide a return box • Some office supply companies will provide a discount for each cartridge

Browser security alerts (Troubleshooting Security Issues)

-Be aware of security alerts and invalid certificates • Something isn't quite right • Should raise your interest -Look at the certificate details • Click the lock icon for more information • May be expired or the wrong domain name • The certificate may not be properly signed (untrusted certificate authority)

File systems

-Before data can be written to the partition, it must be formatted -Operating systems expect data to be written in a particular format • FAT32 and NTFS is popular -Many operating systems can read (and perhaps write) multiple file system types • FAT, FAT32, NTFS, exFAT, etc.

File systems

-Before data can be written to the partition, it must be formatted -Operating systems expect data to be written in a particular format • FAT32 and NTFS is popular -Many operating systems can read (and perhaps write) multiple file system types • FAT, FAT32, NTFS, exFAT, etc.

Local Security Policy

-Big companies have big security policies • Managed through Active Directory Group Policies • Affects many computers at once -Stand-alone computers aren't managed through AD • Local policies are managed by Local Security Policy -Not available in Home editions • Available in Pro, Ultimate, & Enterprise editions -Local Security Policy is located at: • C:\Windows\system32 and click on secpol.msc • Click on Start and search for secpol.msc or local security policy • cmd prompt and type in secpol.msc

Local Security Policy

-Big companies have big security policies • Managed through Active Directory Group Policies • Affects many computers at once -Stand-alone computers aren't managed through AD • Local policies are managed by Local Security Policy -Not available in Home editions • Available in Professional / Pro, Ultimate, Enterprise -Local Security Policy is located at: • C:\Windows\system32 and click on secpol.msc • Click on Start and search for secpol.msc or local security policy • cmd prompt and type in secpol.msc

Biometrics (Physical Security)

-Biometric authentication • Fingerprint, iris, voiceprint -Usually stores a mathematical representation of your biometric • Your actual fingerprint isn't usually saved -Difficult to change • You can change your password • You can't change your fingerprint -Used in very specific situations • Not foolproof

Avoid interrupting (Communication)

-But I know the answer! Why do we interrupt? • We want to solve problems quickly • We want to show how smart we are • Can be considered rude -Actively listen, take notes • Build a relationship with the customer (they'll need help again someday) • Don't miss a key piece of information • Especially useful over the phone when you are not able to physical see the user -This skill takes time to perfect • The better you are, the more time you'll save later

BranchCache

-Caching for branch offices • Without additional hardware or external services -Conserves bandwidth over slower links • Seamless to the end-user • Same protocols • Same network connection • Same authentication methods -Activates when round-trip latency exceeds 80 milliseconds

BranchCache

-Caching for branch offices • Without additional hardware or external services -Conserves bandwidth over slower links • Seamless to the end-user • Same protocols • Same network connection • Same authentication methods -Activates when round-trip latency exceeds 80 milliseconds

Folder Options / File Explorer Options Applet

-Can Manage Windows Explorer • Many options -General Tab • Can change how folders open in each Window • How folders expand • Can set privacy settings -View Tab • Advanced settings for files and folders (can view hidden files, can hide extensions, etc..) -Search Tab • Can configure how the search Index is used when searching for files • Search Options when searching for files • Options when searching non-indexed areas

Creating a firewall exception

-Can allow an app or feature through Windows Firewall • The more secure exception -Can allow or disallow via the Port number • Block or allow - Very broad -Can create predefined exceptions • List of common exceptions -Custom rule can be combined to create a detailed rule • Every firewall option -To view/create custom rules, click on "advance settings" under Windows Firewall

Terminal (Linux tools)

-Command line access to the operating system • Common to manage in Linux -OS maintenance • Can run scripts and manage files • Can configure OS and application settings

Scheduled backups (Linux)

-Can be scheduled by either command line and/or graphical interface • a number of these utilities are built into the distributions -tar (commonly used) • Stands for "Tape Archive" • Easy to script into a backup schedule from cmd line • Can backup or restore from tar utility -rsync • Stands for "Remote Sync" • Sync files between storage devices • Instant synchronization or scheduled

Performance Monitor

-Can gather long-term statistics • Located in the Control Panel under Administrative Tools -Provides OS metrics - Disk, memory, CPU, etc. -Can set an alert and automated actions - can monitor and act •Counters are added to monitor metrics -Can store statistics to analyze any long-term trends -Built-in reports allows you to create detailed reports from the data -To bring up Performance Monitor: • Go to "C:\Windows\system32" and click on perfmon.msc • Click on Start and search for perfmon.msc • cmd prompt and type in perfmon.msc

Network shares

-Can make a folder available across the network • "Share" with others, view in Windows Explorer -Assign (map) a drive letter to a share • can set to reconnect automatically -Shares ending with a dollar sign ($) are "hidden" • Not a security feature -Located in Control Panel / Administrative Tools / Computer Management to view shared folders

VPN connections

-Can use the built-in VPN client • Included with Windows -Can Integrate a smart card • Multi-factor authentication • Something you know (password) • Something you have (smartcard) • Something you are (fingerprint reader) -Connect from the network status icon once the VPN connection is created • Will need to click and provide credentials

Processes Tab

-Can view all running processes • Interactive and system tray apps • View services and processes from other accounts -Manage the view • Can move columns, add metrics -Later versions combine all apps, processes, and services into a single tab • Easy to view and sort

ps (Linux Command)

-Can view the current processes • And the process ID (PID) • Similar to the Windows Task Manager -View current user processes • "ps" command -View all processes • "ps -e | more" command

Event Viewer

-Central event consolidation • What happened? -Broken down into different categories • Application • Security • Setup • System -Then each one is broken down into a different priority such as: • Information • Warning • Error • Critical • Successful Audit • Failure Audit -Can obtain detailed information when troubleshooting an application or OS

Active Directory (Logical Security)

-Centralized management • Windows Domain Services • Limit and control access -Run login scripts • Can map network drives • Can update security software signatures • Can update application software -Run Group Policy/Updates • Set specific pre-define policies • Set the password complexity • Contain login restrictions -Separated Organizational Units (OU's) • Active Directory can be structured to real world departments • Can be based on the company (locations, departments) -Can set a Home Folder • Assign a network share as the user's home • e.g. \\server1\users\professormesser -Can set group policy to assign Folder redirection • Instead of a local folder, redirect to the server • Store the Documents folder on \\server1 • Access files from anywhere

Credential Manager Applet

-Centralized management of web and Windows credentials • Each site can have a different username and password -Can add additional Windows credentials • Such as Certificates

System updates / App store in Mac OS

-Centralized updates - For both OS and apps in one utility -App Store application - The "Updates" option -Automatic updates • Can also be set to manual install -Patch management - Install and view previous updates

Password best practices

-Change any default usernames/passwords • All new devices have defaults • There are many web sites that document these -BIOS/UEFI passwords • Supervisor/Administrator password: Prevent BIOS changes • User password: Prevent booting -Requiring passwords • Always require passwords • No blank passwords or automated logins

Change management

-Change control • A formal process for managing change such as application upgrades, security patches, updates to a switch configuration, etc... • This is to avoid downtime, confusion, and/or mistakes -Nothing changes without the process • Determine the scope of the change • Analyze the risk associated with the change • Create a plan • Get end-user approval • Present the proposal to the change control board • Have a backout plan (plan b) if the change doesn't work • Document the changes

chmod (Linux Command)

-Change mode of a file system object • r=read, w=write, x=execute • Can also use octal notation • Set for the file owner (u), the group(g), others(o), or all(a) -chmod mode FILE • > chmod 744 script.sh • The above chmod gives the following permissions "User:rwx", "Group:r--", "Others:r--" -chmod 744 first.txt • User gets read, write execute • Group gets read only • Other gets read only -chmod a-w first.txt • All users, no writing to first.txt • Sets all users permissions with the no writing to text file "first.txt" -chmod u+x script.sh • The owner of script.sh can execute the file • Sets the owner with execute permission to the "script.sh" file

Before the installation

-Check minimum OS requirements • Memory, disk space, etc. • And the recommended requirements -Run a hardware compatibility check • Runs when you perform an upgrade • Run manually from the Windows setup screen • Windows 10 Upgrade Checker -Plan for installation questions • Drive/partition configuration, license keys, etc. -Application compatibility - Check with the app developer

Dust and debris (Environmental Impacts)

-Cleaning outside of device (computer/printer) • Use neutral detergents • No ammonia-based cleaning liquids • Avoid isopropyl alcohol -Vacuum • Use a "computer" vacuum (maintain ventilation) -Use a compressed air pump (environmental friendly) • Try not to use compressed air in a can

Licensing / EULA (Privacy, Licensing, and Policies)

-Closed source / Commercial • Source code is private • End user gets compiled executable -Free and Open Source (FOSS) • Source code is freely available • End user can compile their own executable -End User Licensing Agreement • Determines how the software can be used -Digital Rights Management (DRM) • Used to manage the use of software

Trust/untrusted software sources (Logical Security)

-Consider the source • May not have access to the source code • Even then, may not have the time to audit (do you trust the person providing the software?) -Trusted sources • Internal applications (In-House developers) • Well-known publishers • Digitally-signed applications -Untrusted sources • Applications from third-party sites • Links from an email • Pop-up/drive-by downloads when visiting a website

Locator applications and remote wipe (Mobile Devices)

-Contains built-in GPS • And location "helpers" • 802.11 can be used to triangulate location -Can assist with finding phone on a map -Have control from afar • Can make a sound • Can display a message -Can send command to wipe everything if you are not able to gain access to the phone • This is done to protect your data

Risk analysis (Change Management)

-Determine the risk value of a change • i.e., high, medium, low -The risks can be minor or far-reaching • The "fix" didn't actually fix anything • The fix ends up breaking something else • Operating system failure • Data corruption -What's the risk with NOT making the change? • Are systems are open to security vulnerabilities? • Will applications become unavailable? • Or unexpected downtime to other services

tracert

-Determines the route a packet takes to a destination • Maps the entire path -Takes advantage of ICMP Time to Live Exceeded message • The time in TTL refers to hops, not seconds or minutes • TTL=1 is the first router, TTL=2 is the second router, etc. -Not all devices will reply with ICMP Time Exceeded • Some firewalls filter ICMP • ICMP is low-priority for many devices

The password file

-Different across operating systems • All contain different hash methods • One-way cryptographic process e.g. Jumper Bay: 1001::42e2f19c31c9ff73cb97eb1b26c10f54::: Carter: 1007::cf4eb977a6859c76efd21f5094ecf77d::: Jackson: 1008::e1f757d9cdc06690509e04b5446317d2::: O'Neill: 1009::78a8c423faedd2f002c6aef69a0ac1af::: Teal 'c: 1010::bf84666c81974686e50d300bc36aea01:::

Users and Groups

-Different levels of user accounts are built into the Windows OS -Users • Administrator (The Windows super-user) • Guest (Limited access) (Disabled by default) • Standard Users (majority of users who will be logging into Windows) -Windows OS also contains different groups • Administrator, Power Users, Users, etc... • Adding a Standard User into the Power Users Group will not give that much more control than a regular user

Remote Backup (Mobile Devices)

-Difficult to backup something that's always moving • Do a backup to the cloud -Constant backup - No manual process -You can backup without wires by using the existing network • Either through the service provider or through 802.11 network -Can restore with one click on the new phone • Restores everything • Authenticate and wait

dxdiag.exe

-DirectX Diagnostic Tool • Manage your DirectX installation • It is an application programming interface used by developers to create applications that requires multimedia or graphics within Windows -Multimedia API Overview for: • System • Display (3D graphics) • Audio • Input options -Also makes a very nice generic diagnostic tool when having issues with graphics or sound • Not just for testing DirectX - Located under C:\Windows\System32 • Can also open through the cmd line or Run cmd

Scheduled disk maintenance in Mac OS

-Disk Utility - Disk maintenance •Rarely needed - No ongoing maintenance • Use as needed -Other Functions: • First Aid • Partition a new drive • Erase a drive • Restore a drive • Unmount a drive -Use the "First Aid" function if having disk problems • Similar to Windows Check Disk • Will examine the drive • Checks all permissions are set properly

defrag.exe

-Disk defragmentation • Moves file fragments so they are contiguous (so that they can be stored next to each other) • Improves read and write time on spinning hard drives -Not necessary for solid state drives • Windows won't defrag an SSD • Option will not be available -Graphical version in the drive properties -Requires elevated permissions at the command line to run • defrag <volume> • defrag C: - Located under C:\Windows\System32 • Can also open through the cmd line or Run cmd • Graphical version in the drive properties

defrag.exe

-Disk defragmentation • Moves file fragments so they are contiguous (so that they can be stored next to each other) • Improves read and write time on spinning hard drives -Not necessary for solid state drives • Windows won't defrag an SSD • Option will not be available -Graphical version in the drive properties -Requires elevated permissions at the command line to run • defrag <volume> • defrag C: - Located under C:\Windows\System32 • Can also run through the cmd line or run cmd • Graphical version in the drive properties

Windows post-installation

-Does it work? • If it doesn't boot, there are bigger problems • Some testing is useful for unknown hardware configurations -Additional installations include: • Service packs • Security patches • Security applications • Driver updates • Application updates

Be on time and avoid distractions (Professionalism)

-Don't allow interruptions • No personal calls, no texting, no Twitter • Don't talk to co-workers -Apologize for delays and unintended distractions -Create an environment for conversation -In person • Be open and inviting • Candy bowl can be magical -On the phone • Quiet background, clear audio • Stay off the speakerphone

SSH (Secure Shell) (Remote Access Technologies)

-Encrypted console communication - tcp/22 • Exactly like telnet -Looks and acts the same as Telnet - tcp/23

Signal drop / weak signal (Troubleshooting Mobile Device Security)

-Drops and weak signals prevent traffic flow • Location is everything -Make sure you're connecting to a trusted WiFi network • Use a VPN if you are not • Never trust a public WiFi Hotspot • Tether with your own device (Hotspot) -Run a speed test if you are unsure you have good connection • Run a cell tower analyzer and test

Boot Camp (Mac OS Features)

-Dual-boot into Windows on Mac hardware -Requires Apple device drivers • Run Windows on Apple's Intel CPU architecture -Everything is managed through the Boot Camp Assistant • Builds a Boot Camp partition • Installs Windows OS and drivers

Change board and approvals (Change Management)

-Either "Go or no go" • Lots of discussion takes place -All important parts of the organization are represented • Potential changes can affect the entire company -Some changes have priority • The change board makes the schedule • Some changes happen quickly • Some take time -This is the last step • The actual work comes next

Protection from airborne particles (Environmental Impacts)

-Enclosures • Protect computers on a manufacturing floor • Protect from dust, oil, smoke -Air filters and masks to protect yourself • Protect against airborne particles • Dust in computer cases, laser printer toner

Mantraps (Physical Security)

-Entry for one at a time and in controlled groups • Manage control through an area -All doors are normally unlocked • Opening one door causes others to lock -All doors normally locked • Unlocking one door prevents others from being unlocked -One door is open / the other is locked • When one is open, the other cannot be unlocked

Local government regulations (Environmental Impacts)

-Environmental regulations requirements • May have very specific controls -The obvious requirements • Hazardous waste • Batteries • Computer components -The not-as-obvious requirements • Paper disposal

Wired connections

-Ethernet cable • Direct connection -Fastest connection is the default determined by Windows • Ethernet, Wireless, WWAN -Alternate configurations when DHCP isn't available in Windows • Located in "Local Area Connection Properties" window > TCP/IPv4 Properties > Alternate Configuration tab

GDPR - General Data Protection Regulation (Privacy, Licensing, and Policies)

-European Union regulation • Data protection and privacy for individuals in the EU • Protects name, address, photo, email address, bank details, posts on social networking websites, medical information, a computer's IP address, etc. -Controls export of personal data by the user • Users can decide where their data goes -Gives individuals control of their personal data • A right to be forgotten (User can have all information deleted) -Located on the site's privacy policy • Shows all details of the privacy rights for a user

Devices and Printers Applet

-Everything on the network • Desktops, laptops, printers, multimedia devices, storage -Quick and easy access • Much less complex than Device Manager • Can right mouse click and view Properties and make device configurations

Explicit and inherited permissions

-Explicit permissions • Sets default permissions for a share • Setting manual permissions makes it explicit -Inherited permissions • Propagated from the parent object to the child object • Set a permission once so that it applies to everything underneath -Explicit permissions take precedence over inherited permissions • Even inherits deny permissions • Parent object can have deny permissions but can set allow permissions to a child object of the parent object (Explicit permissions)

Mounting drives

-Extend available storage space • Mount a separate storage device as a folder -Mount in an empty folder • Instant storage space • Seamless to the user -Configuration done in Disk Management: • Right click on the new drive • Change drive letter and paths • Select "mount" option and browse to the location

Installing applications

-Extend the functionality of your operating system • Specialized applications extend system functionality such as word processing, spreadsheets, graphics capabilities, etc... -Available everywhere • Find the application you need • Install on your operating system -Not every computer can run every application • Some simple checks can help manage your desktop

Secure DNS services

-External/Hosted DNS service • Provides additional security services -Real-time domain blocking • Sites containing malware are not resolvable -Blocks harmful websites • Phishing sites, parked domains -Runs on a secure platform •Avoids poisoning attacks to the DNS cache

Safe Mode - Windows 10 (Troubleshooting Solutions)

-F8 probably won't work • Windows Fast Startup in Windows 8/8.1 and 10 prevents a complete shutdown -From the Windows desktop • Hold down shift when clicking Restart • Or choose Settings > Update & Security > Recovery > Advanced startup > Restart now • This configuration can also be enabled in System Configuration (msconfig) -If you dont have access to the desktop, Interrupt normal boot three times so the system can present the boot option screen

Spotlight (Mac OS Features)

-Find files, apps, images, etc. • Similar to Windows search -Magnifying glass in upper right • Or press Command-Space -Type anything in - See what you find -Define search categories in System Preferences / Spotlight • Enable/disable categories • Can change the order of categories • Can enable/disable categories

Check Disk (chkdsk) command

-Fixes logical file system errors on the disk • chkdsk /f -Locates bad sectors and recovers readable information • chkdsk /r • Implies /f -If volume is locked, run during startup

Local user permissions for application installs

-Folder/file access will be required • Installation programs will be copying a lot of files -The user needs permission to write application files to the storage drive • This may not be the default in an office -May need to run as Administrator • Some applications will install additional drivers or services • Be careful when allowing this level of access!

Denial of service

-Forces a service to fail • Caused by overloading the service -Takes advantage of a design failure or vulnerability • Keep your systems patched! -Causes a system to be unavailable • An attack to give a competitive advantage -Can create a smokescreen for some other exploit • A precursor to a DNS spoofing attack -Doesn't have to be complicated • Simply turning off the power can be considered a denial of service

Linux History

-Free Unix-compatible software system • Unix-like, but not Unix -Many (many) different distributions • Such as Ubuntu, Debian, Red Hat / Fedora -Advantages • Cost. Free! • Works on wide variety of hardware • Has a Passionate and active user community -Disadvantages • Limited driver support, especially with laptops • Limited support options

Linux history

-Free Unix-compatible software system • Unix-like, but not Unix -Many (many) different distributions • Ubuntu, Debian, Red Hat / Fedora -Advantages • Cost. Free! • Works on wide variety of hardware • Passionate and active user community -Disadvantages • Limited driver support, especially with laptops • Limited support options

BitLocker

-Full Disk Encryption • The operating system and all files -A TPM is recommended on the motherboard • Trusted Platform Module • Use a flash drive or password if there's no TPM -Runs Seamlessly • Works in the background • You never know it's there • Used for laptops or mobile devices

Data encryption

-Full-disk encryption • Encrypts the entire drive -File system encryption (EFS) • Individual files and folders -Encrypt removable media • Protect those USB flash drives -Key backups are critical • You always need to have a copy • This may be integrated into Active Directory • You'll want to keep the key handy

GPT partition style

-GPT (GUID Partition Table) • Globally Unique Identifier • The latest partition format standard -Requires a UEFI BIOS • Can have up to 128 primary partitions • No need for extended partitions or logical drives

Performance Monitor

-Gather long-term statistics • Located in the Control Panel under Administrative Tools -Provides OS metrics - Disk, memory, CPU, etc. -Can set an alert and automated actions -Monitor and act •Counters are added to monitor metrics -Store statistics to analyze any long-term trends -Built-in reports allows you to create detailed reports from the data -To bring up Performance Monitor: • Go to "C:\Windows\system32" and click on perfmon.msc • Click on Start and search for perfmon.msc • cmd prompt and type in perfmon.msc

Internet Options Applet

-General Tab • Basic display • Shows options for browser such as home page, how the browser starts up, and change the display of the tabs -Security Tab • Contains zones where security levels are set (Internet, Local Intranet, Trusted Sites, Restricted Sites) • Different security levels for each zone (Between High and Low) -Privacy Tab • Can control settings for cookies, pop-up blocker, InPrivate browsing -Content Tab • Can view information on encryption and identification certificates • Can view auto-complete information -Connections Tab • Can configure VPN, proxy settings, and LAN settings -Programs Tab • Can manage how the browser opens links • Can set default browser • Manage add-ons, plugins, etc. -Advanced Tab • Detailed configuration options for the browser • Can reset all settings back to default

Google Android history

-Google Android • Open Handset Alliance • Open-source OS, based on Linux • Supported on many different manufacturer's devices -Android Apps • Apps are developed on Windows, Mac OS X, and Linux with the Android SDK • Apps are available from Google Play • Apps are also available from third-party sites (i.e., Amazon Appstore)

System requirements for application installs

-Hard Drive space • Initial installation space required • Application use space required • Some applications use a LOT of drive space after installation -RAM • This would be above and beyond the OS requirements • Very dependent on the application • Consider all of the other running applications -OS compatibility • Operating system (Windows, macOS, Linux) • Version of the OS

System requirements for application installs

-Hard Drive space • Initial installation space required • Space required for application use • Some applications use a LOT of drive space after installation -RAM • This would be above and beyond the OS requirements • Very dependent on the application • Consider all of the other running applications -OS compatibility • Operating system (Windows, Mac OS, Linux) • Version of the OS

Microsoft Windows history

-Has a major market presence -Has many different versions • Windows 10, Windows Server 2016 -Advantages • Large industry support • Broad selections of OS options • Wide variety of software support -Disadvantages • Large install base provides a big target for security exploitation • Large hardware support can create challenging integration exercises

Reboot (Troubleshooting Solutions)

-Have you tried turning it off and on again? • There's a reason it works -If a bug is in your router software • Reboot the router to return to a known good state -If an application is using too many resources • Stops the app -a memory leak slowly consumes all available RAM • Clears the RAM and starts again

Disk status

-Healthy • The volume is working normally -Healthy (At Risk) • The volume has experienced I/O errors • Drive may be failing -Initializing • Normal startup message for a new drive -Failed • Cannot be started automatically • The disk is damaged, or the file system is corrupted -Failed redundancy • A drive has failed in a RAID 1 or RAID 5 array -Resynching • Mirrored (RAID 1) volume is synching data between the drives -Regenerating • RAID 5 volume is recreating the data based on the parity data

Man-in-the-middle (MITM) attack

-How can a bad guy watch without you knowing? • This is a Man-in-the-middle attack -This attack is designed to get the attacker between the user and the other device • It redirects your traffic • Then passes it on to the destination • You never know your traffic was redirected -A common way to perform a MITM attack is through ARP poisoning • ARP has no security

TCP/IP host addresses

-IP Address - Unique identifier • Subnet mask - Identifies the subnet • Gateway - The route off the subnet to the rest of the world -DNS - Domain Name Services • Converts domain names to IP addresses -DHCP - Dynamic Host Configuration Protocol • Automates the IP address configuration • Addresses can be dynamic or static -Loopback address - 127.0.0.1 - It's always there!

User authentication (Logical Security)

-Identifier • Something unique • In Windows, every account has a Security Identifier (SID) -Credentials • This information is used to authenticate the user on their system • A password, smart card, PIN code, etc. -A profile is associated to the user once logged in • Stores information about the user • Contains name, contact information, group memberships, etc.

Pop-ups (Troubleshooting Security Issues)

-If Pop-ups appear in your browser • It may look like a legitimate application • Might be a malware infection -Update your browser • Use the latest version • Check pop-up block feature -Scan for malware • Consider a cleaning (Not a guarantee) • Rebuild from scratch or known good backup to guarantee removal

Starting the system (Troubleshooting Windows)

-If a device is not starting • Check Device Manager and Event Viewer • Often a bad driver • Remove or replace driver -If "One or more services failed to start" • Could be a bad/incorrect driver, bad hardware • Try starting the service manually in services.msc • Check account permissions • Confirm/Check service dependencies • Windows service; check system files • Application service; reinstall the application

Application crashes (Troubleshooting Windows)

-If application stops working • May provide an error message • May just disappear -Check the Event Log • Often includes useful reconnaissance -Check the Reliability Monitor • A history of application problems • Checks for resolutions -Reinstall the application • If reinstalling does not work, contact application support

Application crashes (Troubleshooting Security Issues)

-If application stops working • May provide an error message • May just disappear -Check the Event Log • Often includes useful reconnaissance -Check the Reliability Monitor • Application might have a history of problems • Check for resolutions -Reinstall the application • OR contact application support if problem persists

App issues (Troubleshooting Mobile Apps)

-If apps are not loading or performance is slow -Restart the phone - Hold power button, power off -Stop the app and restart • In iPhone: Double-tap home button, slide app up • In Android: Settings/Apps, select app, Force stop -Also update the app - Get the latest version

Slow boot (Troubleshooting Windows)

-If boot process hangs or takes longer than normal • No activity, no drive lights -Manage the startup apps • Control what loads during the boot process -Check Task Manager • under Startup tab • Startup impact, Right-click / Disable -Or Disable everything • And load them back one at a time

Wireless connectivity (Troubleshooting Mobile Apps)

-If getting Intermittent connectivity • Move closer to access point • Try a different access point -If not getting any wireless connectivity • Check/Enable WiFi on the system • Check security key configuration • Hard reset can restart wireless subsystem -IF no Bluetooth connectivity • Check/Enable Bluetooth • Check/Pair Bluetooth components • Hard reset to restart Bluetooth subsystem

Startup Repair (Troubleshooting Windows)

-If missing NTLDR • The main Windows boot loader is missing • Run Startup Repair or replace manually and reboot • Disconnect removable media -If missing operating system • Boot Configuration Data (BCD) may be incorrect • Run Startup Repair or manually configure BCD store -If booting into Safe Mode • Windows is not starting normally • Run Startup Repair

No sound from speakers (Troubleshooting Mobile Apps)

-If no sound from a particular app • Check volume settings - Both app and phone settings • Possible bad software > delete and reload • Try headphones to test if its the device speakers or there is no audio at all -Sound starts but then stops • Might have dueling apps / keep on app in foreground -No speaker sound from any app (no alarm, no music, no audio) • Load latest software device software • Or perform factory reset

System lock up (Troubleshooting Security Issues)

-If system completely stops • Check Caps Lock and Num Lock indicator lights for a status to verify if the system is responding -May still be able to terminate bad apps once you are logged in • In Windows and Linux Task Manager (Ctrl-Alt-Del / Task Manager) • In Mac OS X Force Quit (Command-Option-Esc) -Check system logs when restarting • May have some clues about what's happening -May be a security issue • Perform a virus/malware scan -Perform a hardware diagnostic • System issues can be a factor

Inaccurate touch screen response (Troubleshooting Mobile Apps)

-If the screen responds incorrectly or is unresponsive -Close some apps - Low memory can cause resource contention -Restart the device • Perform a soft reset, unless a hard reset is required -May require a hardware fix • Replace the digitizer / reseat cables

Non-responsive touchscreen (Troubleshooting Mobile Apps)

-If touchscreen completely black or touchscreen not responding to input • Buttons and screen presses do not register -Restart the Apple iOS device • Hold power button, slide to power off, press power button (soft reset) • Hold down power button and Home button for 10 seconds (hard reset) -Restart the Android device • Remove battery, put back in, power on • Hold down power and volume down until restart • Some phones have different key combinations • Some phones DO NOT HAVE a key-based reset

Leaked information (Troubleshooting Mobile Device Security)

-If unauthorized access was made to your device such as: • Unauthorized account access • Unauthorized root access • Leaked personal files and data -Determine cause of data breach • Find the source of the leak • Perform an app scan, run anti-malware scan -Perform a factory reset and clean install if the breach was done on the actual device • This is obviously a huge issue -Breach might've been done where the device stores it data (cloud). Check online data sources such as: • Apple iTunes/iCloud/Apple Configurator • Google Sync • Microsoft OneDrive -CHANGE PASSWORDS

Incident response: First response (Privacy, Licensing, and Policies)

-If you are the first to Identify the issue • You might have log information • You might've seen the incident in person • You might have monitoring data -Report the incident to the proper channels • Don't delay -Collect and protect information relating to an event • Many different data sources and protection mechanisms

Boot errors (Troubleshooting Windows)

-If you can't find operating system • Bootup shows the OS is missing -Or a Boot loader is replaced or changed • Due to multiple OSes installed -Check your boot drives • BIOS might be configured to boot from a DVD-rom or USB drive • Remove any media such as USB drives or check the DVD-Drive -Startup Repair utility included in Windows • Checks every step along the boot process • Identifies problems and corrects them -May need to perform manual configuration to modify the Windows Boot Configuration Database (BCD) from the command prompt • Formerly boot.ini • Recovery Console: "bootrec /rebuildbcd" will look for installed versions of windows. Gives the option to add to its list if any are found.

Short battery life (Troubleshooting Mobile Apps)

-If you get bad reception tends to decrease battery life • Device is always searching for signal • Acts as airplane mode on the ground -Disable unnecessary features • 802.11 wireless, Bluetooth, GPS -Check application battery usage • iPhone: Settings/General/Usage • Android: Settings/Battery -Might be an aging battery - There's only so many recharges

Backup strategies (Disaster Recovery)

-Image level backup • Incorporates everything in a server or device and creates a single image from all of that data • Can use a bare metal (server with no OS) and apply this image backup • Consists of volume snapshots or hypervisor snapshots (VM) of the operating system • Can recover the entire system at once • Image level backup allows you to make an exact duplicate of the server -File level backup • Only copies important files • Copies individual files to a backup • May not necessarily store all system files • May need to rebuild the OS and then perform a file restore

Is it legal to dive in a dumpster?

-In the United States, it's legal • Unless there's a local restriction -If it's in the trash, it's open season • Nobody owns it -If dumpsters are on private property or show "No Trespassing" signs then it may be restricted • You can't break the law to get to the rubbish -If you have questions? Talk to a legal professional.

Upgrade methods

-In-place upgrade • Upgrades the existing OS • Keeps all applications, documentations, and settings • Start the setup from inside the existing OS -Clean install • Wipes everything and reload • Backup your files • Start the setup by booting from the installation media

Firewall settings (Securing SOHO Network)

-Inbound traffic • Extensive filtering and firewall rules • Allow only required traffic • Configure port forwarding to map TCP/UDP ports to a device • Consider building a DMZ -Outbound traffic • Blacklist - Allow all traffic, stop only unwanted traffic • Whitelist - Block all traffic, only allow certain traffic types

Kill tasks (Troubleshooting Solutions)

-Instead of rebooting, find the problem • And kill it -Done in Task Manager under the Processes tab -Sort by resource - CPU, memory, disk, network -Right-click to end task • Trial and error

Browser redirection (Troubleshooting Security Issues)

-Instead of your Google result, your browser goes somewhere else • This should not ever happen -Malware is the most common cause • This makes money for the bad guys -Use an anti-malware/anti-virus cleaner • This is not the best option -OR Restore from a good known backup • The only way to guarantee removal

Windows (Defender) Firewall

-Integrated into the operating system -Located in Control Panel / Windows Firewall In Windows 7 & 8 -Located in Control Panel / Windows Defender Firewall in Windows 10 -Windows Firewall with Advanced Security • Click "Advanced settings" -Fundamental firewall rules (basic functionality) • Allows apps to send/receive traffic • Based on applications • No detailed control -No scope can be set • All traffic applies (inbound/outbound) -No connection security rules • Can't encrypt with IPsec tunnels

Surge suppressor specs (Environmental Impacts)

-Joule ratings • Surge absorption • 200=good, 400=better • Look for over 600 joules of protection -Surge amp ratings • Higher is better -UL 1449 voltage let-through ratings • Ratings at 500, 400, and 330 volts • Lower is better

4a. Remediate: Update anti-virus (Removing Malware)

-Keep signatures and engine updated • The engine - the guts of the machine • Signature updates - constantly updated -Automatic vs. manual • Manual updates are almost pointless since it updates automatically -Your malware may prevent the update process • Download from another computer and copy onto a removable drive to install into infected pc

Patch and update management

-Keep the OS and applications updated • Security and stability improvements -Built-in to the operating system for standalone systems (home systems) • Updates are deployed as available • Deployment may be managed internally by the organization -Many applications include their own updater • Check for updates when starting -Always stay up to date • Security vulnerabilities are exploited quickly

Controlling ESD (Managing Electrostatic Discharge)

-Keeping humidity over 60% helps control ESD • Won't prevent all possible ESD • Keeping an air conditioned room at 60% humidity isn't very practical and uncomfortable to work in -Use your hand to self-ground • Touch the exposed metal chassis before touching a component • Always unplug the power connection • Do not connect yourself to an electrical ground! -Try not to touch components directly • Card edges only • Do not touch any components of the card

Windows Update

-Keeps your OS up to date - Security patches, bug fixes -Can be configured to be installed automatically - Updates are always installed -Can be configured to download but wait for install - You control the time -Can be configured to check but not to download • Saves bandwidth -Can be configured to never check - Don't do this -Windows 10 has the option to schedule a restart after updates are completed.

Distributed Denial of Service (DDoS)

-Launches an army of computers to bring down a service • Uses all the bandwidth or resources - causes a traffic spike -This is why the bad guys have botnets • Thousands or millions of computers at your command • At its peak, Zeus botnet infected over 3.6 million PCs • Attacks are coordinated -The attackers are zombies • Many people have no idea they are participating in a botnet • Users might not know they are running malware on their computer

Storage types

-Layered on top of the partition and file system • A Windows thing -Basic disk storage • Available in DOS and Windows versions • Primary/extended partitions, logical drives • Basic disk partitions can't span separate physical disks -Dynamic disk storage • Available in all modern Windows versions • Span multiple disks to create a large volume • Split data across physical disks (striping) • Duplicate data across physical disks (mirroring) • Not all Windows versions support all capabilities

Network adapter properties

-Link speed and duplex • Auto negotiation doesn't always negotiate • Both sides must match -Wake on LAN • Computer sleeps until needed • Useful for late-night software updates

Disk maintenance (Linux tools)

-Linux doesn't require a lot of maintenance • You probably already know this -Clean up log space • All logs are stored in /var/log -File system check • Done automatically every X number of reboots • to Force file system check after reboot, add a file to the root : sudo touch /forcefsck

ls (Linux Command)

-Lists directory contents • Similar to the dir command in Windows -Lists files, directories • May support color coding; Blue is a directory, red is an archive file, etc. -For long output, pipe through more: • > ls -l | more (use q or Ctrl-c to exit)

Applications Tab

-Lists user-interactive applications in use • Apps on the desktop -Administratively control apps • End task, start new task -Combined with the Processes tab in Windows 8/8.1/10

Application Installation methods

-Local installation • Downloadable executable • CD-ROM / DVD-ROM, Optical media -USB • Very compatible with most devices • Supports large installation programs -Network-based installation • The default in most organizations • Applications are staged and deployed from a central server • Can be centrally managed

Scripting characteristic (Scripting)

-Loops • Perform a process over and over • Loop a certain number of times • Loop until something happens -Comments • Annotate the code as its being created • Allows for others to understand what it does

Apple Mac OS history

-Mac OS • Desktop OS running on Apple hardware -Advantages • Easy to use • Extremely compatible • Relatively fewer security concerns -Disadvantages • Requires Apple hardware • Less industry support than the PC platform • Higher initial hardware cost

Anti-virus/Anti-malware updates for Mac OS

-Mac OS does not include anti-virus • Or anti-malware -Many 3rd-party options are available • From the usual companies • Can be installed into Mac OS -An emerging threat • Still doesn't approach Windows • It's all about the number of desktops -Automate your signature updates • Make sure all new updates are installed to be secured from threats every hour/day

BITS

Background Intelligent Transfer Service - a protocol in which the computer is enabled to browse update.microsoft.com and select updates for download and installation

Microsoft Windows history

-Major market presence -Many different versions • Windows 10, Windows Server 2016 -Advantages • Large industry support • Broad selections of OS options • Wide variety of software support -Disadvantages • Large install base provides a big target for security exploitation • Large hardware support can create challenging integration exercises

Sync Center

-Make files available, even when you're not online • Automatically syncs when back online • Contains built-in sync conflict management -Not available in Home editions • Needs offline file functionality • Only available in Pro and higher -Mark files "Always available offline" to use this capability

Document changes (Change Management)

-Make sure everyone knows a change has been made • Everyone needs to know -Help desk documentation that needs to be updated such as: • Version numbers, network diagram, new server names -Track changes over time • Cross-reference against help desk tickets -Track before and after statistics • Has it been better or worse?

Local government regulations (Safety Procedures)

-Make sure you are compliant with health and safety laws • These vary widely depending on your location • Keep the workplace hazard-free -Building codes is an example • Need to make sure you are compliant with fire prevention • Need to make sure you are compliant with electrical codes -Follow the environmental regulations to dispose of high-tech waste safely

Password complexity and length

-Make your password strong • No single words • No obvious passwords (What's the name of your dog?) • Mix upper and lower case • Use special characters (don't replace a "o" with a "0", a "t" with a "7") -A strong password is at least 8 characters • Consider a phrase or set of words -Set password expiration, requires change • System will remember its password history which will require a unique password(s)

Virus

-Malware that can reproduce itself with your assistance • It needs you to execute a program -Reproduces through file systems or the network • Just running a program can spread a virus -May or may not cause problems • Some viruses are invisible, some are annoying -Anti-virus is very common • Thousands of new viruses every week • Make sure your anti-virus software is updated

List some common causes of slow system performance.

Background processes, insufficient RAM, excessive disk fragementation, malware

Worms

-Malware that self-replicates • Doesn't need you to do anything • Uses the network as a transmission medium • Self-propagates and spreads quickly -Worms are pretty bad things • Can take over many systems very quickly -Firewalls and IDS/IPS can mitigate many worm infestations • Doesn't help much once the worm gets inside • Make sure to keep anti-malware updated

Policies and procedures (Mobile Devices)

-Manage company-owned and user-owned mobile devices • BYOD - Bring Your Own Device where you can use your personal device for work -Centralized management of the mobile devices • Specialized functionality/Mobile Device Manager (MDM) -MDM can set policies on apps, data, camera, etc. • Control the remote device • The entire device or a "partition" -Can manage access control • Force screen locks and PINs on these single user devices

TaskList and TaskKill command

-Manage tasks from the command line • No Task Manager required! -tasklist • Displays a list of currently running processes • Local or remote machine -taskkill • Terminate tasks by process id (PID) or image name • TASKKILL /IM notepad.exe - kills the notepad.exe process by image name • TASKKILL /PID 1234 /T - kills the process identifier (PID) by number

Internal operating procedures (Documentation Best Practices)

-Many Organizations have different business objectives • Different processes and procedures -Different operational procedures • Different requirements for downtime notifications • Different way of handling facilities issues -Software upgrades • Different ways of testing new version of software • Different ways of rolling out software with change control -Documentation is the key • Everyone can review and understand the policies with centralized documentation

Driver/firmware updates (Linux)

-Many drivers are in the kernel • Updated when the kernel updates -Additional drivers are managed with software updates or at the command line • Update those yourself

System / application log errors (Troubleshooting Security Issues)

-Many errors go undetected • The details are in the log (Event Viewer) -It may take some work to find them • Filter and research -Find security issues • Improper logins • Unexpected application use • Failed login attempts

Data Loss Prevention (DLP) (Logical Security)

-Many organizations deal with sensitive information such as Social Security numbers, credit card numbers, medical records • Security admin wants to limit the type of information is transferred across the network. -Stop the data before the bad guys get it • common to use this software and hardware to monitor what traffic is being transferred across the network and why type of info. is attached inside any emails. • Protects against this type of data "leakage" -So many sources, so many destinations • Often requires multiple solutions in different places

MAC address filtering (Securing SOHO Network)

-Media Access Control • The "hardware" address -Can limit access through the physical hardware address • Keeps the neighbors out of the network • Additional administration with visitors -Easy to find working MAC addresses through wireless LAN analysis • MAC addresses can be spoofed by free open-source software -An example of Security through obscurity

MAC filtering (Logical Security)

-Media Access Control • The "hardware" address -Limit access through the physical hardware address • Keeps the neighbors out • Additional administration with visitors -Easy to find MAC addresses through wireless LAN analysis • MAC addresses can be spoofed with open-source software -Refer to as Security through Osbcurity • If the security method is known, it can easily be circumvented

Security considerations (Remote Access Technologies)

-Microsoft Remote Desktop • An open port tcp/3389 is a big tell • Brute force attack is common -Third-party remote desktops • Often secured with just a username and password • There's a LOT of username/password re-use -Once you're in, you're in • The desktop is all yours • Easy to jump to other systems • Personal information, bank details can be obtained • Make purchases from the user's browser

mstsc.exe

-Microsoft Terminal Services Client • Remote Desktop Connection • Can also open through the cmd line or Run cmd -Access a desktop on another computer • Or connect to a Terminal Server -Common for management on servers without a keyboard or monitor connected to them • "Headless" servers - Located under C:\Windows\System32 • Can also open through the cmd line or Run cmd

Windows on a mobile device

-Microsoft Windows 10 • Fully-featured tablets -Many different manufacturers • Touchscreen computer • Keyboards • Pen stylus -Windows Mobile • No longer in active development • No support after December 2019

4b. Remediate: Scan and remove (Removing Malware)

-Microsoft, Symantec, McAfee • The big anti-virus apps -Malwarebytes Anti-Malware • Malware-specific -Stand-alone removal apps • Check with your anti-virus company -There's really no way to know if it's really gone • End result may be to delete and rebuild to guarantee 100% removal

Firewalls (Mobile Devices)

-Mobile phones don't include a firewall • Most activity is outbound, not inbound -Some mobile firewall apps are available • Mostly for Android • None seem to be widely used -Enterprise environments can control mobile apps • Firewalls can allow or disallow access

Dialup connections

-Modem connection • Standard phone lines -Configuration will require: • Authentication • Phone number -Can connect/disconnect from network status icon

Software firewalls

-Monitors the local computer • Alert on unknown or unauthorized network communication -Prevents malware communication • Downloads after infection • Botnet communication -Use Windows Firewall • At a minimum -Runs by default • Constantly monitoring any network connection

Equipment grounding (Safety Procedures)

-Most computer products connect to ground • Divert any electrical faults away from people -This also applies to equipment racks in the data center • Large ground wire -Don't remove the ground connection • It's there to protect you -NEVER connect yourself to an electrical ground • This is not a way to prevent ESD • Never connect yourself to any source with voltage on it

App log errors (Troubleshooting Mobile Apps)

-Most log information is hidden • You'll need developer tools to view it -Contains a wealth of information • If you can decipher it • This might take a bit of research -To view these logs • For iOS, you can use Xcode • For Android, you can use Logcat

ipconfig

-Most of your troubleshooting starts with your IP address • Ping your local router/gateway -Determine TCP/IP and network adapter information • And some additional IP details such as IP address, subnet mask, default gateway -View additional configuration details with typing "ipconfig /all" • Shows details for DNS servers, DHCP server, etc

mv (Linux Command)

-Move a file • used to rename a file -mv SOURCE DEST • to rename first.txt to second.txt, you use the command "> mv first.txt second.txt"

Defragmentation (Troubleshooting Solutions)

-Moves file fragments so they are contiguous • So they can share a common border • Improves read and write time • Only applicable to spinning hard drives -Graphical version located in the drive properties • Type "defrag" at the command line to show options -Already added to the weekly schedule • Control Panel / Administrative Tools / Task Scheduler

Biometric authentication (Mobile Devices)

-Multi-factor authentication • Combining different methods of authentication • Can use a passcode, password, or swipe pattern • Also use a fingerprint, face, or iris -A phone is always with you • And you're a good source of data -We're just figuring this out (Its not perfect) • Biometrics have a long way to go for security • Always use as many factors as necessary

A backup for the DHCP server

-Multiple DHCP servers should be configured for redundancy • So that one is always be one available -If a DHCP server isn't available, Windows uses the Alternate Configuration (Only if DHCP is not available) • The default is APIPA addressing -You can also configure a static IP address

Smart cards (Logical Security)

-Must have physical card to provide digital access • A digital certificate -Can contain multiple factors • A card with PIN or fingerprint

Compliance (Documentation Best Practices)

-Must meet the standards of laws, policies, and regulations -A healthy catalog of rules • Across many aspects of business and life • Many are industry-specific or situational -Penalties can be imposed on organizations that dont follow these laws, such as: • Fines • Loss of employment • Incarceration -Scope of regulations • Some regulations can be specific to a region or a country • Some regulations can be worldwide • Understand the exact scope of the regulations and how they apply to your organization

NTFS and CDFS

-NTFS - NT File System • Extensive improvements over FAT32 • Can set quotas, file compression, encryption • Contains symbolic links, large file support, security, recoverability -CDFS - Compact Disk File System • ISO 9660 standard • All operating systems can read the CD

What allows a organization to centralize the management and configuration of operating systems, applications, and users' settings in an Active Directory environment?

Group Policy

netstat

-Network statistics • Utility available on many different operating systems -netstat -a • Shows all active connections -netstat -b • Shows binaries (Windows) that may be sending/receiving information • Requires elevation -netstat -n • Does not resolve DNS names

Backout plan (Change Management)

-Never believe the change will work perfectly and nothing will ever go bad • Prepare for the worse -Always have a way to revert your changes • Prepare for the worst, hope for the best -This isn't as easy as it sounds • Some changes are difficult to revert • Always have a backup plan AND always have backups

Surge suppressor (Environmental Impacts)

-Not all power is "clean" • Self-inflicted power spikes and noise • Storms, power grid changes -Spikes are diverted to ground -Noise filters remove line noise • Decibel (Db) levels at a specified frequency • Higher Db is better

Flavors of traceroute

-Not all traceroutes are the same • Minor differences in the transmitted payload -Windows commonly sends ICMP echo requests • Receives ICMP time exceeded messages • And an ICMP echo reply from the final/destination device • Unfortunately, outgoing ICMP is commonly filtered -Some operating systems allow you to specify the protocol used • Linux, Unix, Mac OS, etc. -IOS devices send UDP datagrams over port 33434 • The port number can be changed with extended options

Privileges

-Not all users can run all commands • Some tasks are for the administrator only -Standard privileges • Run applications as normal user • This works fine for many commands -Administrative/elevated privileges • You must be a member of the Administrators group • Right-click Command Prompt, choose "Run as Administrator" • OR by searching for cmd.exe, then pressing "Ctrl+Shift+Enter" to run as Administrator

Image recovery (Linux tools)

-Not as many options as Windows • But still some good ones available -dd is built-in to Linux • Can convert and copy a file • Can backup and restore a partition • Very powerful -Other 3rd-party utilities can image drives • GNU Parted and Clonezilla are two examples

End-user acceptance (Change Management)

-Nothing will happen without a sign-off • The end users of the application / network need to be aware of a change, possible downtime, and timeframe -One of your jobs is to make them successful • They ultimately decide if a change is worth it to them -Ideally, this is a formality • Of course, they have been involved throughout the entire process • There's constant communication before and after

Frozen system (Troubleshooting Mobile Apps)

-Nothing works - No screen or button response -Perform a Soft reset - Hold power down and turn off -Perform a Hard reset • In iOS: Hold power and home button for 10 seconds • In Android: Combinations of power, home, and volume -Ongoing problems may require a factory reset

Update network settings (Troubleshooting Solutions)

-One configuration mismatch can cause significant network slowdowns • Know the speed and duplex configuration between the device and the connected switch • make sure they match on both -Most auto negotiations work fine • Device and Switch will choose the best setting for speed and duplex and confirm they match on both sides • Does not work 100% of the time due to certain chipsets or network configurations -Driver properties may not show the negotiated value of auto negotiation • For that info, look in network details at the command line or filter through the Event Viewer -Device should match the switch • Both sides should be identical • Any mismatches will cause errors or slowdowns across the network

FAT (File Allocation Table)

-One of the first PC-based file systems (circa 1980) -FAT32 - File Allocation Table • Larger (2 terabyte) volume sizes • Maximum file size of 4 gigabytes • Most common file type -exFAT - Extended File Allocation Table • Microsoft flash drive file system • Files can be larger than 4 gigabytes

RADIUS (Remote Authentication Dial-in User Service)

-One of the more common AAA (Authenticaion, Authorization, Accounting) protocols • Supported on a wide variety of platforms and devices • Not just for dial-in -Centralizes authentication for users on a single server • Routers, switches, firewalls communicate and authenticate to the AAA server using the Radius protocol • Server authentication • Remote VPN access • Commonly seen on 802.1X network access -RADIUS services available on almost any server operating system

Communication skills (Communication)

-One of the most useful skills for the troubleshooter -One of the most difficult skills to master -A skilled communicator is incredibly marketable

7. Educate the end user (Removing Malware)

-One on one personal training -Place posters and signs in high visibility -Physical message board postings -Login messages as a quick reminder (switch often) -On the Intranet page that explains more about malware and what should be done if you suspect you are infected with malware

Rootkits

-Originally a Unix technique • The "root" in rootkit -Modifies core system files • Becomes part of the kernel -Can be invisible to the operating system • Won't see it in Task Manager -Also invisible to traditional anti-virus utilities • If you can't see it, you can't stop it

Windows 8/8.1 processor requirements

-PAE (Physical Address Extension) • 32-bit processors can use more than 4 GB of physical memory -NX (NX Processor Bit) • Allows CPU to protect against malicious software from running -SSE2 (Streaming SIMD Extensions 2) • A standard processor instruction set • Used by third-party applications and drivers

Keychain (Mac OS Features)

-Password management • Passwords, notes, certificates, etc. -Integrated into the OS - Keychain Access -Passwords and Secure Notes are encrypted with 3DES • Login password is the key

Password policy (Documentation Best Practices)

-Passwords should be complex, and all passwords should expire • Change every 30 days, 60 days, 90 days -Critical systems might change more frequently • Every 15 days or every week -The recovery process should not be trivial! • Some organizations may have a very formal process

PCI DSS (Privacy, Licensing, and Policies)

-Payment Card Industry Data Security Standard (PCI DSS) • A standard for protecting credit cards -This standard consists of six control objectives • Build and Maintain a Secure Network and Systems • Protect Cardholder Data • Maintain a Vulnerability Management Program • Implement Strong Access Control Measures • Regularly Monitor and Test Networks • Maintain an Information Security Policy

Dictionary attacks

-People use common words as passwords • You can find them in the dictionary -If you're using brute force, you should start with the easy ones • common passwords such as 123456, password, ninja, football -Many common word-lists available on the 'net • Some are customized by language or line of work -This will catch the low-hanging fruit • You'll need some smarter attacks for the smarter people

Licenses (Privacy, Licensing, and Policies)

-Personal license • Designed for the home user • Usually associated with a single device • Or small group of devices owned by the same person • Perpetual (one time) purchase -Enterprise license • Per-seat purchase or a site license • The software may be installed everywhere • Requires annual renewal

Spear phishing

-Phishing with inside information • Targets a more specific group (e.g. AP dept.) • Makes the attack more believable • Spear phishing the CEO is "whaling" -April 2011 - Epsilon was targeted • Less than 3,000 email addresses attacked • 100% of emails targeted operations staff • This attack downloaded anti-virus disabler, keylogger, and remote admin tool for those users who clicked on the link -April 2011 - Oak Ridge National Laboratory • Email was received from the "Human Resources Department" • 530 employees were targeted, 57 people clicked, 2 were infected • This attack downloaded data and infected servers with malware from users who clicked on the link

Overheating (Troubleshooting Mobile Apps)

-Phone will automatically shut down to avoid damage caused by overheating -Heat comes from charging/discharging the battery, CPU usage, display light • All of them create heat -Check app usage - Some apps can use a lot of CPU -Avoid direct sunlight - Quickly overheats

Safe Mode -Win 7 and 8/8.1 (Troubleshooting Solutions)

-Press F8 on boot • Advanced Boot Options -Safe Mode • Only the necessary drivers to get started -Safe Mode with Networking • Includes drivers for network connectivity -Safe Mode with Command Prompt • No Windows Explorer - quick and dirty -Enable low-resolution (VGA Mode) • Recover from bad video driver installations

Spoofing

-Pretends to be something you aren't • A Fake web server or a fake DNS server, etc. -Email address spoofing • The sending address of an email isn't really the sender -Caller ID spoofing • The incoming call information is completely fake -Man-in-the-middle attacks • The person in the middle of the conversation pretends to be both endpoints

USB locks (Physical Security)

-Prevent access to a USB port • Physically place a lock inside of the USB interface -A secondary security option is disabling the interface in BIOS and/or operating system • Not truly inaccessible, there's always a way around security controls -Relatively simple locks • Defense in depth

Port security (Logical Security)

-Prevents unauthorized users from connecting to a switch interface • Alert or disable the port -prevents access based on the source MAC address • Even if its forwarded from elsewhere -Each port has its own config • Unique rules for every interface

Testing the printer (Troubleshooting Windows)

-Print or scan a test page • Built into Windows printer properties • Not the application -Use diagnostic tools • Can be web-based utilities (Built into the printer) • Can be Vendor specific (Download from the web site) • Or Generic (Available in LiveCD form)

Quality of Service (QoS)

-Prioritize network traffic • Applications, VoIP, and Video -Infrastructure must support QoS • Differentiated Services Code Points (DSCP) field in the IP header • IPv4 - Type of Service (ToS) field • IPv6 - Traffic Class octet -Manage through Local Computer Policy or Group policy (C:\Windows\System32 > gpedit.msc) OR run > gpedit.msc • Located under Computer Configuration / Windows Settings / Policy-based QoS

Windows 7 Minimum Hardware Requirements (x64)

-Processor/CPU - 1 GHz processor -Memory - 2 GB RAM -Free disk space - 20 GB -Video - DirectX 9 graphics device with WDDM* 1.0 or higher driver *Windows Display Driver Model -Win7 64-bit

Rebuild Windows profiles (Troubleshooting Solutions)

-Profiles can become corrupted • The User Profile Service failed the logon. User Profile cannot be loaded. • User documents may be "missing" (temp. profile) -If a profile doesn't exist, it's recreated • We're going to delete the profile and force the rebuilding process -It's not as easy as copying a file • Create registry backups in case modifications are made

Virus types

-Program viruses • It's part of the application -Boot sector viruses • Exists in the boot sector • Virus is executed when the OS starts up • No OS is needed -Script viruses • e.g. Java Script • Operating system and browser-based -Macro viruses • Common in Microsoft Office

Windows (Defender) Firewall Applet

-Protect from attacks • Scans for malicious software • Helps prevent access to resources on the local pc -Integrated into the operating system - Located in Control Panel under Windows (Defender) Firewall

Unable to decrypt email (Troubleshooting Mobile Apps)

-Protects your email with encrypted communication channels -This is built-in to corporate email systems • Microsoft Outlook • Each user has a private key on their mobile device • You can't decrypt without the key -System administrators will use Mobile Device Manager (MDM) to install individual private keys on every mobile device

Authenticator apps (Mobile Devices)

-Pseudo-random token generators • A useful authentication factor -Use to carry around physical token devices -You're carrying your phone around • And it's pretty powerful which can have the app installed • Don't need to carry around physical hardware

Quick format vs. full format

-Quick format • Creates a new file table • Looks like data is erased, but it's not • No additional checks -Quick format in Windows 7, 8/8.1, and 10 • Use diskpart for a full format within windows 7, 8/8.1/10 -Full format • Writes zeros to the whole disk • Your data is unrecoverable • Checks the disk for bad sectors - Time consuming

Quick format vs. full format

-Quick format • Creates a new file table • Looks like data is erased, but it's not • No additional checks -Quick format in Windows 7, 8/8.1, and 10 • Use diskpart for a full format within windows 7, 8/8.1/10 -Full format • Writes zeros to the whole disk • Your data is unrecoverable • Checks the disk for bad sectors which is time consuming

Disposal procedures (Environmental Impacts)

-Read your Material Safety Data Sheets (MSDS) to know how/where to dispose of computer equipment • Mandated by United States Department of Labor and/or Occupational Safety and Health Administration (OSHA) • http://www.osha.gov, Index page -This provides information for all hazardous chemicals • Batteries, display devices / CRTs, chemical solvents and cans, toner and ink cartridges -Sometimes abbreviated as Safety Data Sheet (SDS) • Might have a different name depending on what country you are in

Unauthorized location tracking (Troubleshooting Mobile Device Security)

-Real-time tracking information and historical tracking details • This should be as protected as your other data -If any suspicion an app is tracking your location, run an anti-malware scan • Malicious apps can capture many data points -Check apps with an offline app scanner • Get some insight into what's running -Perform a factory reset if tracking is occurring • Restore from a known-good backup

Anti-virus/Anti-malware updates (Linux)

-Relatively few viruses and malware for Linux • Still important to keep updated -ClamAV • Open source antivirus engine -Same best practice as any other OS • Always update signature database • Always provide on-demand scanning

Windows 7 history

-Released October 22, 2009 • Mainstream support ended January 13, 2005 • Extended support until January 14, 2020 -Very similar to Windows Vista • Maintained the look and feel of Vista • Used the same hardware and software • Increased performance over Windows Vista -Updated features • Libraries • HomeGroup • Pinned taskbar

Windows 7 history

-Released October 22, 2009 • Mainstream support ended January 13, 2015 • Extended support until January 14, 2020 -Very similar to Windows Vista • Maintained the look and feel of Vista • Used the same hardware and software • Increased performance over Windows Vista -Updated features • Libraries • HomeGroup • Pinned taskbar

Software tokens (Logical Security)

-Relies on pseudo-random number generator • Can't guess it • Changes constantly -Can save money • Can be a free smartphone app with no cost associated • No separate hardware needed to assign and/or lose

Remote access

-Remote Assistance • Commonly seen in Home editions • One-time remote access • Single-use password • Chat, diagnostics, NAT traversal -Remote Desktop Connection • Non-Home editions • Ongoing access • Local authentication options • May require port forwarding

Personal safety (Safety Procedures)

-Remove any jewelry and/or name badge neck straps that can cause you to get stuck • Or use breakaway straps -Lifting technique • Lift with your legs, keep your back straight • Don't carry overweight items/devices • Equipment can be available that can help you to lift -Electrical fire safety • Don't use water or foam • Use carbon dioxide, FM-200, or other dry chemicals • Always remove from the power source -Cable management • Avoid trip hazards • Use cable ties or velcro -Safety goggles • Useful when working with chemicals • Useful for printer repair, toner, batteries -Air filter mask • Computer could be dusty • Useful when working with printer toner

Roll back (Troubleshooting Solutions)

-Restore points • Rewind to an earlier point in time • Time travel without erasing your work -Application updates • Restore point is created automatically during application installations -Device Drivers • These can break Windows • You can roll back from the Windows start menu (F8)

rm (Linux Command)

-Remove files or directories • Deletes the files -Does not remove directories by default • Directories must be empty to be removed or must be removed with -r option

Desktop security

-Require a screensaver password • Integrated with login credentials • Can be administratively enforced • Automatically locks after a timeout -Disable autorun • autorun.inf in Vista (No Autorun available in Windows 7, 8/8.1, or 10) • Disabled through the registry -Consider changing AutoPlay • Get the latest security patches (updates to autorun.inf and AutoPlay)

Volume sizes

-Resize a volume • Right-click the volume for options • Can shrink or extend -Can split the hard drive space into 2 volumes • e.g. 120GB into 2 60GB volumes • Can Shrink a volume • Can format unallocated space -Can also create mirrored volumes -Configuration done in Disk Management

Display Applet

-Resolution options • Important for LCD monitor native resolutions -Can configure the color depth and refresh rate • Located in Control Panel > Display > Adjust Resolution > Advanced Settings > Adapter "list all modes" -In Windows 10, it is located in Settings > System > then choose the Display option • Different settings available

Phishing

-Social engineering with a touch of spoofing • Often delivered by spam, IM, etc. • Very remarkable when well done -Don't be fooled • Check the URL -Usually there's something not quite right • Mistakes with spelling, fonts, or graphics -Vishing (Voice Phishing) which is done over the phone • Callers might say they are from the IRS and they need money • They dont ask for cash, they ask for gift cards • Fake security checks or bank updates

Windows 7 Enterprise

-Sold only with volume licenses • Designed for very large organizations -Multilingual User Interface packages -Supports the following: • DVD playback • Windows Aero • Internet Connection Sharing • IIS Web Server -Supports all enterprise technologies: • Can join a domain • Bitlocker support • EFS (Encrypting File System) -x86 version supports 4gb RAM -x64 version supports 192gb RAM

Troubleshooting Applet

-Some problems can be easily fixed • Have you tried turning it off and on again? -Automate some of the most common fixes • Troubleshooting option are categorized -May require elevated account access to enable/disable hardware and features

Force Quit (Mac OS Tools)

-Stop an application from executing • Some applications are badly written -Command-Option-Esc • Lists the application to quit • Select the application to "Force Quit" -Another way to "Force Quit" is to hold the option key when right-clicking the app icon in the dock • Continue holding the "Option" key to view the "Force Quit" option. Letting go of the "Option" key changes it to only "Quit"

System Applet

-System properties • Provides Computer information • Including version and edition -Remote settings can be turned on or off for Remote Assistance and Remote Desktop -System protection • Can enable/disable System Restore • Select drives to allocate additional space for system restore -Performance Options located under Advance System Settings can be set for: • Configuring Virtual Memory • Configuring Visual Effects • Configuring Data Execution Prevention (DEP)

IP address spoofing

-Takes someone else's IP address • Takes the IP address from the actual device to make it seem like the data is coming from the legitimate device • Pretends to be somewhere you are not -Can be for a legitimate reason • Load balancing • Load testing -For illegitimate reasons such as: • ARP poisoning • DNS amplification / DDoS -Easier to identify than MAC address spoofing • Apply rules to prevent invalid traffic, enable switch security • IP addresses are known on the network and if inbound traffic is detected from a location where that IP address should not be then you can suspect IP Spoofing is occurring.

Difficult situations (Professionalism)

-Technical problems can be stressful -Don't argue or be defensive • Don't dismiss • Don't contradict -Diffuse a difficult situation with listening and questions • Relationship-building • User might just want to vent (just listen) -Communicate • Even if there's no update -Never take the situation to social media

Telnet (Remote Access Technologies)

-Telnet - Telecommunication Network - tcp/23 -Login to devices remotely • Console access -Unencrypted communication • Not the best choice for production systems

Cable locks (Physical Security)

-Temporary security • Connect your hardware to something solid -Cable works almost anywhere • Useful when mobile -Most devices have a standard connector • contains a reinforced notch -Not designed for long-term protection • Those cables are pretty thin and can be cut

This type of malware watches for and logs types of traffic you might be doing on your computer, such as logging into a bank account. It may monitor what websites your browser visits as well.

Spyware

Device Manager

-The OS doesn't know how to talk directly to most hardware -Device drivers are hardware specific and operating system specific • Windows 7 device drivers may not necessarily work in Windows 10 -Technical Support FAQ starting point • "Have you updated the drivers?" -Complete control of the hardware • Can update, uninstall, or disable drivers • Can scan for hardware changes OR dive into the driver properties -Computer Management or devmgmt.msc

regedit.exe

-The Windows Registry • The big huge master database • Hierarchical structure • Use to configure different parts in Windows • Use to configure different applications in Windows -Used by almost everything in Windows • Kernel, Device drivers • Services • Security Account Manager (SAM) • User Interface, Applications -Backup your registry! • Also called a hive • Use "export" to backup the registry • Built into regedit - Located under C:\Windows • Can also open through the cmd line or Run cmd

Windows 10 Pro

-The business version of Windows • Additional management features -Remote Desktop host • Remote control each computer -Supports: • Hyper-V • Bitlocker (Full Disk Encryption (FDE)) • Can join a Windows domain (Group Policy management) -Does not support: • AppLocker • BranchCache -Max x86 RAM 4 GB -Max x64 RAM 2048 GB

Linux commands

-The command line - Terminal, XTerm, or similar -Commands are similar in both Linux and Mac OS • Mac OS derived from BSD (Berkeley Software Distribution) Unix • This section is specific to Linux -Download a Live CD or install a virtual machine to see its functions • Many pre-made Linux distributions are available to download and install • Ubuntu can be used in a virtual machine • Use the "man" command for help • Stands for an online manual • If you would like to know more about "grep" enter "> man grep" in the cmd line to learn more about grep.

Windows 7 Home Premium

-The consumer edition; contains: • DVD playback • Windows Aero • Internet Connection Sharing • IIS Web Server -Does not support enterprise technologies • Cannot join a domain • No BitLocker support • No EFS (Encrypting File System) support -x86 version supports 4gb RAM -x64 version supports 16gb RAM and 2 processors

Physical destruction

-Through an industrial shredder • Heavy machinery • Complete destruction -Drill / Hammer if destroying hardware on your own • Quick and easy • All the way through the platters -Electromagnetic (degaussing) • Remove the magnetic field • Destroys the drive data and the electronics -Incineration • Hot fire

Account lockout and disablement

-Too many bad passwords will cause a lockout • This should be normal for most users • This can cause big issues for service accounts (some orgs. will disable the lockout process for service accounts. OR have a different process to change the password and keep the service account from not logging in) -Disable user accounts • Part of the normal change process • You don't want to delete accounts (at least not initially) • Deleting the account can delete important information.

System lockout (Troubleshooting Mobile Apps)

-Too many incorrect unlock attempts -In iOS: Erases the phone after 10 failed attempts • Will need to restore from itunes/icloud backup • Automatic erase can be disabled. With each failed attempt, delays start to add up (timewise) -Android: Locks or wipes the phone after failed attempts • Uses google login to unlock the phone

Update boot order (Troubleshooting Solutions)

-Trying to boot from a USB drive but it doesn't even try • Boots directly to the primary drive -Check BIOS to determine which physical device will be used during boot • And in which order -Each BIOS is a bit different • But the configuration is in there somewhere -It's an easy one to miss • Usually the first thing to check and change to modify the boot order

Boot methods

-USB storage • USB drive must be bootable • Computer must support booting from USB drive -CD-ROM and DVD-ROM • A common media -PXE ("Pixie") - Preboot eXecution Environment • Performs a remote network installation • Computer must support booting with PXE -NetBoot • Apple technology to boot Mac OS from the network • Similar concept to PXE boot -If you need to install many types of OS's • Considered using external media that connects via USB • Solid state drives / hard drives • Store many OS installation files -External / hot swappable drive • Some external drives can mount an ISO (DVD-ROM image) which the PC will see as a DVD-ROM drive • Can boot from USB -Installing on the Internal hard drive • Install and boot from separate drive • Create and boot from new partition

Boot methods

-USB storage • USB drive must be bootable • Computer must support booting from USB drive -CD-ROM and DVD-ROM • A common media -PXE ("Pixie") - Preboot eXecution Environment • Performs a remote network installation • Computer must support booting with PXE -NetBoot • Apple technology to boot macOS from the network • Similar concept to PXE boot -If you need to install many types of OS's • Considered using external media that connects via USB • Solid state drives / hard drives • Store many OS installation files -External / hot swappable drive • Some external drives can mount an ISO (DVD-ROM image) which the PC will see as a DVD-ROM drive • Can boot from USB -Installing on the Internal hard drive • Install and boot from separate drive • Create and boot from new partition

Types of installations

-Unattended installation • Answers Windows questions in a file (unattend.xml) • No installation interruptions • No user intervention -In-place upgrade • Maintain existing applications and data -Clean install • Data backup required • Wipe the slate clean and reinstall • Migration tool can help -Image • Deploy a clone on every computer • Quick installation on many computers -Repair installation • Fixes problems with the Windows OS • Does not modify user files • Re-installs the OS • Multiboot • Run two or more operating systems from a single computer -Recovery partition • Creates hidden partition with a copy of Windows installation files • Commonly used with repair installation • Installation media not needed -Refresh / restore • Windows 8/10 feature to clean things up • Requires a recovery partition • No installation media needed

Types of installations

-Unattended installation • Answers Windows questions in a file (unattend.xml) • No installation interruptions • No user intervention -In-place upgrade • Maintain existing applications and data -Clean install • Data backup required • Wipe the slate clean and reinstall • Migration tool can help -Image • Deploy a clone on every computer • Quick installation on many computers -Repair installation • Fixes problems with the Windows OS • Does not modify user files • Re-installs the OS • Multiboot • Run two or more operating systems from a single computer • Can you 2 OS's from 1 hard drive -Recovery partition • Creates hidden partition with a copy of Windows installation files • Commonly used with repair installation • Installation media not needed -Refresh / restore • Windows 8/10 feature to clean things up • Requires a recovery partition • No installation media needed

UPS (Disaster Recovery)

-Uninterruptible Power Supply • Short-term backup power • Protects you from blackouts, brownouts, surges, spikes, etc... -UPS types • Offline/Standby UPS watches the voltage from the main power. If not power, it switch from offline/standby to online. Online provides the power from the UPS • Line-interactive UPS slowly provides more power if the main power experiences a brownout. • On-line/Double-conversion UPS runs in many data centers. UPS is always running from the battery. There is no switching over if main power is lost. The Main power charges the batteries, batteries power the device. No delay with power switching. -UPS features on different models • Auto shutdown • Battery capacity • Outlets • Phone line suppression

Command line troubleshooting

-Use "help" if you're not sure • > help dir • > help chkdsk -Also use: • [command] /? -Close the prompt with exit -Useful when additional information is needed for a certain command

Remote Disk (Mac OS Features)

-Use an optical drive from another computer • Has become more important over time • Designed for copying files or data transfer • Will not work with audio CDs or video DVDs -Set up sharing in System Preferences • Sharing options • Appears in the Finder

Restricting user permissions

-User permissions • Everyone isn't an Administrator • Assign proper rights and permissions • This may be an involved audit -Assign rights based on groups • More difficult to manage per-user rights • Becomes more useful as you grow -Set login time restrictions • Only login during working hours • Restrict after-hours activities

Local users and groups

-Users • Administrator - the Windows super-user • Guest -Limited access • Most users are "Regular" Users -Groups • Administrators, Users, Backup Operators, Power Users, etc. • Users can be added to groups • Permissions are easier to manager by groups instead of individual user access.

Tailgating

-Uses someone else to gain access to a building • Not by accident -Johnny Long book in "No Tech Hacking" explains how to tailgate in these environments • By blending in with clothing • A 3rd-party with a legitimate reason • Temporarily take up smoking and makes friends with people who then can be followed back into the building • Or be someone who brings boxes of doughnuts where people might help you enter even if you don't have an access card -Once inside, there's little to stop you • Most security stops at the border

Windows Recovery Environment

-Very powerful front-end that gives you access to the OS -Also very dangerous way to start manipulating the OS • Last resort -Does give you complete control of the OS • Fix your problems before the system starts • Can remove malicious software -Requires additional information • Use, copy, rename, or replace operating system files and folders • Enable or disable services or devices at startup • Can repair the file system boot sector or the master boot record (MBR)

Windows 10 Education and Enterprise

-Very similar features in both • Minor features differences • Both are managed by using Windows Volume licensing -Granular User Experience (UX) control • an administrator can define the user environment • Useful for kiosk and workstation customization -Supports: • Hyper-V • Bitlocker • Can join a domain • AppLocker (an administrator can control what applications can run) • BranchCache (remote site file caching) -Max x86 RAM 4 GB -Max x64 RAM 2048 GB

VPN Concentrator (Logical Security)

-Virtual Private Network • can encrypt (private) data traversing a public network -Concentrator (a hardware device) • designed to Encrypt/decrypt access from any device at a remote location -Many deployment options • Specialized cryptographic hardware • Software-based options available -Used with 3rd party client software or sometimes built into the OS

vi (Linux Command)

-Visual mode editor • Full screen editing with copy, paste, and more -vi FILE • "> vi script.sh" starts the editor for the file script.sh -To insert text • Enter "i" and then <text> • Exit insert mode with Esc -Save (write) the file and quit vi • ":wq" command

WPA2 and CCMP

-WPA2 certification began in 2004 • AES (Advanced Encryption Standard) replaced RC4 • CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) replaced TKIP -CCMP block cipher mode • Uses AES for data confidentiality • 128-bit key and a 128-bit block size • Requires additional computing resources -CCMP security services • Data confidentiality (AES), includes authentication, and access control

Strong passwords (Logical Security)

-Weak passwords can be difficult to protect against • Interactive brute force • Hashed passwords can be brute forced offline -Passwords need to have some complexity and refreshed constantly • This reduces the chance of a brute force • Reduce the scope if a password is found -Annual password analysis from SplashData examines leaked password files. Pretty much what you'd expect on commonly used passwords: • #1: 123456 • #2: password • #3: 12345 • #4: 12345678 • #5: qwerty

Power drain (Troubleshooting Mobile Device Security)

-When power drains faster than normal might be a security issue • Heavy application usage • Increased network activity than normal • High resource utilization than normal • Its a Denial of Service (DoS) -Check the application before installation • Use an App scanner to verify if its legitimate (e.g. Zscaler Application Profiler) • Force stop that running app if its acting unusual -Some mobile devices allow you to run anti-malware • This checks for malicious activity -Perform a clean install if you are unsure • Perform a factory reset and reinstall the apps

Users Tab

-Who is connected? What are they doing? -Provides a User list Windows 7 which allows you to: • Disconnect • Logoff • Send message -In Windows 8/8.1/10, Users tab provides: • Separate processes for each user • Performance statistics for each user

Using WPS (Securing SOHO Network)

-Wi-Fi Protected Setup • Originally called Wi-Fi Simple Config -The goal was to allow "easy" setup of a mobile device • A passphrase can be complicated to a novice -Different ways to connect • PIN configured on access point must be entered on the mobile device • Push a button on the access point • Near-field communication - Bring the mobile device close to the access point • USB method - no longer used

dd (Linux Command)

-Will convert and copy a file • Also backups and restores an entire partition • > dd if=<source file name> of=<target file name> [Options] -Creating a disk image • > dd if=/dev/sda of=/tmp/sda-image.img -Restoring from an image • > dd if=/tmp/sda-image.img of=/dev/sda

Update and patch (Troubleshooting Solutions)

-Windows Update • A centralized OS and driver updates -Lots of flexibility on updating Windows • Change the active hours • Manage metered connections where it doesnt download over slow connections -Applications must be patched • Security issues don't stop at the OS • Download from the publisher or within the application

System Restore

-Windows creates frequent restore points • Goes back-in-time to correct problems • Creates restore points after a windows update or after installing new software -Start by pressing F8 - Advanced Boot Options - Repair -In Windows 7/8/8.1/10 it is located in Control Panel under Recovery -Doesn't guarantee recovery from viruses and spyware/malware • All restore points might be infected

Mobile device disposal (Safety Procedures)

-Wipe your data, if possible • This isn't always an option due to a broken screen -Manufacturer or phone service provider may have a recycling program or an upgrade program -Dispose at a local hazardous waste facility • Do not throw in the trash

MAC spoofing

-Your Ethernet device has a MAC address • A unique burned-in address • Most drivers allow you to change this address -Changing the MAC address can be legitimate • Internet provider expects a certain MAC address • Certain applications require a particular MAC address -If changing the MAC address for illegitimate reasons • To circumvent MAC-based ACLs • Fake-out a wireless address filter -This is very difficult to detect • How would you know it's not the original device?

Desktop styles

-Your computer has many different uses • Those change depending on where you are -Work styles • Standard desktop • Common user interface • Customization is very limited • You can work at any computer due to Active Directory -Home • Complete flexibility; No restrictions • Can change background photos, colors, UI sizing.

Desktop styles

-Your computer has many different uses • Those change depending on where you are -Work styles • Standard desktop • Common user interface • Customization very limited • You can work at any computer due to Active Directory -Home • Complete flexibility; No restrictions • Background photos, colors, UI sizing

windows script file

.wsf

Other file systems

-ext3 • Third extended file system • Commonly used by the Linux OS -ext4 • Fourth extended file system • An update to ext3 • Commonly seen in Linux and Android OS -NFS • Network File System • Access files across the network as if they were local • NFS clients is available across many operating systems -HFS+ / HFS Plus • Hierarchical File System • Also called Mac OS Extended • Replaced by Apple File System (AFPS) in macOS High Sierra (10.13) -Swap partition • Memory management • Frees memory by moving unused pages onto disk • Copies back to RAM when needed • Usually a fast drive or SSD

Apple macOS history

-macOS • Desktop OS running on Apple hardware -Advantages • Easy to use • Extremely compatible • Relatively fewer security concerns -Disadvantages • Requires Apple hardware • Less industry support than the PC platform • Higher initial hardware cost

perl script file there are two

.cgi, .pl

data file

.dat

Database file there are two

.db, .dbf

Debian software package file

.deb

ISO disc image

.iso

JPEG image two of them

.jpeg, jpg

log file

.log

Microsoft Access database file

.mdb

MIDI audio file there are two separate with a comma (,)

.mid, .midi

MP3 audio file

.mp3

MPEG-2 audio file

.mpa

Ogg Vorbis audio file

.ogg

open type font file

.otf

Package file

.pkg

PNG image

.png

PostScript File

.ps

Read Hat Package Manager

.rpm

Save file (e.g., game safe file

.sav

SQL database file

.sql

What is the maximum limitation of RAM for Windows 7 Ultimate 64-bit?

192GB

What is the maximum partition size for Fat32?

2 TB

How many Gigabytes (GB) of storage space does a system running Windows (64-bit) require?

20 GB

in general terms the least amount of disk space needed for a installation of Linux

250mb

In general, __-bit applications can be run on __-bit systems, but not vice-versa.

32, 64

All Windows 7 editions other then Starter, have a limit of how much physical RAM?

4 GB

What is maximum physical memory for all editions of 32-bit Windows 10?

4 GB

What is maximum physical memory for all editions of 32-bit Windows 8/8.1?

4 GB

What is the maximum individual file size for Fat32?

4 GB

What is the maximum amount of RAM supported by 64-bit Microsoft Windows 7 Home Basic Edition?

8 GB

Script file syntax. These two syntax will allow you to insert a comment in a script file. Separate them with a comma (,)

::, REM

set command

A command used to view all variables in the shell, except special variables.

tasklist

A command-line version of the Task Manager

Local Users and Groups

A managment console that provides an interface for managing user and group accounts.(not available in Starter or Home editions)

BranchCache

A new feature of Windows 7 that enables users to rapidly access data from remotely located file and web servers. This enables users at a small branch to cache copies of frequently accessed files from head office servers on a local computer.

Factory Recovery Partition

A partition that contains an image of the bootable partition created when the computer was built.(Restores OS to factory settings)

Spotlight Search

A search tool in the macOS

Replay Attack

A type of network attack where an attacker captures network traffic and stores it for retransmission at a later time to gain unauthorized access to a network.

This is a common SOHO network hardware that allows hosts to connect to the network over WIFI

Access Point

Which of the following answers refer(s) to the Windows Remote Assistance utility?

Access based on one-time password / Temporal remote access / The host and invited user can both see the host's screen / The host and invited user share control over host's mouse and keyboard / Windows tool used for assisted remote troubleshooting.

ACL

Access control list. Rules applied by packet filter firewalls that filter data by IP address, Protocol ID, and Port Numbers

In order to join a Windows Domain you must follow these steps: 5. while in accounts click on ____ ____ ___ ___

Access work or school

Which of the following answers apply to Windows BitLocker?

Accessed via BitLocker Drive Encryption applet in Windows Control Panel / Does not require a TPM microcontroller to work / Not included in basic versions of Windows 8/8.1/10 (Windows 8/8.1 Core and Windows 10 Home)

A drive letter in Windows can be changed by:

Accessing Disk Management, right-clicking on a drive and selecting Change Drive Letter and Paths from the context menu

In order to join a Windows Domain you must follow these steps: 4. While in settings click on _____

Accounts

This is a notification area where you can often find important security settings and issues as well as system information in a Windows OS.

Action Center

bootrec /rebuildbcd

Adds missing Windows installations to the BCD

A shortcut icon to the Windows Memory Diagnostic tool (mdsched.exe) can be found in:

Administrative Tools folder in Control Panel

Windows Task Scheduler (taskschd.msc) is a component of Microsoft Windows that provides the capability to schedule the launch of programs or scripts at pre-defined times or after specified time intervals. Which of the following locations contains the application icon shortcut used for launching the Task Scheduler MMC snap-in?

Administrative Tools menu in Windows Control Panel

In order to join a Windows Domain you must follow these steps: 10. In the User account window, type your user name. From the account type drop down list you must then select ____ and afterwards click Next

Administrator

Very granular control over web elements can be configured for IE under the ________ tab of Internet Properties.

Advanced

What tab will allow you to enable quality of service policies on a router?

Advanced

Its best to check your it is enabled but almost all chipsets support this power management standard:

Advanced Configuration and Power Interface (ACPI)

AES is a WIFI encryption method and considered the most secure today. What does AES stand for?

Advanced Encryption Method

A phone uses a lot of battery power to search for and connect to cellular service while in low service areas. What mode can you enable to keep the battery strong?

Airplane

counter logs

Allow you to collect statistics about resources such as memory, disk, and processor

Event Viewer

Allows monitoring of Windows logs. System, security, application, and service events are recorded in these logs

The Devices and Printers applet in Windows:

Allows to add/remove wired and wireless devices / Provides a simplified view of all connected devices / Allows to troubleshoot a device that isn't working properly.

Local Security Policy

Allows you to view and edit currenty security policy

Credential Manager

Allows you to view cached passwords for websites and Windows/network accounts

Home Client

An OS designed to work on standalone or workgroup PCs in a home or small office

You and your team are working on a business's wireless network. You've compiled a Statement of Work (SOW) for the business you are working for and diagrammed the network, and the locations of the needed equipment. What critical data do you need to include next in your SOW?

Backout Plan

phishing

An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information

Phishing

An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information(combination of spoofing and social engineering)

Which of the following locations in macOS provides access to application updates menu?

App Store

APFS

Apple File System - used in macOS High Sierra or later which supports native file encryption

Finder

Apple equivalent of file explorer in Windows

Activity Monitor

Apple verstion of performance monitor

In Windows 7 what Task Manager tab allows you to close a application that isn't responding by right click the program and selecting the End Task button?

Applications

gpupdate

Applies a new or changed policy to a computer immediately

What is the role of management in Change Management?

Approving the plan and budget

Remote Assistance

Assigns a port dynamically from an ephemoral range

A good security protocol to implement in a public workspace on your computer or laptop is to put it into sleep/hibernation and require ____

Authentication on Wake-up

AAA

Authentication, Authorization, and Accounting

This feature helps keep a device's screen visible but as it constantly scans lighting situations can use more battery power when enabled.

Automatic Dimming

WiFi, GPS and Bluetooth are causing a customer's phone to overheat even while not in use. What are these functions referred to in this circumstance?

Background Functions

This is an improved version of a specific type of malware. It will encrypt your computers files until such a time as you pay the bad guys to have them unlock it by sending you a decryption key.

Crypto malware

Windows Task Manager can be launched by:

Ctrl+Shift+Esc key combination / Pressing Ctrl+Alt+Delete and selecting the Task Manager option from the menu screen / Right-clicking on the Windows Taskbar and selecting Task Manager / Typing taskmgr (or taskmgr.exe) in the Command Prompt and pressing Enter / Pressing simultaneously the Windows and R keys, typing taskmgr (or taskmgr.exe) in the Run window, and pressing Enter

After booting to UEFI mode the next step to completing a Windows installation is to select a _____ ____

Custom Installation

DoS attacks might be a precursor to a wider attack such as a _____ spoofing attack.

DNS

Paul bought a copy of Windows 10 that allowed him to install it onto only three different PCs. What type of agreement prevented him from installing it on a fourth PC?

DRM

This is a acronym for the restrictions placed on how software might only be used on a particular provider's phone.

DRM (Digital Rights Management)

Change management six steps Step 1. Procedures for handling changes Roles and responsibilities of the IT support staff Measurements for change management Tools to be used Type of changes to be handled and how to assign priorities Back-out procedures

Define change management process and practices

DoS attack

Denial of Service Attack - causes a service at a given host to fail or become unavailable to legitimate users

Windows Logo'd Product List (LPL) catalog contains information of what type of products known to work on their systems?

Devices and drivers

What is a bit referenced or called that is associated with a block of computer memory and indicates whether or not the corresponding block of memory has been modified?

Dirty bit

After identifying a malware infection and quarantining a computer you should first do this step before rebooting into Safe Mode and scanning for viruses to prevent possible reinfection.

Disable System Restore

List some common causes of failure to boot.

Disconnected SATA cable, corrupted boot sectors, BIOS/UEFI misconfigurations

You are using a USB device to install Windows 7 what do you need to run to clean it first?

DiskPart

Modify

Do most things with an object but not to change its permissions or owner

A group of computers and devices on a network that are administered as a unit with common rules and procedures is referred to as a?

Domain

A group of computers that share a directory database is known as?

Domain Network

Windows 10 greatly simplified installation of the operating system by undergoing massive changes to

Driver detection

The App Store menu in macOS provides access to:

Driver updates / Firmware updates / Antivirus updates / Anti-malware updates.

This takes into consideration the budget, security , and customer contract standards for performing a task and identifies the lines of responsibility and authorization for performing it.

Standard Operating Procedure (SOP)

This is a basic type of email security that screens emails as they come in and blocks suspicious ones.

Email Filtering

What can you do to keep a network connection open but still restrict what devices have access to it?

Enable MAC filtering

EFS

Encrypting File System - a windows feature that can encrpyt a folder or a file

What is a common way of mitigating password guessing attacks?

Failed attempts lockout

After Windows 10 Microsoft no longer releases new versions of Windows but instead maintains the OS with ____ ____

Feature Updates

In a multiboot environment when should you install older an OS?

First

Which of the following macOS utilities can be used for detecting and repairing disk-related problems?

First Aid (in Disk Utility)

The /f switch of the chkdsk command-line utility in MS Windows:

Fixes errors on the disk

chkdsk C: /f

Fixes file system errors on the disk drive C

What command would you use to convert a NTFS partition into a FAT32 partition?

Format

What tab of the MSConfig utility in Windows lists choices for startup configuration modes?

General

Which of the following tabs of the Windows Internet Properties applet provides an option for deleting temporary Internet files, cookies, web browsing history, Internet Explorer saved passwords, and saved data typed into web forms?

General

Which of the tabs of the System Configuration utility in Windows contains the Diagnostic startup option?

General

Which tab of the MSConfig utility in Windows lists choices for startup configuration modes?

General

The digitizer on a smartphone is completely unresponsive. You have tried restarting the phone but it has not helped. What should you try next?

Hard Reset

This ACPI mode referred to as S4 saves any open files (data) in memory to disk then turns power off.

Hibernate/Suspend to Disk

This is a power-saving state that puts your open documents and programs on your hard disk and then turns off your computer.

Hibernation (Mode)

A proprietary file system developed Apple is known as what?

Hierarchical File System (HFS)

What tab on a router's software allows you to check network status and see a map of connections?

Home

What tab on a router's software will allow you to check the status of the network and a map of connections on the network?

Home

Name that OS type: an OS designed to work on standalone or workgroup PCs in a home or small office

Home Client

The network connection says it is connected but no web pages are able to load. The next step to help trouble this situation is to ping an internet site by ___ ____

IP address

This type of file contains contents from an optical disc. It is often used to install OSs on virtual machines:

ISO file

This is a popular method of good practices and policies for delivering IT services:

IT Infrastructure Library (ITIL)

A cloud service that allows you to install and manage your own OS is a _____ service.

IaaS

Screen Sharing

In OS X, a utility to remotely view and control a Mac and is similar to Remote Assistance in Windows.

This ACPI mode cuts power to most devices but retains power to memory. It is referred to as ACPI S1-S3

Standby/Suspend to Ram

Windows Settings

Interface for managing a Windows 10 computer

Administrative Tools

Located in Control Panel in Windows 7, is a collection of predefined Microsoft Management Consoles

Hierarchical File System (HFS) is a proprietary file system for use on what type of Operating Systems?

MacOS

screen sharing

MacOS version of remote desktop functionality

This is the best source of information about the safe disposal of hazardous components.

Material Safety Data Sheet (MSDS)

_____ is a Microsoft-designed file system that offers encryption and ACLs.

NTFS

NFS

Network File System - used to mount storage devices into a local file system in linux

Windows 7 Minimum Hardware Requirements (x86)

Processor/CPU - 1 GHz processor Memory - 1 GB RAM Free disk space - 16 GB Video - DirectX 9 graphics device with WDDM* 1.0 or higher driver *Windows Display Driver Model

Windows 7 Minimum Hardware Requirements (x86)

Processor/CPU - 1 GHz processor Memory - 1 GB RAM Free disk space - 16 GB Video - DirectX 9 graphics device with WDDM* 1.0 or higher driver *Windows Display Driver Model -Win7 32-bit

Windows 7 Minimum Hardware Requirements (x64)

Processor/CPU - 1 GHz processor Memory - 2 GB RAM Free disk space - 20 GB Video - DirectX 9 graphics device with WDDM* 1.0 or higher driver *Windows Display Driver Model

Windows 10 Minimum Hardware Requirements (x86)

Processor/CPU - 1 GHz processor with support for PAE, NX, and SSE2 Memory - 1 GB RAM Free disk space - 16 GB Video - Microsoft DirectX 9 graphics device with WDDM* driver *Windows Display Driver Model

Windows 8/8.1 7 Minimum Hardware Requirements (x86)

Processor/CPU - 1 GHz processor with support for PAE, NX, and SSE2 Memory - 1 GB RAM Free disk space - 16 GB Video - Microsoft DirectX 9 graphics device with WDDM* driver *Windows Display Driver Model

Windows 10 Minimum Hardware Requirements (x86)

Processor/CPU - 1 GHz processor with support for PAE, NX, and SSE2 Memory - 1 GB RAM Free disk space - 16 GB Video - Microsoft DirectX 9 graphics device with WDDM* driver *Windows Display Driver Model -Win10 32-bit

Windows 8/8.1 Minimum Hardware Requirements (x86)

Processor/CPU - 1 GHz processor with support for PAE, NX, and SSE2 Memory - 1 GB RAM Free disk space - 16 GB Video - Microsoft DirectX 9 graphics device with WDDM* driver *Windows Display Driver Model -Win8/8.1 32-bit

Windows 10 Minimum Hardware Requirements (x64)

Processor/CPU - 1 GHz processor with support for PAE, NX, and SSE2 Memory - 2 GB RAM Free disk space - 20 GB Video - Microsoft DirectX 9 graphics device with WDDM* driver *Windows Display Driver Model

Windows 8/8.1 7 Minimum Hardware Requirements (x64)

Processor/CPU - 1 GHz processor with support for PAE, NX, and SSE2 Memory - 2 GB RAM Free disk space - 20 GB Video - Microsoft DirectX 9 graphics device with WDDM* driver *Windows Display Driver Model

Windows 10 Minimum Hardware Requirements (x64)

Processor/CPU - 1 GHz processor with support for PAE, NX, and SSE2 Memory - 2 GB RAM Free disk space - 20 GB Video - Microsoft DirectX 9 graphics device with WDDM* driver *Windows Display Driver Model -Win10 64-bit

A Windows Internet Properties system utility tab containing an option for managing Internet Explorer web browser add-ons is called:

Programs

An organization owns its own cloud infrastructure, and sells it to whoever needs it. This is a ______ cloud infrastructure.

Public

Which network profile in Windows by default disables the network discovery feature?

Public

Which of the Windows network profiles imposes the strongest security settings?

Public

What Windows feature allows a computer to return to its factor image at the cost of any data and installed applications?

Push Button Reset

Prioritizing network traffic based on a set of rules is called...

QoS

file attributes

R - read only H - hidden S - system, can not be deleted A - archive, modified since last backup

Enterprise mode replaces PSK with a ______ server for authentication.

RADIUS

This type of wireless authentication has users supply information to approved client devices such as wireless access points. The client device then transmits the data to a AAA server which must approve the request.

RADIUS

Which of the following should you install to support wireless authentication and network access?

RADIUS server

WPA uses a encryption and decryption cipher and key generator known as?

RC4/TKIP

Which of the following record types must your add to DNS to implement DNSSEC?

RRSIG DSNKEY

A feature involving using a USB flash drive as a cache to improve Windows performance is called ______.

Ready boost

This allows you to return a computer to its factory settings on most modern computers

Recovery Partition

Installation files for an OS are sometimes stored on the hard drive in the _____________.

Recovery partition

This repair option in Windows products recopies the system files and reverts most system settings to their default settings, but it can preserve user data and many apps installed via the Windows Store.

Refresh/Restore installation

What tool allows for the registering and unregistering of DLLs (Dynamic-Link Library)?

Regsrv32

ipconfig /release AdapterName

Release the IP address obtained from a DHCP server so the network adapter will no longer have an IP address

RDP

Remote Desktop Protocol - Runs on on TCP port 3389.

John's personal phone was stolen recently. He has work related data stored on his device. What common BYOD company policy will help prevent the loss of this data?

Remote Wipe

If a doctor loses an iPhone with patient information on it, what should be the first course of action to protect patient information?

Remote wipe

In order to ensure maximum security for your corporate owned mobile devices, which of the following should you make certain the device supports before you make your buying decisions?

Remote wipe Your MDM policies Lockout policies

crontab -r

Removes jon from a scheduled list in cron

ren

Renames a file or directory

Pharming

Reroutes requests for legitimate websites to false websites

pharming

Reroutes requests for legitimate websites to false websites

A customer calls and tells you that his smartphone's touch screen is not responding accurately. What can you advise him to do first?

Restart the phone

A customer calls you to ask why his printer which worked yesterday can no longer print from his Windows computer today. The customer needs to print his document as quickly as possible. You realize that this is most likely related to the new Windows patch that came out this morning. What can you advise the customer to do to fix this issue?

Roll back updates

Once it is on an infected computer this type of malware creates a backdoor for an attacker to connect to the computer from a remote location.

Rootkit

What type of malware infection will allow many background applications to run unnoticed until it affects PC performance?

Rootkit

This is a common SOHO network hardware that forwards packets over the WAN interface if they do not have a destination IP address.

Router

A customer brings you his computer and complains that its performance has been compromised during disk intensive activities. What can you do to correct this issue on his hard disk drive?

Run Defrag

To repair a Windows 7 installation there are 4 steps this is step 2

Run Setup

What batch file command allows you to declare a persistent environmental variable?

SETX

What command when added to System File Checker allows the tool to scan for files without attempting to fix them? Give the full read out.

SFC /verifyonly

What is the CLI program in Windows to find and repair corrupted system files?

SFC.exe

One security issue with system cloning is that since it is an exact copy of the original PC (known as the reference machine) it also copies this unique PC identifier

SID (security Identifier)

Which of the following macOS features allows to create switchable desktop environments?

Spaces

Which of the following best describes the activity of an intruder on the network who has changed the MAC address of their laptop to gain access to a network with MAC Filtering enabled?

Spoofing

This utility seeks to solve the issues of Drive Cloning by allowing for the generation of new computer names, unique SIDs, and custom driver cache databases.

SYSPREP

In a scenario where an abundance of computer resources are preventing it from fully loading its operating system booting into what might allow you to start trouble shooting it?

Safe Mode

After a OS update your computer is only displaying a black screen. You've reset the computer many times but it still persists. You want to roll the updates back but first you will need to boot into this mode in order to do so

Safe mode

The sfc command-line utility in MS Windows:

Scans the integrity of all protected system files and replaces incorrect versions with correct Microsoft versions.

Malware Removal steps: Step 5

Schedule ongoing updates

What option of a Unified Extensible Firmware Interface (UEFI) restricts OS installations only to trusted software

Secure Boot

SSH

Secure Shell is a network protocol for secure transfer of data between computers on port 22

This is a validation and encryption tool, part of the HTTPS protocol, which secures and encrypts data going back and forth between the server and the client browser.

Security Certificate

ITIL (Information Technology Infrastructure Library): things, processes, or people that contribute to the delivery of an IT service

Service Asset

Name that OS type: an OS designed to work with a handheld portable device. -Must have a touch-operated interface

Smartphone (also could be a Tablet or cellphone)

In Windows Disk Management utility, a volume status set to Failed Redundancy indicates that the data on a mirrored or RAID 5 volume is no longer fault tolerant because one of the underlying disks is not online.

True

In macOS, the term "local snapshot" refers to a backup copy of all personal and system files stored on the local machine instead of the preferred external drive. T or F

True

Introduced in Windows Vista, Windows Firewall with Advanced Security MMC snap-in offers more detailed configuration options allowing system administrators to execute more granular control over inbound and outbound network traffic. T or F

True

The -b netstat parameter in Microsoft Windows allows to display the name of an application involved in creating each connection or listening port. T or F

True

The function of the ODBC Data Sources (odbcad32.exe) configuration utility in Windows is to facilitate communication between applications and varying types of databases. T or F

True

Transmission carried out in one direction only is described as a simplex mode. Communication that takes place only in one direction at a time is referred to as half-duplex mode. Two devices communicating with each other in both directions simultaneously are said to be in full-duplex mode. Network devices supporting autonegotiation feature automatically configure best mode supported by both devices. Duplex mismatch is the term used for a situation where two devices communicate with each other using different duplex modes. T or F

True

Windows Memory Diagnostic Tool (mdsched.exe) cannot be run inside Windows. This utility requires a system restart and is launched during next boot before loading the operating system. T or F

True

he Task Manager's Users tab in MS Windows allows system administrators to disconnect a user (invoke a Windows lock screen) or to sign them off (force a user to log off). T or F

True

Hyper-V is a type ___ hypervisor.

Type I

You want to prevent anyone from being able to boot a computer that uses a software program tied into the computer's firmware to connect to the operating system. What security feature do you need to enable?

UEFI Password

All of these types of OS share a kernel and shell architecture. The Kernel provides the core functions and the shell the user interface

UNIX

Aside from Windows and macOS what is another type of Operating System "family" widely used around the world?

UNIX

MacOS and OS X were re-developed from the kernel of a operating system called?

UNIX

Unlike other types of Operating Systems this one is portable to different hardware platforms and can run on everything from personal computers to mainframes, etc.

UNIX

A Flash drive typically uses what type of boot connection method?

USB

What is required for BitLocker to be used in the case where a computer does not have Trusted Platform Module support?

USB drive startup key

Windows Easy Transfer is good for small migrations, but what tool is recommended for migrations of large groups of computers?

USMT (User State Migration Tool)

The Programs and Features Windows Control Panel applet can be used for:

Uninstalling applications / Conducting repair installation of a malfunctioning program / Adding/removing Windows components / Managing installed updates.

UDF

Universal Disk Format - updated file system for optical media with support for multi-session writing

UPnP

Universal Plug and Play: Enables network-ready devices to discover each other automatically. Also allows configurations for devices to work with firewalls

Which of the following is a non-proprietary RDP alternative that enables control over another computer on the network with the use of a graphical user interface?

VNC

A ___ creates a virtual (typically encrypted) tunnel between sites.

VPN

This extends a private secure encrypted path (or network) across a public network(and less secure path) like the internet, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network

VPN

Which of the following locations in Windows 8/8.1/10 provides access to configuration options that would allow to block incoming echo requests?

Windows Defender Firewall applet in Control Panel -> Advanced settings -> right-click on Inbound Rules -> New Rule... -> Custom -> All programs (or a single app)

BranchCache feature to optimize content delivery over what type of network? Acronym

WAN

This from of WiFi Security encryption uses a cipher for and a flawed 64-bit or 128-bit encryption key generator. The flaw lays in the way the key is generated and how an attacker can use a network capture or "packet sniffer" tool to capture this key fairly easily.

WEP (Wired Equivalent Privacy)

This is a form of WiFi Security encryption that uses the same cipher but a mechanism called Temporal Key Integrity Protocol to fix issues with better key generation than in previous forms of encryption.

WPA (WiFi Protected Access)

This from of WiFI Security encryption that uses previous upgrades to its key generation features but replaces the cipher with one that is much stronger then previous methods.

WPA2

What type of WIFI encryption method should you enable if you intend to use a Radius server for authentication?

WPA2 Enterprise

What type of WIFI encryption method should you use for Pre-Shared Key (PSK) authentication?

WPA2 Personal

New operating system updates (also known as OS Versions) can sometimes cause software or hardware device drivers to not work properly. Cloud services along with what other tool can help to mitigate these compatibility concerns?

Web Applications

Which of the following locations in Windows 8/8.1/10 provide access to configuration options for managing apps or features allowed through Windows Defender Firewall?

Windows Defender Firewall applet in Control Panel -> Turn Windows Defender Firewall on or off menu item / Windows Start button -> Settings -> Update & Security -> Windows Security -> Firewall & network protection -> Allow an app through firewall / Windows Defender Firewall applet in Control Panel -> Allow an app or feature through Windows Defender Firewall.

You suspect there is faulty RAM in a system. What Windows tool can be used to confirm this?

Windows Memory Diagnostics Tool

In order to update device drivers on Windows computers you can either drivers provided by the device manufacturer or this built in feature:

Windows Update

Which of the following sources allow for obtaining, installing, and updating device drivers used by Microsoft Windows OSs?

Windows Update / Device manufacturer

Everyone Group

Windows group that includes all users

This type of malware does not need user intervention or manipulation to spread once it is on a network.

Worm

Linux Bash shell script escape character

\

homegroup

a feature to secure access to shared folders and printers. (exists in windows 7 and 8 but not in later versions of windows 10)

ISO file

a file that contains all the contents of an optical disc

*REPLAY ATTACK*

a network attack where attackers intercept some authentication data and reuse it to try to re-establish a session

*BOTNET*

a network of computers that have been compromised by a Trojan, rootkit, or worm malware established by compromising 1 or 2 machines and using them as "handlers" or "masters"

*THREAT AGENT/THREAT ACTOR*

a person or event that triggers a vulnerability accidentally or exploit it intentionally

Trojan Horse

a program that appears desirable but actually contains something harmful

Worm

a software program capable of reproducing itself that can spread from one computer to the next over a network

*MAN-IN-THE-MIDDLE (MitM) ATTACK*

a specific type of spoofing attack when an attacker intercepts communication between two hosts in an attempt to gain access to authentication and network infrastructure information for future attacks or to gain direct access to packet contents

*RAINBOW TABLE*

a tool for speeding up attacks against Windows passwords a pre-computed table of all probable plain-text passwords (from the dictionary) and their matching hashes/"chains"(only the first and last values of the "chains" are stored, otherwise the table would require too much memory)

workgroup

a windows peer-to-peer network

shutdown -a

aborts command prompt shutdown

Computer systems are protected by_____ and accounts are protected by _____, typically passwords.

accounts, credentials

WOW64

acts as the emulator for allowing 32-bit applications to run seamlessly on a Windows 64-bit OS

*ZERO-DAY EXPLOIT*

an attack that exploits a vulnerability in software that is unknown to the software vendor and users and can be very destructive as it takes time for vendors to create patches, leaving the system vulnerable for days, weeks, or even years

*FOOTPRINTING*

an information-gathering threat where attackers try to learn the configuration of the network and security system (topology) through social engineering or software-based tools

This contains any information necessary to install files so the OS can be unattended during the setup process. Such as product key, disk partitions, computer name, language and networking settings.

answer file

Theses are 2 examples of SPEAR PHISHING:

attacker might know the name of a document the target is working on and send them a malicious copy attacker sends the target an email that shows the targets full name, job title, telephone #, or other details to help convince them that the communication is genuine

Rainbow Table Attack

attempts to discover the password from the hash using databases of precomputed hashes

A user inputs the configuration information in response to prompts from the set up program is called?

attended installtion

Applications that stream video and audio consume a lot of data and should be ____ if you do not wish to incur additional charges while using 3G or 4G connections.

avoided

After a BOT is installed, the attacker has a _____ to the device and can install and trigger zombies to launch attacks.

backdoor

hive

binary files that store the registry database

There are many ways of "watching", in reference to SHOULDER SURFING, which can include looking over their shoulder, high powered _____, and _____ to directly obverse the target from a remote location

binoculars, CCTV

ext3 vs ext4

both 64 bit file systems that suppor journaling but ext 4 delivers better performance

dock

bottom of screen gives one-click access to favorite apps and files in macOS

trace logs

can collect statistics about services, providing detailed reports about about resource behavior

shutdown /a

cancels the pc shutdown from the cmd prompt

What is the Linux command to change the current directory?

cd

What is the command-line command used for directory traversal?

cd

What cd command in Windows moves the command-line prompt one folder up in the directory tree?

cd ..

Which parameter of the cd command in Windows moves the command-line prompt one folder up in the directory tree (sets the prompt at the parent folder of the current folder)?

cd ..

What command in Windows Command Prompt changes the current directory to the root directory?

cd \

df and du

check free space and report usage by directories and files

cls

clears the command prompt screen

Adapter properties

clients - Provide connections to types of file servers such as Linux, Unix, or Windows Protocols - Provide the format for addressing and delivering data messages between systems Services - Allow your machine to provide network functionality to other machines

A *specific* example of PHISHING might be ...

creating spoofed "secure" financial or e-commerce website, emailing genuine users of that website telling them they must update their information and supplying them with the spoofed website link which will capture their log on credentials once entered.

format c:

formats a disk for use with Windows from the cmd prompt; Potentially data loss if it has any

A *specific* example of a PHYSICAL DoS attack would be...

cutting telephone lines or network cabling

Cryptographic hash functions might be vulnerable to _____ attacks and _____ _____ attacks, which are types of password attacks.

dictionary, brute force

If Windows can be deployed to multiple machines with similar hardware specifications what is a common method of deployment software used to clone an installation from one PC to the rest?

disk imaging software

What command prompt launches a GUI system utility for managing HDDs in Windows?

diskmgmt.msc

In the event that you have to copy the installation media to a computer's fixed disk what is the tool you use to set the partition as active?

diskpart

Which of the following commands in Windows Command Prompt launches a text-based command-line partitioning utility?

diskpart

A Windows command-line tool used for preparing and modifying contents of Windows images is known as:

dism

Deployment Image Servicing and Management is known as the acronym

dism

tasklist

displays a list of currently running processes from the cmd prompt

ps

displays linux processes that are currently running

ifconfig/iwconfig

displays the current state of network interfaces within linux

Hardware requirements for Linux depend upon the unique _____ of Linux you have chosen

distribution

Host Firewall

firewall implemented as software on the individual host computer

format D: /fs:NTFS /x

forces the volume to dismount

For a newly added hard drive, this command allows to configure it with a file system so that Windows can store information on the disk.

format

What command line prompt will automatically check a disk volume for errors the next time the computer is restarted?

fsutil

In order to join a Windows Domain you must follow these steps: 8. In the Join a domain window you must enter the ___ ___ ___ and then select OK

full domain name

A command-line command in MS Windows that displays Group Policy information for a machine or user is known as:

gpresult

What command line prompt allows an administrator to see how a system behaves for a group of users?

gpresult

Which of the command-line commands listed below allows for updating multiple Group Policy settings in MS Windows?

gpupdate

What is the CLI command to forcibly apply a new Group Policy update?

gpupdate /force

What is the Linux cocmmand to search for a matching string of text in a file?

grep

linux group commands

groupadd, groupmod, groupdel

taskkill /t /pid processid

halts any child processes

This type of feedback enables a touch screen device such as a smartphone to vibrate indicating a key has been touched when using its virtual keyboard.

haptic

Of the three major mobile OS's, Android is open-source whereas ________ and _______ are closed source.

iOS and Windows Phone

apt-get install (package name)

install new application

The way in which the installation program and settings are loaded onto the PC is referred to as:

installation boot method

clean install

installing an new OS that completely replaces the old one

in-place upgrade

installing on top of an existing version of OS

What is the name of an MS Windows command-line utility that can be used to display TCP/IP configuration settings?

ipconfig

Network resent in Windows 7/8

ipconfig /flushdns netsh int ip reset resetlog.txt netsh winsock reset

route

linux command that shows the default gateway because ifconfig does not

help netsat

lists all switches for the netstat command

netstat /?

lists all switches for the netstat command

dir/p

lists files one screen at a time

chkdsk /r

locates bad sectors and recovers readable information from the cmd prompt; also implies /f

In a BRUTE FORCE attack, a password that is under 7 characters and non-complex (using only letter) can be cracked in _____.

minutes

What command line command launches on startup services in Microsoft Windows systems?

msconfig.exe

What Command Prompt commands in Windows is used for listing a computer's connections to shared resources?

net share

What command prompt in Windows is used for listing a computer's connections to shared resources?

net use

Which of the following Command Prompt commands in Windows is used for listing a computer's connections to shared resources?

net use

What MS Windows command-line commands lists the user accounts for the computer

net user

Port Scanning on a Windows/Linux machine include the _____ command, which would list open connections on the local computer.

netstat

The _____ command is a more advanced probing tool that can give the attacker a great deal more information about the host

nmap

In this type of VDI virtual desktop is shared among multiple users

non-persistent

Social engineering usually takes advantage of _____, but can also take advantage of _____ pretending to be a user who needs help.

non-technical users, tech support staff

Which of the following CLI tools can be used for troubleshooting DNS-related problems?

nslookup

compmgmt.msc

opens the Computer Management console from runline

privacy screen

prevents anyone but the user from viewing the screen

Gordon calls the help desk for advice about moving his files from a older disk to a new disk. He wants to preserve the time stamps of the files he's been working on. What utility can you advise him to use to accomplish this task?

robocopy /mir

UNIX and Linux password storage mechanisms use _____.

salt (a random value added to plain-text to make passwords more secure and slowing down speed of rainbow table attacks)

hibernate mode

saves the current session to disk before powering off the computer

chkdsk C: /r

scans and attempts to recover bad sectors on drive C

sfc /scanonce

schedules a scan when the computer is next restarted

sfc /scanboot

schedules scans whenever the PC boots

You want to disable unecessary services on your Windows workstation. You press Win+R. What do you type to configure services?

services.msc

The following command can be used to shut down or restart a local or remote host running MS Windows.

shutdown

What is the Linux command to power down or restart a computer?

shutdown

The command to restart a Windows machine via the command prompt is _____________.

shutdown /r

What is the Windows CLI command to restart a computer?

shutdown /r

Which of the following command-line commands enables a full system shutdown and restart of an MS Windows host after a time-out period of two minutes?

shutdown /r /t 120

Which of the following is the correct command for setting the time-out period of 60 seconds before powering off a Windows host?

shutdown /s /t 60

system protection tab

tab in system properties that provides option for system restore

What command line prompt allows you to duplicate all files, folders and sub-folders from a hard drive to a back up device?

xcopy

Which of the Microsoft Windows command-line commands allow for copying multiple files or entire directory trees from one directory to another and for copying files across a network?

xcopy / robocopy

FAT

• FAT - File Allocation Table • One of the first PC-based file systems (circa 1980) -FAT32 - File Allocation Table • Larger (2 terabyte) volume sizes • Maximum file size of 4 gigabytes • Most common file type -exFAT - Extended File Allocation Table • Microsoft flash drive file system • Files can be larger than 4 gigabytes

Power options Applet

• Power plans • Power usage can be customized -Sleep (standby) Option • Open apps are stored in memory • Save power, startup quickly • Switches to hibernate if power is low -Hibernate Option • Open docs and apps are saved to disk, allows system to shutdown completely • Common on laptops

cp (Linux Command)

• Used to make a copy a file • Duplicate files or directories • cp SOURCE DEST • to create a copy of first.txt and name it second.txt, you use the command "> cp first.txt second.txt"


Kaugnay na mga set ng pag-aaral

Fundamentals Nursing Prep U Chapter 23 Asepsis and Infection Control

View Set

ECON 110 Macroeconomics Chapter 1-2

View Set

Chapter 8: Ciccarelli Psychology

View Set

Infectious disease - non antibiotics pharm practice quiz

View Set

marketing test 3 ch 20, AGR 130- CHAP. 9, Mktg TB: Chap 16, Chapter 16 - Practice Problems, MKT 230 Chapter 14, MKTG 351 CHAPTER 15, chpt 13, chapter 11marketing, MKTG CH 12 TRUE OR FALSE, Marketing Study Questions, ch 13, Chapter 11, Marketing 351 O...

View Set

Lecture quiz peripheral nervous system

View Set