Think of the A+ Core 2 exam like a complex machine. We're going to take it apart, understand each component, and put it back together in record time. We're starting with the first objective of the first domain, operating systems. By the time we're done, you'll be the master mechanic, ready to ace the exam. Let's tackle the first hurdle, understanding the different flavors of Windows 10 and how Windows 11 fits into the picture. Think of it like choosing an ice cream flavor. They all share a common base, the Windows operating system, but each has its own unique toppings and richness. We've got four main additions to focus on: Home, Pro, Pro for Workstations, and Enterprise. Windows 10 Home is your basic everyday flavor. It's perfect for general home use, browsing the web, checking email, and playing games. It's like a single scoop vanilla cone, reliable, and gets the job done. It can handle up to 128 GB of random access memory or RAM, which is like the size of your bowl, plenty for most home users. It also contains the remote desktop protocol, but it is client side only, meaning you can access other computers, but other computers cannot access yours. Windows 10 Pro steps it up a notch. It's like adding sprinkles and a cherry on top. It has everything home has, plus it can join a domain. A domain is like a private club for computers within a business, allowing centralized management. Pro also includes Bit Locker, which is like a super strong lock for your hard drive, protecting your data, and it supports a whopping 2 TB of RAM, a much bigger bowl. It also contains the remote desktop protocol, but it is client side only. Windows 10 Pro for workstations and enterprise are the mega Sundays of the Windows world. Designed for high performance machines and businesses, they can handle a massive 6 TB of RAM. Think of an Olympic size swimming pool filled with ice cream. That's for serious power users and servers. Pro for workstations and enterprise contain both a client and server side remote desktop protocol. Let's highlight the key differences. Remember these as their exam favorites. Domain access only pro for workstations and enterprise can join a domain. Home cannot remote desktop protocol RDP. All editions can use RDP to connect to other machines client side, but only Pro for workstation and enterprise editions can host RDP connections server side allowing others to connect to them. RAM limits home equal 128 GB. Pro equal 2 TB, Pro for Workstations, Enterprise equals 6 TB. Bit Locker full disc encryption only in Pro Pro for Workstations and Enterprise. HyperV. This is a tool used for making virtual machines and it is available on all of the additions except for the home edition. Group policy editor gpedit.msc a powerful tool for managing settings across many computers only available in pro for workstations and enterprise not home. Japedit.mse is the file name of the group policy editor. Now let's talk about upgrading. Think of it like trading in your old phone for a newer model. You can upgrade from Windows 7 Home. Basic and premium directly to Windows 10 Home. Windows 7 Pro and Ultimate go to Windows 10 Pro. Windows 7 Enterprise steps up to Windows 10 Enterprise. Windows 8.1 follows a similar path. Core connected versions go to Windows 10 Home and 8.1 Pro goes to Windows 10 Pro or Enterprise. You can also upgrade from Windows 10 Home to Pro. The key is most upgrades keep your data and settings. A full upgrade keeps your data. Downgrades do not keep your data. An in place upgrade reinstalls Windows but keeps your data and apps. Finally, let's touch on Windows 11. Don't be intimidated. It's like a redesigned version of Windows 10. The underlying structure, how apps work, the settings, the tools is very similar. So, if you know Windows 10, you're well on your way to understanding Windows 11. Upgrading from Windows 10 to Windows 11 is generally smooth and straightforward. So, there you have it. Windows editions demystified. Remember the ice cream analogy. Focus on the key differences and you'll be well prepared for this section of the exam. On to the next objective. Now that we've explored the landscape of Windows editions, let's get our hands dirty with the command line, the power users playground. Don't be intimidated. It's like learning a new language. And we'll focus on the most useful phrases. First, understand the environments. You have the classic command prompt, the original interface for basic commands. Think of it as the basic language. Then there's PowerShell, which is like command prompt plus a scripting language, much more powerful. Think of it like a power language. It is recommended to use PowerShell more than the command prompt. PowerShell can be run in elevated mode. This means to be run as an administrator. Finally, Windows Terminus like a multi-tabbed browser for your command line sessions. You can have command prompt and PowerShell open side by side. Let's start with navigation. These are like your basic directions. CD change directory. It's like moving between folders. CD goes up one level. CD folder name goes into a folder. DR directory. This lists all the files and folders in your current location, like looking at a map of the current folder. MD make directory. This creates a new folder, like building a new house. RMD deer, remove directory. This deletes a folder, like demolishing a house. But be careful. To switch drives, just type the drive letter followed by a colon. For example, C takes you to the C drive. Now, let's manipulate files. Copy. This copies files like making a photo copy. Copy source file destination file at copy. This is like copy but with more options like copying entire folders and their contents. Roocopy robust file copy. This is the superhero of copying. It can handle errors. Resume interrupted transfers and much more. It's your go-to for important backups. Dell delete. This deletes files. Be very careful with this one. Next, let's manage disks and the file system. Disk part. This is a powerful tool for creating, deleting, and managing partitions on your hard drive. Think of it like dividing your land into plots. It is run from the command line prompt. Then you are put into a disk part prompt. Format. This prepares a drive for use, erasing everything on it. It's like paving a new road. format drive letter SL FS file system type slash FS specifies the file system type such as NTFS XFAT or FAT32 defrag defragment over time files on your hard drive can become fragmented like scattered puzzle pieces defrag puts them back together improving performance this tool is mostly useful with HDDs but can be used with SSDs to optimize their performance let's analyze and repair our system. chkask/f check disk. This scans your hard drive for errors and fixes them like a doctor checking your systems health. The F parameter is for fixing the file system. JDS/R. This does what CHKDSK/F does and it locates bad sectors on the hard drive and recovers any readable data. SFC/cano system file checker. This scans for and repairs corrupted Windows system files like fixing broken windows in your operating systems house. Time for some advanced commands. GP update. This forces a refresh of group policy settings like updating the rules for a group of computers. Gres displays resultant set of policy RSOP information for a user or computer. Winenver. This shows you the exact version of Windows you're running, like checking the label on a product. Shutdown S or P. This shuts down your computer. The S parameter stands for shutdown. The P parameter stands for power off. Now, let's connect to the network. IP config/all internet protocol configuration. This shows you all your network adapter settings like your IP address, DNS servers, and MAC address. It's like getting your computer's network ID card. IP config/ flushdns clears DNS cache. Ping. This sends a test signal to another computer to see if it's reachable, like calling someone on the phone. Ping. IP address or website. Tracer. Trace route. This shows you the path your data takes to reach another computer, like tracking a package's journey. Path. Ping. This combines the ping and tracer command. Netstat. Network statistics. This shows you all your active network connections like looking at a list of who your computer is talking to. NS lookup name server lookup. This helps you troubleshoot DNS issues like finding the phone number for a website's name. NS lookup domain name net use allows the user to map or access shared resources like mapping a network drive. Host name displays the name of the current machine. Finally, if you're ever stuck, type the command name followed by a space. And this will give you help on that command, like reading the instruction manual. There you go, the command line demystified. Remember these commands, practice them, and you'll be a command line wizard in no time. All right, let's move on to mastering the features and tools within the Windows 10 operating system itself. Think of this as learning the control panel of a powerful spaceship. You need to know where everything is and what it does. We've explored the command line. Now, let's shift to the graphical tools that make Windows 10 tick. These are your everyday utilities for managing your system. First up, the task manager. This is your mission control, showing you everything that's running on your computer. You can access it quickly by pressing controll + shift plus escape or by right-clicking the taskbar and selecting task manager. Performance. See how your CPU, memory, disk, and network are being used. Processes. See which applications are running and how much resources they're consuming. You can end a misbehaving process here, like force quitting a frozen program. Startup. Control which programs automatically launch when Windows starts. Disabling unnecessary startup apps can significantly speed up your boot time. Services. Manage background tasks. Next, we have the Microsoft Management Console or MMC. Think of it as a customizable toolbox. It doesn't do anything on its own, but it's a shell for organizing other administrative tools called snap-ins. You open it by typing mmc.x in the run dialogue, Windows key plus R. Inside MMC, you can add various snap-ins to create your own custom management console. Here are some of the most important ones. event voir.msc event viewer. This is like a log book for your computer recording important events, errors, and warnings. It's crucial for troubleshooting. It shows system application and security logs. Disco amgt.msc disk management. This is where you manage your hard drives and partitions, creating, deleting, formatting, and assigning drive letters. Task HD.msc taskuler. This lets you automate tasks like running a backup program every night or starting a program at a specific time. DV MGMTMSC device manager. This is your hardware control center. You can update drivers, enable or disable devices, and troubleshoot hardware problems. Perfmon.msc performance monitor. This is a powerful tool for tracking system resource usage in real time like monitoring CPU usage, memory usage, and disk activity. Let's look at some of these snap-ins individually. Event viewer is like a log book that contains system, application, and security logs. Taskuler lets you automate tasks and programs. Device manager used to manage hardware. Certificate manager opened with Certmgrs. This lets you manage digital certificates which are used for secure communication and authentication. Local users and groups opened with luzer.mse, this is where you create and manage user accounts and groups on your computer not available in Windows 10 home. Performance monitor track system resource usage. So there you have it, the key features and tools of Windows 10. Master these and you'll be well equipped to manage and troubleshoot any Windows 10 system. Remember, practice makes perfect. So, explore these tools on your own computer. Let's navigate the Windows 10 control panel, the classic way to manage system settings. While many settings have moved to the modern settings app, the control panel still holds important utilities, and you need to know your way around it for the exam. We've covered the task manager and MMC. Now, let's head to the control panel. Think of it as the traditional settings hub for Windows. While the newer settings app is becoming more prominent, the control panel remains relevant, especially for some advanced configurations. You can open it by typing control.x in the run dialogue. The key here is to be familiar with the icon, name, and functionality of each utility. Don't memorize every detail, but know what each tool is generally used for. Here's a rundown of the important ones. Internet options in TCpl.Cpl. This is primarily for configuring Internet Explorer. It's less relevant now that Microsoft Edge is the default browser, but you might still encounter it. Devices and printers. This is where you add, remove, and manage printers, scanners, and other external devices. Programs and features. Appwiz.cpl. This is your go-to place for uninstalling programs, repairing installations, and adding or removing optional Windows features. You can also run older programs in compatibility mode. Here, network and sharing center. This is where you manage your network connections, configure network sharing, and troubleshoot network problems. System. This mostly redirects to the modern settings app, but it's good to know it exists in the control panel. Windows Defender Firewall. Firewall.cpl. This is where you control the built-in Windows firewall, enabling or disabling it, creating exceptions for specific programs, and configuring advanced firewall settings. Mail MC's.cpl. If you're using Microsoft Outlook, this is where you configure your email profiles. Note that there are two MMS's.cpl. Sound Memphisis.cpl. Configure audio devices. User accounts. This is where you manage user accounts, change passwords, and configure user account control settings. Device manager. Devg.msc. We've already covered this, but it's also accessible from the control panel. Remember, it's your hardware management center. Indexing options. This controls how Windows indexes your files for faster searching. You can customize which locations are indexed and how the indexer behaves. Administrative tools. This is a folder containing shortcuts to all the advanced administrative tools like event viewer, taskuler, and disk management. Many of the MMC snap-ins we discussed earlier. File Explorer options. This lets you customize how file explorer looks and behaves. showing or hiding hidden files, changing file extension visibility, and configuring other view options. Power options, power cfg.cpl. This is where you manage your power plans, choosing between balanced, power saver, and high performance modes. You can also configure sleep and hibernation settings. Here, ease of access center. This provides accessibility features for users with disabilities like the magnifier, narrator, and on-screen keyboard. That's the control panel in a nutshell. The key is familiarity, knowing what each utility generally does. Spend some time exploring these tools on your own system, and you'll be well prepared for the exam. We now move on to the modern settings app in Windows, the increasingly important hub for managing your system. This is where Microsoft is centralizing most configuration options, so it's crucial to be comfortable navigating it. We've conquered the control panel. Now, let's explore the settings app, the modern face of Windows configuration. This is where you'll find most of the everyday settings you need, and it's becoming more comprehensive with each Windows update. Think of the settings app as a streamlined, touchfriendly control center. Here's a breakdown of the key sections and what you can do in each. Time and language. This is where you set your time zone, date, time format, region, and language preferences. You can also configure speech recognition settings here. Update and security. This is your one-stop shop for Windows updates, security settings, and troubleshooting. Windows update. Check for and install updates. Configure update schedules and view your update history. Troubleshooters. Run automated troubleshooters to fix common problems with network connections, audio, printers, and more. Security settings. Manage the security settings. Windows update logs. Know these logs are located in C. Windows logs. Windows update. This is the file path for the folder containing the Windows update logs. Personalization. This is where you customize the look and feel of your desktop. Changing your background, colors, lock screen, themes, and fonts. Apps. This is where you manage your installed applications. Uninstall or modify apps. Remove or change installed programs. App permissions. Control which apps have access to your camera, microphone, location, and other resources. Default apps. Choose which apps open specific file types or protocols, like which browser opens when you click a web link. Privacy. This is where you control what data Windows collects and shares with Microsoft. You can manage privacy settings for your location, camera, microphone, contacts, calendar, and more. System. This is a big one containing many important subsections. Display. Configure your screen resolution, scaling, orientation, and multiple display settings. Power and sleep. Manage your power plans. Configure sleep and hibernation settings. And control when your display turns off. Storage. View your disk space usage. Manage storage devices. and configure storage sense which automatically cleans up temporary files and frees up space. About this shows you information about your system including your Windows edition, processor, RAM and device ID. It also provides access to advanced system settings which we'll cover later. Devices. This is where you manage your connected devices, printers, scanners, Bluetooth devices, mice, keyboards, and USB devices. You can also configure autoplay settings here. What happens when you plug in a USB drive, for example. Network and internet. This is where you configure your network connections, Wi-Fi, Ethernet, VPN, and dialup. You can also manage network settings like IP addresses and DNS servers. Gaming. This section contains options related to gaming, including game bar, game mode, and broadcasting settings. Accounts. This is where you manage your user accounts. sign-in options, passwords, pins, Windows Hello, and sync settings, syncing your settings across multiple devices. And that's the settings app in a nutshell. It's becoming the primary control center for Windows. So, spend some time exploring its various sections. The more familiar you are with it, the better prepared you'll be for the exam and for managing Windows 10 in general. All right, let's tackle networking in Windows. This section is all about connecting your computer to other devices and the internet and configuring those connections securely and efficiently. We've explored the individual settings within Windows. Now, let's see how to connect your computer to the outside world. This involves understanding different network types, configuring network settings, and ensuring secure connections. First, a fundamental concept, workg groupoup versus domain. Work group. Think of this as a small group of friends sharing files and printers directly with each other. It's a peer-to-peer network, meaning there's no central authority. Each computer manages its own user accounts and security. This is typical for home networks. Domain. This is like a corporate network with a central server, the domain controller managing user accounts, security policies and resources. It's a client server model providing centralized control and management. This is common in businesses local operating system firewall settings. The Windows firewall, it acts as a barrier blocking unauthorized network traffic from entering or leaving your computer. Now, let's configure your computer's network settings. Client network configuration. This involves understanding several key concepts. Internet protocol or IP addressing. Every device on a network needs a unique IP address like a phone number. You can configure this statically manually assigning an address or dynamically getting an address automatically from a DHCP server, usually your router. Domain name system or DNS settings. DNS servers translate human readable domain names like google.com into IP addresses. You usually get DNS server addresses automatically from your ISP or router. Subnet mask. This defines the network portion of an IP address like a zip code. Gateway. This is the address of your router. The device that connects your local network to the internet. Let's establish different types of network connections. virtual private network or VPN. This creates a secure encrypted connection over a public network like the internet, allowing you to access resources as if you were directly connected to a private network. It's like having a secure tunnel through the internet. Wired, a standard Ethernet connection using a network cable. Wireless, a Wi-Fi connection using a wireless network adapter. Wireless wide area network or WW uses cellular technology. Sometimes you need to use a proxy server. Proxy settings. A proxy server acts as an intermediary between your computer and the internet. It can be used for security, caching, or content filtering. You configure proxy settings by specifying the proxy servers address and port number. And you can create exceptions for specific websites or addresses. Windows distinguishes between public and private networks. Public networks when you connect to a public network, like at a coffee shop. Windows assumes it's untrusted and disables network discovery and file printer sharing. Private networks. When you connect to a private network, like your home network, Windows enables network discovery and sharing, allowing you to see and access other devices on the network. File Explorer navigation is important for accessing network resources. You can browse network paths and shares in file explorer just like you browse local folders. Network paths typically start with two backslashes a followed by the server name or IP address and then the share name. For example, a server name share name. Finally, metered connections. If you have a limited data plan, like on a mobile hotspot, you can set a network connection as metered. This tells Windows to limit background data usage, helping you avoid exceeding your data cap. That's a solid overview of Windows networking features. Remember the differences between work groups and domains. Understand the basics of IP addressing and be comfortable configuring different types of network connections. Practice these concepts and you'll be well prepared for the networking section of the exam. Let's master the art of installing and configuring applications. This is a fundamental skill for any IT professional and it goes beyond simply clicking next a few times. We've covered networking. Now, let's move on to the software that runs on our connected machines. Applications. Installing and configuring applications correctly is crucial for a smooth and secure computing experience. First, you must check the system requirements. It's like making sure you have the right ingredients before baking a cake. 32-bit versus 64-bit. This refers to the architecture of your processor and operating system. 64-bit systems can handle much more memory, RAM, and generally perform better than 32-bit systems. You need to make sure the application you're installing is compatible with your systems architecture. 64-bit applications are typically installed in the program files folder. 32-bit applications on a 64-bit system are usually installed in the program files x86 folder. This is a key distinction to remember. minimum and recommended requirements. The application's documentation will list the minimum requirements, the bare minimum needed to run the application, and the recommended requirements for optimal performance. Always aim for at least the recommended requirements. This includes things like processor speed, RAM, hard drive space, and graphics card. RAM limitations. Windows 10 Home is 128 GB. Windows 10 Pro is 2 TB. Windows 10 Pro for Workstations or Enterprise is 6 TB. 32-bit CPUs are limited to 4 GB of RAM. 64-bit CPUs have a default of up to 256 TB of RAM. Next, consider the operating system or OS requirements. Not all applications work on all operating systems. Make sure the application is compatible with your version of Windows or Macaus, Linux, etc. Now, let's talk about distribution methods. How you get the application? Physical media. This is becoming less common, but some applications still come on CDs or DVDs. Downloads. The most common method. Downloading the installer file from the internet. Always download from trusted sources. The application developer website for example to avoid malware. ISO files. An ISO file is like a virtual CD or DVD. You can mount it, make it appear as a drive and then run the installer from there. There are other important considerations. Impact on device. Will the application slow down your computer? Does it require a lot of resources? Impact on the network. Will the application use a lot of bandwidth? Does it need to connect to specific network resources? Impact on business operations. If you're installing an application in a business environment, how will it affect workflow, productivity, and security? Impact on security. Does the application require specific security permissions? Could it introduce vulnerabilities? User permissions. Does it require elevated permissions to use? Installing and configuring applications is more than just clicking through an installer. It's about understanding system requirements, choosing the right distribution method, and considering the broader impact. Master these concepts, and you'll be well on your way to becoming a software installation expert. We now broaden our perspective and talk about different types of operating systems and their characteristics. This is about understanding the broader ecosystem beyond just Windows. We've focused on Windows so far, but the world of operating systems is much bigger. Let's explore different OS types and their key features. We can broadly categorize operating systems into two main groups. Workstation operating systems. These are designed for desktop and laptop computers. The main players are Windows, the most popular workstation OS, known for its wide range of applications and hardware compatibility. Mac OS, Apple's operating system known for its user-friendly interface and focus on design and creativity. Linux, an open-source operating system known for its flexibility, stability, and command line power. There are many different distributions of Linux like Ubuntu, Fedora, and Debian, each with its own unique features. Chrome OS, a cloud-centric operating system developed by Google, primarily used on Chromebooks. It's lightweight and focused on web applications, cell phone, tablet operating systems. These are designed for mobile devices. The two dominant players are iOS iPad OS. Apple's mobile operating systems are known for their tight integration with Apple hardware and services. Android, an open-source mobile operating system developed by Google and used by a wide variety of manufacturers. A key concept here is open source versus closed source. Open source. The source code is freely available and anyone can modify and redistribute it. Android and Linux are examples of open-source operating systems. Closed source. The source code is proprietary and not publicly available. Apple is closed source. Windows is also closed source. Now let's talk about file systems. The way an operating system organizes and stores files on a storage device. Windows NTFS, new technology file system. The default file system for Windows, offering features like security permissions, encryption, and large file support. FAT32, file allocation table 32, an older file system compatible with many different operating systems, but with limitations on file size, 4GB maximum, and partition size. XFAT, extended file allocation table. Designed for removable media like USB drives and SD cards supporting large file sizes. Linux X3 third extended file system. An older Linux file system. X4th extended file system. The most common file system for Linux distributions offering improved performance and features over X3. NFES network file system used for accessing files across a network. Swap partition. Linux systems generally include a swap partition. This is used as overflow for RAM. Mac OS, APFS, Apple file system, the newer file system for MacOSS, optimized for SSDs and offering features like strong encryption and snapshots. HFS plus hierarchical file system plus the older file system for macOS. It's also important to understand vendor life cycle limitations. operating systems and devices have an endof life EOL or end of support date. After this date, the vendor no longer provides security updates or technical support. It's crucial to plan for upgrades to newer versions before the EOL date to maintain security and compatibility. Finally, operating system compatibility. In a diverse environment with different operating systems, compatibility can be a challenge. You need to consider how files and applications can be shared and accessed across different platforms. That's a broad overview of common operating system types and their characteristics. Understanding these differences is essential for managing a diverse IT environment. Remember the key concepts of open-source versus closed source, file system types, and vendor life cycle limitations. Let's get practical and talk about installing and upgrading operating systems. This is a core skill for any IT pro and it involves more than just popping in a disc and clicking next. We've explored different OS types. Now, let's learn how to install and upgrade them. This is a hands-on skill that's crucial for managing computers and keeping them up to date. First, let's talk about boot methods. How you start the installation process. USB booting from a USB flash drive is the most common method these days. You need to create a bootable USB drive with the OS installation files. Optical media. This means booting from a CD or DVD which is becoming less common. Network PXE boot. This involves booting from a network server. PXE stands for preboot execution environment. It's often used in corporate environments for deploying operating systems to many computers at once. Internal external drive. You can boot from an internal hard drive or an external hard drive connected via USB or other interfaces. Internetbased install downloads and installs the OS. Now let's explore different types of installations. Clean install. This is like starting with a blank slate. It wipes all existing data on the target drive and installs a fresh copy of the operating system. Upgrade. This updates an existing operating system to a newer version, usually retaining user data, settings, and applications. However, it's always a good idea to back up your data before an upgrade just in case. Unattended install. This is an automated installation that uses an answer file, usually an XML file for Windows, to provide all the necessary input like product keys, usernames, and network settings. It's great for installing Windows on many computers without having to manually answer the same questions repeatedly. Image deployment. This involves creating an image of an entire hard drive or partition, a snapshot of the entire system, and then deploying that image to other computers. It's a fast way to set up many identical systems. Before deploying, you must run the system preparation tool, CIS prep, to remove any duplicate settings. Network installation. This combines booting from the network PXE with installing the OS from files stored on a network server. Reset restore Windows 10 has built-in options to reset your PC, reinstalling Windows while keeping your personal files or removing everything, or restore your system to a previous state using system restore points. Recovery. Most devices come with a recovery partition or disk. Multiboot. It is possible to run more than one OS on a device. Now a bit on partitioning primary and extended partitions. There are a limited number of primary partitions but you can use an extended partition for more logical partitions. Basic versus dynamic. Dynamic volumes can be resized while basic partitions cannot. GPT versus MBR. These are two different ways of partitioning a hard drive. GPT GUID partition table. This is the modern standard supporting up to 128 partitions and drives larger than 2TB. It's used with UEFI, unified extensible firmware interface firmware, MBR, master boot record. This is the older standard limited to four primary partitions or three primary partitions and one extended partition and a maximum drive size of 2TB. It's used with older BIOS, basic input output system firmware. When you format a drive, you choose a drive format. For a Windows drive, you would more than likely choose NTFS. Before any upgrade, there should be some upgrade considerations, backups, application, and driver support, backward compatibility, feature updates. Finally, you must understand how to boot from a USB. To do this, you must select the USB device in the BIOS/ UEFI. Installing and upgrading operating systems is a core IT skill. Master these concepts, boot methods, installation types, partitioning schemes, and practice them in a virtual environment or on a test machine. You'll be well prepared to handle any OS installation scenario. All right, let's shift gears and explore the world of MechOs. This section is all about understanding the unique features and tools of Apple's desktop operating system. We've covered Windows extensively. Now, let's venture into the Apple ecosystem and explore Mac OS. It's a different world with its own distinct interface and tools. First, some Mac OS basics. Mac OS is a closed source operating system, meaning its source code is not publicly available. It's based on Unix BSD which gives it a strong foundation of stability and security. The Mac OS graphical user interface or GUI has some key elements. Menu bar at the top of the screen providing access to application menus and system controls. Doc at the bottom of the screen by default providing quick access to frequently used applications and files. System Preferences, the equivalent of the control panel in Windows, where you configure system settings. Let's explore some core features. Finder, this is the file manager in Makois, like file explorer in Windows. You use it to navigate your files, folders, and applications. Spotlight. This is a powerful search tool that allows you to quickly find files, applications, emails, and even information on the web. You can access it by pressing command plus spacebar. System preferences. As mentioned, this is where you configure all your system settings from network connections to display preferences to user accounts. Keychain. This is a password management utility that securely stores your passwords, certificates, and other sensitive information. You can sync your keychain with iCloud to access your passwords across all your Apple devices. Multiple desktops spaces. This feature allows you to create multiple virtual desktops, helping you organize your work and keep different tasks separate. Screen sharing. Mac OS has built-in screen sharing capabilities, allowing you to share your screen with other Mac users and even users on other platforms with third party applications. Boot Camp. This utility allows you to install and run Windows on your Mac alongside Mac OS, giving you the flexibility to use both operating systems. Now, let's talk about managing and maintaining your Mac, Finder, and Terminal. You can use Finder for most file management tasks, but Terminal, the command line interface, gives you more power and flexibility for advanced tasks. Time Machine. This is Apple's built-in backup utility. It automatically backs up your entire system to an external drive, allowing you to easily restore your files or your entire system if something goes wrong. Disk Utility. This tool is used for managing your hard drives and partitions, repairing disc errors, and erasing drives. File Vault. This is Mac OS's built-in full disk encryption feature, protecting your data from unauthorized access. Force quit, used to close frozen applications. Installing and uninstalling applications on Mac OS is generally straightforward. App Store. The easiest way to install applications is through the Mac App Store. DMG disc image. Many applications are distributed as DDMG files. These are like virtual discs that you mount and then drag the application to your applications folder. App application. This is the actual executable file for a Mac OS application. PPAG package. This is an installer package that may contain multiple files and run scripts to install an application. Finally, Apple ID and corporate restrictions. Your Apple ID is your account for accessing Apple services like iCloud, the App Store, and iMessage. You can use your Apple ID to sync settings, data, and applications across your Apple devices. In corporate environments, manage Apple WDES can be used to control access to company resources and enforce security policies. That's a solid overview of Mac OS features and tools. Remember the key elements of the interface, the core features like Spotlight and Time Machine and the different ways to install and manage applications. Now, let's conclude the operating systems domain by diving into the world of Linux. This section focuses on the core features and tools of this powerful and flexible open-source operating system. We've explored Windows and Macaus. Now, it's time to tackle Linux, a favorite among developers and system administrators for its power, flexibility, and open-source nature. Linux basics. Linux is an open-source operating system, meaning its source code is freely available and anyone can modify and redistribute it. This has led to a vast ecosystem of different Linux distributions, distros, each with its own unique features and package management systems. The command line is king in Linux. You interact with Linux primarily through the terminal which uses the bash shell, the command interpreter to execute commands. Mastering the command line is essential for working with Linux. The Linux file system has some key characteristics. GPT partitioning. Linux typically uses the GPT GUID partition table partitioning scheme which supports large drives and many partitions. X4 file system. The most common file system for Linux distributions is X4, fourth extended file system known for its reliability and performance. Swap partition used as overflow for RM. Here are some common commands you absolutely need to know. LS list directory contents like DR in Windows. CD change directory same as in Windows. PWD print the working directory shows your current location. MV move or rename files and directories. CP, copy files and directories. RM, remove, delete, files and directories. Be very careful with this one. Find, find files based on various criteria, name, type, size, etc. CAT, display the contents of a file. GP, search for text within files, a powerful tool for filtering output. DF, display disk space usage. CH mode, change file permissions, controlling who can read, write, and execute a file. Chow change the owner and group of a file. PS list running processes. Kill terminate a process like ending a task in task manager. Pseudo execute commands with elevated privileges apt the package management tool for Debian based distributions like Ubuntu. DNF Yum the package management tools for Fedora and Red Hat based distributions. Sue switch user package management is how you install update and remove software in Linux. dbian yubuntu apt update and and apt upgrade. Why? This command updates the package list and then upgrades all installed packages to their latest versions. The and means and. So it runs the second command only if the first one succeeds. The y flag automatically answers yes to any prompts. Apt list upgradeable lists all the packages that would be upgraded. Red Hat Fedora DNF update Y or Yum update Y on older systems. This does the same thing as apt update and an apt upgrade Y but for Red Hat-based distributions. Samba is an important tool for interoperability. Samba enables file and print sharing between Linux and Windows computers allowing them to seamlessly coexist on a network. System maintenance in Linux involves several tasks. Backup. You can back up files using commands like CP for simple copies, SCP for secure copies over a network or rsync for efficient incremental backups. Use built-in backups utility or third party solutions such as deja doop or gersync to backup data. Schedule backups. Schedule backups with chrome at systemmed or anacron tools. Anti-malware. Install anti-malware software for improved security. Some examples include Clam AV, Sofos, Fire Tools, and Rootkit Hunter. Linux is a powerful and versatile operating system, and mastering the command line is key to unlocking its potential. Remember the common commands, understand package management, and be familiar with system maintenance tasks. Practice these concepts, and you'll be well on your way to becoming a Linux pro. Let's break down the first objective of the security domain focusing on various security measures. We'll condense the information while ensuring we don't lose any crucial details. Security is paramount in IT and it comes in two main forms. Physical security and logical security. We'll cover both starting with physical. Physical security protecting the hardware. Think of physical security as the first line of defense, preventing unauthorized physical access to your computers, servers, and network equipment. It's like securing your house. Locks. The most basic form. Door locks, server rack locks, cable locks for laptops. They all prevent unauthorized access. Remember to document who has keys, rotate locks, and even consider cipher locks, entry systems, key cards using RFID, radio frequency identification, photo ID badges, key fobs, and smart cards like PIV or CAC cards, which have built-in processors for authentication. These control who can enter a building or room. Smart cards will sometimes use RSA tokens or one-time passwords. Access control vestibules, man traps, two doors that prevent tailgating, someone following you in without authorization. Biometrics using unique physical characteristics for identification. Fingerprints, palm prints, retina scans often combined with smart cards or used on laptops. USB fingerprint scanners. Other measures, fences, ballards, posts to prevent vehicle access, alarm systems, door, window sensors, motion detectors, video surveillance, CCTV or IP cameras, security guards, lighting, and even metal detectors. Physical security for staff. Staff will use a combination of key fobs, smart cards, keys, biometrics, protecting data physically, secure documents, shred unneeded ones, don't leave passwords visible, use privacy screens, and lock computers when away. Logical security, protecting the data and systems. Logical security is about protecting the software and data from unauthorized access. It's like having a strong password and antivirus software. Authentication, verifying who someone is. It comes in several forms. Knowledge factors, something you know, password, PIN. Possession factors, something you have, smart card, security token. Inherence factors, something you are, fingerprint, retina scan. Behavioral factors, something you do. Location-based factors, somewhere you are. Multiffactor authentication, MFA, combining two or more authentication factors for stronger security. Principle of least privilege, giving users only the minimum access they need to do their jobs. User account control, UAC, a Windows feature that keeps users in standard user mode, prompting for administrator credentials only when necessary. Authenticator applications, mobile apps like Google Authenticator that generate one-time codes for two-step verification. Mobile device management, MDM. MDM is about centrally managing and securing mobile devices, smartphones, tablets in an organization. It allows IT administrators to push updates, configure devices, enforce policies, and even remotely lock or wipe lost or stolen devices. Examples: Microsoft Intoune, VMware Airwatch, Cisco Mari, and SOti Moi Control. Active Directory AD Active Directory is the heart of Windows domain networks. It's a centralized system for managing user accounts, computer accounts, and security policies. Domain controller, a Windows server running AD, user accounts stored in organizational units, OS, which can have specific group policies applied. User profiles can be local stored on the computer or roaming stored on a server allowing users to access their settings from any computer on the domain. Log on scripts automate tasks when users log on like mapping network drives. Home folder, the default location for user documents, often redirected to a network share for central storage. Group policies, rules that control what users can and cannot do on the network, accessed via gpedit.msc, group policy editor, or sexaul.msc, local security policy, security groups, efficient way to assign permissions to resources. Examples include domain admins and backup operators, active directory path, active directory users and computers, domain name, users, additional logical security concepts, authenticator apps, two-step verification with codes, hard tokens, physical devices for authentication, soft tokens, virtual tokens installed on devices, access control lists, ACLs, permissions lists attached to files, folders, and network resources. SMS, short message service, vulnerable to attacks. Use anti-malware and encrypted messaging. Email secure with updates, training, encryption, and secure ports. Two-step verification is not two-factor authentication. Security is a layered approach combining physical and logical measures. Okay, let's decode wireless security. This objective is all about understanding the different ways to secure your Wi-Fi networks and authenticate users. Wireless networks are convenient, but they're also inherently less secure than wired networks because the signal is broadcast through the air. This is why strong security protocols and authentication methods are essential. Wireless protocols and encryption, locking down the airwaves. Think of wireless protocols as the rules of the road for Wi-Fi. Encryption is like scrambling the data so only authorized devices can understand it. DWPA2 Wi-Fi protected access 2, a strong protocol that uses AES, advanced encryption standard with a 128 bit key. WPA3 Wi-Fi protected access 3, the newest and strongest protocol using AES with a 192-bit key. If possible, use WPA3 TKIP temporal key integrity protocol, an older deprecated protocol. It's less secure than WPA2 and should be avoided. AES advanced encryption standard. This is the encryption method used by WPA2 and WPA3. It's a strong widely used standard. It comes in 128 bit, 192bit, and 256-bit versions. Open. This means no security, no password, no encryption only for very temporary low security situations. WP this is also deprecated and should be avoided. WPA2 enterprise and 802.1x. For larger networks like businesses, this uses a central authentication server, usually rais instead of a simple password. May also use single sign on or SSO servers. Key takeaway: WPA3 is best. WPA2 is good. TKIP and open networks are risky. Authentication methods. Verifying user identity authentication methods determine how users prove their identity to access the network. RA AIUS remote authentication dialin user service a centralized authentication system. Think of it like a security guard checking IDs at the door. It's often used for dialup VPN and wireless networks especially with WPA2 enterprise. It uses user datagramgram protocol or UDP ports 1812 and 1813. can be used for secure SSO access. TACACS+ terminal access controller access control system plus another centralized authentication system similar to R A D IUS but developed by Cisco. It uses transmission control protocol or TCP port 49. It separates authentication and authorization and provides more detailed accounting information than RAIUS Karos an authentication protocol used in Windows domains and other systems. It uses tickets to prove identity like a secure pass. The domain controller acts as the key distribution center KDC. It uses port 88. LDAP, a modified version is used by Active Directory and uses ports 389 and 636 for secure LDAP. It uses mutual authentication. Both the client and the server prove their identity to each other. Important port numbers to remember. RA AIUS UDP port 1812 and 1813. TACACS+ TCP port 49. Kerberos uses port 88. Key connections to understand. Connecting a wireless client to a RAIUS server typically uses WPA2 enterprise and port 1812. Karos provides security for clients connecting to active directory domain controllers using inbound port 88. Additional notes 802.1x is an ILE E standard that defines port-based network access control or PNAC. Authentication, authorization, and accounting are known as AAA. Wireless security is all about choosing the right protocol WPA3 or WPA2 using strong encryption AES and implementing robust authentication RAIUS TAC ACS plus or Kerberos for larger networks. Know the key protocols, encryption methods, and port numbers and you'll be well prepared for this section of the exam. Let's become malware hunters. This objective is about understanding different types of malware, how to detect and remove them, and most importantly, how to prevent them in the first place. Malware, short for malicious software, is any software designed to harm or disrupt the computer system. It comes in many forms, and knowing the differences, is crucial for effective defense. Malware types the rogues gallery virus. A piece of code that attaches itself to another program or file and spreads when that program or file is executed. It needs user interaction to spread. A worm is also considered a virus. Boot sector virus. A nasty type of virus that infects the boot sector of a hard drive, making it difficult to start the computer. Trojan horse. Malware disguised as a legitimate program. It tricks you into running it and then it carries out its malicious tasks in the background. Spyware software that secretly monitors your activity, browsing history, keystrokes, etc., and sends that information to a third party. Rootkit, a very stealthy type of malware that gains administrator level control of your system, hiding itself from detection. Ransomware encrypts your files and demands a ransom payment to decrypt them. It's like holding your data hostage. uses RSA encryption keys. Key logger records every key you press, capturing passwords, credit card numbers, and other sensitive information. Can be hardware, a physical device, or software. Cryptominer uses the computer's resources to mine cryptocurrency. Key takeaway: Know the defining characteristic of each malware type. Tools and methods: prevention, detection, and removal defense is a multi-layered approach. Antivirus AV software endpoint protection platforms your first line of defense. Run regular scans and make sure it's set to autoupdate its virus definitions. You can use a bootable USB drive with AV software to scan a system that won't boot. Operating system OS and application updates. Keep your OS and applications up to date. Updates often include security patches that fix vulnerabilities malware can exploit. firewall, a barrier that blocks unauthorized network traffic. Configure your firewall, like Windows Defender Firewall, accessible via firewall.cpl, to close inbound ports, and create exceptions for legitimate applications. Disable autoplay, auto run, prevent USB drives and optical discs from automatically running programs, which can be a way for malware to spread. Also disable in the BIOS system, file check, sfc, ensure operating system files are running correctly. Defense in depth. A layered security approach using multiple security measures so that if one fails, others are still in place. User education. This is crucial. Teach users about anti-fishing. Recognizing and avoiding fishing emails and websites. Malicious emails, texts, and attachments. Not opening suspicious attachments or clicking on links in untrusted emails or texts. Scanning removable media. Scanning USB drives and other removable media for malware before using them. Acceptable use policy, AUP, understanding the company's policy on acceptable computer and internet use. Consider a technical trainer. Specific malware removal strategies. Trojans. Use anti-malware tools or specialized scanners. Spyware. Use anti-spyware software. Check browser settings, fishing filters, certificate checks, and uninstall unnecessary applications and services. Root kits. These are very difficult to detect. You may need to use specialized rootkit removal tools or even reimage the system, wipe the drive, and reinstall the OS. Secure boot technology can help prevent these. Backup, restore, use backups. You can use recovery environments in Linux and Windows. Malware is a constant threat, but with a combination of good security software, regular updates, user education, and a layered defense approach, you can significantly reduce your risk. know the different malware types, the tools for preventing and removing them, and the importance of user awareness. We now become experts in human deception and digital threats. This objective is all about understanding how attackers manipulate people and exploit vulnerabilities in systems. Technology alone can't protect against every threat. Attackers often target the human element through social engineering and they exploit vulnerabilities in systems and software. Social engineering, the art of deception. Social engineering is about manipulating people into revealing confidential information or taking actions that compromise security. It's like a con artist tricking you. Fishing fake emails that look legitimate. trying to trick you into giving up your username, password, or other personal information. Spear fishing, targeted fishing attacks aimed at specific individuals or groups. Whailing fishing attacks that target high-profile individuals like CEOs. Vishing, voice fishing, fishing attacks are carried out over the phone, often using automated messages. Evil twin, a fake Wi-Fi access point that looks like a legitimate one designed to steal your login credentials or other data. Use VPNs or outside authentication to prevent or protect against this threat. Shoulder surfing, secretly watching someone enter their password, PIN, or other sensitive information. Use screen filters to prevent this. Piggybacking, tailgating, following someone through a secure door without authorization. Prevent with access control and MFA. Dumpster diving. Searching through trash for documents containing sensitive information. shred or incinerate confidential documents. Impersonation. Pretending to be someone else like a technician or a help desk employee to gain access or information. Threats. Exploiting vulnerabilities. Threats are the specific ways attackers try to harm systems or steal data. Spoofing attacks. Falsifying information. Also often used in on path attacks. On path attack, attackers intercept data between a client and server and modify it. Zeroday attacks, exploiting vulnerabilities that are unknown to the software vendor or the public. These are particularly dangerous because there's no patch available yet. Distributed denial of service, DDoS, flooding a server or website with so much traffic that it becomes unavailable to legitimate users. Attackers often use botnetss, networks of compromised computers, to carry out DDoS attacks. Denial of service, DOS, similar to DDoS, but usually from a single source. Examples include ping floods and smurf attacks. Password cracking, dictionary attack, trying common passwords from a list. Brute force attack, trying every possible combination of characters until the correct password is found. Crypt analysis attacks uses rainbow tables which have pre-calculated encrypted passwords. Use salting to prevent additional security threats. Insider threat, malicious personnel or devices, cross- sight scripting, code injected into a web page, SQL injection, database vulnerabilities, vulnerabilities, weaknesses to exploit. Vulnerabilities are weaknesses in systems or software that attackers can exploit. Non-compliance systems, systems that don't follow security best practices, like not using strong passwords. Unpatched systems, systems that haven't had security updates applied, leaving them vulnerable to known exploits. Unprotected systems, systems without antivirus software or a firewall. End of life, EOL operating systems, operating systems that are no longer supported by the vendor and no longer receive security updates. BYOD, bring your own device. Personal devices used for work, which can introduce security risks if not properly managed. Use storage segmentation and an MDM solution. Protecting against social engineering and digital threats requires a combination of technical measures like firewalls and updates and human awareness, recognizing fishing emails, and practicing good security habits. Understand the different types of attacks, the vulnerabilities they exploit, and the best practices for prevention. Let's lock down Windows. This objective is about configuring the built-in security features of the Windows operating system to protect your system and data. Windows has a suite of built-in security features that when properly configured can significantly enhance your systems defenses. We'll cover anti virus, firewall, user accounts, permissions and encryption, Windows security settings, your built-in Arsenal Windows Defender. Anti virus. This is your built-in anti virus software. You can access it through the Windows Security app. Search for it in the Start menu or type Windows Defender in the run dialogue. Activate. Deactivate. Make sure it's turned on. Update definitions. Keep the virus definitions up to date so it can detect the latest threats. Manage settings. Stop real-time protection. Windows Defender Firewall. This is your built-in firewall blocking unauthorized network traffic. You can access it through the Windows security app. The control panel firewall.cpl or by running wf.msc. Enable disable. Generally, keep it enabled. Port exceptions. Create exceptions to allow specific programs to communicate through the firewall. Application restrictions control which applications are allowed to access the network. Netch or powershell. You can also configure the firewall using these command line tools. If you have issues updating firewall settings, make sure the Windows Defender firewall service is enabled and running in services.msc users and groups. This is where you manage user accounts and their permissions. You can access it through local users and groups. Lumia.msc local versus Microsoft account. A local account is specific to that computer. A Microsoft account is linked to your Microsoft online account. Standard administrator. Standard users have limited privileges. Administrators have full control. Guest/power user. The guest account has very limited access. Power users have more privileges than standard users, but fewer than administrators. Modify accounts. You can enable, disable accounts, change group membership, set profile paths, configure logon scripts, and set home folders. Login options, username, password, PIN, fingerprint, facial recognition, SSO, NTFS versus share permissions. These control access to files and folders. NTFS permissions apply to users who log on locally to the computer. Share permissions apply to users who access files and folders over the network. Most restrictive wins if there's a conflict between NTFS and share permissions. The most restrictive setting takes precedence. Inheritance folders and files inherit permissions from their parent folder by default. You can disable inheritance to set custom permissions. If you copy files or folders, it will inherit the permissions of the new folder. If you move files within the same volume, it retains the original permissions. If you move data to another volume, it inherits the permissions of the new volume. Run as administrator versus standard user. For security, it's best to use a standard user account for everyday tasks and only use an administrator account when necessary. You can rightclick an application and select run as administrator to temporarily elevate privileges. Bit locker. This is full disk encryption protecting all the data on your hard drive. TPM chip or USB key. Bit Locker usually requires a TPM trusted platform module chip on your motherboard or you can use a USB flash drive as a key. It requires two volumes AES cipher strength. You can increase the encryption strength to 256bit via group policy. Bit Locker to go. This encrypts removable drives like USB flash drives. Encrypting file system, EFS. This allows you to encrypt individual files and folders rather than the entire drive. It uses a certificate and the administrator can be configured as a recovery agent. Administrative shares, hidden shares with a dollar sign. Windows provides a robust set of security tools. Understand how to configure Windows Defender antiirus and firewall. Manage user accounts and permissions. And use Bit Locker and EFS for encryption. Key reminders. Know the different user account types, administrator, power user, guest, standard user, and their capabilities. Understand the difference between NTFS and share permissions and how inheritance works. Know that Bit Locker requires a TPM chip or a USB key and that it encrypts the entire drive. Hidden administrative shares can be identified by a dollar sign. Asterisk know how to enable disable accounts. reset passwords and modify password policy. Master these concepts and you'll be well on your way to securing Windows systems. Let's make those workstations fortresses. This objective is about implementing security best practices, the everyday habits and configurations that help keep systems secure. Beyond the built-in Windows security features, there are many best practices you should implement to create a truly secure workstation. These are the habits and configurations that make a real difference. Data at rest encryption protecting stored data disk. Encryption encrypt the entire hard drive so that even if the computer is stolen, the data can't be accessed without the decryption key. Bit locker built into Windows Pro and enterprise is a good option or you can use third party software like Vera. Password best practices the foundation of security complexity requirements. Strong passwords are essential. Uppercase and lowercase letters, numbers, special characters. Minimum length at least 10 characters, but 16 or more is even better. Password policy. You can enforce these requirements using the local security policy seps. End user best practices. The human factor. These are the everyday habits that users should follow. Screen saver locks. Configure the screen saver to require a password after a period of inactivity. Log off. Log off or lock the computer when leaving the workstation unattended. Secure hardware. Physically secure laptops and other devices, for example, using cable locks. Secure personally identifiable information, PII. Protect sensitive data like social security numbers, credit card numbers, and medical information. Disable auto run and autoplay. prevent USB drives and optical discs from automatically running programs, which can be a way for malware to spread. You can do this in Windows settings, group policy editor for domain joined computers, and the BIOS, account management, controlling access, restrict user permissions, grant users only the minimum permissions they need to do their jobs. The principle of lease privilege, restrict login times, limit when users can log on if appropriate, for example, for temporary employees. Expiration dates if possible. Set expiration dates on accounts such as when contractors leave. Disable guest accounts. The guest account should generally be disabled for security reasons. Lockout threshold. Configure the account lockout policy. A secole.msc to lock accounts after a certain number of failed login attempts preventing brute force password attacks. Change default administrator account. Rename the default administrator account and give it a strong unique password. Securing a workstation is a combination of technical configurations and user habits. Encrypt the hard drive. Enforce strong passwords. Educate users and manage accounts carefully. Key reminders. A strong complex password includes uppercase and lowercase letters, numbers, and special characters, and is at least 10 characters long, preferably 16 or more. You can disable autoplay in Windows settings and the group policy editor. You can enable disable accounts, reset passwords, and modify the password policy in local users and groups, lucarmmgar.msc, and local security policy, sepole.msc. Implement these best practices, and you'll create a much more secure computing environment. Time to secure those pocketsiz powerhouses. This objective is all about protecting mobile devices, smartphones and tablets, and embedded systems like IoT devices, which have unique security challenges. Mobile devices and embedded systems are increasingly important, but they also introduce new security risks. They're often portable, easily lost or stolen, and connected to networks, making them attractive targets. Screen locks, the first line of defense. Types of locks. Facial recognition, using your face to unlock the device. PIN codes, a numeric password. Fingerprint, using your fingerprint to unlock. Pattern, drawing a pattern on the screen. Swipe, a simple swipe gesture, least secure. Don't show passwords. Make sure the device doesn't display the password as you type it. Timeout. Power button. Configure the device to lock automatically after a period of inactivity or when the power button is pressed. Lockout thresholds. The device should lock after a certain number of failed login attempts. Some apps might even take a picture of the user after repeated failed attempts. Remote wipes. The nuclear option. Remote wipe. If a device is lost or stolen, you can remotely erase all the data on it, preventing unauthorized access. This is often done through a mobile device management MDM server. Locator applications finding lost devices locator apps. These apps use GPS, global positioning system, or other location services to track the devices location. Examples include Google's Find My Device for Android and Find My for Apple devices, OS updates, staying protected, system and security updates, regularly install updates to the operating system and applications to patch security vulnerabilities. Device encryption protecting data at rest device encryption. Encrypt the entire devices storage so that even if it's stolen, the data can't be accessed without the decryption key. Remote backup applications safeguarding data. Remote backups. Regularly back up the devices data to the cloud or a computer so you can restore it if the device is lost, stolen, or damaged. Examples: Google Drive, iCloud, failed login attempt restrictions, preventing brute force attacks. Account lockout. The device should lock the account after a certain number of failed login attempts and potentially for a set period of time. Antivirus/anti malware protecting against malicious software mobile security suites. Install and regularly update antivirus/antimalware software on mobile devices. Firewalls blocking unauthorized network access. Firewalls. Mobile devices often have built-in firewalls or you can install third party firewall apps. Policies and procedures. Setting the rules. Usage. Agreements. Define clear policies for how employees can use mobile devices for work. BYOD, bring your own device policies. If employees use their personal devices for work, have a BYOD policy that addresses security concerns. COP corporateowned personally enabled internet of things IoT, the expanding attack surface, IoT devices, smart thermostats, security cameras, etc. Introduce new security challenges. Secure IoT devices. Use complex passwords and passphrases. Use encryption. Use multiffactor authentication. Keep firmware up to date. Use network segmentation to isolate IoT devices from other parts of the network. Monitor IoT devices with a network access control NAC tool. Secure the internet connection. Profile security requirements. Create profiles templates to easily configure mobile devices. Always require a valid certificate. secure various services, email, VPN, and Wi-Fi. Security concerns, jailbreaking iOS, and rooting Android. This removes security restrictions, but it often voids the warranty. Mobile devices and IoT devices require a layered security approach. Use strong screen locks, enable remote wipe capabilities, keep software updated, encrypt the device, and implement sound policies. Key reminders. Configure screen locks using fingerprint, face, swipe, pattern, and password locks. And disable visible passwords. Understand the consequences of entering an incorrect passcode too many times. Know how locator apps and remote wipes work. Regularly update Android and iOS devices. Understand the terms jailbreaking and rooting. Secure IoT devices by using strong passwords, encryption, updates, and network segmentation. By implementing these security measures, you can significantly reduce the risks associated with mobile and embedded devices. Let's talk about securely getting rid of data. This objective is crucial for protecting sensitive information and complying with privacy regulations. It's not just about deleting files. It's about making sure data is unreoverable. When you dispose of a computer, hard drive, or other storage device, simply deleting files or formatting the drive isn't enough. Sensitive data can often be recovered. You need to use proper data destruction and disposal methods to ensure data is truly gone. Data security 101 beyond deletion plan ahead. Before you dispose of any device, have a plan for securely removing the data. The method you choose depends on the sensitivity of the data and the drive's final destination. Formatting. Highle formats include quick and full formatting. Quick format data is recoverable. Full format writes zeros to the entire partition. Low-level formatting is done by the manufacturer. Overwriting drives making data unreoverable. Deleting a file or doing a quick format only removes the pointers to the data. The data itself still exists on the drive until it's overwritten by new data. Overwriting writes random data, often zeros, over the entire drive, making the original data unreoverable. Windows full format. A full format in Windows writes zeros to the entire drive, making data recovery much more difficult. Format E FS NTFS/P2. This command formats the E drive with the NTFS file system and overwrites the data with two passes of zeros. You can increase the number of passes for even greater security. The P parameter stands for passes. Disk part with clean all command. This command used within the disk part utility overwrites every sector on the drive with zeros. Linux Mac OS DD command. The DD command data duplicator can be used to overwrite a drive with zeros. For example, pseud if equal sign/dev/z of equal signb1. This overwrites the entire /dev/ SDB1 device with zeros. Be extremely careful with this command as using the wrong device name can wipe the wrong drive. NIST800 88 guidelines the gold standard. The National Institute of Standards and Technology NIST provides guidelines for data sanitization making data unreoverable. Clear. This removes data in a way that makes it difficult to recover using standard tools. But it might be recoverable with specialized forensic techniques. Overwriting like a full format with multiple passes or using disc wiping software is considered clearing. This is suitable for reusing a drive within the same organization but not for highly sensitive data. Purge. This removes data with a higher level of assurance that it's unreoverable. Secure erase. Many modern drives have a built-in secure erase command that overwrites the entire drive in a way that's very difficult to recover. Deosing. This uses a strong magnetic field to erase data on magnetic media like hard drives. It's effective, but it renders the drive unusable. Destroy. This means physically destroying the storage media, making data recovery impossible. Methods include drilling holes through the platters of a hard drive, incinerating the device, shredding, pulverizing the device into small pieces, certification and chain of custody, certificate of destruction. If you outsource data destruction to a third party company, obtain a certificate of destruction to prove that the data was securely destroyed. This is often required for compliance with data privacy regulations. Chain of custody. Document the entire process of handling and transporting the device to ensure it's not tampered with. Most organizations will not have the equipment to destroy the media and rely on a third party. Secure data destruction is essential for protecting sensitive information. Understand the differences between clearing, purging, and destruction and choose the appropriate method based on the sensitivity of the data and NIST guidelines. Key reminder, know the differences between clearing, recoverable with specialized tools, purging, very difficult to recover, and destruction, impossible to recover. By following these best practices, you can ensure that data is truly gone when you dispose of storage devices. We will move to secure those home and small office networks. This objective is about configuring routers and network settings to protect against unauthorized access and attacks. Small office home office s networks often use a single router that combines multiple functions. Switch, router, firewall, and wireless access point. Securing this device and configuring network settings correctly is crucial for protecting your data and privacy. S O H O router settings the control center always backup settings update firmware and then save. Change default passwords. This is the most important first step. Change the default administrator password and any default user passwords to strong unique passwords. Wireless specific settings. Change disable SSID. Change the default SSID service set identifier which is the name of your Wi-Fi network. You can also disable SSID broadcast to hide the network from casual scans, though this doesn't provide strong security. Antennas and radio power levels. Placement. Center the access point within your home or office for optimal coverage. Power levels. Lower the transmission power to limit the range of your Wi-Fi signal, reducing the chance of unauthorized access from outside. Antenna orientation. Adjust the antenna orientation to fine-tune coverage. Keep wireless access points away from sources of EM interference. Guest networks. Many routers allow you to create a separate guest network with its own SSSID and password. This isolates guests from your main network, improving security. It may be safer to use a separate WAP, disabling WPS, Wi-Fi protected setup. WPS is a feature designed to simplify connecting devices to a Wi-Fi network, but it's vulnerable to brute force attacks. Disable it. Enable MACIP filtering. You can configure the router to allow or deny access based on the MAC address, media access control address, a unique hardware identifier or IP address of devices. However, this can be bypassed. Assigning static IP addresses. DHCP scope limit the range of IP addresses that the router automatically assigns the DHCP scope. Static IPs. Assign static IP addresses to devices that need consistent addresses like servers and printers. Consider assigning a static IP to the wide area network or W side for a port forwarding servers or VPN connections. Firewall settings. NAT network address translation. This hides your internal IP addresses from the outside world, providing a basic level of security. Port forwarding. This allows you to direct incoming traffic on specific ports to specific devices on your internal network. For example, forwarding port 80 to a web server. Screen subnets, DMZs, ADMZ, demilitarized zone, is a separate network segment for publicly accessible servers, isolating them from your internal network. Disabling UPN, universal plug-and-play. UPN can be convenient, but it can also create security vulnerabilities. Disable it if you don't need it. Content filtering parental controls. Many routers offer features to block specific websites or domains or to restrict internet access based on time schedules, disabling physical ports. Disable any unused Ethernet ports on the router to prevent unauthorized wired connections. Physical security protecting the device. Physically secure the router in a locked room or cabinet or place it high up where it's difficult to tamper with. Securing a SOS network involves a combination of router configuration, wireless settings, and physical security. Key reminders: change the default administrator password first. Strategically place your access points. Adjust radio power levels and configure antennas. MAC filtering and IP filtering can help control access, but they're not foolproof. Disable any unused physical ports on the router. By implementing these measures, you can significantly improve the security of your home or small office network. Let's lock down those web browsers. This objective is about securing the gateway to the internet, the web browser, and configuring it for safe and private browsing. Web browsers are essential tools, but they can also be a major source of security vulnerabilities. will cover how to install browser securely, configure security settings, and manage extensions and plugins. Browser download installation starting securely. Trusted sources. Always download browsers from the official vendor websites. Microsofted Edge, Microsoft.com/n-eus/edge, Google Chrome.google.com/chrome/mosilla Firefox, misilla.org/n-us/firefox/new/applesafari macos support.apple.com apple.com/d downloads/safariopera opera.com/d download set as default. After installing, you can set the new browser as your default in Windows settings, apps, default apps. Hashing. You can check the hash, a cryptographic fingerprint of the downloaded file to verify its integrity, but this is less common now that most browsers use HTTPS connections. Browser settings, the control panel. Each browser has its own settings area. Edge Edge Settings or Settings menu and upper right Chrome Chrome Settings or Settings menu and upper right Firefox about preferences or preferences menu and upper right Safari Safari preferences from the menu. Key takeaway: Know how to access the settings in Edge and Chrome. Extensions and plugins. Adding and managing functionality. Extensions and plugins add extra features to your browser, but they can also be a security risk. Trusted sources only install extensions from trusted sources like the official Chrome Web Store or Firefox add-ons site. Enable disable. You can manage extensions in the browser settings. Edge Edge extensions Chrome Chrome extensions Firefox add-ons extensions about add-ins. Password managers storing credentials securely password managers. Browsers have built-in password managers that can store your login credentials. Local or cloud passwords can be stored locally on your computer or synced to a cloud service like your Microsoft account or Google account. Disable. You can disable the browser's password manager if your organization has a different password management policy. Edge. Edge. Settings. Passwords. Chrome. Chrome. Settings. Password. Secure connections. Encrypting your traffic. TLS, transport layer security. This is the protocol that encrypts your communication with websites, ensuring that your data is protected in transit. Check TLS settings. You can check TLS settings in Internet Properties. ITCP.cpl advanced. Chrome uses these settings while Firefox has its own settings about.config. HTTPS. Look for the padlock icon and https in the address bar indicating a secure connection. Trusted untrusted sites. You can configure security levels for specific websites or zones in internet properties. Security tab settings. Privacy and security controls. Pop-up blocker. Enable the pop-up blocker to prevent annoying pop-up windows. Edge. Edge. Settings/content. Pop-ups and redirects. Chrome. Chrome. Settings. content pop-ups and redirects. Clear browsing data regularly clear your browsing history, cache, cookies, and saved passwords to protect your privacy. Edge edge settings privacy clear browsing data. Chrome Chrome settings privacy clear browsing data signin/data synchronization. You can sign into your browser with your Microsoft account, Edge, or Google account, Chrome, to sync your settings, bookmarks, and history across multiple devices. Edge, Edge, Settings, profiles, sync, Chrome, Chrome settings, sync setup, private browsing. Use private browsing mode, in private in Edge, incognito, in Chrome to browse without saving your history, cookies, or other data. You can usually start a private browsing window by pressing cr plus shift +n. General browser security procedures. Implement policies. Organizations should have clear policies for browser usage and security. Train users. Educate users about safe browsing habits, fishing attacks, and other online threats. Use proxy and content filtering. Use proxy servers and content filters to control access to websites and block malicious content. Secure against malicious code. Keep your browser and extensions updated and use anti virus software. Securing your web browser is essential for protecting your privacy and security online. Download browsers from trusted sources. Configure security settings. Manage extensions carefully and practice safe browsing habits. By taking these steps, you can significantly reduce your risk of online threats. Let's now break down the first objective of the software troubleshooting domain. Given a scenario, troubleshoot common Windows OS problems. Windows recovery environment winre a set of tools to recover Windows from boot errors accessible through the advanced startup menu. Shift plus restart shutdown/r/o settings update and security recovery or recovery media. includes options like reset this PC keeps or removes personal files. System restore revert system files to an earlier point doesn't affect personal files. Safe mode restores can't be undone. System image recovery restores a drive from a backup. Startup repair automatically fixes boot problems. Command prompt. Advanced command line tool. Requires admin access. UFI firmware settings. Accesses the systems UEFI. Startup settings. Advanced boot options. accessed via winre or by pressing F8 can be enabled in Windows 101 via BCDEit/ set default boot menu policy legacy offers different boot modes enable debugging kernel troubleshooting enable boot logging creates NTBT log.txt TXD in percent system route percent enable lowresolution video uses a standard VGA driver 640x480 safe mode minimal drivers for troubleshooting good for system restore malware scans driver roll back safe mode with networking safe mode with network support safe mode with command prompt safe mode with command prompt instead of GUI disable driver signature enforcement allows unsigned drivers disable early launch anti-malware protection helps diagnose Anti-malware conflicts. Disable automatic restart after failure. Prevents boot loops due to errors. System restore. Creates snapshots of system files and registry settings. Can be accessed through system properties protection or system.cpl, 4. Can be enabled or disabled in the system protection tab. Restore points are created automatically before major system changes, but can be created manually. Improper spontaneous shutdowns. Troubleshooting steps. Check event viewer system log. Use MS Config to selectively enable services and startup items. Boot into safe mode. Run a virus scan. Check power connections and power supply. Use Windows RE. Stop errors. Blue screen of death. BS Audi. Caused by hardware issues. Corrupt driver files or memory errors. May include text code sad face and a QR code. Memory dumps. Percent system root percents. Memory.dmp or percent system root percents. Mini dump can be used for analysis. Event logs may contain bug check information. Common symptoms and solutions. Windows slow performance. Boot. Use troubleshooters. Disc cleanup. Defrag. Limit startup programs. Scan for malware and increase RAM or virtual memory. Limited connectivity. Restart system modem router. Update network settings. IPconfig/re. IPconfig/renew. Check cable. Use troubleshooters. No OS found. Update BIOS. UFI boot order. Repair boot files and check hardware connections. Boot mgr is missing. Use startup repair. Rebuild BCD. Bootrec/rebuild BCD. Set the C partition to active. Boot sector issues. Bootrec/fix boot app won't install or run. Verify requirements. Add resources. Run Windows memory diagnostic. App crashes. Apply updates. Repair. Reinstall. Use compatibility mode. Troubleshooter. Disable from startup. Missing. Corrupt system files. Use system file checker sfc. Chad escape tool. Printing issues. Use printer troubleshooter. Check device settings. Roll back drivers. Device issues. Use device manager. WMGMT. MSC. No device icons. Black arrow equals disabled. Exclamation equal driver conflict. USB controller resource warnings. Manage USB connections. Use USB docs/ adapters and reinstall USB drivers. Services fail to start. Use services.mse common net start stop commands. Verify dependencies. Time drift. Use network time protocol NTP or synchronize to the domain controller. Slow profile load. Clean up temp files. Synchronize time. Check user profile service and reduce startup programs. Corrupted profile. Copy profile to the new account. Repair using registry editor. Remove. Rebuild the profile. Important note. Understand winre options. Startup settings. Safe mode. How to create and use system restore points. The basics of stop errors, BSODs, and troubleshooting various symptoms. Know the core troubleshooting tools. Task manager, device manager, event viewer, MS Config, command prompt, etc. Objective 3.2. Given a scenario, troubleshoot common personal computer PC security issues. Common PC security issues, malware infections, viruses, spyware, Trojans, etc. Browser redirection, hijacking, invalid certificates, certificate warnings, ransomware hoaxes, remote control by unknown entities, symptoms of viruses, blocked, redirected internet access, unusual error messages or security alerts, altered, missing or renamed files or folders, unwanted notifications, failed Windows updates, slow performance, frequent crashes, restarts, inaccessible storage drives, apps, double extension email attachments, for example, txt VBS non-functioning anti virus software symptoms of spyware modified browser homepage and search engine excessive pop-up windows rogue antivirus alerts unusual network activity disabled firewalls/ antivirus new programs icons and favorites appear erratic OS behavior random appearance of Java console symptoms and solutions browser redirection check browser settings host file C do Windows SAI system 32 to drivers etc. trusted sites and run anti-malware scans. Invalid certificates, analyze certificates in certificate manager, certmgr.msc. Review event viewer logs, delete/import/revoke/rust certificates, invalid email certificate, import new certificate, publish a certificate, analyze event logs, and revoke old certificate. Remote control. Scan for Trojans. Disable remote tools. Remote desktop. Remote assistance. Ransomware hoax. Block malicious sites. Check for browser redirection. Educate user not to click the close button. Important note. Know common symptoms of malware, especially viruses and spyware. Be able to troubleshoot browser redirection, certificate issues, and remote access. Understand the role of event logs. Objective 3.3. Given a scenario, use best practice procedures for malware removal. CompTIA 7-step malware removal procedure. One, investigate and verify malware symptoms. Gather information. Verify the issue. Two, quarantine the infected systems. Isolate logically and physically. Disable network. Three, disable system. Restore in Windows to prevent reinfection from restore points. System properties. System protection. Four. Remediate infected systems. Update anti-malware software. Scan and remove malware using safe mode or pre-installation environments. Winry re bootable USB. Five. Schedule scans and run updates. Configure regular scans and automatic updates. Six. Enable system restore and create restore point. Reenable system restore and create a fresh restore point. Seven, educate the end user. Explain what happened and how to avoid future issues. Watch out for rogue antivirus apps that masquerade as real ones. Important note, memorize the CompTIA 7step malware removal procedure. Understand the purpose of each step, especially disabling system restore and using safe mode winre for scanning. Objective 3.4. Given a scenario, troubleshoot common mobile OS and application issues. Common Mobile OS app issues. The application fails to launch, crashes, fails to update, slow to respond, OS fails to update, battery life issues, random reboots, connectivity issues, Wi-Fi, Bluetooth, NFC, AirDrop. The screen does not auto rotate. Wireless troubleshooting Wi-Fi check range correct SSID encryption protocol airplane mode connections tethering conflicts power cycle devices forget and reconnect to network use Wi-Fi analyzer apps check advanced settings renew IP address Bluetooth verify Bluetooth capability enable charge range restart devices check for Wi-Fi conflicts forget and reconnect to Bluetooth devices watch for unintended Bluetooth connections NFC check proximity airplane mode toggle NFC off on restart clear NFC cache update airdrop check Wi-Fi and Bluetooth close proximity airdrop setting compatibility off contact only everyone email connection troubleshooting verify internet access username password server names port numbers secure email ports and transport layer security TLS check certificate expiration and import new ones troubleshooting and stopping apps apps might need to be restarted started, uninstalled, reinstalled. Back up the data first. To stop apps on Android, go to app info and tap force stop or clear cache data. To stop apps on iOS, swipe up on the screen, find the app, and swipe up on the app's preview. Resets, soft reset, power off and on restarts drivers OS. Hard reset resets to factory settings. Data loss varies by device. Always backup data before a hard reset. More issues. Updates. Latest updates can make devices run sluggish. Downgrade to factory image applications cause slowness. Freeze not load or load slowly. Stop restart apps. Clear cache data. Uninstall unused apps. Close browser tabs. Random reboots. Update OS. Check storage. Close apps. Remove external devices. Disable auto restart. Check for bad apps. Scan with anti-malware. Poor battery. Old damaged battery. High use applications. Bad charger. Bad charging port. video issues. Auto rotate is often disabled. Check device compatibility with external devices. Check that the right adapter is being used and that connections are secure. Also, verify screen mirroring is enabled. Important note, know basic mobile troubleshooting steps. Understand the importance of soft hard resets. Be familiar with app stopping procedures and know how Wi-Fi, Bluetooth, NFC, and AirDrop are used and can be troubleshot. Objective 3.5. Given a scenario, troubleshoot common mobile OS and application security issues. Mobile device security concerns. Unauthorized access, loss of access, data compromise. Oversecuring can cause lockouts and reduce productivity. Look for high resource power usage and high data usage as red flags. Root access. Android jailbreaking. iOS can compromise security. Android packages, APKs from untrusted sources, risks installing malicious software. Malicious apps can cause various problems. Mobile security best practices. Review log files to find security issues. Use Android debug tools when needed. Limit the number of applications users can access. Disable location services if unauthorized tracking is suspected. Symptoms of malicious apps, worrying messages, pop-up ads, fake security warnings, performance issues, sluggish response time, and unexpected app behavior, leaked data. This should result in immediate quarantine, security measures, update anti-malware/ firewall. Require strong passwords and disallow public Wi-Fi. Obtain software from trusted sources. Implement DLP. Lock down devices with an MDM. Important note, understand the risks of rooting, jailbreaking, and using untrusted app sources. Know common symptoms of malicious apps, including ads, sluggish performance, and data leaks. Learn how to use log files and also understand common best practices to keep mobile devices secure. Objective 4.1. Given a scenario, implement best practices associated with documentation and support systems, information management, types of documents, network topology. Diagrams show physical and logical connections of network devices, switches, routers, computers, etc., and may include IP addresses and system locations. Incident reports, logs maintained during an incident response, including facts, information gathered, logs, and visual audio recordings. Standard operating procedures, SOPs, step-by-step guides for performing routine tasks, including software installations, system upgrades, and OS installations should focus on process, not tools, and avoid jargon. Regulatory compliance policies, documentation related to adhering to laws, regulations, and ethical practices. For example, compliance with ISO standards, NIST guidelines, acceptable use policies, AUPs, define rules and restrictions for how users can interact with computer network systems, including prohibitions on unauthorized sharing and use. User checklists, onboarding, adding user to system with training, documentation, and security, and off-boarding removal of user from system and revocation of access of users, knowledge bases, articles, information from vendors. Microsoft, Apple, etc., and community support for troubleshooting. Be sure to go to the source for information first. Ticketing systems, software used for managing and tracking user issues, also known as issue tracking, help desk, trouble ticket, or incident ticket system used by help desk personnel. Tickets include user details, problem description, issue categorization, severity, and action plans with detailed, clear, and concise communication. Tickets should be tracked and resolved efficiently. Asset management, supervising and tracking hardware and software, client computers, servers, switches, routers, mobile devices, IoT includes procurement, life cycle, warranties, licenses, asset tags, and barcodes. Virtual machines VMs should be tracked and managed the same as physical machines. Use of databases to manage tracking of assets. Important note, know various types of documentation and when to use them, especially network topology diagrams, incident reports and SOPs. How ticketing systems function and methods of asset management. Focus on the steps required to generate and keep track of these items. Objective 4.2 explain basic change management best practices documented business processes change control forms/ requests which need a basic description purpose scope of the change who will be affected and when the change will happen roll back plan procedures to revert to the original state if a change fails. Sandbox testing testing in an isolated environment before implementation. Responsible staff members. Identification of personnel overseeing the process. Change management. Purpose of change. Reason for the proposed change. Scope of change. Detail about what systems will be updated, who it will affect, and when. Risk analysis. Determine potential vulnerabilities and any other issues that might come from the change. End user acceptance. How users will accept the change. Ensure transparency for the user or client. Change board. A group that approves proposed changes and ensures they align with the organization's goals. Backout plan procedures to reverse failed changes. Should have detailed contact information. Document changes. Record all steps taken during the update of the systems. Important note, be familiar with the steps needed to create a good change management request. Objective 4.3. Given a scenario, implement workstation backup and recovery methods, backup and recovery, Windows file, history, a file backup program that can store and restore copies of files. Can be accessed via control panel and from settings. Update and security. Backs up data in libraries by default, but can be customized. System image backup creates a copy of the system drive to be used to restore in case of a failure. Accessed via file history settings. Other backup methods use tape drives or other external or network-based drives. Backup methods. Full backup backs up all data on selected folder or volume. Incremental backup backs up only changes since last full or incremental backup. Requires the full and all incremental backups to fully restore. Differential backup. Backs up only changes since last full backup. Requires the full and the last differential backup to restore. Synthetic backup creates a new full backup by combining all previous incremental backups, simplifying restoration. Backup testing. Verify that backups are working properly by using the built-in software verification process. Perform regular restores to systems to test the ability to restore data. Testing on similar simulated hardware configurations. Backup rotation schemes. Grandfather, father, son, GFS, daily, weekly, and monthly backup sets. 10 tape rotation. Daily tapes for two weeks and then reuse. On-site versus off-site backups. On-site is faster but may be lost in a disaster. 321 backup rule. Three copies of data on two types of media with one copy stored offsite. Important note, know various backup methods, what the best practices for testing are, and different rotation methods. Be ready to select the proper way to backup and when to restore. Objective 4.4. Given a scenario, use common safety procedures. ESD, electrostatic discharge prevention. Anti-atic wrist strap equalizes electrical potential between user and equipment. Anti-static mat protects computer and components while working. Self- grounding. Touch a metal part of the computer case before handling components. Anti-static bags. Store components when not in use. Proper handling. Hold components by the edges and avoid touching sensitive areas. Electrical safety. Disconnect all power before working on components. Replace power supplies. Don't open them. Avoid working on LCD monitors as they may hold a charge. Be careful of the fuser and laser printers as it can be very hot. Ensure power requirements match for surge protectors and uninterruptible power supplies, UPS. Electrical fire safety. Have a class C extinguisher for electrical fires. If a fire occurs, attempt to extinguish it if safe and call 911. Shut off the power if safe. Physical safety root cables safely to prevent trips. Use proper lifting techniques to avoid injury. Be careful of hot components. Use safety equipment as needed. Use proper ergonomics at workstations to avoid injury. Important note. Understand the importance of ESD prevention. Recognize the dangers of working with electricity and be able to take steps to avoid electrical shocks or fires. Practice good safety habits. Objective 4.5. Summarize environmental impacts and local environmental controls. Temperature, humidity, and air quality. Maintain a temperature range of 68, 76°, F, 20, 24° C. Maintain a humidity range between 20 to 60%. Use proper ventilation. Use filtration devices and hepailters for air cleanliness. MSDS material safety data sheets documents with information about chemical substances include information on treatment, spills, disposal, storage, and handling. Check for proper handling of ink, toner, batteries, cleaners. Properly recycle or dispose of old devices, batteries based on local guidelines. Power devices surge protector protects against power surges and spikes. Use 1,000 plus jewels. UPS uninterruptible power supply provides battery backup against sags, undervoltage, and outages. UPS provides an indicator for when the battery needs to be changed. Do not plug laser printers into a UPS. Power issues spike, sudden increase in voltage, sag, unexpected decrease in voltage, under vololtage, drop in voltage potentially causing systems to shut down, power failure, total loss of power for a prolonged time. Important note, be aware of proper temperature and humidity ranges, the purpose of MSDSS and recycling, and methods for protecting computers from power surges, outages. Objective 4.6. Explain the importance of prohibited content activity and privacy, licensing, and policy concepts. Incident response events actions that happen in systems. Incidents, adverse events that are violations of security policies, breaches, first response, identify, report and escalate incidents. Preserve data and devices. Document everything. Incident response life cycle preparation, planning, training, and access to necessary resources. Detection and analysis. Identify the cause of the incident using appropriate tools. Containment, eradication, and recovery. Isolate. Remove and restore the system. Post incident activity. Review what happened. Finalize documentation and learn from it. Chain of custody. Document. Who had possession of the evidence from start to end. Licensing/DRM/ULA. Valid licenses. Properly organize and store digital licensing information. ULE end user licensing agreement. Contracts that outline terms of software use. DRM. Digital rights management. Controls to restrict copyright infringement. Open source versus commercial licenses. Know which gives greater freedoms to users. Personal versus corporate licenses. Know which is appropriate for each use case. Regulated data. Personally identifiable information. PII. Information used to identify a person. For example, name, address, social security number. Protected health information. PHI. Health information protected by HIPPA. PCIDSS. Standards for handling payment card data. General Data Protection Regulation, GDPR, EU regulations on data protection and privacy. Important note, understand the importance of incident response, chain of custody, the roles of licensing, and the differences between PII, PHI, PCI, DSS, and GDPR. Objective 4.7. Given a scenario, use proper communication techniques and professionalism. Professional communication techniques, appearance and attire. Dress appropriately for the work environment. Language and jargon. Use clear and concise language. Avoid jargon, acronyms, and slang when working with customers. Attitude and confidence. Maintain a positive, calm, and assured demeanor. Active listening. Pay attention to the customer. Take notes and do not interrupt. Be on time. Be on time. If late, notify the customer. Professional behaviors. Avoid distractions. Limit distractions. Personal calls, messages, and social media. Dealing with difficult customers. Use patience, understanding, and respect to diffuse difficult situations. Do not argue with the customer. Dismiss their concerns or be judgmental. Clarifying concerns. Ask open-ended questions to determine the scope of the problem and restate to verify understanding. Do not disclose private information or conversations about customers on social media. meeting expectations. Set a timeline, provide updates, offer options, and provide documentation. Follow up to verify that they are satisfied with the work. Private and confidential information. Do not touch or look at private or confidential data without permission. Do not take company data home and do not disclose information about your work on social media. Important note, be ready to act professionally by using proper techniques for communication, customer service, and protecting their private data. Let's demystify scripting. This objective is about understanding the fundamental building blocks of scripts, which are essentially sets of instructions that automate tasks. Scripts are like mini programs that automate tasks. They're used for everything from simple file management to complex system administration. We'll cover the basic concepts that apply to many scripting languages. Basic data types, the building blocks. Data types define the kind of information a script can work with. Integers, whole numbers, positive, negative, or zero. Examples 10 minus 5, zero. Strings, sequences of characters, text. Examples: Hello, my password. Script constructs controlling the flow. These structures control how the script executes. If statement executes a block of code only if a certain condition is true. It's like saying if it's raining, take an umbrella. For loop, repeats a block of code a specific number of times or while a condition is true. It's like saying repeat this task 10 times. Environment variables predefined values. Environment variables are like shortcuts that store information about the system or the user. Command prompt percent system root percent represents the Windows installation directory. PowerShell dollar nv path contains the list of directories where the system searches for executable files. Comment syntax explaining your code. Comments are notes within the script that are ignored by the computer. They're for humans to read explaining what the code does. Number sign, pound sign used for singleline comments in PowerShell and bash. Double slash used for singleline comments in JavaScript and many other languages. Asterisk and asterisk slash used for multi-line comments. Script file types different languages different extensions. Different scripting languages use different file extensions.ps1 PowerShell scripts. PowerShell a powerful scripting language built into Windows. It uses cmdle commandlets specialized commands variables which start with a dollar sign and supports looping and conditional logic.bat batch files batch files and older simpler scripting language for Windows. They're still used sometimes but PowerShell is generally preferred bash shell scripts bash the standard shell command interpreter for most Linux Unix systems. Bash scripts use commands and environment variables. The first line of a bash script is usually the shebang line #/bin/bash which tells the system which interpreter to use.py Python scripts Python a versatile generalpurpose programming language often used for scripting. It uses libraries, variables, and looping conditional logic. You need a Python interpreter installed to run Python scripts.js JavaScript files. JavaScript primarily used for adding interactivity to web pages, but it can also be used for other scripting tasks.BS visual basic scripts used commonly with Microsoft Office. Scripting is about automating tasks using code. Understand the basic data types, integers, strings, control structures, if statements for loops, environment variables, comment syntax, and the different file extensions for various scripting languages. Key reminders, know the different data types, if statements for loops, environment variables, and comment syntax. Be able to match the file extension to the scripting language. For example, PS1 for PowerShell.h for bash. Be especially familiar with Bash and PowerShell scripting concepts. With these fundamentals, you'll be well prepared to understand and even write simple scripts. Okay, let's connect to remote systems. This objective is all about accessing and managing computers and devices from a distance, a crucial skill in today's interconnected world. Remote access technologies allow you to control or monitor computers and devices as if you were sitting right in front of them, even if they're miles away. This is essential for IT support, system administration, and remote work. Remote desktop, RDP, the Windows standard, RDP, remote desktop protocol. This is built into Windows and allows you to control the graphical user interface, GUI, of a remote Windows computer. Enabling RDP. You can enable it in settings, system, remote desktop, or system properties, remote tab. Allowed users. You can configure which users are allowed to connect remotely. Port RDP uses TCP port 3,389 by default. Network level authentication. It's strongly recommended to use network level authentication for added security. Remote assistance requires an invitation from the user on the remote computer. Remote desktop connection connects directly without an invitation if you have the necessary permissions. MSSC you can use the MSDSC command Microsoft terminal services client at the command line to connect to a remote computer. Remote monitoring and management and desktop management software used to monitor multiple clients. Secure Shell SSH the command line powerhouse. SSH secure shell. This provides a secure encrypted way to remotely control a computer using the command line. It's widely used for managing Linux Unix systems, but it can also be used with Windows. Port SSH uses TCP port 22 by default. Enabling SSH you need to enable the SSH server on the target system. SSH clients. Popular tools for connecting to SSH servers include PTY and Open SSH. VPNs, virtual private networks, secure tunnels. VPNs create a secure encrypted tunnel over a public network like the internet, allowing you to access resources on a private network as if you were directly connected. Protocols. Common VPN protocols include PPTP, L2TP, SSTP, and IKEEV2. Ikev2 is generally preferred. Connecting. You connect to a VPN server using the server's address, the appropriate protocol, and your login credentials. Other thirdparty remote tools, VNC, virtual network computing, for example, Real VNC, LogMein, Team Viewer. These tools provide remote desktop control, often with additional features like file transfer, and screen sharing. Web-based conferencing platforms, Zoom, Webex, and others are often used for remote meetings and presentations. Security considerations protecting remote access. Remote access can be a security risk if not properly configured. Strong passwords. Always use strong unique passwords for remote access accounts. Encryption. Use strong protocols with encryption like SSH or VPNs with IKEV2. MFA, multiffactor authentication. If possible, enable MFA for remote access tools, adding an extra layer of security. Firewall. Make sure your firewall is configured to allow only the necessary ports for remote access. For example, 3389 for RDP, 22 for SSH. Remote access technologies are powerful tools, but they must be used securely. Understand the differences between RDP, SSH, and VPNs. And know the key security considerations. Key reminders. Understand the function of RDP, SSH, and VPNs. Know the security considerations for remote access, strong passwords, encryption, MFA, and firewall configuration. Master these concepts, and you'll be able to connect to and manage remote systems safely and effectively. And that wraps up our rapidfire review of the CompTIA Plus Core 2 exam. We've covered a lot of ground from operating systems and networking to security and troubleshooting. Remember, practice is key. Review your notes, use the tools we've discussed, and you'll be well prepared to ace the exam. Ready to take your IT skills to the next level? Visit techvaultacademy.com for comprehensive courses, practice exams, and study guides to help you succeed in your certification journey. Your IT future starts now.