220-1002 Flashcards
Pass the CompTIA A+ 220-1002 test with complete mastery.
When a new harddisk leaves the manufacturer, creates cylinders, tracks and sectors on the platters
Low Level Format
halts any child processes
taskkill /t /pid processid
/t
Terminates the specified process and any child processes which were started by it.
/pid
Specifies the PID of the process to be terminated. Use TaskList to get the PID.
bottom of screen gives one-click access to favorite apps and files in macOS
dock
Opens device manager from runline
Devmgmt.msc
Despite the name being called “Device Manager”, the name used to call the application is short for Device Management.
UGO stands for…
User, Group, Others
User
User is the owner of the file. When you create a file, you become the owner of the file. The ownership can be changed as well, but we’ll see that later.
Group
Every user is part of a certain group(s). A group consists of several users and this is one way to manage users in a multi-user environment.
Other
‘Other’ can be considered as a super group with all the users on the system. Basically, anyone with access to the system belongs to this group.
In other words, ‘User’ is a single user, Group is a collection of users and Other consists of all the users on the system.
*Even if you are the only user of the system, you’ll still be part of many groups. Distributions like Ubuntu also create a group with name same as the user’s name.
Tip: Run the command groups to see what user-groups you belong to.
7 steps in the malware removal process are…
- Identify and research malware symptoms
- Quarantine infected systems
- Disable system restore
- Remediate infected systems:
- update anti-malware software
- scan and use removal techniques - Schedule scans and run updates
- Enable system restore
- Educate end user
IQ DR SEE
I (Identify)
Quietly (Quarantine)
Draw (Disable Restore)
Red (Remediate/Remove)
Shoes (Schedule Scans/Updates)
Every (Enable Restore)
Evening (Educate User)
How do you Force Quit in macOS?
in Apple menu or press command+option+esc
specifies the hour in cron(0-23)
hh
A collection of user accounts, computer accounts, and other groups that can be assigned permissions in the same way as a single user object.
Security Group
Clears the DNS resolver cache
ipconfig /flushdns
A ____ is a logical group of keys, subkeys, and values in the registry that has a set of supporting files loaded into memory when the operating system is started or a user logs in.
Hive
REGISTRY DATABASE FILES
The registry database is stored in binary files called hives. A hive comprises a single file (with no extension), a .LOG file (containing a transaction log), and a .SAV file (a copy of the key as it was at the end of setup). The system hive also has an .ALT backup file. Most of these files are stored in the %SystemRoot%\System32\Config folder, but hive files for user profiles are stored in the folder holding the user’s profile. The following table shows the standard hives.
HKEY_CURRENT_CONF
system, system.alt, system.log, system.sav
HKEY_CURRENT_USER
ntuser.dat, ntuser.dat.log
HKEY_LOCAL_MACHINE\SAM
ssam, sam.log, sam.savv
HKEY_LOCAL_MACHINE\SECURITY
security, security.log, security.sav
HKEY_LOCAL_MACHINE\SOFTWARE
software, software.log, software.sav
HKEY_LOCAL_MACHINE\SYSTEM
system, system.alt, system.log, system.sav
HKEY_USERS.DEFAUT
default, default.log, default.sav
HKEY_CLASSES_ROOT
Not stored in a hive but built from the \SOFTWARE\CLASSES keys in CURRENT_USER and LOCAL_MACHINE
Location of Log files in WIndows
%SystemRoot%\System32\Winevt\Logs folder
127.0.0.1
IPv4 Loop back address
The loopback address is used to test network software:
without physically installing a Network Interface Card (NIC),
and without having to physically connect the machine to a TCP/IP network.
Allow you to collect statistics about resources such as memory, disk, and processor
Peformance Monitor
-perfmon.msc
-Performance Monitor provides a visual display of built-in Windows performance counters, either in real time or as a way to review historical data. You can add performance counters to Performance Monitor by dragging and dropping, or by creating custom Data Collector Sets. It features multiple graph views that enable you to visually review performance log data. You can create custom views in Performance Monitor that can be exported as Data Collector Sets for use with performance and logging features.
32 bit application files location
Program Files(x86)
Do most things with an object but not to change its permissions or owner.
Modify
Stop a process using its unique ID (Windows)
taskkill /IM pid
A new feature of Windows 7 that enables users to rapidly access data from remotely located file and web servers. This enables users at a small branch to cache copies of frequently accessed files from head office servers on a local computer.
BranchCache
Bash shell script comment
#
{#BashCom}
Bash-Hash
Same as Powershell Comments #
Linux shell scrips
.sh
View the contents of a file or folder or start a program
Read/List/Execute
quits a running program in command prompt
Control + C
Control connection to databases set up on the local computer
ODBC Data Sources
(Open Database Connectivity )
displays all files without an extension.
dir *.
Shows a list of services within each process
tasklist /svc
/svc Lists all the service information for each process without truncation. Valid when the /fo parameter is set to table.
An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information
phishing
A network protocol for secure transfer of data between computers on port 22
SSH (Secure Shell)
SSH -> 22H = SSH/Port 22
refresh the local database with information about the packages available from the repository
apt-get update
Part of UEFI, successor to MBR. Windows allows up to 128 partitions at 2TB each. It also has a back up copy for parition entries
GPT (GUID Partition Table)
port 23
Telnet
Ensures old data on a hard drive is destroyed by writing zeros or a random patter to each location on the drive. Makes disk suitable for re-use.
Drive Wiping
change ownership in linux
chown
An account in which if a process is executed it is unrestricted in terms of making changes to the system configuration and file system (better than administrator account)
LocalSystem account
{SYSTEM has unrestricted access, SERVICES does not}
- One of the 3 Service User Accounts.
*NetworkService
*LocalService
(Both have minimum privileges)
-Operated by Service Control Manager
tool to copy code to make the partition bootable
bootsect
- Boot sector restoration tool
Bootsect.exe updates the master boot code for hard disk partitions in order to switch between BOOTMGR and NTLDR (the boot loader for all Win NT systems). You can use this tool to restore the boot sector on your computer.
Adds missing Windows installations to the BCD
bootrec /rebuildbcd
Common Usage:
Failure to boot/invalid boot disk
No OS found
A disk partition designated for swap space in linux.
Swap Partition
Apple equivalent of system restore
Time Machine
a file that contains all the contents of an optical disc
ISO File
Enables network-ready devices to discover each other automatically. Also allows configurations for devices to work with firewalls
UPnP (Universal Plug and Play)
Universal Plug and Play (UPnP) is a protocol framework allowing network devices to auto configure services such as allowing a game console to request appropriate settings from a firewall.
Windows automatically detects new or changed hardware, finds drivers, and installs and configures the device.
Minimal user input includes installing vendor drivers.
Microsoft has a repository of generic drivers for many common devices, Mice, keyboards, webcams, etc.
It will automatically install the closest match to the device detected, although this is not the same as the drivers from the device vendor, their drivers may include extra functionality especially for high-end devices and graphics cards, like programmable soft keys on a keyboard, or extra scroll settings on a mouse.
When a new hard drive leaves the manufacturer, creates cylinders, tracks and sectors on the platters
Low-level format
In windows, lists result files one screen at a time
dir /p
- Directory
- /P *Pauses after each screenful of information.
check free space and report usage by directories and files (linux)
df and du
The “disk free” command is a fantastic command-line tool that gives you a quick 30,000-foot view of your filesystem and all mounted disks. It tells you the total disk size, space used, space available, usage percentage, and what partition the disk is mounted on. I recommend pairing it with the -h flag to make the data human-readable.
The “disk usage” command is excellent when applied in the correct context. This command is at its best when you need to see the size of a given directory or subdirectory. It runs at the object level and only reports on the specified stats at the time of execution. I like to pair this command with the -sh flags to give a human-readable summary of a specified object (the directory and all subdirectories).
===============================================================================
In Windows, you can right click a drive/folder/file and select properties to find free space and usage
In Linux, what command is used to view tasks scheduled by the
current user?
crontab –l
All selected data regardless of when it was previously backed up (high backup, time low restore time uses one tape set)
full backup
A vulnerability that is exploited before the software creator/vendor is even aware of its existence.
zero-day exploit
Allows you to view cached passwords for websites and Windows/network accounts
Credential Manager
The file system older macOS uses
HFS Plus (Extended Hierarchical File System)
*Replaced by APFS (Apple Filing System)
displays the current state of network interfaces within linux
ifconfig/iwconfig
- ifconfig (ip a) -Display network info (legacy, newer distros use ip a )
- May need to be installed
- iwconfig -Display wireless adapter configurations/info.
schedules a system file scan whenever the PC boots
sfc /scanboot
-System File Checker
Linux User commands
Useradd, Usermod, Userdel
windows batch file escape character
%%
displays all files and directories in the current directory
dir *.*
- dir = Directory
- *.* = Show any file name with any extension.
lists all switches for the netstat command
netstat /? Or netstat /help
Located in Control Panel in Windows 7, is a collection of predefined Microsoft Management Consoles
Computer Management
Control Panel / Administrative Tools
• mmc.exe
(Linux) Shutdown at 5:30pm
shutdown -h 17:30
change permission modifiers in linux
chmod
Change ownership in linux.
chown
legacy file system used for optical disc media
CDFS (compact disc file system)
A collection of user accounts that can be assigned permissions in the same way as a single user object
Security Group
There are two forms of common security principals in Active Directory: user accounts and computer accounts. These accounts represent a physical entity (a person or a computer). Security groups are used to collect user accounts, computer accounts, and other groups into manageable units.
Groups are used to collect user accounts, computer accounts, and other groups into manageable units. Working with groups instead of with individual users helps simplify network maintenance and administration.
There are two types of groups in Active Directory:
Distribution groups: Used to create email distribution lists.
Security groups: Used to assign permissions to shared resources.
Security groups can provide an efficient way to assign access to resources on your network. By using security groups, you can:
- Assign user rights to security groups in Active Directory.
- Assign permissions to security groups for resources.
linux command that makes a copy of an input file to an output file
dd
AKA Duplicate Data (dd)
displays linux processes that are currently running
ps
- View the current processes
- And the process ID (PID)
- Similar to the Windows Task Manager
- View user processes
- ps
- View all processes
- ps -e | more
Medical and insurance records, plus hospital lab results
PHI (Protected Health Information)
• Health information associated with an individual
• Health status, health care records, payments
for health care, and much more
• Data between providers
• Must maintain similar security requirements
• HIPAA regulations
• Health Insurance Portability and Accountability Act of 1996
Removes a directory and its contents recursively (Linux)
rm -r
• Remove files or directories
• Deletes the files
• Does not remove directories by default
• Directories must be empty to be removed or
must be removed with –r (removes contents recursively)
is a text document containing commands for the operating system. The commands are run in the order they are listed
Script File
A text document containing OS commands or instructions from a scripting language.
Scripting Language:
A programming language that is not compiled, and must be run within a particular environment.
You may need command interpreter to execute the scrips.
You can open scripts in text editors or IDEs
- IDEs are designed to support scripting
- Autocomplete
- Debugging tools
Scripting Languages
Types of Instruction Sets:
- Compiled Programs (CPU performs instructions) *C++
- Scripts (OS or command interpreter performs instructions)
File extensions differ for each scripting language:
- Windows batch file: .bat
- PowerShell script: .ps1
- Linux shell script: .sh
- VBScript file: .vbs
- JavaScript file: .js
- Python script: .py
Scripts often used for smaller, repetitive tasks.
PowerShell file extension
.ps1
Queries a dns server about a host
nslookup -Option Host Server
- Lookup information from DNS servers
- Canonical names, IP addresses, cache timers, etc.
- Lookup names and IP addresses
- Many different options
Provide a way of dividing up a domain into different administrative realms
OU (Organizational Unit)
r-x
5
7 Read, Write, and Execute r w x
6 Read and Write r w -
5 Read and Execute r - x
- 4 Read only r - -
3 Write and Execute - w x
2 Write only - w -
- 1 Execute only - - x
0 none - - -
**REMEMBER 421
4 = R– (Read)
2 = -W- (Write)
1 = –X (eXecute)
The rest is just BASIC math.
Attempts to fix startup problems.
bootrec
Recovery Console: bootrec /rebuildbcd
- bootrec /fixmbr
- bootrec /fixboot
An interface between the user and computer and software.
shell
A Windows command that is similar to and more powerful than the xcopy command, used to copy files and folders.
robocopy
Disables dmartin account
net user dmartin /active:no
Where the local user accounts created are stored?
The Windows local security account database where local system account information is stored.
Users folder. The Users folder is located in the Local Users and Groups folder in the local Computer Management (MMC).
SAM (Security Accounts Manager)
Remote Settings location
control panel -> system -> remote desktop
Settings -> System -> Remote Desktop
CMD:
C:\WINDOWS\System32\control.exe system -> Remote Desktop
Sets radio power level, typically set to the highest level by default
Transmit Power
can be used to specify that date within the month(0-31) in cron
dd
File system created specifically for the Linux kernel.
ext (Extended File System)
schedules a scan when the computer is next restarted
sfc /scanboot
Actions that can be had with Services.
Start, restart ,stop and pause services.
linux command used to activate the partition swap space
swapon
a set of software tools that enable an unauthorized user to gain control of a computer system without being detected.
Rootkits
Windows log files that allow you to collect statistics about services, including extensions to Event Viewer to log data that would otherwise be inaccessible.
trace logs
The process of managing information over its life cycle
ICM (Information Content Management)
A mathematical function that converts an input of arbitrary length into an encrypted output of a fixed length
Hash
a single key is used to encrypt and decrypt data
symmetric encryption
Allows monitoring of Windows logs. System, security, application, and service events are recorded in these logs
Event Viewer
a program on a server that allows the network admin to approve updates for certain groups
WSUS
-Windows Server Update Service
WSUS, previously known as Software Update Services, is a computer program and network service that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers in a corporate environment.
A management console snap in for viewing and managing system logs.
Event Viewer
- (accessed through computer management, administrative tools, or eventvwr.msc)
What does gpresult do?
This command line tool displays the Resultant Set of Policy (RSoP) information for a target user and computer.
Displays the RSoP for a computer and user account
/S
system Specifies the remote system to connect to.
/U
[domain]user Specifies the user context under which the command should run. Can not be used with /X, /H.
/P
[password] Specifies the password for the given user context. Prompts for input if omitted. Cannot be used with /X, /H.
/SCOPE
scope Specifies whether the user or the computer settings need to be displayed. Valid values: “USER”, “COMPUTER”.
/USER
[domain]user Specifies the user name for which the RSoP data is to be displayed.
/X
Saves the report in XML format at the location and with the file name specified by the parameter. (valid in Windows Vista SP1 and later and Windows Server 2008 and later)
/H
Saves the report in HTML format at the location and with the file name specified by the parameter. (valid in Windows at least Vista SP1 and at least Windows Server 2008)
/F
Forces Gpresult to overwrite the file name specified in the /X or /H command.
/R
Displays RSoP summary data.
/V
Specifies that verbose information should be displayed. Verbose information provides additional detailed settings that have been applied with a precedence of 1.
/Z
Specifies that the super-verbose information should be displayed. Super- verbose information provides additional detailed settings that have been applied with a precedence of 1 and higher. This allows you to see if a setting was set in multiple places. See the Group Policy online help topic for more information.
Configures detailed reports on different system statistics and log performance over time
Performance Monitor
- (can be accessed through administrative tools, Computer Management or perfmon.exe command line)
an attack that convinces the network that the attacker’s MAC address is the one associated with an allowed address so that traffic is wrongly sent to the attacker’s machine
ARP poisoning
- Address Resolution Protocol poisoning (ARP poisoning) is a form of attack in which an attacker changes the Media Access Control (MAC) address and attacks an Ethernet LAN by changing the target computer’s ARP cache with a forged ARP request and reply packets.
utility that allows you to copy the contents of more than one directory at a time and retain the directory structure
xcopy
CIA
Confidentiality
Integrity
Availability
{With CIA, all answers end in “ity”
AAA does not!
Authentication
Authorization
Accounting}
shows a list of services within each process
tasklist /svc
VBScript
.vbs
specify image name to kill
taskkill /im PID
Example: End Notepad (14944)
C:\User> TaskKill /IM 14944
SUCCESS: Sent termination signal to the process with PID 14944.
Tools used to gather information about the way the network is built and configured and the current status of hosts. (nmap, ZenMap)
Finding out the specific version of OSs, software, network services, and so on can tell attackers what the known vulnerabilities are for the version you use.
network mapping
install new application in Linux
apt-get install (package name)
Dismounts volume C:
chkdsk C: /x
- Check Disk
- /x Forces the volume to dismount first if necessary.
All opened handles to the volume would then be invalid
(implies /F -fixes all errors on disk).
a utility to be ran before imaging a disk to solve possible configuration problems
Sysprep
- Microsoft’s System Preparation Tool
Sysprep Generalizes the image and removes computer-specific information such as installed drivers and the computer security identifier (SID).
The hard drive partition where the Windows OS is stored. The system partition and the boot partition my be different partitions
boot partition
{Boot Partition has the OS}
{System Partition has the BCD}
*Boot Configuration Database
App in macOS used to verify or repair a disk or file system
Disk Utility
the information is highly sensitive, for viewing only by approved persons within the organization
Confidential
- Top Secret = Highest level of restriction
- Secret = Valuable Info, Severely restricted
- Confidential = Highly sensitive info need approval before viewing
- Classified = Restricted, Internal/official use only (3rd party NDA)
- Unclassified = No restrictions
============================================================================
Top Secret
Secret
- Both have “Secret” “Top Secret” is on TOP
Confidential
-is Confidently in the MIDDLE
Classified
Unclassified
- Both have “Classified” “Unclassified” is UNDER classified
Can perform all management tasks and generally has very high access to all files and objects
Administrators
shows you the programs, processes, and services that are currently running on your computer (Ctrl + Alt + Del)
Task Manager
Runs a scan immediately to repair system files
sfc /scannow
Linux command used to search and filter contents of files displaying the lines that match the search string
grep
- Find text in a file
- Search through many files at a time
- grep PATTERN [FILE]
- > grep failed auth.log
ext3 vs ext4
Ext4 is functionally very similar to ext3, Both support journaling but Ext4 brings large filesystem support, improved resistance to fragmentation, higher performance, and improved timestamps.
a text file editor in linux
vi/vim
Records events generated during installation
Setup Logs
Displays ports and addresses in numerical format. Skipping name resolution speeds up each query
netstat -n
-n Displays addresses and port numbers in numerical form.
{N = numerical}
====================================================================
Example:
Proto ___ Local Address _____ Foreign Address _______ State
TCP ___ 10.32.9.109:49264 ___ 35.186.224.42:443 ___ ESTABLISHED
TCP ___ 10.32.9.109:49501 ___ 149.96.232.187:443 ___ ESTABLISHED
TCP ___ 10.32.9.109:49521 ___ 10.32.9.28:7337 _____ ESTABLISHED
TCP ___ 10.32.9.109:49532 ___ 10.32.9.28:6336 ____ ESTABLISHED
TCP ___ 10.32.9.109:51786 ___ 10.32.9.14:1611 _______ ESTABLISHED
TCP ___ 10.32.9.109:52161 ___ 52.113.196.254:443 ____ CLOSE_WAIT
Opens disk management console from runline
Diskmgmt.msc
All user accounts that have been authenticated to access the system would end up here.
Authenticated Users Group
The Authenticated Users group includes all users whose identities were authenticated when they logged on. This includes local user accounts as well as all domain user accounts from trusted domains and also users from other forests that access resources in the local forest using valid credentials and using a forest or external inter-forest trust relationship.
The Everyone group is a superset of the Authenticated Users group. It includes the Authenticated Users group and the Guest account. An important difference between the Everyone and Authenticated Users groups lies in their Guest and Anonymous accounts’ membership
Opens the Computer Management console from runline
compmgmt.msc
These attack the boot sector, partition table and file system
boot sector virus
binary files that store the registry database
hive
Files are rearanged into contiguous clusters inproving read performance
Defragmentation
saves current session to memory and put the computer into a minimal power state
Sleep/Standby Mode
{Sleep/StandBy mode sends data to Memory}
{Hibernate mode sends data to Disk}
HOSTS file location in Windows
%SYSTEMROOT%\System32\drivers\etc\hosts
=========================================================
The hosts file is an operating system file on Windows PC that lets you map specific domain names to an IP address. Windows will use the hosts file each time when connecting over a network using a hostname. It’s used to translate hostnames into numeric protocol addresses that identify and locate a host in an IP network.
This is similar to nslookup where a domain name is translated to IP.
Causes all policies(new and old to be reapplied)
gpupdate /force
- Group Policy Update /force
A storage location in the environment of the operating systems command shell.
Location to store information about the operating system environment. This information includes details such as the operating system path, the number of processors used by the operating system, and the location of temporary folders. It also stores data that is used by the operating system and other programs.
environment variable
Microsoft peer to peer network model in which computers are grouped together with access to shared resources
Workgroup
Capturing and reading data packets as they move over a network
eavesdropping
The software component that provides the core set of operating system functions
kernel
A type of virus that spreads through memory and network connections rather than infecting files. Autonomously spreads and/or self replicates without user interaction
Worm
- Self-contained
- Typically target network application vulnerability
- Rapidly consumes network bandwidth.
View the performance of the local computer
Reliability and Performance Monitoring
Authenticates user before committing any resources to RDP session preventing denial of service attacks
NLA (Network Level Authentication)
NLA is a feature of Remote Desktop Services (RDP Server) or Remote Desktop Connection (RDP Client) that requires the connecting user to authenticate themselves before a session is established with the server.
Governs the processing of credit card and other bank payments
PCI-DSS (payment card industry data security standard)
===============================================================================
Anything having to do with PAYMENT CARDS or there related INDUSTRY aka banking. Banks want there DATA secured with this STANDARD
Payment
Card
Industry
Data
Security
Standard
PCIDSS
A type of authentication suitable for server and domain based networks
RADIUS
-Remote Authentication Dial-In User Service
RADIUS protocol implements AAA, Authentication, Authorization, and Accounting.
Dismounts volume C:
chkdsk C: /x
/x Forces the volume to dismount first, if necessary. All open handles to the drive are invalidated. /x also includes the functionality of /f.
/f Fixes errors on the disk. The disk must be locked. If chkdsk cannot lock the drive, a message appears that asks you if you want to check the drive the next time you restart the computer.
A group of sectors
Cluster
Appears in legacy applications but is deprecated because the rights allocated to this account type can be abused to allow the user Administrative or System privileges
Power Users
Sets radio power level, typically set to the highest level by default.
Transmit Power
A type of network attack where an attacker captures network traffic and stores it for retransmission at a later time to gain unauthorized access to a network
Replay attack
An application used to provide detailed diagnostic information about your mac
System Information
A management console snap in for viewing and managing system logs
Event Viewer
- (accessed through computer management, administrative tools, or eventvwr.msc)
Directory listings in order by date
dir /o:d
/o (Order) how?
:d (by Date)
/o:d (Order:by date)
Apple equivalent of Ctrl button
Command
Disables dmartin account
net user dmartin /active:no
The highest level of classification
Top Secret
a tool that reads the contents of a drive and writes the output to a .WIM format file.
DISM
- Microsoft’s Deployment Image Servicing and Management
Python comments
#
A program that appears desirable but actually contains something harmful
Trojan Horse
A management console that provides an interface for managing user and group accounts.(not available in Starter or Home editions)
Local Users and Groups (lusrmgr.msc)
- The Local Users and Groups in Windows 10 is an area where you can secure and manage user accounts or groups. These user accounts or groups must be stored locally on Windows 10 for you to be able to manage them.
Tab in system properties that provides option for system restore
System Protection Tab
displays all files without an extension.
dir *.
Used in public key encryption, its a scheme in which the key to encrypt the data is different from the key to decrypt ( uses an RSA cipher)
Asymmetric Encryption
Do anything with the object, including change its permissions and its owner
Full Control
The database that contains the users, groups, and computer accounts in a Windows Server Domain
Active Directory
Write permission is required for the destination folder and read for the source folder. NTFS permissions are inherited from the destination folder and the user becomes the Creator/Owner
Copying files and folders on the same NTFS volume or different volumes
- The only instance where the source folder has Read permissions, The rest are Modify.
- As with Moving files/folders to a different NTFS volume, NTFS permissions are inherited from the destination folder and the user becomes the Creator/Owner.
Both 64 bit file systems that support journaling but ext4 delivers better performance
ext3 vs ext4
A feature within NTFS on Windows systems that supports encrypting individual files or folders for confidentiality.
EFS (Encrypting File System)
The account that created or “owns” an object, usually a user account.
Creator Owner Group
linux command that shows the default gateway because ifconfig does not
route
Error message when you try to ping an IP
Destination Host Unreachable
-“Destination Host Unreachable” is one of the usual but unexpected errors that flow out while carrying a network ping test. It is a type of Troubleshooting IP Default Gateway Issues that induce incorrect default gateway, which further leads to halt in a network ping test.
Microsoft client/server network model that groups computers together for security and to centralize administration
Domain
- An Active Directory Domain is a collection of objects within a Microsoft Active Directory network. An object can be a single user or a group or it can be a hardware component, such as a computer or printer.
tab in system properties that provides option for system restore
system protection tab
An applet to set the programs you wish to use, or choosing which application is used to open files of a particular extension
Default Programs
a utility that provides a manual interface for verifying system files and restoring them from cache if they are corrupt or damaged
sfc
- System File Checker
Read a file and change it, or create a file within a folder, but not to delete it
Write
Shuts the Windows computer down in 30 seconds
shutdown /t 30
Resolves address to hostnames
ping -a IPaddress
-a Resolve addresses to hostnames.
capturing and reading data packets as they move over a network
Eavesdropping
specifies minutes past the hour in cron(0-59)
mm
Either parameter will generate a detailed explanation of the command in Linux
man/ –help
shuts the computer down in 1 minute
Windows:
shutdown /s /t 60
macOS/Linux:
sudo shutdown -h (default is 1 minute)
sudo shutdown -h +5 (5 minutes from now)
sudo shutdown -h 00:05 (also works in hh:mm format)
Allows Group Policy Object management without Active Directory on standalone computers.
Exposes the whole registry configuration using a dialog-based interface(Offers a wider range of settings than Local Security Policy)
Local Group Policy Editor (gpedit.msc)
(LGPO or LocalGPO)
attempts to repair MBR
bootrec /fixmbr
Linux, install new application
apt-get install (package name)
linux command-line program used to create and manage partitions on a hard disk
fdisk
An account that has the same privileges as LocalService but can access the network using the computer’s machine account’s credentials
NetworkService
In administrative tools. You would use this to configure password and account policies with out going into the registry
Local Security Policy (secpol.msc)
The Local Security Policy snap-in (Secpol.msc) restricts the view of local policy objects to the following policies and features:
*Account Policies
*Local Policies
*Windows Firewall with Advanced Security
*Network List Manager Policies
*Public Key Policies
*Software Restriction Policies
*Application Control Policies
*IP Security Policies on Local Computer
*Advanced Audit Policy Configuration
Policies set locally might be overwritten if the computer is joined to the domain.
The Local Security Policy snap-in is part of the Security Configuration Manager tool set.
tool to setup partitions on a hard drive. Sets up active partition
Diskpart
Questions
Answers
In OS X, a utility to remotely view and control a Mac and is similar to Remote Assistance in Windows.
Screen Sharing
changes the name of volume D to volume E
format D: /v:E
format Volume [/V:volume]
/V:label -Specifies the volume label.
- Change the name of D volume to E
Not the apple equivalent of the Ctrl button
Control
displays all files with the DOC extension in the current directory
dir *.doc
A feature of OS X that gives other computers on the network access to the Mac’s optical drive. System Preferences -> Sharing
Remote Disc
Group Policy Snap in
gpedit.msc
(Linux)stops a process using its Process ID
ps
-Gets all process and there PIDs
kill [PID]
-Ends the PID entered
Displays DHCP, DNS server, MAC address, and NetBIOS status
ipconfig /all
The database that contains the users, groups, and computer accounts in a Windows Server Domain
Active Directory
Time it takes for a signal to reach the recipient
Latency
list by date created
dir /t:c
/t [List time fields] what time fields?
:c [created]
Other time fields:
C Creation
A Last Access
W Last Written
firewall implemented as software on the individual host computer
Host Firewall
Displays all connections and listening ports.
netstat -a
-a Displays all connections and listening ports.
{A for ALL}
list by last time accessed
dir /t:a
/t [list by time field] what time field?
:a [last accessed]
C Creation
A Last Access
W Last Written
Information gathering threat in which the attacker attempts to learn about the configuration of the network and security systems
footprinting
Python file extension
.py
checks the integrity of disks and can repair any problems detected
chkdsk
-Check Disk
/f [fix all errors found]
acts as the emulator for allowing 32-bit applications to run seamlessly on a Windows 64-bit OS
WOW64
Linux shell script
.sh
Windows group that includes all users
Everyone Group
System for which vendors have dropped all support for security updates due to the system’s age.
End-of-life System
rw-
6
7 -Read, Write, and Execute r w x
6 -Read and Write r w -
5 -Read and Execute r - x
4 -Read only r - -
3 -Write and Execute - w x
2 -Write only - w -
1 -Execute only - - x
4 -(letters in) READ
2 -write
1 -eXecute
Read + Write = 6 (rw-)
–x
1
Under this protocol Authentication, Authorization, and Accounting are performed by a separate server
RADIUS (Remote Authentication Dial-In User Service)
{Think - RAAADIUS}
- RADIUS is a networking protocol, operating on ports 1812 and 1813, that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service.
Provides remotely accessible database for storing, operating system, device, and software application configuration information
Windows Registry
%SystemRoot%\System32\Winevt\Logs
Where the log files stored
a feature to secure access to shared folders and printers. (exists in windows 7 and 8 but not in later versions of windows 10)
Homegroup
A utility on macOS that allows a full windows installation to be made on a Mac. Applications ->Utilities folder
Boot Camp
A partition that contains an image of the bootable partition created when the computer was built.(Restores OS to factory settings)
Factory Recovery Partition
WoWLAN
Wake on Wireless LAN
Applies a new or changed policy to a computer immediately
gpupdate /force
The active partition of the hard drive containing the boot record and the specific files required to start the Windows launch.
System Partition
lists both wide format and one screen at a time
dir /w/p
A tool that reads the contents of a drive and writes the output to a .WIM format file.
DISM
- Microsoft’s Deployment Image Servicing and Management
- .WIM Windows Image Format
view and change environment variables in Linux
printenv or env command
restricts OS installation to trusted software
secure boot
virtual file system for linux
VFAT (virtual file allocation table)
- Uses the same data structures that Windows uses
- Supports long (255) file names
The switch or router performs authentication of the attached device before activating the port
PNAC
- Port-based network access control
A third party that vouches for certificates
A server that can issue digital certificates and associated public/private key pairs. A way of authenticating that the keys are authentic.
CA
- Certificate Authority
Displays, Storage, Service
apple menu items
to adjust settings of an apple track pad
System Preferences -> Trackpad
Commands to reset the network adapter in Windows 7/8
ipconfig /flushdns
netsh interface ip reset resetlog.txt (netsh i i r r)
netsh winsock reset
- /flushdns
Reverts the DNS file to default. - netsh interface ip reset resetlog.txt
Rewrites two registry keys that are used by TCP/IP - netsh winsock reset Winsock settings contain your computer’s configuration for Internet connectivity. This reverts them to default.
- netsh = Network Shell
installing an new OS that completely replaces the old one
clean install
End a process using its unique ID
taskkill /pid
===============================================================================
To end a process by name:
taskkill /IM
Taskkill /IM notepad.exe
Either parameter will generate a detailed explanation of the command in Linux
man/ –help
An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information
Phishing
Runs on on TCP port 3389.
RDP (Remote Desktop Protocol)
Allows you to view and edit current security policy
Local Security Policy (secpol.msc)
- The local security policy of a system is a set of information about the security of a local computer. The domains trusted to authenticate logon attempts. Which user accounts may access the system and how. For example, interactively, through a network, or as a service.
Halt or power off the system (Linux)
shutdown -h
runline command for system restore
rstrui.exe
*Restore Utility
ReSToR UtIlity
list in order by extension
dir /o:e
===============================================================================
Other sort by orders:
N By name (alphabetic) S By size (smallest first)
E By extension (alphabetic) D By date/time (oldest first)
G Group directories first - Prefix to reverse order
tool to test the memory chips for errors
Windows Memory Diagnostic
512 bytes on a disk
Sector
Information, Warning, Error, Critical, Successful Audit, Failure Audit
Event Types
redhat/CentOS, SUSE, Debian/Ubuntu, Knoppix
popular linux distros
r–
4
Opens the Computer Management console from runline.
compmgmt.msc
A Windows command to manage hard drives, partitions, and volumes.
diskpart
fixes problems and makes improvements to the scan software itself
Scan engine/components
Limited rights such as browsing network and shutdown, but they cannot save changes made to the desktop
Guests
Python
.py
Renames a file or directory
ren
RSoP
Resultant Set of Policies
lists files using a wide format with no file details.
dir/w
an xml text file that contains all the instructions a Windows Setup program would need to install and configure an OS with out any administrator intervention
answer file
Management console with multiple snap-ins to configure local users and groups, disks, services, and devices
Computer Management (compmgmt.msc)
Computer Management is a Microsoft Windows MMC snap in that was first introduced with Windows XP. It allows access to admin tools, including the Event Viewer, Task Scheduler, local users and groups, performance logs and alerts, Device Manager, Disk Management, and the Services manager.
Network reset in Windows 10
Settings–>Network & Internet–>Status–>Network Reset
A windows policy in which a computer remotely installs an application from a network folder without any administrator intervention
GPO
- Group Policy Objects
Order by size
dir /o:s
==========================================================
Other Order options:
N By name (alphabetic) S By size (smallest first)
E By extension (alphabetic) D By date/time (oldest first)
G Group directories first - Prefix to reverse order
the standard that defines a Port-based Network Access Control mechanism
802.1x
The host cannot route a reply back to your computer
No reply (request timed out)
linux command-line program used to format a partition with a file system
mkfs
{MKFS = Makes (Formats the partition with) the file system}
{FDISK = Creates the partition}
sets the day of the week in cron in either numerical or text format
weekday
This group contains the user account of the person currently working at the computer
Interactive Group
- The members of the Interactive group gain access to resources on the computer at which they are physically located or logged on. This group includes all users who log into a computer locally or are logged in via RDP.
List by extension
dir/o:e
==========================================================
sort order:
N By name (alphabetic) S By size (smallest first)
E By extension (alphabetic) D By date/time (oldest first)
G Group directories first - Prefix to reverse order
a set of tools designed to gain control of a computer without revealing its prescence
Rootkit
Add dmartin to the Administrators local group
net localgroup Administrators dmartin /add
- Net localgroup command is used to manage local user groups on a computer. Using this command, administrators can add local/domain users to groups, delete users from groups, create new groups and delete existing groups.
All user accounts that have been authenticated to access the system
Authenticated Users Group
Removes job from a scheduled list in cron
crontab -r
Apple version of performance monitor
Activity Monitor
A program on a server that allows the network administrator to approve updates for certain groups
WSUS
-Windows Server Update Services
displays all files with the DOC extension that start with the letters LET and searches for subdirectories
dir Let *.doc /s
/S Displays files in specified directory and all subdirectories.
specifies the month in numerical or text format in cron
MM
Displays DNS resolver cache
ipconfig /displaydns
/displaydns Displays the contents of the DNS client resolver cache, which includes both entries preloaded from the local Hosts file and any recently obtained resource records for name queries resolved by the computer. The DNS Client service uses this information to resolve frequently queried names quickly, before querying its configured DNS servers.
Common ipconfig switches:
/all
/flushdns
/release
/renew
Programming environment that includes features to help you write and edit code as well as debugging tools
IDV (Integrated Development Environment)
linux command-line program used to format a swap partition
mkswap
Manages the memory mappings and assignments
VMM
- virtual memory monitor
All data modified since last full backup(moderate backup time, moderate restore time uses no more than two tape sets)
Differential backup
{Incremental Backup - only the files that changed since the last back up.}
{Differential Backup - only the files that changed since the last FULL backup.}
{Full Backup - Complete backup of all files}
Interface for managing a Windows 10 computer
The successor to Control Panel
Windows Settings
Microsoft peer to peer network model in which computers are grouped together with access to shared resources
Workgroup
A command-line version of the Task Manager
tasklist
-wx
3
Do most things with an object but not to change its permissions or owner
Modify
Virus that takes advantage of the macro programming languages built into some software.(affect an Office Document)
Macro viruses
saves the current session to disk before powering off the computer
Hibernate Mode
a program that appears desirable but actually contains something harmful
Trojan Horse
Windows RE program that attempts to fix startup problems.
Bootrec
Acts as the emulator for allowing 32-bit applications to run seamlessly on a Windows 64-bit OS
WOW64
R- read only, H - Hidden, S - System, cannot be deleted A- Archive, modified since last backup
File Attributes
A windows feature that can encrypt a folder or a file
EFS
- Encrypting File System -
scans and attempts to recover bad sectors on drive C
chkdsk C: /r
/r Locates bad sectors and recovers readable information. The disk must be locked. /r includes the functionality of /f, with the additional analysis of physical disk errors.
incident response processes, management oversight, security awareness, and training
Procedural controls
On NTFS volumes only skips part of the checking process
chkdsk [volume] /i /c
- /c Use with NTFS only. Does not check cycles within the folder structure, which reduces the amount of time required to run chkdsk.
- /i Use with NTFS only. Performs a less vigorous check of index entries, which reduces the amount of time required to run chkdsk.
used in public key encryption, it is scheme in which the key to encrypt data is different from the key to decrypt.(uses an RSA cipher)
asymmetric encryption
to attempt repair of the boot sector
bootrec /fixboot
Queries a DNS server about a host.
nslookup -option host server
- Name Server Lookup
-nslookup is a DNS lookup query utility
==========================================================
Usage:
nslookup [-opt …] [# interactive mode using default server]
nslookup [-opt …] - server [# interactive mode using ‘server’]
nslookup [-opt …] host [# just look up ‘host’ using default server]
nslookup [-opt …] host server [# just look up ‘host’ using ‘server’]
changes the group in linux
chgrp
What does AAA stand for?
Authentication, Authorization, and Accounting
- AAA is a system for tracking user activities on an IP-based network and controlling their access to network resources.
==========================================================
Authentication (Who are you?)
Authorization (Do you have permission?)
Accounting (Keeping track of who comes and goes)
Distributed denial of service attacks that overwhelm a web server and shut it down
DDoS Attack
prevents anyone but the user from viewing the screen
privacy screen
Data that is used to identify, contact, locate, or impersonate an individual
PII (Personally Identifiable Information)
*Not to be confused with NPPI… (Non Public Personal Info)
Windows batch file
.bat
the command or script to run along with the full path to the file
command
Opens device manager from runline
devmgmt.msc
==========================================================
Despite the name being Device Manager, the file name is devmgmt.msc
user authentication login, firewalls, anti-virus software
Logical controls
Provides information about hardware resources, components, and the software environment. Also known as System Information.
msinfo32.exe
Forced DHCP client to renew lease it has for an IP address(if AdapterName is omitted it releases or renews ALL adapters on the network)
ipconfig /renew AdapterName
a text file editor in linux.
vi/vim
What does BCD stand for?
Boot Configuration Database
a windows peer-to-peer network found in Windows 10
workgroup
A utility that is used to register component services used by an installed application.
regsvr32
-regsvr32 is a command-line tool in Windows that stands for Microsoft Register Server. It’s used to register and unregister Object Linking and Embedding (OLE) controls like.DLL files and ActiveX Control.OCX files
Updated file system for optical media with support for multi-session writing
UDF (Universal Disk Format)
An index level calculated from signal strength. If the connection speed is below the set minimum, the wireless adapter will drop the signal
RSSI (Received Signal Strength Indicator)
- (RSSI) is an estimated measurement of how good a device can hear, detect and receive signals from any access point or from a specific router.
- 30db - feet away from transmitter
- 67db - Minimum signal strength for applications that require very reliable, timely delivery of data packets. (VoIP, Streaming)
- 70db - Minimum signal strength for reliable packet delivery. (email, Web)
- 80db - Minimum signal strength for basic connectivity. Packet delivery may be unreliable.
- 90db - Approaching or drowning in the noise floor. Any functionality is highly unlikely.
A search tool in the macOS
Spotlight Search
Format D: drive with a NTFS file system and forces the drive to dismount.
format D: /fs:NTFS /x
- /X Force the volume to dismount first if necessary. All opened handles to the volume would no longer be valid.
64 bit file system used for large capacity removable hard drives and flash media.
exFAT ( Extended File Allocation Table)
Write permission is required for the destination folder and Read for the source folder. NTFS permissions are inherited from the destination folder and the user becomes the creator
Copying files and folders on the same NTFS volume or different volume
A disk partition disignated for swap space in linux
Swap Partition
a feature of macOS that enables a user to set up one or more desktops with different sets of apps and backgrounds
Mission Control
Set properties and monitor local printers and manage print sharing on a network
Print Management
performs a quick format on D: volume and use exFAT file system.
format D: /q /fs:EXFAT
- /q quick format. Does not scan for bad sectors.
==========================================================
Format Syntax:
FORMAT volume [/FS:file-system] [/V:label] [/Q] [/L[:state]] [/A:size] [/C] [/I:state] [/X] [/P:passes] [/S:state]
All data modified since last full backup ( moderate backup time, moderate restore time uses no more than 2 tape sets)
Differential backup
Do anything with the object, including change its permissions and its owner
Full Control
Load basic devices and services only
Diagnostic start up
-When you start the computer in Safe mode, Windows loads only the basic drivers and computer services that you need. The diagnostic startup option enables Windows to determine which basic device drivers and software to load when you start Windows.
process of optimizing RAM storage by borrowing hard drive space
virtual memory
o Virtual Memory: Allows you to set the amount of storage space for the Page/Swap File which is the RAM overflow that gets written to the HDD. This is managed automatically by default but you can modify this to set the HDD its writes to, Say from a HDD to a SSD and also modify the size of the Page/Swap File.
enters the linux job schedualing editor
crontab -e
specifies the month in numerical or text format in cron
MM
opens a Remote Desktop connection from command line
mstsc
-Microsoft Terminal Services Connection
Load all device drivers and services
Normal Startup
Distributed denial of service attacks that overwhelm a web server and shut it down
DDoS Attack
/etc/hosts
HOSTS file location in Linux
shows the properties of the dmartin account
net user dmartin
Resolves address to hostnames
ping -a (IP address)
- Returns the host name of IP address
- In certain instances the inverse can be done using:
nslookup (hostname) - Returns the IP address of the host name
to attempt repair of the boot sector
bootrec /fixboot
rwx
7
A computer network that enables users to wirelessly connect to their offices or the Internet via a cellular network. Sometimes referred to as wireless broadband.
WWAN (Wireless Wide Area Network)
lists files using a wide format with no file details
dir /w
formats D drive to an exfat file system
format D: /fs:EXFAT
variation in delay
jitter
Control Panel –> System Properties –> Remote Settings
Remote Settings Location
Add user dmartin and require password change.
net user dmartin Pa$$w0rd /add /fullname: “David Martin” /Logonpasswordchg:yes
the capability for choosing between two or more operating systems to boot from when a computer is turned on. A separate partition is required for each operating system. (Win)
Multiboot
Appears in legacy applications but is deprecated because the rights allocated to this account type can be abused to allow the user Administrative or System privileges
Power Users
This log holds the audit data for the system
Security Log
Used to modify settings and files that effect the affect the way the computer boots in windows
System Configuration Utility (msconfig)
- Tabs found in msconfig:
- General:
Allows you to boot Windows in diagnostic or selective mode when necessary - Boot:
Manage everything related to Windows boot, including Safe mode. - Services:
Enable or disable Windows and other services - Startup:
The startup section is now managed via Task Manager. - Tools:
Launch popular System services from here
A set of tools designed to gain control of a computer without revealing its presence
Rootkit
Ensures old data on a hard drive is destroyed by writing zereos or a random patter to each location on the drive. Makes disk suitable for re-use
Drive wiping
overloading a switch’s MAC cache preventing genuine devices from connecting and forcing the switch into “hub” or “flooding” mode
MAC Flooding
File system used in macOS High Sierra or later which supports native file encryption
APFS
- Apple File System
- also called Mac OS Extended
- Current FS used by Apple
- Successor to HFS+ Extended Hierarchical File System
aborts command prompt shutdown
shutdown -a (Linux)
shutdown /a (Win)
A class of enterprise software designed to apply security policies to the use of smartphones and tablets in a business network
MDM (Mobile Device Management )
displays linux processes that are currently running
ps
Three most effective types of physical data destruction?
Shredding, Incineration, Degaussing
installing on top of an existing version of OS
in-place upgrade
A means of applying security settings and other administrative settings across a range of computers and users
GPO (Group Policy Object)
-A Group Policy Object (GPO) is a virtual collection of policy settings.
viewing is restricted to the owner organization or to third parties under a Non-disclosure Agreement
classified
The info is too valuable to permit any risk of its capture. Viewing is severely restricted
Secret
These attack the boot sector, partition table, and file system
boot sector virus
shows an enhanced version of the sort of snapshot monitoring provided by task manager by showing detailed info on hardware usage.
Resource Monitor
Reroutes requests for legitimate websites to false websites
pharming
To adjust settings of an Apple trackpad
System Preferences –> Trackpad
A group of sectors
Cluster
A Windows process that does not require any sort of user interaction and so runs in the background.
Service
The time it takes for a signal to reach the recipient
latency
Apple equivalent of Alt
Option
A limited account used to run services that cannot make system wide changes. Also it can access the network anonymously
LocalService
Group is able to perform most common tasks such as shutdown, running applications, and using printers. They can also change time zone and install printers
Users
File System used in macOS High Sierra or later which supports native file encryption
APFS
- Apple File System
Write permission is required for the destination folder and Modify for the source folder. NTFS permissions are inherited from the destination folder and the user becomes the Creator/Owner
Moving files and folders to a different NTFS volume
MacOS version of remote desktop functionality
Screen Sharing
attempts to discover the password from the hash using databases of precomputed hashes
Rainbow Table Attack
Allows you to start up the computer remotely
WoL Wake on LAN -
Release the IP address obtained from a DHCP server so the network adapter will no longer have an IP address
ipconfig /release AdapterName
In Linux, checks partition errors (partition should be unmounted before running this tool)
fsck
In Linux, checks partition errors (partition should be unmounted before running this tool)
fsck
clears the command prompt screen.
cls
Specifies minutes past the hour in cron, the linux job scheduler. (0-59)
mm
template containing the OS and required software
Image
A microsoft utility to encrypt a drive
BitLocker
Reroutes request for legitimate websites to false websites
Pharming
displays all files with the DOC extension in the current directory.
dir *.doc
- tests whether or not a system is responsive
- shortcut to restart the graphics driver
Windows + Ctrl + Shift + B
Apple equivalent of file explorer in Windows
Finder
Best place to configure your system in Windows 7
Control Panel
Write permission is required for the destination folder and Modify for the source folder. NTFS permissions are retained.
Moving files and folders on the same NTFS volume
-w-
2
Allows a user to ask for help from a technician or co-worker
Assigns a port dynamically from an ephemeral range
Remote Assistance
A limited account used to run services that cannot make system wide changes. Also it can access the network anonymously
Local Service
clears the command prompt screen
cls
0
Informs you when a program makes a change that requires administrator-level permission, also adjusts the permission level of your user accounts
UAC (User Account Control)
causes a service at a given host to fail or become unavailable to legitimate users, Typically, by overloading a service.
DoS attack (Denial of Service Attack)
Adds missing Windows installations to the BCD
bootrec /rebuildbcd
Displays a log of “system reliability” events
Reliability Monitor
Reboot 10 minutes from now (Linux)
shutdown now, +10
Fixes file system errors on the disk drive C
chkdsk C: /f
- The intention is to check the Windows drive for damage and (with the /f switch) immediately perform a repair.
- CHKDSK finds and fixes errors in the file system of your hard drive, SFC (System File Checker) specifically scans and repairs Windows system files.
A type of network attack where an attacker captures network traffic and stores it for retransmission at a later time to gain unauthorized access to a network.
Replay Attack
New files and files modified since last backup(low backup time, high restore time uses multiple tape sets)
Incremental backup
Used to mount storage devices into a local file system in linux
NFS (Network File System)
64 bit application files location in Windows.
Program Files
A protocol in which the computer is enabled to browse update.microsoft.com and select updates for download and installation
BITS
- Background Intelligent Transfer Service
-On Windows 10, Background Intelligent Transfer Service (BITS) is an essential component responsible for assisting the system and applications during foreground or background downloads and uploads between the device and a remote server, without impacting the network experience.
256 bit cryptographic hash generated from a passphrase. This authentication method is suitable for SOHO networks
PSK
- Pre-Shared Key -
Clients - Provides connections to types of file servers such as Linux, Unix, or Windows
Protocols - Provide the format for addressing and delivering data messages between systems.
Services - Allow your machine to provide network functionality to other machines
Adapter Properties
A command used to view all variables in the shell, except special variables.
“set” command
-Linux set command is used to set and unset certain flags or settings within the shell environment.
-In Windows, Set Displays, sets, or removes cmd.exe environment variables. If used without parameters, set displays the current environment variable settings.
Formats D: drive and enables file compression using NTFS
format D: /fs:NTFS /c
linux task scheduler
cron
Saves the current session to memory and put the computer into minimal power state
Standby/Sleep Mode
services that work in the device firmware that prevents restores or the disabling of location services
Activation Lock/Device Protection
a software program capable of reproducing itself that can spread from one computer to the next over a network
Worm
list by time file was last written to
dir /t:w
/t = Time
:w = last witten to
groupadd, groupmod, groupdel
linux group commands
enters the editor in Linux task scheduler.
crontab -e
terminates process without any user notification
taskkill /f /pid processid
-taskkill
ends one or more tasks or processes.
/f
Specifies that processes be forcefully ended. This parameter is ignored for remote processes; all remote processes are forcefully ended.
/pid [processID]
Specifies the process ID of the process to be terminated.
The hard drive partition where the Windows OS is stored. The system partition and the boot partition may be different partitions.
Boot Partition
System Preferences ->users and groups
adding a new account in MacOS
A list of permissions associated with an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects.
Rules applied by packet filter firewalls that filter data by IP address, Protocol ID, and Port Numbers
ACL (Access control list)
ACLs come in different forms:
- File System ACL
- Active Directory ACL
- Network ACL
All perform a similar role, to attach permissions to an object (resource) that specify which users are granted access to that object (resource) and the operations it is allowed to perform.
Contains information about service load failures, hardware conflicts, and driver load failures
System Log (syslog)
Write permission is required for the destination folder and Modify for the source folder. NTFS permissions are retained
Moving files and folders on the same NTFS volume
Control Panel ->System -> Advanced system settings ->System Properties->Remote Settings
remote settings location
Freeware that works over TCP port 5900 with similar functionality to RDP.
VNC (Virtual Network Computing)
- Screen Sharing is based on VNC
Shows the process that has opened the port
netstat -b
-b
Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached.
Local Security Policy snap in
secpol.msc
A Windows process that does not require any sort of user interaction and so runs in the background
service
Contains information regarding the application errors
Application Log
Allows administrators to devise policies or profiles defining the minimum security configuration required of devices for network access
NAC (Network Access Control)
- Network Access Control (NAC) is an approach to computer security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security enforcement.
Gnome, KDE, Cinnamon, Xfce
popular linux GUIs
Aborts command prompt shutdown
shutdown -a
shutdown /a
Forced DHCP client to renew lease it has for an IP address (if AdapterName is omitted it releases or renews ALL adapters on the network)
ipconfig /renew AdapterName
useradd, usermod, userdel
linux user commands
Saves the current session to disk before powering off the computer
Hibernate mode
Modify permission is required for the destination folder. All permissions and NTFS attributes(such as encryption) are lost, FAT does not support permissions or special attributes
Moving files and folders to a FAT or FAT32 partition
privacy laws, policies, and clauses
legal and regulatory or compliance controls
Tool to test the memory chips for errors
Windows Memory Diagnostics
Formats D volume and specifies the size of allocation units 512
format D: /a:512
/A:size Overrides the default allocation unit size. Default settings
are strongly recommended for general use.
Proprietary file system used exclusively in Windows.
NTFS
- New Technology File System
catalog of Microsoft tested and approved devices and drivers
LPL
- Windows Logo’d Product List
- Sometimes called Windows Compatible Products List
group policy snap in
gpedit.msc
displays all files with the DOC extension that start with the letters LET
dir Let *.doc
Contains user accounts of any users connected to a computer over the network
Network Group
located in Administrative Tools, enables you to register new server applications or reconfigure security permissions for existing services
Component Services (COM+)
JavaScript
.js
**** means that the switch or router performs authentication of the attached device before activating the port
PNAC
- Port-based network access control
shows an enhanced version of the sort of snapshot monitoring provided by task manager
Resource Monitor
Opens the Run dialog box
Win Key + R
Files written in non contiguous clusters reducing read performance
Fragmentation
Reboot from command line
shutdown -r
shutdown /r
Displays DHCP, DNS server, MAC address, and NetBIOS status
ipconfig /all
Windows log files that allow you to collect statistics about resources and can be used to determine system health and performance.
counter logs
An information gathering threat, in which the attacker attempts to learn about the configuration of the network and security systems through social engineering attacks or software based tools.
Footprinting (also known as reconnaissance)
- generally refers to one of the pre-attack phases; tasks performed before doing the actual attack.
Software that enumerates (lists, in order) the status of TCP and UDP ports on a target system.
Port Scanning
- Port scanning can be blocked by some Firewalls and IDS (Intrusion Detection System).
-A port scanner is an application designed to probe a server or host for open ports. Such an application may be used by administrators to verify security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities.
What are the types of Events seen in Event Viewer? (6)
Information, Warning, Error, Critical, Successful Audit, Failure Audit
{Whales Eat Cats Instead of Salted Fish}
*Warning
*Error
*Critical
*Information
*Successful Audit
*Failure Audit
What does Chkdsk and Scandisk do?
CHKDSK is designed to check the integrity of disk partition file system, scan and fix detected logical file system errors on the hard disk.
ScanDisk can also check and repair disk file system errors. However, ScanDisk cannot scan NTFS disk drives, but only scan FAT drives like FAT32, FAT16, and FAT12.
What does SFC /Scannow and DISM do?
(System File Checker)
SFC /Scannow helps you scan and repair corruptions in Windows system files.
(Deployment Image Servicing and Management Tool)
DISM can be used to prepare, modify and repair Windows system images.
An alternative to RADIUS
TACACS+
- Terminal Access Controller Access-Control System Plus
- Developed by Cisco, Terminal Access Controller Access-Control System (TACACS,) refers to a family of related protocols handling remote authentication and related services for networked access control through a centralized server.
A mobile user has transitioned to using apps on their smartphone for all
business tasks. To ensure that no data will be lost, the smartphone will
need to have multiple backups each day. The user travels most of the time
and rarely visits the home office. What would be the
best way to provide these backups?
Use a cloud backup service
- Using a cloud backup service such as Apple iCloud or Google Drive
provides an automated method to constantly backup all user data on the
smartphone. If the phone is lost or stolen, the user can purchase a new
smartphone and restore all of the data from the cloud.
A system administrator has inadvertently installed a Trojan horse that has
deleted a number of files across many Windows file shares. The Trojan
also had access to user documents and login credentials and transmitted
numerous documents to an off-site file storage system. What would limit the scope of future exploits?
Modify the default permissions
- Many system administrators configure their accounts to have full access
to the network as their default setting. This means that malicious software
would also have full access if the administrator’s desktop was exploited.
Changing the default permissions to have limited access would also limit
the scope of a Trojan horse exploit.
A data center manager would like to ensure that a power fault on a server
would not be harmful to employees. What would be the
BEST choice for this requirement?
Electrical ground
- An electrical ground will divert any electrical faults away from people and
into a copper grounding rod. An electrical ground is a critical part of any
power system and equipment installation.
A desktop administrator has just removed malware from a user’s desktop
computer and has configured the system to automatically update antivirus
signatures and perform a scan each night. What should be the NEXT step in the removal process?
Enable System Protection
- Before the malware was removed, System Protection was disabled to
delete all potentially-infected restore points. Once the malware is removed
and the anti-malware process is working again, System Protection can
be re-enabled.
A Linux administrator is modifying a log file and needs to rename the
file. What should be used to make this change?
mv
- The Linux mv (move) command will move a file from one location to
another or move/rename a file from one name to another.
Walter, a user in the accounting department, has opened a help desk
ticket that complains of garbled output from the local network printer.
Any spreadsheet sent to the printer results in a jumble of text and
graphics instead of the spreadsheet output. What
should be the FIRST troubleshooting step?
Print a test page from the printer console
- It would be useful to know if the printer is working properly or if the issue
occurred prior to the output reaching the printer. Printing a test page from
the printer console circumvents the network, operating system, driver, and
application to determine if the printer itself is working properly.
A user has opened a help desk ticket regarding the battery life in her
three-year old smartphone. If a power source is not available, the phone
battery is usually depleted by the middle of the work day. She uses the
smartphone to access resources across the VPN, send and receive email,
and run company-related apps. Her average screen time during the day
usually exceeds ten hours. What would be the MOST
likely reason for this battery issue?
The battery capacity is decreased
- Smartphone batteries have a lifespan of about 300 to 500 charge cycles,
so smartphone that’s three years old will not have the same capacity as the
battery in a new smartphone.
network administrator has found that a daily report shows a single
user with numerous visits to a website that violates the company’s AUP.
What should the administrator do NEXT?
Contact the company’s security officer
- A company’s AUP (Acceptable Use Policy) is in place to limit the legal
liability of an organization. If a person in the organization is not following
the terms of the AUP, then the security officer’s team should manage the
results of that action.
What script extensions would commonly be used inside
of a Microsoft Office application?
.vbs
- The .vbs extension is used for Microsoft Visual Basic Scripting Edition
scripts. These scripts provide general purpose scripting in Windows, and
are especially common inside of Microsoft Office applications.
A user would like to install an image and photo editing program on their
home computer, but they would prefer an application that did not require
a monthly subscription. What would be the BEST
licensing option for this requirement?
FOSS
- FOSS (Free and Open-Source) software is distributed without charge and
includes a copy of the source code.
Windows command that fixes logical file system errors on the disk
chkdsk /f
Windows command that locates bad sectors and recovers readable information
chkdsk /r (Implies /f)
Windows network commands
view network resources
- net view \ [Server]
- net view /[workgroup:]
Windows network command to map a network share to a drive letter
net use [Drive Letter] \[server]
net use R: \fs-main
System Configuration Tabs (msconfig)
General tab
• Control the startup process
Boot tab
• Control the boot location
Services tab
• Enable and disable Windows services
Startup tab
• Manage which programs start with a Windows login
Tools tab
• Easy access to popular administrative tools
Task Manager Tabs (Windows 10)
Processes
Performance
App History
Startup
Users
Details
Services
Shares files, photos, video, etc. between all devices.
Works on a single private network only.
Windows HomeGroup (Win 7)
- Logical groups of network devices
- Each device is a standalone system, everyone is a peer
Windows WorkGroup
- Business network
- Centralized authentication and device access
- Supports thousands of devices across many networks
Windows Domain
Network locations in Windows 7
Home
• The network is trusted
Work
• You can see other devices, but can’t join a HomeGroup
Public
• Airport, coffee shop
• You are invisible
Network locations in Windows 8/8.1/10
Private
• Sharing and connect to devices
Public
• No sharing or connectivity
Scripting for Windows at the command line
Batch Scripts
- Command line for system administrators
- Extend command-line functions
- Automate and integrate
- System administration
- Active Domain administration
PowerShell Scripts
- Back-end web server scripting
- Scripting on the Windows desktop
- Scripting inside of
- Microsoft Office applications
VBScripts
Scripting the Unix/Linux shell
Shell Scripts
General-purpose scripting language
Python
- Scripting inside of your browser
- Adds interactivity to HTML and CSS
JavaScript
The ****** command will report if a device on the network can respond to the request, but it does not provide any location details if the device does not respond.
ping
The****** command will query a DNS server to identify IP addresses and fully qualified
domain names.
nslookup
The ***** command will display connections, routes, and other network statistics associated with a single device. The command does not provide any information about the uptime and availability of a remote
network connection.
netstat
The ***** utility will show the network routes between two devices. If the route is disrupted between those two devices, the last available router
will be identified.
tracert
A desktop technician has received a complaint that a remotely-hosted application has stopped working. The technician believes that a network outage at the application provider is the root cause of the issue. Which tool would be the BEST choice to confirm the location of the outage?
tracert
A desktop administrator has been tasked with removing malware from an executive’s laptop computer. The system has been removed from the network, but the Windows startup process shows a Stop Error before
rebooting into a repeating cycle. Which would be the best NEXT step in the malware removal process?
Boot with a pre-installation environment (Windows PE)
Windows Preinstallation Environment (also known as Windows PE and WinPE) is a lightweight version of Windows used for the deployment of PCs, workstations, and servers, or troubleshooting an operating system while it is offline. It is intended to replace MS-DOS boot disks and can be booted via USB flash drive, PXE, iPXE, CD-ROM, or hard disk.
A member of the accounting department at headquarters is getting a new laptop and would like to reissue the older Windows 10 laptop to an accounting team member at a remote site. The headquarters user would like to remove all personal files, apps, and settings before sending the laptop to the remote site. Which would be the BEST way to accomplish this?
Perform a Windows 10 reset
- The Windows 10 reset can quickly remove all
personal files, apps, and setting, and would reset the system to the factory
defaults.
A user’s smartphone contains company confidential information that should not be shared outside of the organization. Which would be the BEST way to limit access to this data if the smartphone was lost
or stolen?
Remote wipe
The remote wipe feature of a smartphone or tablet allows the administrator or owner of the device to delete all information on the device from a website or secure app. If the device is lost or stolen, all of the data on the device can be immediately erased and recovery of the data would not be possible unless the admin/owner also uses Cloud backup
A cloud backup allows the smartphone owner to recover data if the phone were lost or stolen, but the cloud backup alone would not provide any additional protection of the smartphone data.
A workstation technician manages a training center that contains thirty student computers in each room. All of the computers have the same hardware configurations. Which installation method would be the BEST choice for quickly resetting the training rooms at the end of each week?
Image installation
An image installation can install an operating system, applications, and customized system configurations to multiple devices in a single step. With a pre-built images, a large training room of systems can be updated with a specific configuration very efficiently.
Walter, a user, is trying to use a new stylus with his tablet. The screen on the tablet responds to a finger press or a swipe, but the stylus does not interact with the tablet screen. What would be the MOST likely fix for this?
Enable Bluetooth
Most tablets use Bluetooth to connect wirelessly to external devices. If Bluetooth isn’t enabled, then a stylus, wireless headphones, and other personal area network (PAN) devices will not be usable.
(Windows 10 for desktop editions , Windows 8.1 and Windows 8 only). This tool enables your users to repair their own PCs quickly while preserving their data and important customizations, without having to back up data in advance or remove everything.
Push-Button Reset (System Reset) (Reset)
Settings > Update & Security > Recovery > Reset this PC > Get started
Automatically fixes problems preventing Windows from starting
Startup Repair
Open Settings. Click on Update & Security. Click on Recovery. Under the “Advanced startup” section, click the Restart now button
Issues that can be fixed with Startup Repair:
- Your Registry becomes corrupted.
- There are missing or damaged system and driver files.
- You are experiencing Disk metadata corruption (MBR, partition table, and boot sector).
- There is any File system metadata corruption.
- You are facing installing issues or the drivers are incompatible.
- Installation of Windows service packs and patches are coming back with incompatible errors.
- Your boot configuration data is corrupt.
- Startup Repair can detect bad memory and hard disk.
Brings Windows back to a earlier point in time
System Restore/System Protection
Recover your PC using a system image created earlier
System Image Recovery
You receive a call from a customer who is confused after upgrading his Windows 7
Home Premium edition computer to Windows 10. The user cannot find the All Programs menu.
What should you advise?
Users often need assistance when an OS version changes the desktop style or user interface. In Windows
10, the Start Menu and the All Programs submenu have been replaced by the Start Screen. The user can scroll in the Start Screen or use Instant Search to find any app. To use Instant Search, press the Windows key and type the app name.
In terms of system hardware, what is the main advantage of a 64-bit version
of Windows?
Support for more than 4 GB RAM.
You are advising a customer whose business is expanding. The business owner
needs to provision an additional 30 desktop computers, some of which will be
installed at a second office location. The business is currently run with a
workgroup network of five Windows 7 Home Premium desktop computers and one file server.
Why might you suggest licenses for an edition of Windows 10 that supports
corporate needs for the new computer and has upgrades for the old
computers? Which specific edition(s) could you recommend?
Without a domain, accounts must be configured on each computer individually. With over 30 computers to manage at two locations, this would be a substantial task so switching to a domain network, where the accounts can be configured on the server, is likely to save costs in the long term. The BranchCache feature would also allow computers at the second office to minimize bandwidth usage when downloading documents (Enterprise edition only) and updates from the main office. You can suggest either Windows 10
Pro or Windows 10 Enterprise for use on a domain. As Windows moves towards a service model,
subscription-based licensing of the Enterprise edition is becoming the mainstream choice.
customer asks whether an iOS app that your company developed will also work
on her Apple macOS computer.
What issue does this raise and what answer might you give?
The issue here is compatibility between different operating systems. Even though both are produced by
Apple, iOS and macOS use different environments so the iOS app cannot be installed directly. Your
company might make a macOS version. Also (and do not worry if you did not include this in your answer),
with the latest version of macOS (Mojave), support for native iOS apps is being provisioned so this might
be something you can offer in the future.
Apart from Windows and macOS, what operating system options are there
for client PCs?
The other main choice is one of the distributions of Linux. A company might also use some sort of UNIX.
Finally, Chrome OS is installed on Chromebox PCs. These are often used by educational institutions and
businesses who rely primarily on web applications, rather than locally installed desktop software.
You are advising a customer with an older model Android smartphone. The
customer wants to update to the latest version of Android, but using the update
option results in a No updates available message.
What type of issue is this, and what advice can you provide?
This is an issue with update limitations. Android is quite a fragmented market, and customers must
depend on the handset vendor to implement OS updates for a particular model. The customer can only
check the handset vendor’s website or helpline to find out if a version update will ever be supported for
that model.
A user asks you how they can change Ease of Access settings.
In which management interface(s) are these settings located in the different
versions of Windows?
User-level features like this are configured via the Control Panel in Windows 7. In
Windows 8 and Windows 10, there are Ease of Access settings in both the Control
Panel and in the PC Settings/Windows Settings app but don’t worry if you just
answered “Settings app.” It is also worth remembering that you can use Instant
Search to return a list of user configuration options quickly.
You receive a call from a Windows 7 user who wants to “speed his computer up.”
After questioning him, you find that he is actually getting frustrated at having to
click through UAC authorizations. He asks how to turn them off.
Explain how this is done. Should you offer any other advice?
There are several ways to disable User Account Control (UAC) but the simplest is via
the User Accounts applet in Control Panel. You can also just search for “UAC” to
open the dialog box. You should advise the customer that UAC is an important
security feature and that by disabling it, his computer will be more vulnerable to
malware.
True or false? Each version of Windows has an Administrative Tools shortcut
folder in Control Panel.
True—the contents do vary from version to version though.
When would you use the mmc command?
A Microsoft Management Console (MMC) is used for Windows administration.
Running mmc opens an empty console. You would do this to create a custom toolkit
of the snap-ins used to configure advanced features of Windows. You can save the
custom console for future use.
You are attempting to run a command but receive the message The requested
operation requires elevation.
What must you do to run the command?
Open a new command prompt window with sufficient privileges. You can right-click
the Command Prompt icon and select Run as administrator or press Ctrl+Shift
+Enter with the icon selected.
Why might you run the shutdown command with the /t switch?
To specify a delay between running the command and shutdown starting. You might
do this to give users a chance to save work or to ensure that a computer is restarted
overnight.
What tasks would you perform using the regedit tool?
This tool allows you to make manual changes to the Window Registry database. You
can also use it to export and back up portions of the registry. You might also import
registry files to apply a suggested fix.
Which is or are the main location(s) for system files in Windows?
The Windows folder (or system root) contains the files used to run Windows itself.
Program Files contains the executable and settings files installed by desktop
applications. You might also mention that the Users folder contains user settings
files, user-specific application data, and user-generated data files. There are also
some additional hidden folders (notably ProgramData) but do not worry if you have
not included these.
True or false? In Windows 7, libraries cannot contain network folders.
False—this is one of the main reasons for using libraries. They can consolidate a “view” of files
stored in different locations on different file systems. This includes shared folders on network
servers and removable drives.
You receive a call from a user trying to save a file and receiving an “Access
Denied” error.
Assuming a normal configuration with no underlying file corruption,
encryption, or malware issue, what is the cause and what do you suggest?
The user does not have “Write” or “Modify” permission to that folder. If there is no configuration
issue, you should advise the user about the storage locations permitted for user-generated files. If
there were a configuration issue, you would investigate why the user had not been granted the
correct permissions for the target folder.
You need to assist a user in changing the extension of a file.
Assuming default Explorer view settings, what steps must the user take?
The user must first show file extensions, using the View tab in the Folder Options applet. In
Windows 8/10, extensions can be shown through a check box on the View menu ribbon. The user
can then right-click the file and select Rename or press F2 and overtype the extension part.
What is the effect of running the cd.. command?
Change the directory focus to the parent directory (equivalent of Up One Folder).
Which Windows command is probably best suited for scripting file backup
operations?
The robocopy command offers more options than xcopy so will usually be the better
choice. The copy command is quite basic and probably not suitable.
If a single physical disk is divided into three partitions, how many different
file systems can be supported?
Three—each partition can use a different file system.
What is the difference between the boot partition and the system partition?
The system partition contains the boot files; the boot partition contains the system root (OS files).
What type of partitioning scheme must a disk use if Windows is installed to
a 64-bit UEFI-based computer?
GPT-style partitioning.
True or false? A volume or partition MUST be assigned a drive letter to
access it via Explorer.
False—assigning a drive letter is common practice, but a partition can be mounted to any point in
the file system.
You are troubleshooting a problem and find a disk marked as “foreign” listed
under Drive Management.
What does this mean?
The disk was configured as dynamic under a different computer then installed in this one. You
need to import the disk to make it usable.
customer with a Windows 10 Home computer contacts you. She stores family
photos on the computer’s hard disk, but says she has read about disk failure and
worries that they might be at risk.
Is she right to be concerned and what solutions can you suggest?
The customer is right to consider the risk and take steps to mitigate it. One option is
to make a backup of the files so that they are always stored on at least two devices.
You could also suggest configuring the RAID-like functionality available with the
Storage Spaces feature of Windows 10. Note that you cannot recommend Dynamic
Disks as that is not available with the Home edition. Using both Storage Spaces and
an offsite backup method, such as copying to a cloud drive, will give the best
protection.
You are supporting a user with a Windows 10 Home PC. The user has installed a
computer game, but the game will not run. The computer is fitted with a
dedicated graphics adapter. You determine that the adapter driver should be
updated, but there is no newer driver available via Windows Update.
How should you proceed?
Browse the graphics adapter vendor’s website and use the card’s model number in the driver
search tool to look for the latest version. Compare the version information for the driver on the
website to the installed version (use Device Manager to check the installed version number). If
the website driver is newer, download and run the setup file to install and configure it. You should
ensure that the setup file is digitally signed by the vendor. If the driver is only provided as a
compressed archive, extract the driver files then use the Update Driver button in Device
Manager to select it for use with the adapter.
You are supporting a user who has installed a vendor keyboard driver. The
keyboard no longer functions correctly.
Under Windows 10, what are the steps to revert to the previous driver?
Open Device Manager from the WinX menu, Instant Search, or the Computer Management
console. Expand Keyboards then right-click the device and select Properties. On the Driver tab,
select Rollback Driver.
A Windows 7 Professional user is trying to join a video conference and cannot
hear any sound from her headset or the computer’s built-in speakers.
Which tool can you suggest using to try to remedy the fault?
There is an automated Windows Troubleshooting tool for diagnosing and correcting problems
with audio playback. You should advise the customer to open the Troubleshooting applet in
Control Panel and select the troubleshooter for audio playback.
You are troubleshooting an issue with a wireless adapter. When you open Device
Manager, you find the device’s icon is shown with a down arrow superimposed.
What does this mean and why might this configuration have been imposed?
The icon indicates that the device has been disabled. It could be that there was a fault or there
may be a network configuration or security reason for disabling the adapter. In this sort of
situation, use incident logs and device documentation to establish the reason behind the
configuration change.
You are assisting a laptop user. While she was away from her desk, the laptop has
powered off. The user was in the middle of working on a file and had forgotten to
save changes.
Can you reassure her and advise on the best course of action?
When a computer goes into a power saving mode, it will either maintain a small amount of power
to the memory modules or write the contents of memory to a hibernation file on disk.
Consequently, the user should be able to start the laptop again and the desktop will resume with
the open file still there. You should advise the customer to save changes to files regularly
however.
What type of file system is usually used for the Linux boot partition?
A version of ext (ext4 or ext3).
What command would you normally need to run in order to access the
contents of a USB memory stick inserted into Linux?
mount
Which Linux command will display detailed information about all files and
directories in the current directory, including system files?
ls -la
A command has generated a large amount of data on the screen.
What could you add to the command to make the output more readable?
Either | more or | less.
What command would allow you to use delete the contents of the folder /
home/fred/junk and all its subdirectories?
rm -r /home/fred/junk
What command could you use to move a file names.doc from your current
directory to the USB stick linked to folder /mnt/usb?
mv names.doc /mnt/usb
A file is secured with the numeric permissions 0774.
What rights does another user account have over the file?
Read-only.
What command allows file and directory permissions to be changed?
chmod
Which Linux command allows a user to run a specific command or program
with superuser/root privileges?
sudo
Which file contains the list of user accounts created on Linux?
/etc/passwd.
You want your Linux PC to close gracefully at 9:00 p.m., as a scheduled power
outage is planned at 12:00 midnight.
How could you do this?
shutdown -h 21:00
Where would you look for the option to view and configure wireless adapter
status in macOS?
In the Status menu on the Menu bar, in the top-right of the screen.
How do you activate Spotlight Search using the keyboard?
Command+Spacebar.
Where would you change the default gestures on a Magic Trackpad?
Under System Preferences→Trackpad.
What is the name of Apple’s multiple desktop management feature?
Mission Control.
What is the equivalent of Explorer in macOS?
The Finder.
What app would you use to install Windows 10 on a Mac?
Boot Camp Assistant lets you create a new partition and install a fresh version of Windows.
What is the correct name for the spinning beach ball of death?
Spinning wait cursor
When should you use FAT32 for the system partition?
When using UEFI system firmware, the EFI system partition should be formatted with a FAT file
system. Another scenario is when you are configuring a multiboot system with an older version of
Windows or with Linux.
If you want to use PXE as an installation method, what type of compatible
component would you require?
Network adapter/NIC and system firmware support.
What is the advantage of using a USB thumb drive to install Windows?
You can install images larger than will fit on a DVD. This might be useful if you want to install
multiple software applications at the same time as Windows itself.
What is a recovery partition?
A partition containing a backup of the system configuration at a particular point in time. These are
often used on OEM PCs to enable the PC to be restored to its factory settings.
What should you configure in order to perform an unattended installation?
An answer file containing the setup configuration.
What is meant by disk imaging?
Cloning an installation from one PC to another.
How would you configure a PC to join a domain during installation of
Windows 7?
Use an answer file with the appropriate settings, and ensure that a domain controller is available
to the PC during setup. You cannot join a domain during attended setup (though you could
immediately after setup finishes).
How do you run Check Disk in read-only mode?
In the GUI tool, simply do not select an option to fix errors automatically. Alternatively, at a
command prompt, run chkdsk without any switches.
Which tool is used to verify file system integrity in Linux?
fsck.
Which Windows tool would you use if you want the defragmenter to run
more frequently?
Task Scheduler
Which of the following is not delivered via Windows Update?
- Security patches.
- Drivers.
- Firmware updates.
- Critical fixes.
Firmware updates.
How would you update an app purchased from the Mac App Store?
Open the Mac App Store and select the Updates button.
What Windows utility would you use to back up data files in Windows 10?
File History. You could also consider OneDrive as a type of backup solution.
What principal restriction would you face if using the backup tool included
with Windows 7 Home Premium?
It only supports backing up to local drives or removable media, not to network
shares.
What is the name of Apple’s backup software for macOS?
Time Machine.
In Linux, what command is used to view tasks scheduled by the current
user?
crontab -l
How would you configure a legacy Windows 98 application to work with Windows
10?
Open the application’s property sheet and select the Compatibility tab to select the appropriate
mode. You can also run the Program Compatibility Troubleshooter.
What additional information is shown on the Users tab in Windows 10 Task
Manager compared to Windows 7?
It shows user-initiated processes and resource utilization.
How do you enable a Windows 7 computer to function as a Remote Desktop
Server?
Open System properties, select Change settings, then select the Remote tab and check the
Allow remote connections to this computer option on the Remote tab. You can also specify
the user accounts permitted to connect to the server.
Why isn’t the System Protection feature a substitute for making a backup?
System Protection restore points are stored on the local disk and so would not allow recovery
from the failure, loss, or destruction of the disk. System Protection is designed only to allow the
rollback of configuration changes.
What is the advantage of setting the pagefile to the same minimum and
maximum sizes?
The pagefile will not become fragmented (assuming you defragmented the disk before doing
this).
What is the full path to the Windows system log?
%SystemRoot%\System32\Winevt\Logs\System.evtx
What are the tab headings in msconfig, and which tab is not in the
Windows 8/10 version?
General, Boot, Services, Startup, and Tools. In Windows 8/10, the functionality of
the Startup tab has moved to Task Manager.
What device optimization settings could you check to mitigate slow
performance problems?
Defragment the hard disk, and ensure there is sufficient free space. Verify that the
power management configuration is not throttling components such as the CPU or
GPU. You can also use performance monitoring to check device utilization and
determine whether upgrades are required.
Where would you start to investigate a “Service failed to start” error?
Check the event log for more information.
Which troubleshooting tool is most likely to identify whether a
problem is related to a device driver or to a faulty system component?
Using Safe Mode boots with a minimal set of drivers and services. If Safe Mode
boot is successful but normal boot is not, the issue is likely to be with driver
software. Re-enable each driver in turn to identify the culprit. If the problem also
manifests in Safe Mode, it is more likely to have an underlying hardware cause.
If you suspect improper handling during installation has caused damage to a RAM
module, how could you test that suspicion?
Run a Memory Diagnostic. This tests each RAM cell and so should uncover any fault.
**** can be used to investigate open ports and connections on the local host. In
a troubleshooting context, you can use this tool to verify whether file sharing or email
ports are open on a server and whether other clients are connecting to them.
netstat
The **** command-line utility is used to trace the route a packet of information
takes to get to its target. Like ping, it uses ICMP status messages. This command would return details
of the route taken to find the machine or device with the IP address and can also be used with a domain name or FQDN,
tracert
A server administrator is installing a 4 TB drive in a database server and
would like to use the entire free space as a single partition. What partition technology should be used with this drive?
GPT
The GPT (GUID Partition Table) partition style provides for very large partition sizes that would easily allow a single partition of 4 terabytes.
A local coffee shop has a public wireless network for
customers and a private wireless network for company
devices. The shop owner wants to be sure that customers
can never connect to the company network. What type of security should be configured on this network?
WPA2
Enabling WPA2 (Wi-Fi Protected Access version 2) would require a password to connect and would prevent customers from connecting to the company wireless network.
A user on the sales team has opened a help desk ticket
because of short battery times on a new companyprovided
tablet. When using the tablet, the battery
only lasts a few hours before shutting off. What would be the BEST choices for improving the
battery life? (Select TWO)
- Disable Bluetooth and cellular connections
- Close apps that work in the background
The two options that would have the largest power savings would disable
wireless Bluetooth radios and close applications that use CPU power.
A desktop administrator has identified and removed malware on a
corporate desktop computer. What malware removal
steps should be performed NEXT?
Schedule periodic anti-virus scans
After removing malware and before educating the end-user, it’s important
to configure the system to find and prevent any future infections.
A technician is upgrading the motherboard in a server. What should be the FIRST task when beginning this upgrade?
Disconnect from all power sources
When working inside of a computer, it’s always important to disconnect
the system from the main power source. This should always be the first and
most important step when working on the inside of a device.
A system administrator is installing a new video editing application on
a user’s workstation from an installation DVD-ROM. However, the
installation process fails due to lack of available drive space. What would be the BEST way to complete the installation process?
Install the application to a network share
The installed application files can be much larger than the installation
utility, so using a network share with a larger available storage space can be
a good alternative until free space is available on the local computer.
