4.0 Operational Proceedures Flashcards

Question

• UPS

Answer 1

UPS • Uninterruptible Power Supply ◦ Brownouts – low power ◦ Blackouts – no power ◦ Surges – too much power

Answer 2

Surge protector Used to clean the power coming in to prevent blowing out systems. Surge suppressor • Not all power is “clean” * Self-inflicted power spikes and noise * Storms, power grid chan.ges • Spikes are diverted to ground * Noise filters remove line noise * Decibel (Db) levels at a specified frequency • Higher Db is better

Answer 3

Cloud storage vs. local storage backups • Cloud Storage ◦ Data is available anywhere and anytime ◦ If you have a network ``` • Local Storage ◦ Data is more secure ◦ Need to personally backup ◦ Strong encyption mechanism critical ◦ If you mess up, it’s on you ```

Answer 4

Account recovery options= Apps can’t function if they can’t authenticate. This is a good reason for implementing a centralized administration. If the shit hits the fan, local accounts may not be able to authenticate to your server.. BUT, Cloud may still be available.

Answer 5

Inside the pc case it's power supply is grounded to the motherboard, and everything else. The power supply is also grounded to the case. We can put our ESD band clipped on the metal part of the case and we're grounded. * Also applies to equipment racks • Large ground wire • Don’t remove the ground connection • It’s there to protect you * Never ever connect yourself to an electrical outlet ground, it won't prevent ESD

Answer 6

Hold by edges, never touch the hw. Use and ESD bag. Ground yourself

Answer 7

Protect all replacement PC hardware from ESD , always use. Wait to open until you are installing it.

Answer 8

Attach to wrist, and then have a metal squeeze connector to connect to case.

Answer 9

Stand on- to ground self- while Protect all PC hardware from ESD

Answer 10

remove jewelry, and touch case to ground self while installing RAM or replacing hardware/updates.

Answer 11

Always recycle OR dispose of at a hazardous waste facility

Answer 12

* Batteries • and (UPS) Uninterruptible Power Supplies | * Dispose at your local hazardous waste facility

Answer 13

Recycle /reuse. Send back/return to manufacturer

Answer 14

CRTs • Cathode ray tubes - there’s a few of those left • Glass contains lead • Dispose at your local hazardous waste facility

Answer 15

Mobile device disposal • Wipe your data, if possible • This isn’t always an option * Manufacturer or phone service provider may have a recycling program or an upgrade program * Dispose at a local hazardous waste facility • Do not throw in the trash

Answer 16

Mobile device disposal • Wipe your data, if possible • This isn’t always an option • Manufacturer or phone service provider may have a recycling program or an upgrade program • Dispose at a local hazardous waste facility • Do not throw in the trash

Answer 17

• Remove jewelry • And name badge neck straps • Or use breakaway straps

Answer 18

WARNING • Power is dangerous • Remove all power sources before working • Don’t touch ANYTHING if you aren’t sure * Replace entire power supply units • Don’t repair internal components * HIGH voltage - Power supplies, displays, laser printers

Answer 19

Remove jewelry • And name badge neck straps • Or use breakaway straps

Answer 20

bend your knees

Answer 21

35 lbs + get a help – two person lift

Answer 22

* Electrical fire safety • Don’t use water or foam * Use carbon dioxide, FM-200, or other dry chemicals * Remove the power source

Answer 23

Cable management • Avoid trip hazards • Use cable ties or velcro

Answer 24

* Safety goggles • Useful when working with chemicals | * Printer repair, toner, batteries

Answer 25

Air filter mask • Dusty computers • Printer toner

Answer 26

Local government regulations • Health and safety laws * Vary widely depending on your location • Keep the workplace hazard-free * Building codes • Fire prevention, electrical codes * Follow ALL Environmental regulation • High-tech waste disposal

Answer 27

documentation for handling and disposal This is provided by DOL-OSHA. In America, this is a must. ALWAYS Pay attention to proper safety documentation.

Answer 28

Temperature, humidity level awareness, and proper ventilation * Temperature – Don't want devices overheating • Humidity – 60% and above is hard to maintain but is counter to static electricity * Humidity < 60% susceptible to electrostatic discharges • Proper ventilation helps prevent ESD and Overheating

Answer 29

Power surges, brownouts, and blackouts • Battery backup • Surge suppressor

Answer 30

UPS • Uninterruptible Power Supply • Backup power • Blackouts, brownouts, surges • UPS types • Standby UPS, Line-interactive UPS, On-line UPS • Features • Auto shutdown, battery capacity, outlets, phone line suppression

Answer 31

* Not all power is “clean” • Self-inflicted power spikes and noise • Storms, power grid changes • Spikes are diverted to ground • Noise filters remove line noise * Decibel (Db) levels at a specified frequency • Higher Db is better Surge suppressor specs • Joule ratings • Surge absorption • 200=good, 400=better * Look for over 600 joules of protection • Surge amp ratings • Higher is better • UL 1449 voltage let-through ratings • Ratings at 500, 400, and 330 volts • Lower is better

Answer 32

Protection from airborne particles • Uses Enclosures • ARE used to Protect computers on a manufacturing floor • Protect from dust, oil, smoke

Answer 33

Air filters and masks • Protect against airborne particles • Dust in computer cases, laser printer toner

Answer 34

• Cleaning • Neutral detergents • No ammonia-based cleaning liquids • Avoid isopropyl alcohol

Answer 35

• Compressed air pump • Try not to use compressed air in a can

Answer 36

• Vacuum • Use a “computer” vacuum - Maintain ventilation

Answer 37

Local government regulations • Environmental regulations • May have very specific controls • The obvious • Hazardous waste • Batteries • Computer components • The not-as-obvious • Paper disposal

Answer 38

how we respond when something (bad) happens - a workstation OR your network is compromised

Answer 39

Incident response - First response Someone needs to be assigned as a first responder.

Answer 40

• Identify the issue - Logs, in person, monitoring data

Answer 41

* Report to proper channels - Don’t delay • Collect and protect information relating to an event * Many different data sources and protection mechanisms

Answer 42

• Data/device preservation ◦ Don't turn off computer ◦ Data could be volatile ◦ RAM ◦ Traditional evidence preservation...fingerprints ◦ Photos and Videos

Answer 43

Incident response: Documentation • Security policy • An ongoing challenge • Documentation must be available * No questions * Documentation always changes • Constant updating • Have a process in place • Use the wiki model

Answer 44

* Control evidence • Maintain integrity • Everyone who contacts the evidence * Avoid tampering • Use hashes * Label and catalog everything * Seal, store, and protect * Digital signatures

Answer 45

• Tracking of evidence/documenting process ◦ It’s how we manage the control of the data ◦ Anyone who comes into any contact with the evidence must be accounted for ◦ Check out/Check in • Hash the files to preserve evidence tracking

Answer 46

• Open-source vs. commercial license (closed-source) ◦ Open-source is where you have access to source code ◦ Closed-source is where you don’t have access to source code • Personal license vs. enterprise license ◦ Personal license is where you are the only one allowed on that license ◦ Enterprise license is where the enterprise has a number of licenses • DRM – digital rights management ◦ It’s yours. Your one use. ◦ Access control

Answer 47

Licensing/DRM/EULA • Open-source vs. commercial license (closed-source) ◦ Open-source is where you have access to source code ◦ Closed-source is where you don’t have access to source code

Answer 48

• Personal license vs. enterprise license ◦ Personal license is where you are the only one allowed on that license VS ◦ Enterprise license is where the enterprise has a BUNCH of licenses

Answer 49

• DRM – digital rights management ◦ It’s yours. Your one use. ◦ Access control

Answer 50

▪ Full Name ▪ DOB ▪ SSN ▪ Mother’s maiden name Medical/financial/education/employment information

Answer 51

1. Build and maintain a secure network and systems 2. Protect cardholder data 3. Maintain a vulnerability management program 4. Implement Strong Access Control Measures 5. Regularly Monitor and Test Networks 6. Maintain an Information Security Policy

Answer 52

• GDPR ◦ General Data Protection Regulation ▪ European Union regulation – Strictly managed ▪ Data protection and privacy for individuals in EU ▪ Gives individuals control of their information

Answer 53

• PHI ◦ Protected Health Information ▪ Must maintain similar security requirements ◦ Part of HIPAA ▪ Health Insurance Portability and Accountability Act of 1996

Answer 54

Follow all policies and security best practices Just do what you’re supposed to for the best of the customer and not for what’s best for you personally.

Answer 55

Don’t interrupt the customer until they are finished. Just listen. • Have you installed any programs? or Applications? ◦ After you get everything, do a quick verbal summary to understand their line of thinking.

Answer 56

* Do not argue with customers and/or be defensive • * Avoid being judgmental • Clarify customer statements (ask open-ended questions to narrow the scope of the problem, restate the issue, or question to verify understanding)

Answer 57

Offer different repair/replacement options, if applicable • Provide proper documentation on the services provided • Follow up at a later date to verify resolution. -respect EU confidential and private materials found on a computer, desktop, printer, etc.

Answer 58

Batch files • .bat file extension • Scripting for Windows at the command line • Legacy goes back to DOS and OS/2* These .bat files were used primarily for MS DOS, while a version of this file format for Unix is called a shell script.

Answer 59

• .ps1 ◦ Powershell script ◦ .ps1 file extension ◦ Included with 8/8.1/10 ◦ Extend command-line functions ▪ Uses cmdlets

Answer 60

• .vbs a VB (Visual Basic) script file ◦ Back-end web server scripting

Answer 61

Shell script • Scripting the Unix/Linux shell • Automate and extend the command line • .sh file extension

Answer 62

.py Python • General-purpose scripting language • .py file extension • Popular in many technologies • Broad appeal and support

Answer 63

js JavaScript • Scripting inside of your browser • .js file extension • Adds interactivity to HTML and CSS • Used on almost every web site

Answer 64

Environment variables • Describes the operating system environment • Scripts use these to make decisions * Common environment variables • Location of the Windows installation • The search path • The name of the computer * The drive letter and path of the user’s home directory

Answer 65

• Comments • Annotate the code • There never seems to be enough of this

Answer 66

#!/bin/sh // Add the first input string INPUT_STRING=hello // Keep looping if the string isn’t equal to bye while [ “$INPUT_STRING” != “bye” ] do echo “Please type something in (bye to quit)” read INPUT_STRING echo “You typed: $INPUT_STRING” done

Answer 67

• Loops • Perform a process over and over • Loop one time • Loop until something happens

Answer 68

• Variables • Associate a name with an area of memory • x=1. y=x+7. Therefore, y=8. • pi=3.14 • greeting=“Hello and welcome.”

Answer 69

• Integer data types • Perform numerical calculations

Answer 70

• String data types • Some text

Answer 71

RDP (Remote Desktop Protocol) • Share a desktop from a remote location over tcp/3389 * Remote Desktop Services on many Windows versions,AND has Clients for Windows, MacOS, Linux, Unix, iPhone, and others * Can connect to an entire desktop or just an application •

Answer 72

Telnet • Telnet – Telecommunication Network - tcp/23 * Login to devices remotely. Username/password sent in plain text • NOT SECURE communication * Console access • SSH has replaced Insecure Telnet.

Answer 73

SSH (Secure Shell) - tcp/22 • Encrypted console communication • Looks and acts the same as legacy/Telnet – tcp/23

Answer 74

Third-party tools • VNC (Virtual Network Computing) * Remote Frame Buffer (RFB) protocol • Clients for many operating systems * Many are open source • Commercial solutions • TeamViewer, LogMeIn, etc.

Answer 75

• Screen sharing • Control the desktop •

Answer 76

File sharing IS USED TO Transfer files between devices

Answer 77

* Microsoft Remote Desktop • An open port tcp/3389 indicates RDP is being used. IT can be exploited a Brute force attack is common * Third-party remote desktops • Often secured with just a username/password. * Re-USE of username/password is a security concern * Hacker can then Make purchases from the user’s browser, Obtain personal information, bank details. • Once in, you’re in • The desktop is all yours • Easy to jump to other systems