Misc

Question 1

Troubleshooting methodology

Answer 1

1. Identify the problem.
2. Establish a theory of probable cause.
3. Test the theory to determine cause.
4. Establish a plan of action.
5. Verify full system functionality
6. Document findings, actions and outcomes

Question 2

Cloudborne attack

Answer 2

Cloudborne attacks occur as a result of a vulnerability in bare-metal server reclamation process used by MSPs (Managed Service Providers) that provide Infrastructure as a Service (IaaS). An attacker can install a firmware back door on a server that is later reclaimed and repurposed for another client. Because the back door on a server is installed at the firmware level, it enables the attacker to bypass any security measures added by the hypervisor or OS. Reflashing the firmware on a server before repurposing it mitigates Cloudborne attacks.

Question 3

CASB

Answer 3

Cloud Access Security Blocker - (CASB)

A CASB is a security solution that sits between cloud service users and cloud applications to enforce security policies. It helps protect data by providing visibility, securing data transfers, monitoring user activity, identifying risks, and applying security policies like encryption, access control, and threat protection across cloud services.

A CASB protects the local network against the man-in-the-cloud attack (MITC). In an MITC attack, the attacker uses malware to steal synchronization tokens that are used by applications to authenticate and synchronize data with cloud providers. The malware is typically installed by using social engineering techniques, such as malicious email attachments. Once infected, the target system copies synchronization tokens and sends them to an attacker. The attacker can then access and download any information that the target has stored in the cloud provider.

Question 4

OEM

Answer 4

Original Equipment Manufacturer

Question 5

PXE

Answer 5

Some BIOS include a feature that enables a PC to use a preboot execution environment (PXE). A PXE enables you to boot a PC without any local storage by retrieving an OS from a server over a network. PXE uses multiple protocols such as IP, DHCP, and DNS to enable your computer to boot from a network location.

Question 6

USMT

Answer 6

User State Migration Tool

The USMT’s primary use is in businesses because it has to be run in a Windows Server Active Directory domain. If you need to migrate many users, the USMT is the tool.

Question 7

System Preferences

Answer 7

Where system settings are set up on a macOS. Renamed as System Settings in the latest version of the OS

Question 8

UAC

Answer 8

User Account Control - The mechanism that pops up when a standard user requests privilege escalation

Question 9

NTFS Permissions Propagation

Answer 9

Question 10

Data Execution Prevention (DEP)

Answer 10

Data Execution Prevention (DEP) works in the background to stop viruses and other malware from taking over programs loaded in system memory. It doesn’t prevent viruses from being installed on your computer, but it does make them less effective. By default, DEP is only enabled for critical operating system files in RAM, but the Data Execution Prevention tab enables you to turn on DEP for all running programs. It works, but you might take a performance hit or find that some applications crash with DEP enabled for all programs. Like other options in Performance Options, leaving the default DEP settings is the best option most of the time.

Question 11

Scripting Languages

Answer 11

Batch File - .bat - Batch files are the shell scripting language for the old-school Command shell on Windows and DOS (yes, that DOS).

PowerShell - .ps1 - PowerShell is a shell scripting language written from the ground up for automating modern Windows systems. Replaces batch files in most situations.

Bash (or Bourne Again) shell script - .sh - By convention, the first line of a UNIX shell script file specifies which shell should execute the script (and thus, which specific shell scripting language it is written in). These files often have a .sh file extension, but it is not necessary.

Python - .py - Python is a flexible programming language with simple syntax that makes it well suited for writing both simple scripts and large applications.

JavaScript - .js - JavaScript is a browser scripting language developed back in the 1990s to enhance Web pages, but these days you can find it in command-line programs, extensions for many desktop applications, and much more.

Visual Basic Script - .vbs - Visual Basic Script is a legacy scripting language for Windows and other Microsoft applications. Slowly being replaced by other languages like PowerShell.

Language | File Extension | Description |

Question 12

QoS

Answer 12

Quality of service (QoS) enables busy networks to prioritize traffic. While we’ll look at QoS from the router’s perspective in Chapter 21, individual systems play an important role in the QoS process by tagging their frames, enabling networking hardware to treat them according to rules defined by network administrators. Support for QoS tagging (or priority) should be enabled by default on most network adapters—but if you need to modify this setting, you can find the VLAN option on the Advanced tab of your NIC’s Properties dialog box (see Figure 19-20).

Question 13

SMB

Answer 13

Windows file and print sharing is powered by the Server Message Block (SMB) protocol, which uses TCP port 445 and UDP ports 137–139. Unixes used to use their own Network File System (NFS) protocol, but they have generally settled on SMB as well. Make sure you’re prepared to recognize both Common Internet File System (CIFS) and Samba as forms of SMB. CIFS is a deprecated Microsoft dialect of SMB, while Samba is the name of the Linux implementation.

Question 14

AAA

Answer 14

The CompTIA A+ 1101 objectives want you to know about a server role called authentication, authorization, and accounting (AAA)—a server that authenticates users, authorizes what resources they may access, and logs all these actions for accountability. Real-world AAA is complex and often entails multiple servers—but RADIUS and TACACS+ are the main protocols that power AAA whether it involves one server or several.

• RADIUS is a completely open standard developed by the Internet Engineering Task Force (IETF) in a whole boatload of RFCs. RADIUS is partially encrypted and usually uses UDP ports 1812 and 1813. It’s more likely to be interoperable between different device manufacturers.
• TACACS+ was developed as a proprietary protocol by Cisco, though Cisco has released an “open” description of it so that other companies can also implement it. TACACS+ is fully encrypted and uses TCP port 49. It won’t be as well supported on non-Cisco hardware.

Question 15

Kerberos

Answer 15

Good network authentication and authorization doesn’t stop at the gate! Well-designed networks also validate authentication and authorization when clients access network resources. The Kerberos authentication protocol enables a central authorization server to pass out keys that individual clients can present to access resources as needed. You may never deal directly with Kerberos, but it’s extremely common—it’s even hard at work under the hood of Microsoft Active Directory.

Question 16

RMM

Answer 16

Remote monitoring and management (RMM) software builds on the capabilities of desktop or endpoint management software by also layering in robust monitoring and management of your network—including network devices and servers. Organizations that use an RMM solution have one place to go to understand and manage the health of their wired and wireless network infrastructure, ensure the servers running in their network have the latest security updates, and monitor workstations for unauthorized software!

Question 17

SNMP

Answer 17

Simple Network Management Protocol (SNMP) enables remote monitoring and configuration of just about anything on a network. Assuming all your computers, switches, routers, and so on are SNMP-capable, you can use programs to query the network for an unimaginable amount of data. SNMP is a popular protocol to check on your network, but it’s the sort of thing you probably won’t need to use unless you’re a Network+ tech. You’ll also find SNMP (along with other protocols) hard at work under the hood of RMM software.

Question 18

FTP / TFTP / SFTP

Answer 18

FTP (File Transfer Protocol):

• Port: 21 (command port), 20 (data port) (TCP)
• Function: FTP is used to transfer files between computers on a network. It allows for both uploading (sending files to the server) and downloading (retrieving files from the server).
• Authentication: Typically requires a username and password for authentication.
• Mode: Can be used in either active or passive mode, depending on firewall configurations.
• Security: Plain FTP is not secure, but there are secure versions like FTPS (FTP Secure) and SFTP (SSH File Transfer Protocol) for encrypted transfers.

TFTP (Trivial File Transfer Protocol):

• Port: 69 (UDP)
• Function: TFTP is a simplified version of FTP, used for transferring small files without authentication, often in local area networks (LANs) for tasks like booting diskless workstations or firmware updates.
• Authentication: No authentication or encryption.
• Use Case: Commonly used for bootstrapping devices and in situations where minimal overhead is needed (e.g., network booting with PXE).

SFTP (Secure File Transfer Protocol):

• Port: 22 (the same port as SSH) (TCP)
• Function: SFTP is a secure method of transferring files between systems. It is built on the SSH (Secure Shell) protocol, which provides encryption and secure data transfer.
• Authentication: Requires authentication via a username and password or SSH keys.
• Encryption: All data, including file transfers, commands, and passwords, is encrypted, making it much more secure than FTP.
• Use Case: Used for secure file transfers over potentially untrusted networks (e.g., the internet) and commonly employed in situations where security is critical.

SFTP should not be confused with FTPS (FTP Secure), which is an extension of FTP with SSL/TLS encryption. SFTP is natively secure since it operates under the SSH protocol.

Question 19

MDM

Answer 19

Mobile Device Management (MDM) refers to software solutions used by organizations to manage, monitor, and secure mobile devices such as smartphones, tablets, and laptops that are deployed across a network. MDM allows IT administrators to:

• Remotely configure devices, enforce policies, and update software.
• Ensure security by enforcing device encryption, password policies, and remote wiping in case of loss or theft.
• Monitor usage and compliance with company policies.
• Manage app distribution and updates, ensuring that employees have the necessary tools.

MDM is crucial for organizations to maintain control over the security and integrity of mobile devices used in a business environment.

Question 20

MAM

Answer 20

Mobile Application Management (MAM) focuses specifically on controlling and securing mobile applications, rather than the entire mobile device as in Mobile Device Management (MDM). MAM enables organizations to manage the lifecycle of applications on mobile devices, including:

• Application deployment: Distributing apps to employees’ devices, ensuring they have access to necessary work-related apps.
• Security management: Restricting access to company data within apps, even on personal devices (BYOD), and implementing policies like encryption and authentication.
• App updates and patching: Ensuring that apps are kept up-to-date with the latest versions and security patches.
• Selective wiping: If necessary, administrators can remove corporate apps and data from a device without affecting personal apps and data.

MAM is often used in environments where BYOD (Bring Your Own Device) policies are implemented, allowing employees to use their personal devices while the organization maintains control over corporate apps and data.

Question 21

Malware Removal Steps

Answer 21

1. Investigate and verify malware symptoms.
2. Quarantine infected systems.
3. Disable System Restore in Windows.
4. Remediate infected systems.
   A. Update anti-malware software.
   B. Scanning and removal techniques (e.g., Safe Mode, Preinstallation Environment).
5. Schedule scans and run updates.
6. Enable System Restore and create a restore point in Windows.
7. Educate the end user.

Question 22

Preinstallation Environemnt

Answer 22

In the context of malware removal, the Preinstallation Environment (PE) refers to a lightweight version of Windows that can be used to troubleshoot, diagnose, and repair systems without booting into the full operating system. It’s often used for recovery purposes, including virus or malware removal, when the main OS is too compromised to function properly.

Here’s how it’s relevant:

1. Malware Removal: If malware has taken hold of critical system files or has disabled key functions, you might not be able to remove it while the full Windows environment is running. The PE provides a clean, minimal environment from which you can scan and remove malware without the virus being active.
2. Safe Mode Alternative: In some cases, even Safe Mode might not work, or malware may still function in Safe Mode. The Preinstallation Environment allows you to boot from an external source (like a USB drive) and run antivirus or malware removal tools outside of the infected OS.
3. File System Access: PE gives you access to the file system, allowing you to manually delete malicious files, replace damaged system files, or roll back to previous configurations, such as from a backup or restore point.

Preinstallation Environment is often used by IT professionals in conjunction with tools like Windows Defender Offline or third-party bootable antivirus tools.

Question 23

MSDS

Answer 23

Material Safety Data Sheet

Question 24

DRM

Answer 24

Digital Rights Management