Notes A-2.1 Flashcards by Sophia Hammond

the frontline problem-solver of IT issues and problems that an organization may experience.

IT Specialist

How well did you know this?

Not at all

Perfectly

require that an IT specialist can identify the problem and establish a theory of the probable cause of that problem. Understanding the company’s network configuration, policies, and practices will also play a role in determining what may be causing the issue.

Problem solving skills

How well did you know this?

Not at all

Perfectly

Some companies will require you to use _____ that have been established by the management for problem solving. These ____ are customized to the organization’s information technology environment and ensure a repeatable process is followed by all technicians.

standard operating procedures (SOPs)

How well did you know this?

Not at all

Perfectly

what are the skills of an IT specialist?

Problem solving, communication, technical knowledge/experience, organization

How well did you know this?

Not at all

Perfectly

what is the troubleshooting methodology?

Identify the problem
Establish a theory of probable cause
Test the theory to determine the cause
Establish a plan of action to resolve the problem and implement the solution
Verify full-system functionality
Document the findings, lessons learned, actions, and outcomes

How well did you know this?

Not at all

Perfectly

is an overall statement of intent.

A policy

How well did you know this?

Not at all

Perfectly

is a step-by-step list of the actions that must be completed for any given task to comply with policy. Most IT procedures should be governed by _____

A standard Operating Procedure (SOP)

How well did you know this?

Not at all

Perfectly

are for areas of policy where there are no procedures, either because the situation has not been fully assessed or because the decision-making process is too complex and subject to variables to be able to capture it in an SOP. _____ may also describe circumstances where it is appropriate to deviate from a specified procedure.

Guidelines

How well did you know this?

Not at all

Perfectly

define the level of service requirements from an internal department or external, third-party vendor.
An agreement that sets the service requirements and expectations between a consumer and a provider.

Service level agreements (SLAs)

How well did you know this?

Not at all

Perfectly

Database software designed to implement a structured support process by identifying each case with a unique job ticket ID and with descriptive fields to record how the issue was resolved.

Ticketing system

How well did you know this?

Not at all

Perfectly

______ group related tickets together. This is useful for assigning tickets to the relevant support section or technician and for reporting and analysis.

Categories and subcategories

How well did you know this?

Not at all

Perfectly

are for provisioning things that the IT department has a SOP for, such as setting up new user accounts, purchasing new hardware or software, deploying a web server, and so on.

Ticket - Requests

How well did you know this?

Not at all

Perfectly

are related to any errors or unexpected situations faced by end-users or customers. ____ may be further categorized by severity (impact and urgency), such as minor, major, and critical.

Ticket - Incidents

How well did you know this?

Not at all

Perfectly

are causes of incidents and will probably require analysis and service reconfiguration to solve. This type of ticket is likely to be generated internally when the help desk starts to receive many incidents of the same type.

Ticket - Problems

How well did you know this?

Not at all

Perfectly

is a way of classifying tickets into a priority order; critical, major, and minor.

Ticket - Severity level

How well did you know this?

Not at all

Perfectly

____ incidents have a widespread effect on customers or involve potential or actual data breach.

severity level - Critical

How well did you know this?

Not at all

Perfectly

____ incidents affect a limited group of customers or involve a suspected security violation.

severity level - Major

How well did you know this?

Not at all

Perfectly

_____ incidents are not having a significant effect on customer groups.

severity level - Minor

How well did you know this?

Not at all

Perfectly

In the context of support procedures, incident response, and breach-reporting, _____ is the process of involving expert and senior staff to assist in problem management.

escalation

How well did you know this?

Not at all

Perfectly

presents self-service options for the customer to try to resolve an incident via advice from a knowledge base or “help bot.” A knowledge base is a collection of FAQs and common troubleshooting procedures that a user can refer to before filing a trouble ticket.

Escalation level - Tier 0

How well did you know this?

Not at all

Perfectly

connects the customer to an agent for initial diagnosis and possible incident resolution.

Escalation level - Tier 1

How well did you know this?

Not at all

Perfectly

allows the agent to escalate the ticket to senior technicians (Tier 2 – Internal) or to a third-party support group (Tier 2 – External).

Escalation level - Tier 2

How well did you know this?

Not at all

Perfectly

escalates the ticket as a problem to a development/engineer team or to senior managers and decision-makers.

Escalation level - Tier 3

How well did you know this?

Not at all

Perfectly

Searchable database of product Frequently Asked Questions (FAQs), advice, and known troubleshooting issues. The Microsoft ____ is found at support.microsoft.com.

knowledge base

How well did you know this?

Not at all

Perfectly

An analysis of events that can provide insight into how to improve response and support processes in the future.

Lessons learned report or after-action report (AAR)

The purpose of an ____ is to identify underlying causes and recommend remediation steps or preventive measures to mitigate the risk of a repeat of the issue. This report can also be filed into the organization's knowledge base for record-keeping and reference in future trouble tickets and incidents.

incident report

records the initial request with any detail that could easily be collected at the time.

Ticket life cycle - Issue description

record what diagnostic tools and processes have discovered and the identification and confirmation of a probable cause.

Ticket life cycle - Progress notes

sets out the plan of action and documents the successful implementation and testing of that plan and full system functionality. It should also record end-user or customer acceptance that the ticket can be closed.

Ticket life cycle - Problem resolution

means using plain language rather than jargon.

clear communication

means using as few words as possible in short sentences. State the minimum of fact and action required to describe the issue or process.

concise communication

A policy that governs employees' use of company equipment and Internet services. ISPs may also apply ____ to their customers.

An acceptable use policy (AUP)

Displaying terms of use or other restrictions before use of a computer or app is allowed. might be configured to show at login to remind users of data handling requirements or other regulated use of a workstation or network app.

Splash screen

Professional support process

Professional documentation Set expectations and timelines - meet those Repair and replace options Follow up

Professional support delivery

Be on time Avoid distractions Deal appropriately with confidential and private materials

Professional appearance

Professional appearance and attire Using proper language Cultural sensitivity

Communication technique to ensure that you capture all the information that the other person is "transmitting," including nonverbal cues such as tone of voice or gestures. There are various active-listening techniques for ensuring that you are "getting the right message," such as summarizing, reflecting (matching the speaker's communication style), interpreting, and verbal attends (such as "Uh-huh." or "I see.").

Active listening

A question that invites the other person to compose a response. For example, "What seems to be the problem?" invites the customer to give an opinion about what they think the problem is.

Open-ended questions

A question that can only be answered with a "Yes" or "No" or that requires some other fixed response. For example, "What error number is displayed on the panel?" can only have one answer.

Closed questions

identify early signs that a customer is becoming angry do not take complaints personally let the customer explain the problem while you actively listen Hang up

dealing with difficult customers

Designed for use as a client in centrally managed business domain networks.

Operating Systems Market - Business client

Designed to run servers in business networks.

Operating Systems Market - Network Operating System (NOS)

Designed for standalone use or in a workgroup network in a home or small office.

Operating Systems Market - Home client

Designed for handheld devices with a touch-operated interface.

Operating Systems Market - Cell phone (smartphone)/Tablet

A business client PC is often called a _____. However, hardware vendors typically use "_____" to refer to a powerful PC used for tasks like graphic design, video editing, or software development.

workstation

Available in editions for both business workstations and home PCs, supporting touch interfaces for tablets and laptops. (Note: Windows smartphones are discontinued.)

Windows 10 and 11

Optimized as Network Operating Systems (NOSs), sharing the same underlying code and desktop interface as the client versions.

Windows Server 2019, 2022, and 2025

is exclusively available on Apple-built devices, such as Mac desktops, iMac all-in-ones, and MacBooks. It cannot be purchased or installed on non-Apple PCs, which enhances stability but limits hardware options.

macOS

_____ is a family of more than 20 related operating systems that are produced by various companies. It can run on a wide variety of platforms. _____offers a multitude of file systems in addition to its native system. ______ remains widely deployed in enterprise data centers to run mission-critical applications and infrastructure.

UNIX

The kernel manages system resources like CPU, RAM, and I/O devices, while the shell provides the user interface.

kernel/shell architecture

is an open-source OS kernel derived from UNIX. It includes features like a shell command interpreter, desktop environment, and app packages.

Linux

has numerous distributions (distros), each with its own package set. Notable distros include SUSE, Red Hat Enterprise ____ (RHEL), Fedora, Debian, Ubuntu, Mint, and Arch, each offering different licensing and support options.

Linux

Uses versioning for updates, with some versions offering long-term support (LTS).

Linux distros release model - Standard release

Provides updates as they become stable, without version distinctions.

Linux distros release model - Rolling release

serves as both a desktop and server OS. It is often used in schools and universities as a desktop OS and dominates the web server market as a server OS. Additionally, it is widely used in smart appliances and Internet of Things (IoT) devices.

Linux

Proprietary OS developed by Google to run on specific laptop (chromebooks) and PC (chromeboxes) hardware. proprietary operating system derived from the open-source Chromium OS, which is based on Linux

Chrome OS

Primarily built for web applications, _____ relies on server-hosted software accessed via a browser, reducing the need for powerful client hardware. Its minimal environment minimizes interference from other software or drivers, enhancing browser performance.

Chrome OS

also supports offline "packaged" apps and can run Android and Linux apps, offering flexibility for users and developers.

Chrome OS

Cell phone and tablet operating systems are designed exclusively for touch-screen interfaces. The main OSs in this category are ______

Apple iOS/iPadOS and Android.

OS for Apple's iPhone smartphone and most iPad tablet models.

iOS

is based on the macOS operating system and is closed-source, meaning only Apple can modify the code, and it runs exclusively on Apple devices.

iOS

Product life cycle and procurement consideration where a device or product no longer receives a full range of updates or support from its vendor.

Update limitations

OS for some models of the Apple iPad tablet.

iPadOS

Cell phone/smartphone/tablet OS developed by the Open Handset Alliance (primarily driven by Google). Unlike iOS, it is an open-source OS, based on Linux.

Android

A method an OS uses to organize, store, and manage files and directories.

file system

prepares a partition on a disk device for use with an operating system. The format process creates a file system on the disk partition. Each OS is associated with various types of file systems.

high-level formatting

a proprietary file system developed by Microsoft for use with Windows. It provides a 64-bit addressing scheme, allowing for very large volumes and file sizes.

The New Technology File System (NTFS)

When data is written to an NTFS volume, it is re-read, verified, and logged. In the event of a problem, the sector concerned is marked as bad and the data relocated. ______ makes recovery after power outages and crashes faster and more reliable.

NTFS feature - Journaling

This allows the Volume Shadow Copy Service to make read-only copies of files at given points in time even if the file is locked by another process. This file version history allows users to revert changes more easily and supports backup operations.

NTFS feature - Snapshots

Features such as file permissions and ownership, file access audit trails, quota management, and encrypting file system (EFS) allow administrators to ensure only authorized users can read/modify file data.

NTFS feature - Security

To support UNIX/Linux compatibility, Microsoft engineered NTFS to support case-sensitive naming, hard links, and other key features required by UNIX/Linux applications. Although the file system is case-sensitive capable and preserves case, Windows does not insist upon case-sensitive naming.

NTFS feature - POSIX Compliance

The ____ Service creates a catalog of file and folder locations and properties, speeding up searches.

NTFS feature - Indexing

This disk management feature allows space on multiple physical disks to be combined into volumes.

NTFS feature - Dynamic Disks

_____ can only be installed to an NTFS-formatted partition

Windows

NTFS is also usually the best choice for additional partitions and removable drives that will be used with Windows. The only significant drawback of NTFS is that _______

it is not fully supported by operating systems other than Windows.

A Microsoft file system designed to maximize data availability, scale efficiently to large data sets across diverse workloads, and provide data integrity by means of resiliency to corruption.

The Resilient File System (ReFS)

The key benefits of ReFS include:

Resiliency - ability to detect corrupted files and data and repair them while still online and in use, even in virtualized environments. High performance - storage solution improvement along with optimization of data increases the performance with large data sets and workloads through configuration of two logical storage groups or tiers. Scalability - supports millions of terabytes of data without impacting performance metrics.

is a very early type named for its method of organization—the file allocation table. provides links from one allocation unit to another.

FAT32; The FAT file system

32-bit file system used principally for system partitions and removable media.

File allocation table (FAT)

does not support any of the reliability or security features of NTFS. It is typically used to format the system partition (the one that holds the boot loader). It is also useful when formatting removable drives and memory cards intended for multiple operating systems and devices.

FAT32

64-bit version of the FAT file system with support for larger partition and file sizes. designed for use with removable hard drives and flash media.

exFAT; Extended File Allocation Table

Like NTFS, ____supports large volumes, up to a recommended maximum size of 512 Terabytes (TB). There is also support for access permissions but not encryption.

exFAT

nominally supporting volumes up to 2 TB. The maximum file size is 4 GB minus 1 byte.

FAT32

Most Linux distributions use some version of the extended _____ to format partitions on mass storage devices. _____ delivers better performance and supports journaling.

(ext) file system; ext4

Linux will also support FAT/FAT32 (designated as VFAT) and XFS as alternatives to ext.

was introduced in 1993 as the High Performance Scalable File System and provided a 64-bit journaling file system. It is the default file system for Red Hat Enterprise Linux (RHEL) installations and is supported by other Linux distributions.

XFS

Additional protocols such as the _______ can be used to mount remote storage devices to the local file system of the Linux OS. This can be used to connect to a file resource on another physical system as if the file system was directly attached to the user's own system.

Network File System (NFS)

Default file system for macOS-based computers and laptops.

Apple File System (APFS)

Apple Mac workstations and laptops use the proprietary ______, which supports journaling, snapshots, permissions/ownership, and encryption.

Apple File System (APFS)

Considerations that must be made when using an app in an environment with multiple device and OS platforms.

Compatibility concern

Compatibility concern can be considered in several categories:

OS compatibility with device hardware software app compatibility with an OS host-to-host compatibility for exchanging data over a network user training requirements.

the range of software available for a particular OS - is a big factor in determining whether an OS becomes established in the marketplace.

The app ecosystem

describes the policies and procedures an OS developer or device vendor puts in place to support a product.

A vendor life cycle

Product life cycle phase where mainstream vendor support is no longer available.

end-of-life system

might be used to gather user feedback. Microsoft operates a Windows Insider Program where you can sign up to use early release Windows versions and feature updates.

life-cycle phase - A public beta phase

the vendor releases regular patches to fix critical security and operational issues and feature upgrades to expand OS functionality. _____ devices should be able to install OS upgrade versions.

life-cycle phase - the supported phase

the product is no longer commercially available, but the vendor continues to issue critical patches. Devices that are in _______ may or may not be able to install OS upgrades.

life-cycle phase - the extended support phase

is one that is no longer supported by its developer or vendor. _____ systems no longer receive security updates and therefore represent a critical vulnerability for a company's security systems if any remain in active use.

life-cycle phase - end-of-life system

It supports large file sizes, advanced file permissions, encryption, and other features like compression and journaling. These capabilities make it ideal for a graphic design team that requires secure and efficient file management on a Windows 11 workstation.

NTFS (New Technology File System)

is designed for high-resilience applications like data storage on servers. While it offers advanced features like data integrity checks, it is not optimized for desktop environments and lacks some features available in NTFS, such as file-level encryption.

ReFS (Resilient File System)

does not have the high overhead and risk of corruption problems that can occur on removable storage with NTFS.

exFAT

is based on the _____ browser application. This operating system was designed to be used mainly for web-based processes

Chrome OS

Windows 11 requires a central processing unit (CPU) or motherboard with support for the ______

trusted platform module (TPM) version 2

is a file system designed for compatibility across multiple operating systems, including macOS and Linux. It supports large file sizes and is optimized for external drives

exFAT (Extended File Allocation Table)

is derived from the UNIX kernel and includes additional code for its graphical interface and system utilities.

macOS

To support UNIX/Linux compatibility, Microsoft engineered the New Technology File System (NTFS) to support ______, hard links, and other key features UNIX/Linux applications require.

case-sensitive naming

____ was developed from _____, which was developed from Linux.

Chrome OS

is made up of kernel files and device drivers to interface with the hardware plus programs to provide a user interface and configuration tools.

An OS

The earliest operating systems for PCs, such as ________ , used a command-line user interface or simple menu systems.

Microsoft's Disk Operating System (DOS)

_______ favored by a particular OS or OS version is a powerful factor in determining customer preferences for one OS over another.

The GUI desktop style

One of the main functions of an OS is to provide ______ for the user to configure and operate the computer hardware and software.

an interface (or shell)

The top level of the user interface is the _____

desktop.

The desktop contains the __________.These are all used to launch and switch between applications.

Start menu, taskbar, and shortcut icons.

Windows feature allowing rapid search of apps, data folders, messages, and the web.

instant search box

The Windows Settings app and Control Panel are the two main interfaces for _________

administering Windows.

means configuring options, setting up user accounts, and adding and removing devices and software.

Administering an OS

All Windows configuration data is ultimately held in a database called ________

the registry.

Touch-enabled interface for managing user and system settings in Windows. _______is a touch-enabled interface for managing Windows.

Windows Settings

Legacy management interface for configuring user and system settings in Windows.

Control Panel

_______ controls access to the computer.

A user account

_______ is protected by authenticating the account owner.

A user account

________ means that the person must provide some data that is known or held only by the account owner to gain access to the account.

Authentication

contains default folders for personal documents, pictures, videos, and music. Software applications might also write configuration information to ______ Each user account is associated with ______

profile.

_______ account has privileges to change any aspect of the system configuration. The first user of the computer is configured as the default _______

An administrator

_______ have privileges on their profile only, rather than the whole computer.

Standard users

Cloud-based SSO service allowing users to synchronize settings between multiple Windows devices.

Microsoft Account

________ can be used to sign in on a single computer only.

A local account

Manage the current user account. If the account type is a Microsoft account, this links to a web portal.

Account settings - Your info

Add sign-in credentials for other accounts, such as email or social networking, so that you can access them quickly.

Account settings - Email and Accounts

Use a fingerprint reader or PIN to access the computer rather than a password. The computer can also be set to lock automatically from here.

Account settings - Configure sign-in options

Join the computer to a centrally managed domain network.

Account settings - Access work or school

Permit other local or Microsoft accounts to log on to the computer. Generally speaking, these accounts should be configured as standard users with limited privileges.

Account settings - Family and other users

Use the cloud to apply the same personalization and preferences for each device that you use a Microsoft account to sign in with.

Account settings - Sync settings

Control Panel app relating to user account creation and maintenance. ______ in Control Panel is the legacy interface.

The User Accounts Applet

________ govern what usage data Windows is permitted to collect and what device functions are enabled and for which apps.

Privacy and Security Settings

_______ allow a user to change antivirus, browser, and firewall settings.

The security settings

allows Microsoft to process usage telemetry. It affects use of speech and input personalization, language settings, general diagnostics, and activity history.

Data collection

allow or deny access to devices such as the location service, camera, and microphone and to user data such as contacts, calendar items, email, and files.

App permissions

Keeping the PC synchronized to an accurate time source is important for processes such as authentication and backup.

Set the correct date/time and time zone

for appropriate spelling and localization, keyboard input method, and speech recognition. Optionally, multiple languages can be enabled. The active language is toggled using an icon in the notification area (or START+SPACE).

Set region options

Windows Settings pages related to customizing the appearance of the desktop using themes.

The Personalization Settings

________ include the desktop wallpaper, screen saver, color scheme, font, and properties for the Start menu and taskbar.

Personalization and theme settings

__________ settings configure input and output options to best suit each user.

Ease of Access (or Ease of Access/Accessibility) settings

configures options for cursor indicators, high-contrast and color-filter modes, and the Magnifier zoom tool. Additionally, the Narrator tool can be used to enable audio descriptions of the current selection.

Vision

configures options for volume, mono sound mixing, visual notifications, and closed-captioning.

Hearing

configures options for keyboard and mouse usability. The user can also enable speech- and eye-controlled input methods.

Interaction

Ease of Access can be configured via Settings or via Control Panel. In Windows 11, these settings are found under the ______ heading.

Accessibility

enables you to open, copy, move, rename, view, and delete files and folders. In Windows, file management is performed using the ______

File Explorer

Contains personal data folders belonging to the signed-in account profile. For example, in the previous screenshot, the user account is listed as "James at CompTIA."

User account

Cloud storage service operated by Microsoft and closely integrated with Windows. If you sign into the computer with a Microsoft account, this shows the files and folders saved to your cloud storage service on the Internet.

One Drive

Also contains the personal folders from the profile but also the fixed disks and removable storage drives attached to the PC. File system object representing a Windows computer and the disk drives installed to it.

This PC

Contains computers, shared folders, and shared printers available over the network. In its most simple form, a network consists of two or more computers connected to each other by an appropriate transmission medium which allows them to share data. More complex networks can be developed from this basic principle—networks can be interconnected in different ways and even dissimilar networks can be linked.

Network

When files are deleted from a local hard disk, they are stored in the Recycle Bin. They can be recovered from here if so desired.

Recycle bin

While the system objects represent logical storage areas, the actual data files are written to _____

disk drives.

_______ can be a single physical disk or a partition on a disk, a shared network folder mapped to a drive letter, or a removable disk.

A "drive"

_______ is the floppy disk (very rarely seen these days)

the A: drive

________ is the partition on the primary fixed disk holding the Windows installation.

the C: drive

Every drive contains a directory called the ______ represented by the backslash ( \ ).

root directory

________ are the files that are required for the operating system to function.

System files

The system root, containing drivers, logs, add-in applications, system and configuration files (notably the System32 subdirectory), fonts, and so on.

System File Folder - Windows

Subdirectories for installed applications software. In 64-bit versions of Windows, a Program Files (x86) folder is created to store 32-bit applications.

system file folder - Program Files/Program Files (x86)

Storage for users' profile settings and data. Each user has a folder named after their user account. This subfolder contains NTUSER.DAT (registry data) plus subfolders for personal data files. The profile folder also contains hidden subfolders used to store application settings and customizations, favorite links, shortcuts, and temporary files.

system file folder - Users

Control Panel app related to view and browsing settings for File Explorer.

The File Explorer Options

Control Panel app related to search database maintenance.

Indexing Options applet.

_______ can include both folders and email data stores. A corrupted index is a common cause of search problems.

Indexed locations

________ within the Ease of Access menu are specifically designed to help users with physical disabilities. This section includes options like Sticky Keys, which allows users to press keyboard shortcuts one key at a time, and Mouse Keys, which enables the numeric keypad to control the mouse pointer. These settings are tailored to improve interaction with the computer for users with accessibility needs.

The Interaction settings

System behavior, such as what happens when the laptop lid is closed, can be configured through_________. Adjusting the "Choose what closing the lid does" settings allows you to specify whether the laptop should sleep, hibernate, or do nothing when the lid is closed.

Power Options in the Control Panel.

Learning keyboard shortcuts is useful for navigating the desktop and program windows quickly. ________ shortcut is specifically designed to allow users to switch between open program windows efficiently without using the mouse.

The Alt + Tab

________ page in the Settings app presents options for configuring input and output devices, power, remote desktop, notifications, and clipboard (data copying).

The System Settings

There is also an ______ listing key hardware and OS version information.

About page

allow the configuration of: Performance options to configure desktop visual effects for best appearance or best performance, manually configure virtual memory (paging), and operation mode. The computer can be set to favor performance of either foreground or background processes. A desktop PC should always be left optimized for foreground processes. Startup and recovery options, environment variables, and user profiles

Advanced settings

provide a single interface to manage a secure and reliable computing environment: Patch management Security apps

The Windows Update and Privacy & Security Settings

is a file containing replacement system or application code. The replacement file fixes some sort of coding problem in the original file. The fix could be made to improve reliability, security, or performance.

A patch or update

detect and block threats to the computer system and data, such as viruses and other malware in files and unauthorized network traffic.

Security apps

hosts critical updates and security patches plus optional software and hardware device driver updates. Update detection and scheduling can be configured via Settings > Update & Security.

Windows Update

______ page contains shortcuts to the management pages for the built-in Windows Defender virus/threat protection and firewall product.

The Windows Security

is an anti-piracy technology that verifies that software products are legitimately purchased.

Microsoft Product Activation

This means that Windows automatically detects when a new device is connected, locates drivers for it, and installs and configures it with minimal user input.

Plug and Play.

________ pages contain options for input devices (mice, keyboards, and touch), print/scan devices, and adding and managing other peripherals attached over Bluetooth or USB.

The Bluetooth & Devices settings

________ settings allow a smartphone to be linked to the computer.

Mobile Devices

________ applet in Control Panel provides an interface for adding devices manually and shortcuts to the configuration pages for connected devices.

The Devices and Printers

provides an advanced management console interface for managing both system and peripheral devices. Device properties, details, driver settings, and events pertaining to each device can also be accessed from________

Device Manager

A large high-resolution screen can use quite small font sizes for the user interface. Scaling makes the system use proportionally larger fonts.

Display configuration settings - Scale

When the computer is used for graphics design, the monitor must be calibrated to ensure that colors match what the designer intends.

Display configuration settings - Color

If the desktop is extended over multiple screens, the relative positions should be set correctly so that the cursor moves between them in a predictable pattern.

Display configuration settings - Multiple displays

Most computers are now used with TFT or OLED display screens. These screens are designed to be used only at their native resolution and refresh rate. Windows should detect this and configure itself appropriately, but they can be manually adjusted if necessary.

Display configuration settings - Resolution and refresh rate

Cuts power to most devices (for example, the CPU, monitor, disk drives, and peripherals) but maintains power to the memory. This is also referred to as ACPI modes S1–S3.

Standby/Suspend to RAM

Saves any open but unsaved file data in memory to disk (as hiberfil.sys in the root of the boot volume) and then turns the computer off. This is also referred to as ACPI mode S4.

Hibernate/Suspend to Disk

utilizes a device's ability to function in an S0 low-power idle mode to maintain network connectivity without consuming too much energy.

Modern Standby

A desktop creates a hibernation file and then goes into the standby state. This is referred to as ________. It can also be configured to switch to the full hibernation state after a defined period.

hybrid sleep mode

A laptop goes into the standby state as normal; if running on battery power, it will switch from standby to _____ before the battery runs down.

hibernate

This uses the hibernation file to instantly restore the previous system RAM contents and make the computer ready for input more quickly than with the traditional hibernate option.

Fast Startup

settings allow you to configure a very wide range of options, including CPU states, search and indexing behavior, display brightness, and so on. You can also enable Universal Serial Bus (USB) selective suspend to turn off power to peripheral devices.

Advanced power plan settings

group is used to view and remove installed apps and Windows Features. You can also configure which app should act as the default for opening, editing, and printing particular file types and manage which apps run at startup.

Apps Settings

_________ Control Panel applet is the legacy software management interface. You can use it to install and modify desktop applications and Windows Features.

The Programs and Features

in Control Panel is added if the Microsoft Outlook client email application is installed on the computer. It can be used to add email accounts/profiles and manage the .OST and .PST data files used to cache and archive messages. Detailed configuration of the email account, sync settings, and data file selections will be managed within the Microsoft Outlook Settings menu, the Mail Applet just contains basic settings.

The Mail Applet

_______ suspends Windows Update and dedicates resources to supporting the 3-D performance and frame rate of the active game app rather than other software or background services.

Game mode The Gaming settings page is used to toggle game mode on and off

is the modern settings app used to view network status, change the IP address properties of each adapter, and access other tools.

Network and Internet settings

is a Control Panel applet for managing adapter devices, including IP address information.

Network Connections (ncpa.cpl)

is a Control Panel applet that shows status information.

Network and Sharing Center

is a Control Panel applet that configures network discovery (allows detection of other hosts on the network) and enables or disables file and printer sharing.

Advanced sharing settings

determines which processes, protocols, and hosts are allowed to communicate with the local computer over the network. The Windows Security settings app and the applet in Control Panel allow the _______ to be enabled or disabled.

Windows Defender firewall Complex firewall rules can be applied via the Windows Defender with Advanced Security management console.

contains one or more snap-ins that are used to modify advanced settings for a subsystem, such as disks or users.

A Microsoft Management Console (MMC)

The default management console with multiple snap-ins to schedule tasks and configure local users and groups, disks, services, devices, and so on.

Computer Management (compmgmt.msc)

Maintain disk performance by optimizing file storage patterns.

Defragment and Optimize Drives (dfrgui.exe)

Regain disk capacity by deleting unwanted files.

Disk Cleanup (cleanmgr.exe)

Review system, security, and application logs.

Event Viewer (eventvwr.msc)

View and edit the security settings.

Local Security Policy (secpol.msc

View and log performance statistics.

Resource Monitor (resmon.exe) and Performance Monitoring (perfmon.msc)-

Make manual edits to the database of Windows configuration settings.

Registry Editor (regedit.exe)

Start, stop, and pause processes running in the background.

Services console (services.msc)-

Run software and scripts according to calendar or event triggers.

Task Scheduler (taskschd.msc)

Pressing ___________ shows a shortcut menu with links to the main management utilities, such as Device Manager, Computer Management, Command Prompt, and Windows Terminal (PowerShell).

WINDOWS + X or right-clicking the Windows button

can be used to execute a program with switches that modify the operation of the software.

The Run dialog ( WINDOWS + R)

Minimum specifications for CPU speed, memory, and disk capacity for installing an OS or app. for applications refers to the PC specification required to run third-party software.

System requirements

Like operating systems, software applications can be developed as _______

32-bit or 64-bit software. A 64-bit application requires a 64-bit CPU and OS platform. It cannot be installed on a 32-bit platform. 32-bit software applications can usually be installed on 64-bit platforms, however.

A PC's graphics subsystem can be implemented as a feature of either the CPU or the motherboard chipset. This is referred to as _______

integrated graphics

is a smart card or USB form factor device that stores some cryptographic user identification data. The user must present the token and supply a password, PIN, or fingerprint scan to authenticate.

An external hardware token

Software apps also have OS requirements. One of these is _________

application to OS compatibility

Formats for provisioning application installation files, such as via optical discs, downloads, and image files. is the means by which the vendor makes it available to install. Many apps are published through app stores, in which case the installation mechanics are handled automatically.

An app distribution method

Desktop applications are installed from a setup file. In Windows, these use either _________

.EXE or .MSI extensions.

Apps for macOS can use ________

DMG or PKG formats.

Linux packages use DEB packages with the APT package manager or _______________

RPM for Dandified YUM (DNF).

Commercial software must be used within the constraints of its license. This is likely to restrict either the number of devices on which the software can be installed or the number of users that can access it. Installing unlicensed software exposes a company to financial and legal penalties.

Licensing

Software might be available with paid-for support to obtain updates, monitor and fix security issues, and provide technical assistance. Alternatively, security monitoring and user assistance could be performed by internal staff, but the impact on IT operations still needs assessing.

Support

Complex apps can have a substantial and expensive user-training requirement. This can be an ongoing cost as new versions can introduce interface or feature changes that require more training or new employees require initial training. If the app is supported internally, there might also be a technical training requirement to ensure that staff can provide support and maintain the application in a secure state.

Training

Why must a project deploying a new application consider operational impacts?

Because large environments with many desktops require automated tools to deploy, update, and support the application.

What is a network-based installer?

A method where the setup file is placed in a shared network folder and client computers install the application by running the setup from that folder.

How can applications be installed remotely in Windows without manual admin intervention?

By using Group Policy Objects (GPOs) to set computers to install applications from a network folder automatically.

What is “push deployment”?

A remote installation method where the server pushes the installer or system image to desktops, often used by centrally managed tools like antivirus suites.

What operational issue can result from pushing installations over the network?

Network congestion and increased latency.

When do organizations typically schedule large over-the-network deployments to minimize impact?

During non-critical hours, such as overnight or weekends.

Why is using GPO beneficial for application deployment in terms of user permissions?

Because users do not need administrator privileges to install applications, reducing the risk of unauthorized changes or installations.

What type of account can run the setup file during a remote deployment?

A service account.

What permissions must a user have to run an installed application?

Read and execute permissions on the application’s installation directory.

Where should user-specific files, settings, or preferences be saved?

n the user's home folder/profile, not the application's program directory.

What is the principal security threat when installing applications?

Trojan horse software that conceals malicious intent, such as data theft or remote access.

How can setup files pose security risks besides Trojans?

They may be deliberately or accidentally infected with viruses.

How can organizations mitigate risks from malicious or compromised installers?

By installing only trusted software and verifying that installer code is digitally signed by reputable publishers.

How might legitimate software negatively impact device or network performance?

It may consume excessive CPU, memory, or network bandwidth, or conflict with other applications.

What security risk arises from unpatched vulnerabilities in software?

Worms or malware could exploit them to propagate and crash systems or the network.

How should organizations ensure software is safe and stable before widespread deployment?

By testing applications in a lab environment and reviewing security advisories and the developer’s security practices.

What does a setup file typically contain?

The application’s executables, configuration files, and media files, which are extracted and copied to a designated installation directory during setup.

What physical media can a setup file be distributed on?

CD/DVD or USB thumb drive.

What must be verified when downloading an installer from the Internet?

The authenticity and integrity of the package, and it must be scanned for malware.

How does Windows verify software authenticity?

Through digital signatures that identify valid developers and software sources.

How does Linux verify software packages?

By publishing a hash value of the package, which users compare to the hash they generate after downloading

What is the purpose of comparing a downloaded package’s hash to the published hash?

To ensure the package has not been tampered with and is authentic.

What is required for a network push application deployment?

A completed system image of the workstation.

What does a system image contain?

OS settings and files, application settings and files, and licensing and activation settings.

How does image deployment differ from normal application installation?

It deploys the entire workstation setup in one unit instead of installing one application at a time.

What is an ISO file?

A single file containing the entire contents of an optical disc.

What are ISO files commonly used for?

Installing operating systems on virtual machines or installing complex applications with many components.

How do you mount an ISO file in Windows?

Right-click the ISO file and select Mount; it will appear in File Explorer with the next available drive letter.

allow multiple users to work together simultaneously or allows users to connect remotely to work together on projects and have meetings.

Collaboration tools

Cloud-based applications

email storage (OneDrive) collaboration tools (spreadsheets) videoconferencing (Microsoft Teams, Slack, zoom)

This allows users to meet, discuss, and work together as if they were sitting in the same office or conference room.

Videoconferencing software such as Microsoft Teams, Slack, and Zoom provides an easy way to connect via video and audio calls.

they provide the terms and conditions of the use of the software application and its limitations

Licensing of cloud-based applications

can simplify how users sign in and access resources in an enterprise environment. Having a single set of credentials to log into a cloud resource and then being able to use those same credentials to access an on-premise resource, such as their workstation, decreases the number of credentials a user must remember.

The use of an online or cloud-based identity provider

lets you view and edit installed hardware properties, change configuration settings, update drivers, and remove or disable devices.

Device Manager (devmgmt.msc)

resulting in an "Unknown Device" or a "generic" type with a yellow exclamation mark in Device Manager.

Windows may identify a device's type and function but fail to find a driver

how do you manually update or troubleshoot a device?

locate it in Device Manager, right-click, and select Properties. Check the General tab for status information and use the Update Driver button on the Drivers tab to install a new driver.

For Plug and Play, hot-swappable devices, you can remove them without uninstalling. what should you do after?

close any active applications, click the Safely Remove Hardware icon in the taskbar, and select the option to stop or eject the device.

Disabled devices are indicated by a

down arrow.

In Device Manager, you can disable a device if it's malfunctioning or to restrict user access while seeking a replacement. what is disabling useful for?

useful for devices that are hard to physically uninstall, enhancing system security.

stores all data generated by the operating system and applications. As the primary store of so much data, ensuring its reliability and performance is a critical management task.

The disk subsystem

Console related to initializing, partitioning, and formatting disk drives. summarizes all fixed and removable disks—HDDs (Hard disk drives), SSDs (solid state drives), and optical drives—attached to the system. HDDs and SSDs can be divided into logical partitions, each represented as a volume in the top pane.

The Disk Management console

is a logical storage unit for the OS, often mapped 1:1 with a partition. can also be created using a redundant drive configuration (RAID), involving multiple devices and partitions.

A volume

are set up on HDDs and SSDs.

Partitions

typically refers to a volume assigned a letter, but it can also mean a hardware storage device.

"drive"

Contains boot files, usually using a boot system called extensible firmware interface (EFI), and is not assigned a drive letter.

System Volume

Contains operating system files, typically assigned the drive letter C:.

Boot Volume

Contain tools for repair or factory reset, using either the PC vendor's tool or Microsoft's WinRE, and are not assigned drive letters.

Recovery partitions

When adding an unformatted HDD, SSD, or thumb drive, you must initialize it using master boot record (MBR) or Globally Unique ID (GUID) Partition Table (GPT) partition style for the new disk. MBR and GPT refer to the way the partition information is stored on the disk.

disk management console - Initializing disks

Configure each disk with at least one partition. Create new partitions by right-clicking the unpartitioned space and following the wizard.

disk management console -Partitioning

Write a file system, typically NTFS, to new partitions allowing Windows to read and write files. FAT32 may be used for small, removable drives. Reformatting existing partitions deletes all files. You can also select a volume label and allocation unit size.

disk management console - Formatting

Expand existing partitions when needed if there is unpartitioned space or remove/shrink partitions to free space.

disk management console - Repartitioning

Windows feature for creating a single storage resource from multiple devices. Data can be protected against device failure by RAID-like mirroring or parity. Windows now supports a software RAID feature called ______ for redundant disk configurations.

Storage Spaces

Traditionally, the smallest storage unit is a ______

512-byte sector

File systems can group sectors into clusters of ______

2, 4, or 8 sectors

During setup, the boot partition must be ______, and the system partition must be _____.

NTFS; FAT32

On a hard disk, files ideally occupy contiguous clusters. Over time, they become fragmented across non-contiguous clusters, reducing read performance.

Fragmentation

Typically, more files are created than deleted, reducing capacity. Performance suffers if the boot volume has less than 20% free space, and a Low Disk Space warning appears below 200 MB.

Capacity:

HDDs are prone to physical damage, especially during power cuts, leading to corrupted files. SSDs can degrade, resulting in bad blocks, and are vulnerable to impacts, overheating, and electrical issues.

Damage

Fragmentation occurs when a data file is not saved to contiguous sectors on an HDD and reduces performance. The defragmenter mitigates this and can also perform optimization operations for SSDs.

The Defragment and Optimize Drives tool

defragmenting reorganizes file data into contiguous clusters, reducing the time the controller needs to seek across the disk to read a file.

defragging HDDs

data is stored in blocks managed by the drive controller, not the OS. The controller uses wear-leveling routines to reduce cell degradation. The optimizer tool runs TRIM operations, allowing the controller to mark OS-deletable data as writable. If the SSD holds the OS and Volume Shadow Copy is enabled, the optimizer may also perform defragmentation.

defragging SSDs

Windows utility for removing temporary files to reclaim disk space identifies files safe for deletion to free up space, including those in the Recycle Bin and temporary files. Running it in administrator mode with the Clean up system files option reclaims space from caches like Windows Update and Defender.

The Disk Clean-up tool

Enables execution of an action (such as running a program or a script) automatically at a pre-set time or in response to some sort of trigger. automates commands and scripts, with many Windows processes having predefined schedules.

The Task Scheduler

Tasks can be triggered by events, such as user sign-in or the machine waking from sleep, not just by calendar dates/times.

task scheduler - Triggers

Each task can include multiple actions for complex automation.

task scheduler - Multiple Actions

All task activity is logged so you can investigate failures.

task scheduler -Logging

Tasks can be organized into folders for better management.

task scheduler -Organization

In addition to specifying the file or script path and trigger, ________ If the user account lacks sufficient permissions, the task will not execute.

you must enter the credentials under which the task will run.

Console for creating and managing user and group accounts with the authentication and permissions scope of the local system. offers an advanced interface for managing user accounts, including creating, modifying, disabling, deleting, and resetting passwords.

The Local Users and Groups console

allow you to group user accounts with similar permissions, like editing files in a shared folder.

Security groups

such as Administrators, Users, and Guests, define account types available through the settings interface.

Default groups

verifies the identity of a user, computer, or service, with validity guaranteed by the issuing certification authority (CA).

A digital certificate

displays installed certificates and allows for requesting and importing new ones.

The certificate manager console

Stores certificates issued to the user account, used for network authentication, data encryption, and digital signatures.

The certificate manager console - Personal Folder

Contains certificates from all trusted issuers, including Microsoft's CA root, local enterprise CAs, and third-party CAs, mostly managed via Windows Update.

The certificate manager console - Trusted Root Certification Authorities

Contains trusted issuers from non-Microsoft or local enterprise providers.

The certificate manager console -Third-party Root Certification Authorities

Use ______ to manage certificates for the current user

certmgr.msc

Use ______for the computer certificate store.

certlm.msc

offers a robust way to configure these Windows settings without directly editing the registry. Vendors can also create administrative templates to configure third-party software via policies.

The Group Policy Editor

efficiently applies settings across multiple computers, avoiding manual configuration. Policies are typically set using an enabled/disabled/not defined toggle, though some require discrete values.

In large networks, group policy

is a remotely accessible database for storing configuration information for the OS, devices, and applications. (regedit.msc)

The Windows registry

The registry database is the configuration database for Windows. The registry can be directly edited by experienced support personnel using a variety of tools. The registry should be backed up before system changes are made.

The Registry

Manages system-wide settings.

The Registry (root keys) - HKEY_LOCAL_MACHINE (HKLM)

Contains settings for individual user profiles, like desktop personalization.

The Registry (root keys) - HKEY_USERS (HKU)

A subset of HKEY_USERS with settings for the logged-in user.

The Registry (root keys) -HKEY_CURRENT_USER (HKCU):

Contains information about registered applications, file associations, and OLE object classes, determining which application opens a file type.

The Registry (root keys) -HKEY_CLASSES_ROOT (HKCR):

Reflects the current hardware profile used at startup, dynamically built at boot time.

The Registry (root keys) -HKEY_CURRENT_CONFIG (HKCC):

is stored in binary files called hives, consisting of a main file, a .LOG file (transaction log), and a .SAV file (setup copy).

The registry database

File storing configuration data corresponding to a section of the Windows registry. also has an .ALT backup file.

The system hive

Most files are in the C:\Windows\System32\Config folder, while each user profile's hive (NTUSER.DAT) is in the ______

user's profile folder.

_____ entry includes the name, data type (such as string or binary), and the value itself.

A value

is a container for snap-ins like Device Manager, Disk Management, Group Policy Editor, and Certificate Manager. Use the mmc command to customize and create a console with your chosen snap-ins. Save the console as an MSC file in the Administrative Tools folder.

A Microsoft Management Console (MMC)

allows the SSD controller to mark OS-deletable data as writable, which helps maintain the SSD's performance and longevity. This is the most appropriate action for optimizing an SSD.

The Optimize Drives tool (formerly known as Disk Defragmenter) performs TRIM operations on SSDs. TRIM:

Basic shell interpreter for Windows. processes legacy commands from early Windows versions.

The command prompt

Windows feature that requires a task to be explicitly launched with elevated privileges and consented to via UAC.

"Run as administrator,"

are usually preceded by a forward slash.

Switches

If an argument includes a space,

enclose it in quotes

Use ___ to clear the screen if needed.

"cls"

type _______ for syntax and switches used for the command.

"help Command"

Use the __ switch for command-specific help, e.g., netstat __ displays help on the netstat command.

Command-line utility that displays information about the contents of the current directory.

the dir command

Use ____ to sort files, where x can be:

/o:x n for name s for size e for extension d for date

Use ____ to specify the date field, where x can be:

/t:x c for created a for last accessed w for last modified

Use ___ to show files with specific attributes, where x can be:

/a:x r for Read-only h for hidden s for system a for archive

Use ________ for unspecified characters. A question mark ? represents a single unspecified character. For example, dir ????????.log lists all .log files with eight-character names.

wildcard characters

Command-line tool used to navigate the directory structure. to change the working directory.

Use the cd command

The active, or in focus, drive is managed separately from the directory. To switch drives, enter ______

the drive letter followed by a colon and press ENTER. typing D: switches to the D drive

Command-line tool for moving files in Windows.

The move command

Command-line tool for copying files in Windows.

copy command

Command-line file copy utility recommended is another file copy utility. Microsoft recommends using _____over xcopy for better handling of long file names and NTFS attributes.for use over the older xcopy.

The robocopy command, or "robust copy,"

Excludes files that match the specified names or paths.

/xf

Excludes directories that match the specified names or paths.

/xd

Copies subdirectories, excluding empty ones.

Copies all subdirectories, including empty ones.

Lists the files and directories that would be copied, without actually copying them.

To create a directory, use the ____or ___ command.

md or mkdir

To delete an empty directory, use ___ Directory or ___ Directory. If the directory contains files or subdirectories, use the __ switch to remove them.

rd; rmdir; /s

Command-line utility used to configure disk partitions. serves as the command-line interface for the Disk Management tool.

The diskpart command

Command-line utility for creating a file system on a partition. creates a new file system on a drive, deleting all existing data

The format command

Command-line tool that verifies the integrity of a disk's file system. scans the file system and disk sectors for faults and attempts to repair detected problems. A version called _____ runs automatically if file system errors are detected at boot.

The chkdsk command; autochk

(where X is the drive letter but no switch is used) runs in read-only mode, reporting any errors that need repair.

chkdsk X

attempts to fix file system errors.

chkdsk X : /f

fixes file system errors and tries to recover bad sectors, prompting you to save recoverable data as filennnn.chk files in the root directory.

chkdsk X : /r

format X: /fs:SYS

X: the drive letter SYS: the file system type (e.g., NTFS, FAT32, exFAT)

Performs a quick format: skips scanning the disk for bad sectors.

Command-line tool for shutting down or restarting the computer. The command is supported by Windows and Linux, though with different syntax. is used to safely power off, restart, hibernate, or log out of the system.

The shutdown command

Closes all programs and services before turning off the computer. Users should save open files first but will be prompted to save unsaved changes.

Shutdown (shutdown /s )

Use _________ to delay shutdown by nn seconds (default is 30 seconds). Abort a shutdown with ______ (if done quickly).

shutdown /t nn; shutdown /a

Saves the current session to disk before powering off.

Hibernate (shutdown /h )

Closes programs and services under the user account, leaving the computer running.

Log off (shutdown /l )

Closes programs and services before rebooting without powering down, also known as a soft reset.

Restart (shutdown /r )

Command-line utility that checks the integrity of system and device driver files. allows you to manually verify and restore system files from cache if they are corrupt or damaged.

sfc command utility (sfc )

Runs an immediate scan. "sfc /"

sfc /scannow

Schedules a scan for the next computer restart. "sfc /"

sfc /scanonce

Schedules a scan at every boot. "sfc /"

sfc /scanboot

Command-line tool for reporting Windows version information. provides Windows version information, useful for support.

The winver command Key details provided by winver: Windows 10 or 11: Identifies the OS as a client version, distinct from Windows Server. Version:Indicates a feature update, shown as a year/month code representing the time of release (e.g., 1607 for July 2016, 21H1 for early 2021). OS Build: A two-part number; the first part shows the brand and feature update, while the second part (rev) indicates quality updates or patches. The rev number can be used to find changes and known issues associated with the update in the Microsoft Knowledge Base (support.microsoft.com).

is a utility that displays the current user's username and domain information, verifying the identity and access level of the logged-in user.

The whoami command

This protocol provides network mapping and discovery functions for networks without dedicated name servers.

Link-layer Topology Discovery

Each network connection is governed by the _________________ imposed by Windows Defender Firewall.

local OS firewall settings

Windows feature that categorizes network profile as public or private. Each profile can have a different firewall configuration, with public network types being more restricted, by default.

the network location awareness

If the network profile type is set as ________, the PC is discoverable and may be used for folder or printer sharing. This is only advisable when connecting to a trusted network.

Private

If the network is set as______, Windows Firewall is configured to block all access and make the host undiscoverable.

Public

refers to using a cellular adapter to connect to the Internet via a provider's network. The bandwidth depends on the technologies supported by the adapter and by the local cell tower (3G, 4G, or 5G, for instance).

Wireless wide area network

Windows feature for indicating that network data transfer is billable and for setting warnings and caps to avoid unexpected charges from the provider

metered connection

line utility is used to trace the path a packet of information takes to get to its target. The command can take an IP address or FQDN as an argument.

The tracert command (pronounced trace route)

performs a trace and then pings each hop router a given number of times for a given period to determine the round-trip time (RTT) and measure link latency more accurately. The output also shows packet loss at each hop.

the pathping command

can be used to investigate open ports and connections on the local host. In a troubleshooting context, you can use this tool to verify whether file sharing or email ports are open on a server and whether other clients are connecting to them.

The netstat command

includes UDP ports in the listening state.

netstat -a

shows the process that has opened the port. Alternatively, use the -o switch to list the process ID (PID) rather than the process name. These switches can only be used from an administrative command prompt.

netstat -b

displays ports and addresses in numerical format. Skipping name resolution speeds up each query.

netstat -n

can be used to report Ethernet and protocol statistics respectively

netstat -e and -s

Remote access tool and protocol. VNC is the basis of macOS screen sharing. is a freeware product with similar functionality to RDP It works over TCP port 5900.

Virtual Network Computing (VNC) protocol.

protects the RDP server against denial-of-service attacks. authenticates the user before committing any resources to the session.

Network Level Authentication (NLA).

If Remote Desktop is used to connect to a server that has been compromised by malware, the credentials of the user account used to make the connection become highly vulnerable ________________________ are means of mitigating this risk.

RDP Restricted Admin (RDPRA) Mode and Remote Credential Guard

There are also open-source implementations of RDP, such as ____. You can use _____ to run an RDP server on a Linux host.

XRDP

Windows remote-support feature allowing a user to invite a technical support professional to provide assistance over a network using chat. The user can also grant the support professional control over his or her desktop. Remote Assistance uses the same RDP protocol as Remote Desktop.

Remote Assistance

Windows support feature allowing remote screen-sharing over the Internet. (CTRL +WINDOWS +Q ) works over the encrypted HTTPS port TCP/443. The helper must be signed in with a Microsoft account to offer assistance. The helper generates the passcode to provide to the sharer.

the Quick Assist

assigns a port dynamically from the ephemeral range (49152 to 65535).

Remote Assistance

stands for Windows Remote Management. It's a key technology developed by Microsoft for managing Windows-based systems remotely.

WinRM

is Microsoft's implementation of the WS-Management protocol. It allows systems to exchange and access management information across a network.

WinRM

Being a Simple Object Access Protocol (SOAP) based program it relies on HTTP/HTTPS connections to communicate between the systems.

WinRM

Application protocol supporting secure tunneling and remote terminal emulation and file copy. runs over TCP port 22.

Secure shell (SSH)

SSH allows various methods for the client to authenticate to the server. Which are?

Password authentication- Public key authentication-

will be able to distinguish client accounts and provide support for recording and reporting billable support activity. tools are principally designed for use by managed service providers (MSPs).

Remote monitoring and management (RMM) tools

is an outsourcing company that specializes in handling all IT support for their clients.

An MSP

software suites are designed for deployment by a single organization and focus primarily on access control and authorization.

Desktop management/mobile-device management (MDM) software

A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.

endpoint detection and response

provides a remote display system to monitor and interact with virtual machine environments from across the Internet. The server and client relationship is used for the protocol by allowing the server to monitor and interact with each client.

The Simple Protocol for Independent Computing Environments (SPICE)

Supported by Apple iOS and macOS, this uses Bluetooth to establish a Wi-Fi Direct connection between the devices for the duration of the file transfer. The connection is secured by the Bluetooth pairing mechanism and Wi-Fi encryption.

AirDrop - file transfer software

Microsoft's version of AirDrop. Nearby Sharing was introduced in Windows 10 (1803).

Nearby Sharing - file transfer software

Bluetooth-enabled sharing for Android devices.

Nearby Share - file transfer software

is designed for technical support and troubleshooting by turning control of your system to another remote user. MSRA is not designed for continuous remote device monitoring or management.

Microsoft Remote Assistant (MSRA)

software lets you perform tasks remotely, such as analyzing activity and receiving automated alerts for unusual device activity.

Remote management and monitoring (RMM)

_______ is a critical factor when evaluating remote management tools. WinRM uses the WS-Management protocol, which must align with the organization's security policies to ensure safe and compliant remote management. Security considerations are important when using remote access technologies.

Security

____________________ is a critical security task. Many recent attacks on web servers have exploited poor SSH key management.

Monitoring for and removing compromised client public keys

Remote network boot capability is often referred to as __________ and allows devices to be remotely powered on over a network. This would allow the administrator to ensure all devices can be powered on to then start the update process.

wake on LAN (WOL)

Utility that provides a report of the PC's hardware and software configuration.

The System Information tool (msinfo32.exe)

It provides an inventory of system resources, firmware and OS versions, driver file locations, environment variables, and network status.

The System Information tool (msinfo32.exe)

A Windows console related to viewing and exporting events in the Windows logging file format.

Event Viewer (eventvwr.msc)

is a management console snap-in for viewing and managing logs on a Windows host. The default page summarizes system status, displaying recent errors and warnings. The left pane categorizes log files.

Event Viewer (eventvwr.msc)

Records events affecting the core OS, such as service load failures, hardware conflicts, driver load failures, and network issues. Each log file has a default maximum size (usually about 20 MB)

The Windows Logs folder - System Log

Contains information on non-core processes, utilities, and some third-party apps, like app installers write events to the Application log. Each log file has a default maximum size (usually about 20 MB)

The Windows Logs folder - Application Log

Holds audit data for the system. Each log file has a default maximum size (usually about 20 MB)

The Windows Logs folder - Security Log

Records installation events. Each log file has a default maximum size (usually about 20 MB)

The Windows Logs folder - Setup Log

Highest priority issues, often indicating a halted or unresponsive process.

Event Sources and Severity Levels - Critical

Less severe issues to investigate after resolving critical ones.

Event Sources and Severity Levels - Error

Conditions that could lead to errors or critical issues if not addressed, like low disk space.

Event Sources and Severity Levels - Warning

Noteworthy operations or states that don't require action.

Event Sources and Severity Levels - Information

Security log events indicating successful actions, like user authentication, or failures, like incorrect password entries.

Event Sources and Severity Levels - Audit Success/Failure

monitors your PC's key resources. Open it by pressing CTRL+SHIFT+ESC, right-clicking the taskbar or Start, or pressing CTRL+ALT+DEL and selecting ______

Task Manager

refers to system (RAM) usage only.

task manager memory page - In use

reports the amount of memory requested and the total of system plus paged memory available. Paged memory refers to data that is written to a disk pagefile.

task manager memory page - Committed

refers to fetching frequently used files into memory pre-emptively to speed up access.

task manager memory page - Cached

refer to OS kernel and driver usage of memory. Paged usage is processes that can be moved to the pagefile, while non-paged is processes that cannot be paged.

task manager memory page - Paged pool and non-paged pool

Apps and scripts set to run when the computer starts or when the user signs in. _____ items can be configured as shortcuts, registry entries, or Task Scheduler triggers.

task manager - Startup tab

Console for live monitoring of resource utilization data for the CPU and GPU, system memory, disk/file system, and network.

Resource Monitor (resmon.exe)

offers advanced snapshot monitoring beyond Task Manager, displaying resource performance graphs and key statistics like threads initiated by a process and hard page faults per second.

Resource Monitor (resmon.exe)

Console for reporting and recording resource utilization via counter data for object instances.

Windows Performance Monitor (perfmon.exe)

offers real-time system resource charts and logs data for long-term analysis. These charts and logs are more detailed than the Performance tab of Task Manager.

Windows Performance Monitor (perfmon.exe)

Collect statistics on resources like memory, disk, and processor to assess system health and performance.

performance monitor log files - Counter Logs

Gather detailed service statistics, offering detailed reports on resource behavior. They extend the capabilities of the Event Viewer by logging data that would otherwise be inaccessible.

performance monitor log files - Trace Logs

Measures non-idle thread execution time and should be low in general. Sustained values over 85% may indicate a bottleneck.

performance monitor counter -(object: processor) % Processor Time

High processor time (over 85% for sustained periods) can be analyzed by comparing these. A significantly higher privileged time suggests the CPU may be underpowered (it can barely run Windows core processes efficiently).

performance monitor counter -(object: processor) % Privileged Time; % User Time

The percentage of time the selected disk drive is occupied with read or write requests serves as a strong indicator of disk activity. If this average exceeds 85% for an extended period, it may indicate a disk problem.

performance monitor counter - (Object: Physical disk) % Disk Time

Shows outstanding disk requests. Taken with the preceding counter, this gives a better indicator of disk problems. For example, high values alongside high disk time suggest disk problems.

performance monitor counter - (Object: Physical disk) Average Disk Queue Length

The amount of available memory should not be below 10% of the total RAM. Continuous decline may indicate a memory leak (a process that allocates memory but does not release it again).

performance monitor counter - (Object: Memory) Available Bytes

The number of pages read from or written to disk to resolve hard page faults indicates your system's use of the paging file. This is acceptable unless it becomes excessive (averaging above 50). It's advisable to check the paging file's usage by examining the paging object itself.

performance monitor counter - (Object: Memory) Pages/sec

The percentage of the pagefile in use indicates its utilization. If your 1000 MB paging file averages 50% usage, adding around 500 MB of memory could be beneficial. Remember, excessive paging can degrade disk performance, as paging is disk-intensive.

performance monitor counter - (Object: Paging File) % Usage

Utility for configuring Windows startup settings.

The System Configuration Utility

modifies settings affecting how the computer boots and loads Windows. It's primarily used for diagnostic testing rather than permanent changes, which are typically made using tools like Services.

The System Configuration Utility

1. POST – Firmware checks hardware. 2. MBR read – BIOS reads the Master Boot Record (first sector of disk). 3. Active partition – MBR points to the boot sector of the active partition. 4. BOOTMGR.EXE - Loaded from the System Reserved partition - Reads BCD (Boot Configuration Data) 5. Boot menu (optional) – Shown if multiple OS entries exist. 6. WINLOAD.EXE – Loaded from the Windows system root. 7. Kernel initialization - Loads NTOSKRNL.EXE, HAL.DLL, boot drivers 8. WINLOGON – User authentication begins

Boot process - Legacy BIOS Boot (MBR-based)

1. POST – Firmware checks hardware. 2. GPT read – Firmware locates the EFI System Partition (ESP). 3. BOOTMGFW.EFI - Located in \EFI\Microsoft\Boot\ - Reads the BCD stored on the ESP 4. Boot menu (optional) – Based on BCD entries. 5. WINLOAD.EFI – UEFI version of the Windows boot loader. 6. Kernel initialization - Same as BIOS from this point onward 7. WINLOGON – User authentication begins.

Boot process - UEFI Boot (GPT-based)

Troubleshooting startup mode that loads a limited selection of drivers and services.

Safe Mode

loads only basic drivers and services required to start the system. This is a useful troubleshooting mode as it isolates reliability or performance problems to add-in drivers or application services and rules out having to fully reinstall Windows.

Safe Mode

Troubleshooting boot options that allow use of tools such as safe mode and recovery discs. If the boot files are damaged, you can use the ______ option to try to fix them

Startup Repair

Windows troubleshooting feature that installs a command shell environment to a recovery partition to remediate boot issues. where you could run commands such as diskpart, sfc, chkdsk, bootrec, bcdedit, or regedit to try to repair the installation manually.

Windows Recovery Environment

Windows System Protection feature that allows the configuration to be reverted to a restore point. allows you to roll back from system configuration changes

System Restore

allows for multiple restore points to be maintained (some are created automatically) and to roll back from changes to the whole registry and reverse program installations and updates.

System Restore

Windows troubleshooting feature that allows removal of an update or reversion to a previous driver version.

Roll Back Updates Drivers feature.

What does the error message “No boot device found” or “Invalid boot disk” indicate?

The system has completely failed to boot.

What is a common modern cause of an Invalid boot disk error?

System firmware is set to boot from USB or another removable device.

What does a transitory Invalid boot disk error often indicate?

A failing disk or firmware difficulty detecting the drive.

What does a “No OS found” message indicate?

The disk is detected but does not report the location of the OS loader.

What does bootrec /fixmbr do?

Attempts to repair the Master Boot Record (MBR).

When should bootrec /fixmbr not be used?

On disks using GPT partitioning.

What does bootrec /fixboot do?

Repairs the boot sector.

What does bootrec /rebuildbcd do?

Adds missing Windows installations to the Boot Configuration Database (BCD).

What does it mean if Windows boots but the GUI does not load?

Likely corruption of drivers or system files.

If Windows boots to a GUI in Safe Mode but not normally, what is the likely fix?

: Replace or update the graphics adapter driver.

What commonly causes temporary black screen issues in Windows?

Windows updates installing in the background.

What key combination tests system responsiveness during a black screen?

Windows + Ctrl + Shift + B

How can you view more details during the Windows boot process?

Enable Display highly detailed (verbose) status messages.

How are verbose status messages enabled in Windows?

by configuring a system policy or applying a registry setting.

What typically causes delays before the Windows sign-in screen appears?

Loading drivers and services.

Which file is most prone to corruption in a user profile?

NTUSER.DAT

Which files should NOT be copied when rebuilding a user profile?

NTUSER.DAT NTUSER.DAT.LOG NTUSER.INI

Situation where hosts on a network are not closely synchronized to the same date/time source.

time drift,

is a safeguard or prevention method to avoid, counteract, or minimize risks relating to personal or company property.

A security control

work in the built environment to control access to sites. Examples include fences, doors, and locks.

Physical controls

are applied and enforced by people. Examples include incident response processes, management oversight, and security awareness training programs.

Procedural controls

are applied and enforced by digital or cyber systems and software. Examples include user authentication, antivirus software, and firewalls.

Logical controls

CIA triad

Confidentiality, Integrity, and Availability:

ensures that sensitive data is only accessible by authorized users.

Confidentiality

ensures that the data is accurate and trustworthy.

Integrity

means that resources are readily available for users to access when they need to.

Availability

This framework ensures that only authorized users have the appropriate access to the right resources at the right time.

Identity and Access Management (IAM).

This involves identifying and defining users, devices, and applications within the system.

Identification

This identifies users attempting to access resources. This can be done with passwords, biometrics, and multi-factor authentication.

Authentication

This determines what resources and actions a user is allowed to access based on their role, responsibilities, and permissions.

Authorization

Enforces authorization policies and restricts access to resources based on predefined rules.

Access Control

The collection of access control entries (ACEs) that determines which subjects (user accounts, host IP addresses, and so on) are allowed or denied access to the object and the privileges given (read-only, read/write, and so on).

access control list

The basic principle of security stating that unless something has explicitly been granted access, it should be denied access.

implicit deny

A basic principle of security stating that something should be allocated the minimum necessary rights, privileges, or information to perform its role.

least privilege.

is a weakness that could be accidentally triggered or intentionally exploited to cause a security breach.

Vulnerability

is the potential for someone or something to exploit a vulnerability and breach security. ____ may be intentional or unintentional.

A threat

The person or thing that poses the threat is called a __________________

threat actor or threat agent.

The path or tool used by a malicious threat actor can be referred to as the _______________

attack vector or threat vector.

is the likelihood and impact (or consequence) of a threat actor exercising a vulnerability.

Risk

cipher uses a single secret key to both encrypt and decrypt data.

A symmetric encryption cipher

A symmetric cipher, such as the_____________, can perform bulk encryption and decryption of multiple streams of data efficiently.

Advanced Encryption Standard (AES)

uses a key pair. A key pair is a private key and a public key that are mathematically linked.

An asymmetric encryption cipher

is known only to the holder and is linked to, but not derivable from, a public key distributed to those with whom the holder wants to communicate securely. ________ can be used to encrypt data that can be decrypted by the linked public key or vice versa.

A private key

this key is freely distributed and is used to encrypt data, which can only be decrypted by the linked private key in the pair.

public key

is a short representation of data. ____ function takes any amount of data as input and produces a fixed-length value as output. A cryptographic ____ performs this process as a one-way function that makes it impossible to recover the original value from_______

A hash SHA-256 and SHA-3 are the most used version of the SHA algorithms.

proves that a message or digital certificate has not been altered or spoofed.

A digital signature

allows two hosts to know the same symmetric encryption key without any other host finding out what it is.

Key exchange

is the principal means of controlling access to computer and network resources and assigning rights or privileges.

A user account

User account that can be authenticated again and allocated permissions for the computer that hosts the account only. is defined on that computer only

A local account

is managed via an online portal (account.microsoft.com) and identified by an email address.

A Microsoft account

is a collection of user accounts. __________ are used when assigning permissions and rights, as it is more efficient to assign permissions to a group than to assign them individually to each user.

Security groups

can perform all management tasks and generally has very high access to all files and other objects in the system.

A user account that is a member of the administrator group

is a member of the Users group. This group is generally only able to configure settings for its profile. However, it can also shut down the computer, run desktop applications, install and run store apps, and use printers.

A standard account

is only present for legacy reasons. It has the same default permissions and rights as the User group.

The guest group

is present to support legacy applications. Historically, this group was intended to have intermediate permissions between administrators and users.

The power user group

provides an interface for managing both user and group accounts. Use the shortcut menus and object Properties dialogs to create, disable, and delete accounts, change account properties, reset user passwords, create custom groups, and modify group membership.

The Local Users and Groups management console

is a security practice in which users are granted access to resources only when needed and for only as long as it takes to complete the needed task.

Just-in-Time (JIT) access

focuses on securing, controlling, and monitoring access to privileged accounts.

Privileged Access Management (PAM)

is a Windows security feature designed to protect the system against malicious scripts and attacks that could exploit the powerful privileges assigned to accounts that are members of the Administrators group.

User account control

is a security framework that is used in many organizations. This means that no user or device should ever be automatically trusted, regardless of their location or previous authentication.

Zero trust

requires that all users and devices are authenticated, authorized, and continuously validated before being granted access

zero trust

The format of a credential is called an

authentication factor

authentication factor - something you know, such as a password

knowledge

authentication factor -something you have, such as a smart card or smartphone

possession

authentication factor -something you are, such as a fingerprint. This will typically involve biometrics

inherence

means that the user must submit at least two different types of credentials, such as something you know and something you are.

Multifactor-authentication (MFA)

Authentication mechanism that uses a separate channel to authorize a sign-on attempt or to transmit an additional credential. This can use a registered email account or a contact phone number for an SMS or voice call.

2-step verification

The soft tokens may also be referred to as a __________. ______ is only valid for a single login session and a new unique passcode is generated for each login attempt.

one-time password (OTP)

This OTP is only valid for a set amount of time, such as 1 minute, before it expires. If the OTP is not entered within the specified timeframe, a new OTP will need to be requested.

Time-based OTP (TOTP)

This method uses an algorithm that generates the OTP using a counter-based approach. This means that each time the OTP is requested, the counter is increased which ensures that every password is unique and can only be used once.

Hash-based Message Authentication Code OTP (HOTP)

In this method, the server sends a challenge, such as a random number, to the user. This challenge is entered into the OTP generator which uses that to generate a unique OTP.

Challenge-Response

Software that allows a smartphone to operate as a second authentication factor or as a trusted channel for 2-step verification.

An authenticator ap

works in the same sort of way as an authenticator app but is implemented as firmware in a smart card or USB thumb drive rather than running on a smartphone. ________ is first registered with the service or network. When the user needs to authenticate, he or she connects the token and authorizes it via a password, PIN, fingerprint reader, or voice recognition. The token transmits its credentials to the service, and the service grants the user access.

The hard token

Notes A-2.1 Flashcards

(518 cards)