Notes A-2.2 Flashcards by Sophia Hammond

(SAM) database

Security Accounts Manager

How well did you know this?

Not at all

Perfectly

LSA

The Local Security Authority

How well did you know this?

Not at all

Perfectly

The (LSA) compares the submitted credential to the one stored in the (SAM) database, which is part of the registry

Windows local sign-in

How well did you know this?

Not at all

Perfectly

The LSA can pass the credentials for authentication to a network service. The preferred system for network authentication is based on a system called Kerberos. This is typically performed when the device is connected to a domain.

Windows network sign-in

How well did you know this?

Not at all

Perfectly

If the user’s device is not connected to the local network, authentication can take place over some type of virtual private network (VPN) or web portal.

Remote sign-in

How well did you know this?

Not at all

Perfectly

(NIST)

National Institute of Standards and Technology

How well did you know this?

Not at all

Perfectly

Organizations such as the ____________ will release updates to secure password creation recommendations as needed.

National Institute of Standards and Technology (NIST)

How well did you know this?

Not at all

Perfectly

subsystem allows the user to configure an alternative means of authenticating.

The Windows Hello

How well did you know this?

Not at all

Perfectly

is separately configured for each device. It uses the trusted platform module feature of the CPU or chipset and encryption to ensure that the PIN is not stored within Windows itself.

Windows Hello PIN

How well did you know this?

Not at all

Perfectly

means that a user authenticates once to a device or network to gain access to multiple applications or services.

Single sign-on (SSO)

How well did you know this?

Not at all

Perfectly

is a special type of SSO. With _____, an Identity Provider (IdP) is used to pass user credentials to a service provider (SP).

Security Assertions Markup Language (SAML)

How well did you know this?

Not at all

Perfectly

The IdP creates a__________ which is a digitally signed document that contains the user’s credentials.

SAML assertion

How well did you know this?

Not at all

Perfectly

can be authorized to access any computer joined to the domain. It can be assigned permissions on any resources hosted in the

A domain account

How well did you know this?

Not at all

Perfectly

stores a database of network information called active directory. This database stores user, group, and computer objects.

domain controller (DC)

How well did you know this?

Not at all

Perfectly

is any server-based system that has been joined to the domain but does not maintain a copy of the Active Directory database.

A member server

How well did you know this?

Not at all

Perfectly

provides file and print and application server services, such as Exchange for email or SQL Server for database or line-of-business applications.

A member server

How well did you know this?

Not at all

Perfectly

is a way of dividing a domain up into different administrative realms

An organizational unit

How well did you know this?

Not at all

Perfectly

configures computer settings and user profile settings.
can also be used to deploy software automatically

A domain group policy

How well did you know this?

Not at all

Perfectly

On a Windows domain, a way to deploy per-user and per-computer settings such as password policy, account restrictions, firewall status, and so on.

domain group policy object

How well did you know this?

Not at all

Perfectly

Policies are applied at sign-in and refreshed periodically (normally every 90 minutes).

gpupdate/gpresult commands

How well did you know this?

Not at all

Perfectly

command is used to apply a new or changed policy to a computer and account profile immediately.

The gpupdate

How well did you know this?

Not at all

Perfectly

Using the _____ switch causes all policies (new and old) to be reapplied.

/force

How well did you know this?

Not at all

Perfectly

command can be used with /logoff or /boot to allow a sign-out or reboot if the policy setting requires it.

The gpupdate

How well did you know this?

Not at all

Perfectly

This command displays the RSoP for a computer and user account. When run without switches, the help page is displayed. The /s, /u, and /p switches can be used to specify a host (by name or IP address), user account, and password, and /r can be used to display policies for the desktop.

gpresult

How well did you know this?

Not at all

Perfectly

performs some type of configuration or process activity when the user signs in. Code that performs a series of tasks automatically when a user account is authenticated.

A login script

is a peer-to-peer network model in which computers can share resources, but management of each resource is performed on the individual computers.

A workgroup

Processes and tools that facilitate identification of hosts present on a network or subnet. Windows firewall configurations makes a host visible to network browsers.

network discovery

Windows firewall configuration that opens the network ports required to operate as a file/print server

file sharing

is a directory that all users of the computer can read and write to.

is a directory that all users of the computer can read and write to. This can be

is a share that has been assigned to a drive letter on a client device.

A mapped drive

Displays a list of servers on the local network.

net view command

View the shares available on a server named MYSERVER

net view \\MYSERVER command

Maps the DATA folder on MYSERVER to the M: drive and sets the mapped drive to stay mapped even after a reboot. If the persistent switch is not used, then the shared resource will not stay mapped after a reboot and it will have to be manually mapped again.

net use M: \\MYSERVER\DATA /persistent:yes command

Removes the mapping of the M: drive

net use M: /delete command

Removes all mapped drives.

net use * /delete command

main reasons why the net command might fail.

verify that the resource is reachable, permissions are properly configured, and the path is correct.

ACL that mediates local and network access to a file system object under Windows when the volume is formatted with _____

NTFS permissions

Read/list/execute permissions allow principals to open and browse files and folders and to run executable files.

Read/list/execute

allows the principal to create files and subfolders and to append data to files.

Write

allows the principal write permission plus the ability to change existing file data and delete files and folders

Modify

___ allows all the other permissions plus the ability to change permissions and change the owner of the file or folder.

Full control

File system access-control-concept where child objects are automatically assigned the same permissions as their parent object.

inheritance

is a private drive mapped to a network share in which users can store personal files.

A home folder

copies the whole profile from a share at logon and copies the updated profile back at logoff.

Roaming profile

The main drawback of _____ is that if a profile contains a lot of large data files, there will be a big impact on network bandwidth and sign-in and sign-out performance will be slow.

Roaming profile

changes the target of a personal folder, such as the Documents folder, Pictures folder, or Start Menu folder, to a file share. ___________ is only available across the network. This can be used independently or in conjunction with roaming profiles.

Folder redirection

____ bit CPU can only run ____editions ____ Windows editions are limited to 4 GB of RAM

__________of Microsoft Windows are specialized editions of the Home, Pro, Enterprise, and Education editions created to comply with European Union (EU) regulations, which require that consumers have the option to choose third-party media software rather than relying solely on Microsoft's built-in solutions.

N versions

This license comes pre-installed on a PC or laptop and is valid only for that device. The computer vendor provides support. Most new devices can upgrade to Windows 11.

Original Equipment Manufacturer (OEM) License

This license can be transferred between computers but can only be active on one device at a time. Microsoft provides support, and it includes upgrade rights to Windows 11.

Retail License

supports multicore processing (up to 64 cores) and HyperThreading but does not support multiple CPUs. The 64-bit edition is limited to 128 GB of RAM.

Windows Home

Designed for small and medium-sized businesses, available through OEM or retail licensing. It offers features like Group Policy, BitLocker, and Remote Desktop host for enhanced network administration

Windows Pro:

Tailored for large organizations, it includes advanced security, deployment, and management features such as AppLocker and Windows Defender Credential Guard. Available only through volume licensing agreements.

Windows Enterprise

These are versions of the Pro and Enterprise editions, customized for educational institutions. They include education-specific settings and features, with Pro Education based on Windows Pro and Education based on Windows Enterprise. Licensing is typically through academic volume agreements.

Windows Education/Pro Education

These editions can join a domain, allowing centralized management of computers, user accounts, and policies via a Domain Controller (DC) server. This is essential for large organizations needing enhanced security and control.

The primary distinction between Pro, Enterprise, and Education editions versus Windows Home is domain network support.

Devices share files and resources but are managed independently.

Workgroup

Devices connect to a centralized Domain Controller for consistent management and security policies.

Domain

Configures and enforces OS and application settings across devices, ensuring consistent configurations. Not available in Windows Home.

Group Policy Editor (gpedit.msc)

Provides disk encryption to protect data, even if a device is stolen. Not supported in Windows Home.

BitLocker

Supports ___ as both client and server, enabling remote connections to and from computers. Windows Home only includes the ___ client software.

Remote Desktop Protocol (RDP)

Available as an OEM, retail/full packaged product (FPP), or through volume licensing, which offers discounts for bulk purchases and allows custom installation images for quick deployment. supports more RAM and advanced hardware like persistent system RAM (NVDIMM).

Windows Pro

Only available via volume licensing. ______ includes exclusive features like DirectAccess virtual private networking technology, AppLocker software execution control, and the management and monitoring feature Microsoft Desktop Optimization Pack, which are not in the Pro edition.

Windows Enterprise and Education

2-way multiprocessing, up to 128 cores.

Pro and Education

4-way multiprocessing, up to 256 cores.

Pro for Workstations and Enterprise

Up to 2 TB.

Pro and Education

Up to 6 TB.

Pro for Workstations and Enterprise

Windows 10 to Windows 11 requires specific hardware features, including:

TPM 2.0 (Trusted Platform Module) UEFI with Secure Boot Supported CPU

his is a security chip that ensures platform integrity by securing cryptographic keys and authenticating the system at startup._____ is mandatory for Windows 11, and the system will not install or upgrade without it.

TPM 2.0

is a modern firmware that replaces legacy BIOS and improves security.

UEFI (Unified Extensible Firmware Interface)

ensures that the device boots only with trusted software, preventing malicious code from loading.

Secure Boot

OS setup method where the target disk is repartitioned and formatted, removing any existing OS and/or data files.

Clean Install

This involves installing the OS on a new computer or completely replacing the existing OS on an old one by repartitioning and reformatting the disk. All existing user data and settings are deleted.

Clean Install

This involves running the setup from an existing OS version, preserving third-party applications, user settings, and data files for use in the new version.

In-Place Upgrade

Upgrade Considerations: Windows 10 to 11 include?

Check Hardware Compatibility Check Application and Driver Support Backup Files and User Preferences Obtain Third-Party Drivers

_______________ are time-consuming, requiring the installer to monitor the setup and input information

Attended installations

Deployment method where installation choices are saved in an answer file or script so that the setup program executes without manual intervention.

unattended installations

Deployment method where the target disk is written with an image of the new OS. ensures machines have a consistent set of software and configuration options.

image deployment

where an image—a clone of an existing installation—is stored in a single file. It can be stored on DVD, USB media, or accessed over a network.

image deployment

is a key aspect of unattended installations, allowing images to be deployed over a network.

Remote network installation

This method enables IT administrators to install or update multiple machines simultaneously without physical access, ensuring consistency in software and configuration across all devices.

Remote network installation

enabling devices to be set up and configured automatically without any user intervention. This approach leverages cloud-based services to deploy configurations and applications as soon as the device connects to the internet.

Remote zero-touch deployment

refers to how the setup program, answer file (if used), and OS files or system image are loaded onto the target PC

The installation boot-method-os-setup method

Device used to start the setup program and hold source files for installing or upgrading an OS.

boot-method-os-setup

__________________ have become more common for installations.

USB flash drives, external drives, and hot-swappable drives

Feature of a network adapter that allows the computer to boot by contacting a suitably configured server over the network.

preboot execution environment (PXE)

The local network's DHCP server must provide the DNS name of the installation server. Typically, setup installers connect to the Internet to download updates and optional packages.

Internet-Based Boot

allows multiple operating systems to coexist on a single computer, enabling users to select which OS to boot into during startup. This setup is useful for testing software across different environments or running specific applications that are exclusive to certain operating systems.

A multiboot installation

Sector on a mass storage device that holds information about partitions and the OS boot loader.

The master boot record (MBR)

partition style stores a partition table in the first 512-byte sector of the disk, allowing up to four primary partitions, any one of which can be marked as active and bootable.

The master boot record (MBR) partition

Each primary partition starts with a _______________ which points to the OS boot loader when marked active.

boot sector, or Partition Boot Record (PBR),

Each primary partition starts with a boot sector, or Partition Boot Record (PBR), which points to the OS boot loader when marked active. In Windows, this is known as ______________

the system partition or system reserve.

Modern disk partitioning system allowing large numbers of partitions and very large partition sizes.

The GUID Partition Table (GPT)

is a more up-to-date partitioning scheme that overcomes MBR's limitations, supporting more than four primary partitions (up to 128 in Windows) and larger partitions (over 2 TB).

The GUID Partition Table (GPT)

It includes a backup of partition entries and a protective MBR for compatibility with non-____ systems. ____ requires the UEFI boot method; BIOS will not recognize it as a boot device.

The GUID Partition Table (GPT)

___ requires the legacy BIOS boot method; a UEFI method will not recognize the disk as a boot drive.

MBR

OEM recovery media enabling the user to reset the system to its factory configuration.

A factory recovery partition

This process resets the system to factory settings, erasing user data, settings, and third-party applications, so backups should be made beforehand.

A factory recovery partition

reinstalls system files and resets most settings to default, while preserving user personalization, data files, and Windows Store apps, but it removes desktop applications

The refresh option

deletes the OS, apps, settings, and data, preparing the system for a fresh OS installation.

A full reset

combines the Linux kernel with a package manager, software repository, and customizable shells, utilities, and applications.

A Linux distribution (distro)

responsible for loading the kernel into memory and starting the operating system.

bootloader

provides a command-line environment for users to interact with the OS and applications.

A shell

bash, zsh, and ksh (Korn shell), each offering features like command history, tab completion, spelling correction, and syntax highlighting.

Popular Linux shells

Captures keyboard input for processing by the shell's command interpreter.

stdin (0)

Displays data generated by the shell from the tty device on the terminal.

stdout (1)

Outputs error information.

stderr (2)

Linux distros intended for client PCs usually start with a graphical desktop environment. This environment is powered by _____, an open-source implementation of the X Window System.

Xorg

Xorg desktop programs - Gnome, KDE, Cinnamon, and Xfce

(GNU Object Model Environment) (K Desktop Environment)

The terminal emulator connects to the shell via a _______ interface.

pseudoterminal (pty/pts)

Users can switch between consoles using __________ keys, with each console supporting different login prompts and shells.

CTRL+ALT+Fx

The first "word" is the _______, which can be a full or relative path to an executable, or simply the name of an executable located in a directory specified by the PATH environment ______ is recognized up to the first space character

command

__________ modify the command's behavior. They can be single letters (preceded by a single hyphen) or words (preceded by a double hyphen). The order of options is generally flexible.

Options (or switches)

_________ are values, such as file names, that the command operates on. They must be provided in the correct order according to the command's syntax.

Arguments

Use a____ (| ) to redirect the output of one command to another command.

pipe

Use a semicolon (; ) to execute ___ sequentially on a single line. Press ENTER to run the commands in order.

multiple commands

In Linux, commands, parameters, and file and directory names are _________

all case-sensitive.

To view a Linux command's function and syntax, use the _____ option

--help

Alternatively, use the ___ command to access detailed manual pages for any command, such as _____ for the manual on the ____ command itself.

man

Command-line text editor operated by CTRL key combinations. text editor for Windows.

the nano editor

Many administrators prefer editors like vi or vim, which have two modes: ______________.

command and insert

_________ you perform file operations like saving and closing.

In command mode,

To enter text, switch to _____ with keys like i (insert at cursor), a (append after cursor), A (append at line end), or o (insert new line below).

insert mode

Press ___ to return to command mode.

ESC

To display line numbers, type_____ in command mode.

:set number

Save with __ , save and quit with __ , or quit without saving with ___ .

:w; :wq; :q!

The first fixed disk is typically ______ , while additional devices, like a USB drive, appear as ______

/dev/sda; /dev/sdb

The file system begins at the root, represented d by__

___ command displays ("prints") the current working directory on the terminal, unless the standard output (stdout) is redirected.

The pwd

___ command changes the working directory.

The cd

___ command lists directory contents, similar to the dir command in Windows.

The ls

____ command displays the contents of files specified through arguments.

The cat

_____ command searches for files using the syntax find path expression , where path is the starting directory and expression specifies the search criteria. Options include -name , -size , -user (owner), and -perm (permissions).

The find

_____ command (Globally search a Regular Expression and Print) searches and filters file contents, displaying lines that match a search string.

The grep

Escapes the next character only. For example,\* treats * as a literal, and \\ treats \ as a literal.

Backslash (\)

Provide strong escaping, treating everything inside as literal. For example,'$(pwd) * example one' is interpreted as: $(pwd) * example one.

Single Quotes (' ')

Provide weak escaping, allowing variable expansion and command substitution. For example,"$(pwd) * example one" expands to include the output of the pwd command, resulting in: /home/david * example one.

Double Quotes (" ")

involves organizing, maintaining, and accessing data stored on disk drives.

Filesystem management

To access a filesystem, it must be _____, which means attaching it to a directory in the existing filesystem hierarchy. The _____ command is used for this purpose. For example, mount /dev/sda1 /mnt _____ the filesystem on /dev/sda1 to the /mnt directory.

mount

This file contains static information about filesystems. It defines how and where filesystems should be mounted automatically at boot time. Each line in _______ specifies a filesystem, its mount point, filesystem type, and mount options.

/etc/fstab

This utility checks and repairs filesystems. It's used to ensure filesystem integrity, especially after an improper shutdown or disk corruption. The command ____ is typically run with the filesystem's device name, like ____ /dev/sda1. It scans the filesystem for errors and attempts to fix them. It's often run automatically at boot if the system detects filesystem issues.

fsck

is used to create a copy of files either in the same or different directory with the same or different name.

The cp command

is used to either move files from one directory to another or rename a file.

The mv command

is also used to copy directories.

The cp command with the -r (or --recursive) option

can be used to delete files. It can also be used with the -roption to delete directories.

The rm command

check free space and report usage by the device, directory, or file specified as the argument

The df/du commands

enables you to view the device's free space, file system, total size, space used, percentage value of space used, and mount point.

df ("disk free")

displays how a device is used, including the size of directory trees and files within it.

du ("disk usage")

switches to the specified user's account using __ username.

su (switch user) command

allows users listed in the /etc/sudoers file to run specified commands with superuser privileges.

The sudo (superuser do) command

User settings are stored in the _____ file

/etc/passwd

group settings are in the ____ file

/etc/group

User passwords are typically stored as encrypted hashes in the ______ file

/etc/shadow

Use the __________ commands to add, modify, and delete user information.

useradd,usermod, and userdel

Use the ________ commands to manage group memberships.

groupadd, groupmod, and groupdel

Each file in Linux has a set of permissions that determine user access levels. The permissions system includes three rights:

rwx read write execute

Allows viewing the contents of a file or directory.

Read (r)

Allows modifying or deleting the object. For directories, it permits adding, deleting, or renaming files within.

Write (w)

Allows running an executable file or script. For directories, it enables actions like changing focus to the directory and accessing or searching items within it.

Execute (x)

Permissions are set for the _________

owner, the group, and other users ("the world")

drwxr-xr-x 2 bobby admins Desktop : ______________

The owner (bobby) has full (rwx) permissions, while the group (admins) and others have read and execute (r-x) permissions.

Permissions can also be expressed numerically using octal values _____

(0–7)

Permissions can also be expressed numerically using octal values (0–7), where: 0: 4: 2: 1:

0: No permissions 4: Read 2: Write 1: Execute

changes file and directory permissions using symbolic or octal notation. Only the owner can change permissions.

The chmod command

allows the superuser or sudoers to change the owner of a file or directory.

The chown command

The basic syntax for the chown command is:

chown [OPTIONS] OWNER[:GROUP] FILE OWNER: GROUP (optional): FILE:

Used by Debian-based distributions, working with .deb format packages.

Advanced Packaging Tool (APT)

Used by Red Hat-based distributions, working with .rpm format packages. DNF is the successor to YUM, offering improved performance and better dependency management.

DNF (Dandified YUM)

includes precompiled software packages deemed appropriate by the vendor or sponsor. These packages, along with updates, are posted to software repositories.

A distribution

is the preferred command-line interface for APT. Basic commands include:

Refresh package information: apt update Upgrade all packages: apt upgrade Install new application: apt install PackageName

For older systems or scripts, you may encounter the apt-get command, which provides similar functionality:

Refresh package information: apt-get update Upgrade all packages: apt-get upgrade

--- is the command-line interface for managing packages in Red Hat-based distributions. Basic commands include:

dnf; Refresh package information: dnf check-update Upgrade all packages: dnf update or dnf upgradeInstall a new application: dnf install PackageName Remove an application: dnf remove PackageName

_______ displays the process table, summarizing the currently running processes on a system.

The ps command

________, like ps, lists all running processes on a Linux system. It serves as a process management tool, allowing you to interactively prioritize, sort, or terminate processes.

The top command

Top command: various keystrokes execute process management actions:

ENTER: Refresh the status of all processes. SHIFT+N: Sort processes in decreasing PID order. M: Sort processes by memory usage. P: Sort processes by CPU usage. u: Display processes for a specified user at the prompt. q: Exit the process list.

is an init system and service manager for Linux operating systems. It is responsible for initializing the system and managing system services and processes.

systemd

is used to interact with systemd to control and manage system services.

The systemctl command

systemctl start [service] : ____ systemctl stop [service] : _____ systemctl enable [service] : ______ systemctl disable [service] :______ systemctl status [service] : ______

Start a service immediately.; Stop a running service.; Enable a service to start automatically at boot.; Check the status of a service, including whether it is active, inactive, or failed.

___________ is a powerful tool for network configuration and management. It replaces older tools like ifconfig and route. It can be used to assign IP addresses, configure routing, and manage network interfaces

The ip command

is a simple text file that maps hostnames to IP addresses. It is used for local hostname resolution before querying DNS servers. Entries in this file can be used to override DNS settings or to define local network names.

The/etc/hosts file

contains information that defines how DNS (Domain Name System) resolution is handled. It specifies the DNS servers that the system should query to resolve domain names into IP addresses.

The /etc/resolv.conf file

is used to test the reachability of a host on an IP network. It sends ICMP echo request packets to the target host and waits for an echo reply, helping to diagnose network connectivity issues.

The ping command

is a flexible tool for querying DNS name servers. It performs DNS lookups and displays the answers returned by the DNS server.

The dig (Domain Information Groper) command

is a tool for transferring data from or to a server using various protocols, including HTTP, HTTPS, FTP, and more. It is commonly used for testing and interacting with web services and is especially good for API interaction.

The curl command

is a network diagnostic tool used to track the pathway that a packet takes from the source to the destination. It helps in identifying the route and measuring transit delays of packets across an IP network.

The traceroute command

you can create a custom backup solution using the _______ task scheduler and file copy scripts, possibly incorporating compression utilities like tar or gzip.

cron job

To run a batch of commands or scripts for backups or maintenance tasks, use the ____ scheduling service.

cron

Each user can schedule tasks in their personal ____tab (____ table), which___ merges into a system-wide schedule. The ___ service checks this schedule every minute to execute tasks.

cron

Use the _______ to add or delete scheduled jobs.

crontab editor

View a user's crontab jobs with __________

crontab -l

Remove scheduled jobs with __________

crontab -r.

Enter the editor with _______ (default editor is vi).

crontab -e

The basic syntax for scheduling a job in crontab includes:

mm: Minutes past the hour (0–59). hh: Hour of the day (0–23). dd: Day of the month (1–31). MM: Month (1–12 or jan, feb, mar). weekday: Day of the week (0–7 or sun, mon, tue). command: Command or script to run, including the full path.

crontab - Time/date parameters can be replaced by wildcards: *: ________ ,: _________ -: _________ /n: _____

*: Any value. ,: Multiple values. -: Range of values. /n: Every nth value.

Positioned at the bottom of the screen, ______ offers one-click access to favorite apps and files, similar to the Windows taskbar. Open apps display a dot below their icon.

the Dock

Use _______ to find almost anything on macOS. Start a search by clicking the magnifying glass in the menu bar or pressing COMMAND+SPACE.

Spotlight Search

__________ manages windows and allows setting up multiple desktops with different apps and backgrounds. Activate __________ with the F3 key.

Mission Control

Contains applications installed for all users on the Mac.

/Applications

Stores system-wide resources and settings used by applications and macOS, such as fonts, application support files, and system preferences.

/Library

Contains core system files and resources essential for macOS operation. This folder is managed by the operating system and is generally not modified by users.

/System

Houses individual user accounts, with each user having a personal folder containing their documents, settings, and personal data.

/Users

A hidden folder within each user's home directory that stores user-specific application support files, preferences, caches, and other data.

/Users/Library

__________ is the macOS equivalent of File Explorer in Windows. It lets the user navigate all the files and folders on a Mac. It is always present and open in the dock.

The Finder

_________ functions similarly to the CTRL key on Windows and OPTION is often mapped to ALT.

The COMMAND key

Touch-enabled mouse and trackpad hardware for Apple computers.

Magic Mouse

macOS app for managing passwords cached by the OS and supported browser/web applications.

Keychain

encrypts disk data to protect against unauthorized access if the disk is removed. When enabled, each user account requires a password.

FileVault

is Apple's cloud storage solution, providing a central location for mail, contacts, calendar, photos, notes, reminders, and more across macOS and iOS devices. Users receive 5 GB of free storage by default, with options to upgrade for a monthly fee.

iCloud

is a set of features in macOS and iOS that allows seamless integration and interaction between Apple devices. It enhances the user experience by enabling tasks to be started on one device and continued on another.

Continuity

continuity feature _____ : Allows you to start a task on one Apple device (like writing an email or browsing a webpage) and continue it on another device.

Handoff

continuity feature _____ :Lets you copy content (text, images, etc.) on one Apple device and paste it on another.

Universal Clipboard

continuity feature _____ : Enables you to take a photo or scan a document with your iPhone or iPad and have it appear instantly on your Mac.

Continuity Camera

continuity feature _____ :Allows you to make and receive phone calls and send and receive SMS/MMS messages on your Mac using your iPhone.

Phone Calls and Text Messages

continuity feature _____ :Lets your Mac connect to the internet using the cellular connection of your iPhone or iPad without requiring a password.

Instant Hotspot

continuity feature _____ :Allows you to unlock your Mac automatically when you're wearing an authenticated Apple Watch.

Auto Unlock

continuity feature _____ : Facilitates easy sharing of files between Apple devices without the need for email or messaging.

AirDrop

macOS Package Installer File Types: Used for simple installs where disk image contents are copied to the Applications folder.

DMG (.dmg)

macOS Package Installer File Types: Used for installs requiring additional actions, like running services or writing files to multiple folders

PKG (.pkg)

in macOS delivers important security updates faster than traditional software updates. It addresses vulnerabilities and threats without needing a full operating system update, ensuring users receive critical patches promptly to protect against exploits.

Rapid Security Response (RSR)

allows you to back up data to an external drive or partition formatted with APFS or macOS's older extended file system (HFS+).

The Time Machine preferences pane

By default, ___ keeps hourly backups for the past 24 hours, daily backups for the past month, and weekly backups for all previous months. When the backup drive becomes full, ____ automatically deletes the oldest backups to free up space.

Time Machine

To access the Recovery menu, hold down the ________ while powering up the Mac until you see the Apple logo. After selecting your language, macOS Recovery will launch, allowing you to choose from various recovery options.

COMMAND+R keys

is some fault or weakness in a system that could be exploited by a threat actor.

A vulnerability

is a set of recommendations for deploying a computer in a hardened configuration to minimize the risk that there could be vulnerabilities.

A configuration baseline

is one that has drifted from its hardened configuration.

A non-compliant system

is one where at least one of these controls (Examples of these controls include antivirus scanners, network and personal firewalls, and intrusion detection systems.) is either missing or improperly configured.

An unprotected system

Malicious code that can use a vulnerability to compromise a host is called ______

an exploit.

A vulnerability that is exploited before the developer knows about it or can release a patch is called a ______

zero-day

is one that its owner has not updated with OS and application patches.

An unpatched system

system is one where the software vendor no longer provides support or fixes for problems.

A legacy or end of life (EOL)

—or hacking the human—refers to techniques that persuade or intimidate people into revealing this kind of confidential information or allowing some sort of access to the organization that should not have been authorized.

Social engineering

means that the social engineer develops a pretext scenario to allow himself or herself an opportunity to interact with an employee. A classic ___________ pretext is for the threat actor to phone into a department pretending to be calling from IT support, claim something must be adjusted on the user's system remotely, and persuade the user to reveal his or her password.

impersonation

In this attack, the attacker gains access to an email account in the company. This email account is then used to impersonate a trusted individual and attempts to trick employees into perform a specified task, such as sending money or divulging information.

Business Email Compromise (BEC)

refers to combing through an organization's (or individual's) garbage to try to find useful documents. Attackers may even find files stored on discarded removable media.

Dumpster diving

attack means that the threat actor learns a password or PIN (or other secure information) by watching the user type it. Despite the name, the attacker may not have to be in proximity to the target—they could use high-powered binoculars or CCTV to directly observe the target remotely, for instance.

A shoulder surfing attack

is a means of entering a secure area without authorization by following closely behind the person who has been allowed to open the door or checkpoint.

Tailgaiting

means that the attacker enters a secure area with an employee's permission. For instance, an attacker might impersonate a member of the cleaning crew and request that an employee hold the door open while the attacker brings in a cleaning cart or mop bucket.

Piggybacking

uses social engineering techniques to make spoofed electronic communications seem authentic to the victim.

Phishing

occurs when the attacker has some information that makes the target more likely to be fooled by the attack. show that the attacker knows the recipient's full name, job title, telephone number, or other details that help to convince the target that the communication is genuine.

Spear-phishing

is an attack directed specifically against upper levels of management in the organization (CEOs and other "big catches").

Whaling

is conducted through a voice channel (telephone or VoIP, for instance). For example, targets could be called by someone purporting to represent their bank asking them to verify a recent credit card transaction and requesting their security details

Vishing

is an attack performed through SMS text messages.

Smishing

uses malicious QR codes to trick targets into visiting a fake website to enter their credentials and reveal personal information.

QR code phishing (Quishing)

is similar to phishing but instead of an email, the attacker uses a rogue wireless access point to try to harvest credentials. An evil twin might have a similar network name (SSID) to the legitimate one, or the attacker might use some denial of service (DoS) technique to overcome the legitimate AP.

An evil twin attack

is one who has no account or authorized access to the target system.

An external threat actor

In this attack, instead of attacking the company directly, the attacker focuses on gaining unauthorized access to weaker links in the chain, such as vendors, suppliers, or service providers.

supply chain or pipeline attack.

is one who has been granted permissions on the system. This typically means an employee, but ____ threats can also arise from contractors and business partners.

an insider threat actor

is an information-gathering threat in which the attacker attempts to learn about the configuration of the network and security systems.

Footprinting

is any type of attack where the threat actor can masquerade as a trusted user or computer. ______ can mean cloning a valid MAC or IP address, using a false digital certificate, creating an email message that imitates a legitimate one, or performing social engineering by pretending to be someone else.

A spoofing threat

If an attacker can steal the token and the authorization system has not been designed well, the attacker may be able to present the token again and impersonate the original user.

a replay attack.

is a specific type of spoofing where the threat actor can covertly intercept traffic between two hosts or networks. This allows the threat actor to read and possibly modify the packets.

An on-path attack

In this attack, the attacker sets up a fake wireless network that is spoofed to look like a legitimate network. When a victim connects to the spoofed network, the attacker can monitor and intercept their data.

An evil twin

causes a service at a given host to fail or to become unavailable to legitimate users. Typically, ____ attack tries to overload a service by bombarding it with spoofed requests.

A denial of service attack attack

refers to cutting the power to a computer or cutting a network cable.

Physical DoS

An attack that involves the use of infected Internet-connected computers and devices to disrupt the normal flow of traffic of a server or service by overwhelming the target with traffic.

distributed denial-of-service

means that the attacks are launched from multiple compromised systems, referred to as a botnet.

DDoS

The software matches the hash to those produced by ordinary words found in a _______. This _____ could include information such as user and company names, pet names, significant dates, or any other data that people might naively use as passwords.

dictionary

The software tries to match the hash against one of every possible combination it could be. If the password is short (under eight characters) and non-complex (using only lower-case letters, for instance), a password might be cracked in minutes.

Brute force

is run on the web server to process the request and build the response before it is sent to the client.

Server-side code

runs within the web browser software on the client machine to modify the web page before it is displayed to the user or to modify requests made to the server.

Client-side code

exploits the fact that the browser is likely to trust scripts that appear to come from a site the user has chosen to visit. ____ attacks insert a malicious script that appears to be part of the trusted site.

A cross-site scripting (XSS) attack

A web application is likely to use ______ to read and write information from a database.

Structured Query Language (SQL)

the threat actor modifies one or more of these four basic functions by adding code to some input accepted by the app, causing it to execute the attacker's own set of ____ or parameters.

In a SQL injection attack

prevent SQL Injection attacks - removing special characters that can be used to manipulate SQL queries.

Input sanitization

prevent SQL Injection attacks - User input is treated as data input and not executable code.

Parameterized queries

prevent SQL Injection attacks - Pre-compiled SQL code that is stored on the server

Stored procedures

Standards for authenticating and encrypting access to Wi-Fi networks. Also called WPA2 and WPA3.

Wi-Fi Protected Access

The mechanism used in the first version of WPA to improve the security of wireless encryption mechanisms, compared to the flawed WEP standard.

Temporal Key Integrity Protocol

is an encryption method that uses symmetric keys and block ciphers to encrypt data. This means that the data is divided into blocks of 128-bits and each block is encrypted independently.

Advanced Encryption Standard (AES)

Encryption protocol used for wireless LANs that addresses the vulnerabilities of the WEP protocol.

Counter Mode with Block Chaining Message Authentication Code Protocol (CCMP)

uses the advanced encryption standard (AES) cipher deployed within the Counter Mode with Block Chaining Message Authentication Code Protocol (CCMP).

WPA2

Simultaneous Authentication of Equals (SAE) Updated cryptographic protocols Protected management frames Wi-Fi Enhanced Open

The main features of WPA3

Wi-Fi authentication comes in three types: ________

open, personal, and enterprise

_______ pre-shared key authentication uses a passphrase to generate the key that is used to encrypt communications. It is also referred to as group authentication because a group of users shares the same passphrase.

In WPA2,

All types of PSK authentication have been shown to be vulnerable to attacks that attempt to recover the passphrase. The passphrase must be at least ________ long to try to mitigate risks from cracking.

14 characters

uses a 128-bit key and perfect forward secrecy to authenticate.

simultaneous authentication of equals (SAE)

is a cryptography method that generates a new key for every transmission. This makes the handshake much more secure from hackers because if the hacker intercepts and cracks one of the messages, they still won't be able to crack the keys.

Perfect forward secrecy

WPA’s 802.1X enterprise authentication method implements the ___________

Extensible Authentication Protocol.

allows the use of different mechanisms to authenticate against a network directory.

EAP

defines the use of EAP over Wireless (EAPoW) to allow an access point to forward authentication data without allowing any other type of network access.

802.1X

method means that the access point does not need to store any user accounts or credentials. They can be held in a more secure location on the AAA server.

The enterprise authentication

AAA protocol used to manage remote and wireless authentication infrastructures.

Remote Authentication Dial-in User Service

AAA protocol developed by Cisco that is often used to authenticate to administrator accounts for network appliance management.

Terminal Access Controller Access Control System Plus

A single sign-on authentication and authorization service that is based on a time-sensitive, ticket-granting system.

Kerberos protocol

is a simple, case-sensitive name by which users identify the WLAN.

The service set identifier (SSID)

determines whether remote hosts can connect to given TCP/UDP ports on internal hosts.

Inbound filtering

determines the hosts and sites on the Internet that internal hosts are permitted to connect to.

Outbound filtering

Process in which a router takes requests from the Internet for a particular application (such as HTTP) and sends them to a designated host on the LAN.

port forwarding

Type of port forwarding where the external port is forwarded to a different internal port on the LAN host.

port mapping.

Mechanism to configure access through a firewall for applications that require more than one port. Basically, when the firewall detects activity on outbound port A destined for a given external IP address, it opens inbound access for the external IP address on port B for a set period.

Port-triggering

Protocol framework allowing network devices to autoconfigure services, such as allowing a games console to request appropriate settings from a firewall.

Universal Plug-and-Play

A segment isolated from the rest of a private network by one or more firewalls that accepts connections from the Internet over designated ports. Formerly referred to as a demilitarized zone (DMZ), this usage is now deprecated.

a screened subnet

Home router implementation of DMZ where all ports with no existing forwarding rules are opened and directed to a single LAN host.

"DMZ host"

uses barricades, fences, lighting, and surveillance to control and monitor who can approach the building or campus.

Perimeter security

short vertical posts that are used to prevent vehicles from getting close to a building or sensitive area

bollards

needs to be transparent (so that guards can see any attempt to penetrate it), robust (so that it is difficult to cut), and secure against climbing (which is generally achieved by making it tall and possibly by using razor wire)

Security fencing

A secure entry system with two gateways, only one of which is open at any one time.

An access control vestibule

Handheld or walk-through metal detector designed to detect concealed weapons.

magnetometer

A conventional lock prevents the door handle from being operated without the use of a key.

Key operated

Rather than a key, the lock is operated by entering a PIN on an _____ keypad

electronic

Some types of electronic locks work with a hardware token rather than a PIN. The token might be a basic magnetic swipe card. A more advanced type of lock works with a cryptographic contactless smart card or key fob . These are much more difficult to clone than ordinary swipe cards.

Badge reader

Instead of a physical key, this is a virtual key that resides on the user's smartphone. The door lock will use a technology such as Bluetooth or NFC to communicate with the user's device. Typically, the user will open an app on the smartphone and when in range, they can send the command to open the lock.

Mobile digital key

This is usually implemented as a small capacitive cell that can detect the unique pattern of ridges making up the fingerprint. The technology is also nonintrusive and relatively simple to use, although moisture or dirt can prevent readings, and there are hygiene issues at shared-use gateways.

Fingerprint reader

This is a contactless type of camera-based scanner that uses visible and/or infrared light to record and validate the unique pattern of veins and other features in a person's hand. Unlike facial recognition, the user must make an intentional gesture to authenticate.

Palmprint scanner

An infrared light is shone into the eye to identify the pattern of blood vessels. The arrangement of these blood vessels is highly complex and typically does not change from birth to death, except in the event of certain diseases or injuries. ________ is therefore one of the most accurate forms of biometrics.

Retinal scanning

When the user approaches the door, a built-in camera captures their image. This image is then compared with stored templates that were previously enrolled. If the match is found, the door will unlock. This type of biometrics is extremely secure, fast, and accurate, but is costly to implement.

Facial Recognition

Users program the door lock to open with a specific command which is recorded and analyzed to create a unique voiceprint. When the user approaches the door and speaks the command, the lock will unlock if the voiceprint matches

Voice Recognition

that act to prevent unauthorized physical access to servers and network appliances or prevent theft

equipment lock

are used with a cable tie to secure a laptop or other device to a desk or pillar to prevent theft.

Kensington locks

prevent the covers of server equipment from being opened. These can prevent access to external USB ports and prevent someone from accessing the internal fixed disks.

Chassis locks and faceplates

control access to servers, switches, and routers installed in standard network racks. These can be supplied with key-operated or electronic locks.

Lockable rack cabinets

A circuit-based alarm sounds when the circuit is opened or closed, depending on the type of alarm. This could be caused by a door or window opening or by a fence being cut.

Circuit

A motion-based alarm is linked to a detector triggered by movement within a room or other area. The sensors in these detectors are either microwave radio reflection (radar, for example) or passive infrared (PIR), which detects moving heat sources.

Motion sensor

Radio frequency ID (RFID) tags and readers can be used to track the movement of tagged objects within an area. This can form the basis of an alarm system to detect whether someone is trying to remove equipment.

Proximity

This type of alarm is triggered manually by staff if they come under threat. A duress alarm could be implemented as a wireless pendant, concealed sensor or trigger, or call contact.

Duress

Physical security mechanisms that ensure a site is sufficiently illuminated for employees and guests to feel safe and for camera-based surveillance systems to work well.

Security lighting

Physical security control that uses cameras and recording devices to visually monitor the activity in a certain area.

Video surveillance

Password Rules

Make the password sufficiently long—12+ character length is suitable for an ordinary user account. Administrative accounts should have longer passwords. Choose a memorable phrase, but do not use any personal information

is where a threat actor can access a computer that has been left unlocked.

A lunchtime attack

are used to determine what rights and privileges each employee should be assigned. These policies should be guided by the principle of least privilege.

Account management policies

control whether a user can read or modify a data file or folder, either on the local PC or across the network.

File permissions

control what system configuration changes a user can make to a PC. Configuring rights is the responsibility of the network owner.

Rights or privileges

allows unauthenticated access to the computer and may provide some sort of network access too. In current versions of Windows, the _____ is disabled by default and cannot be used to sign-in

Guest account

This is typically used to prevent an account from logging in at an unusual time of the day or night or during the weekend. Periodically, the server checks whether the user has the right to continue using the network. If the user does not have the right, then an automatic logout procedure commences.

Restrict login times

refers to logical security technologies designed to prevent malicious software from running on a host regardless of what the user account privileges allow.

Execution control

allows a standard user account to run a program or utility with administrative privileges. The user will be required to provide the administrative account password when the __________ option is selected.

Run As Administrator

is software that can detect malware and prevent it from executing.

Antivirus (AV)

means that the software uses knowledge of the sort of things that viruses do to try to spot (and block) virus-like behavior.

"Heuristic"

are information about new viruses or malware. These updates may be made available daily or even hourly.

Definitions

fix problems or make improvements to the scan software itself.

Scan engine/component updates

triggers are based on the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port number used by the application protocol. For example, blocking TCP/80 prevents clients from connecting to the default port for a web server.

Port security

triggers are based on the process that listens for connections.

Application security

Data on persistent storage— HDDs, SSDs, and thumb drives— is referred to as ______

data-at-rest.

__________ feature of NTFS supports file and folder encryption. ___ is not available in the Home edition of Windows.

The Encrypting File System (EFS)

The web uses _____ and______ to implement a secure connection.

Transport Layer Security (TLS); digital certificate

validates the identity of the host running a site and encrypts communications to protect against snooping.

A secure connection

contains a public key associated with the subject embedded in it. _____ has also been signed by the CA, guaranteeing its validity.

The digital certificate

is a text file used to store session data. For example, if you log on to a site, the site might use a _____ to remember who you are.

A cookie

prevent a website from creating dialogs or additional windows. The ______ technique was often used to show fake A-V and security warnings or other malicious and nuisance advertising.

Pop-up blockers

use more sophisticated techniques to prevent the display of anything that doesn’t seem to be part of the site’s main content or functionality. No sites really use pop-up windows anymore as it is possible to achieve a similar effect using the standard web-page formatting tools.

Ad Blockers

are commonly deployed as part of secure enterprise environments. Web connection requests are redirected to the proxy server first and then are forwarded to the internet by the ___.

Proxy servers

allow the browser to authenticate DNS query responses through the use of digital signatures.

Secure DNS settings

These are concealed within the code of an executable process image stored as a file on disk. In Windows, executable code has extensions such as .EXE, .MSI, .DLL, .COM, SCR, and .JAR. When the program file is executed, the ____ code is also able to execute with the same privileges as the infected process.

virus

These infect the boot sector code or partition table on a disk drive. When the disk is attached to a computer, the _____ attempts to hijack the bootloader process to load itself into memory.

Boot sector virus

This is malware concealed within an installer package for software that appears to be legitimate. The malware will be installed alongside the program and executed with the same privileges. It might be able to add itself to startup locations so that it always runs when the computer starts or the user signs in. This is referred to as persistence.

Trojan

These replicate between processes in system memory rather than infecting an executable file stored on disk. _____ can also exploit vulnerable client/server software to spread between hosts in a network.

Worms

This refers to malicious code that uses the host’s scripting environment, such as Windows PowerShell or PDF JavaScript, to create new malicious processes in memory.

Fileless malware

A mechanism for gaining access to a computer that bypasses or subverts the normal method of authentication.

backdoor

Malware that creates a backdoor remote administration channel to allow a threat actor to access and control the infected host.

remote access trojan

is a specialized malware used to display unwanted and unsolicited advertisements on your workstation or device. This can be accomplished by storing cookies in your browser or redirecting connection requests to an advertisement server.

Adware

_____ (PUPs) can reduce system resources and generally cause a nuisance when trying to access legitimate content.

Potentially Unwanted Program

is malware that can perform browser reconfigurations, such as allowing tracking cookies, changing default search providers, opening arbitrary pages at startup, adding bookmarks, and so on. also be able to monitor local application activity, take screenshots, and activate recording devices, such as a microphone or webcam.

Spyware

is spyware that actively attempts to steal confidential information by recording keystrokes. The attacker will usually hope to discover passwords or credit card data.

A keylogger

Class of malware that modifies system files, often at the kernel level, to conceal its presence.

rootkit.

is a type of malware that tries to extort money from the victim.

Ransomware

hijacks the resources of the host to perform cryptocurrency mining. This is also referred to as ______

A cryptominer; cryptojacking

The computer fails to boot or experiences lockups. Performance at startup or in general is very slow. The host cannot access the network and/or Internet access or network performance is slow.

Some specific symptoms associated with malware include

is a monitoring solution that integrates with existing security tools and can provide automated response solutions for each endpoint.

Endpoint detection and response (EDR)

extend beyond the organization's endpoints to cloud systems, applications, etc. ____ solutions can also integrate intelligence-based systems to provide updated response and mitigation strategies from trusted sources

Extended detection and response (XDR) solutions

is where the user tries to open one page but gets sent to another. Often this may imitate the target page.

Redirection

seven-step(10steps) best practice procedure for malware removal

Investigate and verify malware symptoms. Quarantine infected systems. Disable System Restore in Windows. Remediate infected systems. Update anti-malware software. Scan and removal techniques (e.g., safe mode, preinstallation environment). Reimage/Reinstall Schedule scans and run updates. Enable System Restore and create a restore point in Windows. Newer Windows OS prefer that a user use the File History or Reset Windows options instead of using system restore. Educate the end user.

Antivirus vendors maintain malware ___________ with complete information about the type, symptoms, purpose, and removal of viruses, worms, Trojans, and rootkits.

encyclopedias ("bestiaries")

The process of isolating a file, computer system, or computer network to prevent the spread of a virus or another cybersecurity incident.

quarantine

means that the A-V software intercepts an OS call to open a file and scans the file before allowing or preventing it from being opened.

On-access

activates when the device is idle, or the power button is pressed.

screen lock

Employees use their own devices, which must meet company specifications for OS version and functionality. Employees must agree to install corporate apps and allow some oversight and auditing. This model is popular with employees but presents security challenges.

Bring Your Own Device (BYOD) *this option is typically chosen when cost is a priority to a business

The company owns the device, and it is used solely for business purposes.

Corporate Owned, Business Only (COBO) *most common choice for enterprises

The company provides and owns the device, but employees can use it for personal activities like email and social media, following acceptable use policies.

Corporate Owned, Personally Enabled (COPE) *more commonly seen in smaller businesses.

Similar to COPE, but employees choose from a list of approved devices.

Choose Your Own Device (CYOD)

is a class of software designed to apply security policies to the use of mobile devices in the enterprise. This software can be used to manage enterprise-owned devices as well as bring your own device (BYOD) user-owned smartphones.

Mobile device management (MDM)

can remotely lock the device, display a "Please return" message, call the device at full volume, disable features like the wallet, and prevent changes to the passcode or disabling of location/network services.

Locator apps

can protect data and account credentials by performing a factory reset, or device wipe, clearing all data, apps, and settings.

remote wipe

can be performed to remove corporate accounts and files while leaving personal apps, accounts, settings, and files intact, protecting corporate data without affecting personal information.

enterprise wipe

erases all user data, apps, and settings from a device. Afterward, the device must be manually set up with a new user account and apps or restored from a backup.

factory reset

can occur due to overheating, low battery, or faulty hardware. To address this, first check the battery health using the Settings menu or third-party diagnostic apps to identify any hardware faults. If hardware issues are not the cause, ensure the device has sufficient storage space and verify that the OS and apps are up-to-date. Additionally, try to isolate the problem to a specific faulty app and uninstall it to see if the issue resolves.

Random reboots

This involves gaining administrative control over the device. Some vendors offer authorized methods to access root, while others require exploiting vulnerabilities or installing custom firmware (custom ROMs). can disable security features, compromising the device's integrity and any management software.

Root Access (Android)

is used to describe gaining root privileges, allowing sideloading apps, changing carriers, and customizing the interface. This is typically done by booting with a patched kernel, often requiring a tethered connection to a computer. can leave security measures disabled, compromising the device's security.

Jailbreaking (iOS)

granting access to advanced configuration settings and diagnostic data. it should be used exclusively for app development and not enabled routinely, as it can be exploited to install unauthorized apps.

developer mode

involves downloading and installing apps using the .APK file format. Android allows users to select different stores and install apps from third-party sources if enabled.

sideloading

mimic legitimate ones and may tempt users to enable unknown sources for sideloading, infringing copyrights, and exposing devices to malware.

Bootleg apps

Excessive Ads Fake Security Warnings Degraded Response Time Limited/No Internet Connectivity

general malware symptoms on mobile, that resemble those on PCs

is a system maintenance task that enables you to store copies of critical data for safekeeping.

Data backup

is a task that enables you to restore user access to lost or corrupt data via the backup.

Data recovery

is the period between backup jobs.

Frequency

is the period that any given backup job is kept for.

Data retention

Sequence of jobs starting with a full backup and followed by either incremental or differential backups to implement a media rotation scheme.

backup chain.

means that the backup job produces a file that contains all the data from the source. the backup file is nominally the same size as the source, though it can be reduced via compression. has the highest storage and time requirements but has the least recovery complexity as only a single file is required.

"Full only"; A full backup

means that the chain starts with a full backup and then runs incremental jobs that select only new files and files modified since the previous job. An incremental job has the lowest time and storage requirement. However, this type of chain has the most recovery complexity as it can involve two or more jobs, each of which might be stored on different media.

"Full with incremental"

means that the chain starts with a full backup and then runs differential jobs that select new files and files modified since the original full job. A differential chain has moderate time and storage requirements and slightly less recovery complexity than incremental as it requires a maximum of two jobs (the full backup plus the differential job).

"Full with differential backup"

is similar to a Full backup, but instead of scanning the system again to create the full backup, the system will use the original full backup and then add in the data from the incremental backups to create a new full up-to-date backup. quicker than restoring from incremental backups, but might take longer than restoring from a full backup.

A synthetic full backup

allows some media to be reused once the retention period of the job stored on it has expired.

A backup rotation scheme

_________ labels the backup tapes in generations. Son tapes store the most recent data and have the shortest retention period (one week, for example). Grandfather tapes are the oldest and have the longest retention period (one year, for example).

The GFS scheme (Grandfather - Father - Son)

means that the production system and backup media are in the same location. This means that if a disaster strikes the facility, there is the risk of losing both the production and backup copies of the data.

On site backup storage

is a best-practice maxim that you can apply to your backup procedures to verify that you are implementing a solution that can mitigate the widest possible range of disaster scenarios. It states that you should have three copies of your data (including the production copy), across two media types, with one copy held offline and off site.

The 3-2-1 backup rule

________ restores the data to the original system and location which overwrites the current system. This method is commonly used when recovering from minor issues such as a corrupted file. This method will most likely require downtime while the restoration process takes place.

An in-place recovery

__________ restores the data to a different computer or even to an off-site cloud environment. If the data loss was due to a catastrophic hardware failure or major cyberattack leaving the original hardware inaccessible, this method is preferred. This method does require more planning but can lead to reduced disruption of business operations if the backup system is ready to go and the data can be quickly restored.

Restoring to an alternate location

is information that must be collected, processed, and stored in compliance with federal and/or state legislation. If a company processes regulated data collected from customers who reside in different countries, it must comply with the relevant legislation for each country.

Regulated data

is where confidential or regulated data is read, copied, modified, or deleted without authorization.

A breach

is data that can be used to identify, contact, or locate an individual or, in the case of identity theft, to impersonate them.

Personally identifiable information (PII)

that is issued to individuals by federal or state governments is also PII. Examples include a social security number (SSN), passport, driving license, and birth/marriage certificates. Data collected and held by the US federal government is subject to specific privacy legislation, such as the US Privacy Act.

Personal government-issued information

refers to medical and insurance records plus associated hospital and laboratory test results. may be associated with a specific person or used as an anonymized or de-identified data set for analysis and research, such as in clinical trials to develop new medicines.

Protected-health-information

set is one where the identifying data is removed completely.

An anonymized data

contains codes that allow the subject information to be reconstructed by the data provider.

A de-identified data set

which governs the processing of credit card transactions and other bank card payments. It sets out protections that must be provided if cardholder data - names, addresses, account numbers, and card numbers and expiry dates - is stored.

Payment Card Industry Data Security Standard (PCI DSS)

is any information that is not applicable to work. It can also specifically mean content that is obscene or illegally copied/pirated.

prohibited content

Contract governing the installation and use of software.

end-user license agreement

allows the product to be used by a single person at a time, though it might permit installation on multiple personal devices.

A personal license

they will issue a ________ for multiple users, which means that the company can install the software on an agreed-upon number of computers for its employees to use simultaneously.

corporate-use license

Licensing model that grants permissive rights to end-users, such as to install, use, modify, and distribute a software product and its source code, as long as redistribution permits the same rights.

an open-source license

Copyright protection technologies for digital media. DRM solutions usually try to restrict the number of devices allowed for playback of a licensed digital file, such as a music track or ebook.

digital rights management

are agreements designed to protect sensitive information. An ___is a legally binding contract that obligates all parties to protect sensitive information that is shared between them.

Non-disclosure agreements (NDA)

one party shares sensitive data with the other party, and only the receiving party is obligated to keep the information secret. An example would be a company having employees sign an NDA before being allowed to work on a project that contains sensitive information.

In a unilateral NDA

both parties agree to protect each other's secrets. This type of agreement is common when two organizations partner together for a project.

With a mutual NDA

sets out procedures and guidelines for dealing with security incidents.

An incident response plan

Team with responsibility for incident response. ____ must have expertise across a number of business domains (IT, HR, legal, and marketing, for instance).

computer incident response team (CIRT)

is the science of collecting evidence from computer systems to a standard that will be accepted in a court of law.

Forensics

means that the evidence cannot be seen with the naked eye; rather, it must be interpreted using a machine or process.

Latent

The general procedure for ensuring data integrity and preservation from the scene of a security incident is as follows:

1. Identify the scope of the incident and the host systems and/or removable drives that are likely to contain evidence. If appropriate, these systems should be isolated from the network. 2. Document the scene of the incident using photographs and ideally video and audio. Investigators must record every action they take in identifying, collecting, and handling evidence. 3. If possible, gather any available evidence from a system that is still powered on, using live forensic tools to capture the contents of cache, system memory, and the file system. If live forensic tools are not available, it might be appropriate to video record evidence from the screen. 4. If appropriate, disable encryption or a screen lock and then power off each device. 5.Use a forensic tool to make image copies of fixed disk(s) and any removable disks. A forensic imaging tool uses a write blocker to ensure that no changes occur to the source disk during the imaging process. 6.Make a cryptographic hash of each source disk and its forensic image. This can be used to prove that the digital evidence collected has not been modified subsequent to its collection. 7.Collect physical devices using tamper-evident bags and a chain-of-custody form, and transport them to secure storage.

This is the order that data should be collected based on how long it is likely to remain available. The most volatile data should be collected first and then go down the list to the data that is least likely to disappear.

the order of volatility

A general order of volatility from most to least volatile is:

1. CPU cache and registers - This data is extremely volatile and changes rapidly. 2. Memory (RAM) - RAM is volatile memory, and its contents are lost when the power is turned off. 3.Temporary file system/swap space - This space is used for temporary storage and can contain valuable evidence. 4.Disk storage - This can include hard drives, SSDs, and other persistent storage devices. While persistent, this data can be overwritten or deleted. 5. Archival media - This includes any backup media such as USB drives, tape drives, etc. This data is the least volatile.

_____form tracks where, when, and who collected the evidence, who has handled it subsequently, and where it was stored must show access to, plus storage and transportation of, the evidence at every point from the crime scene to the courtroom Everyone who handles the evidence must sign ______ and indicate what they were doing with it.

A chain of custody

to either destroying or decommissioning data storage media, including hard disks, flash drives, tape media, and CDs/DVDs.

Data destruction and disposal

The process of thoroughly and completely removing data from a storage medium so that file remnants cannot be recovered.

sanitization

software ensures that old data is destroyed by writing to each location on a hard disk drive, either using zeroes or in a random pattern. This leaves the disk in a "clean" state ready to be passed to the new owner. is suitable for all but the most confidential data, but it is time-consuming and requires special software. Also, it does not work reliably with SSDs.

Disk erasing/wiping

Using a vendor tool to fully erase storage media before recycling or repurposing, minimizing the risk of leaving persistent data remnants.

low-level formatting

performs zero-filling on HDDs and marks all blocks as empty on SSDs. The SSD firmware's automatic garbage collectors then perform the actual erase of each block over time. If this process is not completed (and there is no progress indicator), there is a risk of remnant recovery, though this requires removing the chips from the device to analyze them in specialist hardware.

secure erase

Crypto Erase uses the capabilities of self-encrypting drives (SEDs) as a reliable sanitization method for both HDDs and SSDs. An SED encrypts all its contents by using a media encryption key (MEK). Crypto Erase destroys this key, rendering the encrypted data unrecoverable.

Instant secure erase

A disk can be destroyed using a drill on specific sections of the platters including the landing zone (where read/write heads rest when not in use) and along the data tracks.

physical destruction - Drilling

The disk is ground into little pieces.

physical destruction - shredding

The disk is exposed to high heat to melt its components. This should be performed in a furnace designed for media sanitization. Municipal incinerators may leave remnants.

physical destruction - incenerating

A hard disk is exposed to a powerful electromagnet that disrupts the magnetic pattern that stores the data on the disk surface. does not work with SSDs or optical media.

physical destruction - degaussing

Validation from an outsourcing provider of recycling/repurposing services that media has been destroyed or sanitized to the agreed standard.

a certificate of destruction/recycling

models are developed for a specific organization and use cases. These AI models will generally only be accessible to users within the organization who need to use them. These AI models can be trained using both public data and the organization's private data. Because sensitive data may be used to train these AI models, it is important to make sure that access is kept secure to prevent sensitive data from being leaked.

Private AI models

is typically built by larger organizations and is accessible to anyone through APIs or web interfaces. These AI models are trained on publicly available data (such as the Internet) and also user interactions. Examples of public AI models include ChatGPT, Gemini, and Bard.

A Public AI model

refers to policies and procedures that reduce the risk of configuration changes causing service downtime. refers to policies and procedures that reduce the risk of configuration changes causing service downtime.

Change management (CM)

is generated when a fault needs to be fixed, new business needs or processes are identified, or there is room for improvement in an existing SOP or system.

A change request

The need to change is often described either as ____, where the change is forced on the organization

reactive

The need to change is often described either as reactive, where the change is forced on the organization, or as ___, where the need for change is anticipated and initiated internally.

proactive

the need or reasons for change and the procedure for implementing the change are captured in a _______ form and submitted for approval.

request-for-change (RFC)

Change-request documentation should include:

Purpose of the change Scope of the change Type of change Implementation schedule Effects of the change

is a systematic approach to identify possible risks associated with implementing the change

Risk analysis

A formally chartered group responsible for reviewing, evaluating, approving, delaying, or rejecting changes to the project, and for recording and communicating such decisions.

Change Advisory Board (CAB)

The role of the ___is to assess both the business case and the technical merits and risks of the change plan.

CAB

A proactive strategy that devines when and how to restore a system back to its last known good state in the event of issues during a release.

rollback plan

is a system and data backup that can be used to restore the system should an error in the change process occur.

The backup plan

ensures that the customer or client is satisfied with the change that was made and that there are no further issues caused by the change.

End-user acceptance

is any physical system or peripheral equipment that has value and needs to be tracked by the organization.

asset

Accurate inventory lists should consist of at least the following details: (6)

-System Name, Make/Model -Asset ID -Manufacturer -Systems specifications -Dates -Cost

This database may include software and license information in addition to tracking of hardware devices the organization owns or leases. The database may also include information relating to the lifecycle of the hardware assets.

configuration management database (CMDB)

refers to the full "life" of the asset: from purchase completion and delivery of the asset, to the eventual disposal of the asset when it is no longer needed.

The lifecycle

The management of processes involved in acquiring the necessary products and services from outside the project team

procurement process

Regulations that typically affect PC maintenance or the installation of new equipment are:

-Health and safety laws -Building codes -Environmental regulations

in the United States, the most common safety regulations are those issued by the federal government, such as the ________, and state standards regarding employee safety.

Occupational Safety and Health Administration (OSHA)

is made when conductors form a continuous path between the positive and negative terminals of a power source.

A circuit

An electrical circuit has the following properties:

Current Voltage Resistance

is the amount of charge flowing through a conductor, measured in amps (A or I).

Current

is the potential difference between two points (often likened to pressure in a water pipe) measured in volts (V).

Voltage

is the degree of opposition to the current caused by characteristics of the conductor, measured in ohms (Ω or R).

Resistance

is a high voltage, low current charge stored in an insulated body.

Static electricity

occurs when a path allows electrons to rush from a statically charged body to a component that has no charge.

Electrostatic discharge

This packaging reduces the risk of ESD because it is coated with a conductive material. This material prevents static electricity from discharging through the inside of the bag. These bags are usually a shiny, gray metallic color.

Antistatic bags

This light pink or blue packaging reduces the buildup of static in the general vicinity of the contents by being slightly more conductive than normal. A plastic bag or foam packaging may be sprayed with an antistatic coating or have antistatic materials added to the plastic compound. This is used to package non-static-sensitive components packed in proximity to static-sensitive components.

Dissipative packaging

is a brief increase in voltage, while a spike is an intense ____. A ____ or spike can be caused by machinery and other high-power devices being turned on or off and by lightning strikes. This type of event can take the supply voltage well over its normal value and cause sufficient interference to a computer to crash it, reboot it, or even damage it.

surge

Devices with large motors, such as lifts, washing machines, power tools, and transformers, require high-starting, or inrush, current. This might cause the building supply voltage to dip briefly, resulting in an _____. Overloaded or faulty building power distribution circuits sometimes cause an _______. An ______ could cause computer equipment to power off. This is sometimes referred to as a brownout.

under-voltage event

is a complete loss of power. This will cause a computer to power off suddenly. A _________ may be caused by a disruption to the power distribution grid— an equipment failure or the accidental cutting of a cable during construction work, for example— or may simply happen because a fuse has blown or a circuit breaker has tripped. This is formerly referred to as a blackout.

power failure

Device that protects electrical devices against the damaging effects of a power surge or spike.

surge suppressor

The simplest _______ devices come in the form of adapters, trailing sockets, or filter plugs, with the protection circuitry built into the unit.

surge suppressor

Defines the level at which the protection circuitry will activate, with lower voltages (400 V or 300 V) offering better protection.

Clamping voltage

The amount of energy the surge protector can absorb, with 600 joules or more offering better protection. Each surge event will degrade the capability of the suppressor.

Joules rating

The maximum current that can be carried or the number of devices you can attach. As a rule of thumb, you should only use 80% of the rated capacity. For example, the devices connected to a 15 A protector should be drawing no more than 12 A.

Amperage

will provide a temporary power source in the event of complete power loss. The time allowed by a___ is sufficient to activate an alternative power source, such as a standby generator. If there is no alternative power source, a ___ will at least allow you to save files and shut down the server or appliance properly.

uninterruptible power supply (UPS)

VA rating is the maximum load the UPS can sustain. To work out the minimum VA, sum the wattage of all the devices that will be attached to the UPS and multiply by 1.67 to account for a conversion factor.

For example, if you have a 10 W home router and two 250 W computers, the VA is (10 + 250 + 250) * 1.67 = 852 VA. A 1K VA UPS model should therefore be sufficient.

is the number of minutes that the batteries will supply power. The strength of the UPS batteries is measured in amp hours (Ah).

Runtime

will contain information about ingredients, health hazards, precautions, and first aid information and what to do if the material is spilled or leaks.

material safety data sheet (MSDS)

Computer equipment is typically classed as ________

waste electrical and electronic equipment (WEEE).

writing a series of instructions in the syntax of a particular language so that a computer will execute a series of tasks.

Coding

uses commands that are specific to an operating system

A shell scripting language

uses statements and modules that are independent of the operating system. This type of script is executed by an interpreter. The interpreter implements the language for a particular OS.

A general-purpose scripting language

is used to compile an executable file that can be installed on an OS and run as an app.

A programming language

is ignored by the compiler or interpreter. A _____ is indicated by a special delimiter. In Bash and several other languages, the comment delimiter is the hash or pound sign ( # ).

A comment line

is a label for some value that can change as the script executes.

A variable

is a variable that is passed to the script when it is executed. In Bash, the values $1, $2, and so on are used to refer to arguments by position (the order in which they are entered when executing the script).

An argument or parameter

is a label for a value that remains constant throughout the execution of the script.

A constant

is an instruction to execute a different sequence of instructions based on the outcome of some logical test. In scripting and programming, control statement that uses a condition to determine which code block to execute next.

A branch

allows a statement block to be repeated based on some type of condition. In scripting and programming, control statement that executes code repeatedly based on a condition.

A loop

_______ repeats an indeterminate number of times until a logical condition is met.

A "While" or "Until" loop

symbol notation: == Switch notation: -eq

Is equal to (returns TRUE if both conditions are the same)

symbol notation: != Switch notation: -ne

Is not equal to (returns FALSE if both conditions are the same)

symbol notation: < Switch notation: -lt

Is less than

symbol notation: > Switch notation: -gt

symbol notation: Switch notation:

Is greater than

symbol notation: <= Switch notation: -le

Is less than or equal to

symbol notation: >= Switch notation: -ge

Is greater than or equal to

symbol notation: && Switch notation: AND

If both conditions are TRUE, then the whole statement is TRUE

symbol notation: || Switch notation: OR

If either condition is TRUE, then the whole statement is TRUE

combines a script language with hundreds of prebuilt modules called cmdlets that can access and change most components and features of Windows and Active Directory. files are identified by the .ps1 extension.

Windows PowerShell

is a scripting language based on Microsoft's Visual Basic programming language. predates PowerShell identified by the .vbs extension

Visual Basic Script

A shell script written for the basic Windows CMD interpreter is often described as a___. ____ use the .bat extension.

batch file

is a scripting language that is designed to implement interactive web-based content and web apps. identified by the .js extension

JavaScript

is a general-purpose scripting and programming language that can be used to develop both automation scripts and software apps. identified by the .py extension.

Python

means performing some series of tasks that are supported by an OS or by an app via a script rather than manually.

Automation

Methods exposed by a script or program that allow other scripts or programs to use it. For example, an ___enables software developers to access functions of the TCP/IP network stack under a particular operating system.

application programming interface (API)

Notes A-2.2 Flashcards

(502 cards)